From ebe5a67c6e7e261aa89ac803d53562e122f341d5 Mon Sep 17 00:00:00 2001
From: Cheng Fang <cfang@redhat.com>
Date: Mon, 16 Jun 2025 22:51:13 -0400
Subject: [PATCH 001/383] chore(cli): fix `argocd admin repo` command usage
 docs and examples (#23375)

Signed-off-by: Cheng Fang <cfang@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/admin/repo.go                         | 6 +++---
 cmd/argocd/commands/repocreds.go                          | 2 +-
 cmd/util/repo.go                                          | 2 +-
 .../commands/argocd_admin_repo_generate-spec.md           | 8 ++++----
 docs/user-guide/commands/argocd_repo_add.md               | 2 +-
 docs/user-guide/commands/argocd_repocreds_add.md          | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/cmd/argocd/commands/admin/repo.go b/cmd/argocd/commands/admin/repo.go
index 43fbe76251bac..e02ae6fcd2b56 100644
--- a/cmd/argocd/commands/admin/repo.go
+++ b/cmd/argocd/commands/admin/repo.go
@@ -70,13 +70,13 @@ func NewGenRepoSpecCommand() *cobra.Command {
   argocd admin repo generate-spec helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type helm --name stable --enable-oci --username test --password test
 
   # Add a private HTTPS OCI repository named 'stable'
-  argocd repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test
+  argocd admin repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test
   
   # Add a private OCI repository named 'stable' without verifying the server's TLS certificate
-  argocd repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-skip-server-verification
+  argocd admin repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-skip-server-verification
   
   # Add a private HTTP OCI repository named 'stable'
-  argocd repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-oci-force-http
+  argocd admin repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-oci-force-http
 `
 
 	command := &cobra.Command{
diff --git a/cmd/argocd/commands/repocreds.go b/cmd/argocd/commands/repocreds.go
index 835009d2bd41c..778b5be008349 100644
--- a/cmd/argocd/commands/repocreds.go
+++ b/cmd/argocd/commands/repocreds.go
@@ -189,7 +189,7 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma
 	command.Flags().StringVar(&repo.BearerToken, "bearer-token", "", "bearer token to the Git repository")
 	command.Flags().StringVar(&sshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)")
 	command.Flags().StringVar(&tlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)")
-	command.Flags().StringVar(&tlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)")
+	command.Flags().StringVar(&tlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key (must be PEM format)")
 	command.Flags().Int64Var(&repo.GithubAppId, "github-app-id", 0, "id of the GitHub Application")
 	command.Flags().Int64Var(&repo.GithubAppInstallationId, "github-app-installation-id", 0, "installation id of the GitHub Application")
 	command.Flags().StringVar(&githubAppPrivateKeyPath, "github-app-private-key-path", "", "private key of the GitHub Application")
diff --git a/cmd/util/repo.go b/cmd/util/repo.go
index 15fe8aefe448c..10637b8602395 100644
--- a/cmd/util/repo.go
+++ b/cmd/util/repo.go
@@ -38,7 +38,7 @@ func AddRepoFlags(command *cobra.Command, opts *RepoOptions) {
 	command.Flags().StringVar(&opts.Repo.BearerToken, "bearer-token", "", "bearer token to the Git BitBucket Data Center repository")
 	command.Flags().StringVar(&opts.SshPrivateKeyPath, "ssh-private-key-path", "", "path to the private ssh key (e.g. ~/.ssh/id_rsa)")
 	command.Flags().StringVar(&opts.TlsClientCertPath, "tls-client-cert-path", "", "path to the TLS client cert (must be PEM format)")
-	command.Flags().StringVar(&opts.TlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key path (must be PEM format)")
+	command.Flags().StringVar(&opts.TlsClientCertKeyPath, "tls-client-cert-key-path", "", "path to the TLS client cert's key (must be PEM format)")
 	command.Flags().BoolVar(&opts.InsecureIgnoreHostKey, "insecure-ignore-host-key", false, "disables SSH strict host key checking (deprecated, use --insecure-skip-server-verification instead)")
 	command.Flags().BoolVar(&opts.InsecureSkipServerVerification, "insecure-skip-server-verification", false, "disables server certificate and host key checks")
 	command.Flags().BoolVar(&opts.EnableLfs, "enable-lfs", false, "enable git-lfs (Large File Support) on this repository")
diff --git a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md
index ffd5a7bac26c4..f9a26090b60c4 100644
--- a/docs/user-guide/commands/argocd_admin_repo_generate-spec.md
+++ b/docs/user-guide/commands/argocd_admin_repo_generate-spec.md
@@ -37,13 +37,13 @@ argocd admin repo generate-spec REPOURL [flags]
   argocd admin repo generate-spec helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type helm --name stable --enable-oci --username test --password test
 
   # Add a private HTTPS OCI repository named 'stable'
-  argocd repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test
+  argocd admin repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test
   
   # Add a private OCI repository named 'stable' without verifying the server's TLS certificate
-  argocd repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-skip-server-verification
+  argocd admin repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-skip-server-verification
   
   # Add a private HTTP OCI repository named 'stable'
-  argocd repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-oci-force-http
+  argocd admin repo generate-spec oci://helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type oci --name stable --username test --password test --insecure-oci-force-http
 
 ```
 
@@ -70,7 +70,7 @@ argocd admin repo generate-spec REPOURL [flags]
       --project string                          project of the repository
       --proxy string                            use proxy to access repository
       --ssh-private-key-path string             path to the private ssh key (e.g. ~/.ssh/id_rsa)
-      --tls-client-cert-key-path string         path to the TLS client cert's key path (must be PEM format)
+      --tls-client-cert-key-path string         path to the TLS client cert's key (must be PEM format)
       --tls-client-cert-path string             path to the TLS client cert (must be PEM format)
       --type string                             type of the repository, "git", "oci" or "helm" (default "git")
       --use-azure-workload-identity             whether to use azure workload identity for authentication
diff --git a/docs/user-guide/commands/argocd_repo_add.md b/docs/user-guide/commands/argocd_repo_add.md
index 16e2c532521e2..6def99e5ce9a3 100644
--- a/docs/user-guide/commands/argocd_repo_add.md
+++ b/docs/user-guide/commands/argocd_repo_add.md
@@ -80,7 +80,7 @@ argocd repo add REPOURL [flags]
       --project string                          project of the repository
       --proxy string                            use proxy to access repository
       --ssh-private-key-path string             path to the private ssh key (e.g. ~/.ssh/id_rsa)
-      --tls-client-cert-key-path string         path to the TLS client cert's key path (must be PEM format)
+      --tls-client-cert-key-path string         path to the TLS client cert's key (must be PEM format)
       --tls-client-cert-path string             path to the TLS client cert (must be PEM format)
       --type string                             type of the repository, "git", "oci" or "helm" (default "git")
       --upsert                                  Override an existing repository with the same name even if the spec differs
diff --git a/docs/user-guide/commands/argocd_repocreds_add.md b/docs/user-guide/commands/argocd_repocreds_add.md
index 033f6de091182..5fcc0fa61487a 100644
--- a/docs/user-guide/commands/argocd_repocreds_add.md
+++ b/docs/user-guide/commands/argocd_repocreds_add.md
@@ -49,7 +49,7 @@ argocd repocreds add REPOURL [flags]
       --password string                         password to the repository
       --proxy-url string                        If provided, this URL will be used to connect via proxy
       --ssh-private-key-path string             path to the private ssh key (e.g. ~/.ssh/id_rsa)
-      --tls-client-cert-key-path string         path to the TLS client cert's key path (must be PEM format)
+      --tls-client-cert-key-path string         path to the TLS client cert's key (must be PEM format)
       --tls-client-cert-path string             path to the TLS client cert (must be PEM format)
       --type string                             type of the repository, "git" or "helm" (default "git")
       --upsert                                  Override an existing repository with the same name even if the spec differs

From 19f73c40140af33691dedf73abe2dbd6f6443763 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Thu, 19 Jun 2025 11:17:43 +0530
Subject: [PATCH 002/383] option to read secret from volume

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 argocd-redis.yaml   | 156 ++++++++++++++++++++++++++++++++++++++++++++
 go.mod              |   2 +-
 go.sum              |   4 +-
 util/cache/cache.go |  90 +++++++++++++++++++++----
 4 files changed, 235 insertions(+), 17 deletions(-)
 create mode 100644 argocd-redis.yaml

diff --git a/argocd-redis.yaml b/argocd-redis.yaml
new file mode 100644
index 0000000000000..8b80a8147521f
--- /dev/null
+++ b/argocd-redis.yaml
@@ -0,0 +1,156 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis
+  namespace: argocd
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: argocd-redis
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: argocd-redis
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: argocd-redis
+              topologyKey: kubernetes.io/hostname
+            weight: 100
+          - podAffinityTerm:
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/part-of: argocd
+              topologyKey: kubernetes.io/hostname
+            weight: 5
+      containers:
+      - name: redis
+        image: redis:7.0.15-alpine # Your specified image version
+        imagePullPolicy: Always
+        command: ["sh", "-c"]
+        args:
+          - |
+            mkdir -p /var/redis-config-temp/config
+            cat <<EOF > /var/redis-config-temp/config/redis.conf
+            # General Redis Configuration
+            port 6379
+            bind 0.0.0.0
+
+            # Security: Require password for client connections.
+            # The password is read from the 'auth' key of the 'argocd-redis' Secret,
+            # which is mounted as a file at /etc/redis-secret/auth.
+            requirepass $(cat /etc/redis-secret/auth)
+
+            # Example RDB snapshot persistence:
+            # save 900 1    # Save if 1 key changes in 15 minutes
+            # save 300 10   # Save if 10 keys change in 5 minutes
+            # save 60 10000 # Save if 10000 keys change in 1 minute
+        
+            # Example AOF (Append Only File) persistence:
+            # appendonly yes        # Enable AOF persistence
+            # appendfsync everysec  # Sync AOF to disk every second (good balance of performance/safety)
+
+            EOF
+
+            # Start the Redis server using the dynamically generated configuration file.
+            redis-server /var/redis-config-temp/config/redis.conf
+        ports:
+        - containerPort: 6379
+          protocol: TCP
+        resources:
+          requests:
+            cpu: 100m # Request 100 millicores of CPU
+            memory: 128Mi # Request 128 MiB of memory (should be less than maxmemory)
+          limits:
+            cpu: 200m # Limit to 200 millicores of CPU
+            memory: 512Mi # Limit to 512 MiB of memory (should be >= maxmemory + overhead)
+          # ----------------------------------------------------
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true # Retains your existing security context
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+          # Mount the Kubernetes Secret containing the Redis password.
+          # This provides read-only access to the password file.
+          - name: redis-password-volume
+            mountPath: /etc/redis-secret # The directory where the secret's data will appear as files
+            readOnly: true # Crucially, this mount is read-only for security.
+          # Mount a temporary, writable volume. This is where the redis.conf will be
+          # dynamically generated and where Redis might store temporary files.
+          # Data in an emptyDir is lost when the pod is restarted or deleted.
+          - name: redis-temp-volume
+            mountPath: /var/redis-config-temp # Ensure this path is writable by the container's user
+          # If you require persistent storage for Redis data (e.g., for RDB/AOF files),
+          # you would uncomment and configure a PersistentVolumeClaim here.
+          # The mountPath here must match the 'dir' specified in your redis.conf.
+          # - name: redis-data-pvc-volume
+          #   mountPath: /data # Example: Mount a PVC to /data for persistence
+      # --- END OF MODIFIED SECTION ---
+      dnsPolicy: ClusterFirst
+      initContainers:
+      - command:
+        - argocd
+        - admin
+        - redis-initial-password
+        image: quay.io/argoproj/argocd:v2.12.0
+        imagePullPolicy: IfNotPresent
+        name: secret-init
+        resources: {}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 999
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccount: argocd-redis
+      serviceAccountName: argocd-redis
+      terminationGracePeriodSeconds: 30
+      volumes:
+        # Define the volume that mounts the Secret containing the Redis password.
+        - name: redis-password-volume
+          secret:
+            secretName: argocd-redis # This must match your existing Secret name
+            items:
+              - key: auth # This is the key within your Secret that holds the password
+                path: auth # The filename it will appear as inside the mounted directory (/etc/redis-secret/auth)
+        # Define the temporary writable volume (emptyDir) for dynamic config and temporary files.
+        - name: redis-temp-volume
+          emptyDir: {} # Data in this volume is temporary and will be lost on pod restart.
+        # If you need persistent storage for Redis data (e.g., RDB/AOF files),
+        # define the PersistentVolumeClaim (PVC) volume here.
+        # - name: redis-data-pvc-volume
+        #   persistentVolumeClaim:
+        #     claimName: your-redis-pvc-name # Replace with the actual name of your PVC
\ No newline at end of file
diff --git a/go.mod b/go.mod
index 7c94b6f02a24f..c458004ef01dc 100644
--- a/go.mod
+++ b/go.mod
@@ -273,7 +273,7 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	gomodules.xyz/notify v0.1.1 // indirect
 	google.golang.org/api v0.223.0 // indirect
-	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
diff --git a/go.sum b/go.sum
index 7ae136df3dce6..bc8d35b35ea94 100644
--- a/go.sum
+++ b/go.sum
@@ -1404,8 +1404,8 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
-google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
+google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
 google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 h1:Kog3KlB4xevJlAcbbbzPfRG0+X9fdoGM+UBRKVz6Wr0=
 google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237/go.mod h1:ezi0AVyMKDWy5xAncvjLWH7UcLBB5n7y2fQ8MzjJcto=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 h1:cJfm9zPbe1e873mHJzmQ1nwVEeRDU/T1wXDK2kUSU34=
diff --git a/util/cache/cache.go b/util/cache/cache.go
index a4fb5ff153ccb..ddf721482539b 100644
--- a/util/cache/cache.go
+++ b/util/cache/cache.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"math"
 	"os"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -24,7 +25,7 @@ const (
 	// envRedisPassword is an env variable name which stores redis password
 	envRedisPassword = "REDIS_PASSWORD"
 	// envRedisUsername is an env variable name which stores redis username (for acl setup)
-	envRedisUsername = "REDIS_USERNAME"
+	envRedisUsername = "REDIS_PASSWORD"
 	// envRedisRetryCount is an env variable name which stores redis retry count
 	envRedisRetryCount = "REDIS_RETRY_COUNT"
 	// defaultRedisRetryCount holds default number of retries
@@ -33,6 +34,8 @@ const (
 	envRedisSentinelPassword = "REDIS_SENTINEL_PASSWORD"
 	// envRedisSentinelUsername is an env variable name which stores redis sentinel username
 	envRedisSentinelUsername = "REDIS_SENTINEL_USERNAME"
+	// envRedisCredsFilePath is an env variable name which stores path to redis credentials file
+	envRedisCredsFilePath = "REDIS_CREDS_FILE_PATH"
 )
 
 const (
@@ -40,6 +43,13 @@ const (
 	CLIFlagRedisCompress = "redis-compress"
 )
 
+type RedisCreds struct {
+	Password         string
+	Username         string
+	SentinelUsername string
+	SentinelPassword string
+}
+
 func NewCache(client CacheClient) *Cache {
 	return &Cache{client}
 }
@@ -129,6 +139,27 @@ func getFlagVal[T any](cmd *cobra.Command, o Options, name string, getVal func(n
 	}
 }
 
+// loadRedisCredsFromSecret loads Redis credentials from a file mounted at the specified path.
+func loadRedisCredsFromSecret(mountPath string) *RedisCreds {
+	creds := &RedisCreds{}
+	readAuthDetailsFromFile := func(filename string) string {
+		data, err := os.ReadFile(filepath.Join(mountPath, filename))
+		if err != nil {
+			log.WithFields(log.Fields{
+				"file":  filename,
+				"error": err,
+			}).Warn("Unable to read Redis credential from file; falling back to environment variables")
+			return ""
+		}
+		return strings.TrimSpace(string(data))
+	}
+	creds.Password = readAuthDetailsFromFile("auth")
+	creds.Username = readAuthDetailsFromFile("auth_username")
+	creds.SentinelUsername = readAuthDetailsFromFile("sentinel_username")
+	creds.SentinelPassword = readAuthDetailsFromFile("sentinel_auth")
+	return creds
+}
+
 // AddCacheFlagsToCmd adds flags which control caching to the specified command
 func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...Options) func() (*Cache, error) {
 	redisAddress := ""
@@ -206,25 +237,56 @@ func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...Options) func() (*Cache, err
 				}
 			}
 		}
-		password := os.Getenv(envRedisPassword)
-		username := os.Getenv(envRedisUsername)
-		sentinelUsername := os.Getenv(envRedisSentinelUsername)
-		sentinelPassword := os.Getenv(envRedisSentinelPassword)
+		var password, username, sentinelUsername, sentinelPassword string
+		credsFilePath := os.Getenv(envRedisCredsFilePath)
 		if opt.FlagPrefix != "" {
-			if val := os.Getenv(opt.getEnvPrefix() + envRedisUsername); val != "" {
-				username = val
+			if val := os.Getenv(opt.getEnvPrefix() + envRedisCredsFilePath); val != "" {
+				credsFilePath = val
+			}
+		}
+		// Try to read credentials from the file first
+		if credsFilePath != "" {
+			log.Info("Loading Redis credentials from file: ", credsFilePath)
+			creds := loadRedisCredsFromSecret(credsFilePath)
+			password = creds.Password
+			username = creds.Username
+			sentinelUsername = creds.SentinelUsername
+			sentinelPassword = creds.SentinelPassword
+		}
+		// If credentials were not successfully loaded from file, or if file path was not provided,
+		// then read from individual environment variables. Environment variables also override file if specified via flag.
+		if username == "" { // Only fall back if not set by file
+			username = os.Getenv(envRedisUsername)
+			if opt.FlagPrefix != "" {
+				if val := os.Getenv(opt.getEnvPrefix() + envRedisUsername); val != "" {
+					username = val
+				}
 			}
-			if val := os.Getenv(opt.getEnvPrefix() + envRedisPassword); val != "" {
-				password = val
+		}
+		if password == "" { // Only fall back if not set by file
+			password = os.Getenv(envRedisPassword)
+			if opt.FlagPrefix != "" {
+				if val := os.Getenv(opt.getEnvPrefix() + envRedisPassword); val != "" {
+					password = val
+				}
 			}
-			if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelUsername); val != "" {
-				sentinelUsername = val
+		}
+		if sentinelUsername == "" { // Only fall back if not set by file
+			sentinelUsername = os.Getenv(envRedisSentinelUsername)
+			if opt.FlagPrefix != "" {
+				if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelUsername); val != "" {
+					sentinelUsername = val
+				}
 			}
-			if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelPassword); val != "" {
-				sentinelPassword = val
+		}
+		if sentinelPassword == "" { // Only fall back if not set by file
+			sentinelPassword = os.Getenv(envRedisSentinelPassword)
+			if opt.FlagPrefix != "" {
+				if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelPassword); val != "" {
+					sentinelPassword = val
+				}
 			}
 		}
-
 		maxRetries := env.ParseNumFromEnv(envRedisRetryCount, defaultRedisRetryCount, 0, math.MaxInt32)
 		compression, err := CompressionTypeFromString(compressionStr)
 		if err != nil {

From 56fdbba28456cc95d180302dd1e494cbddab674c Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Thu, 19 Jun 2025 16:23:59 +0530
Subject: [PATCH 003/383] add unit test. make redisCreds private

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 argocd-redis.yaml        | 156 ---------------------------------------
 util/cache/cache.go      |  38 +++++-----
 util/cache/cache_test.go |  22 ++++++
 3 files changed, 39 insertions(+), 177 deletions(-)
 delete mode 100644 argocd-redis.yaml

diff --git a/argocd-redis.yaml b/argocd-redis.yaml
deleted file mode 100644
index 8b80a8147521f..0000000000000
--- a/argocd-redis.yaml
+++ /dev/null
@@ -1,156 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/component: redis
-    app.kubernetes.io/name: argocd-redis
-    app.kubernetes.io/part-of: argocd
-  name: argocd-redis
-  namespace: argocd
-spec:
-  progressDeadlineSeconds: 600
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: argocd-redis
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app.kubernetes.io/name: argocd-redis
-    spec:
-      affinity:
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchLabels:
-                  app.kubernetes.io/name: argocd-redis
-              topologyKey: kubernetes.io/hostname
-            weight: 100
-          - podAffinityTerm:
-              labelSelector:
-                matchLabels:
-                  app.kubernetes.io/part-of: argocd
-              topologyKey: kubernetes.io/hostname
-            weight: 5
-      containers:
-      - name: redis
-        image: redis:7.0.15-alpine # Your specified image version
-        imagePullPolicy: Always
-        command: ["sh", "-c"]
-        args:
-          - |
-            mkdir -p /var/redis-config-temp/config
-            cat <<EOF > /var/redis-config-temp/config/redis.conf
-            # General Redis Configuration
-            port 6379
-            bind 0.0.0.0
-
-            # Security: Require password for client connections.
-            # The password is read from the 'auth' key of the 'argocd-redis' Secret,
-            # which is mounted as a file at /etc/redis-secret/auth.
-            requirepass $(cat /etc/redis-secret/auth)
-
-            # Example RDB snapshot persistence:
-            # save 900 1    # Save if 1 key changes in 15 minutes
-            # save 300 10   # Save if 10 keys change in 5 minutes
-            # save 60 10000 # Save if 10000 keys change in 1 minute
-        
-            # Example AOF (Append Only File) persistence:
-            # appendonly yes        # Enable AOF persistence
-            # appendfsync everysec  # Sync AOF to disk every second (good balance of performance/safety)
-
-            EOF
-
-            # Start the Redis server using the dynamically generated configuration file.
-            redis-server /var/redis-config-temp/config/redis.conf
-        ports:
-        - containerPort: 6379
-          protocol: TCP
-        resources:
-          requests:
-            cpu: 100m # Request 100 millicores of CPU
-            memory: 128Mi # Request 128 MiB of memory (should be less than maxmemory)
-          limits:
-            cpu: 200m # Limit to 200 millicores of CPU
-            memory: 512Mi # Limit to 512 MiB of memory (should be >= maxmemory + overhead)
-          # ----------------------------------------------------
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true # Retains your existing security context
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-          # Mount the Kubernetes Secret containing the Redis password.
-          # This provides read-only access to the password file.
-          - name: redis-password-volume
-            mountPath: /etc/redis-secret # The directory where the secret's data will appear as files
-            readOnly: true # Crucially, this mount is read-only for security.
-          # Mount a temporary, writable volume. This is where the redis.conf will be
-          # dynamically generated and where Redis might store temporary files.
-          # Data in an emptyDir is lost when the pod is restarted or deleted.
-          - name: redis-temp-volume
-            mountPath: /var/redis-config-temp # Ensure this path is writable by the container's user
-          # If you require persistent storage for Redis data (e.g., for RDB/AOF files),
-          # you would uncomment and configure a PersistentVolumeClaim here.
-          # The mountPath here must match the 'dir' specified in your redis.conf.
-          # - name: redis-data-pvc-volume
-          #   mountPath: /data # Example: Mount a PVC to /data for persistence
-      # --- END OF MODIFIED SECTION ---
-      dnsPolicy: ClusterFirst
-      initContainers:
-      - command:
-        - argocd
-        - admin
-        - redis-initial-password
-        image: quay.io/argoproj/argocd:v2.12.0
-        imagePullPolicy: IfNotPresent
-        name: secret-init
-        resources: {}
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 999
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccount: argocd-redis
-      serviceAccountName: argocd-redis
-      terminationGracePeriodSeconds: 30
-      volumes:
-        # Define the volume that mounts the Secret containing the Redis password.
-        - name: redis-password-volume
-          secret:
-            secretName: argocd-redis # This must match your existing Secret name
-            items:
-              - key: auth # This is the key within your Secret that holds the password
-                path: auth # The filename it will appear as inside the mounted directory (/etc/redis-secret/auth)
-        # Define the temporary writable volume (emptyDir) for dynamic config and temporary files.
-        - name: redis-temp-volume
-          emptyDir: {} # Data in this volume is temporary and will be lost on pod restart.
-        # If you need persistent storage for Redis data (e.g., RDB/AOF files),
-        # define the PersistentVolumeClaim (PVC) volume here.
-        # - name: redis-data-pvc-volume
-        #   persistentVolumeClaim:
-        #     claimName: your-redis-pvc-name # Replace with the actual name of your PVC
\ No newline at end of file
diff --git a/util/cache/cache.go b/util/cache/cache.go
index ddf721482539b..e0a6dabfd13a4 100644
--- a/util/cache/cache.go
+++ b/util/cache/cache.go
@@ -43,11 +43,11 @@ const (
 	CLIFlagRedisCompress = "redis-compress"
 )
 
-type RedisCreds struct {
-	Password         string
-	Username         string
-	SentinelUsername string
-	SentinelPassword string
+type redisCreds struct {
+	password         string
+	username         string
+	sentinelUsername string
+	sentinelPassword string
 }
 
 func NewCache(client CacheClient) *Cache {
@@ -139,24 +139,20 @@ func getFlagVal[T any](cmd *cobra.Command, o Options, name string, getVal func(n
 	}
 }
 
-// loadRedisCredsFromSecret loads Redis credentials from a file mounted at the specified path.
-func loadRedisCredsFromSecret(mountPath string) *RedisCreds {
-	creds := &RedisCreds{}
+// loadRedisCredsFromFile loads Redis credentials from a file mounted at the specified path.
+func loadRedisCredsFromFile(mountPath string) *redisCreds {
+	creds := &redisCreds{}
 	readAuthDetailsFromFile := func(filename string) string {
 		data, err := os.ReadFile(filepath.Join(mountPath, filename))
 		if err != nil {
-			log.WithFields(log.Fields{
-				"file":  filename,
-				"error": err,
-			}).Warn("Unable to read Redis credential from file; falling back to environment variables")
 			return ""
 		}
 		return strings.TrimSpace(string(data))
 	}
-	creds.Password = readAuthDetailsFromFile("auth")
-	creds.Username = readAuthDetailsFromFile("auth_username")
-	creds.SentinelUsername = readAuthDetailsFromFile("sentinel_username")
-	creds.SentinelPassword = readAuthDetailsFromFile("sentinel_auth")
+	creds.password = readAuthDetailsFromFile("auth")
+	creds.username = readAuthDetailsFromFile("auth_username")
+	creds.sentinelUsername = readAuthDetailsFromFile("sentinel_username")
+	creds.sentinelPassword = readAuthDetailsFromFile("sentinel_auth")
 	return creds
 }
 
@@ -247,11 +243,11 @@ func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...Options) func() (*Cache, err
 		// Try to read credentials from the file first
 		if credsFilePath != "" {
 			log.Info("Loading Redis credentials from file: ", credsFilePath)
-			creds := loadRedisCredsFromSecret(credsFilePath)
-			password = creds.Password
-			username = creds.Username
-			sentinelUsername = creds.SentinelUsername
-			sentinelPassword = creds.SentinelPassword
+			creds := loadRedisCredsFromFile(credsFilePath)
+			password = creds.password
+			username = creds.username
+			sentinelUsername = creds.sentinelUsername
+			sentinelPassword = creds.sentinelPassword
 		}
 		// If credentials were not successfully loaded from file, or if file path was not provided,
 		// then read from individual environment variables. Environment variables also override file if specified via flag.
diff --git a/util/cache/cache_test.go b/util/cache/cache_test.go
index bcd6d5136cea8..b465d5829facd 100644
--- a/util/cache/cache_test.go
+++ b/util/cache/cache_test.go
@@ -1,6 +1,8 @@
 package cache
 
 import (
+	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -87,3 +89,23 @@ func TestGenerateCacheKey(t *testing.T) {
 	testKey := cache.generateFullKey("testkey")
 	assert.Equal(t, "testkey|"+common.CacheVersion, testKey)
 }
+
+// Test loading Redis credentials from a file
+func TestLoadRedisCredsFromFile(t *testing.T) {
+	dir := t.TempDir()
+	// Helper to write a file
+	writeFile := func(name, content string) {
+		require.NoError(t, os.WriteFile(filepath.Join(dir, name), []byte(content), 0600))
+	}
+	// Write all files
+	writeFile("auth", "mypassword\n")
+	writeFile("auth_username", "myuser")
+	writeFile("sentinel_username", "sentineluser")
+	writeFile("sentinel_auth", "sentinelpass")
+
+	creds := loadRedisCredsFromFile(dir)
+	assert.Equal(t, "mypassword", creds.password)
+	assert.Equal(t, "myuser", creds.username)
+	assert.Equal(t, "sentineluser", creds.sentinelUsername)
+	assert.Equal(t, "sentinelpass", creds.sentinelPassword)
+}

From 37058727d4b5ab42951193cf21838aa9612aa17d Mon Sep 17 00:00:00 2001
From: Kanika Rana <46766610+ranakan19@users.noreply.github.com>
Date: Tue, 17 Jun 2025 07:56:58 -0400
Subject: [PATCH 004/383] chore(finalizers): remove hardcoding of application
 and applicationset finalizers (#23420)

Signed-off-by: Kanika Rana <krana@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../controllers/template/patch_test.go        |  8 +--
 applicationset/utils/utils.go                 |  2 +-
 applicationset/utils/utils_test.go            | 18 +++----
 cmd/argocd/commands/admin/app.go              |  2 +-
 cmd/argocd/commands/app.go                    |  2 +-
 test/e2e/app_management_ns_test.go            |  2 +-
 test/e2e/app_management_test.go               |  2 +-
 test/e2e/applicationset_git_generator_test.go | 30 +++++------
 test/e2e/applicationset_test.go               | 50 +++++++++----------
 test/e2e/cluster_generator_test.go            | 12 ++---
 test/e2e/clusterdecisiongenerator_e2e_test.go | 10 ++--
 test/e2e/matrix_e2e_test.go                   |  8 +--
 test/e2e/merge_e2e_test.go                    |  6 +--
 13 files changed, 76 insertions(+), 76 deletions(-)

diff --git a/applicationset/controllers/template/patch_test.go b/applicationset/controllers/template/patch_test.go
index 35c88fe650fa4..d252924d47554 100644
--- a/applicationset/controllers/template/patch_test.go
+++ b/applicationset/controllers/template/patch_test.go
@@ -27,7 +27,7 @@ func Test_ApplyTemplatePatch(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:       "my-cluster-guestbook",
 					Namespace:  "namespace",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+					Finalizers: []string{appv1.ResourcesFinalizerName},
 				},
 				Spec: appv1.ApplicationSpec{
 					Project: "default",
@@ -72,7 +72,7 @@ func Test_ApplyTemplatePatch(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:       "my-cluster-guestbook",
 					Namespace:  "namespace",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+					Finalizers: []string{appv1.ResourcesFinalizerName},
 					Annotations: map[string]string{
 						"annotation-some-key": "annotation-some-value",
 					},
@@ -112,7 +112,7 @@ func Test_ApplyTemplatePatch(t *testing.T) {
 				ObjectMeta: metav1.ObjectMeta{
 					Name:       "my-cluster-guestbook",
 					Namespace:  "namespace",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+					Finalizers: []string{appv1.ResourcesFinalizerName},
 				},
 				Spec: appv1.ApplicationSpec{
 					Project: "default",
@@ -148,7 +148,7 @@ spec:
 				ObjectMeta: metav1.ObjectMeta{
 					Name:       "my-cluster-guestbook",
 					Namespace:  "namespace",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+					Finalizers: []string{appv1.ResourcesFinalizerName},
 					Annotations: map[string]string{
 						"annotation-some-key": "annotation-some-value",
 					},
diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go
index cfc26720b4f4e..c8491e2956a01 100644
--- a/applicationset/utils/utils.go
+++ b/applicationset/utils/utils.go
@@ -276,7 +276,7 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy *
 	// See TestRenderTemplateParamsFinalizers in util_test.go for test-based definition of behaviour
 	if (syncPolicy == nil || !syncPolicy.PreserveResourcesOnDeletion) &&
 		len(replacedTmpl.Finalizers) == 0 {
-		replacedTmpl.Finalizers = []string{"resources-finalizer.argocd.argoproj.io"}
+		replacedTmpl.Finalizers = []string{argoappsv1.ResourcesFinalizerName}
 	}
 
 	return replacedTmpl, nil
diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go
index 351d144e2f288..1554defb5e5b0 100644
--- a/applicationset/utils/utils_test.go
+++ b/applicationset/utils/utils_test.go
@@ -752,35 +752,35 @@ func TestRenderTemplateParamsFinalizers(t *testing.T) {
 		},
 		{
 			testName:           "background finalizer should be preserved",
-			existingFinalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+			existingFinalizers: []string{argoappsv1.BackgroundPropagationPolicyFinalizer},
 			syncPolicy:         nil,
-			expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+			expectedFinalizers: []string{argoappsv1.BackgroundPropagationPolicyFinalizer},
 		},
 
 		{
 			testName:           "empty finalizer and empty sync should use standard finalizer",
 			existingFinalizers: nil,
 			syncPolicy:         nil,
-			expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			expectedFinalizers: []string{argoappsv1.ResourcesFinalizerName},
 		},
 
 		{
 			testName:           "standard finalizer should be preserved",
-			existingFinalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			existingFinalizers: []string{argoappsv1.ResourcesFinalizerName},
 			syncPolicy:         nil,
-			expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			expectedFinalizers: []string{argoappsv1.ResourcesFinalizerName},
 		},
 		{
 			testName:           "empty array finalizers should use standard finalizer",
 			existingFinalizers: []string{},
 			syncPolicy:         nil,
-			expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			expectedFinalizers: []string{argoappsv1.ResourcesFinalizerName},
 		},
 		{
 			testName:           "non-nil sync policy should use standard finalizer",
 			existingFinalizers: nil,
 			syncPolicy:         &argoappsv1.ApplicationSetSyncPolicy{},
-			expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			expectedFinalizers: []string{argoappsv1.ResourcesFinalizerName},
 		},
 		{
 			testName:           "preserveResourcesOnDeletion should not have a finalizer",
@@ -792,11 +792,11 @@ func TestRenderTemplateParamsFinalizers(t *testing.T) {
 		},
 		{
 			testName:           "user-specified finalizer should overwrite preserveResourcesOnDeletion",
-			existingFinalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+			existingFinalizers: []string{argoappsv1.BackgroundPropagationPolicyFinalizer},
 			syncPolicy: &argoappsv1.ApplicationSetSyncPolicy{
 				PreserveResourcesOnDeletion: true,
 			},
-			expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+			expectedFinalizers: []string{argoappsv1.BackgroundPropagationPolicyFinalizer},
 		},
 	} {
 		t.Run(c.testName, func(t *testing.T) {
diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go
index 0b14449e46f53..535112e3634ca 100644
--- a/cmd/argocd/commands/admin/app.go
+++ b/cmd/argocd/commands/admin/app.go
@@ -117,7 +117,7 @@ func NewGenAppSpecCommand() *cobra.Command {
 				os.Exit(1)
 			}
 			if setFinalizer {
-				app.Finalizers = append(app.Finalizers, "resources-finalizer.argocd.argoproj.io")
+				app.Finalizers = append(app.Finalizers, v1alpha1.ResourcesFinalizerName)
 			}
 			out, closer, err := getOutWriter(inline, fileURL)
 			errors.CheckError(err)
diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go
index cf1b82dec978f..cb1bdc54caed1 100644
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -167,7 +167,7 @@ func NewApplicationCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.
 					app.Namespace = appNamespace
 				}
 				if setFinalizer {
-					app.Finalizers = append(app.Finalizers, "resources-finalizer.argocd.argoproj.io")
+					app.Finalizers = append(app.Finalizers, argoappv1.ResourcesFinalizerName)
 				}
 				conn, appIf := argocdClient.NewApplicationClientOrDie()
 				defer utilio.Close(conn)
diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go
index 3cf9b939854f9..ad81a35150cd3 100644
--- a/test/e2e/app_management_ns_test.go
+++ b/test/e2e/app_management_ns_test.go
@@ -2131,7 +2131,7 @@ spec:
 		And(func(app *Application) {
 			assert.Equal(t, map[string]string{"labels.local/from-file": "file", "labels.local/from-args": "args"}, app.Labels)
 			assert.Equal(t, map[string]string{"annotations.local/from-file": "file"}, app.Annotations)
-			assert.Equal(t, []string{"resources-finalizer.argocd.argoproj.io"}, app.Finalizers)
+			assert.Equal(t, []string{ResourcesFinalizerName}, app.Finalizers)
 			assert.Equal(t, path, app.Spec.GetSource().Path)
 			assert.Equal(t, []HelmParameter{{Name: "foo", Value: "foo"}}, app.Spec.GetSource().Helm.Parameters)
 		})
diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go
index 434918ec35f5a..0c6b97e6bb780 100644
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@@ -2350,7 +2350,7 @@ spec:
 		And(func(app *Application) {
 			assert.Equal(t, map[string]string{"labels.local/from-file": "file", "labels.local/from-args": "args"}, app.Labels)
 			assert.Equal(t, map[string]string{"annotations.local/from-file": "file"}, app.Annotations)
-			assert.Equal(t, []string{"resources-finalizer.argocd.argoproj.io"}, app.Finalizers)
+			assert.Equal(t, []string{ResourcesFinalizerName}, app.Finalizers)
 			assert.Equal(t, path, app.Spec.GetSource().Path)
 			assert.Equal(t, []HelmParameter{{Name: "foo", Value: "foo"}}, app.Spec.GetSource().Helm.Parameters)
 		})
diff --git a/test/e2e/applicationset_git_generator_test.go b/test/e2e/applicationset_git_generator_test.go
index 37f875108ad70..7d9541a470e13 100644
--- a/test/e2e/applicationset_git_generator_test.go
+++ b/test/e2e/applicationset_git_generator_test.go
@@ -40,7 +40,7 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -149,7 +149,7 @@ func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -281,7 +281,7 @@ func TestSimpleGitDirectoryGeneratorGPGEnabledUnsignedCommits(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -379,7 +379,7 @@ func TestSimpleGitDirectoryGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -463,7 +463,7 @@ func TestSimpleGitFilesGenerator(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -595,7 +595,7 @@ func TestSimpleGitFilesGeneratorGPGEnabledUnsignedCommits(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: project,
@@ -693,7 +693,7 @@ func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: project,
@@ -772,7 +772,7 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1003,7 +1003,7 @@ func TestGitGeneratorPrivateRepo(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1080,7 +1080,7 @@ func TestGitGeneratorPrivateRepoGoTemplate(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1157,7 +1157,7 @@ func TestSimpleGitGeneratorPrivateRepoWithNoRepo(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1232,7 +1232,7 @@ func TestSimpleGitGeneratorPrivateRepoWithMatchingProject(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1308,7 +1308,7 @@ func TestSimpleGitGeneratorPrivateRepoWithMismatchingProject(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1384,7 +1384,7 @@ func TestGitGeneratorPrivateRepoWithTemplatedProject(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -1471,7 +1471,7 @@ func TestGitGeneratorPrivateRepoWithTemplatedProjectAndProjectScopedRepo(t *test
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       name,
 				Namespace:  fixture.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go
index f9d3aace48a05..e285656c315b7 100644
--- a/test/e2e/applicationset_test.go
+++ b/test/e2e/applicationset_test.go
@@ -60,7 +60,7 @@ func TestSimpleListGeneratorExternalNamespace(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  externalNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -162,7 +162,7 @@ func TestSimpleListGeneratorExternalNamespaceNoConflict(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  externalNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -186,7 +186,7 @@ func TestSimpleListGeneratorExternalNamespaceNoConflict(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  externalNamespace2,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -345,7 +345,7 @@ func TestSimpleListGenerator(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -436,7 +436,7 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -528,7 +528,7 @@ func TestRenderHelmValuesObject(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -603,7 +603,7 @@ func TestTemplatePatch(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			Annotations: map[string]string{
 				"annotation-some-key": "annotation-some-value",
 			},
@@ -730,7 +730,7 @@ func TestUpdateHelmValuesObject(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -815,7 +815,7 @@ func TestSyncPolicyCreateUpdate(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook-sync-policy-create-update",
 			Namespace:  utils.ArgoCDNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -844,7 +844,7 @@ func TestSyncPolicyCreateUpdate(t *testing.T) {
 			Template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:       "{{.cluster}}-guestbook-sync-policy-create-update",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+					Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 				},
 				Spec: v1alpha1.ApplicationSpec{
 					Project: "default",
@@ -929,7 +929,7 @@ func TestSyncPolicyCreateDelete(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook-sync-policy-create-delete",
 			Namespace:  utils.ArgoCDNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1028,7 +1028,7 @@ func TestSyncPolicyCreateOnly(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook-sync-policy-create-only",
 			Namespace:  utils.ArgoCDNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1056,7 +1056,7 @@ func TestSyncPolicyCreateOnly(t *testing.T) {
 			Template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:       "{{.cluster}}-guestbook-sync-policy-create-only",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+					Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 				},
 				Spec: v1alpha1.ApplicationSpec{
 					Project: "default",
@@ -1342,7 +1342,7 @@ func TestSimpleSCMProviderGenerator(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "argo-cd-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1417,7 +1417,7 @@ func TestSimpleSCMProviderGeneratorGoTemplate(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "argo-cd-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1487,7 +1487,7 @@ func TestSCMProviderGeneratorSCMProviderNotAllowed(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "argo-cd-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1563,7 +1563,7 @@ func TestCustomApplicationFinalizers(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+			Finalizers: []string{v1alpha1.BackgroundPropagationPolicyFinalizer},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1589,7 +1589,7 @@ func TestCustomApplicationFinalizers(t *testing.T) {
 			Template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:       "{{cluster}}-guestbook",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+					Finalizers: []string{v1alpha1.BackgroundPropagationPolicyFinalizer},
 				},
 				Spec: v1alpha1.ApplicationSpec{
 					Project: "default",
@@ -1630,7 +1630,7 @@ func TestCustomApplicationFinalizersGoTemplate(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "my-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+			Finalizers: []string{v1alpha1.BackgroundPropagationPolicyFinalizer},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1657,7 +1657,7 @@ func TestCustomApplicationFinalizersGoTemplate(t *testing.T) {
 			Template: v1alpha1.ApplicationSetTemplate{
 				ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{
 					Name:       "{{.cluster}}-guestbook",
-					Finalizers: []string{"resources-finalizer.argocd.argoproj.io/background"},
+					Finalizers: []string{v1alpha1.BackgroundPropagationPolicyFinalizer},
 				},
 				Spec: v1alpha1.ApplicationSpec{
 					Project: "default",
@@ -1744,7 +1744,7 @@ func TestSimpleSCMProviderGeneratorTokenRefStrictOk(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "argo-cd-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -1846,7 +1846,7 @@ func TestSimpleSCMProviderGeneratorTokenRefStrictKo(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "argo-cd-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			Labels: map[string]string{
 				common.LabelKeyAppInstance: "simple-scm-provider-generator-strict-ko",
 			},
@@ -1955,7 +1955,7 @@ func TestSimplePullRequestGenerator(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "guestbook-1",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -2033,7 +2033,7 @@ func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "guestbook-1",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			Labels:     map[string]string{"app": "preview"},
 		},
 		Spec: v1alpha1.ApplicationSpec{
@@ -2109,7 +2109,7 @@ func TestPullRequestGeneratorNotAllowedSCMProvider(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "guestbook-1",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			Labels: map[string]string{
 				"app": "preview",
 			},
diff --git a/test/e2e/cluster_generator_test.go b/test/e2e/cluster_generator_test.go
index e1dc84b2035f4..ea47644f7c84e 100644
--- a/test/e2e/cluster_generator_test.go
+++ b/test/e2e/cluster_generator_test.go
@@ -24,7 +24,7 @@ func TestSimpleClusterGeneratorExternalNamespace(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "cluster1-guestbook",
 			Namespace:  externalNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -124,7 +124,7 @@ func TestSimpleClusterGenerator(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "cluster1-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -218,7 +218,7 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "in-cluster-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -335,7 +335,7 @@ func TestSimpleClusterGeneratorAddingCluster(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "{{name}}-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -417,7 +417,7 @@ func TestSimpleClusterGeneratorDeletingCluster(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "{{name}}-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -501,7 +501,7 @@ func TestClusterGeneratorWithFlatListMode(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "flat-clusters",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
diff --git a/test/e2e/clusterdecisiongenerator_e2e_test.go b/test/e2e/clusterdecisiongenerator_e2e_test.go
index db7951ac46106..59c375e291c18 100644
--- a/test/e2e/clusterdecisiongenerator_e2e_test.go
+++ b/test/e2e/clusterdecisiongenerator_e2e_test.go
@@ -27,7 +27,7 @@ func TestSimpleClusterDecisionResourceGeneratorExternalNamespace(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "cluster1-guestbook",
 			Namespace:  externalNamespace,
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -135,7 +135,7 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "cluster1-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -237,7 +237,7 @@ func TestSimpleClusterDecisionResourceGeneratorAddingCluster(t *testing.T) {
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "{{name}}-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -332,7 +332,7 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterSecret(t *testing.
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "{{name}}-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
@@ -429,7 +429,7 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterFromResource(t *te
 		ObjectMeta: metav1.ObjectMeta{
 			Name:       "{{name}}-guestbook",
 			Namespace:  fixture.TestNamespace(),
-			Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+			Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 		},
 		Spec: v1alpha1.ApplicationSpec{
 			Project: "default",
diff --git a/test/e2e/matrix_e2e_test.go b/test/e2e/matrix_e2e_test.go
index 534c74938b253..189e51beca150 100644
--- a/test/e2e/matrix_e2e_test.go
+++ b/test/e2e/matrix_e2e_test.go
@@ -24,7 +24,7 @@ func TestListMatrixGenerator(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s", cluster, name),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -147,7 +147,7 @@ func TestClusterMatrixGenerator(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s", cluster, name),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -273,7 +273,7 @@ func TestMatrixTerminalMatrixGeneratorSelector(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s", cluster, name),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -414,7 +414,7 @@ func TestMatrixTerminalMergeGeneratorSelector(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s", name, nameSuffix),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
diff --git a/test/e2e/merge_e2e_test.go b/test/e2e/merge_e2e_test.go
index e799c95fdd08a..ef933ab6b28c0 100644
--- a/test/e2e/merge_e2e_test.go
+++ b/test/e2e/merge_e2e_test.go
@@ -25,7 +25,7 @@ func TestListMergeGenerator(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s", name, nameSuffix),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -146,7 +146,7 @@ func TestClusterMergeGenerator(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s-%s", cluster, name, nameSuffix),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",
@@ -290,7 +290,7 @@ func TestMergeTerminalMergeGeneratorSelector(t *testing.T) {
 			ObjectMeta: metav1.ObjectMeta{
 				Name:       fmt.Sprintf("%s-%s", name, nameSuffix),
 				Namespace:  utils.TestNamespace(),
-				Finalizers: []string{"resources-finalizer.argocd.argoproj.io"},
+				Finalizers: []string{v1alpha1.ResourcesFinalizerName},
 			},
 			Spec: v1alpha1.ApplicationSpec{
 				Project: "default",

From 053d73d8571a54ade9fe901cd7a9da98b8b03994 Mon Sep 17 00:00:00 2001
From: Eric Fortin <eric.fortin2@gmail.com>
Date: Tue, 17 Jun 2025 10:42:17 -0400
Subject: [PATCH 005/383] docs: regroup generators reference fixes #23439
 (#23440)

Signed-off-by: Eric Fortin <eric.fortin2@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/applicationset.yaml | 257 +++++++++++++----------
 1 file changed, 143 insertions(+), 114 deletions(-)

diff --git a/docs/operator-manual/applicationset.yaml b/docs/operator-manual/applicationset.yaml
index dbe36e076ca2e..14046713bb46b 100644
--- a/docs/operator-manual/applicationset.yaml
+++ b/docs/operator-manual/applicationset.yaml
@@ -5,31 +5,66 @@ metadata:
   namespace: argocd
 spec:
   generators:
+    # The list generator generates a set of two application which then filter by the key value to only select the env with value staging
+    - list:
+        elements:
+          - cluster: engineering-dev
+            url: https://kubernetes.default.svc
+            env: staging
+          - cluster: engineering-prod
+            url: https://kubernetes.default.svc
+            env: prod
+        # The generator's template field takes precedence over the spec's template fields
+        template:
+          metadata: {}
+          spec:
+            project: "default"
+            source:
+              revision: HEAD
+              repoURL: https://github.com/argoproj/argo-cd.git
+              # New path value is generated here:
+              path: 'applicationset/examples/template-override/{{cluster}}-override'
+            destination: {}
 
-    # Using a generator plugin without combining it with Matrix or Merge
-    # Plugins allow you to provide your own generator
-    - plugin:
-      # Specify the configMap where the plugin configuration is located.
-      configMapRef:
-        name: my-plugin
-      # You can pass arbitrary parameters to the plugin. `input.parameters` is a map, but values may be any type.
-      # These parameters will also be available on the generator's output under the `generator.input.parameters` key.
-      input:
-        parameters:
-          key1: "value1"
-          key2: "value2"
-          list: ["list", "of", "values"]
-          boolean: true
-          map:
-            key1: "value1"
-            key2: "value2"
-            key3: "value3"
-        # You can also attach arbitrary values to the generator's output under the `values` key. These values will be
-        # available in templates under the `values` key.
+      # Selector allows to post-filter all generator.
+      selector:
+        matchLabels:
+          env: staging
+          
+    # It is also possible to use matchExpressions for more powerful selectors
+    - clusters: {}
+      selector:
+        matchExpressions:
+          - key: server
+            operator: In
+            values:
+              - https://kubernetes.default.svc
+              - https://some-other-cluster
+
+    # Git generator generates parametes either from directory structure of files within a git repo
+    - git:
+        repoURL: https://github.com/argoproj/argo-cd.git
+        # OPTIONAL: use directory structure of git repo to generate parameters
+        directories:
+        - path: applicationset/examples/git-generator-directory/excludes/cluster-addons/*
+        - path: applicationset/examples/git-generator-directory/excludes/cluster-addons/exclude-helm-guestbook
+          exclude: true # Exclude directory when generating parameters
+        # OPTIONAL: generates parameters using the contents of JSON/YAML files found in git repo
+        files:
+        - path: "applicationset/examples/git-generator-files-discovery/cluster-config/**/config.json"
+        - path: "applicationset/examples/git-generator-files-discovery/cluster-config/*/dev/config.json"
+          exclude: true # Exclude file when generating parameters
+        revision: HEAD
+        # OPTIONAL: Checks for changes every 60sec (default 3min)
+        requeueAfterSeconds: 60
+        # The generator's template field takes precedence over the spec's template fields
+        template:
+        # OPTIONAL: all path-related parameter names will be prefixed with the specified value and a dot separator
+        pathParamPrefix: myRepo
+        # OPTIONAL: Values contains key/value pairs which are passed directly as parameters to the template
         values:
-          value1: something
-        # When using a Plugin generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes.
-        requeueAfterSeconds: 30
+          cluster: '{{.path.basename}}'
+
 
     # to automatically discover repositories within an organization
     - scmProvider:
@@ -76,6 +111,65 @@ spec:
         - repositoryMatch: ^otherapp
           pathsExist: [helm]
           pathsDoNotExist: [disabledrepo.txt]
+
+    # Cluster-decision-resource-based ApplicationSet generator
+    - clusterDecisionResource:
+      # ConfigMap with GVK information for the duck type resource
+      configMapRef: my-configmap  
+      name: quak           # Choose either "name" of the resource or "labelSelector"
+      labelSelector:
+        matchLabels:       # OPTIONAL
+          duck: spotted
+        matchExpressions:  # OPTIONAL
+        - key: duck
+          operator: In
+          values:
+          - "spotted"
+          - "canvasback"   
+      # OPTIONAL: Checks for changes every 60sec (default 3min)
+      requeueAfterSeconds: 60
+  
+    # The Pull Request generator uses the API of an SCMaaS provider to automatically discover open pull requests within a repository
+    - pullRequest:
+        # When using a Pull Request generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes.
+        requeueAfterSeconds: 1800
+        # See below for provider specific options.
+        # Specify the repository from which to fetch the GitHub Pull requests.
+        github:
+          # The GitHub organization or user.
+          owner: myorg
+          # The Github repository
+          repo: myrepository
+          # For GitHub Enterprise (optional)
+          api: https://git.example.com/
+          # Reference to a Secret containing an access token. (optional)
+          tokenRef:
+            secretName: github-token
+            key: token
+          # (optional) use a GitHub App to access the API instead of a PAT.
+          appSecretName: github-app-repo-creds
+          # Labels is used to filter the PRs that you want to target. (optional)
+          labels:
+          - preview
+
+        # Filters allow selecting which pull requests to generate for
+        # Include any pull request ending with "argocd". (optional)
+        filters:
+        - branchMatch: ".*-argocd"
+
+        # Specify the project from which to fetch the GitLab merge requests.
+        gitlab:
+        # Specify the repository from which to fetch the Gitea Pull requests.
+        gitea:
+        # Fetch pull requests from a repo hosted on a Bitbucket Server (not the same as Bitbucket Cloud).
+        bitbucketServer:
+        # Fetch pull requests from a repo hosted on a Bitbucket Cloud.
+        bitbucket:
+        # Specify the organization, project and repository from which you want to fetch pull requests.
+        azuredevops:
+        # Fetch pull requests from AWS CodeCommit repositories.
+        awsCodeCommit:
+   
     # matrix 'parent' generator
     - matrix:
         generators:
@@ -106,6 +200,31 @@ spec:
               elements: 
                 - server: https://2.4.6.8
                   values.redis: 'true'
+
+    # Using a generator plugin without combining it with Matrix or Merge
+    # Plugins allow you to provide your own generator
+    - plugin:
+      # Specify the configMap where the plugin configuration is located.
+      configMapRef:
+        name: my-plugin
+      # You can pass arbitrary parameters to the plugin. `input.parameters` is a map, but values may be any type.
+      # These parameters will also be available on the generator's output under the `generator.input.parameters` key.
+      input:
+        parameters:
+          key1: "value1"
+          key2: "value2"
+          list: ["list", "of", "values"]
+          boolean: true
+          map:
+            key1: "value1"
+            key2: "value2"
+            key3: "value3"
+        # You can also attach arbitrary values to the generator's output under the `values` key. These values will be
+        # available in templates under the `values` key.
+        values:
+          value1: something
+        # When using a Plugin generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes.
+        requeueAfterSeconds: 30
                 
               
   # Determines whether go templating will be used in the `template` field below.
@@ -206,94 +325,4 @@ spec:
     jqPathExpressions:
     - .spec.source.helm.values
 
-  # Cluster-decision-resource-based ApplicationSet generator
-  - clusterDecisionResource:
-    # ConfigMap with GVK information for the duck type resource
-    configMapRef: my-configmap  
-    name: quak           # Choose either "name" of the resource or "labelSelector"
-    labelSelector:
-      matchLabels:       # OPTIONAL
-        duck: spotted
-      matchExpressions:  # OPTIONAL
-      - key: duck
-        operator: In
-        values:
-        - "spotted"
-        - "canvasback"   
-    # OPTIONAL: Checks for changes every 60sec (default 3min)
-    requeueAfterSeconds: 60
-  
-  # The Pull Request generator uses the API of an SCMaaS provider to automatically discover open pull requests within a repository
-  - pullRequest:
-      # When using a Pull Request generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes.
-      requeueAfterSeconds: 1800
-      # See below for provider specific options.
-      # Specify the repository from which to fetch the GitHub Pull requests.
-      github:
-        # The GitHub organization or user.
-        owner: myorg
-        # The Github repository
-        repo: myrepository
-        # For GitHub Enterprise (optional)
-        api: https://git.example.com/
-        # Reference to a Secret containing an access token. (optional)
-        tokenRef:
-          secretName: github-token
-          key: token
-        # (optional) use a GitHub App to access the API instead of a PAT.
-        appSecretName: github-app-repo-creds
-        # Labels is used to filter the PRs that you want to target. (optional)
-        labels:
-        - preview
-
-      # Filters allow selecting which pull requests to generate for
-      # Include any pull request ending with "argocd". (optional)
-      filters:
-      - branchMatch: ".*-argocd"
-
-      # Specify the project from which to fetch the GitLab merge requests.
-      gitlab:
-      # Specify the repository from which to fetch the Gitea Pull requests.
-      gitea:
-      # Fetch pull requests from a repo hosted on a Bitbucket Server (not the same as Bitbucket Cloud).
-      bitbucketServer:
-      # Fetch pull requests from a repo hosted on a Bitbucket Cloud.
-      bitbucket:
-      # Specify the organization, project and repository from which you want to fetch pull requests.
-      azuredevops:
-      # Fetch pull requests from AWS CodeCommit repositories.
-      awsCodeCommit:
-
-# The list generator generates a set of two application which then filter by the key value to only select the env with value staging
-  - list:
-      elements:
-        - cluster: engineering-dev
-          url: https://kubernetes.default.svc
-          env: staging
-        - cluster: engineering-prod
-          url: https://kubernetes.default.svc
-          env: prod
-      # The generator's template field takes precedence over the spec's template fields
-      template:
-        metadata: {}
-        spec:
-          project: "default"
-          source:
-            revision: HEAD
-            repoURL: https://github.com/argoproj/argo-cd.git
-            # New path value is generated here:
-            path: 'applicationset/examples/template-override/{{cluster}}-override'
-          destination: {}
-
-    selector:
-      matchLabels:
-        env: staging
-  # It is also possible to use matchExpressions for more powerful selectors
-  - clusters: {}
-    selector:
-      matchExpressions:
-        - key: server
-          operator: In
-          values:
-            - https://kubernetes.default.svc
-            - https://some-other-cluster
+  
\ No newline at end of file

From 01b48b8eba5845933ffd84852f506a74ac71bf96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 17 Jun 2025 10:42:51 -0400
Subject: [PATCH 006/383] chore(deps): bump
 github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus from 1.0.1
 to 1.1.0 (#23441)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c458004ef01dc..403831ba12149 100644
--- a/go.mod
+++ b/go.mod
@@ -54,7 +54,7 @@ require (
 	github.com/gorilla/handlers v1.5.2
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
 	github.com/gosimple/slug v1.15.0
-	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1
+	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0
 	github.com/hashicorp/go-retryablehttp v0.7.7
diff --git a/go.sum b/go.sum
index bc8d35b35ea94..cff33288e1610 100644
--- a/go.sum
+++ b/go.sum
@@ -503,8 +503,8 @@ github.com/gregdel/pushover v1.3.1/go.mod h1:EcaO66Nn1StkpEm1iKtBTV3d2A16SoMsVER
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI=
-github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1 h1:qnpSQwGEnkcRpTqNOIR6bJbR0gAorgP9CSALpRcKoAA=
-github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1/go.mod h1:lXGCsh6c22WGtjr+qGHj1otzZpV/1kwTMAqkwZsnWRU=
+github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0 h1:QGLs/O40yoNK9vmy4rhUGBVyMf1lISBGtXRpsu/Qu/o=
+github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0/go.mod h1:hM2alZsMUni80N33RBe6J0e423LB+odMj7d3EMP9l20=
 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2 h1:sGm2vDRFUrQJO/Veii4h4zG2vvqG6uWNkBHSTqXOZk0=
 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2/go.mod h1:wd1YpapPLivG6nQgbf7ZkG1hhSOXDhhn4MLTknx2aAc=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=

From 4013520c763ffae844bf12f82d6e355871b7d0ee Mon Sep 17 00:00:00 2001
From: Mason Liu <meteorainl@163.com>
Date: Tue, 17 Jun 2025 15:55:27 +0100
Subject: [PATCH 007/383] fix: #23041 Add resource support to 'argocd proj role
 add-policy/remove-policy' (#23213)

Signed-off-by: Mason Liu <fuyin.liu@fmr.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/project.go                |  2 +
 cmd/argocd/commands/project_role.go           | 42 ++++++++++++++++---
 .../commands/argocd_proj_role_add-policy.md   | 16 +++++++
 .../argocd_proj_role_remove-policy.md         | 17 ++++++++
 4 files changed, 72 insertions(+), 5 deletions(-)

diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go
index 3477d3eecb49e..bb3b5b04bc8c1 100644
--- a/cmd/argocd/commands/project.go
+++ b/cmd/argocd/commands/project.go
@@ -35,6 +35,7 @@ type policyOpts struct {
 	action     string
 	permission string
 	object     string
+	resource   string
 }
 
 // NewProjectCommand returns a new instance of an `argocd proj` command
@@ -91,6 +92,7 @@ func addPolicyFlags(command *cobra.Command, opts *policyOpts) {
 	command.Flags().StringVarP(&opts.action, "action", "a", "", "Action to grant/deny permission on (e.g. get, create, list, update, delete)")
 	command.Flags().StringVarP(&opts.permission, "permission", "p", "allow", "Whether to allow or deny access to object with the action.  This can only be 'allow' or 'deny'")
 	command.Flags().StringVarP(&opts.object, "object", "o", "", "Object within the project to grant/deny access.  Use '*' for a wildcard. Will want access to '<project>/<object>'")
+	command.Flags().StringVarP(&opts.resource, "resource", "r", "applications", "Resource e.g. 'applications', 'applicationsets', 'logs', 'exec', etc.")
 }
 
 func humanizeTimestamp(epoch int64) string {
diff --git a/cmd/argocd/commands/project_role.go b/cmd/argocd/commands/project_role.go
index d506afce9af21..4e4c4c898410d 100644
--- a/cmd/argocd/commands/project_role.go
+++ b/cmd/argocd/commands/project_role.go
@@ -19,11 +19,12 @@ import (
 	"github.com/argoproj/argo-cd/v3/util/errors"
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 	"github.com/argoproj/argo-cd/v3/util/jwt"
+	"github.com/argoproj/argo-cd/v3/util/rbac"
 	"github.com/argoproj/argo-cd/v3/util/templates"
 )
 
 const (
-	policyTemplate = "p, proj:%s:%s, applications, %s, %s/%s, %s"
+	policyTemplate = "p, proj:%s:%s, %s, %s, %s/%s, %s"
 )
 
 // NewProjectRoleCommand returns a new instance of the `argocd proj role` command
@@ -79,11 +80,26 @@ p, proj:test-project:test-role, applications, update, test-project/project, allo
 JWT Tokens:
 ID          ISSUED-AT                                EXPIRES-AT
 1696759698  2023-10-08T11:08:18+01:00 (3 hours ago)  <none>
+
+# Add a new policy to allow get logs to the project
+$ argocd proj role add-policy test-project test-role -a get -p allow -o project -r logs
+
+# Policy should be updated
+$  argocd proj role get test-project test-role
+Role Name:     test-role
+Description:
+Policies:
+p, proj:test-project:test-role, projects, get, test-project, allow
+p, proj:test-project:test-role, applications, update, test-project/project, allow
+p, proj:test-project:test-role, logs, get, test-project/project, allow
+JWT Tokens:
+ID          ISSUED-AT                                EXPIRES-AT
+1696759698  2023-10-08T11:08:18+01:00 (3 hours ago)  <none>
 `,
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 
-			if len(args) != 2 {
+			if len(args) != 2 || !rbac.ProjectScoped[opts.resource] {
 				c.HelpFunc()(c, args)
 				os.Exit(1)
 			}
@@ -98,7 +114,7 @@ ID          ISSUED-AT                                EXPIRES-AT
 			role, roleIndex, err := proj.GetRoleByName(roleName)
 			errors.CheckError(err)
 
-			policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object, opts.permission)
+			policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.resource, opts.action, proj.Name, opts.object, opts.permission)
 			proj.Spec.Roles[roleIndex].Policies = append(role.Policies, policy)
 
 			_, err = projIf.Update(ctx, &projectpkg.ProjectUpdateRequest{Project: proj})
@@ -122,6 +138,7 @@ Description:
 Policies:
 p, proj:test-project:test-role, projects, get, test-project, allow
 p, proj:test-project:test-role, applications, update, test-project/project, allow
+p, proj:test-project:test-role, logs, get, test-project/project, allow
 JWT Tokens:
 ID          ISSUED-AT                                EXPIRES-AT
 1696759698  2023-10-08T11:08:18+01:00 (3 hours ago)  <none>
@@ -129,6 +146,21 @@ ID          ISSUED-AT                                EXPIRES-AT
 # Remove the policy to allow update to objects
 $ argocd proj role remove-policy test-project test-role -a update -p allow -o project
 
+# The role should be removed now.
+$ argocd proj role get test-project test-role
+Role Name:     test-role
+Description:
+Policies:
+p, proj:test-project:test-role, projects, get, test-project, allow
+p, proj:test-project:test-role, logs, get, test-project/project, allow
+JWT Tokens:
+ID          ISSUED-AT                                EXPIRES-AT
+1696759698  2023-10-08T11:08:18+01:00 (4 hours ago)  <none>
+
+
+# Remove the logs read policy
+$ argocd proj role remove-policy test-project test-role -a get -p allow -o project -r logs
+
 # The role should be removed now.
 $ argocd proj role get test-project test-role
 Role Name:     test-role
@@ -142,7 +174,7 @@ ID          ISSUED-AT                                EXPIRES-AT
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 
-			if len(args) != 2 {
+			if len(args) != 2 || !rbac.ProjectScoped[opts.resource] {
 				c.HelpFunc()(c, args)
 				os.Exit(1)
 			}
@@ -157,7 +189,7 @@ ID          ISSUED-AT                                EXPIRES-AT
 			role, roleIndex, err := proj.GetRoleByName(roleName)
 			errors.CheckError(err)
 
-			policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object, opts.permission)
+			policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.resource, opts.action, proj.Name, opts.object, opts.permission)
 			duplicateIndex := -1
 			for i, policy := range role.Policies {
 				if policy == policyToRemove {
diff --git a/docs/user-guide/commands/argocd_proj_role_add-policy.md b/docs/user-guide/commands/argocd_proj_role_add-policy.md
index 36d2b4f07c55a..eaa5b6c4f70e8 100644
--- a/docs/user-guide/commands/argocd_proj_role_add-policy.md
+++ b/docs/user-guide/commands/argocd_proj_role_add-policy.md
@@ -35,6 +35,21 @@ JWT Tokens:
 ID          ISSUED-AT                                EXPIRES-AT
 1696759698  2023-10-08T11:08:18+01:00 (3 hours ago)  <none>
 
+# Add a new policy to allow get logs to the project
+$ argocd proj role add-policy test-project test-role -a get -p allow -o project -r logs
+
+# Policy should be updated
+$  argocd proj role get test-project test-role
+Role Name:     test-role
+Description:
+Policies:
+p, proj:test-project:test-role, projects, get, test-project, allow
+p, proj:test-project:test-role, applications, update, test-project/project, allow
+p, proj:test-project:test-role, logs, get, test-project/project, allow
+JWT Tokens:
+ID          ISSUED-AT                                EXPIRES-AT
+1696759698  2023-10-08T11:08:18+01:00 (3 hours ago)  <none>
+
 ```
 
 ### Options
@@ -44,6 +59,7 @@ ID          ISSUED-AT                                EXPIRES-AT
   -h, --help                help for add-policy
   -o, --object string       Object within the project to grant/deny access.  Use '*' for a wildcard. Will want access to '<project>/<object>'
   -p, --permission string   Whether to allow or deny access to object with the action.  This can only be 'allow' or 'deny' (default "allow")
+  -r, --resource string     Resource e.g. 'applications', 'applicationsets', 'logs', 'exec', etc. (default "applications")
 ```
 
 ### Options inherited from parent commands
diff --git a/docs/user-guide/commands/argocd_proj_role_remove-policy.md b/docs/user-guide/commands/argocd_proj_role_remove-policy.md
index 9de0fc478d170..d8ff627dbc8a4 100644
--- a/docs/user-guide/commands/argocd_proj_role_remove-policy.md
+++ b/docs/user-guide/commands/argocd_proj_role_remove-policy.md
@@ -18,6 +18,7 @@ Description:
 Policies:
 p, proj:test-project:test-role, projects, get, test-project, allow
 p, proj:test-project:test-role, applications, update, test-project/project, allow
+p, proj:test-project:test-role, logs, get, test-project/project, allow
 JWT Tokens:
 ID          ISSUED-AT                                EXPIRES-AT
 1696759698  2023-10-08T11:08:18+01:00 (3 hours ago)  <none>
@@ -25,6 +26,21 @@ ID          ISSUED-AT                                EXPIRES-AT
 # Remove the policy to allow update to objects
 $ argocd proj role remove-policy test-project test-role -a update -p allow -o project
 
+# The role should be removed now.
+$ argocd proj role get test-project test-role
+Role Name:     test-role
+Description:
+Policies:
+p, proj:test-project:test-role, projects, get, test-project, allow
+p, proj:test-project:test-role, logs, get, test-project/project, allow
+JWT Tokens:
+ID          ISSUED-AT                                EXPIRES-AT
+1696759698  2023-10-08T11:08:18+01:00 (4 hours ago)  <none>
+
+
+# Remove the logs read policy
+$ argocd proj role remove-policy test-project test-role -a get -p allow -o project -r logs
+
 # The role should be removed now.
 $ argocd proj role get test-project test-role
 Role Name:     test-role
@@ -44,6 +60,7 @@ ID          ISSUED-AT                                EXPIRES-AT
   -h, --help                help for remove-policy
   -o, --object string       Object within the project to grant/deny access.  Use '*' for a wildcard. Will want access to '<project>/<object>'
   -p, --permission string   Whether to allow or deny access to object with the action.  This can only be 'allow' or 'deny' (default "allow")
+  -r, --resource string     Resource e.g. 'applications', 'applicationsets', 'logs', 'exec', etc. (default "applications")
 ```
 
 ### Options inherited from parent commands

From 924680d067cbdc428e3705a08f9c529fbe12f22d Mon Sep 17 00:00:00 2001
From: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Date: Tue, 17 Jun 2025 11:19:50 -0400
Subject: [PATCH 008/383] chore: initial support for tilt based development
 (#22337) (#23002)

Signed-off-by: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .gitignore                            |   1 +
 Dockerfile.tilt                       |  62 ++++++
 Dockerfile.ui.tilt                    |   9 +
 Tiltfile                              | 282 ++++++++++++++++++++++++++
 docs/developer-guide/tilt.md          | 148 ++++++++++++++
 manifests/dev-tilt/kustomization.yaml | 141 +++++++++++++
 manifests/dev-tilt/namespace.yaml     |   4 +
 manifests/dev-tilt/ui-deployment.yaml |  24 +++
 manifests/dev-tilt/ui-service.yaml    |  10 +
 mkdocs.yml                            |   1 +
 10 files changed, 682 insertions(+)
 create mode 100644 Dockerfile.tilt
 create mode 100644 Dockerfile.ui.tilt
 create mode 100644 Tiltfile
 create mode 100644 docs/developer-guide/tilt.md
 create mode 100644 manifests/dev-tilt/kustomization.yaml
 create mode 100644 manifests/dev-tilt/namespace.yaml
 create mode 100644 manifests/dev-tilt/ui-deployment.yaml
 create mode 100644 manifests/dev-tilt/ui-service.yaml

diff --git a/.gitignore b/.gitignore
index b8aa4aaabcc6c..33698c9c5a1cc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ ui/dist/app/*
 !ui/dist/app/gitkeep
 site/
 *.iml
+.tilt-bin/
 # delve debug binaries
 cmd/**/debug
 debug.test
diff --git a/Dockerfile.tilt b/Dockerfile.tilt
new file mode 100644
index 0000000000000..6e1b2d4624763
--- /dev/null
+++ b/Dockerfile.tilt
@@ -0,0 +1,62 @@
+FROM docker.io/library/golang:1.24.1@sha256:c5adecdb7b3f8c5ca3c88648a861882849cc8b02fed68ece31e25de88ad13418 
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list
+
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    curl \
+    openssh-server \
+    nginx \
+    unzip \
+    fcgiwrap \
+    git \
+    git-lfs \
+    make \
+    wget \
+    gcc \
+    sudo \
+    zip \
+    tini \
+    gpg \
+    tzdata \
+    connect-proxy
+
+RUN go install github.com/go-delve/delve/cmd/dlv@latest
+
+COPY hack/install.sh hack/tool-versions.sh ./
+COPY hack/installers installers
+
+RUN ./install.sh helm && \
+    INSTALL_PATH=/usr/local/bin ./install.sh kustomize
+
+COPY hack/gpg-wrapper.sh \
+    hack/git-verify-wrapper.sh \
+    entrypoint.sh \
+    /usr/local/bin/
+
+# support for mounting configuration from a configmap
+WORKDIR /app/config/ssh
+RUN touch ssh_known_hosts && \
+    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts
+
+WORKDIR /app/config
+RUN mkdir -p tls && \
+    mkdir -p gpg/source && \
+    mkdir -p gpg/keys 
+
+COPY .tilt-bin/argocd_linux /usr/local/bin/argocd
+
+RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-applicationset-controller && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-commit-server
+
+# directory for Tilt restart file
+RUN mkdir -p /tilt
+
+# overridden by Tiltfile
+ENTRYPOINT ["/usr/bin/tini", "-s", "--", "dlv", "exec", "--continue", "--accept-multiclient", "--headless", "--listen=:2345", "--api-version=2"]
\ No newline at end of file
diff --git a/Dockerfile.ui.tilt b/Dockerfile.ui.tilt
new file mode 100644
index 0000000000000..bef84b99b8041
--- /dev/null
+++ b/Dockerfile.ui.tilt
@@ -0,0 +1,9 @@
+FROM node:20
+
+WORKDIR /app/ui
+
+COPY ui /app/ui
+
+RUN yarn install
+
+ENTRYPOINT ["yarn", "start"]
\ No newline at end of file
diff --git a/Tiltfile b/Tiltfile
new file mode 100644
index 0000000000000..31b57323a3fad
--- /dev/null
+++ b/Tiltfile
@@ -0,0 +1,282 @@
+load('ext://restart_process', 'docker_build_with_restart')
+load('ext://uibutton', 'cmd_button', 'location')
+
+# add ui button in web ui to run make codegen-local (top nav)
+cmd_button(
+    'make codegen-local',
+    argv=['sh', '-c', 'make codegen-local'],
+    location=location.NAV,
+    icon_name='terminal',
+    text='make codegen-local',
+)
+
+# add ui button in web ui to run make codegen-local (top nav)
+cmd_button(
+    'make cli-local',
+    argv=['sh', '-c', 'make cli-local'],
+    location=location.NAV,
+    icon_name='terminal',
+    text='make cli-local',
+)
+
+# detect cluster architecture for build
+cluster_version = decode_yaml(local('kubectl version -o yaml'))
+platform = cluster_version['serverVersion']['platform']
+arch = platform.split('/')[1]
+
+# build the argocd binary on code changes
+code_deps = [
+    'applicationset',
+    'cmd',
+    'cmpserver',
+    'commitserver',
+    'common',
+    'controller',
+    'notification-controller',
+    'pkg',
+    'reposerver',
+    'server',
+    'util',
+    'go.mod',
+    'go.sum',
+]
+local_resource(
+    'build',
+    'CGO_ENABLED=0 GOOS=linux GOARCH=' + arch + ' go build -gcflags="all=-N -l" -mod=readonly -o .tilt-bin/argocd_linux cmd/main.go',
+    deps = code_deps,
+    allow_parallel=True,
+)
+
+# deploy the argocd manifests
+k8s_yaml(kustomize('manifests/dev-tilt'))
+
+# build dev image
+docker_build_with_restart(
+    'argocd', 
+    context='.',
+    dockerfile='Dockerfile.tilt',
+    entrypoint=[
+        "/usr/bin/tini",
+        "-s",
+        "--",
+        "dlv",
+        "exec",
+        "--continue",
+        "--accept-multiclient",
+        "--headless",
+        "--listen=:2345",
+        "--api-version=2"
+    ],
+    platform=platform,
+    live_update=[
+        sync('.tilt-bin/argocd_linux_amd64', '/usr/local/bin/argocd'),
+    ],
+    only=[
+        '.tilt-bin',
+        'hack',
+        'entrypoint.sh',
+    ],
+    restart_file='/tilt/.restart-proc'
+)
+
+# build image for argocd-cli jobs
+docker_build(
+    'argocd-job', 
+    context='.',
+    dockerfile='Dockerfile.tilt',
+    platform=platform,
+    only=[
+        '.tilt-bin',
+        'hack',
+        'entrypoint.sh',
+    ]
+)
+
+# track argocd-server resources and port forward
+k8s_resource(
+    workload='argocd-server',
+    objects=[
+        'argocd-server:serviceaccount',
+        'argocd-server:role',
+        'argocd-server:rolebinding',
+        'argocd-cm:configmap',
+        'argocd-cmd-params-cm:configmap',
+        'argocd-gpg-keys-cm:configmap',
+        'argocd-rbac-cm:configmap',
+        'argocd-ssh-known-hosts-cm:configmap',
+        'argocd-tls-certs-cm:configmap',
+        'argocd-secret:secret',
+        'argocd-server-network-policy:networkpolicy',
+        'argocd-server:clusterrolebinding',
+        'argocd-server:clusterrole',
+    ],
+    port_forwards=[
+        '8080:8080',
+        '9345:2345',
+        '8083:8083'
+    ],
+)
+
+# track crds
+k8s_resource(
+    new_name='cluster-resources',
+    objects=[
+        'applications.argoproj.io:customresourcedefinition',
+        'applicationsets.argoproj.io:customresourcedefinition',
+        'appprojects.argoproj.io:customresourcedefinition',
+        'argocd:namespace'
+    ]
+)
+
+# track argocd-repo-server resources and port forward
+k8s_resource(
+    workload='argocd-repo-server',
+    objects=[
+        'argocd-repo-server:serviceaccount',
+        'argocd-repo-server-network-policy:networkpolicy',
+    ],
+    port_forwards=[
+        '8081:8081',
+        '9346:2345',
+        '8084:8084'
+    ],
+)
+
+# track argocd-redis resources and port forward
+k8s_resource(
+    workload='argocd-redis',
+    objects=[
+        'argocd-redis:serviceaccount',
+        'argocd-redis:role',
+        'argocd-redis:rolebinding',
+        'argocd-redis-network-policy:networkpolicy',
+    ],
+    port_forwards=[
+        '6379:6379',
+    ],
+)
+
+# track argocd-applicationset-controller resources
+k8s_resource(
+    workload='argocd-applicationset-controller',
+    objects=[
+        'argocd-applicationset-controller:serviceaccount',
+        'argocd-applicationset-controller-network-policy:networkpolicy',
+        'argocd-applicationset-controller:role',
+        'argocd-applicationset-controller:rolebinding',
+        'argocd-applicationset-controller:clusterrolebinding',
+        'argocd-applicationset-controller:clusterrole',
+    ],
+    port_forwards=[
+        '9347:2345',
+        '8085:8080',
+        '7000:7000'
+    ],
+)
+
+# track argocd-application-controller resources
+k8s_resource(
+    workload='argocd-application-controller',
+    objects=[
+        'argocd-application-controller:serviceaccount',
+        'argocd-application-controller-network-policy:networkpolicy',
+        'argocd-application-controller:role',
+        'argocd-application-controller:rolebinding',
+        'argocd-application-controller:clusterrolebinding',
+        'argocd-application-controller:clusterrole',
+    ],
+    port_forwards=[
+        '9348:2345',
+        '8086:8082',
+    ],
+)
+
+# track argocd-notifications-controller resources
+k8s_resource(
+    workload='argocd-notifications-controller',
+    objects=[
+        'argocd-notifications-controller:serviceaccount',
+        'argocd-notifications-controller-network-policy:networkpolicy',
+        'argocd-notifications-controller:role',
+        'argocd-notifications-controller:rolebinding',
+        'argocd-notifications-cm:configmap',
+        'argocd-notifications-secret:secret',
+    ],
+    port_forwards=[
+        '9349:2345',
+        '8087:9001',
+    ],
+)
+
+# track argocd-dex-server resources
+k8s_resource(
+    workload='argocd-dex-server',
+    objects=[
+        'argocd-dex-server:serviceaccount',
+        'argocd-dex-server-network-policy:networkpolicy',
+        'argocd-dex-server:role',
+        'argocd-dex-server:rolebinding',
+    ],
+)
+
+# track argocd-commit-server resources
+k8s_resource(
+    workload='argocd-commit-server',
+    objects=[
+        'argocd-commit-server:serviceaccount',
+        'argocd-commit-server-network-policy:networkpolicy',
+    ],
+    port_forwards=[
+        '9350:2345',
+        '8088:8087',
+        '8089:8086',
+    ],
+)
+
+# docker for ui
+docker_build(
+    'argocd-ui',
+    context='.',
+    dockerfile='Dockerfile.ui.tilt',
+    entrypoint=['sh', '-c', 'cd /app/ui && yarn start'], 
+    only=['ui'],
+    live_update=[
+        sync('ui', '/app/ui'),
+        run('sh -c "cd /app/ui && yarn install"', trigger=['/app/ui/package.json', '/app/ui/yarn.lock']),
+    ],
+)
+
+# track argocd-ui resources and port forward
+k8s_resource(
+    workload='argocd-ui',
+    port_forwards=[
+        '4000:4000',
+    ],
+)
+
+# linting
+local_resource(
+    'lint',
+    'make lint-local',
+    deps = code_deps,
+    allow_parallel=True,
+)
+
+local_resource(
+    'lint-ui',
+    'make lint-ui-local',
+    deps = [
+        'ui',
+    ],
+    allow_parallel=True,
+)
+
+local_resource(
+    'vendor',
+    'go mod vendor',
+    deps = [
+        'go.mod',
+        'go.sum',
+    ],
+)
+
diff --git a/docs/developer-guide/tilt.md b/docs/developer-guide/tilt.md
new file mode 100644
index 0000000000000..96751fe5a4440
--- /dev/null
+++ b/docs/developer-guide/tilt.md
@@ -0,0 +1,148 @@
+# Tilt Development
+
+[Tilt](https://tilt.dev/) provides a real-time web UI that offers better visibility into logs, health status, and dependencies, making debugging easier compared to relying solely on terminal outputs. With a single `tilt up` command, developers can spin up all required services without managing multiple processes manually, simplifying the local development workflow. Tilt also integrates seamlessly with Docker and Kubernetes, allowing for efficient container-based development. Unlike goreman, which lacks dynamic config reloading, Tilt can detect and apply changes to Kubernetes YAML and Helm charts without full restarts, making it more efficient for iterative development.
+
+### Prerequisites
+* kubernetes environment (kind, minikube, k3d, etc.)
+* tilt (`brew install tilt`)
+* kustomize
+* kubectl
+
+### Running
+1. Spin up environment by running `tilt up` in the root directory of the repo
+    * Resources will be deployed into the `argocd` namespace in the cluster that your `kubeconfig` is currently pointed to. 
+
+2. Use `ctrl+c` to close tilt which stops watching files for changes and closes port-forwards. Everything deployed to the local cluster will be left in tact and continue to run. Run `tilt up` again to start up another session and pick up where you left off.   
+
+### Cleanup
+To remove all deployed resources in your local cluster including CRDs, run `tilt down` from the root of the repo. 
+
+### Port Forwarding
+Port forwarding is automatically setup from the cluster to localhost host for the folling ports:
+
+| Deployment | API | Metrics | Webhook | Debug |
+|------------|-----|---------|---------|-------|
+| argocd-server | 8080 | 8083 | | 9345 |
+| argocd-repo-server | 8081 | 8084 | | 9346 |
+| argocd-redis | 6379 | | | |
+| argocd-applicationset-controller | | 8085 | 7000 | 9347 |
+| argocd-application-controller | | 8086 | | 9348 |
+| argocd-notifications-controller | | 8087 | | 9349 |
+| argocd-commit-server | 8089 | 8088 | | 9350 |
+
+### Debugging ArgoCD
+Each deployed pod running ArgoCD components uses delve to expose a debug port. Tilt is configured to forward each of those ports locally to `localhost`. IDEs can attach to the corresponding application to set break points and debug code running inside the cluster. 
+
+| Deployment | Debug Host Port |
+|-----------|------------|
+| argocd-server | localhost:9345 |
+| argocd-repo-server | localhost:9346 |
+| argocd-applicationset-controller | localhost:9347 |
+| argocd-application-controller | localhost:9348 |
+| argocd-notifications-controller | localhost:9349 |
+| argocd-commit-server | localhost:9350 |
+
+
+#### VS Code
+Add a `.vscode/launch.json` file with these configurations to support attaching to running pods corresponding to the service. 
+
+
+```json
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Connect to server",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "${workspaceFolder}",
+            "port": 9345,
+            "host": "127.0.0.1"
+        },
+        {
+            "name": "Connect to repo-server",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "${workspaceFolder}",
+            "port": 9346,
+            "host": "127.0.0.1"
+        },
+        {
+            "name": "Connect to applicationset-controller",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "${workspaceFolder}",
+            "port": 9347,
+            "host": "127.0.0.1"
+        },
+        {
+            "name": "Connect to application-controller",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "${workspaceFolder}",
+            "port": 9348,
+            "host": "127.0.0.1"
+        },
+        {
+            "name": "Connect to notifications-controller",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "${workspaceFolder}",
+            "port": 9349,
+            "host": "127.0.0.1"
+        },
+        {
+            "name": "Connect to commit-server",
+            "type": "go",
+            "request": "attach",
+            "mode": "remote",
+            "remotePath": "${workspaceFolder}",
+            "port": 9350,
+            "host": "127.0.0.1"
+        }
+    ]
+}
+```
+
+#### Goland
+Add a `.run/remote-debugging.run.xml` file with these configurations to support attaching to running pods corresponding to the service. 
+
+```xml
+<component name="ProjectRunConfigurationManager">
+    <configuration default="false" name="Connect to server" type="GoRemoteDebugConfigurationType" factoryName="Go Remote" focusToolWindowBeforeRun="true" port="9345">
+        <option name="disconnectOption" value="LEAVE" />
+        <disconnect value="LEAVE" />
+        <method v="2" />
+    </configuration>
+    <configuration default="false" name="Connect to repo-server" type="GoRemoteDebugConfigurationType" factoryName="Go Remote" focusToolWindowBeforeRun="true" port="9346">
+        <option name="disconnectOption" value="LEAVE" />
+        <disconnect value="LEAVE" />
+        <method v="2" />
+    </configuration>
+    <configuration default="false" name="Connect to applicationset-controller" type="GoRemoteDebugConfigurationType" factoryName="Go Remote" focusToolWindowBeforeRun="true" port="9347">
+        <option name="disconnectOption" value="LEAVE" />
+        <disconnect value="LEAVE" />
+        <method v="2" />
+    </configuration>
+    <configuration default="false" name="Connect to application-controller" type="GoRemoteDebugConfigurationType" factoryName="Go Remote" focusToolWindowBeforeRun="true" port="9348">
+        <option name="disconnectOption" value="LEAVE" />
+        <disconnect value="LEAVE" />
+        <method v="2" />
+    </configuration>
+    <configuration default="false" name="Connect to notifications-controller" type="GoRemoteDebugConfigurationType" factoryName="Go Remote" focusToolWindowBeforeRun="true" port="9349">
+        <option name="disconnectOption" value="LEAVE" />
+        <disconnect value="LEAVE" />
+        <method v="2" />
+    </configuration>
+    <configuration default="false" name="Connect to commit-server" type="GoRemoteDebugConfigurationType" factoryName="Go Remote" focusToolWindowBeforeRun="true" port="9350">
+        <option name="disconnectOption" value="LEAVE" />
+        <disconnect value="LEAVE" />
+        <method v="2" />
+    </configuration>
+</component>
+```
\ No newline at end of file
diff --git a/manifests/dev-tilt/kustomization.yaml b/manifests/dev-tilt/kustomization.yaml
new file mode 100644
index 0000000000000..d5eb1926caa15
--- /dev/null
+++ b/manifests/dev-tilt/kustomization.yaml
@@ -0,0 +1,141 @@
+# This manifest is used by Tilt to deploy the argocd resources to the cluster.
+namespace: argocd
+
+resources:
+  - namespace.yaml
+  - ui-deployment.yaml
+  - ../cluster-install-with-hydrator
+
+patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-server
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/image
+        value: argocd
+      - op: remove
+        path: /spec/template/spec/containers/0/securityContext
+      - op: add
+        path: /spec/template/spec/containers/0/ports/0
+        value:
+          name: debug
+          containerPort: 2345
+
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-repo-server
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/image
+        value: argocd
+      - op: replace
+        path: /spec/template/spec/initContainers/0/image
+        value: argocd-job
+      - op: remove
+        path: /spec/template/spec/containers/0/securityContext
+      - op: remove
+        path: /spec/template/spec/initContainers/0/securityContext
+      - op: add
+        path: /spec/template/spec/containers/0/ports/0
+        value:
+          name: debug
+          containerPort: 2345
+
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-commit-server
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/image
+        value: argocd
+      - op: remove
+        path: /spec/template/spec/containers/0/securityContext
+      - op: add
+        path: /spec/template/spec/containers/0/ports/0
+        value:
+          name: debug
+          containerPort: 2345
+
+  - target:
+      group: apps
+      version: v1
+      kind: StatefulSet
+      name: argocd-application-controller
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/image
+        value: argocd
+      - op: remove
+        path: /spec/template/spec/containers/0/securityContext
+      - op: add
+        path: /spec/template/spec/containers/0/ports/0
+        value:
+          name: debug
+          containerPort: 2345
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-dex-server
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/initContainers/0/image
+        value: argocd-job
+      - op: remove
+        path: /spec/template/spec/initContainers/0/securityContext
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-notifications-controller
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/image
+        value: argocd
+      - op: remove
+        path: /spec/template/spec/containers/0/securityContext
+      - op: remove
+        path: /spec/template/spec/securityContext
+      - op: add
+        path: /spec/template/spec/containers/0/ports
+        value:
+          - name: debug
+            containerPort: 2345
+          - name: metrics
+            containerPort: 9001
+
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-applicationset-controller
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/image
+        value: argocd
+      - op: remove
+        path: /spec/template/spec/containers/0/securityContext
+      - op: add
+        path: /spec/template/spec/containers/0/ports/0
+        value:
+          name: debug
+          containerPort: 2345
+
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: argocd-redis
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/initContainers/0/image
+        value: argocd-job
+      - op: remove
+        path: /spec/template/spec/initContainers/0/securityContext
diff --git a/manifests/dev-tilt/namespace.yaml b/manifests/dev-tilt/namespace.yaml
new file mode 100644
index 0000000000000..a040f2ba582a9
--- /dev/null
+++ b/manifests/dev-tilt/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd
diff --git a/manifests/dev-tilt/ui-deployment.yaml b/manifests/dev-tilt/ui-deployment.yaml
new file mode 100644
index 0000000000000..d98b7adad2cc0
--- /dev/null
+++ b/manifests/dev-tilt/ui-deployment.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-ui
+spec:
+  selector:
+    matchLabels:
+      app: argocd-ui
+  template:
+    metadata:
+      labels:
+        app: argocd-ui
+    spec:
+      containers:
+        - name: argocd-ui
+          image: argocd-ui
+          env:
+            - name: ARGOCD_API_URL
+              value: https://argocd-server
+            - name: ARGOCD_E2E_YARN_HOST
+              value: "0.0.0.0"
+          ports:
+            - containerPort: 4000
+              name: http
diff --git a/manifests/dev-tilt/ui-service.yaml b/manifests/dev-tilt/ui-service.yaml
new file mode 100644
index 0000000000000..76c9c08ce5665
--- /dev/null
+++ b/manifests/dev-tilt/ui-service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: argocd-ui
+spec:
+  selector:
+    app: argocd-ui
+  ports:
+    - port: 4000
+      targetPort: http
diff --git a/mkdocs.yml b/mkdocs.yml
index 76d82e85cf9e2..99a4585e10c7e 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -222,6 +222,7 @@ nav:
     - developer-guide/extensions/ui-extensions.md
     - developer-guide/extensions/proxy-extensions.md
   - developer-guide/faq.md
+  - developer-guide/tilt.md
 - faq.md
 - security_considerations.md
 - Support: SUPPORT.md

From 1dca653dd386ae5bbd13015a102aafa8d95caf18 Mon Sep 17 00:00:00 2001
From: Bob Du <i@bobdu.cc>
Date: Tue, 17 Jun 2025 23:23:51 +0800
Subject: [PATCH 009/383] docs: Clarify Google Directory API scope requirements
 in documentation (#23386)

Signed-off-by: Bob Du <i@bobdu.cc>
Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/user-management/google.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/user-management/google.md b/docs/operator-manual/user-management/google.md
index a23becd5917be..97242d743845d 100644
--- a/docs/operator-manual/user-management/google.md
+++ b/docs/operator-manual/user-management/google.md
@@ -162,7 +162,7 @@ Go through the same steps as in [OpenID Connect using Dex](#openid-connect-using
 ### Set up Directory API access
 
 1. Follow [Google instructions to create a service account with Domain-Wide Delegation](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
-   - When assigning API scopes to the service account assign **only** the `https://www.googleapis.com/auth/admin.directory.group.readonly` scope and nothing else. If you assign any other scopes, you won't be able to fetch information from the API
+   - When assigning API scopes to the service account, the scope must **strictly include** `https://www.googleapis.com/auth/admin.directory.group.readonly`. If you assign only the [broader scope] (https://www.googleapis.com/auth/admin.directory.group), you will not be able to retrieve data from the API
    - Create the credentials in JSON format and store them in a safe place, we'll need them later
 2. Enable the [Admin SDK](https://console.developers.google.com/apis/library/admin.googleapis.com/)
 

From 4860490cff05202431a5ec5be6d84d06e285639e Mon Sep 17 00:00:00 2001
From: Matthieu MOREL <matthieu.morel35@gmail.com>
Date: Tue, 17 Jun 2025 17:46:50 +0200
Subject: [PATCH 010/383] chore(lint): enable sloppyReassign rule from
 go-critic (#23443)

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .golangci.yaml                                 | 1 -
 cmpserver/plugin/config.go                     | 3 ++-
 server/application/application.go              | 6 ++++--
 server/applicationset/applicationset.go        | 9 ++++++---
 util/argo/normalizers/knowntypes_normalizer.go | 3 ++-
 util/cache/appstate/cache.go                   | 3 ++-
 util/db/cluster.go                             | 3 ++-
 util/db/repository.go                          | 3 ++-
 util/oci/client.go                             | 3 ++-
 9 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index a8f5b0e60cc3b..b7a09583ba328 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -64,7 +64,6 @@ linters:
         - importShadow
         - paramTypeCombine # Leave disabled, there are too many failures to be worth fixing.
         - rangeValCopy
-        - sloppyReassign
         - tooManyResultsChecker
         - unnamedResult
         - whyNoLint
diff --git a/cmpserver/plugin/config.go b/cmpserver/plugin/config.go
index ed1ee8b5ea122..cc6a1714cf97e 100644
--- a/cmpserver/plugin/config.go
+++ b/cmpserver/plugin/config.go
@@ -74,7 +74,8 @@ func ReadPluginConfig(filePath string) (*PluginConfig, error) {
 		return nil, err
 	}
 
-	if err = ValidatePluginConfig(config); err != nil {
+	err = ValidatePluginConfig(config)
+	if err != nil {
 		return nil, err
 	}
 
diff --git a/server/application/application.go b/server/application/application.go
index 53fcc093a497f..abfb718a6108d 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -1067,7 +1067,8 @@ func (s *Server) Patch(ctx context.Context, q *application.ApplicationPatchReque
 		return nil, err
 	}
 
-	if err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplications, rbac.ActionUpdate, app.RBACName(s.ns)); err != nil {
+	err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplications, rbac.ActionUpdate, app.RBACName(s.ns))
+	if err != nil {
 		return nil, err
 	}
 
@@ -2455,7 +2456,8 @@ func (s *Server) getUnstructuredLiveResourceOrApp(ctx context.Context, rbacReque
 		if err != nil {
 			return nil, nil, nil, nil, err
 		}
-		if err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplications, rbacRequest, app.RBACName(s.ns)); err != nil {
+		err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplications, rbacRequest, app.RBACName(s.ns))
+		if err != nil {
 			return nil, nil, nil, nil, err
 		}
 		config, err = s.getApplicationClusterConfig(ctx, app)
diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go
index 714137033b7e2..8cdf96b214f1a 100644
--- a/server/applicationset/applicationset.go
+++ b/server/applicationset/applicationset.go
@@ -122,7 +122,8 @@ func (s *Server) Get(ctx context.Context, q *applicationset.ApplicationSetGetQue
 	if err != nil {
 		return nil, fmt.Errorf("error getting ApplicationSet: %w", err)
 	}
-	if err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplicationSets, rbac.ActionGet, a.RBACName(s.ns)); err != nil {
+	err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplicationSets, rbac.ActionGet, a.RBACName(s.ns))
+	if err != nil {
 		return nil, err
 	}
 
@@ -248,7 +249,8 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre
 	if !q.Upsert {
 		return nil, status.Errorf(codes.InvalidArgument, "existing ApplicationSet spec is different, use upsert flag to force update")
 	}
-	if err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplicationSets, rbac.ActionUpdate, appset.RBACName(s.ns)); err != nil {
+	err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplicationSets, rbac.ActionUpdate, appset.RBACName(s.ns))
+	if err != nil {
 		return nil, err
 	}
 	updated, err := s.updateAppSet(ctx, existing, appset, true)
@@ -347,7 +349,8 @@ func (s *Server) ResourceTree(ctx context.Context, q *applicationset.Application
 	if err != nil {
 		return nil, fmt.Errorf("error getting ApplicationSet: %w", err)
 	}
-	if err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplicationSets, rbac.ActionGet, a.RBACName(s.ns)); err != nil {
+	err = s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplicationSets, rbac.ActionGet, a.RBACName(s.ns))
+	if err != nil {
 		return nil, err
 	}
 
diff --git a/util/argo/normalizers/knowntypes_normalizer.go b/util/argo/normalizers/knowntypes_normalizer.go
index 97a5362c6bd53..39f4dfc475b2a 100644
--- a/util/argo/normalizers/knowntypes_normalizer.go
+++ b/util/argo/normalizers/knowntypes_normalizer.go
@@ -102,7 +102,8 @@ func normalize(obj map[string]any, field knownTypeField, fieldPath []string) err
 					}
 					items[j] = newItem
 				} else {
-					if err = normalize(item, field, subPath); err != nil {
+					err = normalize(item, field, subPath)
+					if err != nil {
 						return err
 					}
 				}
diff --git a/util/cache/appstate/cache.go b/util/cache/appstate/cache.go
index 02f57f71b442f..f501b1c8c0895 100644
--- a/util/cache/appstate/cache.go
+++ b/util/cache/appstate/cache.go
@@ -88,7 +88,8 @@ func (c *Cache) GetAppResourcesTree(appName string, res *appv1.ApplicationTree)
 	if res.ShardsCount > 1 {
 		for i := int64(1); i < res.ShardsCount; i++ {
 			var shard appv1.ApplicationTree
-			if err = c.GetItem(appResourcesTreeKey(appName, i), &shard); err != nil {
+			err = c.GetItem(appResourcesTreeKey(appName, i), &shard)
+			if err != nil {
 				return err
 			}
 			res.Merge(&shard)
diff --git a/util/db/cluster.go b/util/db/cluster.go
index a0259d98ac31d..947f2b553e160 100644
--- a/util/db/cluster.go
+++ b/util/db/cluster.go
@@ -112,7 +112,8 @@ func (db *db) CreateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Clust
 		},
 	}
 
-	if err = clusterToSecret(c, clusterSecret); err != nil {
+	err = clusterToSecret(c, clusterSecret)
+	if err != nil {
 		return nil, err
 	}
 
diff --git a/util/db/repository.go b/util/db/repository.go
index 930afefd73c2f..651cecfb881b9 100644
--- a/util/db/repository.go
+++ b/util/db/repository.go
@@ -180,7 +180,8 @@ func (db *db) listRepositories(ctx context.Context, repoType *string, writeCreds
 	if err != nil {
 		return nil, err
 	}
-	if err = db.enrichCredsToRepos(ctx, repositories); err != nil {
+	err = db.enrichCredsToRepos(ctx, repositories)
+	if err != nil {
 		return nil, err
 	}
 
diff --git a/util/oci/client.go b/util/oci/client.go
index 641db5b0b8aa7..f5c8721dd5846 100644
--- a/util/oci/client.go
+++ b/util/oci/client.go
@@ -434,7 +434,8 @@ func saveCompressedImageToPath(ctx context.Context, digest string, repo oras.Rea
 	}
 
 	// Remove redundant ingest folder; this is an artifact from the oras.Copy call above
-	if err = os.RemoveAll(path.Join(tempDir, "ingest")); err != nil {
+	err = os.RemoveAll(path.Join(tempDir, "ingest"))
+	if err != nil {
 		return err
 	}
 

From b9f3696c2cb83ce216aab634a677e1f88529ce02 Mon Sep 17 00:00:00 2001
From: Oleksandr Tkachenko <44292573+korsar182@users.noreply.github.com>
Date: Tue, 17 Jun 2025 18:51:05 +0300
Subject: [PATCH 011/383] fix(ui): make Name column wider (argoproj#21080)
 (#21375)

Signed-off-by: Oleksandr Tkachenko <korsar182@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-details/application-resource-list.tsx     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ui/src/app/applications/components/application-details/application-resource-list.tsx b/ui/src/app/applications/components/application-details/application-resource-list.tsx
index 2230e31bacea1..53f92148d8a1d 100644
--- a/ui/src/app/applications/components/application-details/application-resource-list.tsx
+++ b/ui/src/app/applications/components/application-details/application-resource-list.tsx
@@ -59,12 +59,12 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
                     <div className='argo-table-list__head'>
                         <div className='row'>
                             <div className='columns small-1 xxxlarge-1' />
-                            <div className='columns small-2 xxxlarge-1'>NAME</div>
+                            <div className='columns small-2 xxxlarge-2'>NAME</div>
                             <div className='columns small-1 xxxlarge-1'>GROUP/KIND</div>
                             <div className='columns small-1 xxxlarge-1'>SYNC ORDER</div>
                             <div className='columns small-2 xxxlarge-1'>NAMESPACE</div>
                             {isSameKind && props.resources[0].kind === 'ReplicaSet' && <div className='columns small-1 xxxlarge-1'>REVISION</div>}
-                            <div className='columns small-2 xxxlarge-1'>CREATED AT</div>
+                            <div className='columns small-2 xxxlarge-2'>CREATED AT</div>
                             <div className='columns small-2 xxxlarge-1'>STATUS</div>
                         </div>
                     </div>
@@ -88,7 +88,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
                                             </div>
                                         </div>
                                         <Tooltip content={res.name} enabled={!!res.name}>
-                                            <div className='columns small-2 xxxlarge-1 application-details__item'>
+                                            <div className='columns small-2 xxxlarge-2 application-details__item'>
                                                 <span className='application-details__item_text'>{res.name}</span>
                                                 {res.kind === 'Application' && (
                                                     <Consumer>
@@ -128,7 +128,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
                                                     );
                                                 })}
                                         <Tooltip content={res.createdAt} enabled={!!res.createdAt}>
-                                            <div className='columns small-2 xxxlarge-1'>
+                                            <div className='columns small-2 xxxlarge-2'>
                                                 {res.createdAt && (
                                                     <span>
                                                         <Moment fromNow={true} ago={true}>

From 4c551d219e284c70ff2b496aeca53359d54d2e2a Mon Sep 17 00:00:00 2001
From: Tanner Stirrat <tstirrat@gmail.com>
Date: Tue, 17 Jun 2025 10:23:36 -0600
Subject: [PATCH 012/383] docs: Docs usage fix (#23450)

Signed-off-by: Tanner Stirrat <tstirrat@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/best_practices.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/user-guide/best_practices.md b/docs/user-guide/best_practices.md
index 718ab022f3e50..14cecb4ea292d 100644
--- a/docs/user-guide/best_practices.md
+++ b/docs/user-guide/best_practices.md
@@ -14,8 +14,8 @@ from your application source code, is highly recommended for the following reaso
    cleaner Git history of what changes were made, without the noise coming from check-ins due to
    normal development activity.
 
-3. Your application may be comprised of services built from multiple Git repositories, but is
-   deployed as a single unit. Oftentimes, microservices applications are comprised of services
+3. Your application may comprise services built from multiple Git repositories, but is
+   deployed as a single unit. Oftentimes, microservices applications comprise services
    with different versioning schemes, and release cycles (e.g. ELK, Kafka + ZooKeeper). It may not
    make sense to store the manifests in one of the source code repositories of a single component.
 

From 0c950f47b31f503ea791945e415e51f1547834ac Mon Sep 17 00:00:00 2001
From: Matthieu MOREL <matthieu.morel35@gmail.com>
Date: Tue, 17 Jun 2025 19:32:44 +0200
Subject: [PATCH 013/383] chore(lint): enable filepathJoin rule from go-critic
 (#23453)

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .golangci.yaml                                         | 1 -
 applicationset/services/scm_provider/aws_codecommit.go | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index b7a09583ba328..62b8e31e12bea 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -59,7 +59,6 @@ linters:
         - deferInLoop
         - exitAfterDefer
         - exposedSyncMutex
-        - filepathJoin
         - hugeParam
         - importShadow
         - paramTypeCombine # Leave disabled, there are too many failures to be worth fixing.
diff --git a/applicationset/services/scm_provider/aws_codecommit.go b/applicationset/services/scm_provider/aws_codecommit.go
index 6c5f106573d9a..acc80a1076327 100644
--- a/applicationset/services/scm_provider/aws_codecommit.go
+++ b/applicationset/services/scm_provider/aws_codecommit.go
@@ -340,7 +340,7 @@ func toAbsolutePath(path string) string {
 	if filepath.IsAbs(path) {
 		return path
 	}
-	return filepath.ToSlash(filepath.Join("/", path))
+	return filepath.ToSlash(filepath.Join("/", path)) //nolint:gocritic // Prepend slash to have an absolute path
 }
 
 func createAWSDiscoveryClients(_ context.Context, role string, region string) (*resourcegroupstaggingapi.ResourceGroupsTaggingAPI, *codecommit.CodeCommit, error) {

From e1afcfee98e25514a2d8dfeac6eb8087e2aca681 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fl=C3=A1vio=20Roberto=20Santos?= <flavio.barata@gmail.com>
Date: Tue, 17 Jun 2025 18:33:45 +0100
Subject: [PATCH 014/383] docs: Explain repo definition for source hydrators
 (#23454)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Flávio Santos <flavios@spotify.com>
Co-authored-by: Flávio Santos <flavios@spotify.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/source-hydrator.md | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md
index 06a59f8019cae..0a13d7c93d776 100644
--- a/docs/user-guide/source-hydrator.md
+++ b/docs/user-guide/source-hydrator.md
@@ -6,12 +6,9 @@ Tools like Helm and Kustomize allow users to express their Kubernetes manifests
 (keeping it DRY - Don't Repeat Yourself). However, these tools can obscure the actual Kubernetes manifests that are
 applied to the cluster.
 
-The "rendered manifest pattern" is a way to push the hydrated manifests to git before syncing them to the cluster. This
+The "rendered manifest pattern" is a feature of Argo CD that allows users to push the hydrated manifests to git before syncing them to the cluster. This
 allows users to see the actual Kubernetes manifests that are applied to the cluster.
 
-The source hydrator is a feature of Argo CD that allows users to push the hydrated manifests to git before syncing them
-to the cluster.
-
 ## Enabling the Source Hydrator
 
 The source hydrator is disabled by default.
@@ -49,7 +46,7 @@ With hydrator:    https://raw.githubusercontent.com/argoproj/argo-cd/stable/mani
 
 ## Using the Source Hydrator
 
-To use the source hydrator, you must first install a push secret. This example uses a GitHub App for authentication, but
+To use the source hydrator, you must first install a push and a pull secret. This example uses a GitHub App for authentication, but
 you can use [any authentication method that Argo CD supports for repository access](../operator-manual/declarative-setup.md#repositories).
 
 ```yaml
@@ -61,6 +58,22 @@ metadata:
   labels:
     argocd.argoproj.io/secret-type: repository-write
 type: Opaque
+stringData:
+  url: "https://github.com"
+  type: "git"
+  githubAppID: "<your app ID here>"
+  githubAppInstallationID: "<your installation ID here>"
+  githubAppPrivateKey: |
+    <your private key here>
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-pull-secret
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: repository
+type: Opaque
 stringData:
   url: "https://github.com"
   type: "git"
@@ -70,10 +83,11 @@ stringData:
     <your private key here>
 ```
 
-The label `argocd.argoproj.io/secret-type: repository-write` causes this Secret to be used for pushing manifests to git
-instead of pulling from git.
+The only difference between the secrets above, besides the resource name, is that the push secret contains the label
+`argocd.argoproj.io/secret-type: repository-write`, which causes the Secret to be used for pushing manifests to git
+instead of pulling from git. Argo CD requires different secrets for pushing and pulling to provide better isolation.
 
-Once your push secret is installed, set the `spec.sourceHydrator` field of the Application. For example:
+Once your secrets are installed, set the `spec.sourceHydrator` field of the Application. For example:
 
 ```yaml
 apiVersion: argoproj.io/v1alpha1

From 4b49708b4323e4b719719cd9d3d51ab126394903 Mon Sep 17 00:00:00 2001
From: Yann Soubeyrand <8511577+yann-soubeyrand@users.noreply.github.com>
Date: Tue, 17 Jun 2025 20:18:24 +0200
Subject: [PATCH 015/383] chore: move OIDC PKCE support from UI to backend
 (#21729)

Signed-off-by: Yann Soubeyrand <8511577+yann-soubeyrand@users.noreply.github.com>
Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../assets/keycloak-configure-client-pkce.png | Bin 103126 -> 161221 bytes
 docs/operator-manual/upgrading/3.0-3.1.md     |  18 ++
 docs/operator-manual/user-management/index.md |   7 +-
 .../user-management/keycloak.md               |   1 -
 server/server_test.go                         |   2 +-
 ui/package.json                               |   1 -
 ui/src/app/app.tsx                            |  20 +-
 ui/src/app/login/components/login.tsx         |  16 +-
 ui/src/app/login/components/pkce-verify.scss  |   8 -
 ui/src/app/login/components/pkce-verify.tsx   |  47 -----
 ui/src/app/login/components/utils.ts          | 177 ------------------
 ui/src/app/shared/models.ts                   |   4 -
 ui/yarn.lock                                  |   5 -
 util/dex/config.go                            |   2 +-
 util/oidc/oidc.go                             |  45 +++--
 util/oidc/oidc_test.go                        |  84 +++++++--
 util/session/sessionmanager_test.go           |   2 +-
 util/settings/settings.go                     |   7 +
 util/test/testutil.go                         |  13 +-
 19 files changed, 146 insertions(+), 313 deletions(-)
 delete mode 100644 ui/src/app/login/components/pkce-verify.scss
 delete mode 100644 ui/src/app/login/components/pkce-verify.tsx
 delete mode 100644 ui/src/app/login/components/utils.ts

diff --git a/docs/assets/keycloak-configure-client-pkce.png b/docs/assets/keycloak-configure-client-pkce.png
index 6b6e50cefc8c1fecb8bcff0ae2b4544999ee08e8..0aff85f5322bf4a2eb7aff66bbbc1590efd7a4fa 100644
GIT binary patch
literal 161221
zcmeFZXH-;a7cPimCYeA10Z|YoOU|eWNS2&IB<Gxyih_a!ksuk#sQ`&WQ6M6cGgOg-
zfaFY(!|dvA`}^k3x_7PlG4o^Qx@hg9PSrW*eRp{Fv!8w5J(ZUvx<GLO4-bz>>d9jz
zJiIflczCC@&z*ta+(y3Egnv#sK9W*72Y<ZI8NG$q<WAxmPRh0>POb(H#(1VSw${ch
zj)o4##x{;-woWVfH6n1(UED!p4#oyf=C(FBRm`o8@hps;S#RFwylHLV;CPdRor4=*
z2ypQWaPj%;;Zx$_-Nci6{7}U$esRRrNmX_9c&(#?8};z=<wsI!x2c>8Q<87KMQyVN
z8s`bkzW1Xtl{g%bq(X{BU9xkty8HHY<gI$V&sPMp!yYvwX0|0A*ecR4hSAM>*Pvrd
ze<vb4M)%``S~NE%_D3Wf9E$G2CI0>ArmW_m2mYT|cn`F1vH$z(fyV9skG&`^#h&S8
zuVdG;vgzT{wzBzi-!H}}PZrmy%(N$vUb*7fIOANQqgCT`NSk!+&k^I>f!`L{uac6c
z_x7r2G6z%}npj!oNlQzssHiwK&fx6juRlA&zX*%#-uGFk7U-e0=$Hwf$jDfBMTP!(
zAFqbtlu1C$*3wYRgk8xjMORnXeCKDep!^emj#%}4_{`<{7cE3{W20GQX{FO#N@HWA
znkK=Y1IFznp1FKtClu2~x<roH*p_l<bNst!VOG|t6TNTWzgJOGQt}(yWmbz6XOJpw
z2+@>N{^A*E{K>>`GFMrk<?^}F0}=jp9vPzda#B)?4<Ei{WMm|s`1t1}cn8%NKT+KY
z;rn$?6M;Tc!}R0{CVaF(hQp{af`wieKdN16K4TjDGpelP>9RS7k(;~p_bYQo`@x{V
zehuF|gX;pn-rg>GUVmZt@JQ_V>AzoFgI{7KL`cWLz$740S-Vn27Kb(>ju?9$IrjWR
z-}4Wd-j!%#VYv)?u4fy3shch4ycV7+;lt_l90;Bm9;8c>eS+8h^F-}5<mA~ue*7SF
zXZ`cdFUI`T5bTsfZiR5;T28?Ug0AxzeP8P?Zese(o@_mo$2|^?qET0$p59*(iHxB+
z=aG5-w313i!y)G)(_B;yl0>tIqEL~Bl*mnWW1Vn1v4yJ$5s?C;(x&(C)v#fg<_nGF
z{XA#KYHEs#i;a1@e|<?wdBhqm^X1EzqM@Z)d+Jb0&#guCRqB8`MYdC$yIzb;Odk!d
zOFuE=`^G7!oMGO~{@!E%KA~88db)!^0{qa9MMg$)SNci?1_cqs^vrDZS&Exq_rG=P
z)|4IJ)hkz0fBbl?iBKaYCC#p?(t%U4M(2(W`y1T7bLWl`?z3lAOHIFMT)lMZb6Of5
zcD|2k$4bz3xi?=IIpt6>h4mn@Xvgc}Qq|QRncBZFT)yI&pOa(ZRMj&VVQ`%mBSanQ
zB{Ftm>5q-SK%2n6@E#t=(mWa%7$7<$7N8_9{^ktvjs6tN8`2#@8}I!|X!KSp&0`1E
z^s<Y8=l8L?%01{7p%)jY3JIgrq(@=85VV&(#bPQV)#UokqieSIMeDUxt$S5Ii#HVn
z7)nQ2jR=meY`4G<EXIWV2>Wz;v|jgna?Z`o9)(=nvFh4RGq{n;nM6+tul%z#UQhkb
zk`SMF{oRpNP;-2^68P?2*N|<E?h18M2SaGX?a+oRRtj@2NWX^>Z6-Z!ykmKJdCViu
z7+u<JpViv4dj}gGl*2M6CK-1W5}EtX@Tujh29dFJTNa?mZcN(oIc*J?E;QZ_ReAL2
z6*HO4s_>4N$gY<Ntho7fbL8HyAhs#^?rm7_`Re`Uk3&mQ_0K<a%=8p@h~&O{_3F%a
z&!<t8r{(H+t+awdblpVOwZA@o^{UxGk+D{ln|<*Nm5A3@e?szG<wH~l2+_k$<)z_@
z;->xZj~}@`HfP60WP5s%E7e2e{mUar%f>L;A`RyC{lnTZ`{m&ZMm9FvExkXH!HfW*
zWq|HBh)I*srlbz>C#K3V3>7ZZW4|Ruour^p&`jWO>=Hy<tgE%UZ<r!W^p3}<Z?x<^
z!_Oy&w`Ey!d8R&=<TMxPb&*xbibWR9a;wK5G1!D!IWtyRmBoslBnwLK3cQURVU;Qx
zu!5_A9}dFQT24&7eC8dw*tFD85dou7>;h(?VkYsUc`UqN%a6am>Vc}QSaLxU)}8Yq
zR=IonI|>fTEi8OGH#b-7+z>*QOXGW>2sV%1;<D(?8u!Q{O03@f9XCEx?Y%!=)WWK)
zqoafJ#6R&7Vy1;fj*_x6x83*yZ`eJpViUPla#hO8(;{c{xg}*~-~WWKOBD7zQ^2i~
zU{b0T85NaLQo`lDGOEjI+OA@3Z2Zwt@J7h9bgl97GA)F_#Oo`Y69F_l?zT76RF+nH
zHR^RFB>c~iP&3!DPi^eJdO46H9(1ndPY9_Yh&Mp{-;s~+e>Q6rn^8TYn4(a&ctKCF
z$dQ3`DD_p+iq%R_wd)|!95zHxyzeLnS(UM#yRGJi!1kB48%B<;M0d;(oS&!2;jlE*
zrw(Pf{^|7hh)NseQdw9ae;qrdinIV4pRamfCpUI+hNWueJaqqz$XT>f!m}KRCM#7N
z@=v~D@^uA+X+*0>ea;Y3Tpd<OR<hb!9B6K9i=<2Nn9r`9@Ta68Y@zrV5s`NO${jAP
zrmr<>0sEB)>n&p6iw@Uzz2<wfKeD1WyU+Ogd2dr(yQW^i@*L^1)LY>=b7uv+f0&b#
zqvY&dI&4!eM6H0j4;w`x;^kIIYJBsFZm~)5`uck8q3oYUDM^R08h77N;)&{0nf@YU
znV@#xtoKxcWnJIuSGE_Xx!o`PV6|6N+~amx@k9#L7M!?56u_}YraaT&fmJhaQ_vp2
zA4xr-o^Jj@y<3}9aZhH`M!c8J!cr;OBkOZ<{mJ~ABah(g_ixc{LI&#gBN55^_3Kwy
z#Yq+-{7GpU8C5kkwH09v1UjrN<YlJ`&aX<$K7jF45O)83Po8?3fXr;9(m6aWE9-88
z@6m4UzHE<*yL-j&)@=S37EVrO!=LZX*`0Fo@>C$n!L47Vq|BX~nhLY)dHy9!CYn{N
z%xd5zs!`wuaR6(@)a6nLLZgla`ZanBn1bk`B{db52(Zb%Oa+<&tFmW1kzrxUYm*I@
zaPHuI`-8QHmIW-2Mtwg*yZrEI<MO%tl;NK~WqlS4KofX7Iyk)QbN#cD2h=4N&s<he
z+hxBU0uZyaX1b1T+(bSz+xy&xjvvU#maL7Vdq4X%Ti}Pfs3~LU_9#%8nGN$tRi8;(
zta5nL9com5tvAovHAa-woAyO7-%Xg#8*A<`DdyHPCOaobaY2EZEU2Atk}$!soxj%d
zW!S=iX%dl|<7uv|qgDIM$l9B^71c+3mP9xBo{|NLLnwqF(*)<JqqR`qC*ct1vxun#
zUaLqPLeylucTe&0<JUGdhc39=PB!|Yp`xmqZr+n&esr))Ye^3wanQ0r75s^??x~($
zqDgza`-A-v^=MYzhz}nwIUsU!q;0ErGXetx=Yx;27=7n1@oT5Gm2-GD=Lbu3d8`Lj
zY`wtWySuv|oouM&;N<i(4dJG{7=jk=V7VzGqL&%(ApK-Ps)s8wIy!T4anYpaUywt5
zw#3K^-!#!Z1JKds1D*2I6KLVS*diy}J_Ssgn{|-Xd7o;=+5#u!{2GL(=2W`e?0_Mp
zpXl<sMU#Fe{aAVaxeCfT3b*8?Q}lBY%JN-seKZbjE8CXM5%>0{qxFg1s(&{(HFX7&
zGNld9Y`Y0jus?gThh4~oM62u2L{DolP-Z>!iWc+Y1pcG;O^AhBr52IY?o%H;3}Wb(
zMp4?hbO~{e(t7x-qJqe-(MQ@}N296r&$~2D6G$&p?;ZMhZ+1x%`5T9qxNn%CAR=P5
zZij%|*D_Wd9qwZ+>ouZ#=6V$+srsfw5NehvQ+vJ}0>3{QzVajnHw>yiKH9%C^JhuM
z?H)fvH^W+P&WIjY)N<Ax_|%BBvZ%yl-kB=YW?__GzExoHD6(2!nU{XoXwgw2dF0s(
z^H_m<-Ko@DD1#=}a&`3JolyD=akePQoX?dh-nlhfL^@kU3Xt;iwQW({8s=BC96T2g
z<*`&zF&P79q$<jAj-%ZUUvMp1uqXHtNm6hfwhw3*-X8X#?QV_X^y_d04+-#^S##U0
zJxh~SQc}`|1>6C~k`3E;r(daPS<g!(NrzP(wL;MiKE|KW9%czCdeAoL$H9Tu^wiXA
z9Y=wL`Tj44joi6?Ir0etZw~at#l>ki_Ps=~iv!A+E?o-FFSkXC2h@H3s34+gZ*R{*
zc)LHRI63(N!8KN)tZ$_Mc;JgNbPfwSt*(7NDJ{#gmxz8L%P825hr67fot4(3sxkqH
z@wW2oElLcX>$_gHonR0xTy5hs=cIf?3ec}p%%r+aLO-(-mv3n#6vc|5^h_}J#L@l|
zT*D!3?52iGdvw{#newq*=HZYH&o7O7ZO9#N*Bo1K39h*b&5s~m{SXxRE7>V2DYba*
zTylr2btD3Zn?30QrU)VmuDeFn-@iX%(XSTTaUWBA3lNNUCXedv1C5Nq<}ZgR-o7)L
z&fBK3Caa63hfPgQ=lPG@*$KrZB?I1*vp;))y1Ce+AgT&bN5FahYMxT@&=N$?TntY!
zYi=KfSK_7H5_d&JM5gxF*B#p8cng{=c>V+?Vp9agCva$pzd7W$Nnmx~Kw$$I+As3M
zhtHhte5s?(1(;lmP<3D3N=<5Cx!J2LPFZw^=VD5+Mq;-P1o)eoYJ6=U7{axQ67jQs
z&+SPO+DqwXRqjq<6!T6!9Gu>2Vwel&2soqB;@7A7GVt@a`290CUltditkoHBEw1b{
zIDPtbtgz>n4}NN;V-C+-^83#pr%pCEH<!4r{W_E6{JS+qV5{Gdl#&wQ+z5M7Wu=zy
z@&1^fCD@BcpD9tPfslrC$92p1BR0_uljr?2{SC5`lan<!R{Fn)i6pV5?J=>iuxPmd
zb`s!rn(YkpbXgwGZf=%FXq8IipCLTAJ5#7%<0E&*<fSPf^mp&xVXO5~9?r!%^M4kJ
zPp8!48ISkgrbnc3fR>F-zPvEDmrQr^nefrhWG#=^%Lfe$*k&#{>s&kYhZBk8{hJ|k
zfgvtW!U<zMGIUD`lkO=bY`xhhFs7SZZ<I!`l{c{|uS?(Oi6g79WDKo#<S!XCRA%#R
z+cot!I3-s2;HwI6@`aKcRu&^uQ$}DNSp%k;RDonZ0Q)@vwK{K)xCWeh`ck+fNmL(z
zPwm?M`}eWG`-@E#P?l$N`3(%lhfDB68&V<TnY7WE8EEpd=MIg2vBczKweH!BR`Gu=
zH*SeC-&vhdTH2SAl~sW)PkpI-lg@h4b!DJ96T+LzQ)})&;FIr0$vn9U3ssbql8K2)
zP=S3Rwa<=$s=9j1v_p1fr9fJ+fklL}@N>&od9SmcL^fnftHsI2>H5Tpt*D4M<q`3n
zG|(Qe;hkP++tn)P(56&l#h{&YOTId+xcV(oI~Tw4w*|oDMhqD@3O4Zki}|vbR&Nci
zS7OoHeYxrdht;9}IsL@w47s>RIcf7E9WzP3)Es4>FZ^&>8l(#MK9w`L)d24L{L3j{
z(V%*V2Yt~lNZ~2Rkzx$M>`RxgtEsBuFn#Sxx%E&6EXp(bcnHSdUgF0QKC<S~PW46q
znw;z_w;eNCq52aq>WEA~m8O(hVk`iFQSdt$p;qF_#6E_~_FxIh?-ps(SZ`=X{K7Uq
zcZHnXxzy>PUh2_I-<Q3YJrrv@_RUb&y>zr~g!CZ3UqtnE8EQsLmr9vlJ3$*F9w0CF
zAA{x6QqJwO9CDofKfgeU2c=}~ec}KybshUR%QeSGckoe_q*5|b%w2HXuadS=1yxm5
zO%)J8M}79K<zhJKr-ZAvM?Go#j9<<;Ax9keZq$|@ZDxv^1565TAJb_=e9FzslVZhR
z>0u{KPfO#<?MC1%;86txBbo5amoMXTwbc;$4gzP+&mNdwmq2}E;pf)`UV?T3bGSiz
z4lUb5SQehQKXaRjNe0SGD;I64KTbi+0FeVwIHQP2wK%4~)KZ;OqBH@@ZdC2JRxUXr
z=|HsVVe#fG<ef&%rSQG}gK)(wAqV9GkG3UL&`92kc74LpEt9<1#%3XR3;g)B*}J3+
zu1YuC`G3xJ-Iotl(O$yAWCMlq_Z&T33kg_NUiOV$ufebOsTuMKIoI^u9)9@nq1GO}
zvWpv|lZw&vMAU8<t_<KZNcV7sW85J%WszY+hzA0HV`GEz2GV+n$9ZXxTO%EV(B_4W
zm9MX_uQ4ZSD}@|P<+=E!)^Soro4m|^^5@}bTx29YuD)C_i#1`N6<GUmWg6?@hY-Qv
z04u3(;-?}GC@Lz7NJyY^5biv>zdG{`@G#VJ%F@z-d)q5)JzRdiE;!7<@A&(`zx?Ds
zi}qm1tnb?*l$L7GpFa=E@6vkNP&)_-UC;N>`ENw%>*0{5H$qz>o88S8i9`k3qtBR$
z1pM~6<s6QhD9*3aD<G^3>$B)f(IwT=D{_se=N8lJJH@%g>?2H}&$@f);EBQx-a4bj
zx_5Z=Z1r+{W?2qw2I;kH3tf^ls!~$#mZ8oNhWi2D;iE<F2o5v0C5eirQ9XO62Y0Mw
z;F6`qdFIqs|0nSvvTRtt+QR1NUuItsuy)F@p?YV96%`c)pjerLw0^X|g4q|jNXH`y
zG4TQcL1cV9b5Q*)$QLj1&sr>?5!g|6-I$n|`JT*B$cjfIs;a8ZEiKAkURBQx4M}F-
zBY~m-4`)LFUuIJ-=qAiAIo?{byD^jd^{WQdjgZ9%vYFpQ;h+4_4_4c|(O2P*{b?!X
zo-u)QShh_QYjc{kc7C;=jEIfZT0!Q!)ZF=j#9B$oG5zFbozp<7_eI4fS!6J%`B|~j
zUnfesZ4#ToI7}_4S0-lTE9Z9Q%7luhtdd>p*C)}>52-7J5)YTTFWU4Of6;(S5y-U5
zLL^pD&BpRr$L3eg=Y%Eyu3X6P0i<)~a>(hNsChlXFuP3tE#9$$nxh;j5CT*>adoNh
z{?OPa;AwC}W{rB|@}bDs*c_((uaD$2mBXEetjp)>uj%Jq+dKWL@(^Jgn;`-Wfv)>>
zB(4A-uv+&(Q3!jKKw>Vj9x4l~u;z&aljHI^*m?GL4(l-u>)*tX)VSmV5mFCWDB1;H
zQk~O-%xAU?zi9M=i35J(;zKWB&kUJ(p!B@=m&ygEBb2XR`cmFz3U{Nbp^*h&%)NW?
zXGL$w^VQ`MMMOl*qP9nS5?n{g9fU8I4Tp_)VIp~^zgm8OAKWLBF4=dWVw@p9=9c0d
zl3LZZJ2q0HUB4V#SZ`3;+=VFE>Q#$&F5GjDK|H2bsCy{w$e5O=X6g5^6(Aw*{(IyF
zS$3Ec1f08nyt{&h)d?6@E+_qL9t$xx4T|29u~HmUg3zz2?pndOJe5;Mp{%Bs5v}i|
z$vf(1_{5BihNeJp`K#FO?k=!w%2234C<Dgq%H>xO<;+??-QNQ~$*<$-_JBkvHA{3$
z-|QX%8FMEZp&c0)m&>YK**LRt+OLqaLr590BqK936gQDTy!BRldqM@Mr&plP8qMTZ
z)<55utNQfm&A7G<DCwFlN}DIw8o`&y$SfwlzX@KhWhV?K=af*(<<?LIh}v)lzxbOV
z0{AUUh`<7Sv#EY7KiLVfOGD}qXn=hCdinA{EB&I5=%prQ%zZ<DdBG(vEU-VLu4+>1
zKi#>qvod1uby#M7#N1A50}M5jc$cVHm8s4SgDn5PfN2<#_DeDhAG9n_H=&M8L*9}h
zHS|dL%bEqWkf$9}va-EWb6g!FwEo1{$mmo94U`#Lh0k6BgGO_M@?7i54d=OTabQPB
zSEzjeoZqP-S<GGL*9#sfH1IQNizOutKH2fCc%b)-p``O-|9w6lJGABlP0g4nHht>#
z#h0CpE8D!g%o*m43=EP0_<`N|(k`-Z<-9!1&sPI{r@XwHgM$NV|K!r;L!TOe5gG0q
zzoo))7sP)fWPG16Pf<goe`;T=$mpFv5hWQR#mDgQtJkh&f@O!<zuXGlZ|>;8<f!I8
zI=Z2aP{UQL0OQlRZ~wD!<F225=3lC9K=pZ=$+JWuvU~2n9u=wL6`oJwQED*`SzA{3
z$zvzpedu~%<~+8ZFsP~9^QeoRFvdKA^b>c_d>4D_ujFlQUM};y?8??*n>&-CEwHK6
z4yW-Gfluirc(G-ztx-Oox9oYIUCy!Q#QVP>i6Ss2P^S28^m4l{>)`4&2jobw|D(Z~
z@_`cbkBOek{MMsY6{CE%_@>`a1CLlSVpE}$Kkfy*a8ITJ=GAF}Si<d-1~KNb9CFGP
z6%~8)xdpGRZ*p>SrVCh;!BXLP7cUnnTp<bg<kd<OJ0TU6Q?)DbUQTW<j>eru;&utb
zHe{k{7v%KDF0dIxd3aa<HL8cXYM(}Y_LqQ<wC&;sY9j@*<Y#dVp9&ePPFA{1v;}aC
zKn~2`%uPERu2bn|n$|2QMy))!w8c0$5k`kt6)5>>s!n2PJ5*y#uNteaqRAPW*2}8d
zoO}50Hlgyz+b&H8y{|cf6N>wunkjF`n#ZoY2|=g|J|iUPve>y$P?ImiT0xg~YY7)0
zd$X1Ow)?D4YeXAdFVaHP+TFEln_S~suqv#q?LOK$^g-xUC@BbIBY>3417<JBdw;7o
zu=v4SU`24A8XtdyMX&1XXpEIljlM`yfgT>k*RmBy^hg|Lp^rrLAlZ2Voei-MS6r>;
zarN;_wof~lZ~Si4LV1*y*^W^kh;VQyNlAHjWD%5DSjo#gPU^^n@+TLFpIS?R%+j*5
zg#N~D?g2s9*wBRrbyHb~8~3C%H8p{IRaaE(@|pP)8IxJaq3YUKASM0)CoOFjfK%E=
zIul1io@2aqD`nJK**_}YA>Cz@PdeNP`?Ze^eJ3~7#Hw{W>F#oag5RWLkEccbC2m7&
zvY=j6QdRq1fYMv#0_y>x6gp#EaxB_qc}<+<-`~|gR|E>M5281u%4{gEA;BpF#Lr#&
z3>}~5*47Bf{m?)HUIa50WA*3y#>egb2MnG;534rH!<n3;&vvwdak*bPf7Wexk=UAX
zBsGr?xrp2#MULl&tx*y1np@ADa2QH(xI>?t!o$ods~j`nNU7@!i}%{t8MX$;Tu}1b
zSQQI{cS17$+J-*+&&h7a<EjDb(9C+wx%e2YrxJLy88$rCBGiL*Pd3MTLfs@3=-4;U
z$$aSRDEIP+LuLHby$hZo<w)l=m8><;GXbGjb+!7(5BmE0N?QN07<dK<Rc#JEr!H}z
zh%AHhzql-E$t8)P#4%>)agbxZ@wV}o-VSzeo`4Gi*eFd;pXi=RC8V__UGdSbez;06
zt;}*3pHz6?jAC<?DhCBQu%22=gQW{$BL8;JzO6_BW-yC4xIW*N8gTi_6>aM_SXOg5
z3{gh?XEDD`WWklB*k_nqO#TdB->1w!WqBS4eoIUL9D+xz4xPM9P+~y_Ep66<Tr>#P
zS8m?vKS$W{-DVeTg`Q#4<Qla4pn(&|V;yeZ9em}_5ig*pIO&2cHK_9^)4eS!np8;m
z=dI)@1cLX)9#mx!Nl687-@X+SDaS0R>gkRCpSqIGPvqq@de8m&6rMp))cb#5oU=S-
z^1omFzqJNspLWv9M)C2I(JgGk1<De^77Nz@to{Ry&)@&uSv-T_Z~xO5R(>?Tf3yJq
z^P~RvJO8US{2y1xu5-OvXz=MQ?8mq(GzeuWd92L-?9I*A0WHH1={3w|!Nz#wVHKv`
zMs0~3a@w}3a-T9(R3`egMM)QelLAXVH>STo70^x<k$j%vPOgk#CbL9aKjr8^Uh9^;
zu%iKkRQJv`bgpBH7@JOaMg7(cAn}@Xh~RSz{Epn~X_o>+LM%RTLvsSia*?AQ!?r|W
z?Kf}UK%&O%tW7%qjxmKQTF<{rnnb5%W~0fXw5(ZcrFuUfz!a{4kO`-D8$W^jzO@FL
z=r%ORF(>q2TAoj=5dO{4JS$K;-%2;fMk1@|?(S~Mau)CGQcPx&)dEXNHpZ8+8=uql
zF3V{CLWpI-?eK)bvY}LS8CT1G!(8XO^Gn!H^0^}JFs+KJjAk95n2g@b<Q+YZ>(kpZ
zt_k5DvkYSaLrdsQg(C$)m*w7&1VQI5@<~AQ4o@)9|MQrRROhlD<igH&i2+8hfZk@Q
z^Mac9TKzQ-Xm>dE$nnlCLd!I5fyWq~rwI+07-%T=T3Dk0hB3ymCPA&oOXXuYNXa|q
z<rvgT@|WYh7|T>6X!S`H)rUZCgP6v{J3G-conE;hI>a^c+DMK(DgWI5Xs_k>cTFDF
zdLK+oq8pdEjU9UxepFYYJcE{3T1btXpOlo(Qk?KNXq<C;65iahZT8zVX(4YdlZn6L
zkXGApu*7^1cv$Bamh#!Ejdp@;I^_5(g3X_lws#pAGF9=50fInjTG@vl!a%zfowC8E
zU#)|yIlH+3_U_evG0|IiFX+rAvn4TArBdp|wwVnb%hxYQNpV|WED)_m9XX0crQGm6
z@b&Ira!KI#iLZ3ZHfPgRQpyPxNz70A^-GN7xYBt6*8^WzMy}*vi;@bjo9GPY9ql)X
z)cgA^5BSVWFL2_0o3QT6xUiJ7I{$NWh<8B#{`XNg4W8u+?0i(wwk)TVhpEq(#2Dq|
zDvr=RGO-5gOQ~n&6_g8zFNLQK--_N7jYyR;6fm={mU%O+H%*4@<>Y>(kdX8lEW%@9
z=DF~Zcw*U-ON$Bj=Hy;vcpAT}lX}DB0O~!f%+aF?4S(9*L#3LK50y((R}+Srws=uj
zkR$o_h7t=Kn)=WhYRk#X>2Bx|>FV#1$aTzoKgP8UToB^*>r*%&E0?IKwtb@@H@{LE
zD22YC!IU^84XwXN9~l&)z`lams<VJAX<WcE0%(K2U6*mRZbnvCY%!+HW+X>l&t06K
zpC90+Lxs*fP?XEn`!-N^XtqSNVIuA+msnz0D|A>BJeMm1-@os@q9F7+gi5e^$z|cq
zHN8%-tJ^?IK$kF>T3Em+*xzcbTDPETJ&=r9<7RYA`q!^~xQoPfSFh60=-VC~ZjTj&
zhhIjmekZ849P{2zz;SNSyjKqIg)}esiTxq))e&@n!WPm#%6G$NWkJINCmk3nv$nwG
zCoEUYPy<qw!|`{}JkJ5V*a8<b?AQ@W2i%?b;T~2nYwY6R+v|G+m!_n;Q--C}e+>39
z2(O2=?KTx%mh<w>9j(gAZKwW}9L|{3?&<Ew>dvB0aGV)!g+@K>8s?skb@p@}VD=B(
za^s%;pjvtSacOUSk6D+$Dk1;IsC;UYX6F0HNIhhV<!W_Dbo6|wySSE<J{z1xb$V-|
zqT;mHNBzS%d`>9{P~E#T@#)*52O2|Vw(7fy!m%4|<(0pRf{aVGNIXV~D0#A=zX6b0
zD0v^(NlfrsZ;Iu%jFRn%05}e{ysD;VHte`A0A*bFOpbSi4we?$N2)mpjRla-fOU(A
zOGq>WNbgRQs@xj1#O}@{<pTGPBUTc9_RNh<O&4G-&*cNZ;kR)btx@5SZc{mT$6bh8
zE}rj8Eviz7b;Nxp0nET-E<HLTCMFx$qlGUG)IC-18(cQSUk^oWfr>iX!_-*(`teTS
z_+Vq&p<;73HFUni_o(=2Bk33?py6|AkLUNm_NhZpAvY(75l6bj3OMH+9j^G|1RZ}}
z4-|FK*Ol)O*<U<?`lpe5@a1sL)8YhPY<kIHW<<Z(_V!&^dgq>Fn=Ze}9;f!?Q{?^;
z*Nyu!uOORNqV;w^-!(drW1wp>$v)pX*wDY(yGtI6H0kicXjY{w`3Z>Mqc8hyRs1AC
zd^=<rQVShTk*Oxq#rp}<&-Wp7MH)UsHIH(0b4mD^Kc<1!LDy~KjnWdoCDbo{MaC^$
z#?4ph88AYQNh02x%}fPmdz*7PSy^Fp=@}XGkTukejO1?4I|(>9(MM;cr9B=hx3zU>
zs}H)yBq%6o6pWK#^r`Fjm6-RuvRqt<RM-2^Fo_e`AX-~xrIbLzwh2`#4->N^a-?!P
zO4|uS`oebtwg{+EjEvH7EdU@HW?>6S$bI2GCZ4i8biv?!IDyRKqE%!>#G)(9-xmIw
zm$4NOFFY;eyo)ufOUn}HbRkdI$1gEF*O018bIM)R`Y1bQp6@9nJ_Cq2$wi{l#j;NB
z;|Ov@k;Rw~reYHsPM&%nSUrW+GdDw&O*}I>hWH~sOzpIF+?2}2<n@{Aw}yiP18}{o
z5lt|KyV6JNt8uqkS>?eUKaQ=4Ca(gY<U>1&$<s`I`}Q34*>oUqkdRxJYL&XJJx{Rv
zejX}%94i5|h$OgmE->YPF{Dhjv6nS&3kquET5@CL{-5b(qGo|MAgNde0&b&2bRjD>
z<U;mIWor%04JZ;+e4zWx#KaA>blA$G3o?pX^A^ym4v2i{uR|KjDJfAofBt-%)<1Q?
z#5+JNH>CswIJHP^YJS`1b)FwFjJ22S(GjUR$jH8)nLZk0rcP*^`MNP<h+Hc!hSr!~
zu++}MR!$pw5NxA}-3rq6Jvm`-9|m1#S>)L2DW&$DzF2IZ)$XB>l+xHJifevqj5;d2
z?1B}rRzR<)YiSKW>`;dK)+~Jxr<wvr>`A!D!KxT)=T}fAw3fM_eZ#XJERg~($!B#S
zR!LKHV3y(vgFIorB8Xf*Viv4d<BNX7f+^iTF_fj43OodItZ?n=f!g1@y)%i^jy?(Z
zcM4I0>=U~;El<=jf5#JF)g<E{B%X*qpJUQT_wKv!=lO>$Ue8`TBoW~<59#HLv!VWw
z7bi*AGR=)0thyz9pJ|2nv`Jqd>)}q1m%BH&s!g3gG5YP5kg*l-Hs?X}%sC(_yCB4*
zL)_1--RJ~C6_9CQdA+kjKy#_t+kcS=xiMhG$8GqNP%c40l_AkBh3<5R!anr*w~!d<
zC}#uHoGKA~K`nhLv~J=ls1ncx`oQ0lFn+Zdt44vWqS9q42imKLFIN63fn$R>|FY(<
zPjUfkAjxd=d*3o(%odhox88?OVPghWC;F^utor6U3NX}|qulV2Coc1!Za?4L)^umg
z-D=81=`F40CbxP%^>or8Qti#B`c#nCohw&w6Z3oY{vqeB>Geh5P&s=6s^->3#(=tf
zTEDYY-G#EH2A$C4&W4C23-m`JbV#SL=&Eaw*`Rkk;xc6IG5+#wY`p3Cx0k@T;E;{q
z(s{X_Uf@;$cv9amz3vaDX^gJE3&KD}#Y+b_fa}A(qvX!xw)#wynG7dOkb_-@?ihpy
z1n6sKA*2(zm&wKPK&Q{6X65ev`-<0eoj%|?7O>8zw&&N}RCH!!EAS1<hXA3HuK%f{
zaUTDW>emu3MUCv$su6iRMS7%3+@<Z#5w@w}A*<|V9nA369n|a!IXw0zs0$OR5|O!9
zRix-gqnU0P@-}M3qHBFA(qWK!Z+V%z=*F|YuG3;yoLly_otrEx*7xNOYX}79Hb~R=
z7Fwxr{(~<lZoa@;Zo<sc<!739?9Z!sg*{kk?lBQH--CDWSR9X3$Ev-tIGjauyc57$
zIeQD@*IhsxkhgJ77?7bjcL;BD@k?rH#o{=<5#Qs(SW(~VO4pVA?rtT7#+OHv4WSsw
zP<N#&7mHdp`wc_Qo5JZ~Bf23KmO#Syc&QjlExfrkWNW!T)f5;U+=o+_6#eWFJ<hWk
zsmz8j%%q;*8)KT74QyF;EsBU*NCRA}7t&?g3H&ozVgba^A?X2%2Mb^!8^X}Ow`BQ<
zOWgX#22Mp|4(SPGHQj)qU<*I1>wA|DklLPLNN@@t_1@MU@mxWHx)dh}>nk?xz>och
zUhx$||47?X*7Eppo>!-!e9T>4RdxS(XbP_reP`GXRh=j-N$KdQ?Y*>?8QOPAQxj2b
zqYHai>EI?vG<!AOAzDAurlzvQ(E<mzf5nFg+~U9Gc4xr<JD9v!<zuOE^tH-}$f|9}
z*CQze{&()(Z_WV7DWs=7xz}Jh&rcp$f_ZIYQ;_X^nl)jNL7x0w$he4*h;r^mj`Kt(
zYU$irqsRAXn{$XtCq~RAe_Fb!y_cUS&!wW*LyT%7?q-UICiE%J5Sj0^BJd4BC42j}
z_Tmi?@<k*j=0m@QNmy7HdgIVBnFoPoe)XQkh}&ea1;)l!y9sBxrX7j!hGU};m4H)c
z<A>Y0m7@}L0ZoKnw4O(HyTC%;_^2m#J{>&80t97)Ukn3q63dNtK?Nw&aP2?8T4kKN
z2?SuTUY!Kt#R6aoHRwGEIL#(2rb^&Mx<G+G1uZEna*-p!{wKLyb&}8F-rU#85Qw!O
zfXnFx&Tzzgdju!Zqss=BB&b&?1VBt-4&4|W7wJ=`!HnyIfRv}id*21T$$Yl+Gf=6>
zh_I(uj6gPI-Cy|7cdsWYB9WRR0;Ilb4K%)0DXFRHgU!{TO}7SE3%#Yf01|a8t3}#f
z;lHcH)qP_lmxX~}sJBr^MGtN(P^ALtRlcc&w;IQCX#8?HhD)<}#;a%EvgV+BL%_H<
zOHKceF8DjS>8C$30KA)dm;M(oxW#mI@)A9N-wUSn)Y7*7mkGlQxc*X;^Ra})+zu>-
ztgP(+@E-Z!Ndx}=K4@_5(+ID7cy+=?B-|DETq3f>ZK7k(X4xuO)H^;;Ef?A}PHlba
za}6sq7ELL;mA30?9+CR;nPLoyc2#=27y_*_x6f*<`WdccKFaue+aSWOwFh-l!wpUy
z8sE*A=qYAQ)ym9#fp3KZITQ%bv)#EZ)e)TvqF%sq@(FJ>iVYUJMDpb6rtf_HIxf`J
zrC7Nfo6Eg|tk`pIx`o;~C~j`-7nE#EjMrLQxGc9jq#v1>nBh9=p$lL0G=Ml8v99;B
zPFJEKq*-q-h$mkgHFkWkSyv7K+h&2~57~Ki6Quet{U3{q&(+T)_9;Mg*gxLm1>{n6
zw7Z>6(OFX?;M(5Vp5VSW<QHnz`RzpIn*T!Y(pzR-&%;wO8TX``n_IgNKORf!cO)W0
zGrd!?vYsT^@A09w+qL&v@Rc{4d`+dp+pqgpQv28ij(W`KqISA#Kpid^Ozs^h5_9y0
z_3P|q>(;hDXI|N-N=o6>?q-1^2OSN2NBcB%Qlybk0J0_sF6aZB1!WUz4Xr(hLO#w6
zCP%P|?u#B`ZAmPCG8{u@=#99FS{uv-#DUp62x3#!tIq5jW3%JKm1@Y5HVR~B$|E4}
z>$gw+v(M*90*s%Lfx<mA(OshED3(QP&jGCt4a~~<<`(RDUFd9r>#=$`muLG8T*XBq
z@BYA7VDIjsknc-6b8IX(1*c8bfse0UJ6m;pI?1S~<h4ZKM3KWqM|YIoh)c_3@6|5J
zy_t^+ryIP5tSddRi`l^y72#<szMnF|Mc^QWE>eE1?~KU_*HL@qAU*xu_aHXq<qWy-
zwB!9vPT{RpvC0+S<vw1=8dY<1bGri=(QsPA@-hl~x(8K@jc?znNq(?>IDJCSdr^^|
z?gy`c%|e-V<uqC}x3aQQb^8xbzB4JXsKp_z^zfkpJ2Szj{Uuje60OQbOxQwkbs_>1
z3U;nX(5;QDEv!&B93=keeC^D?RsT}qW1CFe^z=sY=CN9(AVu1W0VA_FROr#&K2Tt1
zR<=%WovJxd1!Sb_GgnW$-I^#IP)KO@LtVcE{W^{TT1YvyE4<dDd7SM6l9m{RB^LF^
zi;un%w_M<C%5ydDNQ_0lA-l~5f@Cj;ioXOTmcX=EE)V89FWzssd+)wtx^cQzg+n9<
z2ZxcyR-ysV^k>P<UeUx(b$y=<QYJNvjVKlnY9oHP?JIgRGHxMT9^#*E1|`I7YJmA_
z@=I*>cAO8D<Klgfqk7-d1r@Oa4#elw39cQcXxr9^g^KPK0$t>XadhN0|Ai>eEh)*9
z`>*BWm&GqW^9d_f;;+F>CcLrvk%Gf5j5==5)%&RaT3|>ZdbTUm47!xiE>O2yta2Bf
z-??;~+h*~4FyF-E1V^-{v_*6pM7p^u0#-Ex1A~v2{5M=c;SXKn#u+Sn|0pxbM@>)f
z=%Env#nI}ReZ+F5X}F&EE<JyOy!Ak(>NP#D?7+aFArH%cEcb<I@|eOiw5+6&@m$&^
zhWX#xHa)Q7QFNeFo*UU7RZkj4aT_&`hphqK-(z~9j{DCAsVnT^gsIW<(kqv*k|L3H
z&uS`F%WwSvGYc&RRXI>tm(4n!m@pX)6`c!j$?xSiO-je;`TG6a4(NPN+``%FLy+6X
z*uw>F|3~?h{<Nl#A2*glO(@=5@q5j!#J)}fC&dvE5HQNS*EHwkucM8$LHTG_X()*9
zDwN7d=alQo%C^#aaojv$)-99uJsi4fJy=zN_*a^;gTG&Q8mFhg>|rT4SN)W^?8fo3
zw`7a88AkKEGT&ba2?8|Js*o|~ckHb$Ny9A*!zi@04}rf?>Hx@-6q<Ru!9$2zRaI^7
z{o16{W3{Ld3LaT`)3zA%P@%2Y9!@J6+hd-RneQpGA!blHw%VbNYgT6KXOgV_c>m1-
zFYwm_2wFiTm0$T=;IPQ;3vNSLVvj$X$nHOZ+&1R5Z*8Xo8gH9;yJ81NM{Gxp=;!Gc
zvW5MM;=W=@SGljdWNrF|?0jVawb*L*Y}4r&7Fs%v6*`1BN)~yLbT}cH!2U2n$#dfn
zYVVzghpQvJ9>24FEfjXCA<PX~uM_`!F`Zr#Cgq7HGHgYg(Wfcg=dVMf2$>#z^2M0d
z92<dCM_N;?@JyVVK2#Hln0u)b+=g`je0KclZk_6Xk|o~RSN|h1{pTeAcgXDjhd$GW
zrU;tK(@F&n?y*lz4R;j&i?OL7O?_NELzMps9A@;0%b#>Tc1aOm{?oy*`)1bkZv*N@
zp~SO)hv8lnq8VApPvF(~LLUw2uIBc3Tsa2%{$3FL;8YPVNED(xz*|L4%>tNV9O?xS
ze6{Lm#C2@$a{zVs+e^2djt~E$x!eD_bKuEdNI(e3sb_H{4GiW8l3u;q2r=~j+S(cg
zkJTpt#+f)s$jX}Ew&j@xun>Cb^*?`>VbzEmfuYXEagfkZW{9_Y^yDu|J|i!$I<Nui
z9v+qXsI5Vsk%gnhfnrH8Zx~bi;~+0Y*^jjN@sb}-Pfu4KZVlnE_#7~MN<Kb5D2U&n
zRO0sBvKp~(pu(wk(D}MdHDhCUJVjJMSCQ`6A*_z_z;>69`3#|l_@BWrSM8W|X^r}W
zhYuezEzf@gGL1oCd)N^!H=V|3=QE=GZ>aD>ln+-&VW(zh7C<(J22J`a4Ai6`p2&d4
z;XQ6{Rk$D=-v;;=U@fiGAczD&_ksX5@;tCLR&@+J))@*(M*&3Ue@VZvy~-3Y$Y-Fd
zyVWhjW<J-QZjB=PdwE}<Kgo&r;B89EEgaJXU;2R#M$m#OdF4THngkM!`Cztt_quWm
zs&jx*RR&}X^6y^YkDQKnXB<V)2DAQ@Hl0Mg!=31%e>RMm3AbezfjI=VJE$Aks&`Ug
zkcTM_G2v@WM@Kgcq#zn6-@`#|>W*X6mFh`Lq2q?on)asAqPGaOd#bPRl!}&yCtrHb
z-EEOQproxx^|tF)AI0algIY{#Z#2GK7Jq+H_57`eF1I`r#%PkJjs)Z{fALL{9P4PP
zoBR;(ID&B=nbcue-u6Zn2pt?8&}rOxeeuyb+Q0wWNuoW$3I87m-R?pF-P7A$sggY?
z&uxY?H7bmxWo2bM`}>9l1}{rXOV>w1H3%wO61-B2zVAIfA3>e_%Fho*Ylwjza#}zK
zmydeLWRAx1+B$44YJx23X|{?=j><cbX@-KRMZ{horb#LsrZ0eUF)b}EEGbFh%>~jd
z{Th*wkdW(?luX7jHKI{&Lj@eFbW#vRn;>ATrnebYbH=Bq(|h#P)X1R6KMBOl9d2$?
z85tRnC<PQ3bNc)HD=gY-a#0Y0tRY^|HKe~^111$gQ~DXKgv%05h>!2*fWavp0au^6
z&i)LqFGrQ>iw+e3>iIeo&5=wn{%2@qB@3cxI|qmF&CNMKtf4`!S!_Z?5qyS#fIwt#
z_BJdC?)0E*OiNEUu(6Q`;>6Cy1znjB#-Rc1S<%+u;r@2yw##CF?Q~0Y<QNel;m&#s
zTMMe=-xa_3Na)?ER#^Q9icd|xzdoOqnTg+-rFa|KLYpeiy?L6-Go^6XK06a<@u0eT
zQ0GrX&S!TM?nOEVQoZHr*5$F94zRj@lxMlTw}*$v`|I~#f&S{bfx+iu5<oBqP~$K5
zfANFCk<0s<2rX_kgqC<uhMZ!y3Jm`gTJ$l320B}r=jP1^3$Buql86_Y4<DXjP)IZa
z@fb{&&RW@8TepFhPa4u;k~vyeTKWPg$ezKH;ry@)I#SkPNNz9?(M-xWRAfv5pFNcf
zQUHMy#X!YCp<i#B<efp9#%N+=(++cHcFxXy=T8CiT=cB=<b?|tvUDmqAn_YPDLDMq
zUMw>abo+%qhaT`6|AC83S<%uYEa7J?GCMo_ueJKeTz?SI?-s$*;a#MplyP(8!?P%j
z1-&Y2l?MtVJ6BiCg(zXxyLZp=@|IurGroE{3+Ts3E2F5$7^QkJ4k!#wVI9)XwBRj|
zqGW&$0V>ix1hu=uoOe$-18hw7c_HCVe*PHHwQxB8mIYZ-V$Kol26U+Wlaln`)pERO
zY<vP!d!N`19%UOR{sgmz8dVJU#^$CI6wS>b!@SGP%v_qdv*T8ULdg(DDROysg13OE
zdB0+x`9IG0V<Y@U47lRm3!g~O#>mRanfDh?5ZF$_2n-knaP<cP+?Hs&^(iS(>`Q&T
zBZv3Zd!Gk18IwTr;g#5qCBhnBymaZIhQ@W+pJZ5fGcJnn-@jkyG<mOfQ5vDfY1PjT
zSLh!XM_FB69WUe_4pU+Qz`zv3bh5FUriBHgm_H${urL+)QV6whGmwT~!JTQmR$nU3
z0LLDISsAXVgGxJMn~Y7b73>dOv-amte;BE-1MCTg)CA(d)vc|cjg4<X=c$&bQ9FwA
zZ1K*s8LMuCA=czm@i}UU<}g~Z{wjCQ6DLkEYn8m+9`mJ9R#pZ}`09aWBqt~D@UnsZ
zfp@_I!EUWun;S4kf3yItt+PYrZ2Q|QGmzZk`5pZsL>U?y`bnf3fPo%BE~IZihu_%I
z!2l`}XnPfzv{Ar6KjAvafnNwO;=FUm|HEy`@W@DUh&OKo1C>G?!44uTeGake2uC|e
z&!(da|3pMwY?QurkNgdIXjiO$eJz8Sn3$EdwZ61qs${4Mv{j@9YCN#>_f{Y?gm`W*
zpJ2D>y<5FE&x9!P9UUD7vC#PZJZ>fVU>M~r3H6V*Ho1EnFap$B;b_|0)>f)?Q%g&$
z8yabYW!6EkHQ=&8>g(+%zMsbZ0%D_*nu3DD?m%bfQ%h9wb11@?HH%IKqI*I7eH#Q^
z>Z7*ZY3Da)Ix;0gsl9e40;Z;?@7w=+3{LdAqGI<-D2}at3{HDBJq*$!1N4X_)0Iw)
zFD}Z$U_YPt9#@k07P%!l@1C>umvs=)n81jMG~Oc2XC{N5toeRPQPFeg4ZFFyjZaKG
zgf9X~d5YsqyVkz0EEpAZF3%8NPmW{+1Brq_<R2<}bUj$24%P!_pfIq}DbQZOFGW7{
z;7^*l_~`95ag$HyX<xrc*?a{NHSnZFXn_LuRuzZ|-&6AD|ETOp6qd2GW5<JUF#+z7
zKB~C9+!V+t4J|E@ST#bEv$3sBb(EK#{abf;Q7`tpm6cV=E2r(1G2aaD7$J8KnB~ms
zv+(lrk|v~p|L^)NcGkG97;0WnzHa}h1l@XD6pMDU8BqzWp>nDO5#r|M7uD4w5Vxkk
zzabE?{2+`NAAbh3$M_GR`?I>b+R5+F7#RpjEeI&Chg}|~FywykOSN<)<HY>D)~`wn
zAkoqwxZ)WZ8%KV1iT_Vpy;u<bPmE8_=DVr<^l38bYY)X7mFyJmj|++rE>(PNhRR^r
zfIlrGBWkB(bTkosOHA<_)2&;NGONJ@!o$Pg1_e#l`knpJ(C{%TO2WrSgp^U`X*0;0
zg|I%5fYx9P<m59*&8ew|+1_$;a-eWzZ7!>=tu@X+JY5KKf8(;GfPk|wlgw6J_3mAh
z@=Dz#k5&H*iPVP*3ZVdy!V?qqepSO)O)M=TT6Y9|4&2^hvsH4G{G!gBIpeh0uef`t
z=@<21sjKR4c(~#@+EaLNDc`<*doet$14RgKga#e!K?<V&h@>FQ9HR{Ifa{L%kcc8;
zEy&r>1vWT7I)v1+x;h~SUeC_K@x8r01W02M*B5v0-IJ2i{gjv(5*@9cT}vB?-e8RS
z^yvve!<gv;or;u$1K^WI)%9Bz)~8#ZmPExMk^5I#uB|AmsPuA{Zkz2jcB3C&`Oj7U
zQvL9ET#Y?6hLmn&!wMRF9i&SzMDgmPEt-Tm5bDc<wxpumduNpv58}^zYT;PuQR6=|
zGJ4z=%YC1lo1Tp=6xay)c)qn^?>4Z!ZgsM&SMM(5M@qt+S&_9lu#^!=u<A*vnbYcC
zga8prUqw$3u!@S(czf@D{Lke)I#>xuYQt+hT-uY1<(hzQ@l`T1TrPz9oVDgbU#Fj4
zn{z#LL**;Vwn($CTl5;}<cIhGqJvN<;k~^*I66EoPUi9BQ%Sx@6-9cOVs-%SCb&7d
zwf&VELrY8Td}}NgE2D#1P$VWMZtj3Fu8!f3OvQ9*Qb-GLVq(Y}LTP-T)6k@6W^OC(
z{}%-O(Q@Z61o*V%cQ3S69st6TQc#!yWYwA=7!7GBGDc)o5pb1;wzg<bUY0~K#XZp^
zz*yiD!m2m#Ffasw*Gz8%3|t50h*=~oUj4uTxvA;Q%!N+_Lqn6};}29+u9DD*(6O+{
z<sNtBg3#4!q>}VSa`H`hJiz+*c~&`4eXeb6+`fI=4+O)as^66UD{>q=@2Tdhd5?I5
ze<}Xx@1H6y)6bNr5)u|(+ulAq4sMVE_xKfwjOL$wlG+s(8yi?&&I@S6YM|(}qvJ-V
z1rpi{*C{Aq4O<`&e05o(fGESdy#-<+Bj|zDh*C3qs?j3~jGsOG1`WMWeD=4%HN9YD
zU~#zO%9W4d9ZBFc=}M8vHWHDY7XXc7VHg&kf&jYrv&+lN^k-OM#^zmUXhUu7ME0QD
zFoe>#H8rB}CGdQQGp44dF#fM-v70%PnTa(Ufy#jmLG@qx25(beHHQIyp%4`pw_l0;
zmL~O)&vT1;VqyYf`x^9^i$UN4&vDRsj>p8w`BC5ZFcOx;eq~e`FsZ)JE`80>-hy)J
z!ua?%NRYVe2h-S`?<1h0p@DUBZcY^Oj)gu8yTSKU^o7sO%-+H^sKvmOLFTMr)~6mi
z{mqNG)U&<;(<k<Tq|Ot=;(W26lxR;9?RZ0Q4N^RA0KI=`$TG5}qr<c-MI0CU0ooVn
zG<=8T|LzI{hx5D&q;Wtfw?#w}A#_=`RmwbhG7csREePQ}jW4gD;~1HH6b{<x00_&D
zJF5l|4tAiSyoSY2<GPsxG`_yRz>=@7uY3I7N}TG_48#=ZH?*}arI*tG2Rps?adFvN
zSoVX&a_h~T%HkM3Zs_WR=KB?F{WVsd<if%*{IkRtuU~HzT&b#qworhdA3p5I<HwIL
zUcLGl`kY1H00yK9RU##EK#-W&1Z)th5_X5FCs2=zLA#@{xEOaMV5W~AJxVt7E`W02
zb3sAq=g+jT>G7hz)R6TcF+Gu%{@&Gf39J|DfO8}yrchM^;U6^+3PGJov_Kab_5MBK
zsM{nF1P#1T0?v$p+FN6}gC6>wxpeJX1Jvv0gC+M86BBWzO5jOhXr$BKzkf+oR1})A
zp~c0H6(RL7ZO!MldJ|GUJ$T7nPiC<P)<VE_`91h{xy{HecJ?qppm;DF?KxO(d#qv^
zD%{-J83swA8yYX)>*~&vkiaqqL%X{ZY9Cl)cv21>d<t+WC4ezz7M3~Kk_u%P5h4Z#
z1_*p7zCl`i7ZL*VW&*G<cKch_0Pohm4_*CFa68s3^2cFVDxgD+_P3T~<9LFh<@CAB
ztkaC^^_w@B$jH>@T_EVyj*TUm%57U38U27}Ag<2ZnafOqgW`ofqo7q6rE#=I?ha^l
z0zh7#c6mrd#8o(PAk65&VqLv@H7qVJNILyHWSsL{k!c`j*xB0)kBO0j`~oOYdDPR1
zOdW7af4MCUh!1EP83U`TgkaSE2h0yT&3g@&yvoSPz-1B~!~{r$f03O0T~bn#ye16R
zLY=VQT3aN!Fi`2tq^G9`SN<V7x&aX60MfNUUNcxiOkTcSMy7=iupZ>lZ&2m|5;njQ
zJDyMtd)%|W@UK6=^<_JcgF1IVz}DdAHvoEA4VJtE__#h^i=W_tMx*%z1$$B@Nrs1q
zOO)n>3BYtRWMdvdBMfHiDQRhGAy<aQ#JsDh;D-_*4W>vo7YD9D96`JY2FOxu(v||6
zvs0%|+3l_ygHb_!kqVf!#A@I&2?+_f!FL!wkzNu5vhO@0p%FN1JOlvf@DLIb7M7N#
zLs-``w(QM%`1I*T(8bJ**ZS#HIK27g)WE~T!)4a_0vfQB6B94}{OXjc2mk;BteQn5
zDB)NJF0KeDuOWRFLU|2I001vLC??(q2Pf@mME?LNgLAx#7r%kRhR^p%2#6^NVv3(1
zoratu341j+P|N@iy78p7j`}e?91m!00}$&ac-)tlmk?yT{(%A9&?htm{sX9XT$NCY
z+j4CS%Mb(J9<OU}5hNrTQsqQTrFPj({v-mce*FCTEqGuCmsNil<fzXDY#sXlNh0TH
zk6fFm<YAAdQ<SoClmoyb-x1wQ|1o8NsM3d(f;ayw$l%WZV}b6k{P<r7o?9#UJ7@m?
z?ROn4+}x3nOHs=<Z==Cx&VrwStLwR{KPIOZ@oJo?3y_kMav#y%Reu*8OfMvK;Or{)
zmI0_VT4v_=0VFil%lU7w-Mx439iRmc&|CmHD6Xc4URVzQd#jIo=$_%Qi6js+0A!&u
z2q9z9dJ142o-FX4A<64I)S^#7Hq2OKH}MF{>&P+Jl~Fn1Ncf%Sdo5>CZi*ljSc6;z
zFkbqb6;ydRd+6-!#B^sut=3gyt_%;k+0hz2KJJ4$du@IF7dUwVl1V{4wTs<*&k3g@
z0Om^1)iqHXkfV)_4YO|Lrn9T~TLuB>2!QT!3aW4T0KK%7)Muz22&n`%OR=~}0Nl++
zsdtSq0yq#LD1QQ32@wAFUy-N^Gs5zBfH=yO`X&p8iAxDEDysm%7+my6U7a83KUYEE
z><B};@No(7lnNlMvYmhY{0YxhdGh@EFQ&N-sC{w84oqAWq@jF^p(_3e?|FG0$XL%n
z_->8o{|Ki?V2X>1zPheZ18!q0^<J|8VgQ&gDQW3jyu91au9=UaLTZiU4TZ<6siRF?
zTzGIQ&sM#C8i$SFa=07<1FHI#qVQ0Tc1QyHmNbb_h6F$`Gebp1M@t$R(Sf$GL&nw@
zawoH1mBtJf=nlw!P)+*GdAnVLZTbmm4FH-cWCdpZ>Kg<ELI0OExCJ1aR?OcH=I3x!
zc6*|53xEnp{m&0}*5U=6F8~(U+}!MkUCYM8LPtPJ3?P0>dJkpXLUs}#-}x2Ouljws
z5*(2;H?sxEIuB$4GgwHxjz<UXFt~T5G<2=NUkhOZN%_?2(~7`9Vnz}!kDxrGLEi&l
zaj$t$RzblOge(Oma%*0|Xzqd@ThCLv3bby36*jf@SLuL05qNmd)6)~^6?h(^8~qZE
zpo{Db7U1ON8#iPDH0yiN=)DFL`>d30){{X51=RKH*OQg9^<2yUjwm}x8OMKxmtV&u
z6v6%w)9rylfsFcadwImU8ERMHmCX8bNF^jB($VP<rBrj#GRt4ws32&Ao`YA<k_M=h
zJ*}Z@Y*CO|;8_F(NXkcVF|DJcM=<aOnKjO~dKa#i3qTlS<b_hL#FwOhg{WWR|5QXC
zO72inI{_v3<Jmwer2G~y(Ob7(4HTOe8#P@{C;|v%2zEDI?Hvc}%mHCN0k0K|kq=D&
z=;&y11Q`v%9S;bOKoDj+IO3l5g`<_AfABFrz7-twm2`RvL<mB1j#DoHBZEmc00d#b
zf4{b?>jSu&s67pkz~|4M8wY9vieDx0?Y*rf8K6>2nsJN@oUOaY*B1yz9FhV%0A1_#
zKqZ}g&0>ETRC^AiRZ!Fdeqh8XkHe_`;wUN(3f~VvCi|Ts+5zqps8Yq|tC=S#IZX&*
zEv<&XegGQgDX^9hFyLu;m1+sVG~M8{djWXPes2?=>a(E$Wvsn}Lki%EPqDF41DT*a
zx(^KvoF4MVjT<GSz(hX-U<<zZ+|)DxSQ}ucdl((TTOd_7L^7!Z={JQaAN>VQk?&|U
z*$a4hTM>+4K~3D)+ByZleU(C)4T<|Zl+9rCIF1M)UCF%9>i7xma+~SybeT_aaXr9V
z04QK*XYXX>HEq8EEH=!^o`I>2n|yrNnV6V7wwHs8i;K|}P0h{Ear0`gUnh5&nGJuv
zk9!ipz;*-lLvVJ5WAlK<XXoThg<BEe-0(R*bOlgX3v<X7Zfm!E57y2C9EJyiyo6o(
zKX`lVxT@3cYZ%8-#~xcyzyKvwlu}6xkZw>?QIJMb8Xapy5hbKVy5UgLX&^{Q9*(qv
zv@}S=yDlg0`+5KP{qerf^Z1$j{(NSHbG~t1d#}CL+WQ)u3=SXE!_ok3Rm!o_N0UYu
z_xyNl-mMXG6EGa5rlfp9TQo2XlR&R9_ASa~>&ZSvP^5-!xy0{TyVl2Z@9C{4PoCV%
z$auNX`80T~nVFf<3a+Bin3z&%O15+0Z7ZOi+|A1q#P8q0110b;faiuDY|B2VD|$hu
z?iI3s2J}Zp$T<G^E{VvRF(8c{TJhp2etIXc5}r^W1}VwqA=^Nou$~%Fee&c9i2HEx
zR~lv_11OWf!pf`KXu8l7WRddv^?N*Zi=ss}6LBpNDOloNcn<yn0kv3aB;*GR;A5K#
zoKE5cqEI_PsR{x*XYZ;-Y2+{BlI!&fnnn|9;A=)kmnj)_zx?vcDVx6EQDzYe%ih7k
zNIRiqP?<^C(FfzLKmglAyX&uwSOfGbl><ne>bC5<u(;R+e7a`S-ZK%kUphPg2nx~+
zIN3KbJ`T!u1Aq|mE*{a$e3FuKyr(KCW|H;9iRai9TX*h!kd$;3wCoC8&M`|Z8ENTj
z$Zezq0dxoQ69b@{g_yLP-*oq<PoL;!W@jxC|FDZ}26ms&`&HO+vKTz%APLi`ZU|Qg
z9N7JCvnWc<L#(f|Anj~rWc0|$-~*}ko=V-}D<x)V$R@hHz=KV8-N1kw3}g4iYZM(D
zHg1#_l0!Xz9l@XQvEbOSM+ixa`&2DQNj(bNUwyXaHPX_bG{mKqT?`dqW^OPU4XaGn
zJ(c@~gkF-E5fW03F(fPS=AiBs)-?Y>+{O#Ve76g@y;;<S(hGa><!O+n$oQjIub6Oo
z4LNFc_4V{3&ZqE0?*Jjm#qZc528of}D?p$E?++QY88n$=U{|6}0RuXX!Tpge0AVB_
z`lZ0UhJr#dgd{m|ju^m$Amb1ALt!uv%!(f>KBNIa7zn2iNWlc=HmV3YU;+1qEfSub
zoNWCBCi-_?tkV9ct)oAk7X`m^c;CL;Shz%#LKUhSuTslFqT()H=R2OBn?W;~eondL
z@4q|nq{SzgFEobNtRz|qt_(enp?W3m*}1uO@F;a#XCd)pxt%|E?iUp5<*q7;m!9Kd
z3mZ-x#fkv8Yz4L$hE0%oo4`4PT!^S#BKro4z;T3)B+KNKl;2VOBNKou$QYj^(j5r+
zTf?nyz`S8_Of769!PV!G`cVK1#>fSq)72&Hc^#T>lST?qJfR}_BO>A;g+c-Ue1Sfw
z`^}M`5N3?KtjiF2C6w*i^A|53BqR)4)8K`@aOFy9W8ei`FDdjt1q*INVl*%~gw<YL
zQgR=p51^t?8mf6xZV;dXiHtlST-t6S`{S6<By}342858>`ug)xN>}yt{(t~vr7U{r
z(CS^gb|EHh2D+2Hc<~DAn%CxSfnYrn8kQt3T&T%+uqI?aq%nEi5s>BwD%BT@S2@8H
zFBt9@nLyr0$V<;Lg5mo#9-AS?03i$<JbKgv@o@~(LB`Pa;vEohx#z@&b?ZnDBN`ek
zCMd7SlRK*Mdf$;FGVFeVf#pEHvp{O}*lft%=aba7?cRM6gu!ncHZ%xif<__91wWJy
zb3Ly3V_DgivCa~bb}KXbnS`@Ee~4n0g}BZ=!s5CK5(J2I28LK5pH5hu6&qg&T7CNs
zd-e)G9$Jt$z7zQvO4CZ1Ch7VH2d{y^h{Wuf7|>h_HeI}^<1w?3bI6330hmn=h2-VG
zbX4eTce#odyb#R#6SE*Bo!-PGRE8JOROljzUT>f*cNA*la8j~$!;aKXOJ+u(?E;j?
zJ|-+Olz{VBu3U*L1-EwGux1~Y#aq<RD1W~qyFb}`+6$P}+uJ+Br@*pnHCWrq5YZ51
z*5^Jx?}u8l=tW(HU>iP+9s+hv5c%+!_I*x0NGJ{nZOG_E2|>HMPLIRNY>c!+66yl2
z2Bi@*EfAl6GLjie%d9Lc<l8}l$=KNNV$vCM%a{KCIO`*D97{nA#2f2gn4J)Eo_U65
zq?f_LmoZJC(SgGb0vh&G#INO;Y)G~{h%KoA#6g15k#0yf1YJtrHWqEVO}|oi;3jY-
zShGMbUeBHtle;)=#ey%O=89XiW}n5Y{)}9KNd_#?H1Qi4T%bD8eBC&M0pS>xaG2qb
zM{#lNU>r17L_j9TV2}5IRW65FSbl}NL$YyFbvuH5e`^j8Q2b$G;b6oLwPYRH1hpie
zYHiD)5}FhKugLEZKmQBlmE#7LyO);cEtrJtL!aydB2Xwt1KA(o-8jzr!lVdaL52T`
zYp*F8ohR&Z!z7OYfk7GF&3*kh3<*7w&V|jn_q5eL?3>3}o}BZVFS$>mo`)V6f_m8d
z)vHfHG6a9)_XP$&Yv<ZL!eysn857Z&JO@F$Bj6DUZv?E%u8)SmN?>5A@AZUOb(zm>
zG{Ju_`S|e>@;i|&piPpR2_$XfKq(d)S;HU$Nsa~TIe{J?$W|8+=a47;{r%aly#Rc(
z3ikPNh1BzylhTP_B~JjF2rD(IsHn)QZTp&25NP6+CBPTlxpN2H6dl`8Jk_{cz;SZ^
zS$L`ub`4?l5o$5mY8GQqk(-h~1xA1;BfbSd?=cWD(10sYFwDZr?6c3xl6mFIm1{R{
zg#TBOa3P2xY36MLn7H`{0qV<hle|;@m+CTH7G^AiT|C^~!vQ*FLPUab7h8a85cC~j
z6Y-t&KxsDFS9_P9#{j~jEzvl^H)HLP{!j2&h8b~c2?%iYr^TUN^&<UY#VQzyva;UC
zBjm;s2UiDNvwz<{I*9YZ4Gn;4zph@LcB7i9aA8~;SWHq{`W=nthdR{z*)xUCsnNdK
zCPXN>yGgvjw!JylDJC-eZQBP==Hw^!C`Ev2Iab7WE*|ISKQ<M(e&fa{JOh%AAaNj#
z0RL}Bw<;5I7+1P3@;yl<s855J;H)5Cj_$yXn>Ixgaj@gkNsIRDXte?%r97CM<1~GY
z#Hsdt2Na0g7#XYZM3I@Z)p9?<DNX?ANAJV^ZFwhS<U<Z&idJLdUnL1w6=%@ZAJ3=H
zh;LvnFI;rvwtgWW*L_HK_rr%0@{LQGuex11byTPC{obj|g}0B-8fZ+KR~lIE@)Vr`
z(7BXyWd#=2dr+KM8P1Sg&}RD?YA0q%sFd&8zP$zt3Q=WIJe7f|Lm`1e-UmGf3eXNP
za-$M45To{fz47VgRg{Jr^2fQLvO>lIvLmP&3lxoD=vsPDdiacW5nihi6jQUZ)XmT6
z0}naR+yqrAfs!f1Tnf+rPdE|24h}vBKL^zi50<<EhLh%%SQ<dj`yfsOSKymvki8&G
z8^*biY7b-|aR0UI*YAl(>_2wwDJaVnL=?5enx&^mqz9nZtC-gr=<AQ6CFQ3S03ZpY
zM1)UOW##*dipN+6`0Wc<ukOcsiUA$sJlpLD-9p)9^&4+eu@SDt?)xQ>V)wzOVtHy6
zxdww)WP5WT0o)qJ0t!K2J4osv{%@d53gB^!xDS>WdPNg;i(UaZ?*tc}^yPx&;7aX6
z=Kw_I-@!A26g<wyN47Gesg|}jJ>m?u12xxjFEevBppiWklv)}Mv5nEf!U6$G8VzZd
zH*b<k3g+)rr)hI|-{Q2^pwr}5z@S;23J2(($kyV<`g$@FqQiCG!=kYN?jXik{&hyc
z>;o{4Mp29C7l;IQ!Ukl-b%TujoN{#~Y*tZdLYW+-ZFc`d1WmMI*rUisx=q!{<H7Xw
zo}6rKS4c?-njJUPJrffXV+|w)xE{(jGYdl6YI;~3&@VMT9RLIw>>g@OaQ%CQ9aRRc
zGmYvGVWs)fpF^-B#wHk(QcyR;8j(o#gBV_mV5uZ}7kE;}|M(p!S?SkGH!<)T-@}?f
zr2xK`?am`KRg+hdntB2q6U84sto9I(_*I0MBuHfhQ^T7-R$aP$ITer>4f|lov7vw8
zxl_EveTVdS36!0eQ}tE>2J97a_6LxuOT5g}z1SIA4&jFEW3bWZAn#)Bl0}XNnfu7i
z+)fdAF*d`k^w!qa!0)w&yhM#{cN$5x>Xz#H6fEt*z;_9s3m)ZrM^Old0YM~4;I2Me
zjKMJ3$dI_!P%Ln;6kvH~0E06`Do}o&*VSbPxSpJv`dCrX1!n&`UIbvQan<c3Y;2*x
z>@u%}F4NyVEE{+)B!n5{K?8%bl-1~$v!MP+A&=mM&qPpzqOtkdv11Fs{HV)FIe+ou
zZ@{+rmlIgMY=M{gvEv|HkWCI>TC55>rMdkDZ<#+bQShaq+(!Ez*G)@HMG<Lacp@Pn
z1lOcoJ&y$Qt60ZDB&1RrZ5I$GVls{<=tAgKiB(tu-3TPi9msX4&h=o0kQd?yL;t-w
z1HoWDz7Q_9>o;!jI8GY6&UWvD^+Ca)xyx%ia~Aqro}&Y2g7IwalUJY^QmlLBfL__z
z*!Hoo+ylMXH8_~?>v<k-Zjynq@vw}1*6rXx!A^`4ByM6Nk!gGW<pgsqM}YGC!NH8+
zhJcDX!4JU3@g9<QoKlo~T?{}!HxNKOwhH$&J16IQpa>M-pNrgzxHn-PcXf3|>^<n>
z;({Xc1k~XVtypM?WxItPdGTCNoj!d+@BMFdm>T@Y{rh5%O8YEHJp&Yr?+-xGL5(f}
z=q$Q4b8y=snNXM<;4soL3BsmI#Y6*y2zD?Wz)Q|(l1tRca7SGCYgW5*WgpPp4ZzIu
zj1WjBs5VOQU{CP!UPn%t9BvB&y<m;^4RTMDvS<jM3$?~uEPL!*R43peZHAhCv3Lh7
zSG(;5q;keZInVXS0I^FBPACbT_X!`YsH)lsnFgeWJB*0jOh1rdK`*9b@g}7XLQNzk
z$E|jUHNwKelIPif5^g$y>OcIV1LD~2GBYO!`gI0m53PA9W$$u|&Ph<PvP%Ex`u+Fp
zecf*q_`DDqa2V8q)ept>hx+<$xUz1e30R!2T)XxTLdxq*#RRIoqa$?FSfLD2w<Tw=
z4K@Z2zK5U=;(fBorzB8~VeNskaU&pZ4b_+r;Z^0;1@$-;vV7sf0>J<C>C;9I@JlY}
zsOG^3`0P22H-NwYIx^zv>$?Ns5o;6OmhRXV$TnQ*BLMdhL)cdcW@vaoz9hD+@%Kv+
z#OMP{!`3pM6DO`>7&nN<6ezVxX~dP$)O0zgDON23t7aY6Q4b)oR-to_R;ge3mlonO
zfQ*9|tYH2g4-~f3kuO-Jt)IDhc_H2CB(xb*<7;6@1b-gEx2M<0v?X(6hDH@=*_4!&
zGxGAAfs){3c?;R|xAp7m15T?as2znD*}ZVdErgN#<jEVT7vNVQ1uFI|3WwVOomN_K
zN)V0HmqV2!T^?fLdo+No4Q1H9y9V$d<eRO50*c%%V2_dlWKaXVgN_7?6K6Ll+^6^N
zuYyF_*j(MIVx>>E*TIA5*A^?;EMTy$5xP{Zp2C64j9ThF&<FC%8AK(lgzrN`0U|B}
z;GqQ4d4gZQH0&r8M!YFsV%W0>%)uVH5Rs(H+hK+;-U0jq*_y`j>_;{&B^*1i(N^#=
zrJq0V#+JgXorTSegsAOR47m;yhhS-W)85X6FG1)tstsQS{+to18ufs9&Izr(#gS~W
zMsSE?>XDSJu9^<;0rBUR7X}3ci~*2Bx%`NL<ZHEa=g!Z~&3fo4caFv+!>5lQKW=nz
z)qvB8NG70ZI{W(mMB2u6!wJQ0-g*k6L9!2aK?!E~<_yDON=jLxZK4}nV+t^s%-!T$
zT^%gA3!K)E;kNnrt{J9HUVuJVV9BZcr5%n<@S-GlBEacunF592iC+VfDVNCtQr!X=
z*IDv7P9@IE>L~H5p>T@X#3pQv)CqKa7d`aX%*~%_BoWge27KQ`<O1?Z@Tn>*EB^FJ
zPI4RK(L+#4P)XIFcGYt*RRgQ|jO<25M=nk%f1De3UmgfR-FcuLn1OSF?%;2^$Gv_O
za7nAc(U*V@O-;@2bXDLrgG&E5K*wN&Y4J|L(Xb(K((Dkg5%1Zp`KP^!z6!{Nzd8>V
z=r|U0aWS2Vi3zdMCN(6Ws!{tO=Ketu5-K8@?VN@VJ3Bj3g9(Huc0_DFC=CF9fDQDg
z1O&LT%Yy@+Bes>|IXm1A1xr9C$?Go-h1VKh%CkEPpW79T5H8QS3iO4VjZkmkm8*r)
ziSCZ<$+4ojbIc7tqJ^LvFyO2OJqaWbI7Ci2>78ym0(ReHovZf(Ibuo(uoUbD%9Lc7
zqPSr}AZwE+s0pMwYDCW7P$8ovI1-^7+3!rY*_d9T{x<G%`s$(P%&QfR9k%Tj^|^e;
z8BAZl<{C*L`sHh3qn(RVg1cb)?XH6Ava)>w0)gNFeEq%35FyqoZRaekon%AmhP4s0
z5Qlmm*mJ$&+bgnja=vzV12k;=@#Dv(OP72cB9x)AE-$%YwBAXIR?Z&~rM2_yN<Mws
zB<0_&0$M#OCK#{+wNn&v3dF<=MxNk!wGot1WX9@>2xMD04c<flN0G{*PLV;40$Hk7
zs$YF4nQ7hD2HrKRaqd7AM)$H><d3a}fxJ;eBIbx6m+m3ZT|nKUV~<8q0#I}c%2Bmv
z+YavJGj8~T0~3m&2yrrY)C)L_vmnc{QaF2thd-guK@zdL@kw-NP=jY$X66Sd){=X=
zJ3HSJTQdlQ-LO=noP}TKEN7oeAe<A}C>5xQKUP=AKw6i|tuL*&+}V-uj42!Rq>iUG
zgSkK+zxaq&>21!$z`)Si-~SQfm~WFFYL3Wr_t$Bh41izl95^p{$cT+s!?qz_^)W6S
zMfht2VLtQLOEE4WR-yS3qX99tV3;{fB)F+qP$mI9Let-yR)!`@UJ3-2O5!jepv{~H
zvIbTs0&WDtGvF0B>SokncVl7>LkW4?+&uT_+F1u5-aW{O<%qt<E@~i^vt1VjiWYzD
z!P8brP?KHTE*iLL%!m=(6fmh_l`E&LqoV-ixh|AKaE8|aNfHODR8(C~zi!=bQ)6TI
z;9%{X4_``Yw|*fY5DxHn#l>fOUuKxKyujx64i5GJjwM<G9Q@^u&pfAxE(?Qz0rahh
zcCfX`6Ye9zoxsG3@Ku*-rU`~4sq%rXjSaMaEzW04uK@ypI*CeycZo=AM58dmg#ZFb
zbmHAgdC2uPbMSgTL5c*1mdXRegk?#}yWj~G9Fx*u%!kNTuTh^Kc_I~MEg0#ZfcZVJ
z6QIr_mg;R4cz<ayPys$jp-hsKlY{*tLM<U=c7lxg!~z9Kdi}`>WgD_RhtX|jmp{WJ
z*Lb3zX6C(0Azl-TR}le|VALmo?j_{pl(lQaP-@5*aFy`nVywn_c=K@4*gS{^lUiNX
z5x5iL+Xt(um2dwX{7ns1OuS8>V%{?#Mc{Kdb?Q`~mM++O;z)sLkTf!hs3AhFy!Dq-
z{EEuC(ZBop4W7k83x5Iqt%A2!8Ma-3)#KVsO|}2nP}bxybx_q#`nUZTYGscjwxZfT
zivmmcr^D=9Pfr@;X(gIJ`$*@Iy!G92$T!#Uwn<5d#WjZ67sv-PNQ9TOZ(e=0V&`q_
zYC_0>I_qyQ5d84r16nC4TIn2Y>oyQo304!>^_27iKv<8DetoC3(f}NODRg0^mKq#j
zK;USG$u8oOwGHw@S~IR1b=V5gD)?|-1<a;T@7#H_jdtl5e^ECP^bJjpbTD&qae>N*
zint!aQWR=}Zu1FC1W6Sv>-W>{G+XxS6ZQ)RY2cx8>DM4Qka!6{8kPlVK$ro5B||VD
zO_2o*C_!upFq_}JdGiZWIk6VE&QH$R>b!JJeLZ=n`vf2~p>)7RjZRElL;nRzEtGA7
zu1m8wR5*Oo#6MvonRH?VsyY2npPYRV2jO123M`AENx@*nVFl|$m%Z07X)IW_pFe*V
z8tX9xRRwNI55oyq3p=2DbRSxRxEBkp23M_Ir>%hn8!omUg(8-*YR-?id?|()jHRsx
zyr<_i{GB+K1O<agy$jOX8!1rKS`&LliXk@*kOB!<6i0iJDgw+a#AZR_P1G>q7ydZ$
zYXS<gKRrB-PQ2XFp&~CO6%I18x>d~xMKOv;Jg(S=00~4W79O5$u=x{Cgw=l<%<3r0
zwJ$Jdf-IiJDC-KoAHu^(`y2M2dWK4L8|n)bGjNU3Bz5QFg<R!OM}qWapAzD;XxBO%
ztL)Vala8<N{jjjF+inyt1Af>$IiZQ>3B(VipH7HyS25{Gerj<#yP=_hd%C{4IS`7J
zRn?qhU9UKtn%>^Z1G_C?VJ06zJIhH7+Wy@7>)^V8`8-rD;k4cN-H0Qu(Q{J7c8)w6
z?yQ5(0uQKR_#uc0%906zuysOXQPg9^T{=@98vdoX+cPEeURnLSb0^E`oSey_u8+A>
z%UQoUjOYjh%`Z5736(2ObV!fh(AVL)^XSt2g&R^<>joPwzD$c|K3AQ*@Ul8_BsDFq
zbM$#cwp-0z25Q2#ZF?$S=1k;_m$^L%4sO>Er9I4V%RT`e9`^lI;|x(jyCJ2zXLP*g
zlRHB^86+R?e0p8qAnitnD^s-a^@i9jypHqBuX2+WBLoggY>3bf;*X^|z7(;3pzq2#
zGe5G2Yxd&0{qG+WyhGeBcow^P4HW`Rc)Jk_Ri*X<d6OEWqev7O#o<oDu^^44XiO=8
zZCLw@yMZesh+Wj}qv#(@wdt?hI(-#cC?97CBx262<h$<S;inHDK2%#5Tem&td;*vy
zw0t=a1U)Dji~tDIzHGfJ6h<|K)|(I^t!NmP9A&j80?-`%(bG?kNAv-#_d&KmDotuy
z?U{!@5mG@yaMxh(L{(gjkdR~9)l_s6IJgp96su35cLHe;)$;_b!9vPykf$QAzIz}=
z$BqIS1tbqjde~^CT8X!`wa6_5?X<?L^oUNco%e%hD&mw&cYS1q^GgVSU_O)^<Jon#
z0qYqZxs-AnH>-f|COBa6g-0wO)YNC5#OGn+jU=KmD1C_a+#or*OP_*&{~d=x^=y#2
zjiv34%madZ;(hAHB(*Lavw}^&eN_hNvudcJpcIZlqI7sF?2`6(M+>Y9a0)5ua4~IT
z4!Jtdi!dz?#R0{tlt#4|DTYz~-~3j#ML+Wh=^cOpq>3kNnHSg!eggrZLir7&RCr!-
zp$d4yloKjomtc4AJT=M&=mf<8g2tQDm`PjT#{q$X@B-|@TK`3C#T*LB<M1J%<Wr%H
z+$*g@s({=}D)R1A*?D>Og)UA)LP9n_1~1o-3MW85#RjZ|B_V`!s(S+NfiA=nKr-d9
zbN7`hlHj4hErAtC0gb6MJvkYPwvOu7r9Bq;XVDA<wT*Q(6)it^(JsKVN|reWE)<2Z
zUyuR0#ufqJuo{eNLf`OEm!ay{Kq(}QNcRM3X~k&6xT#y>MlKPCt<GDqR>|BT=VLH?
zkm!yy2qV_-2>0O3?xCK6e!(`8|CecUOdx-pY6VJs?dO7r?FEi{*C#t-R$-Rb?wTTI
zH>Oje-aYF=k$8U%IVBn5y0UMe*&}Dd?OOu7cRw{DMlHwAtYzWWiW#mCU)mE+(heN>
zoMt3UO<3-zkIUrGG;JyL)^VAuEy>u!sh;%V#*b-Uhxz5Yf_!SqiXeW<;e$Nhub5s<
z4%dgwWZQ#`j;HFZ;^fRU)$%MXTv0H;skp%JaMS72Gs#O+_eJB-zQq-E=gtar&nOy{
z3fYf_zPAF~w1HXV<?Y+It!QSb`CwRpzs3G)oZBn0F$O*CLQd;oe^e(ZljDD_aQ8jQ
z_zZ*~%D-NiA`m--ZAD3JEh`HJ*&;9^+#aLnDKe?}9mxU2e_fV^ZW4`;LG}@Q5s`<i
zthh0F+%jh#t*+-8cnymaFQ=F1$2kF^qZXCk5btZplb>(&5ew)ooE1`9EwD4WzAG<x
z2SE~}Wh?v$%N=%`PJDcnjwqN!fK=&Ti#xrthj9pqF5IK%&{<(kRj&N}*&m6r4t8O=
zS3+yWdh78a*up}V^W&sT65*V%QdpWGe?v~0#G*z5m(63*p3j|p2e5q`6O)cXV0v92
z+Hne;Zo#$zSG#FWCVM}Rnht!S=$j!#vqW#f;i!i$ULr1YzcVr}zCUqVK!Cx?X?|;c
zK|%b~ZH+ARDip#}3yC71T3Ui2R|f%m4(6-ZS%RlUje8d%DLBpZsVpGNhTX?+li4=?
z>LCw++z(1T1<`roMq5_hhsM&jd<Sn3%zaPRdg`u6MZKGzehVgXSTFke=8ici3)l@b
zJc63QZ_&P>HRTf}6cR&}F?>3be)$o<XU_<i@yTDaF+=;+H9R#=4z<KGh?UZ<OCZLu
zz(?=@>H<89^C30?rV6mjqreV0ZGDJTHN<clJ;y9$UkpEd@`Q_KbH{eiw3HN_)pO>s
z%Yp9S!Xd|w;Y<UCEOYJdJDXv`MhZWLMo8t6hkw~4xmq|k`>&Wu)_$1evC-qPd0@e;
zfeSX&d*kH{))yT)oVRbcIbFPXk%gT-AoShCwVOoV<Q>&C_FbQ6|47(rdJNq+O3L*<
z^roIKTJqdPC7v=7g9$`JyYH<fVWIDk3pdl9Kff|scF`RwAGguCdaK8y{l`RJQI||E
zr<vv`dBQ@`+`xW8yiKoMy`DG>H!}%cX`ZA<ZVtHI;Wn@IG#KTl3<z4xVB$jLsYjH+
zoXKJ=MYKk)h7=En-V1adScdwn*(((RYY=)Q{`B;`0rW)FXi)Vq9};;Q{hDs^yth4h
zPM#$4DA+9cAj`1ikXf7|wvpN$oC)gjGLX+mKd_^I?d!W_Ocw#Fnh3h!|JjrA&V;E)
zd^|<wegn~fuv89|kEgT`K2*{Z0eTLIN_`*`pd}nNvNI+lUXYMDUt3j+ccWzCUJaw<
z?b~!{$s)8dzQ-B!{^0i9cI(!yq%>%C@S5Cz_Uv~kX%296;gSr%;RC@K3WqJTphp$S
za4R%I31*iIAhi+d$%IXkIU!YeqC6y4r^KYBSu}e1?rBC^A^rhWL&1(_W@f}afbI#v
zKr4VrrIl8Yy&@3}@zfrGtYPnl8eI;rDe0Jq_PK==Lpb<*4<2yvs2_v#2HPCE4%gIN
zKMXo3se90_r%)#aJw4^hn?GWP-$fwZLe}cV;KHuH+6c(0$d#pdBq9FgI7QGKZnfh8
zUpTr8&%Jy@IxdX$q6U0>Xm@o7sSj5u3pckH1k<fsw!8t~I1728g0CX<5(+R&J39lA
zOGI+|>Hfo*Eo<Tm!XA49Qw*XH+Ted@U?@k;{xPd#Y1$$YNsM^oA+D8zEh0u@xQ>Zr
z4R@pX+F#IybsQ6S3o(QfWi@PfEKrK@AV@#lz^^{cH_XgDq@wgt2$8Nz=sCf*eXk->
zH)F#-hG4>Rb`t&o{ouUPII1x+?`d>Z;2pLWy5u$Fg0Cxw;z2+tT59*<wn%30e7}}l
zGqj&Dwi)yde8j`?ecgu_iP$TCBe=w`1hO(ZxJPm9AX>3E>1zprkN`~kipL?<guwfd
zG{Gkq&bfnQ-nwg-1iC7rw%#Czdznyd`)XEzX2icl2>rf=iRlw*pH3g{0-G79mc#%D
z4p|V`r)WusW$$-HZ>2x#AQXh1f0$<4#I4_o8Ekr_KfAk|J>72wC@$Co4?x*R?1Lty
zW~@-w))q{@nt>ty*CsqS(yp#{8g2zt{L(Ob!QF{Qz~|^PLrVZ^5bH;_f~QX1guk(S
zeiW6Iyvr-}Fr7sKhK;-li;M+?61M6wo%}Kc$>c<ynM9NeO+{{^2<+HCehm3mmX=?^
z(Omgf_8bmi6qCb*MtZvU^dI0Yz?l6K3eE%JIR&ESa%p>TY15@8x4mv5JU4#0oVdGz
z=SPM`nuk|X<Zod<tRIzBE?#IZbUEmIbO*;e#n_AYcbc60vn-Il<;k1lcblpaWnXkK
zTe`~eG;%9f4bIxz3st&M=5s}-n;y)&=+e69ge@W6qXu>oll!=viHU+ogFVm(N*rS1
zk?|QOCMM7#K7idnPg{X)>1Kg0t~n8_#e-4shrGP7L%XuPFe{GYyR&l5032LOI06#P
zJ}-*OB!FzFTlqaV^Po^VPE?)Lj>rj?i-EFYQ#)OIA6x<(&<_qbZRZ=9K#d7y_$7W<
zYY4(f0(@7-;By2lJMX=eBd3A9hP@rf(&aXeJ$d|C8QULx7h4s|9V{Ak1A}OCh8xzq
zj;_lTm35^oPI(47J&0nsD8BzXMwZ;>RQ#^YJ<zJL-n!>g{pS<Q%B6DJldb6yI5cOy
z&D><bffgqRhyD+awp6e_my>28xX4P0*vXvm<;b0OGH>&kK&DW+lFojLtt_Lev{V9l
zUm@bb#_Rk+89yG{3b@R@9yIR-8KfGwH$gE%m(AuZ*u;vdTe`Zsi@hKAWVm*Tx7lA4
z&ay-OR$Kq>f$_KWYHjK&eYzRJY#8vS(DDH&c{UK<N^BgKytd)o+nTV^V8+|mc-qT&
z?YvB~=iqCU-YhhF8^g~MsuA_Ht$a$lTQNqCoKV~Vw`{-GB|bE+{+v956R<I-VR{cY
z9wJb21L!6)!+2N0=+ASAkPXOiViX+Lc^SIDehtGpj6LD?ql<vzexR7cB$ym7km+$4
zQ;ttSSloei0%z1h_&kG$ICua_SZdX@v|d85)aMUUMNdnHd7Fml!sz)h7xRKCHIKcg
zF)s8nrg@D|PO9MALA-Nk_0w#Q(Sf{E2J@-CYstmgnOqs>Aa}=eE%6!FoFT#vsFiRi
z7}?R^H~jV+20}!9!v&(VlFXze2S{PPBqEff{ZE<n0VA~9_B@#{T7hDSkb*`i+VHjU
zS~+Qjc)SN<)^Orb4YVqSqW4W5<~vnPW_=<affz>47{-N;$A9Y0$D{8970`fu#P#sq
z*T8`!s1yvMt_xz*Ce(Oe^p_<9#|>g&BTlaI2UUY#E;fnp%EzUcz%oD3UXTZqE_+bb
zA@7fon2kV&Qe$-cu-G*EQB}dv<HRO=GI|u<ZJ2RmoiuAbQc&dCe3HR~;e_5jh?RUs
zbu1WftcXcbhrA^Ln=k|Ln`(h5E*9@Q3j49VqeB+}u<*Oc>Mf$@tN-x=+&zmQ@bdKZ
zM4wnZ0(<$_o4^6mcsj5HPDEPoN{^8ZiY7)&u7XJ~@h7|Y$JDc95BeU}RKu(p&jf9}
zNiyiNDu72qJVFsi!nU`!8`npBU@KaGbVS0#xxqK8fDOn@8ZZ~=uS$DNxvIV$<_B{2
z5wwrU0a`K{5r^5$h-ezdwc+=%H~Sk!FkJ)J+z6ZT6znQE#;W{i@p1&=DUjcPu6ntb
zY!Bb<hcTk<=DUsLU_(|(V4Ft70$ym%I9|(|%<_h$NJTf4v|RU$`npY<8o@YIK?h+w
zR`PYuESLzwq_3`tT?e^J9?+lxbAz-(2C*~MPq~FbJQ#c~!Bh)pemLkJEd)9DKmV*j
zR>Hv>tFtmum%)wt3MFL}NWAQ~CviD2z2>?y({EUf(4dThyb%ajpF7}sh6ad;7(CDB
zp~Y5!Uz{Fg^#0E+Wa<#<F$H`(5YmForG_psau%+ZiE@)EKc>7%kmizv;5S!l;7_xG
z7K{U$r5!ON{5p34Ig%LBbmwW`UR?Mj)?r@s`#}(F7~12in(PfFiMW^mzY5UeO2%H}
zfcS6l{b4Fcn^nb8b!rDQIrK*(`(_w9S^!|r2;ow!{q_~^05T$aBR%&8!0!i~N2Y)L
zP(v}My`qvB?@>YH*gs{m2+`BwgVR2d)H(b9SYGpL`kS|WJaQ7H--v5!aTYp5JTN*L
z+z#YEGIwkpI59lIWcx)bry>{#7Z`5HMi}gn#PbE6T!;8hMW`?tp2r#QN}#7Puv!|I
z_R%~G7L<$Fjz=dKCnP}3lL4zl(IZECt-gB}j0%~Fi4EOtyld;$a4@3%=qjkg&>;@k
zc`>7Qc5coX{xVAcE7?Qdhh+Ts;f-NzlZp9AGJqMMS@WdVo6t6M8W16w3NMU49Y3vY
zWZZJL#)HrCd`qn_8PyGIu6f4KnpHIvs9Q)X+1R`;y!^u#Hjo${VW(K--gzJU;o&CF
z-cPm3g13x2BTsgZj3gV4<VV#!``sn&N*HcYr9gwvwlFIKvPq1q=aTD~QR`>*?R&RJ
z9)2LyEf9@e$#1csXdxdQeK}p!D=RCjr!tV;`=MlrOX0;$G0N!HQp?L5u4{LhZ?Gu7
zMi%<53cq;TJD1lMA@epT+L)csa0!WO*bcNse)+P`WvWDvb??QRH+LUC7V3?w?<g1$
ze73^Je56QF)y&=hK{5+Y7hpYnco2vQ$H$H1O+!&d?*#x+cOyRrodV%e_;e7!$ngw_
z%4rHMV1Y_XO9xSdgSbZ5L$?aL<+C1-x_uux2mM_gXO@Q<Jpx<_2lB#DJk=x(DqlDo
zv}cK@dlfM*%VxOq7GgY?;6_C`xu+mqVnD9I<`IXuh4|lq%}35wVB5E^SXCZ+6f{oF
z>!KI~1%w2_DiS#cUOy5fIW=}+qLC^v$1{u<zj*OaV6CqVwaz#sPtptKSPBL_OW=?{
z1w<@>2AoK}eed2xNQJorLKZl;IS^;5sZq4p6Q~1@pUPhxO~3-mS>=a;ahjQ?B)gdx
z&KmT$GJXRpR>t>1T<LARg<F6>5@$_uB7CS)v@V16wl%?#WW@daQ7@HENC+ptQtKd#
z`NH3e_R*}z*J0kIf)pSp^Nfz(q$W(yZ{$G5qXwf)*!1lZJxh<>qsV<&Qz%ST*uJ2l
zHOQ1d2!qdBGlQxO$Y5=Jrd3i0#*D`RG4&xr;tVZBB?Wkpj^!E1o;`bq03&5ZwOEC-
zunIJwARweD36oxt_!Tx*Rxx02^N<}lf&o$n$i&DRCz2Uqq*ceO0Kr9cNyKCmc&?3+
zBEx74=iv0KMKZ&TF;>KHUoKr8Tp+tmYIDC0Ib#{-(O8TYLsuCYi;q;6WrxIm7k6RP
z#MeoL<k^{-?T(*phbLaaMNXbZbrg=NhFbvhBoZMFV1vhje7}F}Y4eaBqloh*bWuO6
zGEl~=hrLUq@0<gW8|>GymDVROkt_r<zbHJVT`$!T$N&@KUZ5ZO=fHm_ClhFb>o#t*
zEjU?SQC3!i*qsOx6K|w7V-brSlcAmg5}iAL9?M6T9AJF#V1&YNmP>q9A3rMM3qcIs
zY!X02PB>b2$`N+(E`cF$t~bTY7<6%P)y{|HM9#TF)vJX6u}DJB020oRANewY1L3h&
zW6&M=m||jI_!PVprYhp7uXAK>*0{AV-af>NswqK&J)~r1RZ*HwK~CSLF<}CAlK@%d
z1XXM(@|?j7sY1dFyBUEvO5PDBOmA3y7bxoS!s0WmH*B!(o}TjS+;FW(iLGXZ0)!^^
zkU_z0)Z>6}Avh0>a6V+OPE07{a=&3@3F?^veCMrs8I2=5huZSgVTxJz+iwbR4P%GA
zMjZylHM_>=Ha0)*%%{y9bAb~<F4)2nPJSMUj(w7mkg3?-csgZCIygxig#j2O8NdN}
zGYOz-Y5oJ2K8-xPB;>kFhE;FKPhe1SjY=ePIZnRv1kt(!8xk^Z`IX~+K#VHzG5~81
zHMV1ML0-jdmF&Sq((INsB7+kZ@$h89wvLaED&UfUG{{NlCGX#FcPv1_>14QUw^U$B
zuCh5p8cY3tp(w<?Fkn+oQBhrTSs4Ei)^VpdhMutDVIy%98QLEi!iYe6@#4*blL&n(
zh0e3*Mxs!o4Si0HD62M7gkMgpNDvELwZPF9qwO$XcEWuQEt`$l7Tq^bZD(Xm!g4o6
zkiZaa^RHvG)za8aIC%HiT;6Bg2xdpawBV2MPr?tbA-5m|N5S%&x5i?>P-7L}Wh|1L
zweER>^*0)0o=r}EU5b7G3s3O+oZL3IkQYanp>~UQ1v-9xTb!u)ZuOk~@ZPriF&)NJ
z_GK9(vCj{x6c|$z)>R7FW=p(##Sou2(%;8FJ~&%j9dFfrX==}?KW58JP5J5eRk2%`
zeDu@J34V9~P5|<a$g<6yM#|z@@0fgB?GQn_sL~Gh<L^ZAw@tHK`24J{Ua=E-z2df;
z7i3OtUQFo6pD!A|Wef(r1>8NV7)%lGr{mfkKH(E2a|r0?@(~B~mgMVqIz`8)CcLS}
zz7v}V*ZRvWyREsQrj`l)AOTeMPKF(d6jPtU5s<(dsd`b!2`YwTlaG^({yFoO?sieg
z*5IOjT%x*nA8x`~o{eHH?@JH&eR*@9VS0d5<F)-G>`3#uY7gV~!~k?)BoEkkBwvb?
zU>Z(3slyzjnm{Z2dXtSJxedAff~2HGly$vGKDXV=_MoMwBEie4g}SLqFY<->vU3XI
zuK3>AG0!8a;LG7VwRlo`s>CbV$8PR*yjom%_8|{yp1f|bKvt|Ex%Z!cmI~d??p>xd
zB~Ctha;_z7SL!8O)U@CoStW1O*W1d+d_vcA=mTLs70*eBOPa3j@yUM2l*PrPO+peA
zP4yS{+v9|KDQUqW4T&R|LN3hYcnMpDLBurH@rS*_<DyI9=%L7)A{%b1Zz_d<Y0^8_
zE=QeF@HH)5OxJK}VU_v8uLxuhHoA#hJPC=-J|x?aY{9&0%^IUoW%+F{R?xZM2L!|h
zX>DZB-Hv`>9HGL^z)&pu;^TEC(A4_0tv@F#e=*+P!eFqxdL^@yip%_@T32+HRPJ`V
zWu?TctN*^&lH?1t<MV<EstM6ZyIP_WFW4jUhD{?z)Dn->=KlRdbabOMj#|FTB?=12
z$>G<xwr}4ZizZ)RzmOOPstIb`^V<%|9qS+e&(H5VaGdiG#FmFogQ<~{*RYGrN?SA^
z@8qh@Wv1b<k-W%?e+FOE73=<4{QW?hwbg6msX(t||NeJ68okMX=B0+JkP{^S{&Obo
zzsHIy{r3TCQ4DwfGd^63592HU`Qu|u&eZw)4;%G24AK1ik3#%^O)>wUzNqS3SC?`f
z4tn}@f<ag+_vcf_XRz7IU@Q%*_DZ@hd%3uhy^j4eAXSPH-#@cw|36oLyR($x|L-;Y
zU%T1=<%<I2B5`KoLJ_jk?ChM6%|FjrA^vy&6~!GFqojOQpz{6a^-1{_E&4nGd_UQ$
zpwnI9%h|8=&*P>W<x)9tuo8*d)_O6hA$-=%Jx)bZM5G;?CdsVGl=dNnzrW_|JJjx8
zk)tWcWu3eDj%wszc<krQF3GU)tt(zT;f1*9@*fD^(w+Ytc8XQXrTG2MWgDAS1(OSg
zFj8}he7#+GX*>!`OC>_wwvC$UF<h9J1lW;8&s>>n$oyRYfC@i{5{8@53Up92*k;EB
z+l@3O%*@;ybQSvda<?bzZA8aHQbezWr;?tM*P)`Rr$0tK{p$ODSdw(o)h0w<CEMM~
zplX|qG-P!oD_D)E9+-C+@^~~pHdc#THQA{uZ2$fNYDC@#d4K0N&wuCO-|kd5y%SJt
z*zm4^*{jL4ab~TzEx&MqLJ$NOm$}&kN9TJqfdO=0bEP*ONpErv=KN>h(w#9<FuilR
zKKoF-(rLA8x-JD}Dc{fet*c;(t71%|#$G+|;pE~RR%%`l701AzeVK_#e5gHL-K3FX
zo%Ha~Pex(J&@HJWMX_kOHEPrJYvrgucY&bi6pNyHox^gG7rhR=eMd#qnVp}P_R6)%
zQHS~D8B3M!XxvklLsDMxs!8!cLma10U83*rZyujO;>?(5c(woEhvsunZ+)deYd!h2
zK0ijmB^%O2WBmDxL6#YY1v$>eg~h9+hI>6_@~!VznZ_u<HatSuaQhpu7`zBRr|9bD
z^k~@*Hz;CUKS~5(WQ7T^Cw8ra0yjrP_sYcp_;mO8vrBTYu_=JdVfi?mQUS0roOvr=
zy_!kDc_ziG%0M;#l46y4f$Dr$*VKo5lICX_|GmhiSMIFGCjiZ7$Gc(ewxA8|UIZ<K
zikMgLTRQT3HtLZB2P+I029x`1mlk<@sI=B*TCAEjSK)%F{*7K7-vcH_zDt)GBmhJB
z)q~;#z+-{qKU91@+?C#~K55cl*F9%6VL)5Dvtk8WRPGk)WNL+QX&lLGI|jtPYGytG
zM1$3-y|f{%f1(D$?TMYGXAx|#KRe4GG?Y83dzxQOmf>VWLRY(jQk`PcklpFMn}UTL
zq^{{O#_SoSs>;Z)X1Ta(6`e)1CO!;M1p`K?7~73e$g$6!eW_ro@B6wR_7&j&JaI34
zfWCpg5r)*`Cu!aP{mmRNwiuvZOVgOx!NB0CJ!gS8hM(<M8DPJEKZlw0hy%+cnwv3T
zGCd3JM|iZfjG&7KxS~V#-61bfKr){8ihby4ryk{AJLfRS&nV!0Vb;MR?OXSM1=)r3
z+oiAc*a(0(Wu~T{ce)R0Mp$@}Yp4TH6W#y@{_81w#eP+#4+sE5wk+*wl-|TUTa{&F
zy*P(D@Xnmbc*=naAI0YWdSK9C5#5DVVgH0Ax?<5YslOU{O?K0C2S4#=4UXOMG=3X-
z5~r4NH8&da>QEW3#3(8I26-ne7jmoZeB8|yKQoSnlGKr{IC#?Bhh^2O)$tPr!8Xe-
z+ON$Q9RY(hO#gGx>zC&36$}Pmut6mt@vGkr8cZ<pbK+_~wy#(>Lj38o-W@WJ?b{!C
z1Z~H#i%hfOnaA-*D{ro<R#CId>~Z1N#Y*<&P|IET&roqT%M$*#GG1h9Kt~_2vN%jl
zR6H+A(M>-1NV2@TLf!sCwt1qu`mMGmarVRVsO>Ho#mMU_7J*ltoAF*Xu&5wUIFO-S
zW-=|Bd&?HocaIPqC)=hulj95~a<-UwFz`26%y;SYI+mI8SG;?7{@nwSxGK#|GO!;?
ziQ1Vnw*}fUPB=joH4n|^{}ufJM|vt3FXc^tr`}$2nfiQti90}sd-n!}XfmbyfrqHk
z4~Yq%5I0+sr!EDiIr;eoHWsCua+eE_nY*|OxqaoMy~LG`s3)onsvV^w<YSdO&iblP
zwV*O`=}DZM9F8hoJ?UL#;Qg^)*<t5n5q~}jynULp%)h&JJM;ONW7C4toyDN&ICLp5
z0o(Pt9m-5I`&5kM>*}k^9nOj&n8$0zJXMm5W@GJ+WQo(Wd5xMXW5`c;-IV5`1H=I7
z3-pAlRxUCU#6^8lkt5oOXHY*njQg|{LVb(ht$ns=F;f=^l4b`Aw><U4y5Baa+@Zz;
zt>!gKJ$`Z|0@&Wc$>F1hLg==`N;Xib2FH9>u&omJbQH%%<>=@B`>I1#*i$j*U19gX
zsARk7HOXE7-V>b<%l}@8^1o#5|L<7ni!M7R6QY9U{QFjlMd|*%1v<L_30TSCbWV<b
z20FT4co|;Uto{356$Xy~*P*xnM`7Ckrf2Zih5t`@aL9t$pWZ`Um9jU%-(QMVd)>e9
zb?Lqo%kjrYl*OkzXsXQB!4YPf{QX(Nf*IrU7E=p-in;xwCsEtyG>eOg4J2^w?5AX!
zX}5eR5|JZ^#$Y0!q|aZ6p5ha4yKSl8@p@KTH9<o)UBo{uO+Vsw7cJP);==|sUB)fR
zE-QKtZzdUU?)!w;+{p3=t=FD=%(FohiC2`C&gaqw(TN~2H`y3nr3nfknYL*E?}f7I
zlrZ@7nblq3xseY(p^MLShG$NH-VW8jWL@v$ohEPJe{_shm!Ikz3nkGD+Al|1Na<?f
z{cdieh>VVHCdZTyojdr7Df;m0%>~1y{}y>?#yB&JD-C%Enr=vN2ntGgZf1&aXn1>7
z-BJ8O`zrxisBkzX<A>NhQWeO;PqviZ|6Wzp+0<1Aw>qe5w#GE2B8fFS>0fB~DP0X<
z5v~~$$uOr%d2VzJuemnV(iWu#F$Cc(h~J{Nlj}v9c~&0N=Jo5ToLtN5(tby22u*Po
zA?@*)aRc>ka_sPgEz1c-FBOXE<${^F)~MUPST;JF-p;itRQKX_DA$}D%32g_+zC;5
zc(a{yaC3(KPu?VX&at0cf7g~#)g&dcw&5aqOlqhHxXZAj8UshAD&%Pf@`LiZ#mRPD
z0Y*EG(f%6(mIq3bWRn8<rW$JAFbLWBFIis`wjKC<7Hq|w*|Mt(?{wGW)lXCtRBBhY
z4XZb$DGJyv`1f$l$iP&3znRbU^O;})I|cho{&G>Ta8f`LI4_H%Y4ZO(rrT~?uURto
zJr^nP_4kjp9duo&cflf&P14M;X;F)op?BdPIan}0?gk?Bv@iR%FoIE%3um-yYj<c3
zIp@1Hq=~K1Fs;>^5DAO|LCb#p_?e;Rwy0{6;AAwqisRVXesZ=Wv_BS{KwPeuTBetp
zz3S$!+%TNIH(Sy>@cAoKfDDuSZ<}ccU6>lncXY(NE(U20f#;g)yS+3wm%s&w!Fpiv
z!RVl+2>KCO+Wd$du$>>vM<jX+xxmnX5qb5h0qPDA`<b^gYuzpU2AAe@K^bMwVSubE
zvIXDu(QR`h(p+pvdtMDW%7@JsER#9|d5@`B6cu_J&em~JF$9|A>{+v{{sb-&8jz%K
z?aZ=;#|of@;qRMOqpb9?O{o-B=@D5ci4pk_4qe?26IaH65!cctcl~<-pyc(g>AkjX
z$sDwMvRpWm&(Nx+J8hSvyJi!U4-4U1HPU8y7DtM>;w_d-0R)Ts4^7$kUB#hs7rl^-
zCQHJrdG+gl%^3N786ACfqc_Ck^hyk|UX{`f+#-Rkm%R93D3S*$=a^D@o;#?Do55pz
zVhYUF(F`}Y{Dd~ftgOaAzrN$W_F;|V^ddbDXY@l+?_2IWbupwJInyh0i@a#kkD+0;
zq7|M-71f&hSuNdYb9`RCfyT*I6bZGA{cG_G^&+S)L~qSn<AnTp(F+1EZ&!hlqf`0y
z48u0@ofRW3K^=`U5wGYev=0AJ`JG2pz%fJK<+FN!vtX$?fgo&?jX8y$leGZl1KzXi
z_0yZa^&2VK+ut*%xOsCb{8RnX&BPGUh%Y37Kw~{cdYMQWL4xMA+oh|G+??}q=q3I^
zt3iC>A`|tfY*0MLk(<vuXV}C+>F0#v2a2(>^2kx`Os%l6F!0{l(E<m`FA(*7#{ody
z?r%ND{b}8l&~h40eR+Q5u||Qh$02zKX>g4o$_WI4YC<qOq0K!WDONLW9-z|NYvwlY
z0qnyw0;8XB;##RuFGV|$+abK=;&J!`*p=Ju?(2K`0GSjnGW%wPo;e?~;IdAd$VVdP
ziE2qY5tpsWc^-uze}Nbd6`U3epbr=r`?8WE0t<xg+$25ZJV~XqcVscZy5VGp>*1Js
z2ia=$X8-l4xI--U$?<s?j(0*JX>|OSG&2mt(6`5Nde%RD>E;tii38u_l#Sh{wap{)
zzh}O!=ZMBxM23^k{9=0fsHs=Jo^u&pa++I6Up2QdA=aF0mWL5L5olvo|4jN<h_v^q
zHHY&2x>(L^Pltqs+2>34vOHi@lM8jC)k_!T$w70HryV}#RvJ8p3L7QZ+)8<5Ay>N*
zx;eP(BGV3?zFDtGJ`-BJY>?n&`DaV7$fKeb)R~hy%3502Q1*$>ySAVJO@vj^#Qp^a
zogp=#fFOsgm}gZ$U`7pe<#-u<Q1$i7kgMThH_O#PIbKah$JDWsC&6|fg%)Trjd7~_
zKuhmcJPZy#zA3IDQB-c2Y8c3Cng3Gko<dB$94F1RFkE2yNmY=WTJ=LFwH6d}EiTjj
zpgTFZxa5g-qOVuCA+A9MwP}SxdXD%@?I#ckz!)Z~nLPJIJDaqZvkS#^;|WyFsIdZM
z4mr%*qb`h{U%45zq1j_ow@Jga!I21Y(d3>izWSjg&3?CK7fC=vDx69g_8+$vh<4q5
zOzB@u=k@|(1s1?}JE!LzwY_&=Pjs9Yj~JUCIc;H)wIv&LX-EkK_Cw043%7p0^~lb3
zl`KX*m7Ax&tZbVc@Lx6>eHP>67vff%i5;T8<1GubAf+<#h;VC6vX#`$25;z+KNyRQ
z=b!3ESucMyan<DU*fa0`%E2J}75!`?yuzq(<1kj<m^LiDYlxGNPqw{XWZi}hN5;p{
zXNy<Bx!B5J>bGsjj;O@M=8s#J|M3DG0iCU{Z}9Q!O~X$T)>C5(tNhwdf{+ARphEuV
zwS5Z{&Jhi%*>-oeF?E1X>f))JO(Jw(j89?1_4evcM&FShx`EvTk$Z5E6UC$W%N2B^
zn{8ZOesWlB$4czxT@2J-K#)yB7B>8H%~R*Kwt~X5Xn7}0tJG0%ogTL+RK0jJC093P
zxKVdV<5;!^p<fEb^Xx_xXVdicc^PcK6rU|AJ#09W66UwC`3q!y{o@QaZnR_fnI<4v
zCSxPd`zGL2$KfCT5?gLvReSPOtxJ4k#>`_b(DOD2SjC)v3{#<z-;(XMovWlTm|v1X
zEyTfcY9@Yq&28yaR45-m<_x5K_rwkci+jmr%inubf5)J+D)XnMizGPT@!VLG?`hCq
zNYPfwk~33%>OoD);-&uiRetaxALkC$=qF%AlCwLod5!D7u{#>PuXi-=yF$nX%v*_9
zjL3bk$@QGDlaPHCUr5ns$N8b89Xsgb(0jJy^Z*v0;bi*3skhb<s$inPq&qk|#_K=s
zA*Bk8rtE)(z#Ab>I{F6=@=X-<8#kncm0!3JYwXLxFw;j@70e@zEL>jxsWCkwga))g
z>jSFd=NHEbC&uU#6A4@l+q)@7XQ{*g9N&>8)3D*}f(!(GOjn7tyVVgT7IL%(!nM(x
zxAIZe%KjVa=U#*Govi)7xglHe{Hisp*m3G9qhM>qT8sQ>_%<b#6t09C6rR+cw(bAk
zyc5~k)ny*#Qdinw%!*=a3W9D`)ndiDV~E@c4AK<(e{g<@0J}3bjE>W_e15a0a6etg
zv&s1jUQkS~AK!gFy@|M`Y-Ue74o!{uX?G2Jio6t-z=|H|Sl%Lh!Z7rSc-P1-ohk#_
zK%wqH6A>qV?e#ldqtT5t*#4C9`mIxwH$w`WUpqY36hr{G6<vxQOD>9jC7dg5MS_rd
zmI+pJAg_b_;4h<;HmAw=U%~=;muy{xZe_|G@<tZ2vaWKR502wtOOf<?aZHnfv2wzE
zVB&`+QsAxu9JCq##x5+-XBi9^mcmBw_Lt$bQV-ReH_2b44BooUoA+DXRWMFBGlX3`
z@2wVDii|Frc+vAIfE8N=u@NE(0noIP?!@n=!Lsr+X)cju%jBoep_c$*aHps7jyLuC
zI)DGnCz?ffGpwU%&GMX)?T}qwr9nE(KLM})UZ7{5Z%9=&@hQ_HJ|&XXE~3|7_7F}x
zV4MAX0!Mo1cpMoW`=REYeF#z>nxVW{ptZ)kQxwjcG%hK`cEFIt9<9U*9ftGpNr^{~
zB+cKz8<Yj?RQvoO&g^h(aOr@=54(ohynYa#3}pzGB-qSeoI8IGF)LX(Z(7SH>GiW`
zWSvXy-~Yx+3c@B8mIJ)Vbr~3dqm~h`y5sjRT#s4hA4xvK81D>)JOnGUG7$lAB&E{Z
zJ1g%W<LGddRwj$s)*>+(4lYzoB%lNf2T?kHjBt(56cuf9jaMuP#Gn!23?DBmrH7t-
zEuA*vp@(y-D8PyEt!pr1A>Wy3$T3RmY3sgJJ1n=w8C#b!vTBPz!aSRt_$kih7pU#w
zN}^~k(=EA@^9WwNh=x|~XTwfMK^JN?yk5!1fvzM1%%n>lIsQ&}@NIFWm!EoFH(j=P
z6yNdmOGn%stI{~X_V(WTICap{$RPbP;2LBkElIy$w6^@h^Cg5F&`n2oMv|?O9mko?
z9E3}ZU;q0Q+(64VR}4@tz^QmtJ68o-w}QQWHrzxMG|I-K9oFq~lA8pa1gcU}?r?G0
zHD$sl&`8dNfsTn<O#&RJ5};!PTJZy9SSPAI;WRFT*DJZ;hsLA5%zs5LH{B0j$LQ!3
za*>0xWmh_#hL{`3t?!PmfFy{++SEd@hJi6ImDSZWOetu{w!Bs_H;@3zCU@+^o*lb)
z$D${+zfseIN)C@km!QeOa>zbRA~Hyy^)kaMB;F@<9+X|@?tdycj9J4THUkap8~2`4
z$ZEBEj2LZKm3$Yc6=E7kBsAz<v-Vh_IGZ5>cadk7rIDnOYZFIi{a~$X)u;Xivqwit
zeoJ>-3#+IyCfK>t^RHM)*BVlJf|+k|@N*m^kX!(Z<`wopvN1EZH~i0+(RQSW2f};x
z?XRm=ug(=-!hjYdG~JVR2xFC<Y{p_eHk~jI<b~?%O)Svxf^`gyVY-(gOy3$QSMI<i
zU?W?43KA?a?-9QlT8NHJ!jV);d}A=6>Yy9m&TM*oyp9-mF_UQ3ufP7+g^OMJ!If&;
z!j&6!`7x0=DDG|Me(%0!$Gb2&eLn$puOGwm3VN;y1k2HHc);0CjshSaG8pW_;1t=V
zp<IFt06QW^`vd@FC&y9T$Q(U#el!eo*TZmJ9Ktal#uS3pRT958w%H15ieoA>F)88C
z@&<Bf+E(kM_2bY1m;1YPWUsuyoRwWV_GjVtpu&L9)%*z%2fwt-rPVxZ5CcarjrsYT
zD+-Wi;3ykx{9ur71ZF$_a(Xmj#4I{QaPS4@i^>D7D=H``gt<buhN0i*<;x=gkjPv=
zog0m7p?wE|2PZBJ;t)U&X1rz=1qXy3#*e{D!2$0H7<w25<1v<{+>gsmthyEyo|s(B
zgjX0Q9OfGq5s$8(UN~GuDyU0UlXbMg;nn3l{}b-=I&{6U5~~H&;`=P<4s*nAdx-%w
zVSvZwxN0~-D7^{jEyfCN&b3W|Pl9-dC5hvfIDv4Sfij#diq6jY$no(0MC76!o_+u*
zh7;#e5>o-7gpAA+Bt&8=fNI>pH(mqx297RAldUf>9$*VOiv|-t5*+3JTCfU2L?dMF
z(V(Ty@w}AlRZViryfvbuudh!I;RZ8_rHs?#&%ybPBhyhLW1qs|*0`Q4e;;sXf2+-N
za>5^4JYK_Cn50vnft5n+4KM;>x_&sGaL&{swxJP(0n~!v;)!B}X2m45+vltj!AK}?
zh$FDQOkvfd0w=beTv$mbi&t(oM2{*8AMbZxpW!8A&?JTshGXi4_L##9PIWl~s`*S_
zph+$g{spbELbN0_V4!F$7<!<02PdZlG=$7yLKuv{gf;Gc<s?VUIk4|wOx0`WSu4pp
zOf(^WVzRkNnT2oybz=&aYH2TW7#a2nT;OWJ{OCh@!7|idpt)Ii@)-<N<kWP`H2-M(
z9fmIx7z0p?+EDv!1gJQ8!3@)VkdsjQ!kJP7t8F5h0VIfF3SAMbl4PhSG4TPtN7S<2
zeG`g&K}^K>XoW{lQvMQwi%TpsR?{iyQ4VEu#C74sl?wALVm7_cl-@Fg*l=|6F!)P6
zZ;Bma5)JEt*J1oRylp11>l1^c$jq0O*bNB^Meu$pVTtcxW=@8Qr2qphq%ch#ZeuOw
zO9Fd0k?4Si@Ord@B)}%okBvpF>=~FYBRu=f8_&gj5r?%&!JmVJZ#`hsvY~0;lJsJ-
z|FVMkWQnm2P8XQoBjGGIgz=xUMO*zXiUvG1a$Yz|4|s1z=+Q=xs~1@rnB27U^s3%J
zR;`~TN4{f1&K&w+Y|%|gtj~C-KCl8MLnRcuaKR9(q&eRq9h-u9gOObN(Rejb6Lyz{
zT&qTbV+L^)<L+r)Vjh)wHJBDhLC2>u7Cv#UHDKH?;?P^Oqq(r^VXmJXEO#~VQ)OVf
z9@+1hg7*q%Zj3aBl<3uBoOT?#Rr_ISk%CDE?jCaFJv$H2gnP)}ywrAPame;kGLowd
z)DNQG@N(avjRBm)f$byb5F<!xAfbenl@&u`#E4Cg^Yima<SiJH<<TFah_><8=)mu_
z5f5{3jSSD_z-3B|Mlkcmp)m+6mlLlRO`58t2jB{<zAdn+5=mp_>J2sLHw#B1LFH2C
zVTRu+;0Nz^&f;ElwBZZLwnb1>ME7O#%q+3flgSI%PjWaVqYgblY$$V4*TWzg2TF##
z4fE`;t0hTK1L;S~Fsdg8Y%5vcCRo16!XRh8kh}+jvX13ObrT2y<I~fApOVt~F|dR*
zCy?NP>tvP0>a2qwG6P2(!64t9F@hFE3U*K%P6DNv;bo}eTVQ(~2~^_7#2g&^kz?LV
zcZNutb+y-^A?_qf8a;i$y3uKMh}<P5d`eZus@frv3wf7NRUy2fk<1v~<&u8Z+UPH?
zFy-gu=B_i-=m%Xuvw6F02jvNVe^prFu;z5?x_z=SlwuG;0qu2d+qZ620tkZ0&q;`S
zY%LqcRIlw!Ovki;f2kddey%ypA!}R0{3=Zt+cTchaH3Bv=1FFq>CT4<SQn`q03^7@
z4vGAn89J#US$}5;g9-X<R8&+yCj1<0;6HXu4iIw=-B4|rXrWyW9}G>>E&92^@EOUl
za1*p+mse23mca>AMHn6#i63am2_nvY*fEVTp`ba(I)*gU;$`)>mb@Y~3Jms~ldeel
zVPN7i@N)^2uf{JoSA3d4OvPY_L{x6MnZ(_PdMy_{;OmE$OZ#_RgDVUfNf>A5p<Oos
zD4KF@ijIZ-M1O2_{sg5xaE_9>kS~jA7dW0-SsZO9FbHfGS-9ABxBzB_?=upuiFXn(
z)-xK0F%t+TtlH(a^*|LsOEqSZnFyyVHw%RV1^5}7m6VwBn_!>}?nYD6Z#*jn(=<sp
z1}aqcpZ<s?zTNQVu$=%^V6MDt=bF23ZmOQuM&?5CLi$^<{hEeOz?$0T&>L*t0tp@m
z{E31ElI)FMD}xQ`akBl=^<`M5%gf5LO&Re{%y&7UleQb77ySSSS{^=l03J8njB_9#
zZD&+$esZKb@Q@E`6AVH~C^8*5^H<*jNE*=Qj;L)Pkhwg>E028U^%o(GMz;ZtilKA(
zDvE7~yEois0FHybcop$5d{XvJDiJmjjj#piy>Nsb9Bi2pU{x$4)IdkkvTD-M>MwO5
z)?Awx(jnkRfx!9Wmz6shwa@N|;A9gzqJkD<DLD~JMCsFh=zBe``DaSyBXK-zbJ^e@
zeCrf*_lmk|0e+~3h`6+hZww&=q6^SrsgZAQ85YDL^%lVm==TsPtn#5--Dudth!%eA
z$@B|@B#A5?{h8jQV{b>ETCluO6V;HUsgATs5F?Yrx91g^x;a)+Fenq_Ykw=-Yt#{W
zNe`za#5~yYUQQhBz!)yqTE1KgODm@8J^3-xk&K>*v)F``-zU(Bqz1n~C6`iRR2TUO
z5g7S}D|r1caHx~v>WjUi%j{On)kSZ_hG67}r*Y7|CCju)2|3An)gNHFaF%&QhU=mu
z1~@#4^Okx}hCE`-g?S4CJ%KowEA$hF6g)ssMC#2`=yTg2RMo?<RuC3{^eLn(1fh$7
zKpdnKHLOfuSak7Ua_?6NOfzE4Py!~f^u5qDx4e%&++-R##25ZWV}KF2k2#F8BGF>K
zZ_^-t4osJwU$<$URo>ZRP<?tI>pQuM8hegvX6R8FR{c6N_(SdJk{82hwKZNax{z+|
zT3jHB7T+jF$-CSN=&0k+y#q*Fm$+@6zGDhKkzmd9hBCJ%5S44@<W(tgx-*Z)Mn~Cx
z7=fwpQe~`17$BJk`E(Lpp}TUAJL|xBN$@s241)+Dw-~!{CbSYjA3!UKUf)7E*Jduo
zBA2dPyS5f)|6|P~zQ0<MzVyHQlhCnod^hpGGwi>`hppa#-fqnP`4Vo11eXkC1Q)!L
zz^(<-#(`I|OV~4fc(|z5$JlMk#{{h_Y8WwXH`4A>QVJvr4o)S2TfZUK)`T=~z~B3R
zhX>pHA_>HCRGz2?L2uz7Y`rPmvJvJ14q)ak{)*Bv=E*1+-C~|6i}hQ0olqI51`s8+
zZN6E+f{vfjiVy)KKt^8SZ)iDqC@A&}F^1Z4ATDOI*(5pV+(Se^{LZ3&$Q@+v0#WPC
zb*B7nm$IHd5IL=||IHijprg&N^%GvW<(-3jGRem~1|IhWowmIGPl6i6Co{hz!M5iQ
zBlSB)2^h${h*|XJgP{Yhz5T#C^(gL=a7fHQZ-{u<e0JY`qwqcAA%*oNY3d>ES!m;p
z#~>hLC2lfRLluZ1fMghr&KYtLhU3@!yGZfToQ35Jo+=fMQE{-VmqASed5mZX6bqMm
zA78KpYWxNagdu%T7?-1n&jMY8f`PPb{6D0<cU;eH{{|c`J3`Senj%`Hot<bPEz+La
zdzaZzN<%{np$IJ+N>SPiN!q1Nd+(m(%yr$r=lT2bdi{R)ecc!Oem|e{e2?ROypIE0
zi5eG-FG2GO#N891^uCz_Qz0L>UAZ3p$}1dTVxe~#s(#oMB#$0I6B==-sgkZ08wpCt
zzZ|ld?*E2Mf?-YUYlJ*Zvj~0)`mpy_=5J7iXc-!jX8j!_VtpKyBY}9X7!5A0oksyu
zW|+<+ExpXQu?DewKh{p}u}EHqP$LKsgaZM$ZLAah`tbwb2x4jFm6djN7Vj><!_Qyo
zBz=xAj3c+nwYiPo%bV?CB-dmP&s+J$MNSfbAsUo#QDP4oko)f|=pE{_-BDv+M*M*_
z&))d2iO`ob#fhx%&SLavd<9^M6!5Aw>#;5r8fE&!w3GW!=WN{Xs9}}9KizG=@A)d(
z^^I%?(D=^WHfQyk)uE=se?r#ArN%bo`xkb6fdWY#_PCT^sa=2|QXTe+uLiP;+MEQH
z-Bvzf0rJn-&N>T~K!TmLdd!=X8-da__$eX;S==)JY!6ELA-DrAqAI|yKs@Nx-?7ny
z<xAB!lcF`)=^-m;@B&vlB_oprz=14yH8Dhzb{~I<!`CQz)a#t6xJZd+u7#)zDGkg#
z`RlWZkqjQXGD_Q>AYkL;k*9j+x$#g#dICNYH~ti~DEFdHB5P=WMzOO_ntd|mB>`JN
zuNZ>rD=RbvL+E3|x=|7WCXbldWl+ammKUcVK*p<UR*iSp0kxE)5VAiHE!jF8zp6NC
zEliax25|=`P(r@Mrz05<5-KlHEzvggvZ8$=bupS1B@oq7B|d>`PL^gIi66#ak7MbK
zZ{i`c&RMcMvS^XnU^dqst~G(@l!SD8Hy}U-P45KSyqyd;)G+yzhtv%8-7x7eCu<fc
zRQtiQdc(*`Djc-gf0lpd43F%6nGx98X5PPT$MKM`FKeHk3t_n5`VY_J4QG_^p4oot
z<Wt|Z|4eS*#(zfnyx3m(yVrfLfBT1W+Xl&vPp1cl=1bPhzvt3Ex?5swUPJXwMGOSN
zVk27&VqAx8vElm}a`?X{m}y`bar7t!Zi+5uA<)^l_}2IWTFye0#u43jOHk|)OE!?@
zc$8n#pe-dzDxUN1M(GX2v>5+GJXCf<4_<u;8Cc>Xlh8))2oqF!vBnAiv!nQHA*_1Y
zYu1CP!odK5h*9RlYynyBsnh5$_%r$eksWXlCjx4a14%d&#72xLAe=NClsG`MeS1(z
zxR*Z7_8>FN<<H2=fA}*9QD3+EI$f@ijp?(kOZ|*uc6%|L@5PQ7kuIP)aGC5TB1aJC
zHJn2O{8*ySQka4FX$0|gtS|;+$D*UB=QKoekYhXXZl0l6aAXerYD|Q^i9N<4%hqVz
z@f{cr!Zu12R+JFSGa|`Se4rbRvN1H;P+4Ajqd^Z11O)DTadB-|OD<urfSAt_nNetE
z;-qkB<+(wx4%Q-AvNUqSma#JuU9?vbq;L;$g%EZ5iy3C>Kq_JD(2kQpoGwsOp&DLw
zq}OmW%<G^-#3b%OX`vYf2yB-HSNo=2yrszaL~0Dw0Vuz&1`jz$Dpq>`rNnLUbco05
z9?F|=d`+E04B7A$z!P%3#)!RrT+)ccrn`U=p(pi27mkceq)bagxND^Eo?2qwM6>rJ
zgsh0adbF3>+onNa0N$80la+n!ra;(7{&`#(5(pZ!GR)6X)OhiD1JR6rs*3tal<_4b
zm@HKETHdF&BIW=Bn>`wsj5qWB&DAJ$)YdS2kkOb{DveC1cx%x>SrgT^U3%H(dSah(
zv&PjITFF~!`80pc_=dP;8}lRwGC;CPyyd-v?vLnMsJK4J%5t*lskCm>3mHg7wTJXf
zoKuNf8yfp3=&LGYC8N-J-<S6EAo5~ZUH*ifOFEnqfUT={@7_&;R|?ds2Gw-r5la?G
ztd<lOvY%L652ff+Xi<qs1om&+5lVDWyuZCxcNh9ky8LvQg5)Ce6ZtiKoeNLTYzL=V
z{k<Izlzg-i9^e3t&6VS3X1q95@%m-K3iHsF`~~A9T{Qbp1``j1_W?g-HDleU)JujR
zLG%(5HOG-Si3~f6ccP9A8+I%huabfQK|)^bw{Lylo^6H=mp+QX&;wU?T?gbu+@Zj^
za7OGcixlF9-M};aAANNu3;-UeYU&{W!MZpIq0Aa?7lzf*Wsp;Xzvpx4TL(-5p@0jR
zHGT&0u|7Bv0&gX5V{TB8bz7XQ@2Ut7M4duBGjTTh;D(_nF?w4s>J=X2I&9!Q0s=`q
zx1*&!W1${0hT051Cq&8ulCX~v1c{^v)Qt6TVHFg5U}^do5JCWl3A_rRut{t>p<AWR
zPxli7kbsko@NoPY4wsv>5#?np7Iq+fa>1~ih*v+ArG__F1(JX>YKsk<HtAv@4i#^R
z9rTEJ6gCS&2ZM<50>6O}styh(JVs)GlYZJ>IEaoR8c6)Fj*d^*+eua9B^nICFvb9B
z8U3t}dyUZtG*vG?I=Tu$#lK9S*hvw$JS3EnZ|C?{@uQ!?xbqZ_Rs<~PU~59W+wm2N
z3cV5Ck|TZ|F$y5EJ<xlH3NyeMB2v5x{~{hK4LG_l8mVa1NNJc7l$`ko!V_#%Q9BIT
z*n(eI8VVtbCDpm8HnmvfC5ht`PD}jrw888-9EperCDyyffZsq=gxKehfD5EB^EJ~x
zjV%8CDzAu$Jk*KrL3<wCb!Sn5$MmoZM9Lj9`F5M_)Ls3)_@g&gAHq@>&#EwXnXOU_
zBPUSKR5-S|mjL*28Y|-_BEO_cZ(M@%d-X)wFX()wU#r_ktnRVZhrcTzq5QQ<Qmw`n
zAS76_>j~%u?ioii1YT+?8Ww~;c?}IF1Q;TLO(N}y9W}bCBak~If`24RplaN!@`?`c
zw$du3#rP0$)4*dbf)Xk5DTeSyz$8vTQS>9X7jarC&&?TLa7?}JHS<&B<F=RR7nD(~
z2uav$LUDk&^Myh31)s1iM*Il-X@6p`gRdmkxRdANZ3Jq(Fa~sJinxpTW1YByPcFT<
z=qTYiHj{Gsb-<?DE4Dkpyx_;;Jyy4TV8#W75jZkGz_KMjY@YBqf6r`%;yWGwa%iBC
zG=K_0E#CvOTB=5HXNTVvk%KI;3RFpY0I>CA72`*$%V^y@XNEXe#qCr*s8yt!dj84J
zW!1^BgUZ3Je0H2#t+_P3YWE9e0<9N5%LXf5l$DkLR9F}@W)KG(gOILJ8eLtz2mJH2
zxS~V@KcI%dNX9>2(PMpo2g#cd;>Q!N33A(~l}C&}0tRinN{=CEF~?b$#H|013-AD{
zF(K?S#nax&$$U7|wwGQX!Li0hJdwo0a$Y4c!;PCa>!HSk3vY$Vo3|u|!!x7g7CXK%
zQLPUs|08|ngUewg7~Ho8lUcy_qK-pMO3&r2@4BOSQFt&x(l``!a<P{V?+bBB2^-9f
z0Ok?}IHn3H<sOHW3eFdP&)NWQWx%q<7*f(hq(X@ah@Jt?FR@^RAeBg%BO(?+=>UWj
z_z6-Tp|%6QM=bJ)I(tH_OZnG4;v$RV?lwCH&8idm9*ZNBlLm;j0XmU6_+GeVf|nW>
z>(KN@KyeB)GzPT74!N|@xS$85Q3`2CV$cB7V_iri5jRD=%vyjmXl-uRUE_qm9Mrcd
z0Mr)&K8Rt-!u}#N5n05c#2D%8D06ky=kB;nKFwSaAl^*S$05$njvQL3=M<m=Pf`%B
zg~H+yTwVk@kydtW^gh7{CXa|DK;Yv>E(4gUz%_^%)#7^e&kUL4=kVo@tVZ^%Oi8{%
zY_-sy|334o#U+`@c_EsLdjtYGiv<O791EYd$N&kZtpMv=oqL%9YYtAhHr3SBykN*j
zY9b*F*((yIsZ!$kJtc=Rz&S_?aT0deg3UwusZmh%qE<V^(S8dm0YfGt#re>xc?>N@
zg(F^R1!lqsV2r2*ZJUH~=HPEBQfrS3_8i?deHi1t)6jfSgv#4+*0Ok&7W&K*NCpY=
zE}QaZdL@?Mg^`y4eD!!UdkuFS+V6Wl{%h%@W4A1FT5D<oQ8E~+E!7(+N>0)Mhb?~_
z*u-oaE8*;f)D;~z*pR+Hq^v8{A8Q&<QIkzylH9wj0CcenlR9tdEk^e6bR&_$mioi;
z(mc_?3f+6*Cc+{D`Bq?NWza9AJA91>SMsS<M*)RDt8^^>_{i_1WTN7RQWFnZABTnr
z>=SoY4CHR321W6G76(=>%W6;a0!t3~MT`WG=(N9haR*4ST{yQe1rgn1<S5O_#raFu
z`qO03J(KG<6=@!|Q?K2yMY3eZSINhBaX7{5+1Xv(^>O>`P|{^Njb8NnoV8$?gfU$0
zJr`9~RdNt9ip++o;B%^{&3?G5Ml<q6L;>P><@H*gRX}L_d^(eDr_j%p^hQLLWmfLk
z?T{0Lq2)y|J5l`gy|sWGD@p|~=(iM`I2-2M5{Wp-M~FaliF9?md{^JURZ64OMpA&P
z5%G_ZNgD{uSK-1GkVMCqs>up?$1y+9u#UhXkeIn(_0rnbmL00=sJ|njtR%)+L2)*W
zw?FaCJkk*KTlC<KLf^x`XuFU(4&nUs=w}o3>5t-&_d%2sXxfVFB|u!_XDk2>544GB
z)Yjl_*m2}ol<|JLl&X7*IDTHb6slB!8rD#usUDnBwAe`Fzb?IiP@XI<DES`HCs&wH
z1jRv#Q|c&+6jFZx-N`mDFayL+T%1srib*EI14|aBRwM)A+eWHHx<g3>-dIE<E8+9Y
zGJPA4V#pql0thpC`d0C^n`qkckZ~l}k!A%(528O7C*PCYfmYQ9HIq!5e-u?9x|^a=
z%LlNgJL7P^K<?zpG$?q$MDRc%6XUesSK~^nPMI!EWW6<jXcG*OE_P!s8L6_zr#TH4
zHAq0iZy`NuL-b^UPZ4b}Jeslx`)Tofv*TA|a3LHmVto^z+!p27Cfb9Q&}G{I6>)?h
z5_AP<yWojd4P=u%M09O}5Dg9}SH1OV<YV6YK?iXF2{kFXIQ{q$Bdk=uF5-siYol5M
z4uov#zF%u3K<6L2SJR)nB9tvf$2}pcS0!l+zjk};%YbgrlGiog;(E1R&Xe+qn2aG;
zp1Mn;13eQt5WUG^dv9j~9RVVL3G`&4$=eAR1pJQmGtjk*VJU?IG=kk0A_b=)yECb-
z99OgkqozXiIsB1wa4{5T$(a44;T2i6#}$b|j!Vhw@g5;Pw2$aW5Zz1dW{6|2kX_$-
zVE!jCYr&%?deJ9>hm(nk8%$=r&d$Dqhj1rEUx+CW#tMdNtmtEakU*H18$yc_a$K-P
ztAtv9G4S$86N8*8Lv|672mp9CFcQXI)n29N{+)a9ATuZHgDCw^v!kA`w&S=1oowBA
zm(wRcLb8z&MKjTU%QUy``?3dWj_PR2yq>Zip*D)-tVHg|w<Qkl_%p2;%kU|Cqxs=1
z(x;I7$P)}pX!f4J4s7BRk4_jpdNH})`ib%J+FO()-o9Rmw=xB<mq+v3WQA^hx}KBc
z>cwq;Y6!EW98!Tp{J0~#H`bQ2h^RwiT2oD}C=t}Mr<~mkg?Yf)G?c<A#$Va)?mF;0
zE0P&~JH*q_T-!cO@`)-eK7g_o{09mv%wDoYDVyUgU3#mc!Xc4Pob|xDbyYpF2Lb`8
zHxcupHm9#<nc2jALUd`;Yvp>Zf#L<RhCt65x?goDPkBP0OJ*w{DkC;1A1-v+UZ(w-
z!ZP_=@>ZE~<$b!8%jOz^xd9Dk#dU*msw{rZx~Xbtjvzonxo!<w2V#>&Bw=wq)1WK>
z1%hLwg2qQQ@1=j&G)Q7HIufG@Mtj5)(r@6}i5+NzavH$Gr+}!4Q591EI8MKqvgZ;k
zz%Eg)JMp~iZKdwp2D41&fX1Stwees3&UiGRr8EdDoi(Lw*5e#_Z5tOBR*a)7_zLPu
z^gX)i_*7=Xa$MBFwgQ&(?EO)b8=&7JYNbf=dT2u6r2}n;4}WHscvMyE<wE2#o8Noj
zK}2d6B3X;~yqp)xX$h#iR#a6r7;qwdx#e(gk3B>Is=tlu_h@=6&;n%4*82O3ix(9h
zB50#GvvfUiw#y=PpYmN4sp**efaxSFFV6{oOk%8x_r8y3zxoekBxqG#!F2r-N|CZS
z>HN+f8>Ba{sm!pJm%6!!U)AG(k7)!3g+H<`lH*<46C_vCbD*&e0+u7vl9lT=D+rj2
zj?znfYs_zm|DzcqDG=H92>=lKmx9CLY<D(qr+1Fg+RF4q-}jdSRsq|}@)p-`*n2sY
z_PwL^<>|tJ7><Oe?J+{!Qc~I5vbBg(Ji6IvuN{@)e8ja#AAA-LPR>!hl5a51BpRuB
zse*&t(AWc4!yqv@?ec3<o{?&<N?_AS5v|sF6zh;9W0y&Lio${PPCGcy>hpMbdU}?)
zd1LX<(acmZvJ?m!Br%9_7yS-qgz!Sc^b5dIvP37IqB4i7;&TMi%)v~w)TGBoV1WEZ
z8qM?pGz|y}7a-mat)!*QL33e7Qm@042F2<)s1_HHph_f6FnTn?qy?Z%iGV-*Q53Jf
zP}_v)yyMO`X*hTmLzr=RW?R8){hzQpJB8eu-ke#a`xtdAiO--+HL0-YWM#o9rUGL%
zv=H<jS^)lS`oD2P{o_HmJIs-NB(B*R!HJWF2R01ToMiy4AV_&JO>QU(Qb|IP9K%F&
zMFiBUV>Onho}ip%7*iTLo2pxsc<IFsY>^=FB95MgY(;6Dv^3U6pwd$$;HCkyaR^8;
z8>Tm0xbO{46)2b_A@tV7IZouj2b{zr+$5f>?+-2Xn=FQghJvO+0e?E`^oB|jmBHL1
zW`ZapFrX$<mgwvgHL}OrT76)j@)QA#$WsDRU+f&W7w?XB+j0HF{FLq7fO>*Gh=jMj
zW%SP+J$+KssB`)XMdHXMXNk!McixscjpiXC>p!b}nzn3l1aL<A2Z%_+TN7$PEo`9B
zAtIEF+{}bZvl1+o!3l**``X<wy#(kYzGaY%@DP(=BVyH9@|t5F30aUM5wVs(s*2uY
z8oG%3{n1uJpYXjQ)+p<>=O0wweG`pl!b%toc)*ytWWhfZN{d1;g^Bf;Gm&{_ie8B4
z!jpggN>_e+;f_)fT>aZown<oXg`f2RWqogQllAzXBouuz20x*cPeK6RM>)TSF6eu;
zX-LQEsLsgT4js#BG%1l{_AfhiZeQ7H8mVk5nW*#m2IcU2(w(DL$fi7TdZ_^;6hHJ@
z2rpG5Eig#^ow%dNZ~-I1n^AGzh%~k+D$uh2wrfS!MlHj3@L;t-Zx80g%nzzF5t8|l
z1W^E>uKJCI2p@^^zY&E5+1lFifD?Jm0bh+j!<q?AgYtq;DSMgmAwg7icz(D$y}%9e
zl*hpv>VRz)z;I_|WqSAn!@#lw|A_5@stXOuDcZ+kJ(rwOm65cQoIAD&aFQW%OhlC-
zz^neO$k_d=2NA^)PbLPN!U2S&09umk1SY<&Mq->2OWh=Pg5E;BGDtUxN5oG@Ny#E1
za;^l3jwuRf#D#LJ&S?a2um{9z^RE;t7#7vm?Ndr@r^b;8bDzAYv^xG2oT3DEm_E2J
zEsvP0MBPgc^E?3s?rhunF}HbP_15r(oMwh8J49>Z(KXPNS;IrGgsV;g)<q%Gzo=FF
z_1Y;Qn9n_zmk87Y4LZo|9>x2DRQWIHTo!8claxr@4nU1z9{z(2^aXO^$OpjdSGR)>
z`51#LB10Rn6n@~!X>_YVZ0&f@DJu2?NPCP65y|x$3Ye9sy$XPcGF5oY^>gD9&ho~E
zqa`2*Z)rSknfNXcb6zm*P&d%yp;mucdRMQ>t{5wUKjsCr3eCt`5;QRk5b;<Lfs*U<
z_}B2cLeUJR+KV{QpaLC-I4-)LXTV7@2Md6_6oF$wDI<0}Xy<x~6)2pek>YmH(1h;s
zLg_aOQkM;CmMrx}$mB7CL{p9VBLSOHNp?eh^bvY{^t)>;s%1e<asujS3@LsDDIA*h
zpyfhI=_rB&N=tBqAAo)ZW!eF{A;1AeZX=)8t4k$2{sDsW3uJ?KfWg>S9D$ynAOc#f
z%WodMe}|?)c-RmZQQ}M4_x%Mm2HHIsWw>GTa>%?f6gg155%N7jpk|6xUjbH1`f$9c
zc*H;=?24j+xNDO)g;TSN7-^H!1`(nzyhnDV80h+KqoMhX`WQyx{vMtPxTVX77K1S%
zkO@Xr4gd(H8KAx!etw$~F#3J3q0stjyf7?r=*=5gm;HjJ55`E|r@Fpkk}n0;2xznf
zDz!=<8$fsS90;~XmemcsyI+HYRX8xPo%d3DP<W2-!)J82d(S_*&fc$rgn~;ZS(0nq
z%v5X*ZVD_7tx(*efDPGm!``pK%n(Q|!4{C}AnbG;R=r45a45J59hg>Ykz#36xPY~`
zwgSzL1l%O@`W!%F;FFO{2Ev|=gD7X`ru*+?Ix4);+-&siJ5|GS#WCzMTG`tdHHmYx
zuneJ}vmTfkb`x3DQ;6NP>XDwe!(8Ss0Tlq!5DHX;wF)BYBaCTbFe&;2VK@?S&L}`t
zBEBS()*gn=?$_{e4Ty_JF@>GMdm}cS7&hBpVp4^vBPJIi5fNuFNEn@-P5|85g=!L?
zUaT>)%239h?ju1E@y|}3_l`tQWrHM%a}U#+tItcY1Ye3OybNT-5&T)SR&Hp<kZIW~
zdO?ci$DtvQk0dOV`-$r5T)4p1cGU+lL?M$>5>YUs0I^jJ#F1y15fNJ)Qs=ybhdMvt
zuqXI3q(MR7yprM35fe>#<ZJ;tN`klIuEALTI9mJ{2wGYmvz)*gUA*XccWnml5>PI7
z>(j@svJmINclAGW9QiP(eToZ0ehkKS7f`W~=-BvfKSB(d_XPYCn3S|1pg|YTKESfg
z05kC4V7ev=K$E0SGHHRD)jgoV`m?#MuQ95;fB*hbT=YbEOppMDQ%;67s`cVEIWv_)
zHN@T&(L)AQ7WB9K2vP-z|0$*y0S=k1mY!0U`0@ro8DYLz3y_C2_kdhW(cq)c&ezMq
z<sJh-or*>tAMpg>HYm>NBUA=ti-9C~a!Hkb_1Vx2BgbuQY-3ushVJF*_ZW>F>Dbto
zH=$m|?-1#+5AsY%*-RTL#23-mx4c!-NHB8mu69KrufBKh{;F)S<>2OC)85@Ln@szD
zR6p`!1Jk=^SvfgM;6VY|@~oWbKgjjX1&L_-!!T$Ic;}~s*iLQOy4B(G5%A$a(GrIx
zdA*q^AIfhsCq&-`1EePJyyX%A05lMv(?QiB0iDkV<^W{9Qa#x~Ws?4Iw_l-T6>#a|
zcNka*GH-H(&7?wUztHXIrR5IhE$h}CPEw6G2|3-BEt(Kq8qb9Y0m7HznPN<?QvqPZ
zVKCk799yikCktLT>81|MlS+NNGaX5+_!YElB5K?9NIq%T_t#2M>@tD2v*pUaI;pK3
z9pjJYxrOeZ=9nGpv1a(8+I1lv7N<77)$#yLm@5DwA&+o)E-ffju!ce*2jN5k)g{lx
zryCGd@yf=LuR;)G(5}sW)Z0dWTG_#~5xy&5EdQqB8;$SD^KuT}du;08XysR<Is~&+
zF}i1eF67}6{@slWcgIS(KLiv?JcA$=eL6k}6E_SsBP3mgoyWSI_ga&`%twDcXC+=H
z`IV*(En$o!XY-~Rp`UG<{NXfM!nHP0Rj1+h#nKq9LJ&9TTCaF*<9VTnCEp3bn0Php
z6_9v?vXWT18I*^X4UwhvlPp)fuJ3p@*uZ?-$7i8FT0L&eth2a**~_Oi|2Sr+_+A)E
z3Fn;H9+b0<n)(*n+Kj4tPBP+P3*^>wSigJazyACGf@A)D^5l8oS5V2r6+H5Pzh_KM
ziGVEs_lw2!--ovHUCHqnOg$F?Dg^b<N5>qzgA7_lZ7;&I)xWr8=;F%L{r5LY(DZn}
zV_$x9YF6jZbIOX>D*N&C+@==|ck!v8?aQ{MIu!8u*80)offk{>N<%k>dOe&md)RyR
zCCy-?bYPWX#gNtieG1$rdzQ-u17TEB(bZq|N|=)m>=Hr(e(sn|Yuxx$;B{jLx0u+R
zj`!a${_ocbeBm9-FAh_of!6dAlZGi~@rL*2j9MN7fn_1BI$zpVSsc{<{?@S#SvKAK
zqz8VUI<Bkh;QjZ13=F~_&xt{VNdpyB%-)R!$TaY|ba9TAhqv9i6ln$m%FoipDOdg%
z=Sm5|jY1!TID{~?F)$4AJ$-Mr$<IftkT4c(+9}%Ha_-`+CYWF4-33_tREt>6dCa{)
z-fl>>rERlpbSufuN8=hH;Lac<JsWy^<{uZk;k(I!RP$5I1$Qm;imtuGZ$6Ps>vBHV
zNub*M&S-Z*5e|FXs2bKR&fFR6ra$7b`t{|E-TW!5=BHV;%f1;<&{3{KR5)8WH)&;S
z-#JaqJ#%gLE-#ggiExz3w=4nhc+ghgTg+!_Z+eg<$idLk-0U=zopC8yWlKoe=NC$z
zDGrP4AmM-i+2X&icI7`7n&{KTuU`ScYH~iG1*=17l~!FxlPKWcxIR~U^6J8(UoZ+;
zO%{>+mU)_|Vf_-F5htoAM&0Th#U00ct4OyPSk82Ug3j-p5M<U5gC13eoA0e=yqILT
z<$0bsz31|iF24J5)_Nr)WtD-6nu{iRn(re}(h!*Wz2lZ&746P5b91euPG=wR%D#Sh
zc;oMHzBks)1vMQx0;e7dw56%~U&C|7o!L(L(R@0R$#+%EQUA~Ldl=u)g60V$csI8h
zr((O-7#mwxR#q=cm&oMs1J94%SO{<!vaoQQ8>L*gh3O1N0kAGefJ@UW_3WD&=9i87
z-~WG~gn{dw$RacBZ=98L>NO`fI+=F<Q`Nq7o{-kZm+M}>{qrRV@T+!u!^qT>q0WdK
zzKG9h`G?~BUbZrc2Y{%*BV>oHVkR&g<JMO^wbE{J!})EMR85Y}0s#)@P2XP2C?X>Q
z(1T=B01q|yh<>D?-QbT~rrWnu(C}RH!As<~7@+go!s=WiMGTQYh}rjjf5wP@HsIt>
zqqxeaPQJhFem6gWIIo$5xTuYjz+&Na<kF}4L&g)l7<ENX;W*5;f8Yt_Qw<0+Z?vBL
zeRx2au{GN!wXcFtZM5zp!(kHzAYN#=e!Up$Hvanlz!8g+tJ=}&gaG3jTF7?Iy8Q3G
zTltS=DXI?zW}j%sMHp?qjXM7RED&~3vlJhcUc!#9x3GX>WODQ|l#nZ9rq^Nv9UdJ3
zC4G?fVthkjiWYxt(Ivpc^5m)QjI=T??{{8Da@)E%$5_V0^Uuuuvbjd>^BTBGGUT)X
zp%iP%9OghvdsTX<r~I8M;3jlHy#)n7(;fMg_o?RTbu%2jc8!5uCjS_EQ49<5#6em*
z0Rj@;;khkK8#eAaAjyob-_DLQIe_kz?nO3Be-`^Dsqt>?x!1iEaIMyW#lT7YBs57F
zW$>Gf<q*tFtmgaDu;|3(9#PIaGc*4nEup<fmhe~{Jo4m8n(##Y|LdTX=C_<sjM&0-
z==NRZScioVi`6IbF4B7{4SL_OVriBl^q}%43^^T!Th8U>I>#(ooIDkT>UGwpn`sd+
z?3kN(@61FeeP!e%tEPv^ZluOlIm~{3-Ikqcmuq7*OFn<re%Ht!B~Ra|323m)tUx#0
z_J$^k-_+Dpg^HKTFOH*h0Q;}zixd}ESXET!w-=q`boU~)9tu7?hgs#;slm3mj@;Wa
zC$-;QcE)IWm0G698U*+>_di^k3}50f0=(Otm**MPN4?$od$UW#9+;P4@(nRloU}c{
z!eRIakUYtJ*Ar%h|NR;&KEWC+Aj;zlx!RIHb*4WA&HA*-U)Yi}EfUr{R<`!z=TS?e
zMleNgZ`--prn3${6zW;pQlh!JGd5p!L1mHyw&LtQVTumBZCY=Jds<IYq8V2v_~FCg
z{<*}yy=W*gKL$Expcc13{0K!zD}7x56uzw^M?d-V^S$D=FiQbcBpWC7AvL1v_U&lH
z$}64Vh~0OU-nKo+dpG2;0?PRRB8}G;E$vg$?VAaA{{HRKw4Um}?}Ajcuc?<G4!NC+
zR0#qG-%ehue_7TVH??Y;gKc%1s*L}yf+9c1fq2E?SPVeE<eoCsT@LkcO3`7zB5dx~
zUSf5mfSt|C-nOV>|N5_A1?YdQpP8qor|*x58car*^{Fz{`#BP%k!#m)IqfKXD740~
zsv}+9mY?BX=>98V)|U4=k~sYmuV#KSpJrzZj=@RCkml+0=dF_tSi8c1`Gw*T3dohL
zJpa3oHsXPwJExIh3Z7Mj_ctXR;i~oYJ}TiU<-cDw`CGnLT>gg!^_25_@CVK)SifmZ
zYZzQkWEeOGV?)WVv8m@4F-C%~_Fqcbec<5{qaV>Vmg28|Hhi(gGx?TNzqxr(Qah@u
z7<pOktrHL0nS%O~UQMbKC%bN>UVe?KbenzJK(fV_wnQBUQW>xO>Kc~Vu`wO4MjkUd
z;?QH+<C*6cU@)G)p(oqHoL+Q6`78}zKzIT-=Uv*~XEzr6+me&nvorKc6z<aUDOBvL
zvbMKgwHvMdMBlF4QBCoOwd%{15@sf()9J?NOecoxy>G6K`^e{Lv3d>TNYO&gMp5^N
z&(7t)ADjXZ+3VM?jeH)flT7){DODFdf(uVhZd{kYu)}>mw@-vGMohBCD9%G}G9k`^
zQc-29j2o#XvQQ>q+jjcVZGjpmyM{5s3%P&asx4SUIO-lqL}tQG?){4YeYulMF%+pA
zq06(ILiXgbOKI+BPFqwT8;?`B?faHZ&F)2|_c`$^V3=KQ*|6O`*-9sQ*Ta1|Y6IZg
z&qXEUv(3%{jE|D)Up><;+9daoKXzkh8`qc%hZMrGeG}Dk*71&GGc&czn7VxeN9xzR
zAa>wCu*?CZcsy=tjcoRbN(7?p@msQI<aEFLs5+Y*^~43i<N<GEykS5zU_8yT&BJA?
zPhn&sJ3{U>P7&%`YHr1^qKS+qCjC^SiKk8uRbG1+eE<H)(K&fJIpAJOg+eQh0f}j6
zo>Q*kJS!cV`ck5~1*<z;`HKz_kaE*+e2!_Mle0_epAy!Xm#a3>lqv=loC1o%y=Tvj
zl$6aH9~`PouJ{$n`R?E>jpC-l<MRtYXx%-w6EwABC=8>eS=SwX5zNVRDRH;7SzE`?
zH<~T)7aV5z>ywu~HSj6l+sAe^zOzz@73+SROd?kk-w~ju{&m-?Ce%nN06=gSy<t;q
z2s~0RW}QEVuU>E2yqlxz5RWIlN}5JP8eVzYa`+mBowVz2-B>+4u9S5~2VcZj@yzZ4
zH@f<Q!k7$4jA1{v#Wj0mBUqq~r?#1!Sd-0jfNi<?e^vPD3|L0x4?6x{)CST#GUBAY
z=vNxg&Bk^U#sE-2k7{}RZvrS~A9_ssgf2AR8`JTsyf1Da08&z<>)bx?42PW0_a8ny
ziy8co$vk%A@FItt=RN%}B(t6xPzM?axV=DT{Q8pO$`o|vpr!o|iYP?2&Z32f`1b8v
z@3iFkpwM%GR1hpN`@ey@?;GGi;#-ZxJABT6`U+^*5mN3hVT~-9Uw{C#-6Q>S!?kzc
zz!}o?T(p;YFpdV%xH(GzUCQ{Hd-E5FWi4Dk<Nz&f1oaD3UkU(?m;)E<J39RrU~E|T
z>Tt2KHS9ZZpvt7QLHym7Obcdgt~>$X7_jF(kOBFzR?JH!6cromQBx=dFWfP>6p@iT
zVNYNlNL=G#Uj%Z65+IV|0OpE&O_bu%SHb)gqMUXW$G$`_7&8MuN85D#0N?@z1!ODo
z<}2`9QJ0Cm_=)z7QvekPfE%2vAM*t7Zxbx$9~pmrGSK=V3Ok8P$(oYH2@tS7ma;f8
z<jg4qy>;bRkY{Oh%PRCYod=SXwEzeLX7Ix%I2oa6A7Yrr(31`XLEIpJIsvwGi)hR{
z`}>_$1t79cJfgt$kOg`Jsx1R>rGQBk8E72^En6kfF%aAK;g`!YML>bEo3at3+*~YI
znK#}CE>3CgMa2ro_03oc{-n(>aod<R09^vUx5>|xJ)CDltuAMRWeLWmFT5Hvig3FA
z{+jk)p|F|1QrRyYb>N&id~1q;fuDn}pdKvmcN3BYa9VYR2*{EQILu$=w8zx{6Jg+>
z!^G6Mu&%Do<O3*ogfs>K1^>n<yG`a^nLc@Mj%HvFCaNa4p77(z!SD;kjiGIEoE&JY
z<zW&3MY^t~m4-2`s)aIe<}<aT{`*`o933T(G_-J3LNJ+5+<_O9k3&Eg^UTHLzn%f)
zB*=@^B{H+ZmJb3C-UC|LU1+XkqQG}1oG}z;0#Q}OhYfcD-&_`3AAsj%ygZaHUIe7d
z3H+7x&iFU5e;J*etU8p3e+Ddd3UeAD05p7>(W}>P5_y*m_i1oPo?`PBl}=z|G`!m|
zX?g)v2t9lUwzxHN9PUAc9?%pRM8(F3g0ZNFCZhy20UkUruiw1aF;du0PcI9=T99MU
zG6T%*Hefmll#l>O7#)H3Xnl<qd?@@2xM>jc^5J1c5UzwKGO^MLSM|N>X&i(+hO-77
z^di>Z@INvQ0*E<{nhYo?Oygi1ZAh{2QsU92h1mwoVG-(3t%y!qrZ<RK|M~|Pu+U7H
z8kBCdQa@o#2aF(l&{h4vH<1?j_c#pMOQlLj!Q2?YW~I&im7OQl?cq5E>jR*|wO30r
zaG^ClW(`oZG0RH&6&**gPzT8jW6HGzTgJ#L1Wc<S4D-WKbmMBGwj<9IaJd%@#YE;L
z!N~(eiwl1f4;^pNFg+3gN;)`Jl*$%}MOa0_iI)cSdJ`oSIL_c<ZKI*-vU?@zGO?SN
zcOYZqD-6L#K=v2JAdHZ106EVBxIQB%_fI=u(qe6X;#5t%m%wGajx!1@k$#Q=d~G~y
zjO4mAdif<KW3bH$D}ys|qg;1u6;2Rw2LlfU%X}0BNCq9v28=o~&We=7gCD~@a<pJG
zpZ-rvKxe)I0fu<0xXOCMQ3N^yw8;ic35gk3QUR?3zBy3)TbMzt8i6MwAyXoh-Nt1l
zYbEi+sAsWB^NHBGBibO9fDywF-Go+`KL<dFa8n%S{5QUAcTN%Xbkjfr*pn6YS=o?`
zoALIYFd}08=>c5zdfl~W_+F08arybun4oGSnrOhY8;}}#MkrxFV^$#aRvON0T5h9j
z5jnaL?FeRyANmDTY)q$nzFT6iR4v_b3tB4jr@<J-N&SStDa6!<)d3!G7BOdIgYhj!
z8PxwG#b754&1EeOfH2fe*zbU=0ry&Aoq*8bKzR51YTO07Z7+6|$skCf=_>wi03-a`
zAFnrY^+HGi8`DyNxe1oIfGrzhyGRBX$eXFy$jOTAOHxYMifJ?GMqYsKFwwGr<V6w2
zD!?kMtrT$EWH7VB<J^mh-7m1;Nfre=NOa#eDpsjVM0p;yl--1(2YycnJ|*D%Um3l6
z7{V@qjVJf;kS{(EG0DTKQ56zD=A4T%y_f&H9xP1CK>yBU%yMr`2fI}WPG-o9#}Lhi
zOf@`r?cBNcD8B5lOA}bTU%<OAF->of!zV)eSc~yn)t4oh=-50w@e2GU!doLuLa_0O
zDK-VBssQaGYBN9-AV530LcpBGwq*W<j1C#<IW2xyQWSvL1R4F2FP^GbG9<$BOZoza
zPH>JYM@)+8S$GJBGt!6MVB=&)(;Lt?@JR`C0Zg$WHBAiOz+CHdl0;TPG>&r{+lYaY
z)i~3K*`6pYiar1&O$c@g`#zA&56jDvKaf1xv1?Z`nMQ%Zh*?7ZAH9|gb4E0=`XH&n
zKe9Ge0(5XfffM6>_Fuay!Ek9Mp>rjT`z+Q0X`|!UrT}yN3Gn%8$v4s!;QTJ|SUY5*
zP?-UBEdpduP|x=us3YtGdcXf{aB*=Fqp>Yoo{R5l$G{#Tqj#)x6d+WHVm)8arv%+%
zLPlm(;49d<z$SSNM9#L_RD)A!A@<^B<1^av=Gb(@5c_pJDj`QVs(*>7cR^NZwPuB_
zj1Caj0R4tI7)9SfkqLIxueS>|wxum(&_cPcP*Up;VEyx$P$b}YwfvdC`o9Aq@%KQ0
zV2x=`OPw&z-4je~-kLWNW6+jKsV(aYuW}y5A}MkaA*n&tp}8)P+*~l%&L9dq{qp4o
z>4xxU(a3;X6*iC60ZL-n(m4sKlYS8QQ3&8L>Iy~@uR}eBtXC>S-BnSv@n4;4Ha>Yp
z2=h2FpzPfSk8B(XbOc8qyUnLz<T#Wyh&ed1I%ckcU<NxI+pi4Sclg_YNLQnvTNYMH
zpUs!{8+tbO)gqI6*RGy3m;Wo!OP6>3{d(C^Prn{O@sogan~Q5Xo!i!=tYPpR!5Zrj
z>EPGpG<vsKtZe02v^<0qL@dTi5RKC!%yMu{JyqSwZ3nU^s)>G!-mj<t1<x$VoNE8>
zT@VsSo#hI*f!Wb<I;U~Sg7}63e<LTJ0`xK&q_pJ>8(v&ptSl@Am?NuTB8LbiP&<ji
z1TadhE-!!Dz94z)6S;@!8lrput8)T(k;0jyDMIc!uc|AI4aoH*M7^Bhyg!NS-d}+_
z+?#!s08S&ZRRb6@cdUGWro0bU^f8NWr)wR->H@hQpv{rtBvO*`p<n&|;GZZych^^G
zu!CY4Xkh0MahWTs<D?bw>`P<BGdrCyQjO{9o6GT7g<_3_eLR}#Z`oO@$jzXAdVxH+
z9lJYZjRg`BZJLD`uBO281r&^7^erD;P(|*qH6>RV5=kJGEK5rT<P%;mGSg`_wV!L+
z!vDK+%~}L$Ka+tGni_8y@4KsSjkjZl%Y{&lEQi0oYr^r@XJ6h)0!Y+b3xnQ_pqP#h
z5z}Na<M73AARWV;)7Rg>3mYN5_&+05QUnO?z&I7f3g}OFqI{EZu~INLlABJ)761xO
zSw+Q?YwxgKRD!xbrD+iHr|#=PEKLnGXV;p%Nkb8av3ambJ`&_F<Pv}kpmkxh#1Qjo
zVuGI8>arOc1UXXNo>0#}4af<UbwGOHwEcRUhspw{=ME%CyfIh&hGBgEU^=F2SOr9E
zECZkhM_YE-tD+1eq7O(XtNQAaXtCGrhIE56|2`&9$nj`ibTMR<z+eevzjjvE&bEGV
zC{V~f#?K(jFaY*Yj{wk=i<J;9Y_|FD42|`DVOrVufLaavV>@oVIFfBMuf{#N?Ng@z
zzPB8LF<uuic*EJ2L5;c>lTOGcpi#3z0fBQs43uFTbt7tAM?Ql81_q2Ha34PpP7Deu
z1guSn+XyZCKfS9A<MHNEF);x@N6^JN!|M4g6^5CPZ(TvLCf^MNyKYnzpAFM-fR5uW
z3ElgEb_`26n^49ep=6<Og*eP3D3O3O)f-z~qGb<yJ{F`Npl-nNErSba5fU=<AG}U~
zuow^xA0tz#Gwe#oq6J8=!KlNCjWY<Oc&VfwLizRu3)mDGSdz3}46>y<_9?Jl$bRr(
zKxau{Eex{Jkj3P@+?T70dIp1B6mBPRGk8$JqRvCvhQh3Nz0}12az(TF%Kf~8!896e
zm88jlK@gTnVZQt|k9SvvBpCIELYU66BhO%6f#iO?mr`(WNk+k&!<uWMNfb^w{#+SY
zy0{XL@D<1o;6O_bTB}*kLMfN20a-AM2)6?@73nImOn)A1ngj>LLL=0N<Rl_Z1W9{(
zAhq8Bp%f%YXhl|h&A=YkB}~<EQPZ&lMCfbyt0IwY$>z=P`uh5C)O8}k>iEh?ox#9D
zOPmS)9c=@>mnY?>O$G4$#*fj<Y!aFn?C3Z~`e<>-gV@L|A9GH|0GZ?>JV$J%ZJ?zE
zpKn+J6gRBbUyt(rLUt<fwaA(l+1STKo)kWb;5>SnE@2jZ9y^|t^X1qhgBO(b!{JJ7
ztze!k*M!e6d17@2=!T@mA$bNv?k#YSgcby0zJgC(J!VaaZ{$~Lp}~f|7sSSW<xyrn
zjuQH#6l>lrl2ho^hiU<3b7qX`9}g753cgQe%1F(M*NT#1D=_`)AuE;$JOZqQ5&lTp
zC7mft@NzMgY{${9$)978zJ_;(ACjeK|8nK00pWPKf<CNWDZMk-|H%JpY<G!Wc8ZMj
zu|uW<FUIBH`s!fsqsp#Gal?r~Oi;oGqnYoy|I+Y~+zG+E;8J}8o794fX^4A;n>(K`
zCOf`22P{3}PmHifv+t4*HZlzy&rp4b_6)i9*jr1$BLtK)3SpNq%=xHsRME|(i=PA|
zMH60d4&HyqpMiT;u$Lg~{18KYS`cpJxN3pd4Yi{5r2|C^6%L_bAySf`a0y^b1eEo_
zbl1T^AE5H~ZQDL#W1t@g$ibVNZA`kbsED&rBIs{?p$hK7K->AY#2ed)MP*D05dG9%
z|8N~D)J<*g>3Lo*7*rC0-!j`qvofO1={&~p7j^JH7C7LGZ(jnO85H`<mm9CDMnQQ1
z0cY~k|4o_nBZs)iLn_ne2e0C0k?tP!K7V7KN)r6%hKxa@1wxFL6ju!kZMQz%Z|V5&
zTws#F?eF(D#0I4rFVf4v*8c&qCzqZbO8wt&C9hWE$N&E+vHV7%|2iM?pU$s%NIm&~
zzXA`FPxODkx>BFtj{Nsrt^9|?kIDw->ns1Yv@jU_(AkvD11*`bWj=wv?Ndc<2-~Sm
z7t)JsLl3I2K5`^;V5`#5Ekr^J5JUmHQIN1rDh~|aK>;ne_RglWcndiFcZzh&!Xgl}
zNzyARf!@pg0|I}4;=Yxd7oRckj%{yY#Aq3>p@&#h+%)TM!7(u)KPO8*TXpqW_f#(j
zPbYX*-Z+u3o7t2ut}(kFf1OFo`@^Uk%7@M~k$t<{8>!EnJ-b>P<R%iTP!{T+lRzy9
z9%3yPDnZss=UhjgOpr|3i6nm4&dK_|3Agq8RFkZmgm?MfiJM+3t(o`icy{ari;D5e
za~tCWr|M^prS$&1tMWKxggSv>M#H1w)0`&-+}O6GfV1GBW*5NGT?a20cUP#Iw7#{@
zP+lsPwnbkAgHfdS(+=J?SAZ%#LP|zR?7uO@jkygdcwf<PL*r^#&4Qn9uj(5n$jrQa
zxdM-Uz3;#B0jLz9<dy9-%7#RdfMiAg1DYCP;3X649g2`N&f*-h(+cqJ911>l#AdHa
zgs^V1Op5f5__<~q$|Zm<vggj(UNcQyV0Cq5G18k|wqCHWj&wKR*P}1|nR!e-Jw)<&
z!|}bcoO{lmGB61dz7YI0)WNljn<FUoQii{|mjGR*l&zs;(=b)EWi6$bq5qhN6w7#t
z#<aaweQ#bblU{Xio>cgLP+)bjO94UjiiRb`2(tf4*iE>}n>mO2BIxpRB6yQ7a)xd%
z^ll&S4Nv+frm$nTkdWWA3f1j-wzSLBou}P$KlFdelYjhq_mLlja|GfT3YLRI=MNIu
z075Ck;bV*8#)U+&j&~cPF^K9A+XC%YBB6A<$UDC9ms9byk3<sea4RS%<dp!)!cql0
z1YW&L93%lhAwq{QUT;Gs&&nG2#|4ZD)G?T4o((@ZXm%v33LbmDNT2*z=|TA4boBJ;
zb@(IbU3Q+W<azPJEvucHS7rZX;qS38Yfg}^Cc!9W_+uOg7gvX_;PzcAAWN1D>Yw+7
zhRLjTr{b%5>or>#zQ=!;Pg@^GQwe<vgu2au7K-Ha`BX1(SG*}MI>owi<!Wd=k^FmG
zpO(T&F_x@(LLjZ58&VlQb=M3)yaNN6wk-EbraAZF16x2O^P*&EmkawaH+RKtsi^+d
z)y!CBQxEMP#^G)B_Drbp!xflEMn}0MC2w(Rc_b}XE*TK&B@!swomCndl37^ZiFF&3
zB};Cojz}Yk(&O{BcRgZI02_XWdwmifY|ySCYqu!aoUkee&T{q~6a~&>!3pv*HBi+v
z#<c_%LWr~=bY7jbC#*Vvql8dO^g=|PMs|~h2jpZxaHBw^cCfMzGu2*umj>jH#dE=$
zd;&m9ga?WKw8SEF%{E5HbMT=~@9G2q15li8?_M8t{+(7LPJNHPp-K>AtM%?205>NX
z1smi0-~%*!E-w=PtmqV>!ifQWf>2uwcCWVY+I1ShB0zaDjPJ7N42_J^v1S7N<s{HV
zQYL~TyN8qW*->fLm3Z-FD%mOe6*zB{^lq$mNy-2P(<R;3w<W7bCA`}F@oG!Xx4f(3
zsKlBI9aHQYY#{P9o(1}xW%a|d>Z>_u+C<q;OC0_1-ac|+!4JiCdv|wH`>{1ISa&&$
z2HyX`tCbr3{kThkG6~LI*HAi;-Fg%=DAy4}2x%FJZM7776GLQl!YxJNK<IS9*87{Y
zh47hSg6j>sZZLK~K@K{F-Ol3}_t;dSA1HuUt%yz629(QyNophYv$jKmtp<k9X92jO
zetibTgga6tsik`<Tw3dPTJrHxI1Dt(U$hZq85(+PUVAq}DM5tJIzmx;IoOCRpafgH
zdv2}cw_G}2{kb?e%&@qoCi9D4$dgnkKmyh92ArnhCQSqtv4-t~)d9Si<4#T@WDNz2
z4y0M6ySMBbHi5>*AMp%ogn^KUy-)bCu2W`UmQ|xvK8+IJrs@dR*`QfghP6Ko++JyZ
zc!+C5pd>s2yQ-vSP1nK0tq?XRBw9oQoJU@0N%7^)+$7uDNJk;)+_4%$7JX2<6zL15
zLe!8bEP?r2L{8I&4ch2%sxQ7Eo95u5QGl#6oHo7;OicppW<bjVp!K1mCv0R8a`oZD
zEU`FI>s%elud|x$`2zAM7+qzYbR0n1G`yFr2wqo+1(2hT$jyx^9Kbu-M8^jzK|^6L
zKYfP0?5BI1CpM<9n=G6es6BNuPNJ;8)@Uyy&F3ucVt(raC$Fun$AGSD$i4h9{)6%R
zOZ8hPyaU^<emdJUQ&Tbv`pB?)-i(M)vPxBOZ4!QsMS45q`he>fS4C9yV`b##t^FxZ
zUrW@?Ri4Bv>I%}+OUy_W2fE%|&*Bmxz4TM5(s6|_u=EF~h^)lpf?`&=9!$^W#kS>9
z$jObA?@vAtLtP5ge<i@RMBL{Np@Kyvb_cX`@?G!-XHjDdpb)AuBybbDY_$|^@UK{`
zQq5ZMMu;E@aPvJvLLrFOLb{(f;KAQ1)898{Dv8Bv)NK^m<%f4Y|M}Avf*}`QU)yPP
zrHY}>S-WpHG{0V)&y#SSW^LF0tOKuA{N_(Md@lCaIy*b%9aMyIf6qoNo+Asfh{~hj
z^olj%9^(3xPCf(^GiQ|=aCY(v_U<ip=EWWopeYe*3v$V^$@vtilAK0ho80x$*zDEA
zT&8*$4?+$|9Z{Mf{NB8ITFq*}Uo$WSkH9MjgWI-vp_Dz49|F5Z$D6>ZLOtKp==utO
z9qQRp)Wt&N$gEjo0){cDAQaydFWlP7EG9DFo4LCB+Pg6T;^;u=3HP^GlJ1c4HbUdX
zF(Nz6c-G=IAg7QOXkfH!zMw(G9+fjBv1X9gNqB`&Uk`R>yTP^ZL}<2;6~~1D)BHmF
zJRmDJwu_+_bGI8xy-!>5v)$~V3gFnk9|T^Xz|13(F3m-_kkN~pZXSa7Eb{NQPEU09
zrRq^!N<4p~`&_<GqhHN<`-ym)drhO&Tjipbc9?pod1DXEB6ED=GdETYo)`_gVg$RM
zj1E&=>_wdgd)8@Xlbp4n3WoCGwhwp5_MZ}lJRA0sWifJ#K+lKy5c2j-<dHx!=)m^z
zKgoXkpAi_>sW-+Eb6jmaXtE(kMjmK^&%^f_+pEq4sU`TEwc+M`$n=N5zdt2bo)pmD
z049EdPElW9A5>X2GPFReatd#7^CSyWzQCbdJ?#H+0Wb#DsL#U;1{t4l#E}B-h_!Lj
zN79qA5s1BJN$2yJc9w^;|DM_SyxQqO==aTa9M>)--_6gDOV>JD791_+{_xen0GqG;
zCRIa2*ssg$VlND@x?3zvYjqY%IU*r~POJAC)rJjLTz3y{+_J?0JvRDBz8VprD$b1r
zcVV>5C4#k^qWLSTt9!_10hFiP0ZLT96RbkJi#OBrd%0e}ffM{}yCF_GIy$vS&dbm_
zJwf&bmgn=AD{QIA--L~bYAh4la#mtcjkdI+ZW^b~=*KH{QnTP@iYIe|q@pT~`5#)V
z6*g`*Jqb31pnpH&%v6!|Ma*<xn3%YYb}ye5#x&AffqA&=u{UeSmyW{fDQFyywflI_
z&Q;V9vVr&3Mc`{K`Ke|_<r=om^D`hUojDQ}qu2yvm=wL<H;h)#$k7|qg6LF?Q8LGF
z)qX27#!H1BA?ETGSSYv+*$WD2e(C@@z|7bW@xEtY6deP@Z{BxKusq*RLvy>uA^~sG
z$;qi5EkE9;C?;R%Y#-yL5kQy#CcxXVqkpSRzW^Wt!32Q}k?k(T*TUl;)&nxZA>vYv
z0(gkHz)B@Cay00*v8}arQHPawX44pxxC`&5Tc6Ind#RjwHHnM4F|+K!)2xwk0S#MO
zNgfvDT_pHg+(?NMR7eH5`B2rSL`1`)$WE}un6}E?m`(&j&InzY-NM4cit5Gr@NsyK
zp%uWB%#Wko+}t6dp(imIdNcPBTD?#bh(NhwyR_hp#oR>Yq%a|02Z-=Os51y}vG>Zu
zI*ja)(X5bLGzQn5Xr1-}W(trb`^aTfLU?8!xa)eTVK6=j0i_Vq&~S99va-(Zmwrgz
zZqSvFTjsS)U^A?|yg@ip4ttRrt|710bHYsc@;)Z`N$JksRbE({XXQxX2njQEun=j^
zGrvNhOJC7bU)o}yh(qkjs3xZKjm1@*DzFZ!gqDB2Zt8PYWR+STPzpPs^=WE^nS+Z%
zTS2kLG5^r^?L02RIk!UP7;_Z#QzimAGGv}n?+lkW42apG$pzQsM<?W^hdzAxN4X-a
z^N+>xIMchORXqT?p8*MUZY=SqFGN}PdtvF~+B;CE5eqTUkmJQeLWAP~DWDq_Lqdj!
z7_9B>?WN2de3OUo*xU@?VTY}+k`AjBtX@haX#vv4Ki4=eoJ)EOBS0$=CTA&*8srFz
zOz{e-C1q5x>L5yMEJ)8?U$q9M0a=tlt<x>8r2{VH9swTTw}*rbmM=O`wO3D>8#g`Y
zeC{_rm~192KDrUixvcil@H!Klanv95$Xy92iL)Ca*Q2ND)UlSuec}Ql_AT(#n=&nX
z5t;LzkMez3;^VyW2Fq(9_~WYsv2ct?o~?4C2cMc>ub2{RqMt!YpocIMVj}QR&iZ}T
ze}bS*Jv=|X13T1iA<MI~fAXootjnGG<>${N8cc=*06tgdyV22dfT>939U4IzogiJu
z!X1VJ+<GJ6jG^#=!*o|uNlgt^NLgr-T;Vr^{UY1lgR5i2#y*bd<Vxr<plv}<<=xAb
ze-!l{^aru9KHkHa+?f?|az1G$%juht;2VZcype3nkwrYPpd8n!_6AwSpvVVBpQNeA
zD!Y0SpDU$vH?y(X9Pp3|E<R_fD{95%m;S<;RpU%~N~)w_%wSM|?%WC9$In_!t`vs%
zJBBA5_suo9d-9}(10Y@s4vwzHWgCnyG<a#J6|Xk(y@CV>S*B}~n&teAfjk9m#Y+g<
z@G1Tp0^SOpUu;r#@2_SB+Jx<q8SH*JVUcA9`vY$ta%5@l*?9{*BJKL2wilYOuf5S@
z^q7le7I&n+{9?xmZ^}x0v(BElvg&HEp99gL(8!uybOLdq2tx`oQ~`=pJylsLM}~q}
z94kdp7&C}1ZnR1<7^BlT1wch)BeWWhA3y%4@rby16od>!Rr?E)M#sksOG><vq4rM^
z5)keuVd`KGCEkRkOWz`09bD+OvE##}gvE0gg_!&Jq6hv(2NqPhMMP%am+)ag3`J-%
zltMa7!D1_m+sH8jibG)HjjP5=3sPW(*Bq6(aI@-~!HE0x=n!mY4s5>=KX)fhV7sUK
z#;}l(!l}Uyvo@Bk*8xmB+7B032t5}t{({A$<u$qrF<hL7ALtaaeqP9&8?P@IvPyAm
z^OzdS89Dj-llCL?s2{mg<rQ*nHcW~NZgcNTc5M&3DIOV7I5DiJo^>GaWA9JqZS>*t
z`WnK18AU>_+NZqQE^N{Ye8Mxz$##(joQXTA`STa27;zO6054;@gds-*R!q^jK$xkE
zwWc=L*%s7wAW2*(hY`ZEW{$b3sO&oCdBxXW7CVT@VtOD_=fb^#Y&xMm?649c)9K;d
z@vY$2A*pFudtk3cFHo`=uTB&U4XAiOLiSyrc|V5Y{(whYdbn1h<F{8PdM{Nr+Ot$t
zmUb=7ikw|Ou#ujYwT9}?k2PO*ztVgo+1b^D-jS@80EVnir;RP__-L5koztdTY{2qT
z4mcIiLHsf!Q4s+5GhBV=^7X}^yIO`_AWR1WLoKf5YAtW1G-Rnxc=H&6`HI%;d*s`U
z1~USp|JC^0>doFJ=r#M=Bj-?Yn`&%N0y5b@>(>jRuR-_-*&p-)Bou&C&h0nWZ*r3l
z2mJ8wu6OiCdEm~_MF=R<FHaAQCN<U>>nxp(>6qdcI1cE~q|B>lyBy|LIN2*^As87U
zq9XwuL_W&n{eTEuQ+coC-Q;Frl|NH-m*SQB{F)lc@k7&Fm_FXT!%BO(a;x{PDrrj{
zIF2<t8+jjRR6Tj}pyeL{A<14Ac2S{WO`)~j6vdvlcb%g;XH1T7xw-JRQSRgtGiI}7
z=7-d6h&4d8N>qRzP^NlAzYBwtJ81>4u&|B|*r*z*d4I@7lcnXep?g08h9e8AM3f4@
zVK!DAV(nP9FTg|%8@pMy%FzvGT)106?FIEq?<W-l#yyPzF@hkU8q|(sZ#R(sc6j|b
z35}RjWS>>hl&vk!9Ivg(2XTTvZ|3(EE_o(z3?V2Wo%iHKj&OD`k8n;*a-RBGg@8L3
zpRLZytZ7;MQ0A`U@#Cw}BRuk4UUF7B<>Krt03DcJ2Q|(B7RW-8ikSWCN@hU4rt5*W
zQKAWe`jaTJW#Pv*V3d#Ahzk%N6ux@;rST$h*2(L`Xt{$N1dQk)w>XAH9}4seosd3=
z$D^TS6!ynFluVLkSlvHkgLDQfxM(n#fo}C6z(2*s!5nZWh`nUh5Cv1HksL$=kmkrl
zUnp{LcsOqOtSIDk$l5nSO3+wGpmT#J7SXZe#mWdKRoGGeDA9Yh3Q<Zn-(wNtk82=b
zh2i-oq8=l|;(QyDw-sTLJ4s~84)R~yr)1pf?6{R;bC2i8M>p1>KH&n&5$~FL(CuB9
z5K&5rk1w%W(v5M%?IU3Yix0>7!tAl5(L2QAh_bDe)phD)(byr&yvePK@@~P_dL`$1
zIR1e^3@E0behS3XOC)M9KV}`D(aSxg#{h^HjW`i$jCU3Sf29b$x|;qp0P=%s(?*-z
zdrmFIqX<TM;ghc3e0Z8prrKcVSvNMeBL%<|tM@189>=~XK0TSykj{k={~%4Q(cSYV
z{FAmeLaD@f<%*^xSy9CEy$H53ctag>H@msf1(HSt`Z7B}?ZWakfMy~;Nd}Cd+|Y_d
zq731~Q%5DJhqfd;01|K@@8(Hpq1<pBDpJ`71<MQUUY*0kB@MQ{k)ywP9fs!aMKf&%
zUV?nu(cMiV{KvTU&YiCvMeSzxQY_9-l{xMVY}UY}73+k#X3k%MSMsA9)^wj#MgT<u
zJU{>j@Q_L~J#h~EAf$<NMiz7lMgj)QC<tELcI^sFSO#mT3R({cM4K_bBKm(409%NX
z-0T~(988sId#Yn9aMj8ownMf$G4*2;5C{U*vli@Bv<#%*gv=v(N~EGhZ=Z%CI)2sz
zBSb$%DHJ(OTUWG6adM#s@heS$0D2gx>Ip{DVT~DsSt5h8@^isDs&|vu$V~uuhH#G2
z=@N}3eB@JTqa!gKe7umeGK&~fq(7ciS9ygob;DZK#E%7Q$6u%k5cx5DBtY;OrpLyK
z-JAS#r0aKEf+Jt7tHX{wDJihSpbk=6R;JT%_d%|R{rmK{@t?HYQ)O5>Adda9q=^yD
zEtJe8*>4?bbMfZXa@$BtZ6Tg%X;3$9>a=v{MRw1%hP1Vom2UTTa4xJ`!&Q4nz+>5+
zD$w7936Aq?hC_Xt@AlM0ol6K{_7nHlO&yGgR7u}T`>6MwsoGb+1JtI867i)6xG=B<
z{S1>_rRK+_^6gz^N|jn!K3!cjSrKQFc3h5p^yny-6@C20j;Z{(vz`|?HocS`|2tC?
z#b>_=GY@*;ww&z`5aE%&2=|Jt5-*K5<23T&3?k$Vy>v$d-v>yKP>sl3SUUC!0g6uE
zt>5CQG4{Q`cA~#2?#q{QEMRLNq9ap$!F_i_L%&Nbh9|3)g=uA6<ax@L=iz~8rd#uQ
z2mQ_mrmTm&3qQGz_oTXYZ`!B&@^%#TUF?LAHK<va^Chj&6)XC?2B-H{cSo8wWoY&P
ze8!0FfX63&HyiA)jtlH8{Th$a8e1-`6vt*%ou`-g^1A8@(k&WL`mrWz=-XlpT6KVf
zBSMzCWVE(N>*rhN%^17Hm#~St@P2D3G3NjB%7ps8-O$m<Z_oS=Yw|>(obm<j6hbqq
z&41b2rTH4E-)YNAOWSLtsdi;~B0j?^XYFs-9yu^rK5I^8wOI7_9>~|20;N!F9&TDz
zX81HUKL@t5EDL%`3ecYtt1;@>IANi7)74`Cg{R}>Lsit&higja)IL|<JjFZ{B9v+*
z5LG)mG4V*_{5EtDTzgaGV%<}^dfoxIM3;9Oht*H~FFkoST<MqxS{xPc8pCvvTy3gT
z3re=aG5I~WBSo942l<$vx=MPs(w~P}?0z5V8vSp}g`JfjlGz4L=XRO$-l;Nl<X@<z
z4xO;;Xt`138h5HIKN;J!Z_QiMvI_4X$66YsYQFEBZdqB%-OjUtjOL!Ixlg<9pckD=
zn%duQ@GB_8AgebcICR>vsK|IXm#FutrX4dQ;Uc^lNtR{Vvu7CcPd_xdP?zv=w1IhR
z_4CWJ<!^V+L_bMew&U7vB-CK@-A#$R(m}@PezeXrJ@b5t62Suw!pvvmuWr%GZ9&C*
z+m5kqNa6YIa9J`q<VhiOG9;zrjLArg7+9{JJOE}D!OjjHdi$kkWsf-MS3H>+(lF+%
zk!sOQsWXV9OqQ!HZ>3!B`e)g3q#!n&D)V4r&YJzYwjwj_y;-a8jsJe1{)*x1Jx{&V
z*LX8!FTZj%)@3<|7*NFLi^!@=*Sk?0ZckO8h;a3fh}3b)$q{W@<9^jALX*~S^0%)d
zI-GMDk!dA%ZlU9U^wAwG@+zS7>WSkk^V2h<D}$c9RhD1-PZk-`CJqZ#C{l+Ta<-b;
zXSlyT9Ps6v1*HkY`S#llL)7#f5wAn1W~Uc7+1UzwVXw^3D%>mh_*wI&FaH~jKOI?|
zmpTC9<z;`ZfQOr#kFW{vSBz>|m80;qHr?aXH0QaRR9mUnebk2PD&pIX(nP`yi;6bv
zS!HqQKxaT%#ByUs#8W1=&a|@1RO-Iovn^vR17blpa>|a@p0}h37BVyQJ7nwXL)*P@
zb=6On2U|sqFE&K^{Nz>OzG7u7a6adicY4hOHM6Z#vE>{Gt8SJVKZ?%Z|E|KhJy<dN
ztFI`Nc-)<$bq0$X8<N`Z^m{7roW&`4q3#eYc#z|;>hQT$k1qJozTsNaQBv#cpL2hA
z%eJ7?JeIW08kBF}^xO)M3aXO%Hew_6?d{l|KlkKQQ^dt?3D>!ori#vt%W*~S5;t(a
z`r^tb>LW_6bgv!O<E=!?rfO5XT>oC_N81BDj~6U`3dSam6ifk|>q)EsyhvfABDHe4
zM&G=phWr26W6S=87Jbodsgir6!vVR|YZM(Qb!$7muZ{~bNDYbBIdHV*Pk6LW{Cso#
zfNvQ`g)Txwd$*y!@i;{fCFQ4)O#jMoacbv<B)W^~X1L)J8vb^P-4&7go4e0tjV*T8
zQHa<``L&L-&HjFT9tZ;mg_25av4!K8tl%T#8J~k9ZFQui71@(ctHyWloH9LE_V(-O
zAUl&t$elXF^^{pTbcuBB#ouIJUQCGgP9GL$tPxn8Pk(CI0Q|ryi@^jD|DE2;j$xCV
zen}L|5+SEf2W(l>K&k1(bY0O)^~vq<&9`V-N`|t|+gMkIgF1G;yy<fdwdsx>?Zth3
zx`~&I?<vRgX$)ta5nAk#5wNt{prl$79BNUdo6kSZZeBj3lHaaTAEIZ^Z>&S}XY12o
zlWZ%=JeJd5@AekqYezPJVA2!+XZ1*791rCcyPI8<j9ly@6rNPn)Z*dYFRG6@dz>aX
z8~HWXwlcw|i5fQvGnFc-D*9-9wc^)r-KVD?iMuKq2rkb5TpefmPP8<QrbSBK+C)XH
zM(SqKI;}v;XZDA+zS$1E`WaFg`XC{-v19Sr9*xT%C%dapvdr;5{3O4Iu0`tpzGp2W
z5A-`i1~)Fy1)ZJUp{m6>)f>tC{`+L_%zmBF3BlCK#K?ImvFiVawf~Oiy6xY<aV_l~
zA*H1VDSM_#BqC&wtfDAnkBU+mmF$@$Bncr|DSJ!y&dT0<eUG!cuKWJnzuzC<KfXO4
z*L8Q7i}&kwp6By?K9A>d9M50uQloR80;+m4yVfV?Y`@Lp!jLB)aZa8gKE~X9k92qY
z&9xo#y6kaJlXAy8k|QkJ-kS(DzS)p5D2jlj-O*hk^pVfsSWJGI=G<##3ND+8E!gBr
z{GScp&&cZYc1*pX<+A3#|ETBAnxirwwz(QkMttavd)ug9;4*eyp;^_zy)K}XoU1eb
ztN7-GhkMrY?2*t`Xwe)ry0qMw_dseGr*GoojrX#_am>_|c4mQx1y*tlmhN4icJb`t
zjt|xv9M_f1KW0n*zG%^btNt700v77GUlDb@XH6w^`#4>se6{2D$NZL`Y1iNCTIKGd
zajvud<_OMY$)tE<<dv-LcY%9}CbOIY0=82jL~FLGbM5$@ecVO4u8DCUquRcuW$i09
zaZ4=n^R<#*Ro#E#XnCNQMCzDiO?>H4L)Ca^Sg6;p<5M(qQo7|IUR}xP9uV;oS6s!e
ztT2(KNg;jZz)i#H?@1416P{KLw$8}w(=>A3jS?;b(!kAnDsis`ozzp!vFBX%3!Q;q
zc~VsP^_2=o7vHDVvHNaxmi3#fw4&r)|Am77X<1i5lQ`?A%x&LPJWYZd;*!{_mN#7=
zm2gTJ_%(CmhWY9h0V}t(+G*WU4VN_%YCiEH|NW`IZ|1C#(W)gU8C+G*R#|GyneI}e
z7PRXYtFTc&xKWQ@r@(z>wXn?Y%{BKIButO1GYKlnC5ie+Ddz?$J22~87PJo(wGQa%
z+_qd!@mO!y;q4}tAI|mIPVsQ68(pt$nf}x{P?O@$Ai5$@Dr5dghMs)d44XiZc#%{b
z+jmLpBw^{0kf*-l63L_HOHZuatJt~=ZthcOt@pn4k}uZB@PtUL#4@AT`VDdQM_-Gy
zG~Nm>=NN2kNs|lCa1cpVx7ysO<|g#H<Df>rWXD<CO*PL`f7d@KBAzd8i6P#wS1$`6
zGnVa9)=}AQOC6kFsaE(sAw#5P(c7%b6ftz#+IO)c?TUwHl5C9Y>Z3CUQ-xIBoK}9i
zJuG>M!jF1a55GA=<xXpQL}1DlS0q<%Oby!+;bEd^vDd52{2)R=xVn|}9s{+9r!HRj
z*{$`{(w2uh!0|)RYIc>V5ARy4ibSb-c80ZmHOO+Qv1m1;#MN|+YOgU}>%iCC5pGMP
znd|DRcOIHvR}fO$XcpaF<|K8>NllgZ-?*E+>30@U%ay69Hxx2z#_e&lBvs&uNVAb>
z;q;ECSP=$`?Qv23KEiv9lVnSmPTw!6(#fvU$xqCzcI)Ud=m=M*@<sIV<2OfWuuWqN
zuFyD(yR>a4wNR!oZ<Vpd0h>2Ja!VMOZpfYTkUPhgU*nZOUDPs_X}G1ops+%|AV2QK
z&D*zHB@eY{x`kHtIr9mHsmC2$_7Csr_4IGaTFx8!I}8$5sn4F-cRD?HDfse4EIPjL
ztN?@Yg}sM*PG5a(yY|YPNhWDg_n<qgW!H1*S8)ukoTX}t%{=6l?z?nBsA4U@+>uW2
zzS>?p=D>@I$37`hs5Umd!+(}h7j)KHd8Y)^VwKz5ZNGX9vMa03-{noab;T-)o_oyj
zHSOI^+;%w2it(J!4+~OKSxV-~zp~gdnj?&G)YMJSD0C#KOMadAqdUjxhR2TGTm3P%
zr)cMax8?m+Ys`brN9ZqXd$8*z5+KDJ{YpGHn@?Mdir)TfUXlEp@%6gaGL^QcA#&wd
za<)cXNL5$s19|=F!RJSWn!;JTWn(&O`>|)X8z<eW3DoYWUFUtzD(#GBM(4KJTrCUD
zl&|!nD|}rkMU#+41(b5m7QL{Y)MP@Sys_z#RKDK$&coL)H#yUt+9@I9J$XCy%C~K{
zpBRHrBzwJ7yQtBq=8ELOJotQfehTZ6RiD(%OC1cVns-Q8`(2YOSkKOTU{l@$s#~i|
zb#9m4+__D3G5An$KTWoiv9wHz=dPySnRY!6%{cz^=aaVvJv-y_Hf6iq(L*aDJlJ%U
z`#;gJdp=AvD`OwvPCk6-MZEocKKdmVh8gKbr6QkMsx+GEirYNyu~O&n?m859&y`+K
zV@T@Y2)lS)hvcrySAyF7jC7gX+mX`j&FgI~uVZE9iBx?%d_m{Qqw`tFyI-K`Lrt7|
z@XN&IPf}Oasu!*}Zn&Jkn&ohsy@=nb^r+QQv>m5tTh@!aJDIUK1Q#3>PSxzBG4z>u
z=@8~oL)AU|h)W>Dt|LA#wR)_(?!9i5YN6Z4cEj?eZ%n<?BIgr126a>h=mi3DNaUbb
z=D+fFu&S9VKaTIyT>5!Bx$)PoPuCat@u<2|>i6Wn+D7Y>Q+Yx9a_s%XUKdid5(FPT
zD*0O0l%FlNq;ipGvh?IOj(6ma_CK}9bKHC%cV%vfJ_pubC)f#tsf@c8&4MS5_hjK-
zPEafQ9uq7=!M(gG>Pps&PzHvGQ|H)mj`1P<Mj01p679J@ZbQEC{c6`f1D~-kO*!W!
zWjAp<3YiS3?DWyo{T3>hu^{|dpi_u>Kzsk8g0J{VR?!;ACJGHVBYXe->$!^C@5Jk!
zzrtkK<P&u#2I)+L7A%EBwyJ~G8|MbktSYmc7yR&apQ|PgRGM_Y4vgqq;u$rd?k#EV
z?i(ISvNR7opI20p?>l*~(bPt~QO%@ms8g>a{nWnk$f2@A;eyvX^}l3mLbkG9s2H92
zmNM%-Y!)i!>+t?;{cd^NTdHp|w4Q$0wo)y0zGK?`RAbZ2l_cD1-k|0?dN5CPVc^7!
zwXbEW#<^MEb*)7~YXha?kn{>x+IU4=MupOzQ6I4!J%c)H){Tf&@<o>OL-zg~-dUy5
z8Q<h9^Xs60>vcOXZ{cgY;g!n6HO*R`3u-+|EesCQmxKA~u1vl`2yk_%6Nx$X;jn{b
z)VKRFBmI2A?#|KA*9P5>#Lj8IvOjPEL3*sALjbu?wzP9G0!TSiwhQkZWhK{-0EbVt
zVDkR?wfJB|Xq7>8B%3T!f+PQd2X>VP-i(;_T!H^`M;-lyqj25Cjhl_Ci^4t6%DX2?
z8ghXlO1Uv~KKfjae&uxMnY8){p|E;S=D}MXluy7v1B?J|!48Xm0=LNvPU@FWf$csY
zz0J!Jqo1;WSLW%pSG?WdT2~$_LS;8Sw?9t%c3t)x#YlOD&SmQh4J>X6oj5FQV<{&P
zrNr~~$S?JOL@4JM<vegd8?D=%%zQ@njT<vdsb=EN=AZgF{G?V(JUMlGSHdxV`di&9
zVk1*rqh>zwTpK2T4yQ;SvbCYx8Fp`(TdZ+eqDsZ))v~{qw03MxJo0U!WciwL)6Tx8
z$CB#y{zoU~N!j`7%)dh308g^-Oe%fLnb%nCT+yD%FVECIW8<$lqbOfrJ<R4g^5lNg
zGULhhdIhCtbM1D2^V_i=u?KmicEOp@ADgS+M&37&EeNn!?KE8V{_N*8n;oV}L2tvG
z{LC$^M3dLE4i5jbC>@7>r@W0^*u=R_v}c=4f+eR1cg#uat4}GW@A7U9TBM4SD~!3M
z&3fa|0kfDsv6|1igYozO;R4v_>@LhyS8}+52wRe09sW<fj{`L0Q?cjwWAw=7J=Hi|
zb#?H|miKpR;>u->=11i&X6#Ywd?W4sui;XD$te~T?HzAA+KqI~<~TMO?fLR~1@pWa
zpPO9-=VPh-ea$y=u9~8-Iaprvz~J7V#yvmJ<<)0=j2d)FElPY-_s=7p?NIphOg|(n
z{b_0s-o1Bm`IEme1Uc6;Pi4hLe;@F_|4Iq}A7*bd*Z(kky?=j0(l7Y)tMU8)(2G_6
z$Arq{!f#FSzaQzW(e?i^p<??Vdh!2@578w{|ALazJJc@KeEf6jVQxb?FvnbK6ZGpo
z-`QnY{a(AQIUTLNonqI1hyB0*GI2?1Tbn>v6+Jd0HU_HS&*T<|ZuCf?2>TJO;tclq
zv6l`a_RXW~!}jcU!+h$Bwtv?IPn*xy_3%)!Kd)io{mmk+tyyb=X{HW3^w;%CKCv5P
zOIyqh7$3aD`_$Fichf+9+(<--k<P!G`rnt&`p;TxIl+PAd=b2#jm<4Dgyw>(s%`KI
zJyU@Y_8E^M@1uuVSo%aC9QyAMo%~^!_pv@0O-%Gw>rOjv?hIg^i=Ow;U9oyR0(7&q
z;h$Ur7QN>q+%4i4^ESRyO{Akh+XU|WlF`&`@Ltm|Yqlfp8hGxiwwv|UKd_k{*PC~W
zAoNOiVUZan;BeZD_n%VGlxH&FXK2;C`lLkL@WLYRu}i^&o0&%XXynumOsaOLrli~+
z5>CHf{gD~Xpfk>!Arh8AJ3oDJ?*Dw`b48Y6hpdP1wZTO6eoTXX`uj1%ACXcRx9K-N
zes+(I*$&W=;r+4#cE(mGW-OOo4hbPfolukt@!8U}#448pi}yARl<+$JDdCI_27`?i
zS9}!T{<XL2j=ctGSHNxZ0_%)9b;|8N`Kp3@s`b-pgjHj9V`riFoym!*DgBDCtAqr4
zPv1aKxUni`S6@v`+xtPa*gpS%Qbw{NU;k=)Mx_Uuj@;UqV$dnaga_LPE`ql@_ECkE
z+C7A?Z9e1dS_h28`(-LE!jTXUo**1;$0h@ex6mj)92B<M$`Eq5$tbU(!G%{ZBey%`
z=x+{_tLx|YwT{bISS_Z8V+hJdmz?`(h02C+@wOl1jxDqGnsXMWI9ZnZ`EsfP+iVN(
zqx^g(VB+w(a#GmD$jIIKx$8I8`0uHF{>tLaHgJO=1h@;r`;=vLHJg<~X{uHIfdgT`
zek7)j*}#_gXW5Cv!Uw+9DMTw=r2Da1ySR2FJ9ja5TnlDNoa$Cy3>g~dVuOXP`hx0e
zsOG>2n(m1xDIMCqX*KZLv0uOPl;#Wa8Y|NH8@_!TnHbB_O8`;-;kPyl!l8EDy0wNo
z_Mbyf{<o2a_n?-ypP#s%9yOXoGkY|WjfCaj))ZDH=}kxgtTsu+^!jJs-Zm|9f(^-s
z4;*lu5HZT<G?FZ4UYzIL4`$2PThsY6;G~IxVOR@`J@(8SopEBKBc0tYGqV9hwV+8t
zNQ$o3DRXo4&@%Sl$6{2&)8o~;-M@ct(%$sU$?sd6=1id%**W+eM3MMp0ZhURZoO6O
zJ|208_1m^>JG;$%e@X&cF(aRUW^99npOpJ5w2&w^&0AsE&|GE8Wih0Q1qZ@JuO6d=
z0|gDcR6uE#qw@7X8(Ve@rj~sA)c8!~%AftyD#}<)0YPH^m&FCE>$7sXuDcy_<geHb
z4V;mZ+7#f>Y*KamK$trx;z^p2a6x`?@ttBF4)l}nfG{c0&~KiXqrKGs9kxek^q0s}
zj@HJVM~9$e!D?*Trx>jjZ=`LW^J;{MC-1RX3Y+;8JdLQZ1z@TEbJHI;CZm11ySQZ}
z434bd$@c2ZoVlyzt!dpk?(5%u#l(b*AG+=0x1G+H&s(@YrUw}v*t><M@1zFmofO_n
zT261$SCRexpz7MbnRfz3Lu*CD3Ot9>gg;x533M~w_tQF_3fuV2H4CB178-HjzYmR(
zEH9VK*vKpCk*P8L;$L~!%;p9VcKp9NKYixqbuQ=G6SMyEdvlbN`t5H*ENA_?Ay>Py
zdkoET?-<2`urN`NAg`P^Av`be#bKh!V;$3R^e(PC=%)lOObv*fG&kqb-s9lf!=7IJ
zczeal)mJos<U2Eg$$)85DY={9U%EHdol!KuS>z|kg)n8hB|W6>x=Zlks`VmW=qFHY
zpf7(~9iu$bqaT7+l)8zDNu)~hrl;=Kz6=hH5azSp7d-Oc0e0!f#*4m~i8@x_m#}7Y
zOV*F5vaxy=_O`CBhp@qgX^y{lu3$p<aGTirxVjsw=)flDxKqD@m7hA;fBGQ1kO(ap
z@c7U+Qv>bywr<8_b@n?<4{ufX6>#f5ERr|NPz~|Gv4Bb|^U)o>&JQ|imp}sv6teOt
z+sXbF2Gn<p-?3(BBzPw`FShJ41i3@I<I!rR@rvb=Z`QA$qTlpLU{8+c&Iqcne<A%p
zQQ`S3%{4I!l`{0(ZLF=g(JA}g^<ad8U>`1)UoVb>ZQI?DDLT=+l5*9yJsAgDs+7@K
zL_B5Ecu$YteVVoeF#yDs0*f@zA!N|mF?V+KeQ`X{^>L_pyQq$io=NMM5DH1Zc~*-g
z<Gi4t)UEg#5FKb8qv5mb+8`s7cbm_oMZkiW_pMya=^oi|w5azTKTdS}&t`m_f*$32
z6^HOb86fz(_*z<v50{;jBLlDQpU^A4KLw8k1ZVIhss5&`ChM7#+!8rBIr%M*z5257
zlwP=()xnnmhgI&!?N_hdcV0__rW6fv)5L+sM8TE}FgFl5_a6v*&!=ZDwQ1{C=XG3}
z|0hP#yXO3r9sT{|^S5RHuO%kQM%3<sAFyv<+^289$&CL*-Tkkf>ZsB<Z8q7hZoJZ{
z_21w4{MP?J-{$}33jaSzP09`nia+~K_9KFQ)O9`kxq;2*OCzgq-(Fk$P65i0a|<7=
zKYj{hW}II*PPb%NCfC)`@d1}S7~&XOrF7fbv;=K=T<V}<v0t%)h!(E^<B##}pjd?H
z?g6^3)GF^Bbdwv16cj3AbQD+LMMn(2u~#6vB(5{JofS3f>gvF%MpzIH+X~(x<ksvB
zEp4}+A)Z5tVx9`=w*^d1pfB_hhMM>)PXHlEL$C(PH72J~I_|q70!syJ>sj4AM6lGW
zH_&5+vKStkrr%o1@Uh@X(caxH29`ps;Rbvu_&CID#?*K*3IuO5((%i^6_8X?kV$`J
zt^+uV6dypPB|bC9G*5<>s$BvHo2cB$R7<eic3jwi_m>>+(4ukX?~Byr=jUftiSzeS
zw+aepQP{eB_ZfWrI)47Z6Wfb6FHIe&RQE6Nh|OSRVTu0qEnN?LP!f9I7Kf$uPiIo}
zVDCa`(L}>>B^C5g3``(DkB@#6x$>d+hi{T;T+XZoh@bFy#=M!f8!8xRg#PMmO`1Di
zJ4A({@H-&73ApT3Kn#XHS1$AqPnwL%rqal$I+%Twf4Z$rXq8Z0!)$v49&2V&1fJzY
z763PB;$;m5Rz-%L4F(z32~8P5g98DJ+GO8QtXC$SZ1zCzg6U`Tj)JCkI3ToqxAtN<
z&ZqZd7|`%kc#`=4uy{=GWL5k^#x0neCnem3)d`WP%q&3O0GY`3&@#14SVLPd&p|QT
zsq*_>a{SHi7a2i;pMhyNtY}gb2B1+UPASF3#Vo-A2-6T)fScI9@ex-nW{Q$|cHM=K
zVFCg7gwV~aTojd+=}f!XG%LH<baZvM${zPsVDqnBYHn`ieaSvhpY%rJnl6+lZGz?_
zg~iEy+jprnYVC|7z8&!B=fQN+A?$-&NLj6O<WD@%#lv6)V2<G%Z3m77aiTvQZ27AE
zO5J>oFx29Np@aVIUu_zgY-H{sk*I=7LrmV0+Qj2^sxIK=zyaX|u^9m|R2LLFNZ?;U
z|KW`d5Cn%66A0T>yFsqzg!Bkr0cFI|0^aJxf{OSY!TVtanLyx0&k<142qkqOggq^>
z*b3^C*04sL263{dB5XA>$Qs+Bbw@B`5!4S4PfxkXc1Zn+HhM69N*y-9>+ak@Sb2W`
z(w}<k`DtWM1<;P1KYyOga`S|_af>~1#lqCp{g@X8e$c>^&NK>W5oty2h49ha!RNl~
zBAq9O=?pNXq1;4onPVCPzjzS%d*B5mlJ?b*7u0wx<n`t>ekgLFn)kzd#m39OziPda
zr4SBFe@kWvs2FNVWgvN2K}WI-22T$XoN5?pX=w?;5M;#@)2%CxTzM~v`9+Xo?FZxd
zipC$VH;s_xF`R3QL#N2JKzvgSFWrd2ZK|Q_+6chL>0^7k+uJens{NjpW0YC~CHPb+
zvq~{Mr9mQPjaCdE&wTUe7+66$+dif`<ZuoHEWved54IUBn3@KmYX%f2_SDaj$H)}q
z#yd4?Ft4er(@Sokg;fy3L>L&h=k|PaC;^A`7f5^eX5BGx3`CSsC@xxmnzXfV6%i33
z6k0G3&|Z#!k65WTh6@~qON|aB!JxZT&z#r;RRqW_q1Y6VXE=i`!`H0{k282z5U~vo
z3?;>jg0oAD3uI0&*pwn5dQ;%Ron6*)Iyfu|4OQMpt+^RI0<h8M{L9j*5d(0L*=lbj
zo!&i#i7vTD$()wMt*3W``*!yA%a4CGgU?bhxdV>q7$H;y>yOa^xN;H3EwqDSpbcEP
z=zTlR7J>O2_=yd~s11|5Ozc|iQ%skvo82a-QieXYZvu(6RdT-RJfhb}n0#O%fd-f8
z5%34hVA~-gd&I;R@JZe&M2`htxG5S|F@xbLYc_Az$FWYs<h)WHNr(*)4Sm=;C#7%9
zaR+{KT8Tu}YP@YVCdM8W4SO6Jx&2+shsTM1)d_RSB4}XBF=@Exi3&UU`0NxfC}7o?
zv5U)4H(G^@rwwjik|8IAYmUT&VGZMIGD`3XcZNz9))c;Hp`827A6Hy^4SFKXCc3PR
zVZZ7Nwk!wqoI)&1@WUx3GXcoKH1w*&e-ove63?kLc?HgGC=<JT9hkMug~{9-42%AH
zGr7rJt$Sw#Y}LSW{07RV!t3aEk|Mu9`$wnz{50s@Jx!^+FaQ9#8X`g8h%y{ZK0srr
zG0DcN5w77Z6Z!^5U|{t2MK(BnWaIaipc@%aH}V9O__ZE6f;8!mHWG7Dh!%{3Xlm?d
zI(_yBwLnqW<-CMtDv#2(fu4i%3mEKa6N5JIRMWk=Mc(OG{A9HKc<neY!Y5f&G&~(A
zKtoD(Xt~U4vv*-T{uGWG6%o>e_e<u{f(~Z7hujFDhed!CN&)MLC$La}4!1Vhm|-Ym
z?&zsgr-(F+f(VdbzI>_5QUTN3B8V8vaOZ!59tkgvgAiR2D^e!Unefq*VSKRA??{y`
z(MvdP+9e6Trxa1X?Vf|613qhPw>W0N7#EuT6($#}4)=rJVHg|T1`Ek{4%4lOiwblG
zuypD|?9qe~V~Rwd5-auOU{eviCNS=jOa;UB_5pVP%VU`eAw2mz9fOFH;FEB)Wi%QN
zV%QYKr~*DJ*WpEIoIatDv9<#_N%tKL8VG_f-xhdktCrBx(@TP^3ok&(-CAZ6aMiF=
zV6aUDPDV=ZAf{lz{mM$c58n~|Lq9OvAmpdmsiA>`rwwH=?4!GEnn0QT1`BMmat+`@
z<$=F9y5I-vDy>B2D9krcU=tSJEh3V+ys0}A(55DC8#08L#%<?`UI>}Bp_?TXQ?Q7^
z+sQrfROl-Xm?>knm@CaGEE9-C`P^NwRU{J?Na8>NZ>U4ijKaU-OU~38JODyV)(xI+
zfhoKsqO`)dBJ&17yN;cnRRR$Y6eeQtWgw0D)I_xa=`kjjkRimNSbF#AQ^UIj-YSG$
z34zTk*j?as1;G>2FypC1`Xq?smlE_YlI4d1*XV9`(C@(Us|dfa6Wb|LEtQ81S0Em2
z?lz+x;*j;8$G*U`3lJwVcs^cHtuRQaBU7uPWldSU2&T~UuMr-9bm8Y-Li|LCd)T2c
zvFj4*Y_VUQ(Wju?K+~$K22x}uk=>B_+>oJye=3M&%Dj3#jc6ia;;<xQGexVAlgNE*
z-htx!@+W)Ex1P&VKky{|DlhfQiY@D_nI^pzPv&IPa8EX`Pf|QKd317{TkiX<J60{*
z8oo9nonil&wMn_A(SBauzNwr%KjDO$U_VpKU?u&5i;yQoD#pEvUw}@Nh<p%qWw4*8
zq=fSWcFu#p(+RdP;ljed38~2`P#v!|B(YJz2TB)-1R}&U5C+L~7PwZpmQMVtIFMxA
zA_apRRQF0!v5CelCx`(ZD2;?aOC05pi1G3BZ-uoQ)Tb#9ODAAL`K7RMU652B(hM?p
z1|u-wZt?)6e_Hv66pa~n0eA~z9R=IhQ5`u8ITx8kWsvBP0mRH}G5Je_sGKQ~B;pq4
zZnkk-yi8J)slg`VkB9`I5;L1v8=|U63iu7dOD4LCs6{$EC!FP-j8m-#1Y$LoyuXY@
z&MdXp+q5QgClvaaMqGQoKTzn-!+>NX)9yjL!p}ZgiE`rW_&N`FDY5#*&P(2WD!q9B
zxdS~&?X9Q?ATO(c^p7Y;h;a<8B1y`CNj*BywKS&N_z*fYhTAeScS2qZA5${25M#si
z0F4omyrH3C|G>b;Su&Zbw6v5E1`Q31z~CevS%kicLlh}@<c9$_^l6b*22g=Qs(74F
z42n~W!Nz?D4`yrHp#CE)SX2y(Dk@8DzF46mT)j*xN$)rYdT^=3>ESBWSa3;Kza9V+
zEyy#7)))dy@Z*nSH9tUFjR-<c7IEqVK7a=s!Qf>K>f0fAgbI|}2<Rq>n;ha`8t)sB
zKv7DO$sW0`w8SbBhCal@h2*gZU*h8;+3R#>uzv}sJtrrpEjWh|IM;%fjYJ~+{PX?8
zhpZ~zs|n%;{(_@-DM}6_avlOV=FlsqA>M&l*YduJm6VjkuuL~57MI*|@M?1*`9S#y
z1W<wk1Y$>=eliUlb0pkADM#8-93<!il>ss7(p8-rYB|i$KNA$9LLB&IV7vhLCP`Rd
zP()(93sesXbR72cmPE^rY6oYSjNyjEBQ=V)PI~xH*4EdfdS6E9<w)W-ZQ8_T)JOvb
z5Nq`F32R~0QeR6-HiGM|JBOvO!v(Wj!0aVh$UqGe;CoM^73k#6{A$CgkjrhMqbtM%
z5H>hm;j&6gH(j`J;oZA;mJ74o6htpNJ<^WhnzX>vV9f(%qX^NQz%NGWeNi$BI<UN7
zHL~ADDhk<ZMUNRiz6Z`B=*mQ3j_{$6)u1544BQFCYX^LCc*kEwUQAf!5WxQI=omlM
zo@O`41LaNxVjbqKkKpv8<jMhlNJ?Euo+KI&mSGA)g^TPg6zY#$U3I{hCj;l8mvD5N
z#znaX=0DZd-q;SBH*b=Mgus6{U_*$ZzB5tdRFiqJxHgC}5zq++F6w<wTTa{3i2JT3
zzgaWFdyJbq2f`e3DImByIw|Q*+<)+36?o?>_QKr@A5h!S&?PaE8`0`2EH*IFffILc
z_|?`a%$SXmOVz1Qx8X%){>w}NhbRTEILLwLzC8(rGtvX(spTKE&VXa>^7!#ur~pJ`
zYfLBmmB<WeXj8FYyOAOgAtpR~nJ(w`Ojt_=3y~SUF!0K4ZVq<Y$sUig11D~yhYC&v
z!I|JVlojC9kEJ35>&ab$*si6m?I;?y4@UdQE~KK;;y!-tfR_h!V-FDZnc3~Q={7=Q
zOIG1pqH=$KKS>`!2Pa%@qQ8J;<?v|dh0YT~_VbE8OGDo9Vuf^r;?}KOmino<LzruF
zv$LH5!Npro7<83|EIB_elSDqT>`PM&msRsyg`Vl_D&>6ykfMuu7%igFuB1$N{CF8t
zpE~7*3+v$wE?S(RcvSuK{8I_vx`u`Xe49>PTYM(s;z(v$gXOEJq(n>?bw8)V5Umnr
zcBiF^ib`NmkeB`|T&qe7+Ym#a;vbgET+m`4Ayl+u<{&P|wHr2MH#P=hR|bnXU~EZy
zN&OuK1qBHXfl7=<MYsxuVBdkS8UH>G2{bv~D2u%YkU&Cs<%qOG7V`DLz(5>$@=CFC
zA22;Ayl|5ywm#-IUW_s^xpN2E7z?JMvfM<=;;EMx6&4;e{!EL)G}O=VR*AMvwt{0h
zd=;$WONsjnrU7?(Md)e~T9NWmit|CHfq5X3kN}ag6kA*mw|PftPyo^*<^crAZvaxf
zoX(<FqxcXX{|Y0XD5t2&D0@7mn7H>cJ^_Jv7|V$wfx&&``8FDvZoKV`3CdE>B-8-D
z{{D1~ms<1;44z=y!ltB<hm(_&B)bU0qS(fsy$UuqHo#|`VD&4r{5rM-?xag_utXI2
zWHGddL`S@BlD0)IXTul)#Ig#^v~)b%2YoRuw}I!W2F$CJ!3!hCAh&J}3+8!Hp|C`W
z^Un4tG8vb!urQfa07#v*tI6yvl&>TuLXgA&j+^C+C<=%p9Kz5Mhr<ZexQ6#)R4q9O
zu&DeJ&^?F6p{yZ(38EswxI<X+rCpFRFJA65H>&?w&?>ghPrM8AIbz?}X*`OUb)1`<
z`;#*nxsJ=3Sg%5*@g;yEkkrj^S0#~9*X=WMjRY83ux{592qMtJHbg_LX%rastDl}(
zgQ&nDx=rsi`OWG1i>PJX-P|@}kmO-T#&cHUmi@KI0cbHP#lM!_SPpwp1VfPZ59{ga
zp|wFoBEVL59#zes^mOr)XF;NXz(TC8%>;JCLy{c0I)S|Yx&%KU4}cju3cXz5mO_S)
zy{a-$f@dQ@wf(>yfC2*ZIEN&jnBC#vOJX`49Dg%rds*<7U8N$(&^NdU>lpgS;VPHK
ztQr!n!^0UNGiFtacS0b(41YN+^H~^g*1|ppQ%-asp+Swj`Ys{{@qc7xWAlSk8gX4f
zxrxzs@V1Kk@Ie#aA-Ir<p8#SS$#L(VGHH!{S=qC}g9dPyYKE;Ju-nn@GGkAs0{CWq
z!}%e`<k*m>!(~TiCk!zy;Uu!%_$G&+0k1Wm?|(>jko)a|x%<Q}Ueg7ifY-0zTs1U2
z6QjHoLc^l|j%nvn^+UY{m7DiiNFh)6&bnZ@e*JpbPLj4Rv?ws_n`iHdz@`*k8wUFo
zVvB-s(F3!-q@<)B%(7>ro>{9PqN2Xg$6PSV0=K`uhyy-zFcSGzTuc;ZyKe9vKi-CV
z9zOU6xJZ@*E9IiwNWK70bid}^-QCBBT3R$!6hc-XD%5NHhYJ949V}~>oNK;UR6Ivy
z+I1ruqtkE^H)c9$)Fpwh5BpIaF1G0O^xs3z06fmmkCj1zaMi#-0=TY0qOv&GupV7*
zf8mS6n_)4|RXh1JXFYC5_mmWVTo{*+6zi1+iX)pR4(Pxh9`M$13yxc-XPHJSMAO3H
zbtk*J4oW#LSWCiOj2LJ@?`k#C>y<SD;f=6B&?Z4a!A}0lYg~<~7Ef_JD^P&o%QVaL
zu;<0kpFj5bsj)`1ByNLn)LQV|<Zh@LJOdjh332a{t^`1ZHY7lZiawP2dIM<<H0)KH
z1Bvi4xz$~|8|(S<U=c@E)aAU^B_(;fE71xYalgX6RD{nSiAva$X57`s;eHF?uMj#a
z&nJWLW|NYW^9l+c!{nQ(!G5}JH5_T-M*F71uAq15o<cMu^qpuh5LZseju_m>`xZ}l
z9NYf;^!+rJjl8rE=ZpBkAW_kp9&SVKi5y|o7mOS9>`A2Gy?bLdM?zv^I2v)JfPfo^
zj-XZ&bg`YQ1{%8iYU2*zkBY1LaZNbm*XR-w&F7w;*$5=>58k|S^Cqmz*P&u0W7|o>
zLjD@MX=n*itT~#@BNEpo8v4Xnm(QVWpp{=wFKF(HFwCiwzeQJo7omI;?2j=H5U!rt
zb#;Dd%3%}`0^%`<a#WTx!IBj|G|E<WH+6Nx)AHq`<m&t<j|$pr?0Z$yhoss?CKX8x
z2aK9oqunjXMyqhc!v2L+W0+wQzo*7I-?k#y-`~4)(N{mNqd;5i!Me`KD-k>j#uw+J
z6bzfQug=FWgd9rn?;lc6aOY+Jg|xB|6>M`#F4Y&HY9ElMM~?oyn4@TBW|s7}$nvt9
z@>@CPFrDQmF^P`ERowg84Gp_u6fR)k8~_?6Dd(vqjNu@0mAJhl;q><Q#?))6nf`?e
z0X?Olmakuz<3b59lt(TDp8~vGpUxeQh(%|^Dz?zlK1Mu*m3S-4Wg@tPi-jzHBqoL<
z+PY_rTQckinuTQ~7d;AG&obA91Ww`xhL(sKTr?55So-R&Cn_Tme<PQ>7>s?w$e6QN
ziw`&{>3hKF=$5&;LXxwSQ#lZNh{ql{Iy%Zm1;|fC`T5b}@Pwm8Bu)zGOgQ#7K6|zW
zt&;2Gjc9ukD<nW1X902J_>#I9g~5%(6icq}f|rSj<*|kYVY8B1q+tfh@SbWN99%3l
zTu8#shyzY;)RN(*9P<W$U)WNdIhvpW@8Z#}k|Jn>J)P?C$(3LXi?>G{$DpD_Ijf5i
z0~=>gSdT}_j`-~c7Ssu#6C{Ev%|fZ)cTD<0twSUg-Iv{hK@(00ako*z;2GDfS+f^G
z8T$dwo7a!6s>B5X+qPx+d@D)mQMkUOKVul}OBjc)^pcn;UH7Jc+OA4ePd*<R@5VQ0
zi|E_o>b9|7KJrqV^wdpMdE+h%$Qm)0=Lxy_ZM-CMuw(HqyKqYZ^*?gCNVl-}fvtI3
zy1A->!P`?gD`8~zkmEtakcM1<zrP7yODD>w1`qgjp|nhRCs5e&>(_bsZ4&&HSb-u8
zZQs6~gaDkKmek;;hEc)A$?prLL8+ot>=cfxCs&M<Y4QU$G+URQtk}<xlu?nXh6}2^
z$E=X^IaRuP8Pr8l3NdsjU%6^eI4s)Y?iNGZl~5HT8fK;clj=)-y|TD$pP9f%<pG-p
z{oLbsdVkwj1AYf{BnwF(9%>YxL^>?*`;pBdXoN|GN%~Ro`L)=g;?*YAxv-5l32boQ
zL&M@clw!yW?S?*I9on{M4?z&%&cySUhKrlK6H^<s@vOMBodInTPgz_5dFUB5r!;F}
z8v(YJU~GW?QZdB@mO-q?&wJ|{;3~v6)J2jf@wML$nOXTYt~A>jS@DAa&s-78hf&tj
z<%~i^`r`TXEQol;Ky4*Mw~-7|QpxfUAfdqrcVw^}K6HC7BT9r56FZ&&I+8)}Cu3>R
z26gr~Jf|<OakIvrXcQNi+ELiui&#XOS15Bi>}Ji5D7=Gt)Jkj|_y|^C6GFXFX08#d
zktrIZuzmOL1)o0|&(NW@oWIMVeT$-i_=y=SpbOK!YPP}V^b5+${_)M5PC{sBH#@#h
zK)|1L!La|f?%Gwf87-Alc7DFTnnp(M>am#fCs0)QLgYY#1UNJS2tafLWq}!NW4iMQ
zN{b%$oJuMx+E=fBg|St5_GnV^b+(vy@9=J3hwG}zPlO_(BU2|u49PfgAvrD}^}%~U
z7LuTv*F7+eH(CUYlaz?+>gt%gIu$g)xt$6iBl4A79r;_y#fZfqW{OEi&b*a-pWPOA
z_`K!w{PxJhJJ|JnSE_xmq=kfXe6Z)~<;A6^!uVl%GSU>+E|pnc+&yB1!<$!KJsBjv
z_b$@J+XMC7h=Rt?BGcd^3^N*SU>rjO?E^Zhz??{v0p+>qTH*zZ5^1CEKsHMJwvLW$
zbe&pKH+hJLk>S#2ebr>_0@HEx-XCjmO9NK$c4HaIg9$1Cu>D8?b6Q$jt}S6bk6}BV
zKN>A}1T9?X56{NdY=<WyP)K4Ofa-oIrnjgNiz5>yHzXN}ksO-1aE9%Eq6k9XgdS&z
z?Cq%}grlzk%xkS)e3XrnQ<8G?E%^T315c*U(p7xtN3(q{(t`)l(a{`tbl$)!7Etgv
zObqaRl8m3g2`B<#?&9gw_rLQb%nsQVG-sl+)Pg7P20E_%UxGhiSwg&*z(AWiWZhj7
zAO=%3GK0l)r3&CX;E>g;mo_dOz)Hg2@JQtWY@%I&7*Hy_l5A6inH6%<Y!p5l+$Z4X
zgp?SDT(k?*`&o#24RUeUJ;MIu<Ks831h2!c{3$XvRn@xw&;F#i28&1K7;gp#GW0Yl
zR5t3`_t%f(MIf<9K1#&VXjPD}f%pE9U0e{AmqfVanTaNgmXY}xQ(X<X*a-v;O6O<*
za78=xlg$)>hNFKxgzf<V1#npSnG<kP&W|6SFzJCIWCT3}71cR(#zT4q$I<`~;-O?Q
z8i&~PAPK~gx>7B=JW@7%9nO^=Y$+tZOT{RRL3mAjaD?Lpg<oc?gAaB^1uXvoViA{a
zWUlb<cv)p&H9fo!M^Y@T0#5mkB9d3}?p$H>gAht4c(*k0969m?GY>FJ>TyU21Hgb>
zpdG-$GI^VmQ#^0IIp21gf?i~+(fEF$eQm2oM#?JExzG8l$98x0B)}K`{0SSI#->7@
z=vW8;;<=^whJIG;EfdAfnGP-2T9CS7L^uVIbp?-5w32}qvE2Nq%m&ab9Pp>8p>2#t
z<{o{0{jk@0b0nys!VP<US3MR+@%)O4icFO!{Qdku0NG74JM1Ct@)NlB;OoJ%RMTUo
zbjWhC_pBu{TJlo>^;0$=Pc1<-FYsXxkzM75>3NcpuHQw&WpQB6k|8qr`Ntx^B1wX=
zH_e0(;v&!n&m|w0E1MFPOOV96W$Xgp1=Hcf$B$QNs>J|zL)GLbY?D+mejha&F|`6h
ze^Mzn4ps9G76n(-)FY!MpYIz3!JxzexRUGl?AaFp0vm$^Br!nbMoY$S0B4NPX@Cvl
z2*9-Me#K`~IycI6b>oj}(N%N{kuPCF0SC?PR8+bj2rgArCf=pb#LZoGt;HEhvmh$!
zS9mhfIk?E9V84nyRdfN=7+_WFEywtIP?o-xT$H|g0V%k3vqqX_7MVu`K+7{TK{<xn
zOG5WYvO+ZX+YM7=V{jaGL|ctk*jQ=7?PF3By3S7MTzew8jG&#r*fT;3)BSV*$r)Hp
zKYu`;vITn-m=*KouB8`Sk>clk{dynu9`T4VYW$RiEVC9@+Ulv!fdRMFR6*c2uMply
z&WlU!m`O*zNYF>*+S@Sas0~X5a|tgb)dVRao~$I_-uV`Q3wakXz9WbynMV%9^CE6j
zOmmvOY_|fq@ynV%;>C{ME&+lGu!24cVS$7P0Y?Pw4{7>(_~XDM^+{|jJ3hD$5Dy7K
z;1M_*h@~j|o$;`=@+)*kVVP4^<%Q)2wSWO%b_Qn$L$kXPB9N@0*nSps`=db>0q@aX
zY4%HVef&5S!IX?nxKYP}Dec4o2|(H#SiaZ!zhb={puh%@S2b;ZyYtgMytTY~9hVNd
zF}S>_T$0{u-V?#n-{7!@qO5+8gY}W3C38RdCqSouA|DA9v?$$s>N$T^6A)lB2NP$M
zGH(d%1GFKDcd<HF6|apL(4zbXeze<5;(<bRIMxzwbdphf5b~*!dcps)tko6)42KN1
z{|l$&W%0&Ck**RR3zp*6+~iF%{2RxHq>>0h^0}{MqtLWN*S8$A2|!Z(f_s7wlV;RD
zn}q^AMGeY;d>k$QVx;2yfYj5(_r$2D`vX#(?=cMa0t!W%)CBTE?Ltf#*KXb%fj$Lc
z4<JK)0rYm<S{RT(ICc&h0)vwdPzJ4FEnq`<ox9|20Pza}?20n*3nGSRb|HMSFo0^$
z<~>4pd0Pz8o!1ApK$h>Yw0-nD+mWBE2yBc#9<XFT6qZN2j{?+($p#yX!n>FFVS$+7
zj6KNQauGlXWdVb!sVQ=?e1Lmob~ui+SVU!L#Wl>3S%IV}8ygz<?(*UOI!+9cA!C`z
z3&MLk0E!%983sslf&*9g>2{dM$^aOIBN;1>A58{y4D=un<}oZHn&%}Yb>J8#+G2qU
z<z#FPi}v>(GkRfbPyDsM-!VA9oeGzQOG!3f@h4zvNiSyn;1{NdbOXCTKi-57{SMO1
z1%Zc*ZNN2;i)<54+H34FU^H9r0*fA=9?=G&BXT|n0bVO9(<i|MxfBYaT%?Wo2yhx2
zBTPqN+W>jO4|?u`p)5SE@Di^CCm`WRSHp68I5dl2O--$*IbCo)HS3qMvZn}#WV4Yf
z9q1qmX+7^a$p9WV6f_w2LxJYkVnp6S6cdm7pF8=Hn!;&|Ljs~*C1xWbvIC`}yd1P_
z2dm;U;^*&mBwUV(tOCFb+glpAyRQOo0|$W);TFLrA6FBG(v($mT~a#E$=Qxxp)T$z
zK0ZD)cuVozOv)db(3F!sV#3PGstAZ3FdzCvr00gt5bEl=mx(I&WjMsZ1HMPf96<Sx
zFvJT?@<*&j2=D^t0eX6R%nS?1`=lVv7eHLZ01LOFC!&Qp8Ut<p{l!4x`9Y)<+^$H#
zEqK?E6cqIpiuGb7mYCfkf<6j?0Pu&phV<xJp|9bN+V%q~F4hLzRsb$n1MR|r+z7hY
zPwX;;t790%xB0VCXHiPKQp1WMsj@-gxwTDcZoa%!JV{ABwRLr*oSz@-?%&XG=2zEE
zVEo7^&nFzpWp7=&Lbes&BO=^cJSzwa$)oWByi{&Dms*&pfUM#J!jNP8iWMuEWnQgZ
zTwDY%D3~~_;2fiS9+#B#kXIhVTsu&-s79Ryq|8uVU5$obUMs=Hv6~%H1KXGLNnXSx
zYu$AKkV)`G`ap)>gE}~k#y>5;$?L2s*B39g6N@VZ3^H5-;f4cbEacO5X;z%b>9H)~
zZ*_4s5jM=`&6~-k0NU!(j|uyoC=5w^6?7{co&yL7gg6JhBMuM%l1fTr4?DODapMgW
zQ(d6VKQUMs^$;y+Ys79Siw_0h6MO(1)7N<467qg<spHVS*=4nQ1I-u2W)g!D)jgSH
z?!(a22`K`m0c4}<(SOFL5G6;<_K<UFUB6BMFhVN8S45zJHID(XqLr(`PVxs`hXgUS
zt>LoC$gK96i)2GM6o{nEmEE}Dyn!UOc6aBYK1E9~8@mn{I%djb;eB}xeMj_#GtUW>
z#`+&O?K7^H4+IYnTMWwt-NGs~nb6vCmbo8u^4@ZS9wXBK1mO|RIZBBJRKJgAPclCr
z-!T|K5t2I+a!|SES05&m^oZRmCWq7rz8J$YV+FS1rOr+cTmT?ii<b&y0KT$o?jn~v
zhLU#A3ET51X;DI~L(WU?EQTFr4Y)vlyX2xNABC$JDJ+iK2lD}CT|0s1##jVwlEjiJ
zY5-P=*%d+75#_k}B2fR4v54qJq7rGt$HrAjnydKkS|D#I<z6*1k|IXg0%n@nLhu}$
zl74#OcYKiS{MkEs`*0LBx?xfms7oU1R5Gtp;s12!<m4d#)qi$r>(7>J?QdcNQ*Vij
zH+EQ<y*#^CAKCNtM9rGuoZPPgD_sqvWXA^<_`SXBVs+-C(@CXkG@nccnxVgf7Jk2@
zJAg@&XJdgLZ9U*Q02CR61-&s^i-n5wv<{i*M++VoH~=|yb^H<EW(bp`9j^qC8*9Xw
ztt6OT^3@G<`xDkqKXPCSIT{qH9L}MVG_aQkT&d~q>>Lr^YcCq={okJmijs?)U+R~0
z<!1&?4!|^H`saGb0Ss-yB;g>QoAn)vH-3g(2VoHH%f$mPbV27slgACGv)hd6cjTn}
zC&_Z!vh+>zq9htw57%nA|13?P!!_!&^D#S`pS9g3E{0Jap6uO6AIE2k!y*buQ8@gL
z2#K=4;m;(%P((U@>X7Mfe%#s^n5KhFjemDx2!?-&B5y{WSKM>yHwLuf{8ve`D)<14
zt56;?^(j1zH_|l`@O1FPQS(Bv2FPqfl8D``C-9384omjp3QukT1bT;oWB?}gZ5FbZ
zcrZoo6%N!=?eqhDtC7qL|8z9g>^sW?6ZxIMb|)O&k#A|idX@wn%{lCFKfc@hv9)Gh
z!geeb;l6;i>}xa-(WGD@3xXwsS(yjAg&W|xSK0RagVJ0|`SiKRRDk@SOr`j1CrbQz
zN_vi=ZgV(|Y76}+V24M^0@~gMUE->)?t_#RD=FvwzaP?Rdgt+i9*RG||GTpIPWj^h
zpuoRZ;`hIn4F13VGX`!g1*8xUH_{fjt(f~XQB<ayYVufEOOSS{lh43jcEyGDE>CHt
zyz7%eh8WY2R2q8`xar*A<@x6$+pg4Ohz>)H+xFRh_ohuVzL~eSc9&}GO-|%Sp7b^O
z0>;hsVeWZN4{f=Rr>EyrD(|g_Bj))!ip1>2^5|Vo{qOe^VqnzL(=#aacrYez6C^rD
z9rM_F^laTu`(7^7uF?p#hUy<N?T<ynW@z@MSH7(><hwO|jG(?1e1AXE&lV;Dfrnvv
z(jEZ%DntK%|HX4BB)%4BRV=fx;H`eAX8eq`$P@l@)i)dJKHr?nThpD+MHh3h=<oN~
z?~Iu)&y3VkJIrYQEWslOzo#C@D*GJfYO?mVtY(OojT#<~6pyA>N07R;;Ir#SQ<7VE
z+4c?fe*XU7)08gL@m#y>cF|~$=-Cg(OUrQITrYnw8~(&>uy*TeXIm7TroV=_N`>&d
zEM9!Zc;WLgqvC6aB-b4}bSSsAwm#9I;?124=u)HUf6#1<8k`k_^4z8-x3)9RTlmcQ
za$Kmwqhr};#suMa%Bz^D#|B7;a-gZPu(c^_`?)7O4lT}@Lhw~k5tip^`R|L#ZEU3H
zOn91f|L)(t_R{3`ow){1PW)I_wU1k*%am<}7gS0$KAp$jef*fcC4eR#?Xc_*p=LwX
zUf|=r2n=*J9l6@U!K>f8^PXy|{X+7oNIBOf1A3SPxBKkk#T2g`W(Rv!Rf!L}eVc8^
z1~z~lG@&~l`F!4_osy6_>gr_bF||)bLl@rx*cQsJ;>nnR>%CP^aKx!7aC5wo+VnNr
z%G9VO<s#HxQW$~!`n=W~$)H^Cn<7l@poCHP)x5j<<>krQskM8LAK$wE!i7Q~_Pnv_
zZnLqW(1SmfEv=60Pg<y^F0MzeMfwKfJ9m<NA?*sq+O_P9gDMA{rr8s8Ds26^Z~9ki
z0eoI^0>Kntg6Sfv<aAC`z-=@e)F@Nav43~{2>YmveSAb^4-J>jnik3R`>y?5`Te^(
zjPs>H|3ME=2kJzp5P_Q??dv}5a~$dGJ@Zt3nd-s}9V%)(SB4*tSNTT6>(#HQq(ek6
zzrUgMdDblSjF|DDh~-^{h;LXP{qCQ@hr??607-AQTW%d^T|(DYs_{rPEDJq6A#-zt
zuFiDB2sauYPo5Z+t>wugIBqAStFB(ZUXZ`_+ZunadxkX*ZPfz}5&*a#SVU~HZBF1V
zU}gqw^is0>;UaI=t^_0dVqgBg5-aBqSF4Wbfe@Ui?1t8X)mTR;5n<ZS^ctrf_)qNl
z{k#1y3i5h?P4t;PbfY=vQhn2pM#vANJm<|i*9{sOv8ts#bDWzjk7|$b^_{2o2#R4-
zS1+lfN(#8(<A6*K*`*j7fh{G08&4Kdvr*)~;N6Tm@Jd0!wL1b7s4>uZ&){GTi;80I
zqNYBWc3#dyo6hZF_u94eCrrkJyo?wFgJ#~PGH6JLWEBiw{(~Q3JMGh{=fw-w*R$tU
zd%O!J4X1Vgm4l3j@dhgl5(7_|dPg3Xk$W#EbKM8|4i*>;Gzp=RvXBJbJ{}<GEoO)R
z31xpHMRvo9-q*v{>A@(@Ooy8790wk(qt+>SwMuf+rl0*OV?uUx7mWfMcN~>_#HnA_
z_N!I1`~(Kb;FHR|Ra|x#Y1vjdsD>`sC?=TiJ}mWctnZsM5FMxwDGBE#*{Jzy$8e}8
z^FU$S0Wr{TcY#EVP&HfXq~vwP3zL7kfAmy}&Y>?WX#Q}d<YUwh)=PIIDk=&yiVxN{
z+#G6gIB72?rrR*cFg0BDDGr?S$AC7_RMx;ypF?QVSO4uG{=0tD=NDNNWZc~!he|Ik
z3lzBRdbBxc#=cajxY*=5E+@+Iz6)h#3vTX@?Wl_q^y7vP@mD1_=yMs?JIzk?es8Ok
zj!Q`BtZ2_G_7e<Qv3heT8nPU=2RHWCgo(cpwVmixd_v9qwKAfjzc%H?%=(>SHkX4Y
zd9dAah0^xWD&+=ydOE4c<`ow9ZqA#T8!HQ(5Qcwtgi_@pSNapKp!1OFesS%G*UVT8
z(9$YRG5^nsEDA8NX(@auc&r~6H`KT^Z?(Lqhqkt(bmMRXoqkkQaWJRP0kNkGZ8IUl
zF1ia3FI5|_ITtP~11nTfH=5l0R;Jf#U(?FSNaOwd%oDbmxm~7C(LXTuop<ludn;xW
zIQzv=!|0ebBLWncl;B~D;#)vxe^uFY9yr>H_qoOx9|CjAHO`wDmhDAT)3&<gY3LbB
z(~<AGjK8~B|8<FtOwBME`g*Y{c?1b2Rir6ZS|rVUv=e+66XSVMM)o@k&O%Rh)y~V8
zD>wH_1Ky^kE$HPo#9qaQ;wv&|S3k(1-NpJ*dH0}^Zu||?!TD8}qJA|-IaZtiBVayt
z?l!Is_4&t6bwfxqJwPY$c>erU+vx|3?PGs9U4POiyuwE!lQP@%khMSqv@s)OVt0!@
zr`sX7U6<1ok0VtQtBW6mxG*F(gT5&Ao7kt@W7HJaugCf=ET|&Kmdf|kJR-;R6zq>2
z7wx5^bpLPxsKQb;uH46Lli3okN8AQ-`Xz5W$yPy57$zIVr0|YL&CbqpW|VP?L5Of#
z-l=AIzRytmkeuwyOQm*(a`S%S1@0^F)k`=gL3tN_N-Nea6*O(qNF(w2lcupTG%G(e
zCkl1%K6zPiS!CKDWXc4cHe2gy2hn@WS5bUOObm6g&^PJi=$>`kwUkA*^WR<m=Sr)a
zka?p+fH3LIWo9FT#lK_@z^$Ac#XX1_aH$}i=&7eRYy5?%+(g6ZEjoT32a!Ri+LhL9
z`lB!q0@Sz|$y}RY!9W*7eYYWb=%uXRF`KRp*coIhS7YP-U%uA_?u;<Pz7w$a*4^8`
z!L@a5FxT2dffc}TuvPr%M!9d_9vO0Vz;(daVX9eMe$v{0@F}VkFk-NY$9ErlRy!rh
zJ#!SR)0koEgUvM7`RO>MJK9=Wr;tT&KeX!hWPgf?RU*k?|6NjCRL;K>P7yulBpx0<
zLBSV?jrSCrcJ60n^g@gfvYXuzB<0h2d}g%n^7ouoAdjhM+F$(f;_%sX!lz=FmdZ<t
zi<#Q`U0+<b2WBBICG~UBQN!(x1grALHRoJ*WPLAuf?{F+9?>nkw}<tYY3svUyNcgt
zPzWECG7sPzh0nI5zAC<By;UseYlulmJUO)s=p_anfmq%~Ss-#(f{Nv;mR4!b1)pUA
z8%Z9u|AEW1hC{r)t{ZU9irXV2ms;1Y-?v!c&FU|m@Mb7DLjigD<ezd&3@c?Kuw!5L
zYO;sGV8d<rPep>F=lRoM65U3ONHY8=)BRwv)3m<FKVZ-P!?vE>#s3pMoTiN#|LO1j
z`&T2e|MvV)-Y7yXM8H7cSRH0e4q)dTgi>i^^$6v8+%Ukr^M20yg2Dv)FN$P*oF%HC
z?d^nA2@D;TjF=CG3TwB!ySQkBydPQBD{?0d3?+1B&?L$f;sKrnfDLBwuJLRjHvzO{
zUXn)f0T53Juq6ACNGd=h%nFfqpJ2ylOnZvw`n&G)+ITU<bs4PLz{=41n;_O*M3;v&
zjCs=4r9sx95wg7Ho;w+biv+0f7j#Zc1w5D5q1bDUj?I`=*~Y$90(kBmdaH2xKj%K4
zX*XvMoz;@r*M4;4i39^T$YN()y5-1yu*PU?MLF6_##^&i5R#pwWU)rGgZXYD%V%gT
zb}24lKW5MUr%=nz%*CG*U>dp^r9lyls$o<9xR;T!Gc3>B3u-?T5Izb04k(V-0Gbfp
zK###}?!0Du+Ex<WBLe#4V=Toi6bB0jfU7;qE;0nH^B6BL86@B^lk&TY3wiO+GGiaO
z!PuM7GoV`Yo&ym54P64AOC?^H0p#M-yg@4rQe0X{28|i8qsVAzRG?cJ8i3s2GBqW#
za0f#XAV$+g5o|xMaS_Tfs@CU7`ZC8G$%&gb^zAgG`1kA`n*^u{WV#U5`-UX=(<Y#`
zfJyA`>FIXvIft|Jb|8>rU}bHZRl=#nPLUjx?&xI_Y=eLI6S9`gr;hw*QQLdW1W@_{
z2Hwr2p2mk>F3>;Gx~1W^GZ4;RL>p}x5p1qnx8o)77{cua-bhGpXgO@Wi%uQ+8$dsW
z{78Ju0C5sX8z3Tqm_WrRgS)_7I3<J>3V_ySFcpDYi2}1xg5Hx|J?&CGnO2R3K!%gf
znr8-_793lEJuX?35P0CVlA+-olVFg*>|X+K9y204vD!s_&&bAB(prmVd<6!KAXw7y
zn;gW{zGI4;N&lTF7Qk31pb|!he#L6sGBLS|-m$1QxV3zQ@(kK88Bq@2dxoi63@}fk
zrNJyR>|DZe1N>BRZMFzYOvE10jA6yJ0q&q^(zhyYLABqQX7vK7FPS&#?7W&_g~GzS
z?}86c$93%_p3>{4vBnSteev+C)wM<4tq0VbI9DUtr~pt-dfIaL0NE<R%RC>imW*M9
z-WXl#VPH(yM5IH6CcG!^akOj6z($bKOy-f@K^U%uHauEqLFhNM_xDQzZUCFO%si(Z
zOanijn{-r1<X(~?XuAbG!2x&7h({{%=<#DMu&T%)9oV&l{EsPeC+OTnuSZl|n+6X8
z0wx^v2LK#7z^``frrRqZ;18O?ag0s^(^?!PIU?U9%p#!fzb32+Hv!EjW^5loW1Ya%
zhv*~Fo&5e<960M9fSjG`Vi-e*J{7^t;;!Zpr2yeqOidyh;qJhIZP~CfqFy6C*R3F=
zfat+|=_Q58!uWR3Y~(TyU{<Zxtw7}%J-k#BCkXF>hUWa~(_aN+jREmssO4)k(`##M
znHnl9E9){HM2Hj-O$Q7%bOGUe6c>e~p?%MHMuI?Lyp0RkPT1~{!8W!w+pcjF{q{#y
zN5U++Sx*3<(gsO~Roq&by+dZR0ViYz&JF}!4|@pQ?Xa=8kdq8HUBDqB4-Z~D(Hnp~
zGzHJhg6;Sj7Z6pJ#(fb&A7$SEuTa{)8?%7`S))@)CK{mrKy%A<xb+mpI%?K@oDhtv
zUbgqo&;@KsfH$E4l>ah!DHPr*p1O9830&P{zX*oSs`l9vJXKJ+&LQgeU<e2Ld2$}x
zK&(ZxmJ{nnMxlWf1N2iLUtu=XtR}vWoMnKN%<O$FAeQA492qiHfZ#Go&;Wh_vl)$&
zhZ5nkNi(yvqfiAP24{hn08#9A{7~)uXZu9E6{4%qKq1{m>^3mySGR)I%4OUf2-@~B
zC~~kd#Uv#+;C|s0aQ@9R+yW&j87_dY>wyppieX_W5y)&T?rR}`IDa%JY>8kGK<y*Y
zL(v5~i#=yG*-x9M6cB?u3#=_K#L=zv^sZ>_fiP5Oy@^n9Fq(>VAX@CEb^{{^-Ix{~
zPILrMA;1wfCt~Vrbofx}Q;=i?Ff6n}vL3IAd>dFCNGv`mb~!<v1X1W0ULziYt5;A+
zC=j29^H%FgTvhy-jRpvu3=G)7a3T-@^cXyK(4Dvs`9Ao+JOZdrIQbD@&>6alJ@Y9w
zmCTFA*&TNlkHt16R5={`GF(z*gd1SU*XZynO->}Ctw+RXXo(O67LYOF0wajVp?eYD
z#M@#^8n5|5f<)zjv4Agd+DHr`GbY2v_FzX5f*siI;9Y-$`~jS0%mm)<N^|@^kateN
z-RQfFOip&8-=LHWbLcFPg$chhegHp`NM6zF<HX=h=$Fo7Pt!sQAENGX1B4UoJoFkQ
zKo0aAdW2_Yxrw$UHdzPIV$!?DU409?7cx?hPJKV#wR50GRECLdb}YMz07G6ST8m^>
z7-3mr?vvx49bg}=*|6at5_4jLZ@aWGMLHs2aw4}Ij>v^*u^2ZIZgY%Wp;^6pH8{wA
z0(ahKnR@&Cli?189Ze>^qX~t!*%m0t@K_s5!7ICfri&;N6Oh9X0`~t32P<Se<rrpy
zTq?n}6H$v0fuJKJo4gqQF|5dI`NbC3{ZqG0=OrX3>jNAvEcykAx*T0Q^gF&_-Qyqx
zfGSgBG|F~n6zU&E{^sgxYH%~4GTm?z0yoqJ+`Wf2GHh{?)1y$LATuhV89-Fk#WsY5
zi5w-c3KfBPVufVg2QW1NQYC;DlMPjPkz^P-{v(|qWq8q6&;nsEQ#POp1Dm^*ICz|o
z7O-_BBq?xg-atD=Mh$dy=s3Rh2FDiXSI04`4Q3uam?3}xSm+edp#rwN3~%xxYUpuw
zw*1y!K?90AA_Cxap*hIc5bu4#`&UGVB~AR;cwY_7?beX~Ap)`2Bzgx#F$6^bllVJ4
zIOaC2g??b;T~G%=3*deGaV{O#F(I-eEhr&PL;X-tR|o+B(ksf%dnB=mh~OTQAmSB(
zZ37v%ChBtR=&#?uZ@UZN)};3bv*XTbSj{sdAQ9Rq4tZN^>&t!&>N(Dr0XZPrg!gb3
z69BjC&K6@ceTOuKY*!q%4W%tm_#BcBekXK*gno1&@oK0s8Uc+=zs}k!18y{?vg_;p
zar3wT`W2boH#Ag+hjyJUBq=6Ha=*K|f)?*b-;p-}A}u+q6!y?5Q?siV<5*!Q$7Tr+
zAp)Yyg9o{sGDrcgx<rn8*EH5F8(d2=KoT)ZeozKPL0=Jv69DhIo{WG-h%3WUpAB0>
z^|P6HN^{yw<4&ea<jns5%xCK4vG5dtT5o~&IPISA30@8^nvEV7_#ntQoRL-0GDd-T
zgTCo2JRRBvVs#nN>S2sv7H(b4B?*eRLt_{g7h1Zys|d3g(rnLBNs5oqzk-L4?qU``
zVu2S+&1yH;O}qu?mg%yJIZgv)Ze%#hcl0wsV0fqM46etnz)bv1z{<z4u$Vt8jdw~x
z?h%lP$en`*-;n{-W#=&21Jim%ZxaRt!aLd&dH82zE)y=kj+HYPNGqJwjz1Y<aY<3K
z_p-6F4o^-VVrCYPQlDi3mHx}#<Et(~+lLU2#FY~fS%N+@<e?<clXr^8JC|^*iKB<8
z_y!PDv3p2I3+VFk+GHZQX=(!TL*IRBsy^wai*igCzJRi!sj<<uS_XC(G^lkUP+=*E
zmqhx=Ih_d-9Ym4f9B+r7z|ju(J#p_Kv+7V3d<$6Tfqpxox;X04o<t_v(~>Ddfdr==
zfdiDddZr4*>y2R}3+lK*<loAHXu1p?H6q1kytleMPFsx7Zb5t`!$Ht3*ZQr4*txf8
z<z?Il71y{#E4L(FtN7YFjUK4Bv9UD5>V|6nA_R6cefA$cT6#@6A6fe@#*N_ooCfm)
z-1i#6JbTcQQ8nb^)q3eD>1p8Tz^>&!l5btBexj{H%mQzK^0EBo%a=*d6KzdUI!Qwc
z6a!jeK_sx`Mk0bA2zcr=TZV>IaE}oMGurtQ@f*HmWi5l+5Y>ght}8OkuCX$a2ym<^
z8yp-mDd1ZJW>_mywxLhTOMYNG(+E$2D3=XRBjWw8#7waGfK}?^PAN=sa#~4*Gl;_*
zJap4isL>^p3tj<|)wrbZAGR9wVZj4E0xi{eV~%%PQI!!p3cOI6H{m6o@*MB6LD4RE
z9ID33xApa1Ko+pEURgy2N;5+<cl@M^q?;<l<p5a;qY}v5KQr&k{S_3VZVK^Kx;S~f
zI-8J~QT=oxa1f>dLhLX|$sbU9;+jVi9g18MNg_*8M|A@NXNp<RHrUS`w~Vq|TC{^)
zSX=Hf@EVd)f^*uA$A_?s45tAzwC&<VMMJ#xGJ6O!@cGdVA7^lvkEjIHza7G6{Vf`A
za7eb{azZ_F{rhWT)&!TBU5qpKLr9ITanb3zz1>Wd5a{~dHZ$u;9m?RWN7f<@5de6b
zX#T@yP68f&$kaMfLtjOkP=c|lp<NY`8gHNzeNrG(?Sq3x$0oWOnx(!k1H9ha+WM?h
zSsG3CYl-zDfqKt*#Y6FNOp!YS1O(&x!-o%hxwyEB4$9(A!n{UbnbFHJ3Mj#Zk(%8L
z3ThH83qdadnH!SY-!yS3OCnH75sD73+cXOy>=@CqgT`+w>_bkj1h;lITsuVN-BITu
zjUhA!Fi(JDp>C12Dvj@Lj~$+yD-Li<eDL5wh4MoRyvlFT@L-9V8#rFnB9&SAwutee
zgcpKpc<-S@l)HBA!pR0q{>$w14dF9&<W1lS{Ell=VooNMdb>b4L)2aa!vuUeE?cap
zXKzDs*%zP)05Kvk6{AkV78Nc=U|}LAH8Mjr@3MCYM$fnZr>T5;-Wiyhmru<RuP2~t
zl_PHfgQpb95g~V>MtzBR4kg#YqO;qL-xk3;f)wt^0x0K*l>^W~PwqSpwNJP1Eol#(
z_!bsff6RT!;>E?yYZ=$F-761gKDTVu=~&s7r=Gpt(er2r)ynlxUhZeQzhmpFWmHzo
zN6ue<A{UjlH}t`!<*z-S1@{lmol;cV_SWNNibIXpW}B|!V$OtB@fM~0kY>I_JSLhl
zRFp)BjEloIZvq&A_A#2lYX-d0RZrk%bdlDlDIIdr4-Xh>?uRzmG26#DnBOZNP)(fz
zyaal-P93J#!{;SH?UQDl;s-@mOdbZPbHirvy;{3rY<e!LFxul+SE9uGqInF|Meo$l
zu}eGj^}AIlPu2uy;;Pr3qelq)f5>~ws4myN4G;qhl&zxDh$4cbqykd5QlencB_UD*
z(q#cEB_draDh44fjf6CaDBY>jAYF6ax;^K8zs!eOvu0+k;lnw5EBhbMb3ebl;to0$
zeZw@BSV*hD?k92MowyO3cl}}Ss+&_TxK8iNoG^erp4P{e==-#VEWF<hL~W$!zlUB&
z08DaJbU3{}CgJ&OZ^L#Eu^E)~wzwrvPioK8-OSnTFpjN4G5uSlCez0K-R|Q+tqr+k
zwHZap0BDz>66*+I5y$b;z0`PBaES;=7SG!!RDwfoGWBhlX&cnz4S0#?PB$uHjHTKp
zzXl^{PJ68USAy9$mkaeJiiAua=f#BuIzVYq*TRq175_I1*Fw^{!>QVL$Q(r*!TBV4
zK89)$VMrpE0efbWHblZCPBI{1l~a@pz=u`=SAPmfq2bp{fUiL13#ch>)IMp0105Zt
zYC>A*Oz)2<-*S@xF`+Vf)kl2ImFS3@V73Aw1?2yaSH%ae#4$k-6cs{djj#=P-FK1o
zJ5jVG8`hdOx9cPTFM1Y!prnmJ{OAYtJ2lpCJ21-xf{wBh$c>~Sq&iXj5~=3ZzfIc^
z!$Q!!&=Hz8^{dbw*3Q3YT>mhG9>P56%z^WfJS!(x$<N$>2q~Qw1q!Ax75bI|c|sTi
zATeSV5iTk*9sU7fGIx1N6o#rL7F9sMoPT%u0J<FA&?8A0orsN>>;~YVs&1s|e)Qn!
z_*OH-R5pJ8#|Xa-DVP-kS$-4!6oPY;+_XI4fFP@r4q=Ce?Z>({lpzSkvv7xAs<8)g
zUmkf1@C<e?E&@=hLB>F#Y2px>2G}VylmIU^p7%%pfG`Cw@(4Y4Eo%tFfRX<khn2uz
zG0lT#eWc4T6+8gLt{m(B2!Z;FbvFg(2r<T5X7bd_gW9R5ied(dChAZ5dNoDGq?Ssf
z`%m)&)8n0NY%6X7mWjJD^lC~Kctq5Hq<|S_!h{j3mUoaK4A#FU=B77qR&3!!<<?#!
z-g!OG+GH+;G5Q}do8hq5t5BOF8Z=NqfWTHlv-Rw_9;oPf@c+8bctH`#h0sdiyL{~C
z&1CiE{a4}|UPa@7nMevpN>Yx9WSm}wnQ$kb4_M9vyhjIrQUVmkXIFkD1K;Ijqj><B
zltC{fGB@bJu_WUl99$&!e5>7ciHs{yVp@b|+Krexic=7%6^b5%VE%D?MB|s3_GL{q
z8DX<fWU2~Y4hGDr#fZD89$4aXSizXALQYdo)P2zEgb08Rkw^r9w@tLGF!s0#j=puV
zytK3qfTN&h18DXuZRF!5DGE@SUIXhcz$7?07%Xc2;FY7FQhHJQVL%7*VCQlRv-nnb
zMtZMLxrbD|-;In2wb_!%Y;&yk+Vj|^p>8U67|AY1RX3ChGvgaz12?~xNNNnz`}z{D
zVq9E5B8)_x7e2JE<9qk54Bf9X7$TTJ?*n+(+Ij6-ckW0L)R@*j>S}7JR#ss)ST!Du
zV2E5&u5bd}U!@#J5zvEP08nl-X}1Sj*}0r>oFG5s%w*^jBp#-3#BI)6+Y_K_3RtXm
zV)+D2SH0;nm>)!V1|T75P<4Co<UGaIN0rEnz=xBG3lxQeOk`~E-YaiF@&GN^t-E(u
z0hh;4frpC7#h}BewO+t<@(W1cB-R?0qg@4f5cE90=9&}LViVN4u<*n)nF8&`bUz5>
z&3TW=pvWUe_ZVLgyL7^p1Sx|^i&<8S2fkcJX$peYGw?QWdfbVU0Ad_UX8_~Zp;b+q
zw8EGZWheRw0>MRfMdlg6cM`i~#OMehV;|CT!Ax?i5{?&`-nuA{Po6$Kp1Zv0gA!H$
zjW%J(f~o+`mV$3JnnYU!)k+p5vWRd3DugzdWhe3kpxCECp+hW03D%tqGQrwG=MOc;
zXq2|7mJ~rhMFPPGq5}Rm+a#kHck&_R!<M~A23kWfcp`TeVQCjg8o)9JVt9J~rSvw8
z0jz5m!FMFHDNKo8VxqSI?OQcuYFwuWI2IE?tu)V}fAU3V+%T+)mW@0|n5+@m4&2E=
z0Gb6bxWpW)2rViF8D+?ejjcxKu7gJuS118>B&qiS2Bt%ZWscRfibjT+!7I~CINGKb
z<GUZoU7FjE>ztYbK<oo_C(V=P7*wGo)<uXWb82jSF+;M&7G4=_%+&r()YQ6Y{$kWK
z18_dTjkm9#WX0kGT{#Ya;LsF|=GMYAkUR;HnmLVeAcoJ+Q63PKH{uias>O=(;zdY%
zCMo)e`REff2Xa*7v!@u)2KV63qYZuFBQbX$i8BJPGXagNkKZnY65T_D8eQ<<Qh$i%
z&JT-1q$`D+AU*h2B1>RXKvaB)T{;d6nUtar*I&<{&hQumwlJg%=wVf1qBJraf>^t>
zegibu$q#!qn3NsFLLF~T=+i)GH#qsKg2MwLh6+N)0Eih-_d~cSQN)rIGcI&4e6Z_`
za2%Jy0lpquHS7xyLD(v?gD-~J4B-JnSH%lC6~v~5NlOGwuT85+>xF4nKV+a%MEkv&
zMeloiS8Z9XRtxYm&R8)LBpDB(B_LcC@B|jUM?7Fd34=w<%Uuy7$z<VreOx8Ftt9oN
za-didM!hlXA8j;<9Ba7h!-w%ERwO7}jEFtBI!0G6WHO6Li{6MI7-5pm@c9!UcmNw+
z_)d{~gHcomPB>K3K)O#M$HcDJ|4QOlE&gD1SMR-I1n8)<CaOd|=>^<?<0Yykcutg1
z7Ne*o>m($U3DhMD;2)y?Gp5pkDhB}!5&>9{or<mr@;gi!lYtIsQAA(}bF6N3ZJ-47
zlLv+YOA_E!$VdQ^JV7K-p>xGObW2K_I56$h^<b}3qV9U2UI~c+Qw?5-@Q_(Hz-`8h
zaoKHgxn{UQ-QhNEB%kBjegTY{lwBB0p;yi|$t9->d$U9kburMC!L$y(qXuZDQMmN6
zX79l9Dr{{HFJ^TSYaWsppQOc!)CKjM$d%#^--E}GDWFz;wH7b0X^SvODrJxalSWuG
zg#9)|&apMyqafcO@)rxxd=(!qgnU*^X~`f4A7?mY35QTI%XTdEoZ=7g^1#Ks)|zpM
z?2gC~A8{Xg1%%b}HC3YpB_kPZLun;7)?^0qZ?%~=Bbjjz-bM9Gz*!R^n+RH97)$0-
z0Lvn_GBpnrXz`8?XO4V9%b?-1XoVG+JR$?p&BQ{jlK*E6U>juKg@ekAu`>B&(1PKD
zl7yz?*r|XE*7X<&CgRZ~dX&6cw~nJKExqKH$KM-k^I87nNsGKNdC6ynejMrQZud)E
zj-xBYs4&$^{bWx&n}h@lRI9laABnF+OLh|ZHYw)JFL|6I(y$Pd@S+`>4JP0;&?5Tv
zV(^o0p-GTsn4Ms}oB87!{j3B2ohYucI?p^axhJoopQ1u8F_vgrAeW`9SE+;l9)(i}
z4U$Nt?p|vV1UCzJCd*8U-^p;ZZ`MKRY9a&at?$N*VWUQg`BYiTKYU_hOi*yf;Loym
z;qf#f1t2y^EH6y79PEuC(k@6W%iTs9(DyA_e91-suNbyPBmSIA>HSWOThmgMV=ohd
zLSWjA>z#7}Um69%8}U#YI5()rVo^Q{X-T4p3nJIB!^T}`aY!<O{_LnG{TJ}I-UB@k
zr4GktLqWVl&&TJR_3;(RPdX=d;NT4kz~x<*!!K4GdvZjC{szJOSXq<lvaY^<*YL1+
z%{6uatFYAr;l+zA$G@`KHDek?lwHZr+ceNZp6mvk<^<88mJh*x<Ydo5u7B%=&FQPa
zVj)Tw%QNQKF+&%V8jFWSqckOMl%~6j>yqCBfR6KqmlsD$@r5WCvfUf7deAe7D4fuM
zTv$G82(p5-$b6!PmWHG$OcpDK6o#e12!_^W#A!J5++U!gUs?Vnt<QQh%;us+BAt)d
za>!X^Qo}Oq9(JgJ$b;#sV;Z<?m(9NiNKG~VkD1~)N38b$@*A)V`P(J^xz(k$v_bz<
zjQMQDtGvGsY`-J?xFF@<Yy0~GKaT#-HTeAszG8B>;YIo1pB}@%$>H~Zf0A9^vSMiE
zpMO3X2MwoPl4fnv3KkaR1Ct-S`+q-@ofbq5A~tL*>$j%={a25RuSx$e(~Z(v3*&pr
zrCavQ*mY+#PZ_l*U~21b`GVumxB2(@GDSW%|I#xJVpq<ODG2=aT@z0mw+(NCa-)~L
zzH><P%m02{98{;r-M1SPt`;{;G`EFG42l1kSg^G1pT4a1Kd;<4>#IZmCcVGkt9)#;
zzRh#<D7Tw~qqK@`^S4F?3=)l5#mD!c4W<)XvQkymD&2DP$2fJ-Lt3`3e9G-Svq#Ev
zswan~@C|GozUcn^=5*)sfzYcrZ}cEz>qAxvg+GNG4dd}%X@AgO`Jt<6XSu|rZ9Uq-
zre7Ix_uKU%2sWBlTfe;SUxt%xfj_?-qjoCafB*F2(*OEalKr=tw6{C=QOku2K0`66
zoVx9R!o3`)i2l5fCnzuh9yP8vP)Zqh5!1*#%n}iS(Q_#4<@k;t-psrV)TvIa_OFp<
z>U#Z&ZS=LB8X9d+HgK1^vu0J_tN#R*vDHUaRF0r|P^!?6*-nLjz=QlKAY#o?v~{!E
z-!>c(Z(V_E1|0y#68lw!%$_&xrs;2Rf->}fetdIziq8aL7fEJsnTH{Lee&czlY8~0
ze$fqCdQ{bt^&UJs4(4A^X_}k**%%(wK!=Wj=IBdl8b0S1C5h17Tfvc499YjA?A@#3
zXijIABSA<#-4%^Vsf$SXpO#jwwH>)jgJD52Bt%v$&hr_6*Ge^=_m6aGtQZurToEK`
zwyAA4n|`WG#(L6vq;A_4p({<PBS&xEq^2+hT^|5Q05MyOGxz>JkpKSAaxxRE_EcMs
z)Iy?pcx&~zo+hSs`UB`JgU3o`9i1EvTV6klZN;s^h%UjV-TCojzZJGu^KCaVZ_uAB
z7C<|Wq0XbnA!YL;^1UeZ%w*}zY?f*}JB^!u2^bpwpa5-qY>`G1z|M0B5X0XY#9CTQ
zD@xe;_|{`0MEW6-;8q7`49WUfGZg>lXM4QWLX3A{(NR;{KUQm6@!dHnKu9GI*mU)9
zLHk55I$Bgma7kI;cb6;IHoB6u_JajF3FlvH9b>VZ(XKOTIQ#4l<=Dhz$|7O1!O;Ym
ziMbCM8BN|se5&u;&MUU`3Rmb0n3~45JRpCIK@hjbFUr<TaT(MCB_l&#rMh!#hf&o2
z_owFt9>}qCd-m>4`Vm-p)A6l1sNi6F^V@!=@Me~*s#4GF{CQvC*1_tV&#lV0H?kNk
zFRdc*Gqkd`mWv|Y-Clf6l_m}EedAi~zre+~DaG#b6-^d7_&Kn#ow2oQF*<ot?L%|<
zUn@a!zI@fj^VaB7Xdck0u*|mq93yqrdbmk06ia8T7F&D+iUf0WK;n|VzbkS~u{HGm
zrk9{1Ld#U~tV4?emBF#e0Y1AgqMnY1t9PIADor3G2K@B2DaHH~`b0`6gg%K<E!>m#
zrcGgE&7<a*zhmgxO%6|2B_V%}*Jey+jgMdJt620bEM&JHYP;GT0nxW<$%T@<9U5A*
z%a`FqJ?B%e)iIUJiF|n2tg&nv)Xf?zqqslexa97S{-`TK$x|!WR=;{=n4pt#=kDh5
zOcDMMw`uM&%yj6Kja{Pt{h8PUduEoG#Kpw0C|{Oy2{Tn%Yux+xo2^5Cv`a1;o;0%e
z%N$aa4D)W((f_zmO)&0l8X7ZmGoKSrS++S3Y{b}mB)v|?*Y^qc=A-@qMF6J(yv!<q
z3qNKp)-eL(ydL{nn6X=3uSdsd9iy2$7E%50GcjEsrzn*?HzQmrd8F!9)Rp^EW$Y3~
zvd7;Bf6x_(eqKvA+bZ%l$Le0AYSh{Ctcf4<zpH|t_WgMFoyNz0shYA1>e5NZs+u`C
zata6Szp{l>={*IjqcF^1bn2J8UdsIXJ}G8tP_6sXVB&@aKh$Z#1khW)y$TVq%`#TN
zz)5=Im7G$-f-3Huk&8<4=g!>?E*(2Z<n02znIl$GBicc(|6|VL+MxMHgK0;JKM^Qh
zlKZk!Dvviyq`R+nj?+48F@CSx9@Xz9#e(V8R}I^Te7Z*~@W60;OPHr^rbvrbw!^u-
z2?H0mtok|MaWm91`i1I@z9!R4DiOu_m}2$F0gWPd{ls5sN*NL=x9+fbE5)aZh%$`c
zOvhA#U2nX%icaHtSK#i+Hrc}7n|)?J+Ba5dZulUoX2X11Onr$tirVkX0rnR`W90_<
zwjO~pvI-pAsc6S<6l%>_%1wVStT1lhdV2SV5Kr3-VO<gZ9)DTcO>4&63yg?0dCxKb
ztGAUgpI_9Vvu$>Er&%_g7M75>y|ijgcVD0MweJbW(|~dHzwr(y%0z7%Z9$d6Y7afx
zxd)TgwWf-8P>odt`e00(xroP(?ug@Ru*H&$u<N`t#eC$#^OF>(*RHLK5b^kSy|-R7
zt@eeojC9~W*R(XD(^0qKEP>~EDQ)GEzt^>n$-94+N51`nl6AIS?rFa#rkxWSdq#u>
zlT@D7xED9ra0Jiki8ly8XX0=drD=)D`?@huc#E%edxq<cj7o(So5$$0ehn$NnQC&M
zS(Rk6cMCnxWh$4(o<DWpy?2-5o5|q|3sl0E*A`BswYtndVE@D|88~pev99}ptP=CF
z_#>2D9m9EJGH<>{I6m1z876XLZT;9zr4Isb7uv(Szl!?f8keQ|6m4jgpz78+zD86d
z?pCOuZx1z<S2T0?=<E~j#c<}0v{eROKNx21a<7_G*Jo3+Mp`_%zQUAyK=Y@wMgYRw
zS?{uhJZ_Oau5yyg7V`7M&AH1{#q#GmKR@eGoe~)@t}$*F;O9poGfHi)iV!VswCqnz
zhSuF?$C*)+fj@cBx5erRNBB8QdEXH2(!|)Ig0>hYC5F2zavC-lSZYR8ed%w`HoqBn
z;g+?JZEMY}v(H)W_F&z&lpi*4@hzJz|M7(T`+|>J`Q3{8+LI|1Hv6`jmkuc`ZEttv
z!0%jm8Dtb!x7ks`^`lJHXu%_X+w`_}U$x0{`*FMYE!NMJ3VW$>4)yE$I1fe#1uq&?
zc-w4VASQMT%{?<u{)im!+9mR1(P~H1#&U`c{g%nDt0~13Y4-3RxV+||h+KKuB{Na+
zU3s4*x9~D_bQ>(ZS$5`>bY<s#np54LdEaFP&y}^#442oqt5&X`;prIqnI~UR);DJr
z_E5UJe(M9Jm}wVgaiP7dZo7sJz0%;mR1#b)<M61u=yrA5nF)ohlKYm*3(k{ht~zTY
z`{}@+JZIr^m?e8W&BvTg!tYRSar=e#A_pDA>Gwib<+h&_AMRj{$vtV`w@4$-vYKOU
z!GZeEb7?d2YQ^n(f=BOKM7+>fdLUc!;jTCdo=e$(%ij{0x}q6sZ*}Puacf>YwC3*@
zg+-SpjS{*yHmk`^<?@@&?CwnMZ#L(Du*%@EU9O@zg`3dS9_}Mvn#Yr9h7<(2E9MV{
zSahElrL(_PCvfft|GtefhgWsQ<h}VWXn$~BRNno&wDimsnMOPodk)RlSk~)?#9p);
zSSJ_FS{x=<zsEtxoFO?<X1z;Xsgp<%ytl8u#<gTQL33WK@R+?L%ctOmU(FgWdHdb%
z#+s9?P4qqdTeYPGgPp1C+19>Z=-V7H_+ZcCraHf7=74(>PZwiEALpgbcX5vW)F#3A
zMY1Fhdx5cDV~+6K+=;buC#EI}9iACWSnp|0`N>~#*;&HgRb_;w$g*L@+w8@)13v7J
zg5@-quWS++&&&-lpj)a`F7sXvmswBmscy$otqlmZOTS4o&mP^;t~3KKu_Hmpd6;$b
zt{B|^5ayKkB*0LwG(zcZ?&8{mC#Do<EB|?AmQmPCD?pKyda{#Oi<MbFa`n>=8TT7>
z?|oE8^m8i;7Xtzei?ljYcMngw?yVh+>b9j8KiXO2{yn8bkZm(p&;h&M+!*lt0t8t4
zuV>@3vZ~MCCUH~MZyq+Hv`OMqIi@DB?e)ZGO^hj<yJvK%QaF~i9UL?BN_1SMjCe+G
zm<vhon6s=*EIXyn6;@rC=wvP!|D-x@8F#+P#s2Z5`xhe|p6@)gvPF2a|LN@M<9w<y
zGra<hlbVTp13EP$i*j#m?N;5fC(^?g=T5-Ei1vY@5KSc$GqqrRkWajIu>}{~-REsC
z%tGR|WyxNFuT?*-%5`*cKJ{MLhFf#^;j^oU%uWmKuW+5A);E37QzLa|*3g#z?QCZ2
zxJ1kMSXLh1-e`~2{u8>Vcep&RJy6lQUGA&DC~Ly6Z^KGBnZ5qoT}%7BZk2vKsuL1i
zWm(W*&hNWo(uuCM!Y8(Piy{AzFwfzs-n-Er%~RFMN+e|Fw9ucJKa=(SO8h@p6b^VQ
zJ4Yl}sIK)+y&CkaxIdcfduNH~!4<2wTdeFzt1Z15V!6e}V0XNv^6E2Dx0O|&zdkg}
zxqr=*SNf&7!&kog%SJ?4J{H$56`Q!`JXg2BFhS;xtdiC3M%CwyhclSuFONOH_$+Zy
zIJl&cm1opsS;1CVw4*m<!ezoZB|l%C&sLa`tJiYEYQ}ke_VH+uXxqM;1!~id6AB@&
ztec7zm+xMUVbpL7+0$Z~Y)T$^hi88~(WRvPt6v6L=53ECwDHVa1&M`uSvQ-i9ocud
z)Un+1lv<URnJs@S%YH4R{bAK7C%2d`FooPIde|!Hq9~-+^*NokZqxn~c=S`J_$n7{
z9i?BlCis2f_Ea^GI3tshFzEWlR(P2{;@2D1`=>H>zGw0-1f)zlXYFJ)d8pgXy8c&;
z;^#V+?ctxsN(9@C6~ERU-ue2URd*eYjWSmx$AtMX_$_t3Q%|tj7PR;eQ#GD%{<uq<
zImDFj8M!+?%b{7^?z+{!^?R;r`ePma>HXUVn<SR@gvhzDk1l@Z7j*bu&6_w7Mfv(l
z-CYT)f;Xz4?oRpGu6lov{Wg#FNr9Iq%-s%;r-+l1?{oJAueU~)6Z7W4+8?TEJG)i3
zC8QK_=zTG)l9HYmPBOJsW@26v8=a7+?J1Q%_u0B`y|YX9E=rJ^=JdWaQ4MaC*Prb8
zA{aY!<<^|ayInC<QhCJ_)w}{vZ~2+DW`EiyRytyhit$0#<5HTBfqZHXUt({tvE3C>
zjS{B!|MWH5L$RXyX6<78jKrM`J+Yw1LwR*D;Gz`X9DJI-J#?)JiOw`z{>Rf<G$Gn3
zp2N2~)1T4cr=?}aWc=sMf-QLcW6=z=CMKs>d0zin{NwvgXR(EPhHIDiSF~@geErIK
zwf|(YsJFYvs%;((?)I8P-fa8${ED2U8}k#5Sa^nRXHLW#y}S6;Kfr%tY;JnT;PA($
zN2|Bga^HM6d8NcakZv%a|5m;RN0vIXu*>XJEx*Rqg#3k}nv0x+`FM3Tm$L?ERx!Wp
z&n;@3n)|l@$x9PNs-}yR&!s5meI3G$`l8Qq*+?vjd^ybAajU2^`E8fpjsW#{-EXe9
z*<3tv!E7t;{b19kNcql%UTO^^^}_7|=2kze6ApO%W3|U`m4Tnh5S2|4|5InS5HVd%
zOE#J_nf*JXha~-EGnMxmicS<pN+z8f&A-z5A%xnP{*t$ZRZ`pX0KL~59Y2Aj<o(>(
zNcp;K_4>P+T8;_X)5@o&zD(7TxoFPhv0x;4A@psVr}59VdER~xJk@9GGcI1ZGPvqi
z{;cWJ{^X(!igoJwx`OZfrfut7)pmHVsNz_4H6SwT)Jw-8CTgbiN5|D32jAZ4n0QZ-
zqUCey&kjA713%8KuyHp&(jKvbuBjvt>FfR2wUu(LWoJ}g`THC`MVby*v89aE_up^6
zGW}2(Q7gs%Di|U3Wb9EJTzTc=g{p{^_ljRBrUV(K-foM%QkdAUlQ?3MlJ9$;R+{#P
zP8ZE)<vGoBe10L?Y$C14@z7hE(`VJ~V{JT8U=?j8e1wj-ZB&;sQl70=r#Jf1>Qt5_
z&FF(%t;b&#m5s?53dW5ZeApiPq_ksAPNQVM%iYW*Us(@-)dM^96I4ohRry5dl3LvL
zw@oDIXc?+H*uU~G2Jpoq!{7bkhqkE&R;#J#+7`vt-r^Nk_q1|#_sbUL#|he%2$X+)
z{`=VO`#a?tkGxb@AKXP5ChTCfn1BXG)q61|u5nV4_Y=EblSyVx_e*ip3=<orT@D3)
zoImw+YT|;po5j_cgsr*!3;Gpbvvi!k{wcE5t>5Ido4Q|^_Q%Gt5xFgjmF-@;G&piv
z8PC+Zk0(q`+wO|j<$duiK2{!=;wjB>b1Q!SBqIvcW;YHW47Y23{y?tm$er((W9lSN
z2-G)wR%Gs|d)F!N)>xKau3Ufo-R2Ir_~`X(Ve<Ws>#@g=$oSpj6V+GIXKV?roXWAH
zx-kCJ-kR%5v{FUCz1g$=*eBc_vbZX{cPMam`8yr;k1*VGglj7+4rk2`HRkm{bmsP-
zwdDI4)aUvm^SfZ^(%Gkadhx0ex!29FY|7Q}Wxdlq%QnN`KIGA@aGdra$8J&0I4#u?
zV$<An>^~#JrP>J2-m3Zp8wr0cYc<)^&Gt%-%2}eDH08HuYC3T?r$ku0@44VGe&H~a
z)KmLgj5OQKKNjisG&`C9vg@j=ZC&w|XP`7J_QDH26?5yXv`#5XaVEp*`$F$%)IVK!
zjd$^QnH5P@G_ibX<l)^wDOrIe^OMSD>KnJp%nMIgXFiV+ww;Zu>epJ0_e06>!a&75
zqc|h!svraB(7^HD=W(*b=LZ9vn7uf})R`LW_W5em$F@(&+rEBJb$V6S*Fv6h!4RRh
zYG1br?cH5IRiqc(G&W+-{h66n{!H6~#2q(CK!`p*h?1{6@XL24aY^q+s}IML9!B(7
zns=0|C!}qxpa^54zWKUO&i#5@YK?1azkAJOlHy>7_M!;MXls2zpZ(n;`7S3v^Kvv}
z_=i1O)wuSM2IHjF?z<~AToOy<&I~KXzW;G;r4Ox5_K#$*Z>w53l|KigxX?*mNM~vC
zyOd3rGRUM|V`%MExqZL6lzwLFv5k&WmGAkTzuEDd2JPVEXS+*1KisIfc2wFU|D<|p
z&%4%y1^ZpT{VY892ds9-^H*L*pZtpP^iDmcnAFL<;U{-%jt=b8U^)_*|0-&#cAH8J
zs@KU^^KB2jzhwoF$*{Xuy=+KPjlCf<8_(F)bFIUFyEAvww(=>z2Wl?cw(k#nm^00r
zf|If^9vqa>x#fqD7!TU!%)_{jC<}D*f3EXB(<IsdBlz;UQ;lir4yCVNv@hjk22mr5
z72{PZW<<7>Z}gaSJr!M}J;jBlnD_gpf{d=&@b8zRcjE5%RhX>ozdu8r=`gG%c>e7p
zfjv|rTO)OH-leP}!vu@}V1H)i-zk>ewTavpFr;z`_wa(FEN_v<rdRFHM~$cB(eMPY
z72pl;X-M}LaX1UNum=f<(9LxG=(>0E#i-@Al@#$Q`zlbUZhXbkJ<zU`{^U_<z|||Z
zUD@YTS<+~N7RE)sM4Pg`GVy%TyuiCDTn0JdrbLVFgS`e3J4F^ZZ4r3-I`F|||7_dN
zcQ+ISVzbV-FJ(l;{5+-N<{CkDuKD<5kM;Dw)aj~z1ZC0$tPvW0X3a%&q)MXn`$(1f
z;ltsdW!_{Z4{~pH$+}TroZ0qW-x-64&oc#AW!q^>8$VD_MN0L##^>Ah4DG(Bd1b`I
zYmrm4!F8{s$j7w<Jmv@-kM7fERMT87lix9t?xr&vuJk#R-NUAMyzohs@uuwj*>d_A
z;Tyq-H$V7CXoKrr^|v-}+r#(mc<c1>;8_{kXFC*??MC@iqM2S+J&Ce@rf8^XK%FOQ
zbnqY4KbZ2Q#ps=X#N!ii)1YG9@~gu#oriVNsNz|%t5?FJ>w2Q@6~9Orojsa4`P0-u
z+Pw?2imcIZ^riuJFLjl!jd${~xQuY(ZgLbD@8PP<4{g`%aGCG6O){x*ajZN{o{;%t
ziu`{})Jt4KK2o6Sxp9QU3xgwG)ukph2zz!(3@|9wf8BJ`K&m}2G)`16Rf(RoCiCf^
zV{~#<>uQEK^E~Xg>57u`72G#cT2Ry~Jlb?Zc42JS-GDHXc$77F*h^|W%Ab|B-tA4D
z*R!c;9cM@39p)O03TROnY%Fsam#U{&!y{r@JRPOzwcwa0>HTq|Q=+V&Qb~dD#@%In
z&X-ox$cx><z~H$Chy6FMlB(v_hZ~WBl<FiO+0?1&&fYG^{d!;~aV8?Bt7xtKeC_hP
zS{tVdBOL54<Mw+v;?nafDt%FoZ^9Ge?~yTXF_CY*du3~wXAIr>kWxu?-MLpXS*hb<
z&a<*N<ANi(m_7JzjD@%74$$A~+cq&)@aT)<2foMA{b9S<zIkd&Y~5I9haBzGYOme9
zptjB~X_wiut#9eT!SSxdq#1i*h4`4YmYIQh%|r3^%Ji%|)*K$~3~lcUnl=)w+}GFb
z&ZcLo;t}oPTe-WO&q<NJoTiY^_J=Zh+8O(hYjfu%)=<ulo(v9+F9>Ab;dlF>PoF_&
z6`i-n+1_WyuflI0qMtQA%7u#QA*L%)^9!{~?-kmrUF9<=Kc}Bw$~+QHW+kS4s{^>=
zZ;zowy#If;!lHSE+((zaAhw>XFVs7z^Jj?OWO+uC<57CCutOpqWU5@^5`OyMrPbMp
zn)nDBFV?c+{BS<U9C5cK^Ql_uj1W&T_1%)Ie(vZR`(h)+a0VgbfA;!kBNPxq%#yjv
zK3qPv?!j5ME{ip9=(i(!y;iH(79T2``=`NNR{y)oVwdL^p|dS)_d2s+nfYgOQ)&`&
zpZFyG=jZ>1O_}2VS~>0de`8tq|Cx_aZ7tLD7Yjg2wBJAfzrG@WFT($ob5Y!K@aUhD
z+7kkHU(3N`zyED~=YQ(nqvjSC`85}E<9^5AvsE=_JO8}l_)+s4H}Z7(d;czF-LGu~
zrs2Oo|4;0Y|L;GRz0z8+J_G>u1u*cqB#$IroB?$lp0{IWV){P6V9C^y=ANBt1K|Cw
zq@=BoOb2kfWqRUw2)bV)xgT0*;Bde}Xc*v!91y`b00K*Pl_`5UIJRut=5J)x%kEK>
z4_p$^BSxly<41v5(g!*p79S#MGNtAK$wA8&*Yz*~`hX{}TR>oIT+U?}yg)snDkTKq
z3t-->Q^=bxsP@`w^+Dn-`OU~g_w@e8RJ*OYrnA9v1NGyRk546=Ot7EsUflntTXBe<
z_o-xju840<yeHO-yieg(Vb*l^_QLE)v)%9A%gLT4;u;0w0h9?O(`3@kpf6eg)lmS)
zQx5}PNemx>S+-0`4SNg%Cm0_M@RuQ9ftZ~Tz!|Wk>FUzn;4wS}tk!X9wm)6{VI{yo
zKq9WuPogIn$Z=qOiQQM`wDCFoKDN+q;MWNkS7VSnZWf3c6O89)#^(JY7dg7LmQ?}E
z%C`~<ciXC`dwWV1vu5XPkBEI+$_dXs7v97qGQL)F;e(r|bED_C>v}LuSDtFMQ7gT=
zTuMty2bV~2y*Dul=Ye8pVnP&)0bs;Vy2YX$*g5csi@+<ec=~02H-O*(oqGW=)Mw2#
z&SSl_U<VI_QlR}3TXUeN3uyQ;kkq~F1Hu7fg39GNfU-PcgAlt2qz^$50-ksH%D~oA
zDS&YH;2dBp-EYk$1Oebmz}RHLY#Nz2J`G8Cz_*>>8(9MP2+$bVNfS8{*w*yqmheTN
z(-mY0p8M#qVBSNcK_^&fdd+^cv)yj?o4J@;%D(>HyM|Raa`<fxrl+^ARl3I{avV^s
z>7g+4Og^3_pqYFs9{7hA0Ky2Z&}*rSa8aqo+nojBDAAEVA{={2UY){qKy@AmfQf=I
za6$5dd)H$i-f&d_b^(&g9AL{iq4?2A2&fgp0{9#dY(S9%4L~ez0ZxZevmaCJNTe1J
z?;u`*HwgM`zqN?nWpLUEnH#!?CDsmDVuLVL?eEJbl&BJ$HCgvt`T>x|W)oEa_W)#o
zmqf3M(=HJcpb&{zC$L+%{zARo-38#m-YwP57`fdz-R=_E+kO+k0Z_U<xD`Jj8kG$7
zDrp_Q-m~s~{;iKElERA{brNoLbbRC<qNJjI3TOj1ng7_#@&l~hnP23QIs{G5n=YyQ
z2ZW3Zi=+Sf#$va6|7EiD2llk!o3EbFw-~9$#Fu;`A#{gzdEqeWBN;3O;md1uw1xTc
z+nf7B*KltB=ji$KFc(l0G4Eo}v>xe9Zxas|m=*w?Wo&%>xlJ`oMTDpiPF%AyR-&KU
zbA{UvEVIJcTg69QI^p@L#$OXW$)?}7obh|$>XDQ9O(R!B9hPoV(z3b}b+KXM4#TXu
z)4%U!60m+m{{RGFZl(9P01?*vL3|4UsC@A7ArY5I+gSc#t~b5WICXwY3;<i$dMYI9
zmNpO1KXtaV{`LI=F)N3JInc9<a`Wn$OD^w-bTX)y5FmJ+Cp%mMP6pvH;xs24$%8ln
zwb|a6ff~DV19m(T+XXT-P>F;<)l!oioL&lz$Sc*$Pup2Z%X-OMw)FeYuH*gZ<dd8W
z+%iMzz*8JwNbYmcU=euu$%}#CxJ2u4jHXPsy_E^MU_YAs?bd8`yv=rZZRcQ@Y?Rx^
zS?Av6*H@<3Q;gf$D<msjP*Ya}XX+KK$!HH;rUjnt&Ewl*(`r1j99t=1L;FgOVWKu<
zgkJcmq!)vrR#&LmD3BJ^jQn(P!J^2@&Z0Yfleensob{plH;NtxN5oB3J!0#w`qU(J
zD`rjh4g9jp5weQ3UAW$AS`jYpVbdObwqVVqU7QVkh8BJG<(8dXxb~AvKZSiZc%#MO
z!+<nQh{V6v!@w1IZ*U|!%;XMCmhF#!52PnBql-fCs>A_pU;eps@SOVcTKn<pBqeS_
zor;dIe+Z^N0muRcY|>nipHDWdz>u!$aNVH+ZDAVlCjlj!1rY=O??h~Zg7Bj8r<uOj
z@U#+h7Q%lAz!CRV3NjOU$Qgr6j~>5!HUq7w*NV}bpnOVXeL<yabYgLws1zaspCE`B
zILLv2PJpurd(A04pl}l9BTqW*%qd`_$3PdD0I-!XOh7~^!*@%Pt#5){KA>x-pqU1e
z?Q_6#i5*$0IG7Hga-4_n3K6^p%vc0^D}ZJ~bCtjR&=PR1@C@GsOe_J>0?+*c*Cw?d
z`{I1Ci{K`;Yv)d)fB-Xs$Gr}B08RVk!zvGiCt-F%up0grN1Cs;l^7r1x@8OD!NOPW
z1qe6boqnBK06&Mw0sw56BxXRQA3#zBFq1AW$6$J>xfldw;sb!|KrrZpP+Y#Q(4EEp
zJ}yZDf;KVi)zbP+^Z{`UDGW9S#{lLhx)vnTgMyGWzuOI<Y&?cgs-aw-Z(qLl_4Q`p
zBA)`!4S~`j?=xbbii-sdzp&%`%Oa!OLP8)Ncu$jMt$f5B2z6)x<4GW)2=T<g6PUvH
z^Mhp-6+Ot7K(M;P2^9D46T;^M5050#Ht=sbp{ENhCL35G&!CzA1UwmlO~EXnkGZ@b
zpD+p)1QH<OC0j!hu67_9@e`<e5Qa(*Z)wEUf+93<`LE$<iLWmPcX=@6KM$wN$;d=O
zLNp5!Tud;2M^XwP+9-GsfwX<pD-K2II|vI1iwGKrAoqL$UO`9|A8}62=9O8PndK0Q
zXJO1f)CBHTBh;huIHW;qxy{}KcP~={pG*%9ePX{ppCIBd1YKXwliN_`Fx(>2Y_Q|X
znUML}SvU(H1#6Z9_{ZnShsxJIU?vG70mKBqO*t-rUZt$T3Z;ps_!Md|P9Si85cSVP
zEePDACwi?}pt?)U_H4ag7h}j+lyjr=I6k?lT_h@0mXjj<`P?o`3&O#&_rf>jb~^#8
z63pksAQ{`9_hedv2s9#B%!$>9PDf|Scm&8>h)A^6EkjB#>xiis;<1Qj|Jc|s!z^KA
zPM|ThTjw^$sOH|5msnaSbY+JIz3A|(<@FPID#u@>&Cd8KJLYsyL3QSamHD#*#UaC{
zp0@3>u?p$@@!pKp9z0$s@4CK!FPT?tD+1F||9~o-UhbCmoDDQMA}|&!)R1m8E$8y_
zpWpR}J5b~bIgWO)7A16*B-v#`*QbcE>!WYhyff0A=7XzEOr8+;08u5peOLvy{1O9^
zR|K*XeGqOTWkV`~Fun)w8fm+bloz<rrpocCflx}42n1r9KL}+2B;SK`IEpOX>c%C`
zK?ZQpz&R$Sr3kCVEDoMPgyZ91tM3OeUmJWCfUvqoM&uC$i1jXHxWKNjn|i4NV=CM*
zP={|rR2|s72cjAE$djOoBpB9mfYm_GG<XlC*83_z9Kp+;hLISY?w)~I2#trWQ8gtf
z8wTgx?%g9!kASE`^?`6dtc$7PjR{^D5x;>Ze?t?|S4Au#F%wz~I^Yn&c>OMz6;N0$
z!;65Jxf`k>Q$r)|3{`fOV1PgyS<`N+(SWG8lRyAYqZSBMFaz)eWtxa$0KonU{8f6$
z44GW7#WM*M;%fvkgq0rRIRt59Xyxe9f1Jci5o#8w)gG|cBE%b>tkIQ(umd<Xpy1#S
z5&j@b8v{HDcua{!E%<*kKq$}RX!9|6tzNs<55^Z@P9@3m1tJ)t2qsWo4GoP{B0~pt
ze|cy;nAB#&YKu5e!#St~#oXBFXb0*^Vz~<%0Flthyb5mRXZ!}B`Q`ZP#K49E1eB*B
zy`tz6Ks84=AozCQ5kUgxO%8{Gk0K1{{R@D#i2w%JUK2HESQGxB?TL4@@gfXQh;Rg+
zWumL{>*qIu*>1D#-U#Q^a#DFAMv&tM?&5B6@j!yTkbLbzvxJQfngW99MqV2KxR#X&
z(<3L$_Jx`$!72+NYoeG!G)C~B@ZqZC9ODRO;TM3^{yb$D4#XQs3Wf->Ff!kcGl)P;
z7*quO4+pcMs%+R}BQp|d6lkfE_d<-Q0d)aZ#c}{nlg~{kSiuGn+Q6<Wzp5qX1BBrL
zkoCVR>cj;XziM)*MHXBquzg_I>jgHyHh=I8vY%nYdp4wku>;ZF>L50ed<TIIkV|pf
z)}myV2k!wqN^Vd?S8IXQ?>P4(IvF%rka67cs1V<0B)4D~IpS^8M2B(y8t_07yC!&v
zLtCa6#6`k<B2rdp<G#bE7m4>JZV1saA?h4&cu--1YS7@-;0*>dasVDsKJ-Q4HlwZL
ziO(9}00xc@_*K@$phJlhv3YQnV3!z)N1qp584w_=z?A~UD`7wqR&7L>>w|eWFM}5n
zfGfziwMgl0_5-op%N%Xep!R{r(;aG-^9<!<)_B=|c3|cq$dt1<rHX`m3Q$d?wO#n?
zQ3w}V(`^o@DaS#1t$lZe=d?FdDPc5ReEkoImXuHNKj5_GO_|-)(&~^i`Y<I1Z03Z^
z)Uc@7!=FYSGd4n@8fWkRbNu-Fvm=*Ou1Sx4q22s)>(&=^FLu+dMsiqjY~{LV_XU51
zpMT-8bI);3uGL@4Uzu7@FBa(PHBx-saeqlTvcJ==q#``sM&CdvRK&818BAq(Pm)#(
zWsLv?>JTxm-joH(7`j)qAk!nm<-zk#35sK|1SNXrMA^3X#|&D|4{(h@qQnzp2}cLQ
zkpq7XjKu;O9vLG4nRPZkhP`{@t#Z^FZ|_q<v%SUzwGyc9xHS@=;Oap1fi-|zUH_WP
zSXw*vF<vhY_g04~{)1ZF`z$RJ4~49pZjQbpKirmSkUZj9A!|L<Sdje2Z@DI+C1cyC
zxK;;h$;=PJwNIVJKRF)pPENiFb<PzH3lo<!tbQD?w#i81zcwlP^S3_y@dZ)nCe)y_
z1}*yB*|YaA<jKDKW&t7~RDCv1&`^R%f|LP+E=&s8(6)kIc4J}291re%A)_T|iUPWs
zJs_BALU!k5bZsX{NGSDZ5u0knx*f)F?myxpQ4n4)9QiP7NPyolPVgr@eH+`=M_MzB
zK`0`&wD@a?Q=<N;M3)SksqGOF5fl(^ypItF0cYb&kQ0LdqKBwJN-%&*PjDPPcWx7s
z9V8tRlai=zMkFOA!8ydYvo9Rlo+x;5x;8>gXdCWWL1hLR2|%gfad@~F91X~QgK`ye
z5QDczi}5|kPLMjh#3^V5ACK4}fUf@q=b8fQafGc{>LXTi#<YV6zC9HcvL%&FK+5hE
z6>WZ0qzwgrbnLgiFVGUR2B>K8XSET>1Qd2e(g`1X@zR!DWq}i;Z;(-;wEpFNHvB|E
z3Pm5Vk^&zO7g=u3+}c_n>NswXji5646uFGhrBK3=B#8uvP)yug5qk>W4<WL_nNlz-
zve=XU1T=}z&bUeuISCAL{1BcQ59GoZ32qOEHjFkkH(P%H%ofFe1I=<CNZ&-~9kR&b
z;o;iq=$r{j7c@0DJ$S7V(`ZBulJJd<jdu#|HbL?@eN6inm``xmH6?sBr0$L7;G0W9
zNsi20KumkY_>>Vz2k)o1ytH`w<03IT#Csyfz#&2($qP@dC63mKA74PyyMeY5fP~_3
z2zFq!^$(;SLESR`upP7-S%gz%^z5LEkt_|8D`_8)1-^fINrgXz=nd#=)HGb+`C33W
zD9W7zY{`dkY(}W)MVkS&yQ238A>?<>0XjtFypb7LrcFHCOcR*v#DoMXlw7cyB~+)T
zw4R1=TR{Co3<0AMyU}JGY`<E6O^~SlKr<rMxbY4w)wHv~Jtf5hhg0u*Dypk+UvSG)
zX-gq?9K<I}C1q})vlDK{iHLQG$7PS$PIzieKp1oswNw(4O%%lgybjw{o{<?+2t#kN
z0U97+x(jBVCPH^;j4Oq-NKcI-ye6d&{wT<EUM%~5!0!~Obx^yA_g~a_8g!VT($_lr
zNE(F#9<oh@`H8qH8?i7g&I;{JM07eK(=csioJLN#^WZK<;T(R&fo`wgMdTrO3JV9}
zi1Q=76^M-gR>f*Kf4LFI15uxDu?o_YL^X%BhG@&Q^z`(8HC}q7uqP^VVk;w~3{<#C
zO8|1Xz(sj`h;0!S4UisQA;CcVr2M@c9!{LBXfWI;P?HccH^Olq&L*M7A$kx2h2LL7
zt4h@@y9g&*N>=uX7Tj&_FNa-Gcnpn6Ut=#f{+Co!_c)IhxJ`=Kbl#D=E{4dP`-MBL
zrOOX_MeCJdx1EcS(6#fCyU(16FpDxc>tI}Un9+!liJ3Wgdh!ZpSJ!^UL!SO?{FM>c
zDWXBTj%~vk%%t8YC3R!Wae7a&H|ARaFXN&@U|^GlnJlOZ;Sj@0gkm^q0WXlKAxhOh
z*qB5)ECAC9lyuOrMvm<TJz5739m<f5JUyC;zB3y(ZQ_9Z15^WWYIFp18_<iTBf=5J
zJj}QC@XLgYNz7ir+dMjKGY)HJLbgK>gIlG8kc7Jo3D&y^VGuYVwC6_-SFQfEP!NYu
zf10p{k}?4zSP!=!C?oYK4p%TjCS>wG8HKz-sy=Rd!w4OauAUxwa!~xw;#W{0`bbSa
zK+`_4INc7yNEKMC<S$4?1vOhDP>KSTc4m@-4xYq#>u2DtLJ39y+)s=M3P6vaR-4}}
zUl0ChRA>?ewFsLQ!%bM8%;e9Zg5nE~e2oi1ZZ=A-=a=7Y?6wu-e0!dg`lGIe*^Fd_
zztnK$97++wrH09#XI-pP0#W?<@*!cYy>PZN7#C}=AcI%wAyr6hMrqNfN6J9{1tEa`
zjvip2vSp>Eq;Vj#2=p6tvHNkdaawzDcHEwtBSyl&P8-4I^hf?%s8t0(sHGqZllU7<
z4ml<kwy_J3;X5nBBoHr8<kjf-b?>v?T1yPEQHGbJtRc);=w6cglY>5cmNJNFOrAUE
zEk&P?D8yj0j0*+^(n;t|dhu^FF)<->M@W$zdTaw<-&`HPbrRwcMEVp8tu9>&k)WqT
z7>$^epLow5ACD0Q^exNbU^Cu2g{gZ1T$CZx$v}A-0>=0>>)P7dpso84rV-%T%Ed9`
zEM1OMBMPiDxN}~0;!7DYqNjHj>Z2^DfJh3_<p>-PZe}6bf#{cT1Q*QeX<_~xIyh(y
zjS<g)D`@6*P2(|j;Y0aG8m76c)21vgK3udLi0=;SQaVXz$DD3Q5^q7Uq(UCn9~YU#
z1exK}%k!MF8ZPM3!8SdKH@q!lDKU&E2V-DFZmo3zz3bPl%d4uYdXy3XqEjQM%#)Vt
zm1v9$MlQP^hZ*!CJ02xv<xUvx`h41l2axvFmB-ovzQLuRyd-O$oe<s5t)lkSt^%EJ
zLPBb(O?XPm#-D;#IRoPhwLdBVVu#o9!K3B5oV3-fmS2C|L<U$x!{}=!*I%6b;<v)y
z{bdeZC3Ntm5O5&k#bDh+n1Rl;sn4I4T}bKIcQyT~sVP!fqwC$uz@XA0Qbsyf2zL=v
zzxjc-?99@I6Y_A|G~$%gGcqd2jBIpbq8p_s=~+-yn?sBO+1oWfKEBiKCDEz#X6{CY
zhJoPKt5;!C%nq_A-nR=re1U<1HI+6<9R*X;FTeDhUaW;k$_*&dBBw$JBAxC1XUIc=
z!c8=5p(I6YyHQG0rl`n4VT5>ncDm^zgnRaxt(-y40!3t^6E^zQ1$T<L2Sdmcg+U^Q
zLo0o1;o1zTq9@XOHn^@dG8*VVa&D};SI;l|;cPb<m30=lgPr{mqJ_{R;)Ql6A`>R-
z+elg<oj<Ci*)?e_+nAXvk!>LFky5j939*XIwQ%qZZz{qqG0|p3gV^pt%Y<k!VTyFx
zYboT!{Mg`^ERihMZ43+#QNv0ZmMox<L&J?0^tBYlotC4-9T09^FOXjgKYc<_kX!kW
zPp19kJ`oWSH<7myXCMiV8V)3{adg9>F+Lt1yFmhnxGVyL8=M<JSS7jwBvn}tDxKi?
z7FA3S4GDA|#A6epQ4qha;cc(&{^(JhWQeN(^|e`v7_vCK{LZPbMW<&CD=}yTEj^;4
z4@_YA_avfcbi8{OMLtvr3)yGh)Li>uH^Bj2j87jwc0QP|E-UMT>WUzY;n+J?l35XS
zqeL8Mcu^%f{v3nRM{nrZ;Lo4ew;WwfZFyTFqBqFTuK=AfA!_5nI{}rsRAc1=tErfn
zpJLc)=%BZQ@JVlQeT2fB7nrhR3|qi%IUzONo=cRupbufIPhT7p!;O4XiTSzhXvYeu
zZ4qJLurQ`y_D;9s0vC`qRw1`zXe(Q%tfKM-Vr5X87^_%B_W^Zv?UI%87^JW|{n||E
z!Pt1XRcGLtzkoW;aa9%aUSV$I{!-pmGxlwc5CWFToj=?zxyfI84{pxKZ<FyBYtV^5
zbI#7-IP~JcfdhuEZz)A>hWHwbJ#KX59Xpb2WHi3EqT6M44`p_X#||M8Zv&}I(Ob4M
z$`ozb_Q7g@#dl4m29x1-ALnCdcK^w<ehP1TKxsbx=3*iwf>0zwO}HN=0OrSaHv~dk
z(v|e9!lY2c7`A1Jpld=#&$Db9tiPUe^3<tk=Q+QBeN#&%x(RAZ=t;1UxYNRD))VmD
z;n$}aBxTGGPoQI&{CNp$CNgXURhzW&xVxR$>tJdrTSm9E6$caJU1$^QKe@2te9HAp
zaJZuGorDZ7Tbfv7RD0vZ{vB2meR3t0`F0mkm|Wnbg%<jb54taGoq8(!qe4zG@BWJg
zs2{-Jl01vF^BLI+nnKDsjv~m7EErYGS5AE$m?Xx17%_f^l4_I{66wdv%1YgH`4}qk
zBO$??9&>(uoD#C)Lb<rzc7X&<+J}yJ4QIVBMAy>$^E+MCxFyUp<GX{-zRA(EXARYO
zs*8qQzXojBnVC(-<=<QksVI6?`vZXiJ)Cb)&^20$TD&u+IXpQte@CV7F)qXXFT!IT
z>EO7miJUFJk)k)-8Ku=Miwlw*wdFT)>G=AnZ`WZvEPo(!I;K9XrTzfVyV1y!_~k5j
zSp*Q1agkius}a!xJOxDd7P6p3#)czUq5APO?+NFR84EqxXEw}bii}w8FS)y=-EqRJ
zGo(4)axW?hA~cCQaL4O-1Fuf05i>@{P?uj0a&Im|#O^F+Ca4G4!S@H@4|UN9FO)!6
z8l)0a;N|V{gBNI^&iFlH1-E9#y$;qZTa)b%6(2wM$T#BLtWa6)NVbh(Ya*rMD>;Md
zi0qbhhd_^9b)B*2l%6b%M^Vtl9XwbOGD~^giea9H$&stO1=a@;!PWVgmF^kJd%LHH
z_P6NFSR{RljFeoj^G!k4P2a0$9{9oj3#0nlEafBv=Td1|*<Hf6t0Fyr?dIcqu();;
z#EA_Xo=Sk8tX<Q!XIZ#XgGf;xU&uuD=#7!5B{D^vW^NTGsZx+CuL(N^B|CDnG0~Bj
z=~xARHulk-;9NV$<se{f-@YB9*EmV$mX;1|#g8H)ypc0oI4eWzxsEi=9OJ<?zyrP0
zMuO`WLIaA!69^dynqk7`cQ6$tlIT!p%W34I)YI2@OHUWUiRWmKglaXu2wcYOlqq1g
zUELBN9?p!C9&*J|mNO72MGU}upO&vIx3O74JS)+LdP%R(NKYqHBq#x(w7!N+B}w&4
z#zJUlXNR#m5yjA-heKHbGSiTyAa>rUw!P|N;ZKO~PiCM68^=)i6K7k7vK$G*&V>&M
zM(XDwoF1KeNI)P8q5)y>YKPDGXZFwLP@;qj0R-LMTfUgWDv=ECXZ1hy*mZjeo!{rL
zmTm73MVTGfTI`6Psg+d`tg2yYDxQ>mE}HDL@SU((Au=fl(Sj9z+gVwOswXirM9=6p
z1l`L!(E3JMTzx2KnFiY2=$asnZm$!XrPTnf4lF^HZcm%Q>>RS|Q0?3+ATaUZ7&8(p
zHl&cIIrZ*ah@*8ejPtf_E5d9`xg&?F3#oMh;|{VAc~Ol*o-EH$7;TI!h15heriny2
zf^xVUodc8^{oL6jdawh7Xp`8X-6I#EU`+HvFqfv+bC!g)bP{wsu<WnEHfLiw_66r0
z9mVi0$=#kS_W{>&gX<kUc|l=}I1dmE@a*Gp(7>RC?9@?BBDFT6n?w+W?9rsFCcGrr
z3d?_$@mEkl<8I54s8y$it?*S8DD_*5Ka9_xy1aJrmQ7=#Y>*fxJJZL8{q&r7OU@3+
z{H&`Clc3MP?UV@{%f4>k$R5$OMvq5N!aO6FIUjDf>@7^#%_M&FR&1yceZ<*H_-0iM
z#^=C^H)A2oa1~Wwwcb>qK>C<c<^oQ20QY>v)2H7&S*N-7`mo|ZEpQZ>pfVmB)Kj=f
z9-8~he0CG=L}?0FEb2U`r?gA2-fB#6A7S?Y1;CXyC@ew+dR%RhlXk<2AD<xG0tk_9
zK?a1`SFW{2zoBPqA+dkI2b79@QGsARvC~Fl2kb#0Hhe9pcy$M+@+~<|p;%=ym}Z?i
zbB5^Jqwu%w54Q=zU={0nC}hw}r}R55SC*96#zohd7#kBY*&|0n@S^k)-b8Z@BTZB`
zCk%Npt)bmO38!1$4Iz8j*@J$;htrY*2oF8meUcFMKyyd|joAArUGQ+>L!%lx|8997
z{qnWXqvm#&*|f>BLAD~}acO(AH`&qOm$(0C90(4M0qj!>Nan|S6~dkHhi5FK>ccH~
zg{dGa4tnVc14u4FQ8Q|~Z)tHJ0o!eWw;DK#bja-^`Ea-hTo+`x2&1K=op$^pP-(e`
zX9MCv93u~kS5@xw-++(q%_>=ip_*qMwgG%l4#VSWP(svRXt621iiC<W9es+toZKPZ
z*c=>Q)MaFx;aA^3HdL}$f%Gk;`(So<)*Q1ONRi1(j9?$*89-F1$QB>N!0|SRks91M
zoPIsq<vzWb-ay}p#Njg(9QCX6P*kNmOvg!;mYm53NCQJ5vhT!%&8tq&z<^OAs)X4^
z<J0@&&z>T`v}8L3;-QL~h^rsK6S(Klp>22^Vdq(h+827{cWRbuzkI=Jr?|FuE2Q|A
zr$ubPV!!7O8*G&MLdt=Des`r`^1t~tG2^IWhX5<rmI)9F$<Mf7!D71Oh`|j0N0GBp
z2j0UT1STWrpKdtOvxaeTagnU!F{9v^2gv0W+g*7?09~b@lXH8|nLIzwxj``Y3@$Ei
zkUsh}j*$_f0EV)8G0N_c)e&YPvo^sD{h`4@B8G#+OBwQ*7!1w`+4UCPgH$=4c%P!N
zu}MO5^2ulCANfVG9XQa+z9<TXg<Rh#SPGr_<LQGNF}E@>DCnenmAYKtN>P`kmEjrI
zd&L(=coMhnl|T0EJl*0hN%Nnyt@ghJ_c4wZe|wkJJhEzVXz)CzKgQ}h+NM<vHBp{(
z#P+9HKCJLl6GQAdca_*rYA?|m=8wA9&>VX=V?LDOSY7mGBrxf)t@!230Z-j4Vz|Fv
zpOlP~I`F%aTMCC*?+mog$UYBYAA<)5@y?;|-|xSCxd&uzJq(y2r|pXI15!h-n2jcx
zNTHZg%XKF8SPjIlfN{VSSLb%Q9M<=Kn6D_LTj(K~6vIUTRh3()AykHnVEl?HGHKmO
z-)(Ju7%xJQX)Z1<$dx3M((zKb9zTZm2(AwRk?lr>QJZY2c;b}`HbQtIvR51!fXomT
z9&>yB01xSx1RFr?o1xy7U^k(UKCXzMjj(AXh8CE;QIN$E@xVkr<AdWezAcoFNrFX9
z9>w?s8y6ykNaWLiV>yq-DiKabR(=gFV9W*GTlW6MDByvYmmd5$s2K$BBUEGP@8(!M
z@csK)eSHoh0SBdXVjh9*PV}w#7~2cueTSM+Pr-m1Dv-A^A)~(|`g`=Pn(9d-F>?z}
z6-2zfU<zZS6S0@KV%H5(B4SMsJ-<9`nsB8MG=*UyK-@E8)7o?vX2u|rz7=~yOjJD)
zgz#9d)<R3qjn_oG$JnQ?f+Y{ihC>ylXH2!Ua0Q8GQ2XFB)aAsJfGp-P*V>SWP+PV)
z(ovyfLIFiHaXdl0n~t%v;w#yY5H!KkiWhrBzrSkkxRvA+Vn9QF37@b7v!~OR9PrQ}
z(+rHZHtH!4)W=sN%`0Pv2jMBmg?C^SMVf86>>y!d_@(elmYxWZV=XKDiM#=kOGktx
zPaEn8DuQG{bRd%saui-Fl;UlaAtFwukC>XHhagKUqF0TH8j1(<&GFyYLQ@L}Jz_Bf
zXLhzfUJzq-s%F0E-7pNBU@rIIN9lq%L62EB<^?erPoXDNKm!-OMi5JgU?>vc%0ayG
z4*F4a`jt3ERmkpd)Y22Rhl|J-7RL)_=Vvh;BA)RmK8XAq#%@rQa>uhmhJc6{@TTR5
zF#<;Ig+z!9GjF1gi~V62LOYqoK@JT2h=(iJ`feb9L>3Y#<NGt)ag_zo2$RJU2FMgd
zQ5aK)DjOH{Zm)29f1ALfZA8s20PTK$0Rd>aJ(rq?-;g;VB%i#QJ>V!ncF|-*hy01V
z-<|H=i`~91MjB-8hs`+YZP2bMW!XZ5KMbM*Cv5HPYA_^&ZOSp6L0ecXpp+yV79wQa
zKAZP&2M>|WexsUp5QPdR><s)_tT;9FWQmC<0bbyGIGhd5%}LPDB6~oLIwC}hwVZL=
z-7!x=uGPb5Awz%6%LJfAi^?l<{v#{ugy-+GzfdQMsf2rD;7D+(US50n_<lS{d2DH6
z0pE2pdx1W<UvvekNWi-|njze~6&A;|j?(AOK^DIBwfg1D+hJYCaqKOg=&r7AJgUej
z{z!mu{gaFMrSR@sVc{o8y2|4he<llVVX+J0f&qPD@mvKg7oqvF=kQ_gh7ZEXR(q77
z4Gym^$=9%hf$m)$uY3h2MPB?T$yLAr6y<|{Tb3Q!{$TCIkQf!=j<TF=W^sp53R(}h
zNTIkx;BfibBH%MVISE_81gr><O|RkD5WQFcdfX0^i-MvRkF+Ij9*H@OW?3JRwoKQp
z3=R#&O=cx~T)<*AooDwDYaaw-as=EgVIh={{Ti7>0vg<fdqY{}HZeM?1@sUxR6&OW
za0pqPusV*eAO%f@T+GFN#8iRov0GZg(41Pps|JGvJ^pwF+;t_0o}vdh1!ZsKe~LD{
zerA&9KNuRCm{elmN(9D`VDS)>It529bVLcbKqoTbMn49S;dpEABb+3nz?ff9K)QZJ
z5y7&vL`)m+s)I*^2svWg#Aq^ty%!#MqLzQ@?L}?CCZJO4i{Qan*7z+(nbiNj&=kko
zn*c(v+j@$g0*iIVrZ*S&ov^0MgBlY78spTRc8WM+^$_0}tD=w*z7zy{Jiv+2k|CZ{
zcvfd2x)<^8Ug+^>TG-W+2N1EB4CxpS8<$}0i=||MlmmP($Pf&>54;m4K1p$VJ1dq<
z*j&mX*LXHL*xM&s4O~XSnjfQ_goQbg>L+;-SB>}%pmHSN5-<~DT#wZ&=@@VXXQ96+
z`$-Gk$LT0O-8zhA(am70+JT8Urj{#FxsmNCFw&%)z=M}HKb(m}L9BRA?ED11d}zSk
zn4dBM`t6Rw8?p+5Cr>!K1O*JQ0J1GZ90Qa@>vr|P1Ow#a3=Iv5b|fac?{Vr#7$P=f
z{PlC)WCe$11lCQ|Ou~;)ZDGcH6i3DmJ07npMxTmrapyS^t@mOEi76dS-j3l82xCJE
zkexO>d>%Pu9|V*Xy-^abFS!&1+MSZ32XGzF&0$%KyR{g+ot|)#c#B|2R4LK2oyWKg
ztBw<RXRH%vQ=#xkYB++l0FsONy(>TsnoKV7QRJFjV6T9+FElBSVv|EA_IQ-~fj_n#
zhON)wAnxHRf_lRnyhL^<xdKle0IAp3eRaXgnyfAWn=CkFgRU17@JA!glFJL0C@}D*
z{jE0bdpI~a+O6#@Lk}W(U;>9{;1sfnu>CJif+ghSe0_9cheR9(XJp_6bPFkY$ytJE
zBC&YKt4#>>AD~4Owq!!9S9a-9?iUsTfZez*mHEAFkKc)k2C`uRJgWKOnKpD{H}A=+
z?7L@c7;s=VAWbFh;NTzU-i8JxR81QvGVVuXyaNSBOW<m;jhXmr=e86mW;=QdwZvK(
z8JSJYM=mxLY)+>+0y_iA>5V_GJVTK~>JTh6w>_PlfJ+1d)pqz(_%SY_<<vvUfj^9y
ztA)mvty|wf)swilV1*i=wOoHpM`sth1QNo4>xq5uuJ|3Z0z4*BILk<<gUc!Lh@!AY
zlty(%^@Q0LGdQx+#A<>4gf!}0+sdr*$DYfS(bW;pZU!r?j#tOJnYmF}d9W$ly;pLz
z)cZef==Ya7VIhc%4%zMyw#*?P$t5h+8O_W_@>wEmD_heo-LXaqUEPfj*@)pP5!`=9
zxf$32cQgrzzOG+#Z5P8NoI(IA!n9hs;kTiDq0z~e`m-PGCmH;rW%rYd`MZkMc#05A
z5QBgw5g}8|#lu8xHoa8fvV8F1IHKnftT(79hJ8czlAtYyU~ZbcpjTQ_qJ{DnP3b?l
zd@z?JhG!5L1&9ln#y5cyYuK<3BpX(wv@I{Tk;Z%fo)rRr-m}n%7}t;{o!}>WN;Y5I
zw+-tt{lfd3A8T`LxP&wyxiCtU#rZ?daH0%E!IqWCe;=Pl2g_!xg0zf`Jg{ECVjl`g
z$otZ$<}^!%3kQZ!wV=Lc*3@jzXZh{Kry;QAuSM?D^PF%5x}Z(d{nFyb4bo4+f+qgG
z`>v%ZEFKVV>!{kz;KzW)7(palOFtLgjs22~o}~&-wHNA-8*n#7Q+fjV5Hodxx&Xj4
z>oH$eTue;NOpl*D5q{LBdHEUP3ch35s25Q+Mxx|I(F6GCo1;VcQe`M59|i{2Q~l5+
zH({CiA%E|_?^F(C4ZD<RT$+~kEyGHi<^=w2FBSw_uv$hZO69<L{C@u<SaPSNSUsz(
z-}C$S-Ln<vqH_4Jb0K*R`~@w?`u})z{QF1u>qA!m$CB{hn_p-ow^IMlfAR01z~3W<
z<L`a?^A04dtN7i*68b;CL;lG&Rx0n$f&K3vXVtN5{VoIk+~+?B%;;@C%U=ufb-sI#
z%&l<uaf2|S#-DSEU&=at5sPM5@iq9*(s3cF9M+L{;Jk$>1GDUsH=5O>{gG++<<I7Q
zY6{u1=OF>}yuBEAKh{f5n`T1t4Nxjr3p{)8{_p$RR=&nakjjA?FJpl&ddJj1{|9?-
z8CK=i_IrbYii85vp&%eq(hVjcEhya$(%py%qLhG?lz@Opw{&+&Nq2X5?eki??&p5K
zykFk^adWIgkF^#s=N#7<=Q#8CN8ZaOhUMlplYyU+zoLpDP3%2Omzw(RU9uI`4h^)g
z=NotV=}QtPz7(T&`TKhgisT@Dh`&b&KRwgEnC~TU3I5MHDzrVp$WSEI5}|eCS{0nt
z=P-5y1`)0>yuBOe25LvA=xJ^kP;k>UHI=0642BC{HvK!j(c<D$;ZeY}eSFWtVltNN
z`Te`0lg;|u&?G%AY_-1&Str*-`uC}vG$O$wbU(gBqRR{Vu#F(JLy}@}L+-aU?tp|O
zVyhH$rf`QLm-qk#pO9`w2oyk2lgp?FnC5V}5b`2~M!?zLhHx)3KQAW-Ie|#)mV$yp
z?G|{qNHZaHXc~={>|W=8EGhxw$rG4xLGbg7J+S!&WAtSHtW7&kO&uLmRq=@{gZ6La
zQaZKulVS403=;JOyySn^>;`i{FWSw2_R5ryFeK9Zm;J-w_+Wye08^rV=m5^G2!yKO
zp|#2l8x<&nIe#uD25CodM&Pk^8K1Y5bhNeobznb>B~5BTR0`bvcxa{}6?7TMb_E(M
zl$XmE#E7B3!Ej<n7a6JK5Vlk0UMHg(9n)oK_0wV#r*v<{VExQ<q}(1Gt^?kD=P31c
zn_3W7&zonq5aK=Z3K02s#eJ!X{#|iw@N4AbccBx=6sO9$ODv4R2=7yCON%!2J3>#o
zKSGL!$elq$d$4wy>+CKk6FCS03uBPHi-}=WQc`jeaKE{qNI^KXI+PbzP2u`**Z7rT
z_xC#l?#D4IT184{wZzF%#I#EPp1V!v|JX(K3;x1S9zH}t0mG>SF(Z`6ypVq1OjRC~
zj#z<KNELy3j)$Na>1?Nb_Az2*8PM4X{1{>YgaQp_P;v;FT7hnHXdC<hiCg$RI^a4W
z&A8y&+yFg4aOeQLivnge8|s-5JiP}4g*1!9Q~Lh0!JQJ4l#nTGf?mqzj*dBii6bqC
z(A^0|l_rRHks>1sI5^tS?t^4&A&e^jy#1vSB*sA42%+(R`0yyPi=Ra^4BBwPAVV!5
z3&efFaeEIHX6T!FHF3stZg~rmwo#bN)0*bk4+mEHo(ehmcop*q3Q7Xaf4)dOT&eg-
zBw6YNgO*l=*WRSD?6U6%f8XiqTEY?E((-KU+y9ssFj)0L{~9M|4-n$Ld-u{C1S1Y{
z0u%sYa0~~MGY}{uDrtW@_mJ2P>1hUUd2)7EZ=e$vQ3=92$Opni3*-X>kbysU2oWfu
zwFMyC7vOY2JK$9)KO#y`u-FiXp~57f0p!^s5q}FpE6`bk>d_Q*%1K0X-{j-tLkSKE
zL7Z4_kR^fiJrpGKpk{>hjUW?Z5FtXj0@PA2e3ef_`sM@#PD7)op@|PvEuasF?Tg6D
z3of$}O>iIYg^EE$(*%3){OlBFKY}4?G4IT@jf-!01)4fqh{K8@#(J}VjPziDjN!G@
zZTw2L5<lUPC(6pa(5K-L&gdBuLiORpbMTL3{$uk0d+X(b;|hvA0k9Ro6-9(9;6|RB
zovnu;2}G~v;d3D~g%G6YLJ93}_aWpjYQfQl#g&6LC|Cg`;sPZRW|?saY>>`fcBAgP
zY*+-rX;@>##RMN1ECO_HV1b8N4{rM>A})x@VHb)ZF~^iIb9R3I40QM+pA-I)`zCr5
zSu+S+B6zH6pfsinkB&KMMH6fQ)DJmNNI{Di4yCBH^gO6UHVh5%j;|u01R5Ct@C=Ay
zvJClF$frSc+s+lW{v0&BQL;NRX)eHymMwzBB?Z6kke`w_r=D0ibk<LK+pX1)LI6$q
zD&{CK;6FyWmG<9jQ9Tzj%)sHk@DOT2;0r=&dlOz6>B>YwQn5&q2tH;pl+Pi1tOI8f
zj@kpa69<TFGzT=G%*g}&aUMsR5E{bO!KJG?3cXKYqo)=Zn_-<nb@9!}?I8&Gcwp;*
zfdj*ih*yC1JXlK00{xB)Ut#MaODj{-)zHw8jU6iH1)q+saYuTNPaII3U_gXh;U?YK
z-Aw{FM;fCW;y-vk(6c21ZK<=f&!E#1#&=q*cg?l5V78SPdJkxp6B5?o;n2bVKC~Ju
zJCzqt^ec)cWkeBscBW+Uk4c9=(BuB~BOIE^+jYf2G@FXb6YfF?B#pb}A$9xt^Ha#~
zK`skY{h&H<5_k-<vp-*K&@i(xLL&oMgs6ObD=SJqz9<-0KtT$s&@toa5}Wrn7s4PU
z`5WRXmBNP1RDcD7SPlnFY@#i^XQUep1q$Iv-US4u93kg|iCTKH1D!p{#05m65H8Kc
zhQJf*f$|1zn3YR(UI-O*f<YEPDn0F09xqrq;Zzw=E$26jkrH{?t1&+!XutN?HHF(<
z@Lzv%>Q-)c_QTYda6i?8bZU%w6vXo&dk?K)e~ObZFyL_Kba-g!0-}Em`d5;_(_Y?(
zYBpx1Hb{=T+&K+)UI7I?K=|W8b7@jiQr8ijkjokJzK~*o4qxe!K(Nqo&}g8A7JOm2
zz9(o48NoJ?aGFfOJqevO)=-8=q_QCG4ni>3K*#R>uK{|6AELUwu9>RkQav>Oe!tbq
zcKAy7$-lmHwnTH^@#reCo@WjY<4cJ$XeQVuM*r6>+Wbc2^T&<L`jnVR1!ja6hGoIH
zLqvoLyA$dDLM#&!#zT1p79DEkm#bhn<%4nt=gL2D<9!V{>QLK+e$OW<JufQV=riA~
z{o4!Riu@8d$H<TuWE3Ak(+4E9k&-g(=0T+4l!^gH;~)Vt`aNA+JxpF-e@?EIacFSx
z1*{<Gor3EPH4cIdd2w*Dk(psgalkG@@+~+L&Z<yo?ONVNQqBhsJ?UBepgIT@WF(gY
z=a2|SFCZxmR}Y>8Irp3Uq4Wta?-x6*@+zGDG|p$DXY-ASP?Qap^9xH!G00x8(n9(1
zD&uWlo@H|EJr`bqx>W0*ByrCaP4M?aICN+E-J50ptXrLXobF$5dJ`QSdnDfnH!3o-
z24g6QDAh=*eIO*ae}T7!+`6)<b&#@$1gACBaFJ>qvMP}50cq;9##25ZeM4UlGCTso
z%oA|!k--x%bs)pS25Qi7OTU9o4h`4cThK4g0!JCfZLUJ^7<6YmmzFkw+>N&^WO-sy
zph9!WU)U4&5;R_NEDl3{3h7mYaSdcL3G@{Lp<~jioE&<nU^QWzC4(*K<PU(sYFS7w
zn2lGoLmx09o4!QFDxwpUZ-fhZ2bgoAf!Z--Y<(ar3eSys!;xMknSHjbb!)y|B^`6D
zF5(4+T)N>4l%@VG@q!<({KQ@@?Ku55ACizTVSqbw$308h;}|EaVUi@ZZ3MSH$p^#A
z#%agtf!x~=fAsOWXGC3P_vGic{8ImJ#_NZFyHM*ue&=;7lqW%FlMEg%oQWH^ZassP
zs?qOsB53Ba5-044WV-^%A4tUxz<?ZhT*$b@dDa=Ul{7<!={vOGx}P1=g5UEbUItN$
zgs5N7P@&Y$wBlq-9O;OI#0Vll2#w`B(CP-c$%bE<(EbI9m5WeKgS^302ZsaPW2P4g
zmmtBB00A;IRwHBgFvkHmjXshNi(t9P#+GM5?g<wrY+AV8t)WS|+q#upFcVV1FjgM{
z3Oq1sgg6%fHJE{64)@GAk&ua6_=*a{d!)9?#M=aJB2Akie~MC4L6lenLqlKtjEf!V
z{p!bEJL|{KTI!ZZa>zJ2e_vh`FH=o1Pw8@-1P||Lb393EUCQjI=y+;sIdSchuwhFj
zzd_RHyNmsb#5nXs27jz|8O=Y57V~omewcIqKSIkXcewEw#+lTl9zRZqKhXuX_>GNw
zk3axIt7sjd=V)(WmkE^ECcmgX^5QpsWOi5|$8>k=tcA}o|MEGTg9WYv{_bv#Y?4Ff
znJjDm_dJ^c#e0_dj&?T=EDhF^EsyMoYrov8pCWQK&|MyIxO3B7LHtWtk@H%`S*n9A
z)^aEHucBBsCcFDP#jOml&{r~IUE4N|c+$@}V!JX%)tenOLaE|Yb!QihRA!s4Sw6bY
zNvYxwGf{84Jt0uF&MF@0C0$_%9Z)>sioMp^yC5psBU|Q!o;20GzN%=8h4O6mtVR9z
z^5mnB-Y54d=tDJ4Gwa4$FlMPrdl&C;zVb|3igU$6`X;lY&KrvUBT-CnPd@z~?ginV
zBpqjlwszE?*8AkNQfDo*^a_~OxyG;39?XRVI_5npe@vd!ly@w~N|8}<tO}jBv$RtO
zhP$KlE$ltZ@v~(@n}qg}Oyi?YYl6E~BNwri-1q}XNArrx<I=TulCNftbUI|ZomB>m
z%T5>Fc{?M)h*G4@>Zr3t!5+D7;87^#Nbmn9j!I+eo<{lEBYPePfg}{h`t6}D6&yCZ
zXCYsl+hZ!Dy!Y$q%SxxDw6HU(?9`t(=#1!T%UZ_{W!5IB<f}RKY*-s7<F7w=pI}+b
zZLaK|&XTci;Ak)lU_VM16K##3OeZ-o_j5>XM08|NvOe+rn=6>&fkxF$`DOgF!EC|s
z^Pgf*bwMG{IGuqJC<pgm-B<YbP2}1WBgq#BYYhfH+sDJY#x^v|y!{rs!xrXv=!&-Y
zW3d&+IgIiaT`0?!xO<ZHgD&juH=bfJy-Sg6ZS_vuXZs-5lAP~5dz~lDJx_aYu6HXp
z>0{|DE$msZZo}P6C!`-Tl87{H=w1xeIwq~v8?YI+t8rq``TDL_uH(zn5nMNR9NI`O
zGK~+IUKwR?IKgZFfts|*bYwNYEU?VYl2-b@EBE+0v3%@DgXSDXRt{eL{oTiImyxI3
zxjw#c`fn6?b`hKy>sCgw=6d&1o@4SE5{8TS*1ociDB9(;R_ZDRNOf*Zl;)=?pGMB!
zM8#5<ew6ygt6ac{llF7Df*j%R^o8^F+h-R)Dn{k>SCZ<toM-Uu^6&~AXC?j0UP+_3
zKQzA?8r@z^lDe?vevDTFpOlnz7i~`8%ej3tpna;2ao5@)<P3LDUjMT#2Ubg{ZNW@?
zuAQNkjR}8TQ&}u^4r_RVES&4QZ6`fcHc+<{bf}DLwgM-{N{n^BQ)6amcbVChbal8O
zNu($fgOqh8X@A#zazXK(nObSKbw4>cGS{8C|N3#8Vq|4ON9SWAHda`r=c384B^wP2
z)$BPvm^es{WIF=v`aW*#p1pVJZ7O(JU3gwngQe=z-?_X|asMhC^-jim%@EtQr+4+`
zDhAHwlT(oF%KfsEH%g$Dy>lJ`5fVFbJJoAEMa2jmu;}}(?i0(7+tBdDY)XnC>y`47
znN81`L&TD5hK4|<aL1)H2ugwSVPSVu2>Zn-4kl4tL@-jmi9FZ8)ZyYqh5zSW`_$~-
zR;rD|X2TSUqPqphJ;qTh_2~Hge$oZ!w933Tt9&O`@@5G>3xU~4)I2#YqZ9ntj)psW
zsDy(*2v_k(W<(9|oBrUA$Ojv7uqkoDdQV`+O_o#8d?4>@pg{$wU`~Kt>2WLW>}YLP
z{PFpqh(WmYhcxr8$izN5`VHQCvbMox4f4E39O<{6G!HcU)F|~|HMT!`ChHxx8XkNw
z`IMBPwkJo1Zb2sFs)w4uhE<`1v4(n_TD-HVNX6o;kz#V+B9A+B%!lDbZby2|^@K19
zLj}_7eR*t}9V5>Z2cu;QkHe<bT{y={okVrDIsMC4BgTp^?Y0hVIsAN@@?N91*CmJV
z%cm&gk3&&CmGNv;D)_ba9S5AEFN3|G53lF#7ClAz@;OgOHEODt-qbU+IQXMn=9Ym3
zjgx?CV25sBDmO}@|3<RhuE7;)3bLN^cMLS9rJb=t!7n1|7G5=exVAcC$*gTAE6B_z
z(i!yYCC#eO)X=HK{Zf_fXW=;SXmzJc1*2EijY$fmCHh&<C!V~Ost<~ePYfzz)Uet7
z8kSP<qCul`-Q1drH>4--Ro(Bc^=*on^!S$iG?$SC!XCbG&F%W9PVVkeWiE6@((WRt
zpY3vHikd?$vRT_3MmC*U%PX*_n<CIh{97qC#qY*S;YSlI+<cR7LiUJuTG8fin9n;C
z<(Jt8!r?f*Tlp+JXQVN)p8awWN8;@6PxWM)M?Yqjgtu{dw%YEjORUZWX!vTQ_#M&(
zuU67pI*REful(%%h-<l%I$zhlFBX4gs>dp#nD2|N0nV?bv-_6ZIpuuRF>R82F{xcS
zyRtYM>+Vej3m7dwm04?22-mr6l6?w@gft`)`uDZGw_iFAy{dIYzn*^7wmkJryz@8o
zp15ZUNTqq!a>+()wYoBSr^t;|N0S%C9DIAlBF3w<Ary8S>G$UkS5OaTnaH~q&AXd6
zY2YRM0pjzEf(xA@6mC^<T;{p9!+Qz>>F4k4Ooume)-BMm$)p^9F22i{Zgdrc$(Mzp
z@|3PEivA2*dcG*rVY{-LuD@RX)5+__shmf}*1ME0hfOC!0l(eH56qRvVy$uS6T3-C
z^>=Ch9uJkN!Oe{u3YWrW+kYyT_ziQcn7ZdjSa$MHPaYvPQTA&Q0;0cv**+&!SU1?x
z(ji!K7_^}0^i9_AO6Xg(w0=<GLE*yb5kx|{VN<AS^&W>?k#6u*gjM{B_6q}nV*S__
ziAPZ_Sm^>GRke7S)THNQ=5_(GhgT@NzeSUoVY!b|UKI?fTI$){`99l}VopHIt5iFs
z!_ph&=vhwH`l7XGE_Hs=vd8`zoAdfbm$7Vv7ZlRndA2U@`~d?mB~c5{TE9!)%>S`a
z6-`dvm1xj&_;l=Ojt14dlqJ=(G(JWO`;4SU$?<+{0N5~74QcYb^Vtic7~o`N8(AnB
zJDzf!eZydEpL;i@))stgJ^XR}8{DE^8x@>}g`$y&Uzyyk<IK+<J7JxXP<~e&`S>DZ
z6y^KsuFJgUZr0|3`BlIXtLWP@KTj5J9O}8&8)50McPiFZ9%i{=>R`eB+RZ=3fQ;6g
zgI-MgOW5Xc!WJgs>EVMAyX)rhJ<CLcxr70n_pwyP;}1t<TwFi0<f(j^X9^jFg(*F0
zv1a7;WD$Cn>n20=Q86u>lM9P`e*XBAqFKE@OKLfvRPlCfeVX+`KDXa8HY?$A7)g>E
z<DeVewYaQvUHyKXg8~Nq0YSM$onK#^O%549ba0Rob@ztWu``~L)IM*%=U^&YxqEYF
zVaMfE>bV%+;qsSCoXAHh^+gu>oYTHc<O@4DZ0-km=b2~gKQvO7&*w6U3rk8I4t{_&
zCOUbF#)M(A(h|oK=~A&RcpZ8p#+$a-nG9N)Dz`|F*+P|^DY93}WgU1`G)>Qz5~Yj=
zdGX2IM3of8Kk`MOoo}5u@Wuvmz1x1CrY&K--r<Rd3FqjW*@UfBK-%p{BQWslue10y
z!-9ey{TMpH4g)E$<j$+#<o${Lt`oNIkyU;@F2ZkOdJ0;wKVc3+Hu5}Nu4u{(x+kI-
z0-<?$xL#bn`l{ETkYZ|lR^276tMl3FtCtq7=ib>dN!^AqXE_5;9}o4U#g9mLTb!x$
zuJ_q<GSIJSO0CLrl440dN@=|3th46v{)9ZTn*7{~-F<q!a`wWQU1HaYOrmRw-eSa0
zj*m`BrUypfx$KGuA6<<4xi!7$fR<6b-<yMJI8*cX2@7di?BjDTHH_BvIz3A^8sAR7
z&<6}8bJHyraS6goLaRS`WenzQf5%EWWWE`MTgIh$9u;@Elr1T-^bU!MVO|2p*(P~>
zpzgUq`$Tf4Uk9c<s?CqJrq5*ikzn|X==o$S{TNYH+{AT_L`k=u!`RVlz_8vEv_99}
z7;=8+m+{8mE7-J>Iw&kdFU6eaiBct4pAB;*jQNp=(mh*tx`s9bO84m&bsr78<X(!K
z1>^4GS-W_ie0_Xx^J%C`q18hw0w<=@_J}x2L%G4~Pn!h{cf)oKa22;=3E%@0cMN_?
z&a_b`)z4q=m0(=OAFJt;sy92g`Z*JDoY;`*QcU}$Y7~1xeK-iMcs}JTJp7)*k33kv
z-ThPbE?@aLBy@}~TPQEBs*LqsxLk`nMLCAN(*Gv75}U){T0Ywy(u;4FA9Y9^&kDww
ze4GFesF(4y-?rdXmX)M~Ha9zvmdfQU_Sn2l#jGrk!H+7wlPQNdD8gUm<}D2yCJ)wq
z$?)LRr0FRY2Z93K_vSn+)}8j1-W@h4d-ytBB3sJ_w{l+6{aV^_DHDwLy}3wAqT-P}
zdlp-1_L829Q%&?+ei}9USJPY8!QIxk_nlG|PiE1g!B`&7TIF`-F6d&WN!4#Qo=VJB
z$Ze(S-M?rrGCf>Is9|$>T<w8PQf$S;s`ge7*~`x7Ux*&=Itdtb#3U+qB@7H#y5TPV
zPbNl;mni&(3;)$U_CVTge)_z*HZl&DRAQ&!maGhN_cd2k%-{ml?+>jsw_4uas7>W=
zsF?MZcAUOKv6|lYeZ|aW+G#b?LA#G9oka2X4Tjd9rs0n7W$JD}K4&MZy}FWohGS}j
zwWliiC?;vT9L@d8;b(NO=O4<Zp0!!#b5h-3TvW0P>|UIFA7c5E!K{9uXv9y9R{00s
z&iB=w&l%@|<;Q-3KL%>K&xS|yB}MO)cRybDvH48->Jjf%#TyJZPi0mTv=hHy?XG@%
zn{4qm>Sr2JY}Ci=?{3`o-_hN#K%shl57on=ef!kKB?x#CC!K?{V<xdNL@J?g+j#=Y
zf7el5M8jVTXcgpiR$+KVzE`&MJy23bffkpd2wl4~^7BgMTN<jnDN4^p3osx1I`K`J
zbrjD`j2;=AvU`y4xeU?V<72pJVa>`?X~3c#k{403xFj3++z4M#-7WU_D}IN`l5C8s
zc9VqZ+QLo-2G$@p%S8-xifFPh%T?EXVK(<4_;z#tmkrhi%SQsro2x!0pK*Ffs*2%P
zl8McDm5dE)4aOaDZq&Co*L6CdIbk+t1;#twBv5y&8&1xsw%9F?B{?(ObFooVM9Ze6
zjP+GuB^u-W=Pg-2*m~7?V=wyoTwTGNQ(0O3$`$E}NaEODMl(KrE#@ogucyLw=zd+H
zUU_&y+ReIdt}@)6|3f{x%Gf>0z>=||vN1#UnFD(h_J^~4(LDD7%crqZWe_onAk0L?
z#3*@qsE-v#c?%pjy~v@Ud{gAg6)ZBr8tFWJHv2J`DA%%~BGV_^`jT`CnGBF3g8D)(
ztqZe8AW>`KDxVo|GV}qL7MdqD`ZCLvD{~AL8hJtQU(glot=R<@m^}6*aJES?jgm*S
zq;ai-*4+*~QhO>&XUidB5nY{y_06fkIHFw&DSny`+p{{asYX%Lt*)*v_LR~x#yUiQ
zn$VoW#evEmy-uV5{IB?06#lU?qC{brfM(sAj*fuP)-cWTy=y5}eM=HitU>R8ysRD@
zBloPX^6(Kr@gv{H#HEp{86Nf(avOiz`g;`tdqDYOWh}>^NT{7s+x!yq&Vm%Q??4%B
zGQ98gflHkz1U05>DKhal&~}!^VP%k9%T6R4gL2tBE4`Mf`E`*fJ2Jp1A~NfsH;2fT
zxs;V7zu@7_BWTX(sCnjVqOJnP7zB5`I!URp|MQ5A>Prz@*b{=YFMYka30FLcHDZeM
z4;OBY9UYqN6-U%bL{*%Onw{Mo()Q|9c&1~{p3P4g`|3FJdLxR6^Tn)Ap(lA(W&=?e
zD}iEnIO%-VcU`Rj?(cs7`Xpi0@+JM$+mzPP%RFdbHJ)h15?a5@Zn{JqZb`-1)3U%p
zupl>nWqo;XkJpVQ=0#fK;q+4+h3?!9`@9t47X+E#l&s$Q6b0+$SZ!JH-tuhY!q_=8
znwVJ9oyqCWJh9}bJ65bK#v6LMS+$AAW<nfhS6|hqM<9O8*OmP7iX5lfw_fMt?{Z}*
z)UIT7i}Rwj-DY_EmM8D~)IuZmW}Cd&(H(gw=00x|;aRZ1pstHdn%vwmUugBJ!@!Zt
z`>uZ1o~?$mGiA!e{BAGb{FoI@qKE$Mh=chiPd6)L(MbQ2ItvOGbQ;D*o895P6OzcX
z=#o7%g1O9p!*<vFvix$N>vF{kp-W?{sCws^Zj<F{g>@?78>L}wr3x;=Mh-igi&|H3
z?#<5Eh4wNq-PP|-c-ts|-EgLg#>v95941cNKy5I#abjIi7V)d#Q+tkboJeq_UXoA$
z>i+HHA39e%UG1Z-p6tIU_{0`pA@vf2wdZHLO27kk&_%9n-mYpx8Q|mowUFb@Zu09*
zmT=%5s_7-(In1Sgo$hy*Cpo5kWN}MkE3>UT>;2)_W9|eZB3IlZ1gZGA(J?V+L8Q@T
zr#U5>*Y*n(V7Hn@C|F<51@^k9v!qCmACbKB)F5m67@Fpg|A^`%9#fryhTqh&k(^?#
z4H0BSZ5)2k1Fz{tt<Zc1m$${y4w0J@nO$uKhzLe<9n<cujEd*cDqBs~T!vhB(}cp6
zEt~L;L61mC(hHp)T&(wf&${HBrI@cv2Suu>ZE2y&($o;6y{F;;=2EKArfyY8pNUK<
zWi^~YQ7&4p`he@sSk$!}X@=rQ!Q~xHEw-UJtzYc4hq=_3_;gdoX>YAHsWsejZjq^s
z^{db`bb_hH`B+-E?WOm%Fsl*9pezcRPAcI5Z4kixd{6zYN7hb?Y&|+@8U70D&f=&q
z*6L8Vebqxq5kG};b*Dg2D4eWZ$5wo(od%^1LA?sT*1T{k0xmi8S{x0fCk)Imxbf}u
zbE5V$S3A(r^~{Zoj~d&x{+?DCaAW=O(B3)Oy!i8USz5@4Ctay40#P+jyrQ4C|2$Iq
z%@OYYRjT7)-a{nxhQWoA)vUGiR}KERZf>fIwtY4CtPEq45X+M>pLx`VC0wzn>LVhK
zH(_JK8^WbJV<kJsczn*6wrgytU(w!H=3WCzJuWR8bn3!kp%((Uux^n_ph*aW2HsG`
zo5T;}XrbEMU3ceJeDq9pDaXw!o@y@{Rk&ANm43B-(x~-eSJ`4g)1c0wRu_+S1>>8p
z>S!2c>xHn_Y#UZoY^@)w-?X<CEJv>TD`tE$@^HpQ9pmw>|5y*oknJ^*KckO-7o<)-
zDy~XnyPBc+yfb$se1Zmk>XuJ&@bkyU9rL>;lFaCi>aJo+^7Qae$9{YOE2=&Q+JMu_
zocL{;WPPB?PkTGhM*5*eub3`7Eon)6Gx<|askWHb{+^p1<=!=Vrf*u=*5cz(G42u+
zK_7WgGL&Z|x~SsD0;J)Y$~BMk$_e_@<IT1nwLEuDVoVsik|~rRl0VJ;(kz#PD)aTt
zb#n|ye+_pP>9~s1=au*g<y<=#0sPReVvaExC{$>Dn-%BHB$bHXdjk~bec=Z)8AXvo
z2KWW9`?U8Ki;L1<ZwBj0d||x|u)pdj?;TB>NZO*<u0tvO2%Av!cY#2ky2GL#ep{UQ
zxtps}o?T2kLy^!eM&(O@MLXEU{SXj<1|#|c{M#ej+<fP|tx`P={@)c-DFvK&@0heJ
zqqvRdhK6MfZ}kKUZPYj2EE`FK?Ek)jP!W|#V0X&+o0T_KQ{U*I1+*t#O$Ct(wwyBl
z$pJ?~R!(+tWS0me@vy3r#8n&%RqT@`BcFO)aCbE{89sX6ARSTH;2(toov~BfHxnb+
z^@yQVQ^CA{2cc3@TG88nEPk+TwHA(3c9YhbDudp6Waq>$BL`XF-FDVXjx*7>a(5kY
zID~w4ch4@7-=C3)M4^pd@oyWvDIUmMr2ZIlq6;TeLY3l)axzE1R?E2Kt?a~Cdf52u
zA8L)gl!lq)S~@>Wymjv@wXi1zV}F%I@ojK_O`Qydh<5>czS7YHE(zfc+X92}V!Up)
zjG_^RMYC_Zii!k|_4?P^;FzV4gjc<nMw^Q;%3HQ!U5xy_a@ukBlCRfmD4t0%!{QE$
zr=U=b{y^?M<(C$XeT#8Gf-zvfq58|C+(1rLs%R#{$RI~~kRtSP(U8LU#aJeq=oO3=
zq43f^rH_t$!C$nf@5A293*sb`Oi=xb%hdl^oDYOfUZei@oLbSWX{`@vY%LviD}Lzd
zk$a}^Hb&Oi!%=27xF_Xx#H(%2y0JHX#x>fwA$^%t(t&q4=gfk#;N$4vnRyZJjFz+|
zg-FHW>IE`#CWl)0&S9y$Az?=CyEvamjh(l<a_@O(ebgUotv4GUYaV-8q^xd}Hv7ye
zEL0#R#E9+eUR;*nRBON;ds_{7Q0JGiT{3s$TG7uAH7sNv+-eD*pOzL%l&(bmmaMKu
zTnj}x?PtEMmffFMvi)8=$1ti@yoLTjC<$p<k2DTP<pQj+LRAU2j!&R3EgSuHZ0!Bv
z-?tnebkkVy*_~X1Dl$Tf2G_HxsqHQlb+NJSNy*GlPSX$GU4p5C)cpl2JbGnzJ{chH
z-laY*c=;5l8b}}T>))Aq<${8-di3%#IgcI7%FWKJ7tLY>t!elej(dJ*xPx5%yH?w3
z^^7kZ5k;Dh>=gG>fMq*1Wg_%|jK}FS44%S(4G*vuSt2DAGvvMW{@Izq21gt_^=mZC
zpQ%$+a>HMrSpV)HC&Jip^F_HZVqWI*r4RizCGK}plZwR^zxU`oa&@gi6h-PZtyZ=|
z`S`a+iTL+18kv&^^V@S3KS<`DTIsJJRe&C!qkWeW>scYwl-D~9Rx7t~ws}_zTa7gE
zd)!8xBK<`&H(X4a+xpw(i+OdL-<*!?Gk|c3uF@KVE(;MR|BLDv0Rve@+(<*~4sEYQ
zmQ=3ty>%(|79t0?qC=c(sY>~oC;bLz@}U9)&NPu4d$a@jlCAlyCQ5kq;FMUJ7T51c
z(05&PcctMZtm<r!Wkr?J)m1t?UQN~?ISg0AL|c#__N5}|K5&$dmW%@plQAWm0D2?*
zBekg6`9&*^-sn84u+tZXo%2gu0fmi-4`gDlJ7Uf<nAiJrFIKgf*(1q$+F}1g)yg!r
z3mFedR8V=~a9jc|t94n{Pkc>F)49n}D|^lt89vu_eye3Wj;Ti7Bn&q>o^wr3roC=g
zpR=Y(>At_ey#6%LYAwR=ft?yg^J3wC$Y=dKizPbhOm;6BSK5lAm}ed2Atu?2Ex=^Q
z?2namV(Mpb{qcpCPnu@Cc0JsRe;+rz+tGSbX{22^Hr?U4(g5|KcyLpH8wG#GPw%*S
zMx{`IEXr(K-R=R=JzUL(QIn|_A%_?MhM!$0KfuUit{`qd!X(La&y=a)7h;a^EiHX7
zsrjnpB^`kOrW*nZuciOoyB;-YLUV5+OXDbZsn??)t^DJli!HG`bgsO3F>h&O(R5Zn
zD}@vw3*L4`u*peCcLG&?z=Yhne7aHk!9u|um%YVCo7L_}*p3~szS`Aqy-wJju@)B<
z+z0QI6N|}c-iYEl3rob#3&Euc379su__r6}8Ynj>FsuHYK3bOtVPG^*)Y<}PwnzzR
zAsQ;vFJhhXFFKq&HfoFH2<iQd2VsNa{<68>sXl2qbK_jXl|K%-bDDh41&H^2`sd>&
z*WEi}olWTkF}ScVx1e!%mBw~T9*^7XpkGOpJIvK-lH6Cz<su>+6pX;a4b0t}=o6?L
za~z3t<kL<STDlQegqiS&jtkt^jia}DD?Fy9s!?%KWCBZ0+j;|+rBub{R~s*GFllP<
z?I{YXlRvX^V!~m&{cAK9Y}@u$Ag!ex`_@)s;eKC20-vipZ++f)tfp{a0^XL*gv(<z
z&$-yix+I$)Bbpz6sw~Qlzo(wu%#X78EV%2sF#anXluW1HeJ9_KTQjLSvR%}Vo7?bW
zcM@FkL_Kinb4)g^c-muS#(sY~Y;^5#NZsZ9n3`9DzvU~<8Nb?SNKejUncz7?sWdHH
zmH`WYbXEs33Hv&Rb)m*wM&m_?!<!Tm!V#5hVb?0_f8{2K?5(hdRKJNDtOM!a0jm}C
z06Ss+Xi2=?j#0|@{$iyp*+I;sl|t27S8yE*f+(67l`zh!zZ~*S6aKz`L!-a)jGrx8
z?y5=v^$P=syS1?x-{d%?nW*))s)O%^treVh8^0+P5ZcE|T3o1o8Y?~9!};g{FI(sL
zo}zF@K(hLCg{a7&@}<L#`XxhRH%lKSX8c6>k8Xo;RV3FtMjotO+qJB-SXFWz;`}u5
zjREe;XeycVTUSCno=X!Xv}9j=No4nCa`mladOp2~PB&oz@0X1{IuqAKn>|4%fhC9S
z-66suKcN<t_KORu<+sB_at~be@Wg9yvnyMlyF)60VS%V+S|=cT`6X*y0cL_vIF);}
z=#(e*{CC-=$ka~!23__EO#{uPyl3B8O@v-~uNoM(K7{CNdgAb<po(KG+=xDe$^n$>
z3i|=p)~wpBRrXQL-B}*YBHG=CE~Cd=>tiNsokveT>>MuQ^%SWm*b7jM#H<cj+zU#L
zVhRq{(i=^qrVDP}C#<qA;6HRSW!Lb2wym?Dz%@d`!o=hIgMtDiiKwXfF3A-+pfZ6P
z)M{L()dODtYiifWM{7Yc`!LX9!XvWJxIm4Uh4O7S$Loc$RV5fIYEOF279=a1>83Kj
zJxTRkQoK}412{4lzG`_Mm7UI!xNtaOh=()IgFZ9JCm?Z7+3{W!_Dn^lL4mSTj@2!d
zLbD{*!CdIsjDVQnSC+XsOt#eJjh5)-D2j?p8yp9awZ&Rb&r;^)=K2J<S!fOVD>C3S
z;9u|Pf7>+7W4*^9`9<InOzPZ&gAZ+O-_`PHD$^B(JI783Ds&oMvy}dE{AZldF79Nm
z*M1N;l2D|m-Ax-y(NpFjaNky<=kP6gu<e!bGt&G-;fTRE6g5v8aeZj?%+Ib^y^#+c
zy~eaq1u?LpVoRu4b;pWR3I+uupY(cU3V10pHT@sV3d$i8o>y$si1Wg%GBEYLH?vp;
zrdD=4Pn2{OqnCNMWuU`rfo=O`W}L|TAD1H`j2Faov0?~WP^${)yC}Z3mSFwz$WW*Q
zOZdX*s$*stK_!KFiBTMvjydat{iFn!vJ?Jo`})nkFV_!B2D=j8@=*=H-{=l39-cp{
zrM)=lFoXU|i07fUF@F45K-snfiaGmsqs{2PD%q-Ex@*DRxODE$71QuTT}Qmjr2a3N
zr)sv&>P;W}1;%33fdMa-B!J76CznC~E&mE)ChoMK<b~VVWV3DP=b?<LxrB*`kSDxJ
z4Du>}Y)uvccX<acD!dW4(|z%mrw1rBR4=hC^;_7y97~c@B%MW$(@x#X_&-X^$IkZ^
z8(iJVPO;{Y7Ia|sxwCD$Z<wW0hO({B)UZ%MV92s}6(n`Qo!c^|(oi>DG1w-)@^d&Z
zU&9i)KJj$|HNjC6{gCEi)t_3J)`9|udOC*oLd4HA%Gvj8^YM>6(uowe0xqz<nRtt3
zLN5DJS|NHq!^_~q$IhxzlLY0P27+c}5oFp{ri;H~)<4gk*1zymCu!&N?Z8>kk}iFZ
z-d*H@joaTi(lyYZrce`lS-_VCE>1{-y@R{^WMsuqrX@6-VmIed+s5LNGiQZc!Q5n8
zf}`ykkqi2O-g(q98^iR_nfK_D1Dk8BUPGpDygo~~3YxyYGga$R_{1^?fnqj&KzMQ-
zC1dMbX;eOP`c>gLG{KjQE(Vh}V6!mAigE02d;I*&fX+LAGR}Z)fP3B9d#gQ*g`aJg
zJ3Kh|0r6L{J8Ztk@3urgj4-0oA;~wrd&*_K7nOdNh)&j|W2!tWT4SDx$awiv=8im*
zM$NZoxkIa+ehbs*4Ypcogbyrkq}Bc&$z5j_@rS{?1e=9kYUjP*ajx$&l&iU>8`-p`
zbWz4!j~QcKlj*6&!Y@{hj>f1B7j3x&5*(VIdat|&rIUd|JvKPS)2sI5MMUe<fr8)M
zPDPA{PObs)?DPsi>NPmc5B%j#hjDM_1O^H^#L)nrU$oqt({{X#P1;`XR~2f$S-%Is
zc;>i;+(rn+Lhn7QZD=<MaCUayY+R2r94sM&-Y8(K1&#6*vP`Eaxv;O`MioN4p8n9x
zhy3LO;HVs<Ts_vi47`oWf;;9z?_yBK{fH!?v(j|Pwo1ErvxsGMMD@_In!nKO)RSx6
zjZ2|Z>~7^3ZZ`&h5{{N-R`5`8VQdrnz~h18<*4@2=fqcH>_+YD?ats&!J#^ZgS!wN
z@hjJO9SZo$Rc(5#>)-A-5s0lzq{7NAbGIa?cU^wSDnwYy<o#&7<I|pGXc-ftlQJVT
zud%7(-g|hjW?%SMnWJ3WT$;EP%*f<g_nWDc?A#X=EIf9&#jxN}daSX`tx@7agpG~8
zB2hRVYiVy^tLwB;WXKt{_^W~}xw3D1a?PV&yLoIM!qz0bosF;N>*_p5(D7p!po8yw
zIi&fW=c#{xdy%fvJ;h(!-mRi%xZuVo8ih3UroX72`w59t7;ehpkx#KR<sUKaAK)aC
z9Eg;-OEahHuKLFiK62W;NnuwZ=e@6d>4xmDJB^Nc<v|9<PC5FT*W@wprDjW<y@FgZ
zP1UIfGyYw0>4TY1=-pbyq&p{$DU#Xrcf$E)i<m0Yv8bR;6L7*&*QP7(nDn8$MQ`FZ
z22i9xT_NANFIcBBuxHvU92v?w3S=`JOQ#cZ5%Pz`EftestSq(oujE(sE9N*%qtY-7
zKAFMw{#VWuKK;(f&U#-KJZAOiv(uxE?Sy(58o_@9Y261$%PeI(Q`h-VHlDz|H#&w)
zn!e=H?^MYw!P9~K!~GREYzm&YfOXBP<c!d8KlOj?^_Y-lNt~56lZgU{$nn!$`<E>M
zSX!+dSi+P^=yG|Zncm33wU?<cKN!i;uo$eV7MhMf*VIITlrbr@v~-7t3TJnHy_fx%
zljqyZ0uh2bG&hg;<bKt9LR)xHsGioGbl$n;U$OD?mn`NY-h~)5;H?eVGa;&_5V34n
z=cTxOBHE8)sJyrJmEl@oqwc%=cRCJ!4h2Q(=}iaGBQ6yh|6El6EHvBuoY0=qgCz@1
zbJIHaxahLi+;~#xb`d5(VGY8hVoJN?T~$i#)+FK|-y!9*^ZO7&v%Q@_J@}}rIV5GF
zx0pT)o4n2-4ugt=!~YpjnubWsS>4w>v5kPCA(=?i?hr3x59w&nz(6iq>6od}eeYcD
z+51t2<9=~X%v!G(`ct@|)3(kyCtGis!p3!uXOF@s->B5}7|UsYv6JM9dg5Lb$F*@1
z)PBaGgH>QtPESiN%QNOEXSf^`&El`iySQBF6dd>5gXVyf?ar>8C(cN6q&f>z3o<;w
z9=>oJz~NZZw(<4T?TfuR7t5V1Bw!H2H=IH5<lXbZ;~r!YU>QgtM-3NBvX!X10;Trr
z>P$t*!}&#pAZZSK`nnX|7d8Ds{ZR+=wvI@^dHx*R1e@*9{0qAlsi5Fk{_;kz<o*NP
zpphPOeM-vxfIU#tJUqAO<n%NGpQ*r`w!VyPyCnKbgSMBCHJyo2P}|`<3<=?T)Bi+H
z+yg{gCHzR*{rsDII|kdKJ<y7&=;^O7+p-NI9mZJbl)St{b3gxiuRcxXH(vgVwU4{n
zw9HD*orroLEi#o*w_{lrIcr;(m-U0`YXwQgpk;9zp8@!nPrwP<&<>oxhRN8Fzh0s6
zzogvGi|`_vO#w0nY6a5ePJzD)C0|2-eG`lw0pq4ir-9Y{>}?s-i+|4XpFd_Y=^lg(
zBhnJvH>nPt+7zSP^nshB$ROV>D_0!+`SYKx_2<pP+ESsn-BkcZiDo*wyD8shY~eon
zpRfJTELqnPS%Uw3HH-hNZTIKp?rO;WuXjv&_~pX?R{843`zyNl=Osle{v-SP=QnI|
z{HrDQ=XHa#=>Dpm{&~?L7fFxEf8Q?h_sr}6_ZI%ItU{Q9hZ1zj6aC6!mL%pXS=Zr#
zp6^9~fPZT~rC2t5l`a#TQfdQW#XHgs`@6gG^R3LXKV{<ii8TIezunCmnC+`#uJ{!r
z&!_@e=jZb8GpdaX&ZY$cp<`jk2^t56)+1wMu~KAw77H6e?)(ixvr|)V>$UGtQ`gTO
z7{s|qz|cE4kZ=HPQDQzlJUl!-Gb5@!bt`HblZ1U@x7yRf+E(wNiFs}K;D5Fz9CJ=b
z*4noI{`Yf|QCnS&akAe;wa8Od=3{q;OZr0E&Wsua7MI-)?Ur;)1olk=rq|sMZpL9!
zRA<JNt}P!xiLRr!IRs{y+Qr;eDr2vO(By5**YDf9{AaHt>R?g)*V=gPm!86C-!=h*
z?s&!N&T0=yNb^qM@$S}EUE}a^Y_CHlfcd8uBCH4Nffm4KwDmGLIAneKz^$SJ1}f*c
z$#2=lPErY59*B;0*8CCj{qq`*pU6R*4e0ASfgHNyXQ$up(rzywVSZ+M75wSbrz_x)
z{MT2LCwAN0w-@NhmHjSXC(z1KRw^|kgYn+p@9K;q!yj-Pa%?sqgFP}0I6gkivERo!
z+F80*RfT%Wb0g<HQWVv!eoN{zPzyE86LuY5prj1;6TLBrT@xE%ruP{k==j}E;;=qi
zWNB^N&ay{kyS!0r-!qVBO>%{DFWYdEpV!tTu*>kcDcSv;5vle_MzQNpp70>QvSU?+
z=y*3AuY~E+NU1X|{J_Neyhxn7K;CN%jH@VLMfS}|d47&3n}cYR=h1EiryfqJ{mG-5
z3JW(Cl7{zB#;Mrz741sjQ)IR@-Hgj)S|Om^_sSE}#%{$wmzYoC)p|gP;&58<2wv++
zKa=!}Zx&jVd#V`*hr!Q)uk|8HOb<(BE%EuZFek^)($eiUKJ(4xp*~Xn8`XOmQIT*9
zU@K&NnT}i?+q^Ow>l}tS63bsSxJioxcPlfsCf=Myw9iFV(Eiu1e!3N`#xyh{Cs1M!
zBVl)8Pov)EcR|Rp^NX1=k!<$l@@cyP$0y)cyYL*nR(D&xtiI9}^Zs>jA<z1Rh3&OE
z=!mnJS$M%K&=(5HTc>@e$hA)U#5dxo-ergKdjqhuHEVvd{8P^3wY|g16sB;rKV2KY
zK0Pr}70Bk6o7w|;;Jwu$R>O_uXddT)4r$w|_B&aVzy{eCP`~i?@$7q)f&58@xsIq#
zg~Y~@y$a+0AN4<TG^}?9EY%%t9~gATB%UP(b|*S>iQzGK^mGa!d=w^q13*j>?hGxj
zjNt|V;`NC-Nu3BqnKaC)wT5MB9{9Y#pkVnJzh2%-71$eZw2cp0w=t`ex8&sM%EcHV
zT}@5Q6}s(18pwSGPfq7(zh_~f7-T|(2UL5Gn!`*6kFI14*`cI`#y=TPG>=nP^(n6M
zi_Eh+{qjd4@(gqs;`*uo+1a9kI}b0iL9j5CZ(Lv3EC&Vf!N$syrPmEEr_|UAu0G)B
zjTCL}zgwRzkEhVR@{FqT;3Ldk$ffDqg6N_s&~f|vLb=8r{B427Gk$gvoJ*96n0;?6
zs9laZE=v}g4nLZy_8dGV_D54EJK+U<Bg)BxQxO;xCgL{)cGDdo5F7=(-re6fSn1cu
zF}5XKFFO`g$W%oIkrgTiwL(%T4CUtLq9|5cQY~|twP9_7x7RqlUM2z~j7GonuR&3>
zEbTT36qHWPE<TUiBfEw@e!U7nXNH467(;0Mbb5U{jmC4>0Dv{vzcNr9ax<}_DRb4I
zYn-O4Gw{sym~}g4(Eio?e->nh8Ro491_d_O?f<Nn;NC+a5B}fTs3-t|&*M2e238}8
zAz_gX<+(O?9OM5W6|}0;mwyG5Y?T=r(lJ8?ERmT^1%x*yq=Ra_9H-lh@@iR8pw!hp
z+qyWOg$=`0dDq$!5;_dt>$w-6PBs#ioekZ7?0c&`ttwsX)Cv03Sj<k|tz<Jemu=6R
zx)myCAT0@1RVZLuo|gpI9WEH+;ATzC&3&xa{F!EOq}z(mpqkGO1p+w$0{6H_SNChU
zKC+OxeVlc@4fyO|$ih&+B_-w99HI-79+88=;#vDECb=#_6VkqQ^v9;}4`0M=Bjzyi
zfuSNf8tMFNul&$1g2cc#<-Q-#%W;=Bg+KdCaBwgSF=oFVw`VuCxHfAf;dwh@Zf4Zw
zeS;Y2w*xCYRyYm~c?|fiYVP#8AlP!3MtyRsUcAUuCE3QP!JQ2am@g7ERDjupa13xn
zH5IPM=FX@7g#N-G@#$)sUT8q!{_OOMg^dj|9Cdny(tNN#?oK4A45lgnw|!Vkxq=^Y
zcyJ(-C~S+*s9poW7VGH!{r%}wDYDd;IXIQ(gTbyN7K}|L8fSv*_o+E<z3F@(c$b55
z)w@5M+i|Pn_oYukK^|R(Wu{Gdcz8{LJ(W~YJ*1J0tpUD`r7h#bS+P*Uy~!)~0u_D6
zAQnkRKoCw6Yj0!q?loJJRoAdu|DUqopVhOf6v(bhhtLq%@ta2^=7S8r2egS@qSM0u
z4yL~z4%xb(r}c>`D-%meNx^3wZYXN`g>lZHIb3v(0^&P$jkGrk?N)`Bmg5H8HHFsJ
zMz3DG1|XHW<W=%a<y(9q2*ufY<)H62D-%=fE(s@&>tu~upm~8Zxc`sd@2ws<c4<cm
z%%l7eIC-FudG{un>%Pu^-Cf|q6Iyr8QEYE*eXGZ9hpOr*CTvSkIc<YcDAi(|B=OJ-
zngBKd2+*cQ-w#ex7@+h_Ow<Vwgo2eNXViJu+%E!VbzNx(Za}xywYIj-MH^JV1(3(6
z?YL^GG_!Q)aG}cnvXfLSe|<`=V1kUOPkS-U*1^b`DGIb7AP=;*wl>*6B$0}#ql4$D
zy``n5x$D{!rnmJ<dGj*mL$&!%xk>GoutC(Fa;`vRXL-~XIlM>pUoOX%`QAhQ2=I$g
zfm-l8UCqALt`c<G)tM`wdZO)e-ymvEAG9{?DY+#_E3MhaH4O~YVB|d%Th)`Y#iGD`
zWKj9}01V!G---}0SR?EE5*ypG{A5hK<{&3stvq;<P2Xzj;2P)yh(R31W3@uaTs8pg
z5I;UQEELG0Cg}O%M+;ixd!o*@#fX@gs0P@<X!6d=XgFO6%>(x}lexAi5s9{EEn#$$
zdC8KBWx8~g=M`S<mF9P}#|0bw&VpIS{if@hLk<p)x*?PRccOTsNJ*d1Zgr;EAZ`xQ
zICtTeyR51f!LPT3`C1KnHg=Z;TC%a<%K|{kZe`%PjLhxPSXXc0(Da;#D!`y$W!n5-
z!QX!tYRi1{;f1{48JQh2N02L0Ddf9B1S7$ulEfU^BL^P<=L~go0f*gCR2%mS64-hY
zF?)>WmD_^i_>9nK6T4Afc6=stw7d8OYK)4xCWmBK^ifheqvNOL)E0Z=$$)H?EF=0r
zB#=z!r0)4inPIcqdp#8M@>3=X?Bh>xhtAe`5dsL$y{8bMiC=9?vG})b2x8Z|i2xx1
z>6ncgae=`CXKavogHln6t-A+-la0Z{^9s;V%eI`R@pjv|qv1yyl-L<c?>;H8kG(it
zO4}aAq1DH%rD&d8uLvzCo@j`$Y{9~C3Rim+=bfb!$BKh3dj0lD5n0)8HK9K>p})b4
z`}HSXQ%Pnx;h;zA$!U3_NX%vYxnB>7?d$65K#27TB&xSd@NO1g1R;iqc70M((k=K`
z<f~bPya|a||Lf~q{{MIEqaWUX`OncjA%Pk#PL`@xW5B4%a52oC`od)oaJ*;rTeIKQ
z(s(Zm@IN5lEr0UQy9qic{u`(TuO}JkX4?#kxs8|j&&=pX!RX;L%QaOzt=H~J#-U<1
zCgW(dV6W3&{jr#90)Kz-yfIU?xCQ|5sNYqJ)-F;Aflvsb1c2590#}`6YEfUli2YG~
z0KDKx5wSTf%O<*9WmE@rbFdI&04GlF-ra~Q6nAi8e0V9^p&x|Dafw}}Xm#S(Wa5rX
zDqr;@4@ddDKOb*I<?mXpd4hFDV5kU9o<6HA*!2Xs!Gl7~irFZh)t_9=V5AZu1|syl
zua7)c{gD|-G;DGS7!lsS`yfitl^2A683FdF2}Aw%HmfjTjUW?%LJXk4Tl*OeD#*m^
z&cNo=n7{@Ib<8?#;#CK`;VvD{2POxk2fTBpX>XDcG#-4AbDVGQe-Opdvofv^h%pfN
z4FTl%zj61L`%~X_P;K_{8MzW4ACGJie0=Xd<90ze5FtRCT!4NIFt?a?4#2g+us96K
zhb~*D0|@UN8=+_ddh9DSe%ZU20_O;{H4|Vac|WOe<iNF+vqMCq%7n9LIce=>=1bI&
z=DN*k+Cyp+##V*18tA*sQDnG;cGOckfBh#nA1(n!=ZTl^*3Mw7KLCCMfqpk@OZ4Z6
zy9=|m{qtnkJV8nGDme8(wFc|lrk-g5Lm#lIFwianhUgn;2@ztTL2?0<66&j~QH6vm
z%b0}vfh_hIl#kYyhG4EY7xX%v)#c29V3X@Ghz{Qz$l>rA(t#-1yMe215gh$A81$v(
zcmf(_B^WyU^RfCX@0wSJ$fSljrKe0d=LZG;Jng3P_$mqHUCjuB`~%=M-ht`21Zooi
zK@lY*7|w;B8y!$12HhOH2)m7mM}VXODbc#&VZPEhATc6BX4cT#25684knI65FBj=H
z3_OD{VF-L084x`NlJ)zPlzG$FqlKm<l_y)*!JmBR?cE*!<O;~5m>7d{4=GGaC&Ei3
ztXjYw!!~LIhcOa(#X!hQ1dW}+erR`P1#K2eDk?-q984+5sKx;hum`YmVxR9-1Ii<U
z-3SNdg}y0dsiU|6G7VS)o1iL-;BTPG0+`{5$`l~Is7ucgv=qp^!5BU`zhA-UL3mF9
z6_`8XKp!s+gc&y!<Gz#EVZ+_G(z2B^KGUgz2mKh_SvF{>#U*m|f$bubuXyvqg%cio
zrjIeDdoo3K?W%!)6G7)v|DK`{7$MiYq7S3}+A!@68X}0~Ad^N#TQIdax8>9&K|w*2
zfo#+_0GH5YjYK#gupa@Rg#(@kATAL8Jc1TQw3<L(j#CG4SqR+|9tphh+dz_skHi9K
zO>_b#m)aw6^+3s)8Aw<+!6gR62+Z39VErNZs@z5dY64(q#IXdaAJA{`hEN8EtYMuH
zg&lZ=xyJ$^`*0Br<2ElZG1z`^UqK;*0|cc(;2L@7DA1CtROu$3$N2W&UH}0|tq%6D
z4Hfvpc88Q(BaD@^5Mo4w5DbV=up0N?gC)3J#kXEo3p)WE`f6wv2G++0;J3CBNl4(0
zs+J1|y~nyJ^W&){v`yv(78&*7q~o`QGJ4i)YjuuY1>6b`g)4%LomiN7IQjTaG#^2I
zKujrK#B2_@Hr?M}P(|&(03n*(Cj*F1ExhoYme-$ycmD8CCalR7$fg{~)HWD4c&6zp
zMOYA~AOcwcAVI|K0KJw1P=rAbCD0u~@d0I3pq4==-2+gOLC0rkihuGR5etGtkq98s
z2#MsC9Ap?Dn7ni#E`lf$0rm`Hg&vsFpKFWsJVa|nJA)i9BJBp&50Tb`1qFaM8-kz&
zmZ~5ES*fq5E<J^fXf$3SfCzy?)3kxXJjvKTAU2CFCNBU+Bn5UfIH14-tO4z)(6sq5
zK!3xNbe#G?ixR=AhYp-LGB6Gaz!?RsM4sKMGP&!{3&EoWDljVGFCcIuSeJYKS<(Pt
zLqYXG<!q#ITUc^4VKZpgLl!tVm`<k3i<pDF!weUPv~Im>(E3F&x%65ffabsji!Fbr
z56m0~z`i&F10EHS&7ITe|AZtn=N|v&I}fu!5UK&hT7i!c5*F3~97B+A`3gCdmzgdc
zpFuqs6P`b8x5<^2Xjd1w24F94!lfYlUFMFenp&!I!F@pc%)(-|MR9fNr^C)c@D)JF
z0mSHBh_qllFonUsgSgBjX@L?0K4|#`^cl~>HfrqeCjeC(<hFwEdk#oHK#>*}C&TbR
zh!GG1p$dM>140a*BLV9<3@Cp!K&S$N%+%zhM^qGv<QMik?Ck6co$c`UVXPkx7)w<9
zp!2sFZp#ZOP%!E;oB_xY0?z@n2Cz}Y7@It<8xEMBxcbo8xCOIQ1n#l+zEI-6AKlya
zYj{7I_(6H&QdP&d_1kkCu+sn<2Ovp=p$X+W(3Z$^-`m=1S;qOhif;r*|H<5s(7La^
zvID6%aKO23m+;^Qt%3r|h0EwSh>2SOegeMFb$F(D^zs;drD>H36udT9-@r1lz)_2G
z^B1Oq50?zal#6WGkX;to8*mN)yVPoV2I~ror^!wX`&DAk67C?_fC%Lm=tjB44W}h~
z*Uf48`AL225yc$P9cZtYD=CLpM)?#PdbvOLH53;Sn38$rDJPWCAXEZW)WUEPGXzM*
zOZ~&gOJ`<4|AI{B+*Oq0J-2J=^5B_SMe|us;h{Ww<gq_P{wIpPYyLM~T`UcKZ*+>;
zw-LoLU*?M2fSUn4r|x@Z@LB)D7(Bt}1aBwSH3NVuC?Fa8crQI~`PA`D9##lcIk~yH
zXSnAfJKAMfXIua_;#QOe{r&s*OV9Xr4Zh=(k-661SW<U{3jsM|fUZF}*T8$+>X8PN
zcrRVW(GtC1!!UF53uxby&rolj9pILV<&}g~fJsMS)B`UFj!W#FiQR=NSEeC!h~{@C
zej~DEc+UFQ#k;`Rd=IfTR&fy$H2)YoAh=n=bps^u!Fj+C1_JX5z8AvG!Atr8W2rJ^
zw*qge<ulzAU~?gi)9UK#&&(RJvPoitezyn+L}2@(KvOx`Hbj-JO`i=gp*+THQSBgU
zM*xY5PN8$ZdTrDRAUGjNDtHpW%w9i;O?#E*4Ras>jn0XT2UQ4ZaIVSr?b!g6OAQEU
zFu*-v#c3oW-oT!R@46!(AfVuiN2lsD@tUpf_i5oBXY6z#wF*-4wt8`0J$*fjJmn0N
zfgL_L{0+6WG2KaGV|mWO&Imgn5f031{io0obk6ogi{_s-px^+YEij-iYykdqxDCVF
z&Mp}cI!}d#FATiXM6PqdC?b>>z&3&D=Ro`kZ0r>9xBwqKq947nVKG!>E)8Dfhrqyj
z1ds_@oN)EsBqepJ9a48Y)B{a!?25xV5*Y9RA&>_k%?P?kVX$ie9zM!fp>gHP75ELE
za9WALS|i7&zdsz4gj2Uu^*9A^*NeY1NG_w}eT51y824<GK~{JVK(98+4A;HnkXt_u
z8WH}m{cs5<q<b0y_2Qgef1#wyUuWtMdv|G|fG;|!RRL8dO?a22W9(02I_O;J-}^oh
zbeteX@>o_jxP65+(@PwnA~euWn%HH?R@(*`ad1Uh|4)1G9o1CU#*H%LtIUiF<ES9g
zEEJ_GRr)9*1_YEUH7XD~D4~}`$59*+kS;YUO}Y?@p(H9IC4?v~gccP-fB+E!2_b~s
z9i02eUF+7h?)R;`?t0H!L5?IRXYcdur~Q8WdBPX$M{3+H1>L34pc;pzpldw!NEv7$
z0{A<BgW4jXRGy$EESQ8=s<DrtE(vIcBq+TK%>Qkm8h-xyXWz*dZJ;aL>C{7Dy(a_6
z)-p@wCNK(7F);(6r5SJ%x`3fut{~F&^z{cytt3Hxwhy4h8}Pcjfa(JQ1#`eseexO<
zq!FG67vxq^UgrP~E2x?+e^lp{`CXiBO$~ClceWZ7HeIT^)pYY92>%`*?)}^V=_j54
z5u|LJNIVu(_a>Mb95@gyq>wCY334Z^E&BlM_ctgyCTLy_YWsO)pCAD&`!P_QXFwAM
zP%ATyL>+x*6!}vgl41cH8K#Q2x3`_LE&g4E#gZ~Y{53bX_jXVY0mKQbp((-72pCk4
z0!Ca`HiaBGvS_rk>Y|@(b?kVq7nd=hq>&vcmkSEO{Uq2`1PTdtcxiyX%AecR)DuLO
zTtES{-Lw6!-JH3-Zf#-zBxb9T8}8hRD78yy`r*@O_%!}N4Z7RQe)z)|m&-vV89{w`
zQ2GgMxRL_NFA&D;0^6D3L?a(`$~f);=>Hwo^G6%+;|;J)%VOq*Dael9?5Y3q^{e&D
zr&}4yu6qm&cK;yrp5UAPD<Ct4V8e+ws4}Ah8Ww|ENd=&=tUwO{(R~G~S9xSdT3#wj
z1<UMei~T=8m=R#AWsdzD42IeW9wunPk*gb0NGkc^#Xp*P{J&b@ow)%&{y%{@Mu_?!
zgF<Bi67(S-!+fNV+-_Pj{p)@-f3i6`WG*2;@o~&C?WxNTK(*yJ3#NSqxVxac_KdT1
zbT#l88iEFML2K&SwRz3vApYgambTI9=uOeM%r|c~gl&s<M!v;Qe5_9#gObuS^7H?l
zjmyTXZ-3S_fkOAJG4Pv7lJLXNqN8I!13%h$dyOe<iy{Yp^gT1Padm`A755t}J`0jo
zbwS+Z#c5!~0LQ}(Vi9v}o!Y3Ft2@1<oACP|fAoD4HEs#w0*4(a7->*$S@v?gK-HaC
zrCe<ZI}OSpX9{u?;J9qeeETyR*(!_NNZys2+QwYw>U5RGbB%;WrN4n4b2?oKNY<~w
z<K8E=HnyuqE2K)q^*(5IW0|Ff|ABS?SXN+z&FS4R(%)jrF&!m)A{Qrmk_!yrQlh{9
zItvJZqOV%o#N)sI42?HZ_*eh_``9tGC(-VAcW&k1AD2CP!QLqJjq@IoTT1lzjt4O6
z`6f+)-v(0>zD_U2cd&qN`G&uCauge`naX|dEZOu}up#JfqGbfY>poQF4CZjA*@8V)
zdM1P$&<!=#;>5>|kdMC~Ir7V0kaULo5N7`TAOl=0-<6ASk&BC8!I_7w;V*Z^p>yy0
zgIs?R`R(T$gPTwRp7t1Y3489*zQ~G?Suc)SxypLLC<Q2&-U5rs^aR&7mSKIhLUoFt
zOh5;&5F3Km<<Q97ce1WJ2e1JKXyj(9qD)Bg=M55`Iy2L~-QF6_Z;$lle3%ww0Z$6E
zr|I;)B$gL_uu@SuOHCmZdhTm$lP17g3|FGyzz-HWtnBz@?!~SKzsZG%>sR=Qqm@po
zT_E!S;=b1aH%rkD^c_?Hb-r)Pig@Eo*QF+K+52%dUz14Cj!A;5IT9>Pa0mT1Cfk30
zC@fgqOX<va)&y<isFY>GKi~$KBa)`R>t2>44|wlW?{h)vFVH43S-i!BSaH}=Fahyj
zTdz0Vmf>x#eFO!U^NfG&O#JciQuBHS-}d=xt#W)&pO(lz*IVM`lX7*+;MqQ}o6(+Y
z*+roZY&LUx{B-(h*V27P+_fUd$(So#R%~G`O9GgVdp%zDe$e`hzwQy4!wYv9mkyW?
zA7QPO0h*D>-r4?-fja4+e0)M#%hl32dEhx+ZwcJ(-Rt!73ddrfYz{o`u71i$894cy
zF^O-XAn?I_!p5(HI1AJY^}C8gB)cd%RXh@Oe0EBhT+IQE3;x2!$DCc9wt3}&7Fj>4
zGdn>(h237*>taOK@Zo}{3E^LarX)9yugeBp0Z4E}1mBZ^onDs`HAzMidu9H}fqnSp
z@v}zA0W?ddq-o6lnu|jbt0oK8G&I%NJoeXz3OS7@$GBcZc<4tacUM{RzVnY_rWmA3
zWIh**;$oK*Ok(2t!`-Qvx%W)?P^$S1nO2A=HjQe;GFp+KkXtHVz5Sf<B0o{C2f59(
z1|8d%q(Z;nOZv+pEsWk2rgI(1%a31<2Cj6@^!4$^fb2XzCnd0b*b%d^fP)PZVrX-o
zHr+Ok9;XvzBf0}gj5i%D%<8J8owIXJ5CUu3G!fGp2ZABY%*(xKd_UT}^{~@osv!Gb
z#@l|f6_}{12^s}0)^Tg}R{ow2<?YvnHENIaj?sgka+hO|#V%oDvs@A6XhgHn&H=B#
z%04sh$)2qLx`$5tbP|yXiu1`oxNsa2x*B4G58!Q5w@eBK=Qf%AFl*3pIhQB0;jN_H
zB@YS4tT#P5a`ptWeY2vfarS6*bqMYuz01)N#^8x`gCb~Ya*>npkcGVu+-^@{oI@tV
znSE%Y+9yF5<4c8zS@L2tV+wR9i0*)=dzDE?cK`j)LFPh0ErBW1k&x2e-@2R%+!h6h
zf_45gI~%@x+68OFuWtZ{>}1aRgS*2Rc-bPBW}L*b8xPMeKy!#O)HesMdk@+e=g3KD
z`-dePZjR=|M{@MOy*7n&r6Wr#DwMLJ(GJ@y&Gh<y{Q%mq6W^feq=<o*Z2a0C4^W}U
ztt)2kop1@r@{j{4P_MUl??KW)<U`9AmdzcsG0?_ssr1Q1KwUuQxSe(XQshJqx}RfL
zQCXQTSH@d@0xGzj#2K&rZMfB4l%t2P_^RpN8V2?kFtS&mQO)5a9tN@^l3A_GSjF)0
zaPa&I>-@H}kyG(D6%`df?>vj|;i?T1FsipVXZULZ6+?q|TdJ@7J@SUwLZP5xNP<oa
zqDMZf8?>j$z-_JPKD?eK2ObpBkn84woF)J<JD+3>dOa1BPxOLz0CskE>3}VVP-KMD
zgPO}g98C766&y_tpP$gn<5fASwXdySI`3-@16i~2XP{{|e2l?=3UF+1CP7mDpAF!r
z=|1*`)RV!?f-0-bt-b16`X1n-Otm+s0DGb*t6kS7ZB6#fF_5_E?KfEd^xA&<M50O>
zXgZ~<-o6#;9}qx0*RNoe>&1sI<{_t|>`Ya-AmDbt^yCP6ZdAuLBvZjkX|)SY3<6`+
z0Oj_!Ru<udFQb{{tk^gfNBn4Ky_|$WM4*1e+|zZEt8RfoxJ5Llj1URh2A5Y>=1pJ!
zX=mPMy<ZT{1WcA%jWq@3y)%8-M_RX3!(0T+tyM0iAj{60LkOgeHw33wEYud>v<E}D
z@Zu>bGaI6{Tnkb~uMD}1aJ}s}o}q$yYHHE}g$|)W>N2>padVQCNRU;L&<nM9WMDvo
zV{zr-^g8sHBouw11pW||_Un>x0zr9if~*KWhF+5`EE9JQoLi%upagK92LS1zk&)6^
zws-x9Z;7=2Rz?mz3KTX?11(!-sK&MZqzxxdPp=<{uM3g0<$cEAib06r9G>a0`l%yD
zOG<f&h@cK5F$zYG*N-E)xBv|}%mGHI5PSh%o3srDA&4Q=^T$MNynG<mw?JP=J2U{+
zAEyQ3Xl1pqun@{K3F!kjn8!4t)5X7^!sQ6d#+++!9yJW8s*Bkpa^x9meM~E!+rC|$
zy)SUA%C7=@#vmZr-`{_*EjlrJ$_LDMkB{csHlqdST_)W`yd)X?)CU!7Y|dMFw6?^K
z*<{O}A^ONc62%C#fJFy~;qoe}Y?A`y`6BY)P_4zH6zr<8U8yzUe1c4&clJ`@;Vh`J
zrFx_Nh_lbqL@Y^~LpY5ibfg&SL#O{8$i#)cFwj<@=TYiO^d({;XcEKg9bE@)&&sZz
z@){fRqqra9jHUO_Zr#(R#3>IC50ia6_G{jJ|F_CuwX0g&+yLjd7`WsGP#PC~om3O;
zClmWPez`+5!Mi9)=W?D-5U8@Baft?Mpl1bJsuy&bjE}28rjY#mZ5so4y=iut56Jb9
z!_t%B-8aqqv;(Q=oG=jO-~}>U#^?1J)>@?jHi8!=p4FSE-Y%$;8BaCnvy6|Ae<%{K
zZkm8)&)*BEAwaj|yhV&=j=kHrBd8l=Vq-EeNa(CAv45eG-S<zItUy2>PJ_<xWWO%y
zqwWS^`MTYqqTmyCU0&%)y8dA`AQ7R=np>&<XzS#Z4VYW~>~&DE-;dO^Bt=Y;(NrKB
z@#A7ZvqX_C>Q9`FX`9t=mg)pjytr!>J&-W~QVv_wEdfl{IKPL^^WgW!PQV%M^AqLF
zz}S|?;7KKM_wQx<jvAf|X<v^hg0m<2e`b03mv6C#>};L&)OffCb#nIM-yXPy^>~wm
zTZ7Q!HLY6uP97eGU_~~6t`ql&(c49l&KM7AKkcp`85~w)l{Yd!TG!!(bxH%$MGS+&
zaxQg&wK!1k4blc@?qHXHJmc?XdxIW2rwQa|8?Ybr7C)KRe|xMvJ72~xs9&uQM6Wx7
z8lB`o5`X$35|-)U)Pt&RJHa;j{^!)Z$uSV6;`<Gjo`RKJ5IH$5sUEx02PgWp1~v8n
z3T74HC0;-wM{oV3NQ;R_IeGM4!|9(WD_qTca>V$AZ2Z=pLgd%Z8T7NTl@h0!x&+zo
zdVB;i$EP4YH#e7a)EuOjw-J-t(Q9>zs~_`1N-b&qWFJQRKrzH@J8b(wd0vXMKhFbs
zl2#arKrrbC>t~Nv((1ZUK(?yU<7%zNpr$p4P+nF7YF~f$@rbPs0a|_)?U6UT9Lpep
z4(QlbJyDZYUmeP#j~=~Gv%Y^Upd<uG8Uz|_v0+-ok5y8l16tuQyU_jpsM?kjkyCd9
zmfPsdpqGn|KotlK`Em=lP@pn#t2wdDb+HKSWD{n(zjc6?NdlRG#kT2WfgTA3A{<Ah
zfk`)Zf?ig*QcGx9Xc-y?P-zD2a~9RlWqWcldcTm+)@{|H8(DJV?xB8#F`M)Gp{o$i
z<a`+wBsP2Gv)v1SJ*YTaGaeEYwglR5!Y5V~VIBKNh$~$(>F$way=lcO-Md5$Gw2~3
zwC1ssi))mER8YsAdKbEwJvKH5#HWPWww)VLi$4)G4ojJgumTk``t@lxN&QIBIR+$6
zZnT8E>Z=pGG#;ZQjpHtgocsPoDt7TRXId740$13gV})0<18RCc{KLd$e6`Z02v*?C
z-_t4haz#{z-(VRH%a!e>@bAPcDf^_{^!%7i!2Rp-sI@OX=EQ*FxSFAh;J)!wt}|~u
zQ~I061JeP5Gb^}P)b?5#XX!M~FD#z_(=IeGxpil8Be;tNtR-;*DDWP-3Cttt)#i^a
z<Rq9B76{A4oHLh-@Qs-C&d$irrp_Zx(xoG(R6ER{JR^n(3kjWy;LB)fBV)qsr#8J{
z{`9@452e))6uT#`N)1<fCNB=3B`Aq4yi^eqddq(0l|zl`i)Eh10$FTR2fBuMK0zw0
zrKP2|ZF?Y5{Yr|AQT-q&qQrip^`(nChTGNy`Wtix+4aTzMSZ<SW@e^yG&NJ4b@i_7
zQzzqRg=m?hIf|5m+_6mzU%xG`tW>Wqk|y=$ys&1!kkIpAHsBaW_tDDQ!o#s^-3~}>
z4EB};P*IeE%?qLCxPQnq-`+)sz0HXJ2rRIElRmD6IxPhs?<%k1Z6ba2y<zT`tSfqo
zB`AyRcch0_#7w?So-=c0F$cW>H$|;P-<)d*S*zMzQiFXe$$esjOM$5j-H9{Ks<R8Q
zb6^gSAMJz0AD1v_)ETV6k%4G#P)<Hmy^*NibbW+3uaDWPPh<jW%<Q`El-sB&aE?yJ
zq_k=33G?9B{THwvTP@3-cl72^9au*#<wI!%HR-fY8;(uH7Csir&3Pb~ZK$U}YCp5A
z+~JY-B;PIlAY)68@g$$qScraZRary)Np~Oq=~+r#>)*Sn|J<`1;DO@dYfGrOBBJOK
zJx!y2aOL1l-+L+hh3?8KybJtE3G_DO&<gVMwxi>JdvHMw_pRd4Z;oyM5fZxo>|qir
zbCS=v58zL3;0x&(wY1HE5sR;5jiJ1sCTBM|23)H?PhMFco4J{ipF=V!Ox4cvPyOj+
zrN*s+st|2JJPnr4Ev2Oq(ES6d*v~X^KaVW!tiV*1%1GdkJ1AX!V02ej;Ib5@7#Rb|
zpa-l!O;DG*cAcY1)K{cZspZv;NbvaH{uTOpx`@`I1<lr>p5_E5)|<Iz5>|i=TtI}=
zUk9Rl{rxm#xj9Db%NZG2a!$(_FCC2UZ5hck^5%g9E933|f#NOPbE!E8V~bxd<}H~t
zdvO(_*G8#!%fu%?2|a$ur#IiVDm2ss(v|}fd!#~l9biYVJUeq-p#<m`m2)=xb2qCQ
zXZ=HiWadqxu{G_~#$U;Gv=d}sj3XH~+=SWq=Pa{PTw<?d`fA$4Bb!!Qs_GEu`Q|s^
z(|o)CXaW&LG+eT&@oOk^boPU|=qd+nKnK;Y99QBGU}g^|A-xf+leHdMD^zwFjgaCq
z^Kvr#a+*|gbXnZF8hzrvLU==EML98CJsJNSPWGu|S6j|fO^iCj$*~L}a`4-45aT0G
z1-x4RnI)SjWp^YKmCv4=yHcIYT*MHE#nVuHPJ0#d-SbPaFWU_&l;jg|g<MLo)XyPt
z-WPJE*I`A@(M1ZRnZFGZ%9xOlvW|a3Xs^bN`$x+gbL{q1sml@f=j85JJCfnph0W3K
zkJc5%X+~q&_XM}(&QpL9;1sJw&#Ar&q|~!KXu+9rm3QZhOr-e*JcZd#cByx!iO7}g
z^eOAKE4j|uX&q3aG*3Ziv#+Y<!ZI?z77;V`T+3)7NpORPoaKzI?d{ZgL=68S{gO>N
zgqA+lKhI7IJQpz*f6{ilQdgs~Le0nUjD}#8VVmpYoF&{Puim~E^3+!%@rhOQ;1on~
zFAF}Ref;(_YU#KzX(1sKsVpxb)?du&oEL*fd2Jp3LGUTHMBS~n%S^sn$D5Va>OpqH
zVM#=xVUaPtkRRMZl(l)r_V8MNFk_RFY(bQF@gj>@rOQ>Sj2OC)+0WFF6k(O92EQ=g
zT#q(+zLw$hw!1>=&DWRC0p()Rwe|Xv&~xX)*B^uh+kKwfbcN<Uoet*9SvG~FQ9_!p
zk7+3rPVy9Kxin?X>X_xvRSj~^AvswXu>5n*6{$(P#&4p2mWiPaUS&0lE2BM$P5VhE
z-$#lUKcRzi<Hh#zjiUS!(H*bD0v!r9o1rRJc+1drbfz<XB9i&#Gaj}sf0S`Bf{N=Z
zEtVt47O?c9iUthVmxmU&NNhAeCUG`|t8PSOyl%oib+6$Zv%wn3o3j_5P3zDzzzPms
zT#^;s8l3ob(ueC&D66lkj@8u`4tni7)|k(%&xP1Jp`>o}UQeuVeptjrv`S(85}xGP
z=GiSvr1m&4W$Q&+=clXcqtIL7l#<n6;Xydr&U1CPOLKMf4qg$}S?^xUIcECNp2{AN
zu%hW4me6WZ5;r-kFWP2wT2#7yBF<#5&|OB#jXhxLr;M0SS4#3G>cXRA!h&_W0$jCK
zgTj{ac&g1aW5z3uP+P0bc&(G%?S}Y{I<+9B`q=^1RmM9zTj++CNBnY{V%N;lS54+z
z9lnJ0TeV~|s?D1gc>CR#OYA}qchn$X`vg5KAhlHls#BedIEogTdSx0M;~gi0St*K6
zu4eZJg)SEr+3GbaNV{g1VV@eBc=_vGZ}Q$Y^7a2{Q%iWMinnvHLjjAFCW#=cLTv4v
zx*?JKi33Y{GpU|gmUI|uPq`5(7$wbL^@!lnxzXGwD6J=o5dB6qVnIT<O`-xy#^CmS
z5%O)aqu%`Tmv#~`3&(^Y7th<<)RP}qqlw~JlzN4_To+{pvMG{Rm~FkBii!vz-(IFw
zHumT^VY4k!NAvb#e>Y5@dB856?U~NDDH}Nqe-kjx;NELiq|V;Y?(qm{4mgMSP%4cc
zK5VKP;lE^Pf|6Tbe<0OzCn2!uTN%GC!X-Xc<#Wx6u8D0(p|pl}yQ6P`XcwV(FT)B?
zVMFy>YloN7E6s#|+6|~3cbLgFKrI^nyQl*GiLg4#+X`nrso@SZqJ*DgqSrh8fEg@3
zo;HIfyDP3Q=ii)$QNKoRx31lM@pOwvy`xtiNegU=qhDhC4OgisM+Ql)2P4Acl*)!@
zv+lR*KDL9@zpJkvsGo1^YKmwU^BZnZAtIWzyxilD^UVAEdR)VMP7v^`eLmc_cAdZ&
z3yU=Etj(~I>-<zrChNNdCI(e<^p<m4L!e7;Vub4n&(fj(CVT3XNf2eORY?_+yfA#$
zfaNCFHMs(T#d8vQea}v7V`xbby&F6;$<F#X5G?mCiQ|WfPYQzkx}YJSIm({os<8{p
z2+vzO&RB;CC_MENZA?c!;E)Qfq@h91#I<gv(VVrAVO@=9et2txOCYkXxS=;xRZsWS
zOXu~I;6g$h+c`IX2=&;cOX&=nhfAAT)>VLYkMfuOnt1++Go*F{MTiFi>0;d)a<K!`
zt4=t#FaTS|T_B04?Uj*De>{+8IDib5k^TPQTvoB48N?dv6V<d0$+OSM^!oBDC+A$d
z8g5~@?)Yo1)e=uOPWv<v?;IBMdgyJBUJHwQ{L#djWW+(ZSFN?g78x5nUOlFx92T7A
zlW>I)9MFiz30o0vCE9Bl(mrpe4>q)E@nbx1ZLeRN=DjVoCn?JJ7@UN`Xv2KT7qc7s
z@;wjnjlH}0Ir*vSu#)kY=!Bv>gZ`S0Eo$`e5Irs}eG%uu&5vO`YU8Y|Rgu~qIxsNk
z0SzYk3g+uUAMe_5{j#bs)`5P%J~)#aU}<Tb6s&3NDu#|tDAkMVFoQ3&cfj!h)96sr
ztaFX$VAWu?w~kwrcP}2>KL{oh`wI-%)h%CDO1WQ_FGUU&*Tf(FAQ2uN+>K;wbHDxZ
zWV(!`qtEu1R2lcLp?UCby8u;Tl-O9^ZB_dOwG>B(c}r-NDlwis%hAsEPp!zcIp{&J
zeI~)eNNBHv_+d%xA98e31esOw0;pvjCqpA0S6*>Yucc)@rDX}ew0GJTdRd@-lp}((
zbWj9^%8Jv)FWclg6o>m(3S(;rjZNnDY4TuSs$Vn&I9UF)`bn4guY);}@K_@3aLH*^
zNCgeqTDRu`k!2o0p2^$YRlD|J&q#5bT=r6(m-XmNcyN5sg+kzMv)i@L9xNq!Q^Ln-
zvch3pmwO^WMJD`Ekz)@hU1wRpQi2(;z*Wh9>t?et+gVPErFQhkZJXnn^&2P9>Y^J9
z34`b<&i&Pyx2K)q<zmj|0cfqtQ-p$Ao4$9F5gWa<koq{f8#m6oB495VJs}hi<hC@3
zS#Nmuwtq0);5d@PAB^vffL6L&xA;T}BCe-r9XPy*MD4gzr<4)Q_m$6jk!78O<?GE{
zn_qb5jwLUv<O*n^s0h{GftL`!DT%Y1<Fz9ZO-!48`G6$j)!3PbT=L1zRw!_Bn(1Vh
z&Av`D=!<rw{M=;ERnQBks|j8?j_xQ$Ve1|lQv6f9riHY_t$k2n%)f9wMR)wFp=5HE
zT`%qRK4@CsGY86Rw`m$0i>)e_<8%;PO9RIB80ikD<ZMK9(}uHsjY-~;B)1B)7S%B=
zU7Y^$@O9L30*g63He1~Kkk)Z$IH{((Qr+uYHVda;?^I?#d}x)+H7}mEjJ=ywV4I%H
zc@{q07-Xj3phSeCxLR%TGKFJW>iDCUP2KV~$vv-tGY~wivmZtFB|AF5bWhK}O;aqd
z@H5n|swhP?)yeg=7FF1~QZ_cmJA7tGNFQmBtPFI<_JVGQuEi(lYJ(chZTiMVin@iL
zSu1}#>&>!k>c?}J25LG<DESev93|CBN;doRbGJ|W=;%8EWAhzCQG12B78HN{{v{`B
zBJ_M^X$d*(f#YdqNT~zS`!R5S_GbPoCYzJ4)V2a~)U-xaWV`WM%ls{r3ZfSoI%g$I
zSYZMkoOM!n=^TlRTib5fCu5g6-TaKXeH~(Z%`q)8()GlyOZ|N~VH-%=R`9r5juu+2
zT}>iwoNL|v>~teob3=hqU%wcdg!vZ{BZKV<@9Qo+#TOpUi|23OoRTrtJgGqFEwM@J
zA=V<)HDU4LX9I>CwCIr`IpPnkt+-;|&R8arePBGWb41`wJA3ws`B7GJpKBq}kp4-(
zx{1#rw{&oUmj$+|NRcE^o8FVmJ=8~eKKy>Q*qAFU-gtt9VT)3xT>z8j^KsTEdtZO3
zbRKo0Knz9S0BbgM{5akVW)&Y(Xmmywt8rZRNo7B9L`zBXrUIW5If|t_VQKjp8FI9x
zwy4~UY_I7=VVXM80ru_5*qZEFP2q_%Dr}t5yyRr0wZIY!JmOs;N3v`b5J$fWq9Bj#
zeUKD2LjA0*s@NzRL{Ya@dVUf3FfI^Cs8?;Wgbr4pWC+b^QNQxNyhhb)W=4-e%#@?6
zg2ygXe`QPy#jGlA*}Rb4I-R~YH=*KMGXYB`#RYc_kHdh84ecECL_4R9%wsMlwsBfB
zLs=a~@R@2^pO00WDwJ|(1m@k#`GL|Cvi94Nv(At-W~8&BWn)MhsKcMV-Y=U`N|m1n
z{Lk$+wyoa6ND7VKIvO%*1|L*D82Uj$T9VMh^=r;5uU7X;)NAV~3~09DW>GO)<#pus
zT()L3EM5#+d?HVUq6Cbb*7&;9Qlq_KLA$ycYk8Ip72D-KUTn1H=GQx9Yn{$xyF9AS
z%cRzMW)q`RlKcJGN!_ETwdX%o7=l45lm!jSD~D~*T1u!5yi_3;G+gM9yKUbe9c7=~
z%1c*i_f22KSaU&CpJ2Fw>Y;2*K^wrF!h3=(XPU4F(VJujY_@8%A=ojO;24-r2_ebD
z{VIS%;w6t)A$j%(SPOk`Z)MdYtr@CK*GD^qHm<#@s=5M_k&YhG)CWd~z6j5>h$}Jk
zVs|2kK6>_7f!_4uWMOEJr~?({oz93wYfR)tfw7-5@yP@q5fT#nL$eRqn^Q*<f+x=A
z)eb4>vLsN*HZAPUo;IR(?WrC6c_1&Wdk?<J#dms!JB*y^3u(|j3c?SWzXVwbvl4-2
zgL6AWH=EowZ_M;P$+u6h$lU}%LaKvUNMRG)8Ij75PZ7;eYiYSKa=pR~c!@UQLC4ki
z6=aDgSmV!2s<pfZw5_)n<eq`Z@@j@suSNZ4nksnhjg^ao2FFFmEysD@a?w?_LO&iD
z5>M;Vq}SV$V0xadonox-KqMdS1f$PSO+;O7&Tn(bUgJi^fWQ=D<_vLM7!!z`f)#$r
zL0IT&-@ot7$jmARar_{>XBM<p1qS!+2J<u+4LBa>3N#Bi{=9ZjFgM^h<-apj@SB;{
znO!^o_59VZ0z(asL)!l)jPJfw5DWkuSBG}K2K@Ga_hRuO?*c)#yYFj)v<5Mtx3@QR
z<7UDPZ9Iq@zdr!0+Bjs(;f9l7UkpOL1uwj6^Y!O!lcnaenWy(f-JY}Eu3A`H3evq^
zMf-KHkDC6tkLzEs%{Q7>E=kTl>JTYl->|TRZ@ftGY7J`UU>|Bj!AF=0n%2YxBPTpa
zhdwKaARF;060iS6)lKTS`s8?LIX`D_wScz)Vsc(aMuwI?HjurH`O*f5uRA!YG}Qh0
znmDIkahA}wIOsB|k{CXpOWI`N2l)tv2N!PM6rDGy8?aEGZ3);;3u>l-4K-H&=Zpc$
z5IXDZ<FojzZf|(p&YTHRcE1ZW247O#P^IPI;9xQa5HnTRhRc9g2FttY2!NoxU~Kq{
zq`f<D|I)hFt}0MOg2UvZ$%X{1+O@g2R>Z_`JQy9`5;mU?z!Z=xmrF6)1`Htf)Ri0!
zZB8J+ddfAh5W3hL5>wOUZ-MXCn43J0S!a#IDLm2Ani@5T0F7xIp>-O5|I{%*NXyKR
zdVgoWX>EWUh6bwP)`vhMvYMC((xp~_L0AvwgB(+-3Q)x@)|%n>FQxz!fJBUk(-!N-
zgPm_apxU`QWeZ>rB$vA${k2ovr<L+hGVrOXsNShcwwo$w#!Yzo!W0g$-~N@!Jiys8
z6*WF(LJ1yMX<r-2(FnHyt9#fjdU#l3b1HT}sT$qyf|(w1ttTS5G;!`yo|Vp&paVC-
zaeUj*QoY?Cf#ItQAXA_Dk}L~ABzc%}B-LCdUWMcq>khcEh0;y@Xti^UiHt17m<_jW
z!wvXw##^_qH&OhuhlYo#fLzcIXqFj+h{#JtE7Eaa)X|d><6b$zleR_yj+<--$~Cy%
zD8-l+)e+dH6XZg}#xksNBuckrNLvmMSr^ixj=lo0=d3PN)Ct<w{Fc3gLp&a7_v1-n
zb7Z&nq1)LLn!?gifA+V2d0*9FK@7xFbwEPY3BHzU?nPdnl&l%Ak7T%ocT#gSye*o>
zZ_?JLLi6^?=xd4Rv&$CIq(by$B!`*>kSI=gzdm<jZLBR)Nm-e;v4yI^T^re)-;8GP
z*vv1cqCO=KF);9&y(cVdktVf)=fP(sa75P-zGAx$qrg34(x|bq5%X1+R6;7v(`q3B
zG+&S8&dml@@8r#8W8-ut0~6igOO(*HYv!e3M@~|Ws=7L{MBM#Zhp2&EBqcUv#5v@?
zRQTE*=R2J;7+TFZ`okZVeL5q%L^jMGipmxOsXuEj0}ouF)6tj5&FUvY@znQ;YCQ`9
zJS}=igCF2wuWT)R@2DqEp%Ch#h8tHMT}pfqcisX-dtDb~RjLOx$AfX6roLPCtE;PS
zai4eVtvV&pa(oJ{Y6-DEC?1R0m*ar>R&U8n<gp5tG$n)HoY&zy*Gfffq&j;pg~Pkt
zBfZ&^5d>&0w&M86zl)ZF_^#O(1F*zM3b)p9`$IY;?auT^YQ1tzUv=|j;aSfv1qk4}
zXKM1lw{Fq5xvL49L<<Lp@U$6GpTbOu!BX0@qLjW#_EcVuCf^{j+^)--9G=py89ebO
z#IWhG<8|XMnRxqt-e5F_Gcs-m@US{hWq98m#TkJvIGAjpLo{Z`r4<8;B8N+<Ay}%j
zdsY;;^#{v{m(u_rz;hn3?PZXQUoWwz{1TSX^QDrsSDwjuO`>tO9N;fd7TbyHq1+%{
z+EBVpuRwooZf-s#?vv3v=j0Y1UKBqv6-TdLL{ql+o7jM?XSVwt?-7>(!rIg=rW?B%
z8CMiZiSCkS3UHn`(>8tSHbw<<pa;;E9Wp{JOO{#LA&M6;2LKwc9S8gJHWI#(YOec)
z^UYGt(k$8xV1>_B&{vw<_}ju1Uw{k<4$4QiPBks@rcW?H(b6)selzYc-v=<*D%7wO
zBS$1rEf-*jasr+}edlami5YWNkI}YQ5=8YwLqjudd(|z>%*>jm{3|aJ7nr@u6s0Wr
zp5@l1+`7z646naclJFrHFfy!-c#)hQ8^?Z)$rgEtqf4E+SP;cnmlER&Q2U8DE7Nw`
za9ELN9&1caK+nL(d*m#QwK6zP0$jWoFUjr)pmOo&$ZP>8;V_lz+!V{MYFSWnMsTQr
z8k#5|3M8tv%;_T71RZ)N;Mkrc;yy)@d%#psCzxv8ClVV7S?$ffVKw#jp-o89O%@$A
zQh91Nj%3#Tn20z@%J@Ds<e*|nbfOrut<*1F0RY22PbB#JEu6qc`Wk*0C3Kvi3j>IK
zj&b~@!q{z&TSRB3gbCt8npfxH*kaJ-G<xxK0&MRkPT-!g1*6zmD0`A}y9yyfigyPn
zYiegp1Od)RC_U&y;6UV6)ihSYxjp(iZ0^%>;1+QJyO>6w0=$kMTTAs!A3kp;kd~_*
zlnW!|5u2XejK9e`g_-%oa%K~`r3%;zSE8e%fyvN_Ud?zSsjF5ZPif1JSf0=WdseK%
z!`B08fE<w_ny??gNw3aJkU@AAvN>^ka^)p<*3;bw)Y!eSkTwo1*WTWXw?1M8aLj^f
zZTFTifHzyM_Iy9Eze}KtRhy@Dz-BqyENC!BKr$MEMot>?`v&#4oXn}6*&fz_aH4P}
z|Jh!(wl|;uxC>qD`Tlk9RsmqHFnbg`;8av?A>9MYXd5&E8B15eq$?b@nx#(xEheE6
zb-AW}IRtJ9J$1;|&W@SM#>{-%3*hsat<B<eP2cZd0QTiwa@eUi#KtHZ`|&J$Wf)8|
zM)(sbFz7wDHcwd)xOCv4BrsH;tpl_d;Ba}A{IFZBiCCQ8$3iPz@;R^<4NtGdP0dBU
zxY`Z4E1EanzLo3ICe+|9i6(i~%~MM1*tO72)>1Ywa_4HXBf2Nelee%Qrv<+XhF%!W
z!dxlP4=*GoA2m_}<8`JgD%0B86aaVwd@+F>Rg|<k0Vg7-zYk&T%BtE&T*#sHrK5$;
z?geYHymi4V5Ys6J-*W4Tn}{8Kol?KtVqyizK0biDku{%HlI>D)lcKjXlDo3?jBx2T
z*Wgyw%9?r$>vPMam$)IBSy?cmQ3U=@mrQ|TVVn}UwdSvG#KOuFV33oR?XF!*z3^Mk
zw)5o}>M&`Q<r+eJh;+;D1UUWYM&M^yWcL@~(%Aw4*B0uOt*nmI3UX-<4hsh0tAJ-O
ziICY?ejax&@OrY|X17Yyb<!nL&6`^(4FMGF=ekw~&k1zK%{Yk+|KJnb$|F@&)@Y2^
z>E-ALxd0xA0G`&>_W-E<GCnMCX%pb7auBZBI5A=wFF=t6mMK9h?ncoxAdmHQiWj0H
zh4=T4hwy32j33VF>(}uintf?AAxNAtK7vtrU&Qd3D{Jb6fPLieZ?a!Mpc(@c?03kI
z8tB=NCISx+z6!zhE15X!k@(EgHXdtSKyqPCc(VI)wUtE;zh7N-p5t`L5_<tl!eP0M
zH!^XD<Sw9Y0XZfwV!D>2fo=q(r2gw)7@7cQ%8y&{!z`vH!fDdYvtVs!p0+D1rTJIF
zNbV8+-r3Nc06<WYg8)Yl5&h{nhWb%*wfjDs_AxIQ)YeDlQ?uN4B!k}|{Bc^-%b*8&
zp8)N*vo<~*P}>MwMt&cRbVs&_4+accg#uY73g{@r6#^i2HBZF2_8ZZv8bG&g{yfD*
zHLtllVmv4v*rVg?;Yn;mNewSw;LT<w_M51)C%Cm4S((&X*I=u7-ePQ#K;i|I0loPT
z(`W%pV5JLn1w2nQy~dyntYZQ9rGT!Hxg%LZCUTU3GnEw;y%0rIZeB>cYJybQjflx`
zntevL&!^|_^uBc$F$eJRwt!@F8?a5{Mf4UQ1vYv!7F*dKdK+(dX;hXfh#GBOPB!^U
zk}$b>p`+3CAvU`J_#}WaV9w%qV&`A`CbaS2arNl=Ce+VeGW`Cja-woAtTLz>e;`3N
z%T&bp6xb=(ZLn+4%$E)k8wxflJ4*^YmWWBuTB$puFUWA><Y4j36E=n%FA;-puO{HM
zAoL`+X`BK0YVG;cDMku7&ib!CKInPY7)@M4E9!e(5(Ci3`k%iu-3dYjR^EWIM)Y=a
z%K=tszMV6hR8yc6A7g!PekMO+p@*|nUN-YU9NI@{p3o=7QlbV4(HI+4e$>_-z4Z)=
z7uYw!A@M|K82mTK0al(z4EcR${%(9#a)x1K9y~DmMaVdO3Cho(f|H@Y->ohC-(ck6
zy?15bFv52dW8h@t#ex56VcGwyG2VYK_WwLC{_mXqch3H2<X`?PXaAM6{{uP8R9^%h
z{@avmAZN+O>Yb$-Yv?nQb8|M|znA&UPfn9dRJBbt)m?rzt;@)0BH+a~Gy#f)7a%7T
z=+W%6cK%`;JY*k;1|7r#3N;Z^+T*oNmvghSRThtf3&#Zra*J`o{m4K;vN+5?v%a?a
zsn>_%-2C-V-G-V`7KOa<l-=7;mH@`!SvE5B5E_B^Pt=8eVe_vkLxN+2E(mb_{3b#b
zNPW^C7@Yw2GDMK3yt_Nl-@$!*Wgx0<(G`I0fbf!)u&t?Q0<B*9xs_1>NG@-?bLL~m
zES#}+gS#Urw^r#>1pptF%Qi96QDiM=tlFZ1slCe&V(nb6s-@{Ez&KSGZ*KYSJE9H0
zH^m^>z=};PL%|p5FZdL!zI(GUL{eW&1!g)f_Q$xcsJY%=z}`P*_nk;{RbFXOOtuC&
zQxgFfzzDDcOiuidPObiUenL>92H<XuzqA@?gZROQ#We231PS<HD}w>ztWS>}<Bvyk
zczys94Q_&4^;!&+her!?#{?zpIL^7MrkZ$M7m*>Lj7^gK*#*XQr1OiXac64uQCIRa
zCD03lZ7;O|ho(5TtJKfMqyBXQJIS6T7W#F%2;DWdG*ARbKQNL4&I{@!$PvHgKT@E|
zW8&EIXkyFKV7;GTuZ1PpH_#2(L#2+xv{I*!G*QvyzO{wT2S!6L?OdUNe<4b&l(j}J
zx%q(%<;xw+OjH)_)@zAtJ!a?b+D)jn?gm&`ybo~$svBo(#o}^>qnYVBIcF=40cR&8
zGo#qq4C1&rphDu;yE-~oao)?!l63wh9_7`J>d&{mHV5$oKUR>u-jKb+5=o>zPtu>6
zFuz3YM;z3I`C9>M0N$oWhuBov)N@=i{4!BK&j*iBD7|`pv`Ez&0OUEsDgIKO3Vp8#
zyFzUGWo3@!6!2FO%X+uSS{&Je&NW=s)0unC3e;!gCXnL~@&&w=mJ4(N<>yyTf96<%
zW+-4JI`g;AV^;a&t;~&Ay|F3N6z8;_!lz#KyCBEz3H@dE)b`JdhkkoJka)ty(qUp@
zz;^fH&-C6URi}yRzZz>AlzwqMpnUB4?e@DTP8_<R^B1JsVx&i-M}?hI{O+dm^<xS&
z=5}I!biW?aFag;g2gOk|i?VCD&h|bwg5dY9#KoQbf7nlFUpNv9ey_wZ4*Px1txulT
zP6}Q!8GY%{>c9ReLEa*%=|EQaiAr+uqdya?vP|z?zxdP)-PPr513_oSyH|h96)U+o
z4uafE8SZ0MbjoP0aYP>WO&R4tCgP->X&CohD-7%M{LLAUOhE#n=&LIDDKz)<9=ZSY
zdZig}HL;#~DoLw3=#O?Sb}7k^L6=!#x#yS&uJwxvnc6Araq6?6v#PN4sWxNk6C$7l
z3;jtuxdTqL+})*J9U9%1tF2@qin#uAcI4oAS)gz2F)P^-)9n1iHQ+{a-93VO%SnGZ
zl#ESaDI-(ndz5ek<%uXlChfI~&%2?ElV|i@czk$vh2*40PVoz)`(Y%ry4-VT+#C}d
z)G9qvYEKXHXZ5YSoETzlY1r+WYoCuhl1;btlW9)p8rSGYt4BSm-Gy^!)-QLY-PiKD
zP^GYcAG_S18B+rOcWq)bw4HBNEoI$2a4WC{Vc$@S8Z^E06=B}qJU%^4&#Me$$C|}N
zS^O1jL{Tf!{(Hh>^wn@HeeJ_xh()6;u7&YkMYXKW*|K@qx07{rNzE@!F6r{GBNM;Y
z<(@fqC5v^iNla_54B0&}!qr%_x>>Zn!L~h2YEU|9{3qKcnN(u>-r(c*;K*Nlj2fHV
z0?-RXU)FqY+di+6mMDQHKeBy9m^d5k?$|C?tvXmLm9SN<U?p>?M(^OQaK~Gu@c_YO
zZ`5g^-X0M=vI3Q|D(Bk3ilO{p?`(c6M6^u*b!5LqV5Po6;pzJw+GmWf!m|&TGkC3G
zoWy90Mq%G2#$cw5<S~c~w*3;2gbXRFq}+cvdD_uepJA1Jue!rs|J1FDd_6LmQ<LGF
zr$*=-F7^pM{KaP^m+Y5&wykU4^{!eV|DBlodMMVBQ8Sq4eERXerm(oC<E<WyIENDQ
zv}Ysz-M!7NWyEj$8|EHouQr}0>fW8WHdM?M_of#WG`gJ8K96i|O!>$b9c(+?*)mJy
z&gdI11vdKzVGwLqWK1|LWKw@5>Sm5y(5P$ejXdXr!Vghv7}QpgHFEq~QLExdf41qa
zb#i`~v#Nqs>}lxu-n`@^NXF`|c;`>AQjmG2`y)&6lv@Lt>NI*S)RFTfHqy26qiXMn
z4|(0?oGOIDFHPyU_+>~sM10{d#d?GHblQm1+&5Y%)knu~eNn3&?pYy_s%bHAdh0@#
zEEZsNz@}UkFpY%5e)538vkv?D+(|Fp_s^#-$eoy&7#r=zm<;#XA@ERDDIV1}>>=)d
z6jQ2|QoAaX;|Y%gT(ns$?PCb!!(csimq<0$fyYbQEwQ)qFO@wwg&QE>3ASj!ZFcRR
zdnal+!-_h5(0{lWRI6a{Ukx_aioYr^QN7r@$Z=~2<?Lk&)1GHiMtZ**)-5zI``Xo*
zBAOBLAMR8-$G|SB136^rZPQb)0kID2qV!zbj$wba-ya>8;;~hAfmW7av9zR9<~2LF
zSa{DxL)q-k&7ff~aoFE}v)z}qn`2UZHAla(7XH!pjtP#(cx*e=tI0^MsP7tCu4w2l
zIfg{r43GTN;$7w5oRT=d(Hfb7bKELT*<(`gN~}>P(Mj@=akH6W=W)Li@(xk3BRcU>
zvC#e8TBDc%%gh>y1M(21ir~+TDYc=$f4UjNF16=0I{o3Hb?l1nlYbm9yutM;_(8oB
zWn7~FB&9sIopor}Uq*X-AbH;&7$(IUx>5|EzW5}RD0miIvA+ny@Vjd7zpkBvn?BIc
zwZEM9?S0kJbg>E`_v?x1lVKfmzLV&-%PF;L^mAQHsbC%L=Hz&5K&pdlkGdKvRl~y@
zO2=J3Jzt_|FJv)auFuZim;O37d2rg^ezHO|V(9Xc$!x+{-zEc>9r3q!+R(Svg{i}4
zy|Ifb-XDbL@PB>OY&~OgqG<E)xpd0<x?f4ur>`Sv)ebF@(RHgz`I{Z;e;EAyM<Q9S
zxvO$dnR#%n*V$$V7Eeq5O%V?zSH0EbC@dYU+M-&1QiWS~9CF^guY<a>P~PYr<K_KN
z)>KACqA)7X+adB6I(LTE&{$^Z?1+ZcuzY6xkeA+V!}imqi>n4;s5*uDM>jO|KUAca
zzZ-Li^IfFriDV8p`@b79<%@66Pt2IUSO8*Q5qx|8UeAiL=U-cdTqEO4b{fovqF0b2
z?!){wHt>Xmz9hcg2mYCRX+d{$X{mOxY<5sq7^>i73?V7*S+5)n0vcP3m%2DN+wV8t
zc6qru8dUFcr6MRyxoo2R&6!FIe^-MVZ6D{<ku77ZleT{~>fz3}pWtbGUN45>Tu0BA
zhH$mTtS#;B=&A4SkJE=o8?KrP!xYlJ(7EwHqyPQ|J!}2QAv6Pr;Pe{1XB;T~XIF<D
zBo?0=P8&GkovBq>K3oJ8!F=6M`g6B?c<u62b_2zajwOEU;Mw@f<j|Gv$)750U}b(`
zvhOq2Mump8TOF=3Y%SJS*k=qTOhmK-`s*(&slqET!$rU6IrF~#>|i@SAd|`qF#4;?
z_~vA(TSD52t;_@Bw<nlQhqSthw+5_2mQ22(TVN@MGPNQ@4KnL)V0wfU6Mjt7o?g0p
zONd!rjj^sRO+h#y5`y0B+&#y{%x^~d6sScjIysjREFOIyq?*S1Udas!cpF5~R>Hk6
z&+8g(^oHJ7Ggfx9&NfHEh9jS>R8(IG!ebv6HMwt{Aik*Hz29es8)23$@@qDJX}H3@
zQTiUa&uQ;WXzcn}c#nRW(^DY7E*P{U8wahL`^0caEAUe8Jk*L)l5~q%O1ytG?a-?;
z_nQ|bDJJ$mIi?pnLu+)??7WQMt*^zD1Z?N4=M7iMqiw??Y@bV6rx=f3D-t$7_x$fi
z2lt*4MIuT)rA)^BZr&5)EgpG6BMLwC`}6&ZsqW6;AO0Bp&sR#DB9M8Z(p^#q#e7pc
zy=<-0UDLE~{`t(s-GdNadzm}NRv1UVHp`Jz((;TdCSsCd%{pENT3F<(3qfM;I&v2%
zhjdOiZ(WtdEY>$6)h8XRrOm9~_uOe|TeVni@JV_wth!nM{JgWMsC`VJ>)e5vkdeld
zMFQJT5tDV9{%Pf2g<oi8LycM8P5!2KaPOC2CJ~4yrP!y6>5$FA+87j8ePs8C1g_uq
zOcVi$yPhumfW81fnWEP;yp-89H1hZk(jhV8koIZr=kp8WQ}4AtQL3DaiW(Ivtua(p
z6JKM`feY*JX@|#L$Evow$~Cyos2i$N*UO!YUV4jC*8v4g=v;v{qRUe-Ej|;~o}Ozf
zA%kn5GX7)sK#J25E!%2k2`f3(JW;OQN|%H5JJzbe(tqZ~;jeFvv3oX+Ym0qInUy}p
zI5m^9giGxGpC|E&YdlpHu&7QY9VH26a<9yvhIHC`y>__vZtFSHFwvwoqcd<|<H=Qs
z?Q@hfEWM{pyHpM{;gLDak!kh1{bupF<0L0I)k0Jf<uF#Y^Z*-lW}G$f8);m(6nH8A
zliz0%+EOJ-pDqXM5o@l+U(n(fTmU1wGqk=D<y75|2y50LH7^}JGPM0f1Stb_q|$=B
zNt7CxheP7CWzouyhrh9cLN<f0rCW?MbahniKOYyHY<+n>Aq3~>!5HXabPJ5*m+MhQ
zyTQLLcl-8J7bHCgfm77tneSeUxN}t!F6|$<GS}8{b<((B4QNG6P3F+20kQv7O}Q(l
z=w7Sc(s$Nv$3VTqt1TMG*VfhwEfVWa*S?>JrwF{Z`9l464RkYB#rM-}9EJ7RVZWMH
zoW8jvjWy`R_V(STJkErEetEO!e6ER}M;`NN7^vqMD!q-z-W$@5ZD@RcEsH@-1s`h1
zVk|6i6$9UAZn!`DJd%7C=+3i#$6LOY#HqH*JMeDpnz<dL1(voBRX;;4_SNbsrO^t}
z;HApFg?%I6O%^}j&z5`TRE*P^J-61^5}ITsI{cVYyxG?&H^2JAXeMyoe*~28smp2n
zZUQh6qn_>L$&0`_r!QY2c@t^#O}Ik~shObZ+2E;?uHCO*wU{BvE+zRIWqaiR6K4Os
z^KWPE6Y|%c)TYWxbjwa@kCkr1QfAwniV2+ky^ln<&ch*3z7GyMv4$FJ51;a$vNqDu
zz6LpfaA~Y`R1c~edb9R>e3*G|%%x3w`Mi-fJ&894Oq{v8)zu4cP{xz4wPuz0uyu^l
zTHh0ovZxY)_<ElB;kZB2!#`fz<Vz1Vpf1kU0|PpJq;*Th)*54HQ*(L{imS2>=Dhg5
z>dTG9OWS8HMcwkB6K9JnJ5_@wNzXY9*-x@%@-pi(iMo#d@9&-gUJ!hU$j;IUSez!e
zEXB1JzIj=8;(pZ_bogZ_%E`Yc>;6L#yqupoC=90Bx2gw2=MJ0nmnxRAhx$^l{Z=P!
zF*x-`&3UiM>A|&5?$83O0-0}xla*D@LqQA@^WtkX&z-)Cn#`=B>Dc>jbA@Maw*c+^
zyi46?py9=VdMQuOno44l{au_h3EN^rsP-^IhSwgP>Zok3bGhOY0k6PzN6uBNI=Iv~
zT9kxWKNhL;_ws)vcExJQOyZ_7(YL4Skm^>keYO!wF~uBA{3mzu&R&@I>Dq4zjb0hW
z%Kh^%rhs$hAB0(U_9zDS-86Rhd?%DO@Z@HK%ccG!GUfKIRyNhDBw$9I+|jNQbwB0m
zp0*}EITsNC5zM+`SH?gys*d9O(--rZ67j-8GjWem@}SV&;1@4nUO0UC@X<3j-b&yi
zOFHDa?gsrE@vW7+?GA=hir?5pw1efizU(yI>w0D`!+r4872S|@P57&ul_P>HhsiGP
zII4o*g@jChgk?Lw-+gi5Uyc|!efw$0h1&Up&<)@J{7WbU=V!Ej7SMoy97m4c`xli3
z=lha&48V`SJiN3Ms{T0n-}{=fd*mUq=A5xg+1KjM4@^#Tw6nS3-IKrUT=Mo~a+QMo
z`gg{nUzp^s>0LJS>xco(%b6nCp}hrVYb}@3F<7_q&pJ8Lm0+Wh(5L;^4PphJ%Ab)3
zkKXvaUi5Np)Vu^lngvD$YWTpkkHrt>(%yXq9~?|r|1?PN)#i|;j0}ph_b3*Q{aG`v
z2|-S}l$e_+eU4B6=3SEihu~7Wf9{MSe-C@x&;xiEF0U)>V=Zzo21k6mlJ>`mEx{Uq
zrKISovNygrVO<(ZuaK~g&+A)8218SpL8J^8?ShSFY(VdqNBxB&;EF=|f9%ZUTfZCV
z+_2&Am)*4u>(OO@6+PP5<oj;uKdR4iKauTrK>Mv<J_X4LKC*NCU(V*vyZ*;NwEzEq
z%}9TtV34=<N0%bVORWAvf#DJ)KVI$V!JU);vz5XZ&CKZT2s`;$QSerXnf1k*3pf7y
FUjUy=NUi_?

literal 103126
zcmeFZ1yEg2vo8ukgG+FS07-D$IE3H{l0bsHyKLOuWe0Z%frKOwJh;0P+}&;CY@D}<
z{J-y<cdOnzukL+S_tsgdRcrQIGd(js-96pE9uoFiK^hZ{6b%jz4pUY}LJ1BI2>}ic
z!3Gr>c=PdwY880=G**)}k(GT0hYI`vYQiJJ!2=}(B%t`GYy&iU0FM9%Jm7+X8xJVo
z*SWt*;gNnlBY`s6pK?4<e)6Zz1E9<S{{RjXc%}n4Cs2L_Jih_AdC2d+8i4Zsh5GBC
z3{bkK{P!s>EB~6Bla+&=m5UE(&(6s$z`-HF&P&b7CBV)nz`+I7hX3%d5#3Ybg@o+_
zR07S##b3*ci&NWyZB5LrjN#y1)4gJZWm=z;x9f`Leq_NS#I^5wow56oHu?ve<QE)^
zAQcKZ)*F8YOxf^=oJ9@01H+Q-#pQzhfP89HZ(lw^zNa-ZVRx_4SPX>tpq;fIkXjet
zMs?$FByw=yOh{7RDs`=?2K{8Z#BIUx50&W~-H_nG96WTwrqbPC7V5p4&7%AGNDlcN
zaT#$0Gr~2%)nsIte;;33U0o@3FpLqShWe0h!Z>MxFNyr@xbI6$e;>YdSdbD?uXbNg
z@Jk_ia^<&CM>qUQ1OuAsV-^`d_Pce7S<RSwwetAG9}$)y;yy4MeIrIdxLj_Lo80x&
zd$?6}`CJm*z52~J#t@$8%X@OsbE<3TIJ1I$jqK9npT`C>REE#Zh|GAbuC694G#Q^S
zl2i=~+-l$_-#o4#8ZwY>Y698W&kd~#FM?5sy@%<=!MSkqJ|(DiSwp;Qe$AR6Z2R}V
z*F#27s9$M+vh@uR*Q=A5+M(Qs?m_n!xb|+n;g}7;;n?0|p@0m!n!i<ZRFjtzFtoL1
z)i<&=FlKeNw!2?2I3ZD2JAFe-V@GNOV^eb*VcPxLMp|lfBVk%q9(i_oJ8@$(a~XHA
zv9i0uTSIqCLw+M#Q4usDR{?;4wXvf<wX3z2je~%zFzqk80zmoxH5)DUuPTm~!nA6D
z9Esb4jj6d=xmnp+Bwfv&IcY`EsD;2rCIU(lQh!JQzl3Sc93AZh*w|cLTv%PWSZ%?k
zY#jXj{A}!;Y@D1dKn)fLHycNNR~8!wx_c78X-F757=q319L;TQsPAd&8`wHI3e(a8
z->LtO&)QC2{vYx-4u7}+@Po}&-;Rxgm7UGnn(g0PI5<i=14RA|=zrM4;jNpUF`JUH
zgRK+T&{)#h*v66W-$@u5{?p#h32gOiI!1<U##YAGKvf5zSC0SC<-NxJ)8d{5rsmdm
zzghvz{tq=B%}xHrtp6~!`!Bzy^X~%zn*T%hKh*v^_g|HPTJrJ&61Ij;_rsHw5T?EF
zU%<%L(A-GiSCPZekeiE}-GqgYgP)Uyo1LAVMc;s%orQ;wou7w;1H{A5&HHbpWNjQA
z^=%A|?@0l~S<L}DoCXGloP6wtEIc3+E*5T14r3O5eO`VR5W9g97Z<NFw;?~*zmZS`
zn*&m*Z}sn^x+i4>kmBVv;s<)>W#QrF1hH_N@bR<gbMSGnfVen~4Gg$=`T03Ge~~gW
z6p*q7Tk8YMX>P4=YRqP5WBTjEJ;MdWUdsy8a<a1j>&<H`eMb|ZfiSI{xs8+SzdpP*
zw>DOG)W7E@2QL=~I|nZ(KNk--Q2IUQU-VRr!47~V-qZYLJAXC5UlsviG5}-s@8uLA
z@asJ=7XfjwvA&}%_^qw2l`!o;R`;LJ@_;%S={xF6=sOw%ME|kFZ~xk1CU(Fq{~rE5
zIeA+na}&4!r`q?*LoEc<2bNsM+yUs{?boZ{8l`M(|NGbPpH}9-REe7Umr@Am8~&bx
zgTAw|(XVj=w0?gwG}E^+H3qE5A94Nr-u!<c3Wi1;z?vBWOJ~f<4Xhu#J_|nwH!q7J
zhcS-<C$EtakD<wbr0!sA;^?9eHWo7l_z3U{5YJyb6!nu|3-$Cr)^;&7zF!4^VJsXR
zEbP4hnPF^yCd_tkGycw4i0%Kz6QN%f{>{h$?S8)lj2B=F+5Rzxe|UCpcK#P$f7arE
zVGjW5|L)|!#NYpB*MGC?zr=z6Qsw`auK#A&e~APCrON*;UH{YAh4!y-%Gd_*f?R-L
zNvDqWK6pnqcqJ_XcX$8qLw#Nx@aCbNjJg9H96J8}4G))^P7J(6ag>#pMA<|~Aw<Ol
zqu{@XgQJF%l@NRDI=wsRq4w_G^4%efUu!_@C*9{KPl%)66Z2^#8|!fyB*7nRDserW
zTK&XO&RlB&GBGw+HsNLC3FGk^+P6hZlS{UE-TC@eyJKM8b2_AFFX%t|Z!}e3-#(8f
zZx&4L*f<puS)RWts6U$~$~?CJUXPI>-~^_j{d+aKO7ZxG{<&m!KCr)*_;ckZye59~
zx7zT_Cm4@#|6JzukC4OvwkgM(xA0ds<tBZIg(b4(j2zH>Q`Wm?;XDVOt4%Aw|J#N?
z=@D{f@Xwz=mC+CsgNDp<b8{u4p8X}i5f%I}>m$f|x?Bwh6$cN`KPxMXRORnT2FQZ^
z@}6*Wm$&!sPXEaNPai&rhhQNhBUiXqQwTcedR?7a=>5|v+sQyv96K?F<Iec^Zg6cS
zwqWg9#~OGkD&jy}lS6=laz<^YJg0D<nw^wm((>W?_6WloA__{G&z(0<`QI6)I{-tb
z<>N~R#>cJRK({-wyGx4n97UI|FuM8V`qBYnU7_uO?ne=Dus4JbXV_0OZKb|f64h=%
z^W;frcsLqQ#XqE!Nf|sJczb&X1_pAg>sVub;L8<Rw6qlNYS2M=vYQq9LtYRDx~e(R
zQ!UD$A|(zkSqCJ?J1w$zVm7z#{d=6cdPr7pa8OXjAqV$F{-Gx)F$O>ihk|0xO0#0s
zo3(ls&;4XmEKebWJw<NAN|!J~k~ic}?^^M{);>cX9swD{YzXbUW+l|$Jl(iAk>{cJ
z_V)I<@;vMKtsM@+&y^$M+Z_V9CTSWK_q6m=QK}PzVaTc9=pr1^yN=5&+k--e_M&O+
z%zl&B-rk6s8i90$yv~Mn1xASIEuYJ*J&LN9JrX=T{96?jPW=|dv)!qclD+f86%uYU
z9IOxoDk>@rWQ58&XEHkJXrswuedylx^);X4CXQ52Olt_XvZ`uGvtE-;rLv}GF9Nnu
z)A69FVrMi3e6hxNxpck~**Um*&trLj1}H5G0R@X4SQl80ervG(oYRCpC`~w;U@<St
zo0f?wqCbtdc0xXx9p1;s$J5huvdk2FzwUV8X-3YMFHe?NR?HU~gc}+fD0i?Zg}O?O
zd(ZcM?mULU!^6YHQ&v@4tQMA*-CbRL(25CdmkdE8CxHxRow}-Ska#c#4LkdLKq86(
zS-~RbYwAg0I&J$ScrjUH>X`W6i+(7{?D{VvR5nj1bT^`S=g+6eOlGU>ffZW>yP15t
zyS_!aXSnaJwqVJv436t7LB>X`g9mkRRrLthdmkdcgAkaoNQkHB#ZpEh$U{UMkHJ5u
zdS$h>DF6|IJHNbK23M!<78!O%1DrMhrIk!sonKrmt*xz<^v}60^#9BjpKDGZ*;-u+
zp+at2SXijXPV1Mlwq}va!Oa^9tE}V&=uBFH<QU>=XXVpCG3n_T&ug9cWL~{897yM<
zydoF%7P`H?Jtc~%<h{7Kcz$EVgwG)NK{-!BetJ}oT@TQDG_+-C?LGq|V+bHf)jLz!
z;wW(b{{9N?-f|51!1_Ms<D0DS+j2BuC!W2tnW<o*lZvDk70vqeDhXshgIw=^+F}K&
z72Vm`kZ$z8nJhO~E}OXmX1202vU~A>SitcKU=^Cz!1m_{`oIdFFGsMQl>fu$jNpe<
zo!TyQV@4_cHXA8-@edaFt#dbHp>XFU`byG+-QpNcCj-(+1XRv?aOtdSuji0!=b*S+
z@cm~E0hiCQqJzybg?HhgRV!Hcw~M+$UL28*tKagn0Sxrx#}9xxFpzU?{p~7Q6r~R@
z^W8x!HoxQM`>W##Er%%SDk40*mIPIuu->&6ld=*(6bM<hLZ_@udg7n<Bl}^V+Fl<6
zYd`qCavseW0#PiR;qe$EjhgkjyP*`*6TiWx5{YbGI^a9&>XHHak6uZfX!P+ZP|5Es
z74f<xckxK-m6Vsq1f}(_Xg&8*obvUBi<F|%(a|A}lDfSZ^l=}R{bM9oH$Fa;Nae5`
zX9gBix`-{Qw|!;?R+{&j(03C$rzY*?%TpK-@WD`Hc*_x7ofIJ9gD^Fw<7pURBr3ST
zU;p&Wu}R!qlK1?Nyti3BJv}A?EonA2VYSd2^pMsiC;{wpr>IQ76&VJ?gx3{sI)gRd
zWl(vaH`g}+!gmcYCAr_k`*Mr%0RqC;f`U~*_}1n<_S+{Wh}hWJC_N9vGTpbI!U2LJ
zvg=%1tAI|(45xRpIdp!0zUU}0SC6gwU86l1lk5o_Tb^Q;h?d9R4=wktPtUzxS6Ylc
zgIs2WzsZquliOZ)6qqVE#|MzZ(ed$0b2&K--UZLHTJ0LA9jUw98{ui>d)ZWDPGs2I
z+22<*Gkfys(<k|}1)S9yEmp|;BHc#sz>tvIyFEL;uI}#ani>t>gum7iXW$uz=Smc>
zTBElYpt2j@rh2bm;~X9y$_M)-zSDGb@VN1~tU*qm+|(5%kqWJh@OU5`kQ;1=wb=d2
zqWkM%&Nz}TIT&YYKd9e$(KZBObEE=~EgG6v{k#BBE$HIc!^_D@H3qq4-)23#JGZ4E
zBDMNyhl*vxUacP%1jfe3jMgDMmg9E75QghLT!3|Myc{dqoT+33EU6=Oc1k-7u-Hm!
zYBGRz2euXP{{F#IYaO5vl+7!br#tG6-ok(}G&(<6>Pz7Y0X9N-*K!wa?YToXHQRj#
z@c<%bwWj%c58;a5!NI(Wit!b%FrdB_9&$%}JB7>n0ndcih!ydqYqGO=QBN;hV|u2r
zM@_(MK$50^SOTj$sx0+K*jR~8=eQ1Dq#oqZ*WF(3K-u$XHtqSyujze=LiSGKb+2re
zc0Y@pq~fi%!DQyge<~NyXo0J>9GjXqD?sa1?1uq!P45)QJTOhX!K4?`QEc7T(O6v8
zoAMJMDk>6FQ%Pa9TcrLKl)~=p#yyV!JFk$3UpuGZ?(QB(U7U@D8O@7v;X3cSf~n(u
zVGOH9-LHq~Ksd><P;47-KyVKqKBR0mw6Q6a#+jT1hOS=g{JpbudRhbadJg{-kDSl$
zLucbek?z7{RI6gcPOSUwDYJcYVj>CPPMOn=$_J6ro#9UrwNb#P5ISb@2@okha;ygr
z9vr}6w!>vbOIqC5bKf<2Kj!4j?d&-VYF1e3!=Q8SEq_F*3rVsykgR$=)pB#HjM29f
z=Vy_RP*?1}&w~$&d1qFKn23wdM2Q;F?ErBW_HXL&f$OOF5u?7>i;ablMRl^wONau`
zD#*5bZ2TUkFK|gLG=Bm3S94|8ATv}3cn0~@z>zJ-MijgLR36Xk!%jwFk=nU|D*Kh$
z?3t3*52k&|OC>khqSsAHy56!{TIte|N@OP0!c{<8-~xk#-Q%5}othUcQFuI$gB|b?
z5)uZtE;Y^6-VWa!^|C3dK>=B+UQ5)Ry=%BW>YdYHTx<>yo_0N6?<W^<?5dwN<L1<B
zf>S9_8_LxJlpBV#YlzSTNO;CDM#n$?Tv|($)MteZv_-5V(w0n9kQcUZ($Mox=+cQO
z=R|valg9QoITSWZQ6!x<wYXeTF~-cdiOxzS5|UBic&_i%oE~8ExjY|m)v6iO`6^Hr
z=##Yk=WJ|;#fz8rgY|YLNP8kfL;1dgQbc`3hK7cc<rrM%cAW(Qe*jzLyeTIdGdd%3
z#gRf#6KrTbQ-QP{&<}VikT8YR5m(xTV27DS)yB(&D^p-E$i$tp__4gP5z@Q%QM1wp
zs^g0pEj-wHJ2Nq%${Y9BIJ^gpLu7Qc$#AYLi$=C-rd#mGj~}x>alCx>3UDFnJ74Pt
zG(R^Z)4f$z7jMiIJ^-cIk#4tUA`A$m4+v<n5&;6t##Xd~?ElH5cj}EAyzkvw{nY*%
z%5z?}5D!s>ypfx{Y}JpwYs;NfKDmX3&?=fKUwDL22!xTBx3as&&=f}mzc-PEj-P+(
z#^%MBEc<g;1yj!VhEsda5S{m(0-opWetxIIT#EFL$1oV|+(o>o)eiy19RtC3lLhtQ
z2DUI#W~vBi60mn%Urscd0Lv*KJvcK{JLMb|9lc(=-{1gC{p;aZzfONgd_J>qn+Ujy
z<z_)PHCvyvSTH<yOFGY2;}lZ^)fFW|4%#6+k1Dnh$B;iFq))ORc}GztRetT*k+Bs9
zwhT(0>8eO7E9cwGg-h6mljTBmzs?>U>M8jBwof^cHsFH*j$rLvbY*2_ZDcTv2-Ih=
zv$od0)EaVleC*)k+!FZEYPKo{umzABUc>~<`k6#l?H)zZo7IwABaxdE<=EI*_OyP$
zMJrITjB~lA5ORI*>+5?N(KC}akRhn7qvJijv1oL9ao9<<HU2$KkQ)dcb{;PD6A=)M
ztscLon&c_x8O0V=kd=i$Koy2}Kiyu#MW&n)$Nx}MGfg2xih+!bMc#F^)_WTG*V{l3
ze<N@A_T4*zyIWYJaALI<tAC$}(9b(gEIv$fJO9cY?~0kMbSaVV)(DHZv;5>(E`uVz
z>NCA10^8z+pro@lH>0DN&Y7`Ac`w^4z|ZwKLAD|$+!c8v?Op;9d-m*E)$xGf)DO!f
zkNTn_wn3p|xj4h^$&wstbtaX9#j-&Whr5gG<H0!}h1^4rYtmpz-U`560j@jXtny_j
zNJW#owHy^TTyC2rWfiFEx5{<R&(8xaf=v0RF);}Uqyk3J3Pc9@HLDvN_&}Hi$b2Ex
ztVkiQd-c}A3L;)MwVN4;7(GA;Y>)>>M<46z?!yE99~vbydurcR023G*6*VSL|3}Y>
z;>)&4s=#YKg!?4tTX|Wx1(-)CBZ~M`RQrdNA~{1{85COAqWKZFmY4-!IqbAGQQo;8
z%6=COsIx34$Ik}^%3ZuuN!%+0?4p`#1)n^e)}ChP4-pls3IT`<A}BL#(x!4{MfuLZ
zC3xO~H7Nq{%-{i2M+XsVS-3spmHT|j>2bE(-4#RUc6S4VWa`=40uKA!6<<Q8FC)0F
z7z(g#W!kdHDI}4Gh9;7fCmc5KF}QL*U2fhg44V}PVv6e3*jHUWJ>Vk2gzUaFkToq0
zO*6$L5;8Kl6_b~n%mfHD`VkQkt3vds`0RXvP%|budD6%~5#L@Q<Ch{0W(vzs1F=di
z!YW(Cx&QgOE9?>o)Ly)JF`M-_`n{;mct@=E`gK!=%lt)z1rFfVxw{JhV=3z7L^yCn
zA)|w(+E;y;)d-o|m1IG_)tN~wSx1oX0SjaZX}(^F>!0ZDn#a;^R$thRdw|6)Xlb+Z
zp?eMNcG6;*++3mmq<G9??Z<@9%8)db)8L7q)g-%0q1G0Zr^*9nLrX_DC$@Y)TW#%(
z+UpL$N*2`}y)4^X2EqhNo7r?g#Z-!P`ag&T%=Q`>7`R?;<vnF$YSm-^Sz;(1DU~C*
zSa-Rd|Mklkz1Cn%>6t0LrolnT=;$cJ29n;`w|AcBOChuNofLrl0fM+WSIaBxe)0hj
zoY+`AAOg5I&iy8^pO(HrY)GuDt9$Pue*fOS27aTgEG{M{R(2I09^PV5vS`Owti}wm
z+HUh__KE_7lDfLAm>4_<2M6?cq0(0O3_3Ssq(uBz7qbFP@NGJ-_8SK&TxP{;olp1A
zEKz+f(<rp|_ZM{m&sN!T)m@kDDw1J*@}{c!jrf<60lFubMuYIq<OSH*ml7wB2h~O4
zyFx)BTf1i7;IQ=<bU=&<^FV-Lu8bF`x4u)=mIOA>D{W^$4>5c$N3v#x_eftz0CrwN
zBJgT1IFD;cdIj##6+h*Ah3bwP2=#%G(q&L8uDk71lFs)0XZ!ue02J&}hYf|MV_`2K
zusAq4U|16*$EtDO>$!K>>fL!%wVe`b>-$W&=4xH?JYZ0$`}o*cb;z;Jba@!y!Ev}A
z=)pXQ03Tz)^Ej$=l_qL$p)m{a%)2QV&UPjS4Pz67*-J|@1YL%!9ZZ3+YqrzzbWD}k
zt@GnwUt~~hA44d5Yb3AM#|Cv7jsa!727mN!w2EDcN~+$}as#(eoq|>8X+aiut~ePN
z(q}9<MAD4eJ?$x@2jLx80^`jAD09s!4p}L}9w5=16MVpU0G0p<GCG+DJCS{W{REmB
z7?oj_TnGpu;9|U0Ri$!Ct6cC-1Dx5{%E}Hc^LCPwl65D;ub|y>q!q$vUV)g|0CaFn
zJbl$pr29T2V{Z2f9p1&`-h{99CY9N*NWlRh2K*>?mNOqYpntrb-woB(Nl>uJ_YO$_
zt2JcSHZd_VHy*WsIkgBls*a60#f62@KyU;IyOVO*@2PhULJK^QD^3IvCcbOBh;jD;
z?oc-X3%mq07XAR(WJ2EDt)S74{ER`%iwWI+R&eXL>v(za?o$HmI}iBt++hV{Yp>U%
z)tbaJTBkHB-@eC_YSLd7r~r!<f;|Dlu_ET2#WCPPbXxF&QE1mX8v_^<bjlN(LSQtv
zK~d-sF-Iy2+_+OrGnrpdU<7<Dx15LuLMw(WhiWZA&R?smPwf^PfAL{kXz;qaM?XYF
zM0RH?u_M}FynFYqY{m!BEF%+>VL<o+XQK)*RAwWeF|k4d_GT)}0He#`XJBt%B3&e&
zH?jropM0&@WVpTvgb1a;o=^y=xck{|SXLGl0B-<METBHU71lFPo<6m=wJlMb1R{($
zkU$J38K??D0sv%ScB{dcwOWNHGX`@tPS@M2jV+y>DEVXChgdKF(Yc6hz!f$X%4xd?
zWda}KYm~nzYP=P&tvl>M8sY=M8(=ZW0WE^8IqP!qyU6Daj3Tpnuz2+?8Wz!;-Nq4<
zpTftDO+W~4Y_p?=nwmxI;mWVF<99@oA9kK}<$wETFjHY&Ln`?<rcEDaU&6N&$cRr!
z;8BNaThed$Lg4LOuS#8DtkXW14T7kM>=Tp>A0JbxR_azKovQz+lEp#guEqW{V%(U-
z&m|Fzhbs`#;RY`c0q5P#lDez$F~qk}qyTteWS@`rQ$0Z+%Y8%Jkr<g9KYsMTxq{_q
z|7!q(`T8vfy<Vnzh5!tr<$bXRm6gzV*=kjRxsUnRTf*f}8W6y+Vgc0prJ0#oM54Nq
zQVS3}jaL12hrv3V8Gd<R3JMCkF{(^g09a;su2vP3>F@WAsFo&W$GUEbfwzF1E95Ev
z`zHn*eoWEZb2>orSd_*Ar*8Da-*#Y~rx-%=Xor7+(p7^``YnGy(tZzYdHxS0R9@(R
z_+t`6Wtg)6Kft_b2!Gikq46-t?|<`d=HU~uERb;d8J!8ORq6h^`OinW{_FVn|5=Rr
z&$AhRrsng_WCs36E8Ds!bh@pAY7Fc5+ULCjL`v&A9i-x^BR9;YiCX7F=LdPjZs+|l
zqQQlHs;N0vGDwaM{D7y=%^Y2p={rk>hh@fbI=PDMRv{satxq#;W(||ye6!#A56oQY
zyT{P14Ed5%@=UUw>L;F}uNW{)+-+_e8`9m8>ZRHA?}D_9e~EJpdLS&to1KM4{yQT$
zCXLs2zTF3>!osBgg3ZBf@FXTF#_j7vtg+(deDLSShK%nkImz=mhbVoIu^uuAO;$=e
zH~Lu9ywMa?0#%4dP>v59PwhToUM}rI4aSrg+BrJ&28)KRjDy=(*y1jFo`0Mcx1Yx&
ztg{n+sH<SQx1hW^JiM_!qyBhSqvJ%L%^?a_U5ofJShQU^0l|C$Z{zsJ=%Y$>HnZ>>
zY}8-Fy^s{hFEV8t@Kj)Nr6eBnQy%c^WRSl=A`gmVOCmfjE#b0cbY!SoQZb(hZX;_U
znOz9x`H9LW1pRX0oq=lm_1S1f8eMI!xK~wGPI2g`-qJx<oY~sY!<BK)b6Y0Yi%My_
zvV(l(<Oc4TD_E+g2r6Q6>(a3uLHWL5dOTr%Sq;*!Tum2Sni2zUwd>T`@wzH9RMF-U
zBFF%Xn`cC`ulXY{D5mCc^XGiMrgO~o386pLlpKU8Jf&=8sl@t7w8!ma??voqqMujo
z284S~4?u){Y<i2s7H2k7lKY}W?++jWzH!#o?T@eB(ChECnh4l#lQwuY_~$~mru|g8
z4z}T&hMphDS!<p%SgvF(e_a4gxD*O&*Cg-w^m&9c6}rXqb1BJ&Qgz)>sr%h{@(U*T
z;Wi_p!1VNbm{qvz@&{|8B(WK}*gx~u)4Bi5(d8U0DxfN;-TL&{ec_rjtwH;_MdQ2{
zhbPty9G0~~a}}a{2r@poH&VB9+0zQDqV=n(lZh+YP&5Vrv8SAPd^{@ME<auB>inRd
zO2_`h^Y+*+_6kM~BzPzTIyo6_8*A$%TM=ZvZQvpE335uFw(i&sS&|D69+gqAp&=`1
z_s&D0c`kCcc$rs9u;gE+<9ZoLkHthx%#&7-%-G3KaIv-2I1q(JSP%<cf_qF(jrZ8u
zIOm_5yjdHvuAtyN9IcNr5*|zI^9E76-JyhYaI80&jbk0>y~?t&@?uS0t1J)dp>jQO
zNan1@*3619+4~Y5c;$P6u|3Y|_aQ+(tzt;<b~JcMqfuMTenFjiP`fv+GWDr9UCOA>
z8K5*I#>To_`3q=J#T0Q4U;g)B7KGbl<u#`?%HxW3Q5ja|^VIZ%ydlOVr*YC-6Al<8
zX%$DOv4;{RNs=%IuFh*z^>*X<HPiR!dpVCqYrjqvm!B7XecXt-BKqueX=&t-GW^4<
ziu1tcZ#?@?@fbb(7u|G~Ra82ryZ5?@`GX}rAQhbzR4s1Xwkbwy-tz0;+l4r7u-XH;
zOok>3yqu}EZM@>XUude|Zdf`(etBzMY|+48W!|1%p!NgO)I3MBFo*8TIy9F|U~SwS
zoD-wm_{CY;pPTNDDhjxLUffD>D4oX1$?DmU(nhR4F+!!wWVTd74&Btg<Q)hGX@#wU
zm^=MbpOltGR=B<D^^zo6;W}R=H#qH07cbEoa<?UktDO+8Nu9ommHyR3ZDe%N<D(<=
zus{z4_&1SmYq<VIgZg_V53{`R(boyNuA_KK=6f-cx4@^wpM^l@h}oYL2yEGC?OJ*x
zA>S9i^`5eE?YPXS9f;Yt;tuauVj3rh)p+r#TFtb9YN5!#jDR^s-54S*cxZb#_=zcr
zE;P6~+f>Onp!6k5du@d5GqV#PIu(TSuLz#0ZWg3F9vA#(w~fjV1j`l`7)Kn!N$P5`
zEYm<3ifG2}q9f)LHvQ8@YFA?dzGcZWZE}s?Z>;*YdvD8^822eQ=Qeo*>XVoEdnV6}
z@X|<cDvC9-b?Nn3OuEq(IZW4d`uz6H7y9K&#$Jvd`v1^2enh3weB7vLFg`T=1q0P|
zpGK%waXRAZJb|QA(Fp(eP5j=sT)sQ+*xNBP`%fefU<iKw+z=`gq~8v}aQH95Px>kh
z)2$C#N?FU5GrOFBzT+ogw&CDUQ==28yDT}H&`7&eW8yCg36oaPPTJI)kHji05;rI5
zE=nrRbx{n?lA@gC6w|B!5@Sg0+VA+eh<umBPp1B6_ohTxTL1(jqfI}^TsrZlk9gW2
z2yVBHT>GlMqFw^#)2?g2oO_@os_u9l?ugD<XGlA8cgs1EUQm|n!nZV6ad_%1Q+@ds
zQZBrdgpBWW^`KOWhnK#`dyebZ7B;+Xo?INNH3})V3=TT}QkEX5`bw>QBzWxMsG54o
zwg+<K0ZZA-494s0#b$~UZ<W3RYw6EOg(b1|hl^i3r9||;7Z|en;`6<3Pfx#jRBKA&
ztbcm=@y1-l+Gn~Fo9~Jm$JfR%nahQm2};^G$y+*gmP1fn>T-;id3W<1S+p+qV&(Li
zrH9VnvjEV}Wcy~LNRRN{{q4>}jYiGp*o0GYoA2YTdLToabK6hiS0x~*u_<!njd481
zgWaZ2UnBRk`p-j%O7?J0oz5*DPR)GphhE)2e8cRv=uJqli&C(=P#3zfpl0vyU}$ns
z#i4e`8LZ9(se5d92Pzf4JQ^L$t0dVeT)sU1N*VBrDMu043@o%@4z7#iF7c#81u7Jh
z{e5cJYpLtckB&w`2rvl5=;fv?r9(E2(JhB>k?6G4L0dnf=#?&~v*4Ek!5?##5NH>%
zCdnIo5Z6IYfZh>9@kjsFJV+nIwGL*O&u)ia)`(z%zBv9x>t44h6(Z%(+B&cL)u8lN
zsXk#h$GtaTviJolUi+AVX&55v$>%xxfKzJMbbP<%AqLiG*msBX%g)QGn4IBt_S>J1
z$Q>9)i<q*J>TiRq?IDe?Lb%o|(}<}kWgz+vlTseRgZ-;Rz8JAN{=fkR(}Ob0r-Gx`
z@zmN<EY!z3YIYuv{QR1=4xbaAY<n$d4-7%xUraQ63Oi9ZXZSyaiUvpSCA`fvD4w{z
z<cQ?w%lM+ujNz$L_Auh!?02z2XzDhM3%M@zG&D&6?(hjyJ^TlgxljAjc=ywxhNeT#
ze~%J$AxS*_izxqRC;YrU$PdWM0su*d`ae#);q`J$ld6te(A~9Z*+9V`FEzA_W5Ar)
z49KVYkVSPc>_lrj3+zNm<pAJL)<Z0)KL8yf2V{3&u6RM^D*n>Kt)6tv%J-*oKM-3+
zX^*?mXK0O!dx(0lk!D+QG-(L2ADk?iwOhdi^2a4W{Fv!#fCm7yzWFE^db`4gTjZl8
zRJv4Wd-<zls=CHEm#1(*9*qk~&eS+#W&^SJ@UZrMCJMmeO$O4%Ae6$u@dE%ELgC9`
zrS!SB508l08ZDt46uQFD*VpIU#cG%@4+AiX6#!;DJ2SaF*#I8vO@0AD=I{B@@v+;<
zP^V*1m)kKgvcpM3#)fqr_bvMSn<w!P7t&)K2$7{uqiI=Lqk+7Q^4qr(wa$dlI<AEI
z`W&E+9uRQ@$3i&4t1{CS)}2|mCyYS)IGMwNLAy5ipr3c)wW@Mwli$S8%Kf71+e@-Z
z*oX)rn~nsKTzk^R)}+V%K0aRN?zUvsZ9^tfiVc9y0W4M8+Zk_hUvZ*PTfOGQu*Pw#
zWxYSGq`dNdqB9kc$)=^JM*>nJm#2Hut`NIO9VxVmM*swplP^Ay59GT!0bq``cDK}I
zVt=wE0C@2&`){Nh>6W!aagUMY=CQQ_XDZ(1-}V!zYBjHR$H^+{0(k&zUC)y6swzwP
zFZua~064xoTOGH(Z2?E=x(NSS&Mj8craCBrNfnQha=_n(@L)CmDcnhPI4vz_Y)i`v
zoBC6g+l9L;QGgS@_qpg%><h1}y-HLpto810#UrT4K5%HDeW$2V0eoZ!t=VC{-M_oV
zh66(R%+#Yt=nGz|s=?_lg3h~oyOSlr`3XV!2hG7w!0*@Mf6*2a!43RSVDyMhOLhkf
zchI&qa7;`I>KE)gXXtD<kiS`;_r5yYYwK)3JYNCCP1x{0VTl~zXQN$P>awr%Ek9pY
z?xoQ{I&bv~w$Eao*OkJgW{(wUBwv-yd2c!hIILjU8L2-y=MtBdh26B++~{PhsiyXY
z`n9)8e~>rYgFn$}?kCr*!HhBTt-T2~0P(!qxId$@nj?34Tf+t<S%Jj4fYbJ>PNVID
zh>q(m5|r2;1weJ_`T0`-a6FM&y+s^b-pV-(Kuxs3-Shx<d7rd~I01QN;EYAh-JYX>
zlVsOmp*^<PbFse>bvf}q`d3buD011xh8tHPftxIH;|3RthcBy}44q%kKtgvlZGHfV
zPyjOK@>X8nQHbcZAHT!8(%ZMAxpHY^FWubu0eHJP0N<`!OTL05MXm;K)xQ+TO#;Ut
z#&G_G+QT0siIj{zJ-zI!wSZ&>dd^U2QWDWEJUsLi$PoAWSc=?Sp0)Ryt>&{e8UV>6
zI6#--^(tpL()t5~f|hnxBF0SU*w`QdOnG~hbg3TV1std7xAkrX;E_Tm0M-0`X+#}Q
zbNzIRJ$)s5o9wY)p9ElLsepJPl}*X*&)3iGTy=KDvb(bL&biVB38I<L6tXNWEv>Gt
zRf{*bPy}I+a0V6>7z1e%4)1H%%uIo(FZ1;z{NTp`7W(<~=iq|_yZf^?3-cb3o|`Kt
z`hScX+dMxyLZj9dy-C@W;Z#jgLyLiV$efJ}n`XUxl*c9%Mo*7HC6W##$jBo;Q6yYF
zbGukmzdnSxlz88`tK42KTti(N4X@7+9Wl3hZf~x-2W}Y$g<<Knbwnn8)E}%hYn=AN
zo6SCaUS}WU8N;Y`BZfh!2FE6}qLPw$$v{?%Ye_mLwr>0Yj5TICzG%$79gg$IddBE7
zi@Of?YMCB2mzQ(vq+g_K90;+0e6OT2Zy5KP-FCjtp$3v6IWzY2&r%WLe3JW9r2YR7
zhk;FbPWp<m{Bvjz9K*N5UTg}nQ(@N4CVW&a<8`%Qz~ld$<1$Q!sQYdyullKJH(CZh
z?pYxIo@@+y=sXEPB5$ye;rINjiJt<&jV_@F(#5L{&b<aBJY)%cT*{Ybj?DJFkK@if
z1=Nw=S>$l3hz&%TKgJGcfL;i}hGW~!+fKt7mJXSpjmrGy1rav@8y!Ww`C-Fq9#BND
zzstSO+D+eB<^RostRfr_jdvsVV*0TZW;6p7I<*R|wu9stIU$$jedgHyQHNe&a@DQd
z5IMU?phkh&i`IQT!-)oa_r8%Yz~{!wTo1`D0vKHLn?5z05nxXD7npqB;sNdj{S)<A
zsh)t8N0i-u%u9zDvZ3^xeg0o-!egzgSD6QMa;K&A&oGpZD%p?k*5gR^Ynq~S{nIBH
zI1Cdod%IR6KCIPp8EwAnyBTz6ekj|9aw9iZY^&ECH_}xAig{#;Bv<qFx8|hY!)mPV
z6;52lr(H4BKk>x3M^#fmw8#;i_%@tx*WwPB@#Q>tA<xn<(*)lCfWzll;d)AHi4gaI
z?-%c5&@+H2sJd$EIOS@idQ}zSwnXlFp<Rwr&)i${6~<RKPl>xPs%mpr`cl$Nbru|d
zZ5}I{yD5OgjD8cz>h*s>rbm00tqP$+tVsza=T8|@1)&v{j-X<q(LUi0iVQ~sZ{)^!
zS|euDhy_Lu9-Wtee-beT$$f8UjF_FBErBgVy>?i=`iOU-zu3Y9Yl}_6XtdwH?F@~c
zn>#+V!Txb{hSX(E4%=iIi?CA22Q!B6-`MiEZyo`;hwZz-HV$h#(|1YuU)7SD%dcX?
zcF4rcToH#5@MPUQ&z{Ox#R~Eye)vHB!iP7lg~8G~o;j;Gw-!Gvs*p|4*^U$6)cB2>
z({kxi1UUKXd}t+t_<h%xuOzE`mgP5bL(<cxk5a}?uX;(T?91oe<sVCPQT=kmLaV;s
zPruEoKqpl^h+>mH{?J7_)7WioRVY?wz?7c5&HS^}RgVu$MCyh=B34RWQ_^09zx`s>
zvp95gf{?>QE!jhREcQ*?e3s-Ghkm@ZB8}TC^zL3ADQE#bGdZsFbf;I16F;j562G$a
z`!kycX<?@D<F2OzbQ?ZIICpufDZIw0VtH3&tvWB(>7ELeSH15zG?Eo#B|)n8Jcm6t
zY2eKo)sgogm=5P6PEdOx`)<Y9&8UBn&eV<aSTtE)DHIC#d;Lc~W%|*A4@)=7Xc|RW
zIJJcX`Fhn8O?w%4%D@5(d@)n|rm;7Ja_b8O2+!MxLx@j}2<buS9F>YDON{y5nw6=$
zE_pH26A#9MjD+~YNys1_I*ALj9q)h2EKAE7oe8EG`NT*!cZ?Y|a;4;=;!nQna`#3~
zxoUD;kptPVe$YDxGjxuH7$z<qcg<)$Z(e_Z24d4cD&k+MA>Z)r_VPx|ng5FYAOJa+
z^Wul35o@>6l4YDM1x{eMPV?n1GiX<EuA_h!Hbp1)!RN6oq>s))lG4qxRQ)7rs4XP9
zn81|7zHeled*Z@Q_aXgfHKi<Vne~lc^#&uF5gSPJgUN7CR|5-%ch9f!nYL$4SFB>M
z;pH&g^iN|zOdl2_%-ePv>whcS><NLa1glOoxCb_RH_2Zhm`M19)2hw0RQFYjq0;QO
zmX4c99A0f$G73?d(aQo4UHzq)HU<ou<$=eazxS9z`!JM5iRFo(hdf^YE^Bd=i-{Ix
zq>n9ArH_0;z`tr$9OIc2^np%zj#)<<bW({!2<|(nGu231e^l2}?s8NDuU|Q6*lpPz
zSiM84I2<~Jk;Ro1OGe4C<!JhlRmOC><%QLJOzwbg%Ptui8Y&$#Z6eLX8xp5ir0S9+
zeXfiNG>|q|?}k<!6YuiSAzVy!gV3;u9KnZ?mmdPd*HW1CWf*v#gi@pH*+MS55*c2Z
z`oCbV5&dgo012VRlq-q!-b|*(`J&Mf+Gjw$3Stm_G{f!4Ey-!qV`fm-d^Q%s%w$mx
zb-h~~W=g!JfGc?W?rjE`VDKAjXP0)oYy&2$yz#m&DT*H^a~mW}&Z2Eg5i7R#Nq{Gr
znvIO%bX5Q2u<UN3I6}xnvWr)o-GU}hemt!cwa1m;iQ_hq@e;NUdPJ}jOYlo<`L(x!
z4TFfSXuuH*KKw)7s>iob;of<_y%KKa=WphbzrlHHbmTTycU}}EfCcpi8GX_)NgtGN
z<AIY*O0V-@G%T0~Iqz-F(*@t!6Iw}UHi0_7P8<|$FK55MmS2NIq{m>KZ=_e0qj8h&
zsqp3r2!t<7Tj*1HcgNZs>shfIFsZ!dHCfFirt^Ba*x<)D;qP6GUmHNOS82Wd+kc97
zJdk`h+0di!^o~<@L(g&Z_8Xlr%<5hIqpUh2-FH6-*!5>J2fTbdQw!EjU|xsU<DVX0
z!9T+qoyd3C7)aJAZQe!sBA`@Zt&2p@=(Vt@Uoe)ZQ6)Q3|7$1hn(|Cg!4K_f@0FM>
zra@%s&ox-!T(1+1$wi^l^kmy(A^d>$k+JmpxVtUACvHTiYxd!(*oUVA38tADGT=LQ
z=C^O&)cN_`G&-)=$BAd}35|Z5%JUIq-jnl<IywS>K$_{Vr4W<u!Kx9A^KWe1QTomG
z>gPaCi5C2(Y?eKmW9YP5c|PA<PSdM&9t=VQjEYqA*E~DilAE0nD%(NYW6`|x>S6NR
zAN|PlF_CWOpq!PK;$*nEpbt9YG8wT_T0gg__DRM*smHXP?O;4_|Hcf?*E}kaz#Dme
zc0}JlNXYzq2Ny-(FVwF6Mj!z&HoTqPrh_kW4wQDi?YSN;_tCQ_U&z6QS*-IcHJ|nI
z&RVz7p$aR3nC4=@MIJYQFg;Ds>Ve#F1iCuA8}dUcIl9})rLK1bZ<7O1EuIXR2p+LM
z$4?ybq{{l5JwFDra>a@i&Z!}nzTS@ubMpaRw3EnX3Ix)Z1(S2Ry(GBUH&x1HPo<&B
zbHRX?zT!#-IiY%)(DU$9RfMCVqFEgJHKKg8u3`JFHPJ90ci?~?kngGfl2Vx7*P>3J
zE0ip&??jWL$WUsf!z_+h_)!r?EjRw`W%yB-dgiO{7#)kx&U@yzBJIRIqM0FC3iPH{
z$n<F&v9agED^RNbpOa8ED}q&@ACV`Gta{R;a*1^bFLNKFLb4TcR`<J2n~xpBvUmoB
z#e%<cCq=5}#i)<Z4ltMR>mggcy%EeHc_kP}Zr-BOK&31v#6dCefwgnQg?vQHB<4tg
zCTJf*Tk<$zh%T<`TRv4tqpsrkvLmNTLQ}$;=gE?hfg<DR?iKq;$NGCt#;lfhSWJ~E
z#tM||r51#GQnf2skt-PnwGdcnOqRs%sCZ62nKB^uyd>&0LWd^D^x2KziwhgFB>FbI
z+?n6pLHsEQXbKUn)wxh<O~=7cL$0oAn^u)n>G4`OBObSH_0VcB&LR=P)Z~$5tH)35
z86tE7h9IV|)#BTCQOe9Xr3+ai(m&3GMuPmzQStL0$6e_$&}Yfh*<V=szYsL6NKkIb
zLrbGajUdt!t-!&zZw<jadxK1W1x^tJB~`=CbI9qGq$gvUzD`;x#kt$1U7wLY{8@Vu
zU+~g&`rC=&H~hBuX@!i-<)&mHTv1~VbPAWaGX+Ze{B=(Au~`PqgpKQnQ<qNA-kj@n
zW4{5h0CO->(VF2*`as)~bTpkKcgjxc7X9x(H5q=nwG$J1ZJ>r6X}A<V(=~YezHfJJ
z)n-~uR+2#FZom;cD)-JdR^~D*8)M6fp*t?DYsR$fdV9&}nkNH0$@asST(tbD7qHBm
zu-Yw<)Ix@YQO?I!n=EN(J0Bf4rhs(Jp!od@$`=NqR32pJu)r86O|-2~{p8Xua)kBf
z`W@HC1@kH|5-Nj=b-Yk5UDloWZ*Be9V{c>S@AOIfykO$sqww=v#^S)hp^cjC+-OQ^
zr6R7~$_<LP_oij)$D$<6GP*CuRW;8WTEeG>Q;L&agE171`@XXfjHZNo8PK5jbGfeV
z^RFhUh}E*wUP%tCR|fxf_tWl?DpsC=&~$Xch>CpN-%BsSN}VdN_NOfI|N1X}{&SA-
zw{iHN6zRz9yovA5{Yvua8~uQ&rpOj#kUIZ`{E)%7<77ea)akbqS>>V6z`AK&yJH}p
z_6r-B`qQ>kH2U(1C!Daa_aMLk%6*v8dtRuU-a5-D9m7YR`t#>&+RKg@A#Y@owESqB
zx237ZcdSdk^|$CU;{hdY^GULj5fk)~S^sAl@f`(0tDf<_u(6H8y|jv}YQavT4#~!V
zv8)YcZ!u#cqUUKdOkKJO(qT8Q6T0Y0EG$l9$|d|s*TSMBJTC|?_<JXnOoSC1%LWFI
zxBY!s3HywvuYv#jqcX;yO~*(^aPA?%t&M<tM}IScIYVX{)7(hqRKHJ`u<SZw&8VIy
zCHK`)ir3YT+&X2Mk-9cHiCvuFHs{XameX#pV;crj!mT#)iE8t!&wJj`fs*tE2M>*x
zqN`ygMa9{dv`n=>$~MaMUXX6hupU{iKJd`dJ{WADBZx=r<T~l0W)>4ut8-!kL?Rvg
zGJ%Pfh-YSfY8EEL8pFoCF*ei6&QpL2c?^Dz_qB15wzKwXXw8O!R(inbbLxSqUBk4_
z#(9#5jilrLH7E2<z5=lSbqzijzTak5nnQ{PKGE7UaFL<-MKzvDFvg7bj_&3iXNJ*T
z#-!(<?-HywBuXv&qP}RQ3ndeY0bD1{+;2UP>1ks~UX7%1)5ZkC4@qFZ)bBW=n<+?>
z(sF&0L#X=teEj=qYl5v}9^wbuq$wCZ9@!hwKz{qx$Lod9vZrt}0Z+F-Rpw|>?PII>
z!>DLFV++6|9(3;;7|>h34_oBv%1E1}WX~|9=5XXC%$^JdC?%KkWvyVTiA;Gv(TDcq
z=GG;4N7mwpMnzM9w0)41X<OGH<4i7^6v?O@TFaRls#EfKo;Ph49|LANeD*d5Ht;wW
zWeoc`nliqxjlcRWIZ20Vi9m+AA%577rjLz*t%4!6=388aN7;t!K#T)9sn{-NPI5`P
z{ooK?r;un!H8w*W-;=~mCVZK+xQQ<m){nf|!&WVGc6K=VQp$<Ax@{}6^Sg9~0?L<u
zM_sgufhA?#Qw~;F#_xHUqE^Y4fuYhLHe(zKyR%RTSKbG03+&+}Sri+W=99<kjtukU
zuOxm2T{3QVAa%(okrFn@iFEAF!Wh9Dp8@bo$k&MglGVE87cIVOc)ERg&jh13nHXa{
z`l6ZU6={}(rygZCR|{`>nX=JrTs*@2NQb&d@M^X{C;7~KerS+)TCrmeHxMgTO6MIG
zwqyt%DP?c&yC{tk_Biv(PF!5dZMXf*6K_7ZsZ5xP2#K<?%qE$Jj~s6vhhXiJXU1+S
zUxMWUaW5mDuo-E}tIsh)05fo<GX)tfXBcKA@OceLNgSkbIn0nRoSQNScbjo@Sx$wv
zE(WvKkB<>IO6(M9ahEDNJv@*|T!6kwU$#VC<oSqZlo#gNMZLAAxrw<nbuwEpnZ6;v
z&8(`*is<KiQ~fR_G8~oO(Td^S!T<w@Q2fu(N1Ul7wVo|2R#MQok~Wc)ooc%=iH|7#
z)Pvp@gLax?$Rkp1W1{Gn4D8z}%xKn(-XcH}{r*oN`Ki9~7Q06U(X@t?H`(Pq180&C
ztk%g;-Yy6=%+&>}+VaNmn;>$5K$pmRY_uEs1CbuQX=^*6*c;!VzN=vwHe_TuLnr&E
z=+cO|7kQ8;EG(Zk1BL?MNRE$k-x3I=?D{K(tFSCjX$mSU9e5pk(aM>~(TFEskAp#k
z2}gU3Bca#ZG|)8N&BJ#0sbMsw1x@++b+^Y?;_a~^#3E&Z=U=B*t=Xurf@t3MlQnO;
zL<1oG*Ig7QGVswBm-$0CB*{mfoKYfaS$gNK>XiFw-!#h7!vj;87u22)bx1~HUlN(S
z$kD>$bu!H8_EVN3)zlPP;@b<Rs$%E|>GdyRLYx&7mG#|&FWN$h)JwmG4u2FPyoDs3
zh|1IDZA<LUpO9}TPz-EBSaJun#hcG~nBAYm)_rZQwzUuI<gmT)MBq>~ioKDfBwKj(
z$zpy^sC>1n`B5LewF$qh?f2~RFTT5#lplSZM1uMo&gU_1^)WJPLf7t|e&V*pUAg9x
z^`LDnyJ_fIx?1Rae0)5%>cx?Do-smvDpz>b>v|s&-@3A9?5p>6_}i*;nQ|w-Q!fzJ
z$s^Td<+_c>f-z@*_!1gLRo}DO^{ir72#ir7WRg2Ctr9ZSclFWNp9h_UsxCDIn*4U*
zGv=vAec%`_SGP`*^cg;f8lDpIc73E|7LP~?JrLAmp2*5F9F-65b??{4-eq)&r(GQ{
z6G_J3n({|vlKOu&Ltl$Fgc;ME&e6VXOqMDzMlB+YSJFuD?AwW+ukB4#i8+`ChgaCH
z&WS#kYOVJezFK;0?14yq(MQ3bPBLRaT&c%THo>wn7C&I6mOOB|tz6Hb0LBEl^e}<D
zW(hm%2;3eq7y3ZcuTxYcp=GTkHzg^f6G_Uii-RSxCEvpiw?}r1oSZi}z@8w<b}Eh%
zRh+N;iAow8Jx7cN1LxiX4RIOLOqwDCE!;=i<5pLRJY~xlw^1E?-mE@~TC0QYBP<iK
zeJvlAUM|RX3_H+HwSS5yWTEBxlA`;LQDA_}zSPw9jlff%z9xa)ccr{OubNTfwvP8k
zawB1$gUcm@(zv)W<G9G~PKMVgGgH;KnBEItQ%?5^H^zR<Or@OSBzb(zmRu$O@+_}~
zQexvh;gfv609BP!)9LFljId(8Qbb%q1BPQLN6g_wdQLr69i2=AV;DQWZ&>jRV=QSy
zW_ppr$@kp!eHU@qttzh317`g;tgNoS!^8fN<avDzk{AiAK%_X{<dzV2D9r0g&&<y+
zL_jWZmN#Y+3sYC*IQhzgM%=WqXS0f(`IfL{S?YNERpp!8i4z9lY6UM*lVxbCj8f5M
zYU+!Xl=E?}6J4GFq%<<Gb_E$jgO-^2l-roc!h%^Lf~H5`I+MCrDsLk1g6wVkO=qJx
z0+En#-R8_pyo)#Q%3SXB->6*Nb!I&ksCs1h`91x)KE4uyii4VyaXDO>@9cvs8Y8CH
zX?mj1Z@!o@XoOWfQ+cK#P*ZJ|@1KU2_At@!tDiYmS`eY`5a(ykPLW4Bo8EW6j~+cD
zU|Bh>Vl8?FrP>hLnB8bFg~HMuY+^n0J)B5AB=IPAL(*{VIG1^a65l5VJ=(1;c1TZM
zQy6a9l7N9*H<yDI%{UXyP0%*_irz^NAY#ZjX^j+OG?YY!+kK`kDi+{_8I!Ep+#)*j
z_{YKX+H#dBD~FzZ<6RD4STt*KcQxRKlgipYQ&ww(Y6#Cn`VBok`DTu}Cl?ux-Q2*x
z|8}sTo$L58ttx&C`+UiSTkixE$Ie1o<{<8O#My)8VX(cT?qy?pL}z4#)*bLItK3@s
zxXV$I*2{p{+eRwV#ye16f$;*iBdhChX+KeI`bZY{hx;69pM-Q(T&=~;R><<Q9Oo;9
zFw$MOrHu;Qi41EWe(Tzl14|U*NY}Gy1~&_4?_l)0j*Pl6a{P!31_a_+cHtPga_R4u
zm2W1*>1<wEn#8G4%3cl|(Ry4guCIrgo1yipe$sO`w@TwvBrAZtqCPZyVdqfe>!D$e
z{FP}=RwG%;aX<A+YTs;FDr9lC4L10h9}-oY$(qS^`=(n0X4krC)WpS?vfBJ(`=-=e
zL2C`x9-&Z)OEdfViK+EQU5H>;hG15f0TH{`mxqcu@HsB1vJQDT#SS7Q?cAO|z){lb
zaINL<T=viYo&`wvlfL-;jj{D(Z5eog(P`Y#jXk=-vv&ypn-OlcTqLxLf9eSvN*x=^
z)6Rhx1r;xppbsB^8VG+`<tDoJ^ZCBG%dCxE#~XcHJM;q@p^m<zk{eWQ^Nz+eUhmI1
zEhy)sqU!DmQP*y9DaVNkU`Ey1IotNZHPnQJ=n-sfg+gLWD(Fv}f=|Y~if9a#3I++}
z_UCU*P-a<|`A*G=Ug!-T8WBu=2+>3!bHf9N@P3sH;^Tw0#u}Q6)YiAio?5#yN!ufT
z<>Ks`+i%jdicnOvwTgaO=TlScP&Xl%e8A=J+yTFoyjS-08Ir@qCCsV58MEP=+k5Ot
z2Ad^2T7NWll=Gz(BHxQb968>xBp(!GOH;0kQ>!x-Vms@dutv5?iUFsc^GIjCs%DCu
zoY*WlECMCRuB=con<zG`T04Uf4VgN|<XsW?b0-+xhlS@aECwb_C4=IL)WbHjyrpn(
zF|>OWcnAZATvhVVJlOH>=z)y_N4@~%k+F#ZRs0LrT6EFMsA{MjcKh;0lB<6N0_wqO
zXHiJldodFsZPrt=_l%j)fk!u<dpf(PcENK&LBs(`<A}Fa=OFt+keY6CU%O0NB9Thv
zfT%9M>f-Gb_r~G!Hq^f*O2H`r0_CkeJU$=lz2dh|SRhJcpX+@yATZ#BUGyy5&XnH+
z{UhqN>D=5i#kb4XpAaktWW8Yb_B6kp9vJ~r;<Scbvq02NQ6${!A$of~_Z7R9(rmDn
zsnXu`{WEn5R{SKm2Uk<Fnh6oY2g4y~f*zgvZj4_uv!jy+xM(x{7xBU?)TeH~Cith|
z=CYDXj+d%=4piYMF_SA?n{aK}el~PQz|!na$6E+}fcU<==2l<jw0d&|j{75#!dlSD
zD8DK;*n@TDE>>a972WOsV(u-Y;%d4uQ6z!j8eD=yaJL2$oL~WhOXCpS-JReN+=2vx
zyG!E|EV#RC<J!P<lK1`YH|x$_>;9UV`q68hE;wCvs%oDt&we(>t$xRQ%}%d)HJ)uk
zjtoHz=Y`Dh{8CbJd|&Bx1;!RvlUP2X#E#&3IdVHm#-+FqQ(v(SpR-1=fmD1}xXi?^
zk{#C$Y}g#!F{Cm0all(b8qY7%F|sBuQ_3@uJnv=gVx;r*i|@J;uA!+H*<4JTG(FMu
zW>;FTe3|pt{cMM1TThz%sv(bdACOTPAhj<J7jR9-P7QvhIZ@hLG!wPtAFhk)bn@7@
zH#_Te8gUQ0Lwd^#887(lRafy@)ti&^GIpCoZ{RaBklcl1E<aw~;b6tBmdj>yo+fNF
zJ@~qw-g;*$Fdtx&buZVW;(053_N885lCmdE6Fbaj0XwcSs;j84bHqlP4TgkijYLr=
z@mWlqU0Bj*M~yXj#i*{!G)2x;XS`3@Jza25N4xChfLH8Ep*o7*`+L~J;gL&lF2}dA
z$Cf}7W6-t01EsnUZwNK*S`ug0ndTLSl(Scwtk3=(xjUK={3)xh;tqQM_E7ma;^a4J
z!)zG}?<>?{LG@X8gYL1I-I+|!CT^~Bfj6+fMloszFP6Hm1rYQPG^EwkWT-eNZ#Oek
zsp_w`w3gXZEhI?CP$8;`vFR=NwkjR&p&tq1hHsN?s2?T~c<7mpdHuzg!72$!uw%le
z5Eiz3%RNHB=M{j1?3mlkQfrpzCONyi?p$|idPQob0TT6?mcsoe!i?GLtUA?s1;%Y5
zs_^Tw!O~7Nm2bX}LZZZghNl#P6I$LemrnW7H3Ld&%Cw;H&rH7jB#YX_Rcije?_jRc
zH1YX&lZeI0P;&r|{7v&inqWMcPZbe@4N>hUs5ZARLa-h+uqTtt^}m|295!SKUf}cW
zE(hzn?tWMVDZ*Ue%p?Gnp6_Wt<3w45cZ;;e#$Z}+cB<MhNs#yn*&9C@3R;0KAIywK
zH~D?U`D~ZDDJ$?-CCh*9_NaOTTT%D*#Q7HqGOEahwQg!kisNqV=*Z#ZCC}B%`=S1m
z0b6yP)^}TP7?WG23ir%yY>{e@M)SrSDxEcH5f8jheTH~FSBw^bU3=E(`Ol}@r)wyH
z`Q1w+!@@%h4psv`v92!ZxvB7R6{Ee0bI8LAk0FbrC@E6}=VX~Wo4xIveM{3!zc;9A
znA{bG9N<YV<dI4kZ?ii#X~t1nL*zFwJ^G6({3YkGMt?B&y&O?$dfC^nNlMjJ$&vU*
zui9+^Ndb?$iUW+%JyIR#vjh`7U-bp8@{B!ci>Ue&?xusci^?K6w|mKz9p<7(Oc8$$
z5RfWbsA1J3fBPBjJZ*t&d)f~!s3HFdfdJ+oXAI9Rv&2a}Yf?cDH%;U^nUFAI^3f;F
zsvg#X!XDH9>(9c3I2$q}HM7LS7EAVT2YsEPzt3@mj#$4Tr@WzDg+Plln>PcmH)_>a
zLEoje-f^aiMYy>kQzI1*n7V+x-ocVT|A=_8X_%6&9x$R7QuikC>-w3-HJsklZN`Af
zU2$5&N40r+Ev^`y#k+&YVMh}AjX<fC#~wEhm#+p5i}ZssG%lhPK1SGVyc`6Z^wLy5
zwZV`!7ZSfbuH@k*2Z(3Zvid+<3HgacD$|N;0(nbf<m{}93q>1krd$tAT9pE!!iS{S
z>C66YT;xNzD8Xpl$l5#%RLTSN^xb+d=VUcN1uziEnG4+Jni6$m867)q@UX7Q97eKI
zEl*VbINk@MI9@S3TrrXoLJ@BK=g?f@6B_3gN6)9j(dIW<x5+hC3nYH<P!n?AQ|Jsl
z^Ny>dS9-CSqjb?~4r8&nqUj>}hdopYnczWJpe^!7kcs&or)$-Ht%@X}S=587*nME0
z%QH?8)l}#%!D(T~|Jh!~*ow7V&!Essigt5%XXb4K-HxEw++*L7%528wBq|f}HSkx}
zs3%#bj=f8LP0Np0>C4f_m7A31g_2uWxr+naPZ^EP;D}`AWyz!(9?;smNbrc!Q*_!n
z8H?dlwbv0Hks}7LzRz2v=iD<?(#-ctMWhd~j7=!<VZKd2)>mo~t7QmNMXzDKS)szw
z6bJQ%R429?8R<ZtYtsf1Nw5CQg~!TxP5oknyAZjz?j!pFy=H$44e9BR*Rc;?iw`7x
zuxo1~mMccU-Nn5Vrz~$YZ#O$>&lMjiLCX!vOA?Z~>YxS@{>PWTzr+IVTJHcC_1@ZT
zPpe~`*0OYDt<QLMFmbCeV_{t9E2(0QIk9&}RIg4}V=5bQtJ}{hK0A}ihH#s{gVH2z
zF{$;msIYMd==ttR^!(VK^Ade!*HQ^d38BF{U-k;{_C`vpBqPp3B{>SU?&S;ca9dkn
zj=4q4l+hD-=_s_k<0Z*t;GxJk_<rT~8hPtUlg15k#bX8OaanY7Kob*bUMA@3{QGS8
zpt1T(wn~2%+$h0l&K(g%<#zfIAKjK;hjDjD7#Z(ph76nw-f$s=Zkox{<f`L0qY}KA
zG~r9)Ei|(E#QGY(U{JF(?6d5Oqrv6DbW9FTbx|u-w6tvpLEmL?)u|+IyRJ9;^6N1R
zvkT4L?IRBnM!7)u1LTQkD>^C)0^q8T_y|KM7k9)<46Y|?Vvi84jWoprD%xf@_ccLd
zp6&JhVL~65wMonrxqEZh^DMUYV@pc5zJRt+!Z8%D4ws0O?(@&S`Nk(7J?`$YAwe%a
z_4#0-N1)+d*TbiHA#S*Y21K$pBTWS+*@9qIj6&YqxXT!(_?D#DYiSX$XUyTSOY9|t
z7ZXkF?wl#%UcWNWe_~RCU0ZG)7sC!m%|22K)8K6cdYzq~)0iLF$Z;mcZY_SC?+zzl
zS2zjNyS*m+xv|kVZJ$>j+LwR4CDs+s6yJ(0<K2kgb{`yfi$M&_K7LD>RxZyqA~YgB
zP|GyY{kAHjnYQ#r(6qOI*lNPQ9JnU=?0x$SgkbENrPK~Vf!~|om&`j%A+oRXz{kt`
z0Sn~tETOBoJ9gOH5cgZha$d!6(%I*!&Tw8F#7&9>B}VxkhZX_Z;*5AF_~#<4OsK%?
zWaCVloT0H`rpU%2{MBy+$_<1_Bx}odiZ|d71FPp0G^_i9sbOI{q~&J^4u`(17Gp`7
z1a~{>ZXhzb4MB7raOz;Q6v#kq`W=9SD(rby3H3eesn143&x%OsbB5jabxKuadxKy(
zU9`jHX#?Mr*&B`Fo~Ih_?xbz|UC@)XmFbAB4XNRP+k?x~XP+;1B3VYO&aMXYM58S`
z>r8?k_b5|=5yD$1QKp8^`#%R%=K=RELL@&(vz?mIyX$ueIjo7%>)_*tHX_=xi?Pcs
zOol;F>sKm5<NRH>Qd=&AKdMNY=vgVIYU+S(XNX%X@RHh6g~Lao7#$kJjayBlefZ*f
zNs3~*sm@lt?GOTaIMVYE5gv=hLz{f!_=*M;Si3)o)C0sW62)Ef-w4^q!mm2z%DTc^
zm9UoHpgo{Jb@)F=8VuwH3T*xx4VbX1Gq3)t;MGO!yE?ECi7H&oN^8c}frKdK`$O}y
zU2k0#>%PEjd$e__j^o!BIyu8i#VgTSGNmQ&!!bcYH&!Fk5YVvkrEVr0ObGfiAqhWB
zOp*o6f9~$ZwZ9f)%R$FcZt@stLz<4yR<?>Fr<slt3ffK&6uc{l+jJaj0Q=$rMjS^I
z2p(fFQnjwo5M9c5MSzYL!i-YmsMxf095iS0_0MJ8pS-%IY`<TG!`>=Iy%W#($)YY@
z^js;EOF*GlGYN;dpnfm|zflc@dd>%Ir+dc;Z%cN5R(`)*YAT;038Hl9{XF_lu3a23
z84nb$T-zG_J`R3wL+i27GKT)-`YwYsn;!E&(5&;C)jq)u9l<p$g0a0qy`DKDK9^Wm
zpih#7r&GXx^6Y%BiAiahC_xBB(9b{Z{BS~4^)I>!dOZQ4|1XL*x&K`ke9O?J+~Svi
zg8#pFk7>t#2(isa=D(39=qDHae+CR4<o~vD{eRD&uLxOu%b`lEtoUD)8!(O$AN7*3
z=ZAmU-E4rfm%Zp~)(H|QVzLPPpKzFuL>e{0-p1<z@0*w7v$H4-hdST7`a0t?twuHb
zK_d0`sOHP#$$IUtx9VXOYH5s*WW^hP8c$rJkyv%DeTz_6gy^;#TUN=NssAUwmL!Xc
zP@g;5QJBgFaf!wU$&YR@35$G!<#k(M6%2cbH#;pH{zO~$mfr}3jP9j2Txf0OwVL1d
zLVKKX<8v;fo`ICTGp6#tw-YbcRc5QK19wNpv?K=F0)`?pCMG)@CX|I47sN+*-rQ&1
zRyUjJX9~q!%xhP$iCwY&dv+Xpbwt^IMR}4nrXPxE4d*ZTcWAx+!W*XzZZF&8ri@Zz
zvBl;r`R1{z#yjb|mj~eMNLHBbyfGn<d)VRN_+k<AP~VnZgc88l$d_%2n9@{dq+Kp_
zO_RPVXSTn?x_*t-D!}vVMh#}L6g9x;87wbJV`hIEveE;1Vxw4IHg`Vqv;rnoa?>TK
zl6w`c{7pOfy`8Oeyx4wC<3F?X&#|*+gIW2Bt@odeIoPcmYK;2~UFNjLry*?YigcSC
zmP{4iUacNAcs94Lf?Y>b)a^gad%<G;Z2J|87vA%HYTmVebYyyR&*K$Xx@X9W%yXJJ
zdzP{Tn^b$w#_XFL$d&x7a<eP0I2+SQ_%HvH*_u!I*?!zpZ#L;rn{55THU{XyV$+oV
z;3cccVMz#1p8LUfP9r$e)>YEP_687k=(}>V^}fD*u?PP(O#hvs7%kX$7AXOw-Tk?t
zmF(vFqh57FV4~g8K=RQ_Wy(C^V)~mfhX1U=RpV`zzX-|t1CDi5yEh|!Q?1{(p)z47
zhcimkKAl|43iEw9sq+3Znk&Q;1(NksCG+WK)$Z_YdXtMqnoIJezNL<_+uS2r;pZc&
zl~uj2oBnB-f44^dUE{6(+PI+$*m5M$zpd#hFhKUu#1*d6+R$TyLs)S9G8oWEky!Yp
z_4FYS0|ed*ehwT25Y$J@jG3GT!v*|1$O$<e2%CWw#B-Xq9rUP_MdEZpXp2(5vw<W1
ztgV&F`~6EiHhS}wsb7U`0&a18E6GFoSJHHz%7dtvfajxhuY>vY_ROjO8kSx2*UXsL
zpw3Gg>r~texSHq6@Qi>=FP|T9<)GB^f;XawPPu@|zWOoQ(aewg0&3fc@s~~<{i|+)
zQN2>;$I}VF{2R`Di7R3+Og1k*DY=s*k2Y*Li!n%Pb>6J%j0uHfZ0fZ}XOv~zpB5gT
zkx!+ss(Z<l%cK1V-JFI|D7*N`hsZl@IMx0RitV-$-8|_#ZdUtfu&F<&u=2q>IAeqA
z-DBI8LW%xiKoN<jKEe3-;L>D0cYh3tv1_M*i?6G}U6qYa=vC?~(^kCqz5PQ3Hyevb
zb6OuR+o)2`_O2Rh0g~?fE@~q>eKW}1f3bZ~Ir&+*{LZll{#lhfY+(DeVmR@?gb`jb
z+<(OB&il^)CvV$S^#9z&ooe;J5;KmrK>uH~dzdt5&VOI5*FtGVrvHHzhe3P4{l=*M
z(?)^<{;#^|Nkl=o4l^CSB(Sk8`hfrML%*Zpl41K*r_Gl)nRGsiNM5}=sW^XOz;cME
zuu<ic$u?zWbek=_G`@?clL@nMvDOM#&-$f676%bgw*^iAW43}o&A&6IG;8e9|K`tv
z(e|^M7ijzod|i2TR~X(d60moM;`Z>c=;mdBM@Z$Ff&41#8ven>W;1Uia87~C#2$4C
z>zS7}XjOTP{XZ%|8gHTO{QNJvxVr?8^E+9waNkWF5|N6z3nX%Dt&wV9wDpr>R=W<u
zPJTpkW+JiH1K__hVCzd$P?mot0S^aq!-yk+x*(>;(71JprlwPE7B|9)8%45iMNl?6
zHj$0NX=8BfMQ6X)*?zwj@ZoJ<pat5^F{YTLJ&y_*QD?^Md8?;2F_*R*T9uQMlb7ZM
zr*P>JBBrB4<!*r5N{>c|nJ|wKiWY~5JWkEWmCz%Gr<CI+O^pKa$p*19W=IH|$!DI$
z2$AiG7-$~EJPPXJ<kO{x3fH9iR&~j(%C(nHN3%M1)8>xW_ZG0KOB-)OTzEw_%d;4?
zM<omPc&s>dkt|KTF9c)$V!!{$11!G-m<dJ4k5&J7_2T-Pq2lh!`!)d-cr#P6nJzmj
z>4~5S91ve+O-aX;#BhAEIn(hC#BBTlq~(pADKI{J$y_0V)#oRY8eTuw<oR>et(2IL
zM`Q?QRV4NnoJVrIi{o^-kZ6O2GUwXIW*o?nwNJHhagy@U<C25ZI5L<t#K!3}(2*pY
zU;;npJD9h`{UnYJ0RRY*pviP&J3t3$1$5fJND3bN)hiIX_ue=E86L-d5mVuQ6}T3C
zXi2);CkzR%qei=@T7Dvs+aMwUJb>kXsAjRmv<J|%<B$&%DLl7#iYt0z%u4BX#?Q40
zbhx*-{z>Hit!3%>MUc~aK^ZM-AtBzOB*|GQASt)j8!|oA^v(rv34U9HF{;#Zb!88#
z!AVl&fuGUzu2p5}j))X2351R+vmy6+H1kn_-FB?AkF-REZpmk^TkWuckHk)Y)??>b
z3s^Ie*s0j(xOkG>bmI%H64bFv;^srl=&Sea#zdxFz+t!GQTza~F<qH-iPZGn9Slu6
zT?rV2wexx;bDZR@9)mq))=rKz@G7)oq6(?Bl0`s7g?D4R##_lG>1!RCcD@}EL<y@n
z=n-V?ap<=+asy|$|3x)ISG0)@pBxqPq}|Rx4%-loFz5Uk_Wf*@(B1~rvux==sOu>q
ztA1MmPsUsXx>*mmts;dcyPXMblccNHoR5PH=6@x`xPXmT=~`~rGF{!k5qbK13Kb^^
z!XJR@IIjSKIf8AF^*ny!BF@|Ss?df8@9xShA@);uF{z!rn+E&Kl`JP-W4mvTiZ(4(
z@MJ30``TuLW|0aHr+ao;|Fr<$WM3iJYz8hPWTBEvhx%54YIC|&JCaj-LPyu~aFUyP
zR&7nS#9uK!TozP-t)0%uyCQF~tTJ!e!ikAfXCs_<Ai=7hZjY=OoVLDVf*Dj5halC%
z*LN>70q*ge{V^)4s=b2=bo}n;)G*9iwcjKn@c8)o$BR`NwQ9|Ceqv+Ap%^wSs{Y0j
zIn3*HEe2s!Tdi1->2PHcDtU$hpYAkSvFwkrMoH;-s%Jb-vI3=CPYhRs?4FkBGGpp>
zJSup1FKq0;dN1-++b&9WbSx%R%YX_oLax9U{#S^mOV0SD9O~JmYffHW(Te&Teou{0
zC2HVzV!S6Olm5@8i<-M5gU%0(%@e#oFv_!;*KrUleTm7viMy9?T+PNa?tvW+C#~iE
zIoFI1y}zgQ^XG?Xa*>s_`vf{gWmQ!P6BC*;t-7xHdCm9lp-cWoGEXV-w^@_iOCyvi
zP~RrrRhzlQVes;BC(39}$h)yk+tr2~bJR#Bsrm%G>HY)AJ1Q9F8WY@fxZVkB>kE4D
z__f`qu!M&@av97?c>RDfG&xQlv+iN}dl`kuG8eO*t!7(j4cuwsI)wxb%#q5M5zcpo
z%a3YKIy;qk@>zF8g!&Cr$>f3A3QlLl9f5iH@n>D{1nj=n?c<?erbn9S@HM#FD2Cd=
z6YzV|c4w$@y58+mbcLjY4KMR4E{~7CScaaUe((w=yb;i-|7QBC+K4zp&zroVUyn-2
z{!N3kjbbtxJmFnKup9<>Dy;R(K%&dh9J>#c;|BrW|BBxS!Y2Ybg@-bdsr=<@fM%DD
z?oYV5R@&aFELo!MLV4^A=JM$Q3xsQX@2`)ShI8rqDy_7y>}DJhU&K@!Y}jpN6ZP+n
zSFo1`!uIoK*EqKYmjQtqKK1QQDP^3SnwcU2dD^CI)HX7iyvXFtI{ht=IPMNUsGK_f
zd5H6A{BilSmT>MgvSBd~{^LeQ(qm~shvByK>W%&qH7gY-42@>6Rlbk@NSoMIsE5D1
z?#6bed-_M$+q5!?NP)JyZMKMP2EEiamWZof=fbuCp%C{v4`H$a60usUIHa=#O`%*N
z5}^U#`cl*KtMtBYRq=9y(C+spCfgF==SfA8vsEasUce6DKa$|H#jKli(-o*Vq`;&R
ztXfaE5Kex{q&*$1m{!Gl?Q@?_-(O|a|C@F$jk*k)<oB!D*^(PQP7+EI{o9PA%%6vn
z*8R0ZlcQ*>u(9|<p_`9K^9^RP=c^}3b==O+q=XL>lqE#Te+<_F)^|`<E6%a;Yfh(p
zY5~-nd}oyR>i9S+G!$_~2oA}cDfrIaM17eg*Ccq}YDvZC4qcy>0`zU`$fL;C-JU3?
zEkI^Dr=I1H9xxIZ;GgWj2~-^4L`TEIYg&LFf@&pJ6#nKL(w%2;AY}h!|EN^Jx4A!t
z9Q19)-^4QERU2d6RW!_o-cL&KBcK|;0P|Q^VTZFbNH{r0x9|}6L9nQ2bl`g{`_M9k
zz%7)}mv=h-&%n7b6rkE;+&%YoS!XuBS5T*uU}h<Pl1rW*t#U?R*!bP;@BoES*Ttm+
zE4i0PD5g+p7$ncf+_WfS3r}>S6m$BwR|9Ia6aR+sPxuuV7fV{ta+(6{{WI-s&TFlq
zIhirmr%na4=r3km5|A8cIRn0^@|**sE69|Ow&nH3u`e1H6)GCcu(wG+9B83zhK67-
zE#j{}Ddq3X9~3w?z8cz-hHLRyTeqfk5+`axv?v>s?P~BvPSs=(zvf*RoDwB;DP>d+
zk9pPesRnpz^m)r?df-ddb^;G2Zi4H`$3271R8Z5*$34fyvbV|9KnyP_6Qk8QQ4tIb
zKyzQhXIp*u-u>njpjM{%_}6z{Ql_y&j9CLMaO`(!ue@pDEhUcS1n7rkXm(hD007_=
z?F)soDv{DkoCZ2qHOXJK4TSmI2qd!O2VRc<sAWVRTsC}TTzLoQ@iae}iTU0k4kPbL
zsi$36JLSU9f4DIx|K!K(FU1S8Cp@m$NjtF(-iZ8)go7klG2dzFL-N9=_OOf_B4{2T
z4Zk!n85sA&VUv?7+LW;mqHD9Hdcw)9eiA?Xq5-f+z*p?b)>c^QN96lhoADx9Zlm8s
z-%@;~COhJDnHsdj-`^SmW=8$S(3)?Rt``mkD_{l9GoQD_Dm;al6JIbs0t8WwDsbze
z4CMZbli^%El}q3Kb*zR=o=GPMy$bzuZ}9b>D1%cN?h4`D>+8bBBS-ol&t4zVuk<Gc
zR}oxr3|3fK@&DBsefWPLmkB>0fWVx!Uu`=&=7CV?8C@fcgfA7tviCYe2wS6yfpF3v
z)zlXKjfo021$QUQ<gfkwMbU6Kq2wSvgK2*WI$KI|jP6Mo{f-NN>RccOt!sLw1}jy4
zsk?DAT^uKS<iY+W<W+jcXq@-^{0c&efzvdZYaO_7a-4w0B1If{pTN8`!K*@yxR_9O
zUumqCl3XPI-9iQa2T;&x;B#0yESsC*7wN9ci-QTtq+@JC_&k|C)dXchoV*ROO1Z&q
zEt9^W#J}*9@O_M_DgSY~u39(b^J*e>^th5=&#Ip)*>7~)AqSX<pwg3r#r>W1#=C-O
zRMe&fOI@8$GQanOI@0gm;8XSoWx?=#9l1?PC9_H(YBC~iq&@TMWX!p58i_;@rD_3L
zrim{0>%s%y+x4BtuVV19od4i15F@?RK1sXBC5AoiJM)&nh$VCUK*A!@iLCvsx%=*G
zS?0*rY|Xs3K}TH~-BY{1D<7|6SSiLjyJ=F)vDDrN&Zp(pGtOX4;SR)2n#AJ?VL~+C
zMkA+B=QtfXqF>POaM%ZqbB8D#>gI3U8Bp+<*P&^#FTQy{5W~z}?3*3kU2+P~T~jCm
z@Whg}TR&;4f6as>tI!{CXXd{PEZ$63R_cLN9qt48gDY1jhJKK!F(u4w3e(;-sIp*T
z!E(uIi07{p8%N-QtQJ^cUtHHDw9q!3ECysoHoCiQ>~Dt`CUa&VFUal+n|fKO{XrOj
z`~nu9>+zK`674L~FD#Hwus%Cax<S7s?cI_WmLhK;EfSZnGE^8T&{rYjXEbH&sX4pa
zAdFM!Oxl(sB?^nFiGl(WE{RQZ@{5s%TwZ2WkepjqhvLI8*o|<{W<1Rnqmj0}yx5A*
zlozgj80f4ZmUG;7Y;crMUv#g!jeM=j512V4T0qqs#`3Gc$C=qlYj(GB6aw*z^tA?1
zIS*~$Smmuati)O`qR4ofko_i9dmMRmv+2?(ko#czGv7EXoh|8U#|HvUPS0=Sh=Kmy
zbVfP7;LOt1k+4&in#EsHPi|anrNN7@<RSr<MR$-&f0d#9$&y8bvFJT*Jde)znqmRr
zyfsqBZBU(z0i*1IZo=3TvhHU}O3<L0uBv~SG(7JBP=FweSPUD-PFoNf<u|#qQL4A#
z_$&w|`z=HNMd*RB25in6CQZKnv_X#P=Pjm|c?V0JXH}SZo)stlFmpN1*=T@#392Ns
zmn4@9qzw0_4ZfV_WCQESpZFIrF4FAp#T0GYI9yoa>!RN!9^n4$nZ>Ibs1B2;0LW@Q
zD5l)Ze%w&=S~d<H2ye?ed}!}Ll*je@?76#l0MWu@ceUWsL*#Tjf0EugwoJPO33{dY
zmg~WHv?iOK|B8Jm60i@zsJAhj^aMM$7Jms1SsH`(z@3gwTi%|W8q|FU68`g=f(*Y#
zRO39Un#a`})E`qXsj}LWvnoaEE`p5EO){j->0jCW20a;$HUD{cK^fg2H$D@4P*>?E
zrN-Om1Vv{lUSDJXME?qna}y8EeH5ij#C$p@$rZA2IsHO)hE)mS4yi?>nL}TspU;vx
z7&tTbnZAV(BF0d5S__4<GZ>$|?e=Mm%&q%O9VP4v=D8{NX~Z|Fc2k$f9k-#`yt;}y
za#xn@+jCQ{`BJG0qv}#xqNd^&DB{D*-EK9?GWyYi1~e7@$hcUfmx#s;s>Cs)WEqci
z{s3UGESq~vGKYa1$KESyU_v!S0aCE`#3sa%(vc&vKf}?iHO0f4^^u?XVinCbPVu%R
ztv)-)arV~%q_2nl+;=x#NCdrtiafT;LNOsf8(5hLCD1?H^%R5UyL9HCG##eg98onc
z*OWbwtzi&^)`k#SCH@K3a|T%FitDM-s#$72Vv{K5_wPTL?BsfR8Rni%av}c~S&_f}
zENJG_#nTm()?=NYw^}(vPm^8_`v^q(_#Q}UELl}6q8g8a9Ho)Ug;Hbw*WuE}Sbkqr
zAL>V{h^=y(e4z=9Rgo8*lx;5>VEvth`{C0m*itXYPqu^%x)x`}^&?+;VsK_fc??__
zujz|eG4^3ib;DzTeR^#7<jyA;QqZDU(+%Fi$<Q(~JbItC@m_tZNDfH?(l><hGiC2c
z4QAwA9vsNpEdi|j*I)4Q){{7>ntM`_R=j+whzG+y*<uVy1>1Y}^VBw#Q!R^S8=sXo
zceYimW=hoF-RSu05|`iH<BX5(o;triwZ5uc88At-vm@&)D_<u9vs+njtf!8WE>0wU
zh=xpYz3;CWDtU;%a{(iCn9+Eioj9P_vv(_8Aq+3pHjVO#fT`4@yW5F}_CCt3khxvH
zqV>^Jx{4uHZKA&OSQC6p{1A<M@9wrX&Yd-kEJ)bhcD9!-8Yh%24#WVo%0;fC&T)pH
zqtiG`5S`tmoE{%U**??vRaDLpnp&-zQ0(jBtmr{w%ILHQsa(}JYPL%CT*#|Fn}Z@3
zWR_#5Pand(09#X#^5|ncCSVATNaH=N4P#~Oxdy$zP%AW&+UH~oxM;|J+AlEw@TPst
zI98DA%i0R9sF{Z41WOl(Kzv6znVS<g7XLzkiPf8SqYFiH&`-&yRyR>k&&~DqsQq#R
zWvB)1wNTF=b?Yhb=IOq+OqKEj3Ga)7vzzlrs1`h|+wSJ(w&tmhT15PFREX|mUCaG~
z2TOqR_!FzW=ZYJgH&xY9nKLBAO|ETYupag`jq%tAN{)e`ieyBxc7Ji9Wcm3qM97_2
zS(@Sme9jAK(%`B8nemD9$9jsylrVib&s*qAo1*1w^A(>16hM;u>S#N{b@sq(J9}43
z3<?!w5Q8tdn4n5YVVM7#k$1XVIwYA9bKs>lkbx~`9*eZ9*V)sW5wmR5%OOzgp&6rZ
z=wovM4H%f;qbZ2z!~V9ARZG-JM0_9+;#J5i+t%gVcWc4u?|IyUV^5V|Aw?}LgzZ;x
zagbY@J5vwcNM_Y3UVdp4pVi!wx~$z6SG0VSxyJP+aO@|8Pxr(CNs^k`=dQ}hXI^=h
zZ;d(c7X4mKAW-Xg&BN$Gq&2kcTy&>fT5WWv(i>J7aF2_%C9^vjn8-66JjP*B;t1Fp
zx#~&I4^;+lq@wM5kbVGq5Gz2^JF}xs4~N;O8<t5TMB<lyhv7tm$#J|sBL#Py?pFE?
ziP|-U^Do~v2+8iP;q&9N#hU^5!)u)RS>>Xr_tLF|Q%DDgUE6Lar`WQXQB6*MvM>28
zM_sl~*%~BD@j2udtZu{!8O!O8Dzp-~oAG|TjJM1`>UeKsJ{z5GbMUHz^bx)(&-V?#
zEvS2gW(a0)rp}{&6xuU@cD#^zz(B8FzI@`tm|nS?Tx}8(cRo@SNx+}c6RoX*jU}pe
z2CJ;rtM5VO*XoRvk=EtBua_&ki{qgVYcDYr4&fItLo6=cvWYNNki^<Q?x<hxYAg)J
z-W)Kvvs1L&O1KYtNo%S^a)89ccxTDM0O?XlX&{!w5E=Fc*o#129o4FM=Pmu!gUKq0
z+RyhEI(gM>vrB?#){$-)neV%pM3!`pG?HntFT|0B(<fgQ4d%7Ii3kY)yk&J$N@j6X
z8Gn8Hkz*-ATH9<r#>S=89ZxxX5hJHCCh=M4MU{kq{_v`(n>zh!YswZ9R^*QXgTY@1
zX;rq;l$WW?DgBCcmhB=Z*UO~}ie~mMuL=yZ=4NQI*$qS}64Wa<S;$fAF$Pl-heH!j
zf~JXu7%90uUP$<>Nc*k^(3#-o7slS&@jE&c;9vuS`7wexoIVl3mL!}$up|s7lm@ka
z)qR|Zertxx8ywrp_ELnEie!N1D%?$y>6CUiH7(Vl<U0O2979%pYb_*dX_qq0o$qUG
z7_MolT)7?(MZj(0@~NJyhmY<<62PivVjz7dJSR8kh%mfIL`UJic|YaQlXzASMafq)
z>L!JMi|Mr6e5jwp8K6YPIH-v`m<r;}YGH|r5+H}Uw!WKtZuiR=L?Fr53M0gpo!hb7
zC}gH6EP<6e^U5V7d;ejUIsfyIrm(Qz?-2RU`S~XM&JGkgm2yK>8e>-Go?rcPehqY^
zuhnM8swx**lWJXxvr5#?m;wZci@m>3SntVkJT=fAc_gJCMq_e4z;k33`xx0Q30dDY
zFD4A9ffD0tTH?4p$pjZ;sBMpR0?J>86=<uv1|$ztI*Rhxdk5^zklCF`^Ev|WXKv7r
zbVx%=U<!Gh@x0rp;}4UkMyv62R5;z%M~6IP?#yRxd?061qF^%V>=jrGLC{el?jH#D
zkLVRQ1iA!(n^2W|FdwC8<Bwlq3FL9%<G0gGV@n?W)ob6e@1s6YxtbGEyoS=JT~n9F
z&>_&R(Ta#l-eW1(w6OD~UUK@<JK!3)8;PusVepf3Em#`ZE5X>aX8JrPRH+-6k$;c8
zMT?=K7D^59#+)cA=n=}3{&ETs+Fe_iA9n4jHZ*{v6}$2&2*ZtcEi=0v%QTkdlpb-Q
z+h3gwFL&RsW9K47F}Y0V$cBXNr)X=XK5uvk#Eel{yUDZtqzVdh=cXyCu68pO_QBz0
zfAmjNCK#cXizs}<TC!4HYcfJLDHNU&Zos{LO=aaEAa(sRuH6)uqI;PwDqE~8Hivrj
zlG?-eElnVPERGINl;b&dzM4L21tvDxC7qEYg^O3Qr-pz#&Xf5o8wD7fAOKnL>KDLp
zOqwEVL`;|955KN%q}$quJ3wy&u1-RI1creM{>P_xY>sNw`egPy=^&D=(abT$Dowd(
zevv-R_#K5DYI7dK-Z<*JnRZ}iA&cy8_OsVihW;k$c+b7sv%wyb{L#00>iWnx&6Xn^
zt9%=QyPQ5XuLI<pp`<@t*PD7!Aj3o@9<$c30(oL+@t{IlnF?qfk>smhYKND6Kgi;F
z-e&epJkDu1Z@Nlx?K>KseLB`@YZkBCtK)0^VQi+wWwg?k*;quizk~WUsX8<|@@U`L
z<AK<=(2VYO4JuM=zhAzi8C~|6cwCr#pSB3^v60apIuY0rwL2!dSU<a|qxv()c2vWD
z3p4a>XOp$|!pzFkQ>wA>G|pW2#vGmI3eOk(`1_gp9c4EUr!FlB642Xu?-Tf)A5`zf
z@N-SpR$zWOC=v5=y=C)hU!G1XXA{e`y+By9b%D2>L{H<oMCv?}{%*$_bQ^*Lb#iP7
zbsFCwbyT#F!#*NlPvosP(I3r6XdYwB&%ksS5r2L<BqSki^*hxP$>saPDV-Vj{=^3n
z!ART7!^6n&(}wOL)to+;a?9qzNtfsnVq_^2)Ey&0e=?^zpa<6PYCEtoAi<2D7f#Pr
zW^2J!cB1zS`-O0_6^hItu%+1Zt#7R9OjC(sTSATUzHnAo2{weq#83OGmZU~X36p4S
zi)C<&3GnEUc#u>3|IP^r38igtEG(N;{4|pl(qW!omH;pH^4D67T2|1~y1a!F1v=mm
zA-?1T{gUSBN&r3Fv!-jsPn<+P-+dThH=*;ioi5LTms42-&BRO{Gl}z*uBnx*$+luM
zAvBZ$^V`-Q&2v7Sfk3NDeXl;B*jaaQaVda)QT(eU6S@!cCSMVk72nF+UvIcLVhUxx
z*=vq7w(^Q|pL7VT37VK0im)-Rs;R_<v&_;1J%wc=b{^`nX6!@Ru{aa8UC+m#-|yAI
zBzk>nO!%;C<Mya{9C{E^vu1K43#GliyLZTH<1D82(HP8{#jh!<X3lY4(c>NBy{6t9
zee>p3g_5RmR9b%xV-~gGP9JSiJn`~!6`rr?8J*|B3;5mEv}ou)koJ1}G*!K!c%88z
z<&&=93rB>Mn${oPA2GlRiHsML$nXEoA!xy1DVct-AEhDM7w-i}mhEE^_O^aHf7glD
zMYrtuxGC~kRv>Ycc}r+55Ejwo<%Nuvdy}lGUs5u|e$pCQoMh*x3x3`jUsX|eS*p=c
z7nO6;LOmYUYCFEO^pSi}YV<rBpB0Vc2gtTy|883U)L?4t?u9f4w@%xxn7Fut(hV+F
zT%Q*=HvyDHenbMi3O#eE2qPv`4ytTX2E%RE47z7<7hn9z6ghUD>a9FjA_sPNs`wry
za>3q7@}oJC5KG`UW-P^+{N09&Fk%RGjUI5gw6Hr&K}5WvUkYcrU0}X`wm#UFx9WC!
zn+aHRb<}`+;}&lg>V9_hh3^UXlE5g-H;G-zmvXPEj4!?K^avge@vha77W+m-YQX(7
zZMwy?jlD4)Va2GC-m&k#=F#UKTjHIL_F9|ew1%1ODNQnun|G}(koM7P=;d#3@36o3
zv`;xl)LrV(lO9j7!qW@4*?XN!HY{u``K}(WBoImTaaokcArdV=GLr^6hJo?i{*%{?
z3El^U9&F7PGmXy_ElAV{KG|t7Ie)P3k-MYmzGE;yd2M?R%o~kEvS4q)BUCq$MO??}
zvnu8gDq7ZWMliH7qSd@#r+vRg|AT9v*=xSSc-7HP5wYaxJXLFwz`>L3H$R^rdSY^J
zj$)z;gI+3l<6vp7<NOBmTPC?_0-ZbuR!8b?adFVnQkz>k+$j2<z#XPJM?A<uDC+H_
z`$4tR??q!_{Nt1?f}R8&*JWq?OWHNHGOgc54vVC|4XA!+Rx*;BNGKc5OzOq5q5fGN
z9@*bEcX3aUMIxA-Nt&lw%bpOYTYO`8askJ$$%!P8)s3PkGKg~M16=|+o;F;kgHEBn
zef+S4Ga*f*O@g}vL=u6+Mqcc*1w>=Th>pXLv=;><hG%Mxk3|wz_c!7mS&VRY)|h$O
z=w0rshI%^6he!|l=rxi;g9(bW_q-PD<RtvQ%uBz@my0Mmsj>;XMbs;DT9+i}gaTi+
zm|<>j^E@?qpg}v}KVgu!=Va23Lh9^Y>_e0p@4mYn0p}G!&eQ*em9Bh*T(7=mOxm3o
zShnn6uT-g~h`O~WK9iB7?0M&WY9WqH_|jyq1jZBTa2D4uTVzE+e>FoAGKc!17zWA(
zRhu=+UR4-+rnY6Mi4OH9P7|I)B#Q{sIcT;Q??hFr@_fOAt}S4k&ZtM)Fq5fA#E9bA
zk5no+Dn8?rX+_zUDHMT&O%CWfqU%ej%0q2w^GKgV3cih!={S19cNfRTk`a$@B(0UC
zm^vakU#`QHmnW@d2~US(A8uNz5|R*a(rfCf&pOi2(JQ)M)R-5T`%;FQnZ65_;D70(
zsLv?Q9<EAYAc>Xy@B@PaXO}G>kcf3r%Ez|0yE}N&fR_MNL5yyj9|kt17q|f%h0J(1
z)o~3<?AC6J!y@g^^5>~!$h1~}>A~+5#-Fkhjr|%Y#7$hNBCm{Zc@ut{Tr%|2-%44s
zAlCaEmh*hd1qC$LmS|H)Ns0eEw)mSmZxhNj3ALayii_VWWB~@D(MQEH+wt6&3JMDN
zS2OxpO%u)RRi|{cSxs}7aO97dUHhPlW67x_t6WpwjEN|CsRZ^@lFj~>zBnZU*DPC8
zUhK4t_vYvP^-b*2N7<ta{f9*WACH5})vKgKxT}5AcThG+%|>%1@UHFpBZRru))yXT
z)#rf}2K2BDcH5{TXkN-a0e~b!V3DX(H)Qs~Lv9TeOzt94nD`yc8Mj!P)KPm9Aqf~r
z&jVCVjB8s`x4N-+PHbnr+XSt{sHrIu=kVO`DSzXdw>Uj5UNCqL6>&N3#28dDrK*uG
zF)}je+ofY{qo3Y!!ADFF|43FuO!=wyy=I&)NnU7l;0Jr;KFSTJFb(o5Ln47~b7HJi
z_ba=atU^E9_*ET$`=5@~FXanbP0XGMuoN{a1zQy9qJP7*cjalhDN@dW{+<o*C<{&5
zEl&6OVWI*j22zvzw)kaUDAFVHlEZal6TH@Gi_-2PNfP`X&tXR2mSw-T!W_HT-;FfD
z@I$6^^hx(_s{yqWy^#<ieJ_P)10_iJ%qI_bF<bH$3yW0Dt-<-q^u^3UlTUUxwFEwo
zg*M)d&hEK8eE1|m>^zJ{?%4(a#j%sHH*OMQ$~di+@!{)ww6OgJr5pYXJrY@uUez7f
zSdlA!mhXc3jeed?nr9s~?a|$2=qJtgS?{6sP`{yulm|hW$qgasU4T(wauh!~G~Rrt
zvpKyz^IS{>g;d@ef(xNArY3W>lGh?4BC0(V9siSu9fItqz`NQr!s~3TKai<&xRLw8
zLe!;&G;jPCg@iAGe$o(bb&z5`-lzrYO}(M2TgE=8ozdx6mB>ek>fmul`P`Z8dJqYz
zYNzIB{cc{o!sc1<Us&c4DA?#XWg4_OD9koD+C67?t71*K0ZsJh*Tjwl3*qmtGkT4i
z#cRCYO(MV@FLDkrff74}eQs+5tC=rS6E@`r0FNoqz_T*>Z&3?v`7)Zx#veK8Q)ze~
zTk|6$zu(>VDs&cxXTKxiqt|{QsZzPFUR4VpKa2@d)am*P>tPR#9!h)vcA2vfqv7Di
z$>tbzP3Sxtb_YT4m#_J2`1<$o{<QzUSg0OV9MmIh{_x8<?_1SYoKh(+$AW%4ZCUO&
z{{mi`Jot1W<p>Cm%rTb_3$waMd_Vn#z|cfdryc9N`ta({-&Dq6FP)d~N`7#4KVPm#
z3%fk+zsUGVh5gSR;z|N1ztgVGaRhqO+4Lw~G~_HZUwZEmN{;!W?Mj7k3>|!A{!6Y0
zjSNDNbsX3*`!Psv&)16d-vG&sSLqP#kF$CMZ(NMZo$-+o{{U0CMx$d~s*HA7RD+=Z
zq=ToBOf!w+60HV<u$%T0!N${^3C9q;eLadm0tBzO`3|r5N-W+Y_+4K{h3}quBHAr7
zlkWYR=xon*9?rZ6Sb~1gJ)*N4w+aS%vs(8YulPHGmtc1T!JMw=pXyi6QB@2de(m=i
znAFfJK%S45Ep-xASDw#e{H%ZBa!as}cLu?AVs)RxXoWc=s`++i1X*F1V%14@4H^}E
z&!I7(A^T9}nHEL*g6?&*3N@PIOEPS1_$VyE8-c#Qo;IBQXP8f1?>`Ms-aLAo=>tQZ
z%dT2xLfU*wotcG)nxq9L7BYXlmfcU{2)ACQA~>=c+nK#*-;v!Tfgs}m-M-q8YIRk$
zS?O_S^BSpD750_xd|#OTYBQ!_V5mVZ(7^Rkt2UXOhxUA3hbleh2hQ)uH^A?ManlQ4
zZ%6*~^l+{~eqlK@%URx0>v~ce4IYAc-zICoSmfi;^6X>dg=Qk6t2$DXW-C-ak)G25
zZ$P5+K2NMWGzgavP8$qRM?c*?hh-m|z;vy2sJx&@Gnis0_1*nF0=p4Vot8z;Fm2YQ
zPsG_~u~rkSj_K0in`1{_3O*zek^IzPI2kWP6nfuW{NS@Z_xwVPm}e^gi4_&Lb|IKT
zq7O}<9#B`XhDpZbEBX<BUHJeJqN2=7I-?Yr(GLC`#ov4VJhbT`&OfBR;{13<eYCYp
zpRHq@)QjiNwzX*-E~Fh5qb0Ngh(c}S4OQf*O7Jn2R-&gTyWREztGraze(oqHSKi6x
zm<Zk;ZC;@Q=g?fcv9G`CZgp*Y-W~XkMb0daeZf#W^LiGx;waBO9j?DsjnrER%(7k!
zg~u;x3-01}3|myL`xTypn5TDYIM(t$^4ZCEyFN;?uXQfSWQYpN<q*Ql$&8P%7JsZg
zTTY7J?>Lv?j2rP1*|n6?rvL4g@V_VRPE7X^j*`%k;BtXiwPJzY>B;j_M<jvwxvk+`
z)1S0;Z>iw5!esou`$}s4+~QGZ(d)_zi?rh!@6TqH`V2x{<!$<w)}8g`ulX%<aVyJ&
zkxx^?l}|d_?MDg|$v87T$8!)fwV!(MOK!4#f3<Uawebdow$uj<qg+qtcqd&A-5$+1
zgg^g`uok?jG@C`|DbpKi&i*j{S6D&i)fR^1)fg(1pu)PMYPiUC^`39T#a4=47UWby
zSnvYSdQKt?Ih^b{ZgInct_BBdF)5>-N7^rDsT?IiG7kd*jK}qLw%OK0C+0%kT<^*(
z-ayD*X@B75<(^z2OJK@t_JEOuEYsoQyn|p$-W+H#bA?O+2`F9h>({S8efk8WZ(<Uh
znE0B9hlk5*4wI3Q@ulqFSh5Yl)f02w>8k84s9G2m&ADQ!(iUYgy7^25ehff<dXv$*
zWItCIf-xpH%e*)SrPsuL9v`1;2(*?GJU^v69$j6@!N6!aF<Xp|D7{t+y;gl|GM2>c
z)oPAj(RQic#}pV!cIcl)MDO4TtxWf=v@{axNi^a~AESjY0kg8Q_FM5dLT>G$<+er_
z|AD<b2u(l7CRSfD-FvZS26VgCGU(5D<=%ig4Q>&K$tSZ%Nwp@5EPW;0+G11T-zL}u
zxA^2vJ=$l1m$6~Q(#cRU4uP8iq_dGGC=olhg_C<XDR;?aP8QSg3T<Mk7d|f(4tFmM
z3br?Pb#lGs$=wrgZ~9KfXI%(NbBeTmvyR5U3Tg6dOd(3x5P_cV8KJn3-KioKXW`$U
zztt|F@1rX0-;z>shbL*nz{Ld2F#$2(EOMPhCre_ff3W~ZvLv#5w~4==xs$x>{1eF|
zHx1H{AwaclX~Cg`SwbA&pwJaP+0hxa(x*4L54zg)t>~}}kV_iT)um{aIV-gSTm9`t
z3a-Z;XVK@XFI3!_j^Wpdrlnhl6XlUv$-~iL(C%U{7GJ(R<#~4-^g#0>Mf7$-mBETz
z2vj39tfGJX=XuVm!|y8GJQc8o4b+{gtej})l0qkTs7eD@Qd3j287+A7aTl{Fu(Xs3
zASCqqPc57{k9@kth_ESWIkVgqZ2yn^qNfGEA>U{c+<mh@oOcfK(?#5>=gP3Ot9pcl
zU#4Jsoj7*ww;NECO?v(X#M+>LK==|i1+5sqifN*Cu9C`YPXLSIv9`4pB&$vyASGe6
zWYCQMe!f5CD|k-*u+$7^(D$a#Q`~Ud@Z*k-a&ln}xJTkzwLW%(bl;e?RYpMa8c@JO
zPjTwo5dS#B1W6a|?5A+MAyX`t0Tcfb0ZsM{P*jX^AhbxKEDN6Dd`sF~GQvfQEvv_s
zM@lE_n9)Vt!jO>j!IVi9I+F&LOa~Pfby_p#(~R<rPfgNRFwU!1#)!E>51eZH8w8!m
z0X%$LUr3vvJ}}vPTa(F$A>cM6J>QXpzMx|~8TLj{AH3$*hBnu7zqUA=a2<8E@@Ein
z#K}>jZzvt?lXbWotvIU^g!?g{XtUdA!wa^h=33u;34b>K*-tJc)*}1WnvH-(6LBb7
zLsI<v=KYS=4q!T~#*D9J<6i$wPGEve-M-&?NJJLwYz}9t`}~6q9*BJT^YfatA^Ft9
z-}=rrRz!cMe13kufMGtBaF*>QZTzgj^|JD_#Mo~4UXv^5;?MGGE0`~uJZ5CQu$-xy
zLRcD6om8<M55?CR12p`!@%kdRfQ(GL^HU1r4;(MeLecQp!1nl}EArI$O+Id(jcXHi
z<lUy9L<(58KXI6hQk~n|>SSb|?%{OZe%IWM`Z%1i6DalRKtfy18)%~g!!imVzN{O0
z#!r`#k+H{X$(X9*Wk+bS1?fk{!zAAl2c?t}8Jbc$j=Kdsd{QX9-oueI))DA6>(bSe
z^U!$#i_r|-A^|s4-C=r4-o_@Xk$CwWU~uP)%d@`CCm-=16GJ#QC@FL=QsH`d%5@L+
z+EGw~?5jRQeQRnm@7zIvrzJCPzBuPmTygU)8rA)UhNw<JIP28IUtw2{K?9Y?7IqRS
z-nhpmzBqIlCqF`~6^$zm@`Rq=KjEiZcw!-Fqgp?vR@yOZUm(xdIJ_;_?qf52Z&MdI
zY@Ba8ZsLWVI`3{=k?|p!bn}%5|DDc68O!!pvp7g%a7Tm6z*1FW{#n-62vJvM3^I$L
zae1Edzz|Sj%Nsq&=aaO70flA%a?H(|{(`NHq3TtSrVC|XDdH<qud3Ik%*F~Rh6C~4
zm+7@%qqH01FD2iEIA5@z)WgtD6u!W^4i?I};E8YZq(U;%fwDgIgnfUx+iSjifC}iR
zi9eU8)qdv1orLTXBpAaz=qGKxR&Jyxcu<JT-@;c;Nq+aE8*Hi4YKZ#2B7gG!?z`2<
zN_Std!CZwr^>XRW-%<@aB7e^8T6Kc|w&(3^I-~h(tmtHUp|92ga`sK|Ws5Us_dLgE
z<k--X>Ou&_Y<v%#4tDtG9GrX&1;Nb1W0KfVecoeyZA*5m>$4M(d}M<(St&Y-jv|5b
z3^WGo>4~TVPm3v1BGLrzkJkcXutB4@bB=UFY8f)3TGG!<aovwyuUwi3&h8|0pI=hp
zv*>T-W!1Xcb=27saEd6tndtu5BvQm3hhm290fN7dg0fi`uo61%#M$uU=bea2ZfL)D
z4U{5aMVzlTu$ElT9?{6^-I(8ZQ@9UHRdnCbx9wQzO^&mbT(d0spJyCFRhmWAi+oem
zdhJ$n&oI%>jn30cBCONDITRt|%Nw9CLheO|^v2Dc`hr82EuFcJu1f26bJICxczC1a
zZU0lwyJl^d_&9YSyY<+&!sdkJ6gf41JIc)b*QN*n$FsQjq~rY~C$e|n`g^m#na^jv
z&yp2E-~)aHx5J-uo5ZF99p%$jwqcTnG-z)>BBX{kuRZ?=Tp{{nia3ZVaeNfdF961>
zIX}ME{JE2&#8e$keFD}?9K$G$sU~*qFKh^(8dE8fC3@?+?kHYrJC>rzQ)%Fg91ady
z|NLW9qyGG!p|BmXjsHc^1~5Z<;|5QTK~jxB2zwzfX<NCp;_^dC3E$t`w=LTH@)FFj
zu&Gm&YK6gfC@o3i>=zxJtrrJkwZ*g5qy${1)aVSGgxOAKW@nl%h4ERouuR6*W1A~}
zc3xwsl9ub?6|N7fG<!bDGmLr?7HXEQZKNzE87Qed)Co3|!6z*0SeGcXs#Q01)E&dc
zipf|YCwN^^Xuhifa(zw<tM2)1Y->x%qu%m<d_&R{iX=?hOa*246KredVbuknOXs3J
zU6EzPmE<4uD318BrTmY$g{n2l0Mlm>9fyG|hGA~@w@mrRBsBd!qQL+tYjqULn>BD1
zb@>=2FUW7Htcbu2HE;EqSP=@z_k&d&yFP*#vhS<j(aGv@TnH}?-W{r@$oTpK&WMrO
zG?{SC=s36mX-wHjL9X9Vphq1`ggI#nfP)tizEoEw-dc??%N}=2TuwbFUscCl#mSjq
zm=L~UWTu>i;Ps3hd3=7>nsBH%*P&IgED+3L5Eksd-ks9Glf1D3SIt9^dav{1%-zqC
z-UuQ2bab`PXi3X&@ROX)2QC8~&QlUWY+(BR5nv@K=8VQt>xGKCv65F;KoJ|xX000s
zv>4`}rX%&|+<r6Y4yhymSRb&*t5)ed3vv@aH6Xhdx!_EhD^u5W;XV#D)NJuUhestG
z_M{2(@%F$W5KhbwEEi|d9*WN?hiQz~=#r~oqP=Zevj<_o8#&mYHQoFV&fYqzt?peH
z#hqfs9f}oqhvHDQrAToNP~05~#hu~~g+g(6cXubaJ3)%eS?%}z_TJ~*aqbxR&Ob5|
zLRRLQnexi>K94_^cipYXLHCAK_rAA2-Kj5#?7<5Zdu2mmHf81fw!bfKT?YM4+YCmu
z5*eK0aEG%OwtS|gZ{Va0jgta>&^Y4e#$;N^_;m*O_Z~EyfcO!eIHcV9vnlLqIZdUL
zCg+?I^7iwCC#Q)K$8K;JvI}%Y|IP28Bfe7s_9mi2LLN9AbogiUahi}%Pom&)O7mC9
zwjSRF&5&-^_QcvDd|}=Q6S}DX48wr)Oh@B%YdZrPl>_r*eEmbdtpp&_3CP40&2s><
z5wd{HYng;4O7e}HC`aa~$)M^r@3<m;1l_`T$oNpL<f?0&>#r_1|EG`0_dI?Rc=x3C
z44*%LcJuIf`;V~4Z&~U;r-z}XrKf7VyZqaF6`kZjdytTzX8@K*H4V(Lqnw_}8}4SP
zIC!T1D%o_LaV2G6uLPvOwqop2k2EDFR$&TYguA%7qys2py&=H-YK~9~vvs@+2g*{+
zQPL6Fo$cvg@oGOYe`ScfP1@t6^(Ci0nsXC*J@nXUSTn!!7jhkYBsm=*wVm3Cn~$7j
zSgFaDR&KL{sI9GyhVV@wNS4$hwPLvp5dQW51Js|7kp5$d`E?oq!qEsCLgEu+V}Qxm
zAmIn(83Zcp>oqX{cqgeUf3}&Z(}t~AR#sMkV7s&4r#xUrEi5g4`BL%E2rpyC1H_7r
zXzJ?fTwi8F{!bqxeZ>}VG9n|<0j=6k*#F9N+R*=*oI22e#{u*%6Z+r6YTo&q&w>9{
z>$iQKZSr45YXjEega2Jt2M+lDU%o0;J@TLP``>1R^XJO{wq;tY*MAH18b7wD^L3`q
zl=Is`Fdr~T;Ida%tQ(t4sh^(6cgOl7ao+%jS}bwMKUZ~-x;`E?+xS5P2-iYSRPE?O
zZ680!rmu)rSq!^ATHmq>tZbDSto#U5{Shj{_jO?-6Xg%hjN;}{0kU>8PQs%wqs)rq
z`BQ0-;fRu{7RI+9f6Bjk^DjmtoGrd)=%d}?A9MJUh3Ucyii`5DLE$n}oni?RHAI*?
z-oZC>&~2?wMCsXT)Ec<cyPy+IWG_YQUPfJ^q=+p&bM`XRPLx4MQBRjONNcx^Qe3z4
z0bbJn7C4OoN8fO%7$^Dq5H4TAD^R4Z70>~v2HvmpO3P_;8T~99dC_O4MVlxJDS{^)
zEE(k2xuX(H{QB^K)mkgEmfLGmI-Zy9(cX?X4-7_Qr1{^$A7JjsD-T(WIJ7~1C#QrG
zzNbvfhQVW<88EMw_`C)H_?;FVpf*=C&;j+Q;Dwqy?GZfGGM0?n;cUN0(}{P|Pu@&f
zEZR}w!@|q6KLTw=YaQ$e&-I-tj^%C3!0nr)LI*D~$Qr>OOx1RTTS2xILY#ir*Ygko
zV8H6J{`p;P#Kzh-0x&8|J#eG4ta+QHSo<1GvGp>_%8swl)9!xH>$_i^Lje?Gq`RY^
z+4o2}ZH@_+1Z%ej`(ba5Oi>Pqc`jcvk!B(rrK?1u=<3(tb_I3&-}Bw#5N`P%>Bs=n
z9Pf93DXo{QFD=V^Q2)(Z+@<c@;-oR!!%EMwr@bjV4CM&zfkVZ$%jwgzJD1)E$-7!X
zSD#`-g6g<r0-=bzLE?q;74aaRVD(lRHs4+ZhpKin84r%(%|7;p>cZ1M!e2AZKgx}f
zexJx*(z<ZDo=WW#GrZ17X=?y+MWLtRJW7*vdkPrM_r%(KGhS$+i%gEO;p3^yZPaGt
z<cUvbtS}J_m$~j<nJja7dsfYECE{UyxLTs-XvHr#IOq}5y)k5wLw0Hd^_ZL%EMMS>
zM9y<{EZbRY0T40lj_^C6Cx1`5A%qh>ixz%o`1Vo{nKHW`k!4J&;p!FWajL{|I(S}s
zbJ9%cJe&&o^u%x2o5c-L3j3wBP%8(1#B(_?#uX>jr;L1+jHSWpq`!i2@bwHA#$vo|
zh&<F~(P(4+HXV+z5R@%GU^rjWt~VCG0cq&&NwN&G$HG0hZ*2g^crXT~>R7yO*KIng
zl6U@hi}$7x!8l4|s}cJ8-Oes_9M0zLLk_2xlzeY9M~r6=>v*uES5@U6z20_{odqjv
zV0dMwzBkgV?R#B-Blx4Lj78TQi9jIJ{Rs7W!eSnnD!u`t^n?rFJEuXAiAg|b^UkaZ
z;W=_%J=M<POm@2HNqIzP;7xQ^vLHuHS({jd_N(Z&))<S{Vr3`u{@iGO$N}op{(Z;V
z?ZQ-+94BHY9V=x031ecf+!nH^T)KZ;^mi%f1jUJ}US)Y*6u*!#^Pgc}CJw?0u_x99
zK`Z#!vP>f`#a?@``LGt)pAKO2ShG-4@C0s$uJF}(G5I_h-`*AW=9MHzX7Ps(jw_dY
zoa&2&XZ<$5y@<P2WH<6+4cI-1Lna`RP`aDt9kgP}$;-Papm$^kaNq%rKgpr>H1u7>
zHhfOMO#0VZlR~@wipDV3i^%@9&laBKh4vNfT?SQSeKerUtfivTp#OAC#BeK=>2$-^
zC0xX#NnCM8)|tMeJvhA9-S=5!do+aN9_+ZMd7&!DiecoV#pAx1!sL#!*&U48oa=Eo
ztRVdbPq&XQHYG#mdZ^H8kv%FqDUP8`z857jf`BjTsxGIeY<Xyo8<k+EF*<;T`0Y6F
zf|2>rctD`#VyebKW`e5y3P%tYsspsAxad$WB(2a5{J=@q9Mkov0J?4+aK6|g<e^X1
zIYWM9y&`d)$`6;iMR)-)z0(!d-Wj|t+{MHz(HRaJ;mU8y<9xO~i&1-JK;`}(&XR;K
z=DV)!>OGtu`9iAyv3K%p@1NCs*{^_8=h88VbzOcJBy9R_QIChNrE{0_K{#vU4$(0g
zi!U5kRKrHA-h}DrE4dyF;-2M5=_n|bp(ZIuP1o#0iTBekHI^Rn<-DgqW?&v`0>_Q&
z_RD}%WWbc&Hbsnej}U*+5tM3;EO*vZ*}6kNSC$;UmI0O1kkCABD~A?}^Mr($P3VIa
zhja+-CWG}Th7#T!%;BDmU+2c|E=wX;$$$LTFZ1QI!blPbW|xNj=8oqbCNy)n9Y&b(
zc_KaNK_^dO$NA}#87<97?5^P~Pwj!+CoeQHX1^bnIQ`awE+5s^r8{1(3i`jT%vL@l
zB`R#bG)6<)qHP{iUoG8Z-_JBkka$UBPZ^Vib2@Hx4!tSu<WK(4?QLHHSWb?zOqZzl
zSX^efhUD-XQEWYUS!UG8E#(&por6gOfztygIDk*)r?9VO*(>WSnixSgy>NS<azTO=
zq1ClGxcSGqn|fYm7<-N&S%%-bM^k7p(yxb#5x60BfZeS)KYLE7j?!|&xwa9??}rV2
z7E15gdrNI>ex!VhIX`4<MFJtmk-kBU%-dD&nBHM~c=axrj;x~-iePDr^mS;x2Oz<_
z>|aJjXbz1!Q4u8bdJP(ZNpr|=y7{)NA%jj&&hYowljETk`Ri+EuSyW24AaC+F=Iw*
z6Q_my+YhtD6*ed`S{o*#izWtzg-gDS;d792R>brBy+NTC;b3wH-}PW-%Uh!@AM`z-
zTs*ev63J}xNQ_VY!Nf!<OKBerF4iNZYM+QGO~XHR&E)S&v{`Ab$jFj-mO^Y@H1zDG
zW7cji+BV`>Nmll0OnKB;HW#T}a<-;uuYfaGKN$gW*&@V~Y{n2aR4<(ehw%YGXiL4P
z_qVO719`#LIrO2GhW7D7A}I&awS`G`wXR=e)UR1ykqJ4uI8k)yBcQ`|{G1jxt0xt5
z3wa?E3@Qk2zF*`vc&|57)tB?;cj<M?qbBV+=W1v22dK!jDL}cY6eGE^VOB4(pq;f;
zblAYmovn@ATi$#lI(pviJ4bkqB{QR2{9YC1bimmHG&kMvp>Vlq&q#iK6Z?gHhEnad
zaI-D!5s>_f=y1~B_gLt*IInSizTUoscQ4l?!vh@`ItDu;N2qP}HReIBo&Jk3>qB1+
z+upQHrF|XuI@sLxFQ^xVy>BuqFDMBQ8DQQWda20}5#PYFJ6ynmZT7iA1Wz20rSpxw
zoRlwD({0!a0YJ0yRXwNEZRv7+QG+Y}Eo5&Hbl^^hpClCwsPg1$=aZ2rV;^GGSS>4t
zd-H~aEpJd8X(xnL-)MqZn|}5QH`emaO+}z7*axJ0YF~wso_FiEV@DcH%j33e-7it5
zNH9~%Usj5ak~pB)QI|mM0}E?cRyS(J17r5xFN#kPY_!^vVcq_&BLfOlXKK}Nbrf`&
z^)-w2@(0Ul!{XBBt@^9Mas9V)X7b8wdJ8Pdls0m&#8}l$orf;jeUfEEBk_IOM#ltm
zQ_{$NFu*V?1kKB``%?!!tt9Veyfw(nc}lh85?aHLb@}&b06>u_d6Lo%+iq`2HMq)k
zCtX<P@TnZDkLJM1*N3*utRC0c>yAIddauGMQuGx9+s;qyhmWLTjEI*9O{5yEwfeUt
zSV!I|FN0oQq+g9czflUmrEZ^0FYuo5;<*~8ag@gsbTz9qbiteq*P}hyV$(^$1nhO~
z0ky}^jHZ|OCj>t-4SyXG;q9o)BWl$fLndU*Q*p+dsP}lZ!(1v^?D3DFL<T5*blF~}
z?V;Jht`%mRP?^W<S=Pj?qJbKz&6&832^fW$&89qS5ybEI>gy^#cf(5MwY9sD*0EX7
ziea}2x=cO=D-`gV2=u1v{#3ZXffgq-@3e$nddooXFl{M4A)gD;;{OJrGdRX%9e8hW
z{V37U+7L34sG*W4!)J^*MssB<>W?aebqsTNU~znrKC+45I;Nx|((S(RM!FXf`?89>
zl|%ge0q3>1bx%WQg!Z;mm*A|<O^k*#yXOuXs69pUR`lCg6hD_44c4X4*xme>#qbGA
zJ+9)PhixLlpR?LxS=I9)A?<66C(tj`FRuMQl^lV9YXhsFm3b)rd!&jo^VayACZ?wK
zvF=^8$*Fnd%fgT(#n;ww(G|g^?|M($)A&9rbuo9og~?6QQ@#23bEvP&skn=|SGP!5
z&Y8P$$!$HU;#Aq;;q*+LvI9#_+?R<VA55t*vjgecR!=H*&mT5NYW4aP2Wr<0-D{Ti
zfkpLw9(Tgq&XwhewW5`AHM(i@$(+rwyBWvcm!vSzutA`>Jv3yXbgKvtlR?2Nys?oq
zRI4Q>l+ycPcUP&t?ORCd4Hi!Gnb~9s%`rc^W;5qwYoG$^fmp#V0$WY4nXIos(zE0>
zGzDE|W3d4QOwM-x;`~!J&Bf^&)pWOO5$!}%9{!Z9XGE%+@Hs@Vl*lhfO#?x64!1j6
za3NPRJ7lIBV>)_M<aaO;jvsy;WQBdX;JG9CKnC|+Y+AZ?^g-U6(Y~`!DAW2xqgM%Z
z=V{+%m$ZG_<(Fp_iN!ak*`ym{+fA4@SQS9_iOi?IMU?2S1?1K9dF(gtuJ7l1ur6Il
z25DB1d|4xFTpzzEu5Jh?Rz}z7>|Y-Aobc5*nn;is16SVvB5J%Qw=qHU#YZC?&#VA0
z`u;&vM7J)zJ2)KK>-Yl<xo14^^bYVi{<sw?{NA@^c+4}QhidG@c%?tOE7)3!&6=%F
zd%>k&X98x5)ZCe0mqhk9>^wT9()bciR(~ISTW7$I8`EY0N1e!Hx}AJD?Ezr#L^E&E
z;ggy0!m4pnh{zNZ$Kkq~^@@BDy!0b_9Jly_6y)AiS0ryfDtzCfLP|-DLWa%EJXyT!
zHJU0`r>@+l;XJF(*rR(U0#BE;d@W(_O^(7<_1dJG4-M&Yc7D^nsz_765WpacWBdv3
zlF6`zWLu@*4bLDVj6#5+`hsYOwn{`_x=&XZVpY6K3wS+=#l#SsMJb(I$JbGJg5&KF
z9tkj4Adbvp^%J9>=dP~EaM92}#_Dhrt78aC+E|r+sreV{95yp<M}4pG^7qj1@4ieq
zO1AJt{rZJLur%~_XF!jqJj~3|8l!<ltN+FH+Q4ZBQL=R!PKn%X{N5Lf-JMXz$yO?l
zto3e(lJ@Cg9XG?XX_Hs)c3vdv(IG4}n*VJw74HmPPUgtiL*yd<qUl3?Y+QRrd#U0J
zeZ*5Pi=O&RBZ&Za{an?G-b$Zsxq5pDF{LdH_Jum>5x9yjcem7ZrbR1?@b<w&f>T^X
zP;y{#e&bCRT6@vNZ?_6TX6-r?z}NPQYm2p=;+^{AZj%V#>q8N7f9Y8Z!pNN#CQ?^B
ztBUL~ySun(K4D$hcxOK1g+eQh1KDF=Se+%BmyzDwvXD2b%|#n~LT+J9u#b+WEG7_e
zLpR8?e`Tm!Y=&oj?mZRU9Ue64Y0g6Hsqq**LS>;q;rzamKd@^364b)EMJjz8xl!S4
zDMXF}nrT3+Ks=UVGTim;=j<F0#FnsJa>byX+0(P)Eao+X!lM2jLSio}O{^jPY{`tn
zl74tfGW1>9Dl`*IaUxwuA?TG5CPCknau>u#XZ~wl!3$2N<Tz>YT7!<l&b8A%dk8YQ
zVu!}J2PwdIo&MjWQ;FvNz_N4S(0@4mS%Q&y&~e$uJj*Y6NWsX6s;sOGzlm@&9EwvS
z_mm2Yh*A0SZbwvcX=Np`87wfh_F{NywX7-D1jKldJpowBlw#xsZBsAyoKlnj&A^hZ
zP(DB8!xCJJB?*yAM@#=h?70=Kd}h_W;vaWEaQ{OC6;<tkuoWd$PWI|hxGa5kxh0OU
zgo>mMp(~HgNCzDvJ*IEPZMhDzcBu(aY!IR&!UzOw@<7w-q}xtXPw3eqy642x>a*TW
z_Dk(9Q;*+_eHDzAQwSaomF`PfnxnAFv-b<I>-0_3)E&?5r>--K^bEh_o#YuWV};GA
zNp17QJ(v@GyJ8aj(;t|>Nvvu7((XigCOo4^4Gfw52ku<3F3*CNTFlGV2U=gBnE01D
zFZC|hewz{8AY!8Z*+%41FjtF@^Dn;6Wtx{9`d_HwsTwc7YVa0}*BsYlo(r=%8;iHi
zja-x+M%oWu0R2XN_6WfXqiCZ()8Z40vx=v5*@$X35KOWW`x`wqSggyk6wS7lr@g77
zJ*Xx}UUfuqq}CSCY(g|%u<+<5p)L4vT}3A{w~Js|$t<S4rhsu*-&I=9={T$QPe|%e
z0SH^g5|s=K>pegtV&FU~)y|uOu+>RuyoNH|xP=s=eqL7{aT1!d2z71ubQ9cY(p#8k
zYa}%%lO4;B=g+<>s))JX@u4k9s(MO7;B&Q7iU%{$+BSWQw>UYk;=s8Cy-M?Hj@h?F
z2j6VoHlnk`QrNGsZa?0<uCW-~&QS`eX<SgHeLJxDX<%PXw7T#$$r;B)wY+?v$Q(+!
zv|4aH86AtgsJ-Cmc2-^Aa4URV)))B>UG?oZdlQywgfzGvh+uZ3z_fNo@bjbo@*WB0
z%j@L9UK`;B7pvhqU%ro5ay(+~HCq!9&^yzo=@x-?*X-mT@AmJub$w?!E<Nx|S;WF_
zgM2eNq=1_aG+u_k$+j5p_3fPugIUb>wrj4J4SI`250+*gsbJ(xM}qr0I_47OsDdFj
z+EZ$Z-Pa5_;OS{7yVRNhA%EW*<7+lv|BRBmMhF3?2){J4>#Sx?;}zdvfq+r^0yG%l
z5l40p7!wTvTb@9g*vK{AVkUO*y7VthPFB$A-@c`>*Ja>uS4okqCNaD4yt8VnXYOMd
zweM3{(tr=>KQ=x$F@u3wxxK60Qt+|1-Qn7(#y1}+Ydn$tTvP3k3Yk_M<9>4GE;9g+
zas1G;qbX{{-R+Wq8y}>5EE{`sZLV3*r&IKwTV-ed15Nw3xwYdgSdk;_sDIQo9>-fQ
z_#Z5QqmXRN4St`G!|``it(nGS`63F_SxN_?rMO#3&gE3C>Eklm2%^>4O7xfE?W>{^
z6MOc!_G-|@FHfZQ`9x48(WaNJB_6tYm^JfHFpu?+`I>Y>za}A)+Yj8<XG^LbBXprJ
z8xt9>o38cTnx7~0tvRIwYv_7%99$<|gJmmRdu~6;x1?%Mm$)1IXPypRCDI!4d_FuG
z*DBYGx>XalotP`+jytQTvfi^FagOY!S)%;=6FP8C4*+wz*m<aD-$Ibk+B7ohEQ>Ab
z%kVxwA}hZ@h2E!hlW7qMY7<4F*=z_!v|#enH1Y_+dcoE<-vW+PBWGMGtDE(F3`o7*
z{$fTd%GuT6>ag{;RXt3<U%Ek%yKB4{UihpE=IuglL4<^8%DLxn$lYE_XWdD8N3Etx
zZy3l`t9v{F!;Wj7=2dMSfV2kM_HI59q>)7@NnNlTa4I^b`;-oPxQD@8TTA(%8zwva
z>sRfuc2o{>T%R+gmp((<v*UMbQBoSAMx=H_n~{?#D5(Ai!HOfohqMOLIS*rCd;1g7
zRqQ5_l>D-8U%x`*8@R;NGElB|bWh)0*4}#pIWm`88k-ujs4)8!9~=L~*s4QhjJoiA
zptKyO_y$+^=oc{J5}f|`0vz58-UJUk6z9!bUvXDXt$W57`(+sbU#aHQ{#W6DCJS#Q
z5JfNS1RNU8>f)Ndr_q-5g{uHu`>bQL^XLLLZSK5+cAVVQ=aGH#w=ADsGBN}dKOCIN
z&@UNDRp-y$!q@d#t3!7(8eB^#+Ht*zZ-$A3vf9Gq_0&{t!8M?Zr+%c2EamDPYvdCH
z2|0kMz}K0CllhQFZ#VrZz_yb1aWe7h3m7v@o(+`sLpyq?$E^C)mD5F+Wy29A#J!0d
zn%S3nuRoXRxsCFJuXUuhM8^=3VA|S3-5#9O&60Q{w{@x(v^tlqNpDV<{=nT&tWjmP
ziG26&;c^qwO}j!D;JC2Vu0Jt2x+eV>A@|P)t5UxUI1zqCH%V4&%KI6voKJ<GDa*?!
z+Upa(QS9!|o$^sW#51Mt8Al(gs-gOQUqAW;=MWCE-(ap!r1sET()!ksx6cBs-aL64
zN$Po$0_vr2&<qqiRPZAhQBqp$@N<=UIvQ0`X+2j$Px9|WldOaB;Cy^z2G2-A53KEm
zmad4<82r@>?M2w=#GDopjMm>#QpoDVAslus&B&C|bscwBdgWLf(4(@?Z}9uMEFUxN
zOizpx<ZrLN24cSkBJN*Df8)9|AHV)kT9%!d6xB@wrlfL+yc1r=Zx4R>n<R2j<gz<;
zI<rOj7NUbHx^vQY0LE<M%L+J)nzc-!#Hi^YIQ5dK8E-Mgh$@U+;A&*HskhfxBe7BV
zKN3yje`ZK8;A<IK&jLqub={W^;DugR-=mJW&LMjpepZ*x2eH9UV+AGQsOq$*lLRPL
zVE+DD9X$CKUBK~fXKiiZBkKv+c5NOEw!kwTZT*6Sd|U$-p`l+jFb+N<=#f?jvn!!J
zbVO@<ylVD;#aLs($@$3P1Kf^`3OFKLqpTS02WyDsMG=HA<;*zbj-UE53#k=x@PK0*
ztI#(U;2`;k2>f~bo0)*lWW1qeF@hIF0g(pgp968bN%e0|Df7m9u&gix**#k-V;p#d
zZ_anwbze(F`8VaG<LUv*1|o1kmx1va0dBO)3Oo*+qe|C)aj(f)5j%21(aBuF=P{Nz
z2+o#1Pnj71W|17Q{(Mr0vwn&b(6);%F#9JVG$Z<NAOG~TQIQ@1$^6?K(*C5m{%zYl
zIe(+Q|Lg$&KeJAUxiR@Rux`(RVnX-X_)5%ZDot6!&2<$vpJB+$mZS<d|K$S)fX^$s
zrW_OR3ff0N=RJs(R<he$ym*jq-}jw4)GPNwW9t_3?p<a~-}=foLX4RItH-*!Y8(?2
z#%Pzc9+j?hm{i!;M*P*(X87Q_@=ar7eX=i=x}pD_E+g(x6XL8Om5>QsukfMWDx!la
zu6(S?Eaxaz#J1r^Gj_qo`4-GB>JBT|radsR3xyzn*dBIXjJ|!msyLQ!vPt(UJ8okn
z6oD-ADT=i6iTxAf8r!<JOG%oNGOWRg(x;0XrZj?~nrPKKm!q3)ucR>hdkO*GBA2O^
zr<4Zz6w)<~Q~g#ao)6J0j(Uy%xd*EHAB@TfJZEC%EO>L??v1Kn!RPzNue|QXMVmw*
zyduwp|92Sc@LTY^y;Yk>%u6os(-%$*5zb)pQ}4jr1(oy?Xe|!6B{VVtfh;lM7lrwb
z_VcCpI7+9a7Da7;GM|52eFI|_?Q#oEX-Ra&-UPfcjIK<@@g<Ugwg%Y6i3TfL2}BC@
zvqYOK*cq{CjPuH1237Caoj2q>>$H5iZgL<QKdr*b9ZsTk9s&aCGMXBK3mk8)`X`4p
z8jIZ=BZM>5(Tv@qO<U@Eq3L86+INYs<DpGG7t<jKX|ovrJ<;rT20OB%9k!hqNl4Hu
za<#<m);OrLo_CLBo7G_pINQ(c-w%(IsJsW_n&+e*6OB8{UX>m%cROd=-SeK*ZVi@<
z11(_%ugGr06dTJSCi5;8_W1e)^_M-23?*b08M=+0gR5;(taHcfAyOG)|M^}UYmHd6
z<*xh;1ZmN^EOq@d0baEQhxo4ap;&j#dgBJLa6G7G7^A@Q?SRfDx6-@}j`g@_?f*5D
zCrVHGcOlKE44QoWCu!UmHXCqrX|DtG4L{OMU3ToQ7#Y?e`?9+HqQ&zSd0S;B(WTXc
zOT~#f0fy*Ql+;TJk3fY4Iho7Kc-`j&3+drdefApr4yc*b>gu+2=iq0dV~+r9$MFPf
zhNa%79^HiLMA82WVu^15lK6X8|2DI=EvNW%YI7SpbJJ<pjTmkdgB#73KdQI!26g)A
z9vmP34W)$XhS@6!w)t2yg*#X>2S{DkPg`7hjy%d^2-JR&D_G4LaTkRt_<ecDHVvb>
zP-l<&bLCs;A-L+Ig~yxl3BMc_@0o4lq@0uBHxNll<>@Vyq37I_ny`4l#<Q;cS}WMS
zrae#-13*h{pd<u6g02c250p*FRm}d;wFW}a+G(S+88(LF1*{jhW6(k`U7ToHB4`D8
z2=puC7}|4eI|p|q0}QPu41rl~lD~Fv^QA^WJ2i=RR;+35ZW$B&d->!^K6e7f0wV@m
zPAGyt!r~jgb&&JElXwwtA8#McX83}fv&!8J7lNVds*~Y*q_o<Iu4yRG&o`#8J{V4a
z<|)HfEM<PZTLL-_w>?)Y6!`XcuLB;Imx%aWn{Mj0f6&aGN|tKAuUCG+x*yMNs;1)o
znswpAhy+ljS5;L(uC6{&Y}Xlcq;UO}pDiQ&;|cy}1O4CA_FcP)7J~=6J#f#TT|fQj
zfASFixOe}y|F`Y8>km8v7&Gt+E1gmW?QhFhBtkvUu!zv+uCCgrHb=6)FTst~_QvpX
zz@=@F|GDZ%@*&neO-|5dZP_@v9Z;r|*?OmtCK5hV;|wJ7vA%7*LJJZcSbU-`v^YxU
z@y7GK-d!`O<%xZ^c~eQu#H&%k{JEzcThZa1+;ed=-kb{GRCiurAQCKkIHioDu0Z1;
zw#!{E(K#h64*FTl3QV}4e@~3%{4h-t1DS8MeoU(`53Rf9{Zo}Wq^&<3zp#RaO`2-I
zDD5Xf-SxopZSLbsC@Bthq8r=WZpz-KS}xRFmVF2on2iIZ6=&jomqmUOqaQc1Q$P5V
z?l7RaT76x?31@)T1P}w?5V(F_8_%~;w~B*eTy{kgY(XXRu*YPfx%+RAT6Vx_Mr+}@
z0Gt}g{-<!9<L0*t_*s-I84UGk{DBBmRdE3C8xPkL@~XUW$0js|WdyUto^$VfZ=+0F
z`-wIjKB$!?C+2+<`sfbl8DLP7IKuGkML-7BxZ`)E%O74iU1!`H=c>iTj-;k{tJ$84
z7QMm?bIpr$hF}Nd7I3n@4e-&`wQC%Qk6wkA9Fcu<(<60y*T02)e%aBxh#W1_DakUF
zciZJ@&OpIU>%YEA*3bZ8NoRxCKUC)7sUN{N8z1a#fBn`CFKXSIa&NtIcB0m(N#63^
zQ#JZ`QEAp|TV+#4y+Q7?;@(EWW2Uyj?~hat(|@3Fz>lwLjYLNDj?<9{d6<>tw<&0P
zPi`B0P307#ebP(9x}j2g7Cfpgu(>c&w;NoU&UFdwZ9}?lk@9neWO)JH1@7YqRz*p5
zi<`LYNmA$Gny=eK4#qt{R5@_?!J1XHk{RFp546K5kh#fwyt3f2eom}$Ub8D|NpD9Z
zl3i}DhW-PHc=kMAP@ElBEY3wvOBmWfb$!iZybN(2_%$Dp95_OQeC$c(FZN0;ZOD<m
z&um?g>GeGLL_@(HFI+#2LZsl@_(xWhf!dbJZoy7$y<l|duzrE3A(NP|a$bXnl^GoS
zwgk>I0F<(~<YBNyG`v0L_ovM_Dss^|EEbCxbfVeJjojV=KFRLKUPc%}&XqaCiI~Y|
zXrI=x^sV=G)=k{t4C0X+5T|Rs>a<j01s2!Wzql6%@Rw^hzE0**t9z!<%PGJ1yh=BB
zk<t5L%*TRZhRKu|UmIiXDf(rbWc6ouXO5)#vvd=)HM_20wP(rJgb?;A)XS(|g8G>?
z?kQfY-FbcA9RPs=#rMf6nb)k>;Bng#JE@%FzSNbTzJw&|c6$r@@&2eh&vv1NS4lCd
zl*&d*wJYe(=+~0TB0=<d4@DR332s(6!x%+%h2X{(jJ@@T#=-S<#fANMT4pxu{hWXW
zf5v8GVX4P6MpshK_=@@1;>CcT^MxBdX;w8<gj2UgC@DgL^GQZ>^Xwz;W#7p;DXyRI
zof5~`;}1cLKCc33PvW;Pa(26W9H%FdOM8HoJoN|31dPXghEIUdPK0}SY`~Xk4S97U
zIsT=HuauoNIUzL*lW^Bg{gsWRE~Nrfj7(7{_!-RVlFQUC3%}DlQ##-6t{_LC+x1t<
zISRO7fR2;6MLhx3hBXDJNT!0Qncy)3odLo{d%Bq2O%zvsb@wD^Ol8(yIxlJcwWW?q
z0e7yw)k6Bj4GzJ|G?rk&WL^R+4fwNA75QnDOTx56R;1zO<d@#Z?-E_Zeol^6-DRQF
zr_pG1yGK-fP08<?5#W5Sf}ZTJEEm2auoy4ujOUW4)qaU$reolDkImS*%TqwhOUos7
z86~wpBOF<v0XNPBwEgH#*xC_VW}MCw-QC@oIw0!`Mi&+&va?>gzl`E{9E<EST9Whn
z1hvYd#OHh>BdG)0p|8C7L?xUKapNbPo-4d^aR6}sNZ88BY$AL9s#%35sUHcqHUi?R
zdAH_a^CiV~U_$hW<a>-)-In+KWwJ2)SVskTM{gwswjSItFFtgh9e#f}H{$RJz&UgP
z$^R40uQqg>Pb}n5lzU|CymjN-*gp0fk2xo(R>UVU`3EWPw!Zy|TZ)IJ^-EYuXvxn>
zNw~Xp?<^c8meng_GWkQA{5>rPoRs@`<=J>J=8t(jw(**l<f{fG7&52M!9n;lnINpz
zANTQ=sEt|CbPe^0N@FZ;5AZnbjIm5O+kNosn?f-QE4>6+j$MO;p+41BKIH9nut=VH
zUwc&}Om@>M;<f3=lxSSkIYxtmF5ap6vv4wCP3Ia02<T2A1sh1C2dE8CGai|4$w8`h
z2i#oWh6;vNY66AqpjbZRSH#N_$k%+1<jl#$VAc88C+;`b{}05>cLqM3<O?RFC!G*Y
z`{z&dC4?ewl0RW;uR5Dn(}*5)o^IkUlTl^UvBcZU67~=yLTH}W@1AN{<}3ana#{|(
zJ+pYB#}#SLUA^0idTeu%eb~P4qtiZ(;{A)PD$8W{84p_TbBRC(kLSV2JqiVW=K&Z?
zSJBK7K%6#WA9{L;QyyA~rO2acuYL<eU<#&6-Wuoh?C@dVgGi?J_xp0L6kpFK(lf3F
z*z*VY#z-$oir#uK`H4*r+P|V>=^WV34Ay+KqR4G$YP_&i5nmFGv-et*U7GsfR6S^R
zUhRXX?}OdWARTcQI3eWC0sU=U$gCnHfK60<Z*To}#%i~X8&5P%ks!(D$FI+9)$Mx2
zSN&EwrkIY?Je3v)^etr$@2eJd#O366lt1hmfxIe^9pyz~T3Du1e;Ol43QLx|PRVLF
zCjX*KRlPu6(Ay+}4}54WmO@>sbB0^b5fO=SXZQc{qnk<Zf*s1{Mor1a8ax-<tX0D&
z_z}`)0NTSJBna~9=}Q;3ia0l2dl+Y@9fad~?g8O{e^R2jzEL(cHlz$}-osg5$ef72
zpnn9tUA=xD8Dz<06OBvp9;b2mSkK2cl`MCCDm1lvy$4CBL=%i_;i&1WZf0G{V3noL
zkfjsJi5KfeNS9|bWu^7e@TJQ9qAxGa6234&*^`8T{bb7HSqE^*Iwmg^00`j+ohfEV
zEli0-lKi#2pH|CF33<FQ>?LW@_Vw@;fqf^0Y&3qgYXG)CrDLEEU<>8^xMjRObg5a}
zCE4ye|GnOmk^Bihf|@F1Tr_D$E(=?70slH+3@m$n8u=!|9^jwAq)t@trSc@h;>5sd
zu%ixiU(917k+{M6yiEo>|AAq9hn4O^1W{b{ZC*u1OzoBsE4C;i%$n{H{gGSHl}l$~
zDGph5Bwg-}7xs^qV(DhwYR>)u%Xt=j(x+X3c+yk@@1aPqS)@MTw%`?xU<C)|?hN<W
zg-wc0{J;&Z-)%MN^qmd{u#?pO2RGS>EI01!m!IBT^60!V!e7<?#vD}ltf1MDSn3{l
z{Fxtjp4ph7lA=E9>H4EL<l{|#zKARO{a|2dW9{(3{w;_6+!>{yHS{;M&;ViKOsDC_
zc7~)D>6}<B*#6j6p7@0X?ZqY#bgs}%Y=uep*`eVQTLLAk>E`9?N7`F+r_zuaa^k;6
zt&QbsPJm0K;e`Wrn*PlXvkz2qmhbI6Mbe?bMFATDQnwlW&-P|vZ3>1S*F0hSa%oy&
zWBNogQ$D;urs7gob2+$iFA5~`;0Y}6oaQ1woGH+4D<{Y`2XuxH-c8f<JUL<uTl@Lx
zB|9#sJo->glcVl!C+NUxd$f}D=M|)?wT-0z-*7`~{7H+$^80rlM1wd*w8S!!8O)`M
z7^2HsFm+K4ch`A)y&{G@B|imrzDBON%az5m$)pCWfoJmRKAf||)o!~o@}`Y~M!q&~
zn?anYZ^^@v+QXC^!7j&nfC2gS<v=+av3ac{V?L3E5(nu-E9H&(nk@`Yrl!=w5*m}(
zvj&g#6ae&Q&v8>%{Os(;76EU&Gxe~e`7yX>)7FlL3-o-Z#Hh!frFPOS>po$}lahFE
zNQI{7@5{^|v6<(ZY=%sIu)-#Uo)Aj4_5n3ScsV+Re=vXrsYhf@_Nv`r`vN}V>et&f
z$_QW~Ib)8~iJuEycCEjMT>6a=#}AHOs64XH;alk-kr4;kYC|Emya4d*9;lD?$w-cM
z!Cuspa;2e<4zxLAY78Y`k$Y6%oml{UDygAoelV{DojUhKJS(6P@%6j(ZdxV1SR?eI
zLqBu_eWC@F3EPzFUYnI0tsY?oXzs>9Ty4?f4LJN-pL$^}D(ZXfx*~p(R8+=1Od@rO
zSWEZNrJyyn3zH0)ET%IAJdHZ=P?|$XdImbW-L8o{;4l!6mGR?JUXM0xh`naj8vaBs
zF?utXFZ?V~MB|q6M9ANO+V`6<*>0yuRXwSRmwWa|>naX)LG+%3GuTa|6++8IOLp1u
zZkLHP^ep81>jw6GMa;7g6QOW^<@xXRB29iwg4%$NYT+Ljt~%#Sg+jdSNzkY`1dD2M
z*;08ve~RCLBo{xgc;-p(RZ<*VzH))03ycMb^+)E(=i2s=c!u2MmN$Xv*xDq*O_L=^
z=D%MSn_n7!4ST)3L<^s<Y?SP=*%V~!PXy~yI-2Q>8ahVDluFb=FCom)S~YX*(k|fr
z(uZe;fABkz%VF+R;%Ly$ZDw%#Xb_D|Y7H@A&*x7*F*tXok1Q<7F=o%|tzHv_x}&5@
zsbLs@IN3c(JaZp^Xeyg`Zf)!xKI%`&dK6Q|vF;Sz6_AG{{ZeM@e3|*ZCS&o%=G%)c
zI`YO(;VS)(U$jwm65!8C>{Sotql#R$^^-OGT5ZjFGVEd#Gmi{#ypugUd5S_0x`;AS
zk1U-hiX=}J<A_;gJLbf2(IkTdWWUoc4EW`JvC+ssRZP?cDHjNLbk|>Hd9)sv^)m=J
z#Pn<AsoaYZKdQb#ZvQNEkgJNIFee?LAK1LX97V$K;ow5iF>bbu@NVYUSyqe7_P_@b
z5f`*-ixJ*0S4199Yb|~ij1ryRHc2={w0$`E^x17#n~G1%6Q}t#Bi)LhY0?$2xRX>r
z5=WlUTz(yY4lmBE7`zm~@mo0wNh6Yn_<In6aoEqCt3)|MVWtnTsi0f5)vF&<-V#L<
zBM}mIYU13&cB0)Y%w;1{b@|(q-oQ%3cph0qRDFNFNJq%UAIkUgMMn`6KdtY$z${ki
zXH)|L=j1NIW`3V>qY)&O_$3i0(ewMSg;aNkIlcXc*B5i}arV<3VYX$oo>#IF(vSym
zHsEM=tVtV4+VyLiyTm-WeT_&$k!${O8DxiQQ9Os8obqn9?+wo~F3N{c6W0C3XB8$+
zRE7&JIX!(j7b~+LMeS|YHyb+D=|AvSYTyDf@m$b%v9hM-@C;<fI!>l}3y2;4%1zU+
zo;<nE&p*6wIz-0w+fXpA@%-g@7pk4iWiZ9H{+6PVCE}9|VM;DgDiQ0bJp6}`!DJ!4
zML2<>Q!!q&IcN&~1s!KPS-5Pgx=vKI<JiAd=V4#l>tgW3>O#X;UsC>tJv}@!IXkf4
zs$Is(22qluwF%o}mU}#}cNZPG%k$kaYTLpC+t#-+DZ+O%1ZC*2Ktr||E=lJbbYAC+
zbn)XP$g##D+w``_B76`>1kF?u!W-kVpP?6KJdn=8Vrvqw{P-lWG{+9z{O=~;?ON63
zi#P^_lsh)mg2+6Jt?m-{2QCbZw#1oPwHEs;)Hc3*yxPUsN7oJU_cs|izFl2V=5EEV
z&0(2LIfvt{znkWqmFHc9()^^8+UJzqJyGfk`{LyAlUBwy0?<G@_CbjHTmvX*PHUMk
zA1_yWa6f&xabTV$CO4MuQIYPR_>hH#SH*Y@aj?ge+Y+~M6dXu3qA}ZBkE@LIT!D+O
zPgj7;bh1ZdU$Zo67laDnxYnZ1^#1)sTe|GILeQ7oNVLw(>)S{bl&q>W7fI2F-S_PM
zfLNmJ^a-w}CS54wcBTz}e7bsIflzFY{OFfwVd@2)RWiC?xwFu<MtM7!51GiHgC&Z>
z|7qp~g85Ezd-+e4A7IdM^zFdl5$Pyefs_|oI4L5byh1@}%Rb4);Jfeq5XD25ci@X~
zvoMfSE!TETQ4Gqjs4#&g9wOT~HI3pt-kYD6#oiq^e)KGsP4i(b9^z5aYKW;3#QXTP
z+V~chZ4|U&O<kBN8W?YCxd1sPBD-@&u~0rek%fsox_z9*4b?o;?oFj5-&hS`*WrEH
zi3@g$cr1v8Ob*A3H2R^lws;(FkZzss_%&1A8EjcSI}fcedF?~v<v%m3Cbqt>Fr~y;
z_F1$rj%hL{+XCzFoXarY3%}l;e$kRO>S`@n(i~ltkg>R5$64}c-K!c#uyN5jj=sCD
zZyycUF80(_zCBQsjJ($?w`8>`-36~b^VnC4wq*xB8+;siCRLk3jHID0YFBQJF9$0*
z-CK?5%EcNd#J6FJFQs#4K?HbcgOpvZ`&TSm5bRn%$)wQ){i0y&>0z(45L7FWL-4$5
zvLMV7Pc7tRH$m#f7OdOKTdp=CAn#u2)B19Mth%@MS+4b5MpJ2wfD7{rK)PI};Gkih
zZ4%`-6n4L=PqeNZ(I9}<4vs816MptsJ|k)r_(AQTxcxc;d~9WN>X=m?HpOiHW@V1>
zsF)h*a!%E^#8yt^`s@-LYceI};^92&V>wj$nPm?qsp7)HeInFpYotybTUtX|z*aA4
zlL>3Z(+Po)J;J=(b;Nh9Z=JB8M1Pv^fVkR)mAf`l^0N^eT7E>fxe>GUVeuCNdV!#Q
zuJ<ID8!0Jy<&KO%OnEQ;pK6?lH|`*mBw(B8;qY4&#!=-JerIv&OycE)Vq8|s;kore
z`jrESBI)PHCTCKMSVV>l(KPsW&u_y%9D&1aJ*-)siNS@d7kr_gF70-$PM@r~$#q<q
z*U&{=O*>5Umh}5#?U@x#QB$6d5b2!}Id@+ogmx~Kd4xN<Xq3-6RFjiDRtA5zs-Ai#
z&)8?FRGRZ#W<J_RU8_o8w7>AGMbqNA*Q9etm;Ja>YdGaSa=ROsClsA{Yc?#7r_>yQ
z!6Q79>H~U!*Y_aZl4%n=czm6|{Jo3XliGd#?&G0l2<3mU0H7>N!dq5+eJ=+&NXrBM
zMZqZR#MCDBd19Je%MM6O%j?nN5_P26mvW-g>sFto?Y4zzv6I?AXE3sQF#08=To9VQ
zYhb{I^>jt#vES=9%9Vz9c_9h+<MciqCS+?-UAAxYMAFO@#};Zym=DiXWr6#_I-0bZ
zH#B1Vw9q^=@+Tj2b){5Bqfg(#Ws0?3jD34+Zj=bd7`J1JHkS0REw*6d$Do2(LC$yQ
z$4+6E!na;}%g(PZK&A$^0Tq*=E}fnD)1#8OwaBfM_bvK6l1BqvRj0S{vp3u83tPQs
zHyed49d&tRmt6{*{uC-2vVAauW749~6ce8$+!axc`(<2deZ-MoU01K|bnV@23F7h5
z_~g`^#_qDdF|LG7DyQDrvMtGhoc3Cg$3>ppkKIQMzhP|*^w&2vF27vAd^m60rP$L5
zw_i&he=HMzmM&mlJIpa~A=|Na?b}LDyD+V$hxBmTg1FWTK!LbNBSJ&^mzx++KCEN4
zj)SF0)Q(DfK5<W1%mi#{)C(_03}a){EHII3uSMJ2Wj?a{HxTD8z68(CIIUdP!9LV=
zw;FpjvAfYe%^e*P(mh)j4=(O^xeC2o4?*qUbV3n*Pg(DX(aV`+NO8)$nC!|7+O2ZX
z85QwTWGR|6iAg;>PN3k5s{3&La0mG$aB##0psdD9ZKa}`cK;-a(E?qG*VHj3w@VsV
zY(_xUFq9If6M~9Dtz{A8qAw(0<yr3Vp+xTYjiK5uGtTVBR}LcXeYWR6lDDt<E_G8i
zxie&fem*C$4B4Dj23&^1VXstMXeLd?PVk@RyXheW)&^UkW{52^2KGclLAJa`q_3Ce
zEs(=#FB`QSWRl{(Fwl4`D%M!psZ3A!Q*uNRwhvO@T<?$V@eelA5SN$wqgO|K8qMfQ
zwPgI&*3JoyXZM|xCTV@Pc3XFCyycy*3}Gd!THGS8Qaf=!wR`-h_OXpE>9WjZ$-XJC
zDUXw<-TqpZX#cABdN*~35fRjbJXy=1@gm^tMAIZzRTGXyZQd{mM9qLB;>*nqpF6R!
zzjY*#50}gd5vljy=p#PzfwX>A%zgB6oo^b8YCT7JR{8dT6rf8iKh%0Rl0`O2h>Ecj
zjjy7m8w{S8h5$Q}b>sGUcrK&jPVt!G95!NEbYu^6Y4&4TBH8&7(_S*_!_X|>m!tDK
ze@d>fhJ(w2vG;G9G?1Pe=5SRY!SD5KFN^{0C*Gf+SWjh=9O1Z^6OnXfe3h$$lVedL
zC<y}N(n1sFv16flSR^<5L|oO6A0)huQLV)cC6yJZ9PL>cXkphyYi$pnZSJV~U#rht
z7E(rpB)^`bIvQ}Ksj`eK%{_s}*tu(bZFPs*nS&+SGe#RIo=ARn42wYat>BD!>)?pH
zXR8Mo1E#FVN8iGnimt(pcLckI7TYYNr%^`~Ltmrd4i9D2RojLohNTRXZ50exH}Bp^
z6M4)-BXPZsdqx!uDnT#Fz>Rdl1WYM00FXw=0iZ7iG=NOESH|<+t$p46BmNmV|B&Yy
zIrMrFWBK|JBg<a?Z5BkCTH4FnnNWwrjvnQd6^rw0z7e)fvDx*oX`Yi(@|CrM*-$<~
z5hF+FM1_Fw@9FxYq>zC?i2~$5<WmC`H^9g3z@>61J=ySfiPqW99$0d^aw#qtQ5?MX
zpQYZz>6v>MdxVDQsQeAQ0-;ydevMFXd4fV#O(hm>v}2~u$xQLZPq~|pe!oi(X{a0w
zCpip(-fICM1O326<YBwtuG)Xab-VqQ{y`x8$?g-<{(HUuPcPcEIM__kT!n7Av@^;b
zAt&|xx4TEjC2pw+m)~#22Ii-szL~OX>z7mcR=rC8FX=%-*@@4-mp{%N=g;P<*QYex
zzT7d@HF`r<K18H&r2upTeY*kVF^P`^ws1jp(0&*gkiJvj-Hyqx9;*MzhM7REg^@Uq
zu8ke0&4VhPr_mqxu1w}yz&G8P(%u-aTERs~;b_KZJZ+^EAp@Tsn^%%YLGa>18A&ge
zbe`9zsuaM5Ok~raMmi{9gQi7t5+uB_11NE(KUY#j5|_84bnl&=_sN@<+?Rgi)q)mp
zI87SXG-~!E*D=ce{mqrHqBz|w(*bfA+>yXr`9?Hc(5S2n^EPJJ^}6x|gGT80o-2}0
zYSdPHK9FJ@ED>1voJbQ%gF1Crc=r~KPGoapY_!CqB!u+L)yw8~F|H*M*C3%aGHWb(
z;McJDdh4G7`IzbKI>tuwOCj<vD+?hNP8o53z)>H=pAu@0H)A4%w{xJ(72!ylpT2L3
z9Ed$%wG8{!zp`6jiB^(JB<wRa)c3|Y6TZac<ha3ZxIj47O8@rc%4S^mZTFn8B;6C4
zbv5Z->cb1R#|gSZyCYRD3p;Q-FC(OP(RN!hjLGL)?^9*GvW{%t@9Y`3$qZzzZFIMp
zrtBH{E+OnN%4*-Dv|(*E8h3t+e|*N~u<`v0=yI>R4)Xb2oCKOIUqh9Ot(o0-D_?4E
zP`#oN=_&S;Z~K(;H+#AFebW5XpR6}9{@xsr9zh|`@o~4UM2lr2Pg2p^(e>5ha;g9f
z{)*!7W?}Cau5F-@Hg@?735LvK)vne1T}4Z_Cm;L?)wq+I`)qe7i_564s=u`yK8L)6
zO1)950_mIfx8i$eL54S4Ps;7~9oH{i-JH86T9#~oiZ{4NMM88L8xAJl3*a%FnT&e-
zMBujXt!5=v8lMP4!HF!5a*m(o{+5){u6xaYyHiK__=ZT&oAF9Mp5forE0u!}(*652
zk#j7>x5IoYpXb~=-wo9A+Re9yGu%I^nJDTH)Q$JEZ6H!c5WNVxC>`DH82I~j%woE^
zbB@1UtX0?&j}t#&*zcEmKi<f*R&K4R^PS_d3S4t|f8b`NIoV+z7vwr#=?n+ooNq9w
zV)nBcGPQiD$<S-YMR;|Q)hxPQcD}_9QF^hy+ve0#CSZ$T^J?Vy2Pgy#>KKmL-nBin
z7KV+PVp%NmnA9@1u>n{qTezc`W^m!zsR>rf<-*)SXk57^lRV9*<5wl88<R0hIZJC?
z$xt+3%?4S1n@|wBGSN7OwC-^G^X^*XjfTsVPh}#kH~FlOjTVPN%6p{$l#36z?~{++
zr)ki!+n$=RwEoH(FKY>tXZ_OaiiXtEn^_N|lf)GX2}kfSU<`J#-CJ~)VroCrFtH9I
zwoO^Emqo_BU1xTQ7u395fL%EC^5^|ga4~)M+g);<`ML#uUa`$DCUYKr{$e^b$-&@k
zmDTySKYQpO#wcK$;#W?0=3v{tD88N7e~vmyBQp~lGVy`57B^fCu|M+BpnA#)<TTG+
z9Irx63?%}xy%C>#90L!Q-A>d3WRy)j=HeFcm1*ISQtm0P*G$>Hm(>VZ{9`O_H|Ihr
zNgT-E*i90gKCet~7buy`xS|_0gpn7l_F!nO{oHtJtNmgsADXc%H(bf8wAob5x-n%*
z$7%a}YZ<pDrGTe}v!Tzs@PGU$7-p>s4bC@OQ`q_&QTpJ9*=r<MU2kMcF=!E?mLv_{
zmHr54K?{*d_sdQW4v=@Bztq8NYb^z&Qm!-aP_ucG{RMEj595oo1l|o^!KEhB#64Mg
zA}h^9itBoSAE~d%01UX>O3#ad5+B}N<Q7}`X}8|W5}xHmwep)~<<mW9BGXux&%9bd
z`fUiTAa9%@qmj%J1+nX9hTrgi4=08<qr(ihuPTA034IIrwhmxDFdIE_0XW8RkqBKL
zeMAAtLO%dn5KDQEf#UZc0K@>~e^L&x{ZAy=e_jl@_eWobTA>`lp!BXy+vE3MUi`Yy
zH8??OsAPTH09kUTYzvRv*=BNFKPYFh6&(0H^Lr6<Nkid&rMCghO(Z#n|1Uv7y6a<u
z<=aKyniI5oce^=vJ{rZz)9%*kz#Ge_9pQJQFsPMxWvBNw%?!y#l%8Ps)ETtLz^0_-
z8Xa@~MIH=pRz7~OM<LsOesX<iuZQ%8==9!ZzE8g|<~}rb%UgPiI=in)?VOg42Tk-x
z&UilVXVFTIk^lSMI@yn`xCWjjL5XeTT(+R|mEyt|fjD6q9^*9^Zk{yw?!kLpRkHY?
z(Jv}ygP0L7jzVoqEAgvIeoyPXC3;j;`rrTMU*OnY9$z}w<dj7|Yufzjl@Ygp#Wf-p
z7M*UnHgo>do|Vei_dmB=0Q3B`fd9rI6ot+!Jt2ad<q_(H+a#@veYCu*oi18#V<RAX
zEc>y6yuXCL%XXl9r<`*5wUS$2V0y;a_Vk%wa40-@-|fTUr}ya<c=NtjPp(+rW%*`h
z99!W1pvq;_wWay}EM7z;cnT>~?&V@YG+QGKetsL46&%lhPSAY#oJ#ueAZMb00pFov
zMt61!XVfo+MMfBCs)f*7ey1$bl|UYT;Dg8={nMy*RlLjibj+-|f>oB%#ffhtmpPBA
z!dU-xxW)fs?yZC3YTj;92p${~T!Op1LvVrwNN{(8ySux)1rP4-Zi5APcNu(e&g7Nf
z_uV@8R^5B*)T#UYK~+!f5xRSKKYKl^*8)2sJUbIlaNv?_5sSOJen>7k`e4c9^iXeO
zN`gB>FD4$0$uS{wjKNoFNR=Pe)arXvLfPBb$08?Jte4@kSr|9uKFcurxp(#Rk958=
z?F`X!8W<15n5#0jYT4n##WG-XNa^>b0@)h9a3reL4_}UJY1_47oNpJ33~Fr@J~{h`
zEv`6F+aPVOsR+B*CN0`g(vP@(<Cx})z7Dsem!<$;@N1gz)}Dx`PtC$MmW!=1pK+(W
z;6QZ?_va<lpgr2lw4wsv-op_&_$$)&C|(e#yu0w9{AZ&rz?Zp1J#^lladbX6b795C
z5kwT$F_pVuE6wDOPf%ddf6441u4TiYL568w?x~~n`!&2m?YR<SsKULqwWZcJxG4<W
z_PynGD4)2|$(%+I@>xn19W9suQkfb8uU|xx>{g=;)oJJLwgM$3(D@hwdXHx!eRPp|
zlo<*t?JSO}hq)5}nN<gcoOfMnL0gr#r@XGA+GX3^&%5-sw9jZC6!b;ekjpSx<cAGa
z9oWWgQes(qrIsHh(sf7r3?hqv<)-aZV$)H%2-dF2jh}yIC1k`~x8B|Ji6|~KqdYq4
z$Vx+^f&ne+%flc?fi0wR;Wg`XUVzTzD3Mzx+mz`DCv}h0Z6nbRkx@%Um2}>;IZLuq
zrBTi3gsMnyX5>Hi4ZodQ7PL%@FI8AA0!Q+TB;|W`RYkOCWlD7&6gw7?Ai08ECJOEi
z>0mVRxo<RJS`ym7eJ4IwY$ZOZHL_&Flcrl2?^|hGjQtp8q0Z{S<=zHdPL}HxNP;dd
zFW62JICW=CQS<p&_?-}R-)I!qJ}kYM8FgyT-CxPU8Oc}X`r@cL0HgJxV7&0y0H30Y
zeX6=F(k*2n&dC&o!<$*-nx^$d`TaijHVTB~sQT;AjQfpBa+VLw(1y*V*{j7COEZgr
z+zK}_;Do{XGSQGoJ=eA;UHWR&+-%1ktDB;e(OO!!y()c-fbN&96JwR=Qj(L-ZJiLQ
zdzZQGy2=7)1*j+wPG%-YK3tdmO@8g@l4<$lDuQ}Braboz5<Jd5*1IWtrGuoI4O}v)
zA$!{w$jyzj{+!z6;}q>vy8?9AK?#Fa!oJMfXp70hDGk<?_T^5n2-OZ9j)Yijy(LtG
z4d=}1vhaSWJu4O;&M7X<^mVDZrMuthbZ$X~O;Jlr+Va3YTUP|s{0U&kni)7C{BB)_
zw%u;m%HGaQ;bYLe0?q53?0b;Y&}pPGc;W1%OY;vfVf|vUbgjW4UZOvnvgFobv;8LZ
zami(WI=<Df*3G0IO=CAh`fqKSxN9Y5LuChPeC%+NVc|fIl+~l2*}3_g7t72~Y&7cT
zsZ8hh7KgW-^RJu;lL<ky(7s^1`XSP4*~o4*=wLcP|Ku1MXg^wAUc!QrqU?9*dCN1)
zX76iAANiU<K!QUq-dSR+L8_PP&B#h5rjk@$Is(T#5eYz@Wxwt>g|%EF2BI7pXL~VF
zc7UdeGPuTccO<)=7l{*zt`>hiEQfOPs+17mAI@Bxqa(c>_%)L3bC~?_z^fU-t@r>p
zRMtqeBy9_Cab&OhWon-&0>?l?OHpQg8!7KyxW{Uk+mXA<x;5pjSvSr{uvao}KMaUi
zMt1;jw6B&%Jw23XHk4&ncKZs$zDrel1W~Ztm!ddSR%XP#o!}|{9sf+kaFg>y7E<^p
zZxhmFYD39#vYnB3L;9%7$8%g$5k>MB*6gWIpQsb>c}h}aqR7uv?A8`omBN1f%70aJ
zS&N)Us;$VfBS4qi4sQUU(iQ(wV6Ci!Dsd}KWwNwT=b8B&IPJ?qn|)e*6}F@qnV&m(
zW*WYy_n2Rn%~hn&=5*7j?}*o!f$Ygkn^r%awIEwJQr)<<dUUQGqCA)ad40o<F(j_X
z4l!t^v`>zq2sH3{TDWJtt5`@g;1~uOd<qW5-DQ;T_Y6Ys8<_4N*Bo0;tN4KZJ)1z%
zl(z4!_s4rpC2IAYFQb8GpGC>40RY3kqV@!7If(SJk<L2bMjq$+iEtItue<oNZ6E&1
z6*7yFI$mwog%^`@H}7&*SpTciBfV&{JkmNKGuMv;Fa-3=wuar?<rcqmc9kZMll}gc
zx|)Oszv($Ba&pr^uD$A|`?E)+#}MTQ3LG<zB!+<Cd)=Q=znI)-2h8|e062O+UIO|F
z2l_k|CsSFuh^H0BETb|?MnJyEgoM!Rs=+yEJF;Ut!YC3RlDszwf{Gz0NBR-25ENc(
zAG^7kZTkdIQE4D*bbx*$Hatu~+UeYN$(LchhhJKyIp=~}g@!a|_Tf5?GZ-H}t1WV*
zN_xs@YHr?)tVi_W;NHMk31DhTkdXzvgN}y6&N+`j@87@?_bbbWK<`N4J|j8?HBPCe
z$eiZ5`;?uD;r9UHx{VGo%Vvh`zrL`vZo~}_$Hq<J9eRy($2T@IxhGFe-oM{mt4-gV
z{5I{nDm*+4KbYQ43@>OprZ)M^c&A*&*8ig#IN;03nu#Gfrm%z1R-FBEM$-?I)e`w~
zdy7+X;z9NLIDf5%908=Ka@U8UXp%e(sT=0{2PY<F{dt~LEwQaSTWcDPX!@diLExy!
z+U7e~a^j}%SD2F~OhjNTZ?Ip!yGtOvVIosnHQ3lN^zw>l@BRI=W^~r_N<Ir(x2CG>
z-L>c%E0h+ySWG8;Z#-g&COX%q)hij11|utmr=w7IOpm9y>27wm_}~P$%qv(+lG+v^
z=jJ^)b$cnyw(IX7=JP8#9=eaKOXv|_*W<m^I7siw>!UFx8MJ3}wzll}!UM*wY84x9
zDTwrNHASB}lAN?Y=+R2Py{QmAS2kdnD?Rxy{3H}f*(#uUs4GAG@n=oH*zNs*(CTMT
zd%UzSh)Wk@7@gQnJLgnsAAZ#t3ULOwg{@sb{K>^+8{>XEn5ZcWJcUu*HdYn}!IDxA
z>T{xKHP!4Gnk}_-7*2M~)B~6WgKMH1X4!Ae7r^;Slu$1Qf)-H#MSFIs)%q)9t0#T(
z7)V+91mDqeXs~~CLxtsH-MW+Z3TqCnt~ES9P$HSBddCV5esg_gm;<4X55o@vJ0q-4
z49$~~x6?+q!Q)qnIr%7t!;d^#>U6aT^n>f9fE8UJQVqd3A5WN<C?=o|7sHOS6q^$Y
zwJ3G+VhxT5dHL%!IMr0M0H*n$1w?MB&!0r@oYQYa=*ZuA@w{t(n~@%C#u<b~u8gd~
zG`s-*;=k4VnJuA~3VOONAf)^BuzodRM^C!(?LRrLza+G10={Vi@f*4>NXLOJGSU*X
zy?)l`0|==)NqKhWx-$-%Wq(9~es*pA7+>ScH?6+ZkAEnoGd|v@crdVmaxd_$^DEqb
zjTnrd4>-SzAaGrV^t9Ab9hp07JU4D1vZ%K4P2>sdNPfcLNj}8nuw0yV%d>1lU1;T)
z%_Mm;lFbfb7?vM=an2m~emCUhT8gOFQCK)sH#6M2qpY%#5MUUC-PN^2v=Z+QKx7L;
zeCH1^VwCT_mf~HS<h^|KbOp`n>Bh?3VG%>Cr)GT&;q$?A`)KX?3h_!wb?3=<Yqchg
zwXkeiyU+>`0mkh|kSfUO1Y)kdbe@OWn;SpGcXWHR3hqTDD+{&6wg;MRr(m(<7y7nX
ztU@#EaY|Od4Jc)1vB0ydC_X>Gicr{2_Um?}XGSr44naXjH`~%r{G7`9d=7X`cEJmM
zlH)Yg<^gDJcF*k&ZJZXFSaISiIMyfa(_ZcGDbDeSs-YAKP0X7QsxF$b>4SM$Ag4}9
zZ?0%lS`UhHz`R-{-~8A1;_GZf#_$}cZK3HM5fKt-xThtc{T3L!Cq(otbkE{ZF$L+|
ze7LYK+N_~n?Sz2r!aiuFXU*n_O-q_pOc6=c&&>XEM}blcWGpD{2?2(}sft4$)xGzi
z+7_iZN~xgQd)X^kuL}G*%$4>}CW%emw<}xAV0~rHte>tT?4|mfi9IZ`MSm8M<$Ls)
zmdNQyMHOH4`N2y?HeZ%pNJ-)5_xn*3C(5wThSKSa5_923^om=7x;BPToTEf%Qug;5
z$0ZwUQePm<Z1r4*^iOJhQeBi0R`RU?L<_}vgJLRzRsli<26$GztQ-O3J$C(><`IGc
zL91X;d#*a|l!j75PKvUL(cjfVZ88M2$$*Ta>Cw(egC&hJPGh&HHqXDI$pu@ly(RXT
zL%LodC(5Z8y1Wk2Hd?C3<gA&By(JVm<`sTYnJrC^Rlj2>T8J|&H9`6InPB~(|H%4C
zsud4lB%~^GZiX7vl^S>yqOzat3ZF$VHYc*Fp3-A)gCRb)!yC^^M!#D*5g1Re(uMWO
z-5Qr}sBI(*Bgp(SeN)91+DDIZo-|yudP;p~>{x#N5BZdn1JlWYFEMmsd~1<)7wn@t
z)TFP5d=ACw%yQDjdQEYQBZ`D|BZ7CEtGB$_F>sh;J-0(k+-vu&{rgI_pCXq%=*80L
z`-@gCV<Ju(66eq|6x1g;EZ=U)=@ZHe=$9wv=D8y~k{Kiul9Ph<XRK0X6NX)1FH}nx
za1EUrf#Q>ml9X|tg$eEEloC;O@tTB@<27-ocELSe9wO65$=_oM)fIZOFjJXn;>r&^
z`wNQo&-s#O%}78k7#JJhKY!iLIMs~HuYAbp{X{CdwKmxF5gMJx!nz5+ZmC>&xOxZl
z#DW*)6XHK6-H-^DW8p}P)4kP){DCE#x4F&wBgMIM=#24w5n!On6FX==cg<s>WmwGl
z!d;7w9`CDH^Oa%RT)Jdm={;hZzV6O_>nAWw-Is3i_nEWd7N>qcFHQEwoAbcVuGYjW
zbaNwF!6pRsHw%<gO)XbXNHf&UHFYUPC+16)7sFm#)^9r}pDR*Ak!=21#fEwI7#%iS
zmIfo~S}R@c%3TZ^3(>uz6>yQ!y4#F#8#QGEC8J5VdU*4aljEv($Cz0icTRfC!Jpvr
z2P7Aj023#6=_oMkWz~X9x>msGIT#+tVrTnPoc}9~QvciGxBm?dcqRD1KDU$SuDvEk
zzytIT$omf>{{Wk2yT(na#U=j_`tmW}57zp%NkhilS^AAQXK|=B0}N$uRh7|@M5a4J
zr4Uu@&biFh`~fWOUs>^@-ur_SFr=_5em3Un6Oy8R%lxxMg;%BuV$UcBmdLGh$z*--
zlqv(l&er`4a*}#^-WvD%L3E-Dem>&*Qxo_TaW;*)0&@3xcJw9g2^H#w?z(Riavykf
zhhDEIC<ayKP1b?5u4m(1ZlG~q9gU{cqv_y;CVcNZ@+W8h3GFUVoS|eq9gi0$oif+V
zHUJ^$Sx*E8ZbNI5P&L^0dKCP&Gp?nFO);eI!UXVbP#7J6Y*Ra_KCsUb(b7kdm;G-6
zAx_`aEWwZJ?(%s)AhOjMZ$W$3i^u5L(YpQc<Lk{q%qJt#hqqUFA*(gvc}Kbh1>NCR
z)JjwFBQn{p`X|2NFN2o}Ha3(yjjok386#xCNJHr@Qg2INsIvH$yO289*B6z>z2{h9
z)GJ8>@v__|A6Jdz9@70zRf~6TO!Jm1>g97=%2j~be@SQ>-9L<u2>0#6ErIqk2u>gC
z4q^aLI-rA)S3|lg9eYfde&_L<wm{8<%AqbVHa-m!eq+WaB07p|zwvhWdonNvm~oJ@
zF{BJ!>(1os^ts~ki*ddN)IFIAKtiwUe~Al#N|D>8nuhwuxJz64{vkA2+h!UM3<928
zXX`e^?(G3f4*mszjTXVCR-v;g%saVfYaXzTa2FjLJHe=pSHx|sYL9gp@Js5_Cv!8+
z9Qy)|<;!vqP+%8<9%hpdlV?&Vx2u~rqAPr=`kPs=h_C;m%iTxL^v`;HKKIv1Dwd_&
zR351I-44D`ZB5tPm7w~e+<$>UBtG32h`33i?bw4X$asqiOS+97|GAm_qrw#)+ZA?+
zj)tVu0Kyzt-}#j5w8uAVp))olQ|%VeVtm4I^x?>=SxfRSi^`o!pRvtzp^c%)5a*fF
z*Z&&wUE<E@&+nWvmhO7QtUGRDtvhsIG3Wl}0_@SQFSaM`M=QAY-C~g>6ggZMimG~-
znNn$TmK)DqZGgK&m02U<-cKa!A2EMY(!McO1z0?!Kpkg<l<X@iXwijSk}S9|EzpT%
z^A2AYT!`bN?X^bs%OR{vq98y!p;O^L$?*Pi5?lGItwjrz#iST>$Eg7Y+bQHtx|O0c
z@QY4#a}>8+3&icBK-gEf0ohl$)4Y>xhx1w+BdS65pYyAI0974I%ha1sd|9a3k3C^7
zY7QQxWvhff0yo5(ZX7!zon20Be1br`je|Bf$2)<0EMq$mkan0DlDM-j<Ly}#Aw=*E
z<0DT^%)!|T*tc}%^x2ILF8hIFCfxZVr!s7{ZF57t`Y~s#-;`kafdCiPa$oee<3Gd1
z_IKs%11vi3`~RsxM%c9xGi}B{qs^T&+{d9$u~f7Cwh!EIj@TAY((2%k>7PRUr47k-
z2S<mXnd+h6a3Xv6G2!(CKsO_d=kPO8ll3WLty;&pXm|XVvm#m28_ozMy0@QTA#8AD
z+WcS9TX}(BRcj$0#fUaf3+e|D9EkM&`)#c!Gv`Hm;X$WX2S-GLeqCQd@fpd8R)~53
z4Zckw)FtLp0$yG>IGHN5&=h?m=p>=f&y5X4P<emnsC#7%Fl?a;&Qrx(Y@m!{ei8nN
z>-^7B+9Ld*OWS>?hRon4WVR02Zc|l$bE5Q!wjAs{`(eq67@TlRSHw?^obkO5-<W#v
zjmymw#x}`n^Wp}{1ZnSd>?<4B8qUxnk@5YyO%JzV_Ps4xZmz`5T^N#($Ul%c5(lWx
znSWkOrnjxql}7h~oLAtjS0|pvhic>E(y2V2L-TXBRXF~#k(L?%QrWhLE+3>;!H1v2
zwnb@w>+>Fz`1%Ol!62yR^&$|PQW!=d3JH54FBRF!UYA_}M+}v~Cp+@lsD;jlSm?qp
z@ULtiEQVQwFp11bOsO`Rs5of-{G-4nID;N`-uE-eCA*f6APvr=4O1$Q^q^nE)Upej
z(j8r~rGwFY?I+4Ca-%&<E`zyU;oAo!#`65yZ6vTdb%s7dVUb6K%E_Ki&R6I1pPaQm
zY{e<66&ZhhPJi1a(|V{$J$LzftwuY4!a&YH@1~Ty5#%NEz9zp9f!K<~*pKijPfa!=
zb8WBb$+mLj)7B$(Z(n}3EEv!oD;X>H;zJxsH6fv8&HQDjqLi{|M+jELXrF^AP~bo(
zB8oQu!3(p}4#h+xFrRO&h=s9_r8Kjuezr_tAV;%^?~$mR<!AgE_PgNb{||6qw$6#t
zwN5<yA`L0+nOl^5yNWTAz2FHJThaGR7Mb_U9`z?-6VBoi=oy)EmliKokazr=GB5p0
z1>%r`a3%Q_A5KpkW>$jK@|EleaAk>IX|l1zk6ZD=fsF=fXe%cjjMndd)Uk*MJFM`c
zb{;4pprTTFYLH};p(y1WjI7L11@k#nr?URyEy`&i#m4(*Lz?(vb?Q^|zEAsP$>{>E
zO=ZCDenj2q`#lMDc5ko=o(h#gX6#VqzDfE9BZ+ZfT>WhndslqO0FHv9DBHLkql)~w
zj7f9J5}`~{9~gLzYJax5tp6}h?$y!6#<y9pNyG;z`I%c2C&2VUKjN<LZ7td{l4VtP
zRg6vFi;~cdYsoIUhGk{eX+U9*EdxQi0i7#vCwz-IN^IOSGCV7aovW3)tpWK-z-{(s
z_~!nE_E&_4^sNPBDRu_QX3@n&+6N!YLOlzp5S_A5F7YX)$9)1apdGE`$TM*=^MN)q
zR}XCb+B`dkFDB;_HX!YlTIuHE_|3$mZ|$`q+LL=2Csld%r8`6$$@KBqJO~+eaRSI8
ziw%RpcBUVza;#SdeIxwqTfS*q=I<uK;yEX=0Izs!&jGoEs1g=};!R)?f#=VwkegCG
zW5kY_Z!1ZJA<j7dEL!La=Q9nb=9c?Y^Za=(rYtTM#ch#y5}7vQ32im$tqVGoOr_D~
ze3)wI;d?a)79|cHfKf#bqczpYVpB2a{~ILuCZ~uY%2~;0@28bJ`rH%BbTv&%O-OPA
zZ&l{2lJ@^wBv^e!d1xWU8Wcxc3k2j-I6)a-190FsM-@y=)Dh<k@s}D*Q9q(m7%VFK
z@0>w^d0f)0EtO{bLI>MZo!TGPtbcmm$-ck4DcP{2x<jr2NGTjkMTbzvnONmMyO{z5
z&D?kx=Go&baV&}Jw`i(JxXa!xWVfD!S|b`_gNsabn)%YFbS-~^LFWC6B{AJNvGiMI
z+A)u0V6llIg{%U_tHDeC$CjyobR+C_-kVtdU^L(P%mR%YTD>37Cy?5@{8%RhK{6~W
zqk^|Tq5CRY)l_rWB<-3_UqA^#0NNJ7@-sGo4*tZfrBCUtL)60M0_bGbaG+67l5m_f
zPJ_h06C$8II>*giZ7iRbFQE%wauLsIALk|sVlPYkN`_|C&p#&dEPgvncs#v*Sz<&b
z=?LU$Hs%<B#J9+qAZHv6?ZNS*;E7q?C6Xj%=b`=uPxf?_R3HaGz)hNX7zpO34l3$?
zi)4cUL*w2B@nsI9)R`Y+c=!{)D)XmVjMB8wy#rVI1kd~19R=uYxG;aPgH`ItuBVZ<
z{hv?^s|=9$^p_Ip<@yPJ^yB=Xv~xpf*(fX6g(24Kj#n0=EHo0(iT09)%svv|)#N*n
zhZRQ?VnhFuSVJ}+cWJcFk}RR>1(I$4NgeNvt6+wP_Ce-3^BZ7D0s}PGd~ShTBE~VR
zxMAp=GMz5c*uWM|mM5)Mll-8+_u*E0(8>7|hr-9}AS(tsQ;kq&JZ6c3gqLrEEFKYd
z>^ChhvNZ&<K8|zOgY1??(d(R%@_o*AehQKl37oCh>E@ic^PHJ{YaJ(G1oBbo%$kwv
zY2w}T{-Qb`UF*&(B^=D8$o`DQNc)nkm>KnSf>rryy`N<QWI93lI<DyYvgLL@7=q7L
zGpQ^viiR9w<LEG9dTdPmimTt}?6n}piQyxO@lDlnvJ{znsl70&Ang*TON>}6D?V)8
z=sBLLGwy!H=2-hRPKJQ5SL#dDOtwEM_NTLnzqFL>vsrH*yWF7kRfGLke5}V(aTK(E
z`aVj8a#84Km{Xl#(S64>WR79MWILkV9?E)!hW7bRlOb84$kIYrh}QiO88CljA$`oU
zLp`<mbCU&*BLoU3k}QmfIEZOVVisHA*ns^v+jvb^=btkM)tT`XhZ9pUck?qi#uPNQ
zAi}{B>HY`Roge<q=(o+$gRz-t(>`R;^E<q}$-5bFKEL~PwQlR1SIIZN{(cJB(Zkt;
z`P`#N>2d3MjKQiVNSkt8+=i-pq$bn$KQaBey=p<*%o4C(BAS!Rc~KG)urTlhaPoY8
zbpH4F`P8;^n4j`ou8P-0U)HhkPL#r4lz}!4S!QJSFA%9nUItE&YAB^b5+FVdTwGQR
z4XBPPT*=?_cjA*6kA%7bRxX?W9R$Al)s*lOC;cH6sn{xIMO9&)p=S5?@h5U6zbv9-
z<eD>Ap)ry5C~dB3AX36_DFo@k8itsABQih2kKgc=7P&_t&dx<{M24DCS@0&$1#&Va
zeut_j+FWDiSoUB02e>=n(aAmX(AkqH{l#b(6N8=Yz?heM4%fH?*lm@+A!Y}FW#h4{
zd7T89=&Nto0)_+f0n&iXq|D6xy%kyM+quQYyXFmD(TOS<v#}aw4-a<OcdjSlBi`P>
zG);UXf)A&$Mbzv`oanY;+sA$S!5lsb|CsZkYnIfi!^qXYNcWN>#9u-YVWL}TCMR)P
z1+9q>n+El^iAxK~doIR-F|UIQDP~PQ%<-X9SjSB~m+Q$AVqbxRgi^M%mZwa{m;zsY
z7M5vj6ml(p<P>Pfrq$<2>aTqZW8y(LC^{2+ZqM7fNVu!YMfImISVx!GMohXdiYa_n
z(AmZ=LdzxgA;l(V_?ujZTeJ*o7vm%O@m9nzEbO?`1ilFk++q8_KXdZO1p)`onxCX8
zVUAB1W5)G#3|zMRUdjn4jqqs%OoKV*>T=YSY)-V|!~8<S>{2J0N6b&}aWtH*fr}16
zb_TY{7=24a1`au|<%YU=_nnw(v3Ds$dI(j;KQfx${27TO_O4!LXCGk+S87;T?wh{f
zEMH%I_+Npf-!c3PNh6isnuhNEeB7Zsbn)~`bB?KI27*qc`Ba3jI`*<&AcIr62RW^Z
zkFDf4DvM-BK}hvd8($t;&%}x+&q0AZp(`_?ODEkmb(vRdhSF^ekEf5D^x{;-ERCK1
z<M@P$aPd+dOTUQYNwKN_$z~Y8{&&u{$3`u>ghZo<9q?{TXuofvK|!qz|Ec!#54;!X
zci#Lf??=?yvkuEGw~-ymtH4LIe_e0ez&#Vu>i&YdR?GA6?y8H86i4AdgAnAbD%(AF
z)C94v?{F+~36Ey>>x_AY5q!A`!{f9(=2vW73$a+k`!Nywz)U&Whh;>y<IOi=BILIt
z$Ug^DzW)37&XT#&+9gdHaHOYZC}Ly7F2+h)U_U6W9|lsygcX}=%Z)ti)HKW0OR)Xv
z2bdN?;Sm9zEr5yezAT}L_V-+ZJ`g?$m>!*3j|px=5S0x}MpaJe5Ro$n3Ah^4D(*yk
zPwn?HZgy5Q<Q{%6MxLYC48`8|ByI@P{Y(r75?>%47Mc<Cx-Fyi-XaRQ`3%v_%Jc3Y
zUIJt`v%|XFIe753@1x=13GBAiGDUKQf>zUB#-Z5IKpB>Ut@f!c-F{^wF<nb?<I9$;
z*@tFy<KK73$MQ?v(Ee--nH4ipRZJ`AXoyS3C(>>{JS89(O6b0s;Vj&ruFkvz4Md)T
zOy|6CZgs4@@`2Hra`Q~xuP2W0o7^r4ueaPPGX33n5?!*?+J~aoGQ=dV%#$<zBo((x
zygnRHR4zmWtc!x&*u4o-S<N~A#(OwGDKhyCm~gG?|2(DPQkuqF*(JCHAk5UiJ8p~j
z&XqO-Am^K$L(48q7Sx|W_<v%PR?dAEq$^USj3+LkayN%DuH#Lh$gLrlv&{b?&YJwo
zwildBK;j$6IFsu>%iYcbtqUk1*tx6QcB*d|UB=r=0?(#7O=3=z6%9%0avFPxl~|%U
z_0!UO_BXi=ChEm=dOn{MbH)Eyl)d|anNLZcpouNg&QX5Q7p7Sg7q9uk%~}D5U8NYV
z^wbr5mRH&knb)<XZqvz^vnL06_211e!Ej3!=+!x|Vy0{L2TS?{9+afXGN)Cq8x9d?
zhyg}Q+`UnN4%?1Rj^x_NCbc=>bhkdFS68<8MwHIs3xA+|^xpBOi}EqO7Ot?oJv+j%
zGIT6^RnyPXSY^71XaY@<Njq!1@?pK~B*`l(ZlU2F`<VbFc8vt)Hbkjx=5WP?gKe`f
zy{|(_{aMzeYOZ+3OdrtSYO-3C<x-0Zl&e>yPIrGr<2n(0*q*x+P7Vcx?QK5pSY|qV
zX34chVcF-<kzB4-2L6N`yL!)A6jR`=PKrq>Yp@?ryKJ2)C-cGAuX*pIB>+C(TAUTr
zo7->q0slgL$R*lP==)2i?P~GYZBt70Q$)(6==*hqakkqY9(0-K8#RC2FUzuZ-oD{l
z-JKtKj?@3R46%M#xAN2!L5r)~cWz_JxE%{c67udM&c6g!^H1u^mlh^2rj(9EK9`~*
zey!8PfWb~tY^%Q(uy#>oHfHSHYoo45IZGrvAjMqjIkBs#HWR+x8jUelu^>V&+h!^c
z&eHdMSzB5ACfjRu3-E4<OpNF%5kcD2VhxKld^puuc{`OsZ(%-!_#5NoX^Q5qwuu<L
zQ*!ydp{p(P5X#O8#-GE4!T9s2W+jPpUfN+qPg_}P-m%{H!XYtca6&Gg?tuh^=@P6)
zF*fpc;7*q^a?Atwsq@!w=zz$LAv$zwd%wTWc7gesG%jgSljALkS*zE82*VD{I)<D>
zhi7~#Ux;;vvFbf8`^AM|mMcke1_m;pT26j^!C-68EX+=sQ_Wr}uby5mr*FL1RB<|1
zyOIuwBb_?H=;0uFFko#oY?f9X>RD*y52koC{};s@<&PH7-|@dj@&13Nh5P?)6clF@
zEnstMIJxfimr5bhzt%#XB1O+etjgZ3>VL!5xyHT!L6`gfyBX2{=7v}-*vSkW_FIqJ
zRc~X69zuH+`Bv>OJ=hSDou|aO4sOg%QN$xcuR`g>;0swZ|9w31TYg(VSbZx7Ep9!O
zPg3Q)vo*XCy6&H>GC2Ldp;!%u=z|en*#6Sm8-}5_IYIZnpX%|(@LO|s72F9yB_y{w
ziOVgM+GJCCX-f&8_p^Sao7)R<E!gr2DMImiiR3WWp%vs=xP9d{BnSUI>;HW3lJn1`
z=h6IPE!}KKp0NZ*p*?r+J;g>s95KpcAE6yTIM7AKspvOP!QoNpWmmU1yXaS^pBb;C
z>j62JgKy7PX78>RI7>kU#Ya_y#^1|VCPDL_!*IGS>jzR*wXo`44h7>NTqa_oUvXCD
z?v70JDeqo<o*zQU*H^lsLipZZr4hq$J?`fPI^I0F4j|0;hIpSK?l*S$FE(|QGO2EQ
z!$UpC!Nrh2HHzJLzn7i;pWbFYM{n`--_qL6RUxWpu7!#LIPGr=<L#YB>?A$dS$9iT
z$iy{0wk&T#9xg<xPDyWe&xPBo5%_xHN<X)fakvfC7-M0LFwNNfRP1M@t7-aa5C&(5
z8D!`bEyOG^%2~?4nJM+K#Idf*e2|oqQN;L)Cf#$pF81^SN!z@AN4NLl$?wX)*_H|9
zIq*17VIrQum@mj|mZL&AT)Dt1&xLJvv<%M~2(`+Z+%W&0d`?;`?a|oO;RmYqi&K?w
z(MuHlzLB6@Oijz(e>325!K0DG;M4GuHQx~`wf6IGdv(&LxQ|PF&&?a2a|bWY8-VcB
zt1$w*_<~zWTi}V5;|8Urx~j}N!y{Gf7hO{mkWIMaLz{Vd2A<hkx&B^C7CNXBrC-1t
zG2@GL-Jt_5>6NC^<X`H7aVt{R(&JKJy5!}U+*i}igkCJSigSEg4qG^$J!1o(ivp2t
zLaknsp&1#-tz)33t;&cU)7!^`#25vnWJanMm$@kW+t3d}D92&oLN(fR0@ttr^AgXG
z4c%K9`Ql@oz}~%?M{+T~9V_mpj{7oV+lL~A6Dr<qB_#<!I0l9fzx+h5ZqG#MQ5>f%
zaOFM^vH>~A1k-jlE)Ts?H3|5G;?sT<!EgS|%k`F&#T@x9kgBRl+voM7&!oyI@hZ=B
zgIM#>kG$w>O?D00wyK>fQO|@zzHg~Y?x;5M>)|g2gg?Y?EC}I$IJROf_-~(jiP1Aq
z6mF8UvresaP$<SU<f%#vYMT&#0+OdL`Q73%H?}1(yxDd?P&UXJ=ELGB<n(*K=k6lg
zHb<lh^9Wsbjm%8AwY6S@?$W6UJzYthKL)QN_M$X6e`%rF<Bu$RY@dQK;kYvi@wC=d
z(X%GJh0K>a>#h-1gg~A=Co(klHUT-1-NDsQhzPPwRHYT;OTL<yMQiu;^_yJHWNvGb
zIAhUhP4%(2#dv78l)2k4&=a)1t8K{UWR|wv#*|j$I;0T_JKk|8%g$CJV1=9Q#;o49
zp)?YJ2?l58PY+^KEeO2%zD7g3Z6XW*2yKCIhdcd8RU$<fCw=!2I?4DSNkGI*%7Zr1
zd*m~~d1KN8txitF<oi(gV_B^gSb}9`nc3bfXbs+)R-gQn=H#G$x#Cc-T)OM@?|W`9
z=X5${me-8#K928zL(8#uT80GCL?rrq-X^BYQ)M>zjg!vg#_Nrv`n?Jq9VKVKpB;Eu
z!r*vzw?kdXHrpEvu6|#^Ka}7~WAaUnJ$`U&8w*|W%*<1M53aSYn*I3;j^Vv5{?DuX
zkEx$0VIsBKH8!7}X=sM5;LV^j1$$2mCGAjc^__vGjGj@JVeqxF$zIjR<ue84)TBdu
z){W5FX<U^okUn<gR8NwPTBpm%R`5sqL7>)v4<IvX3txXF3>0>XTGKhFQ%m?Guk*xt
zMwCED?(S1!A3qdT981kIPhDBBOkh_+b*b>D;uvPHpfukuXOePS2=kL|;nkV0DX&-W
z-$eF<Z9NS-WAD2pfd#5;mD?IasjoSG+(P@k{2Qgb&G|g&J{I2BD`PZl(=&~%Pp3Bt
zT}mdEAx~Z?1<(z@+CvU#7%RFba#_yDk5%W-1Q^0PC5Z*l<1$2g{<$kdSG4CnlkMPt
zX;HY2N9UV@vX0R2zXGD`R!|5ke%YN5q}F|rqUMob+8r00TT~|A*-wCW<p>m&T>82m
z`pKow%~bVd-sutg#3jH*xUNh?xOeRYrByN|UhQ{0^V5u_nyQ4ls^q)$Z-llt@HG)2
zjHb4C<#?N$Q#c`_dYvaXNtjh~olHIR%cT;$X@yiHPiA~H9MQbvxd{?i(eH|@ZZ(jr
z>-K4@oKlfP$`M-M+)atfLuw#1xt+q2vgzcZZmTPG0%2iEKl8Dc(jL1|w?P2kgm;xI
zY;7Dbjofcrpbi%KTf3G**X5&ZyTD-9nx(CE!DM~ta8!}r-+P)>L4en|@J!nGfXN)b
zi|4sOCTHuy1o8@@V32NG+*IAZOyB-^+hM$hO!mTfhA9ff6Bcv>9i{V*T`$o?P~bS)
zg;rhZ)(F=2{uybdIKC1kd$E%!HJzZ;&6CjEo2oaIg^pVZ8;Ntu;@fqFD+3*Y<)^B}
zNZg$u2j=9|k$e(Jjw?k}3w)@Gvc`t<9bu_sl%gsgdEYmRJP&yk@~(OR%vG{-CT{ut
z{dajOM4$HeP@tEN92iLL$;|Iy{-ii@E5rGfoU1d(#~uM|GoybR*yr~xiOp+K7r^CB
ze{Bg>KKCR7BYjA{g+Lw7A?Xo*w{^ui_k+2nA{R}m75CKIvQceOS)Fm}<!>@FCNyE3
z;|M%#*qcX~mekc?jcrymc)gY7<aLw=*;dYn%J016hsG}cLHOfc2^Qap66zn^Q_ih?
zU7Ctgo04K}MSL&G5tUIDXD49aC{v!w>R9sI@e{6Zy_FbKvVxKA?9An*d?ZcYI>;2A
zC8Yp@g{Tdo!^r<N8fi6<K>j1gp1U0HMrQLRK}v=dRYS82T=0uxY&$`aU70rlmNupl
z8w0$KxR&tk2jmDxd#NW}#<Tfy!?L3k_B$-$F*$kV&6$hhaB4ost2xBp-W9g%cbG+Q
z1mp)7G=Pwpgm^8f-t{rK{zz?2Jzlq1#fX^S9g~Dfh#?TOO+^dZ9}7IaV%rlSibqx&
zW16!XkgDfsHyWgiS@K_hN4D>3$?7J@Ioy*EJdK7uai{#UqVfr_;Gn!>8Xtb(PeIpB
zN^m(Ock>tx&FTt3$7e7FhG^$Me)vd0ad1czj+)hexMvA;F>+toi3|tl?)WjW%9fN=
zpieBo7pcV<i9Fb*_CtQ(xrXzl_sRjR2EUoGkoo2I!?jbBiO8>~%s1Hwc!UzZUBR_(
ztO*nU0J~Aj_WjYk04p1^#jLJGhCvZbRAL}q%uII8-nX=Zo36X-CfMiP>hh~DT~kji
zZC?PF3lLpT=@^aGiS@$x&+biRE#4$?BYbwRhpGe`Tok+dn(j6goa7Jka2S#cR6nK#
z-Kzjl84}QUR(`rChP&F8Uy-etZ|g~&qv8&U=0e!Of+OBsZp0sd^N|vtP$JtM{fKeN
zcqE^#?bKMH1ozy5py@mpJ*9!UV26-USW6rvu+jz1$)#^&SEJE1W=RwzPL&&mZsX#S
z*P30{rSn2?;o-xy_Ev+cxxi@@tW936x*;W{W=f!PN?~%un1`D6&QNp}XfD4hbWXlG
zp>e~)vWT{CT=10sVtKd{tixg8d246alt1?SB{dHeYYMr-hlhFP2&ZHB`#@c6SEB4-
zbt_x<J2I&~+v)m40Ii5vrMij=mbJBYDSX^Xb;SiYledcN^aEtBJyDNKwqrqAzKS{c
zk)nid_HRDSF6Z1_4LS{z<K{JhwGlh*A@?2{B1=<qW}s(y=e$vkYZf2^PR5<W{Qs_Q
zHnE%p-y*bjwa|VBj}ycnx&MDc$&~u<P5n<>N%H?&L$S<==U*<s|H}LSevg(9^VC$f
zWN%TO(Vm8Vt<NXZYmMY_kEC1y&DCmIJS|y(_5&f$+f(%YPb_wP<}8kqY5w0*T>l{k
z6*N{d;VhO@p%eS`CVKCAvg}py+v=LO3UG#_vYz2So=eJ}8#Y6#vrnzDXELU}ZTbnV
zD_ry{p_non>O9jn5-cG9=QvggLz#upoNyP*G*U(A&<()D)23v(-G%Op;oHOl-Lm1L
zVGBu`r3thBeeq|MoTX|PWJIjv{jfh9`k&B>vH;?mamDJ#Xxx*UytWAIafG-4x4TQ&
zhMW!iS8{4iUR*3+tQmAWh0-O@OP5V?x>temsdvw1fR_v9<iet>y{E~UF%&ZkQbCS1
znitKftt#T0{gZF|f=lm2b5zw6o>|xMzZFiGv%c7Hy~R|VC`+e4(;}P*QIr!-nW0@~
z2pNfuIk;Ke?LO@S@B<-fXEbo-7VkmojqGXae&aty5FewwbC?!<hUUjD9_)1*p8q{m
z7`mEQ$%A9oJQQ@7OfYY%oeR>1k__$?$e_AUMca5f+Q0q4;^EF}d~Vj7gDbw;P4v`<
zi2DLiM!NBdhC$8-n>}RX+>xW5g54FFzKpyaR^6N(d^t2NJkairqgu}%pOT<Mc$pzS
zx|>q&Kdl|ASt9<Sn>v5aZRHW=7xTczd&vwE6w2TtrYAS4#$G#rL$o<P9ZB?w-d~6P
z!Te{U{0aM$R<K613tm4a$dY`&VQ-fRjy|Z|)8TytPJeah_vvosAWNMlL_}X>><AUl
z7_Z_x_A<Fg#sHk-WNAS2gC!4yn#|JGk`gQGo6-|MmW|PLY40cyS-@@k66+aM(WKV0
z@UB?q!TpiFlNo6<EE~1~=by)T^cG|7>rB67VuwXzoCz;$SQQhkR+pbWJ?KwREvLLH
zRy!ryr}XzwYnr;G&CbWzKb-}hkmREmv3(}NGPsI}AG?Ib=Rn8=c0bmThC*Z1loZc+
zRW3TR@FM@7IbcoW)=DqPIMK0tQ20UGtpS>DWV7wMaG!QG&K;J0GjmFOGNIW9j{Rgg
z#P6R1gjwFXpDrJ<acVw%&`I@1HlfF1VJ|iIFMdx$Ehv1RSnNvn1^LgK{8v~LFR;ii
z_Ac0n*L35^JP%c|)+>0V<91KgBF03fPQ(uY*+%;y_>$}NG!;m72>Uz6eI?G^jGm#h
zf2sB6IdSPVY!QA@yD?N4l+2)=DaHk%xI%*lzY8ETw2iFIM28RogCT$Vk-fM#cFERo
z)^5%~J-c0%@z0mo|Fo}@N4@UPKb!vahtT&|v?Qr(FD!*{VO-y!)k+3lod(9>Y&60U
z&{1$XP(<k5(;>3b3zI|)M)h7CtL+zbhI<8&eE_?5?ZwqC8u*<=S7*^0^$3xgbGjj2
z9x?UiLhV+rOKsJZ@<1tAncgL~IJ$aq>I!N}>FYD<e#H7b^Mxvnk12jS(%4gr)`s)l
zSniqUWe@!;qS~y<za6xT^?kCXPoQhvxsVk}&-!u3lIZ!v_1z(5#IuSs@L4436X^my
z*x87Si|c#fp8*?2{`S^LJ)rI7b~?>iZwaCIQ*=|fmH0Iq7~vG~FDp!JqPmsvy}sGG
z6p(5Njb$Cy5b7s;0_tFAA8gdoUsl+E`h(}B5gt~f76a!=*8jZd-`Oy1JgfTg-$v*x
z@;^@ve_okI|3B4GaanUp`SF(^`>sn~d%G66AHdEyQFH4Z9^VoFx+A;Dz~=R((BS{0
zg@*lawBk>v7DRt#{;vi4|8Qeh;#YIJ;dttJleGFSmy-M=-xfg2Lh<`^a<nlsl_kaq
zMU#39y?TF4n)_4I7bhyxcYkktPAV*R-t)5-#|m0oK_26};=e0%IXa5>wFJ|m6di5M
zL(E}>iE6x2xLt>09ZGzcm!(?Sojw`O*?hBfU>Pt@Sx)JtHsx!LT)KE_(@q(4$@(U*
za%|uDQJbVxt25xHfv@?Kk(%P?`E;bKH(jVMEG07ji_A<rMxl@DvbT4iJogyzX6v7a
zmznAoecA?$#`&aP__G9ttS{}KvCdA~TgP<K0wr^53X(UvO;S=s+@0N`4n(dZh+O$|
zLJeX`mGGNnnX5%N%K*qHVIm+|@Gw}1&O@Wz_RVJw_D)_;yjeuwMkEZg-3_w$?_G@$
z(B%Kph#jpAf<kGOsBZ1Qqyi8;R=BUfpos#LCsMI?wU4XR!ez$p*PJxk4LbLfM!Pa)
zz#h4$LOzl`7&=5O0dj9SJ=tDgLUostH}zubfH!-(6C~54V%0J0S9>P)ZyTLnOO99l
zWmWiAcpJ^^Gp0g)&HY((jW|b#TM<=~nwE|$;sschWH@G<aZL-g9tWr#UA0|?<J(7p
zx8`<Gb>`jE9ZVhP=9heBohFWlY`!{YjI~3BOfff(<&A|f3jLLPD{hp$>|gsZ(a|3S
zstIvE>mjn8U{ffP0UX(*nkTQTy|_cW+o~wVP5oaxf*7Rro1cjgwe$x)=};g$zh5(O
z7%_yJhA2?`$(uIrCU7%l$@j@MtCx81N<4YhGiAU@uwEl$W?BCrLUP38jWQ?WpLLTE
z`?1&R0jn|JA^qmvc~kLtEVN4uc&Z_soOr-Sw{CjKAD#+AuTs!cQ|*I6-SN(~Ve=M#
z`hmJbwrgT-^u?KkqImWKJT~6g>8_aUi@4W=&{!rpD_V{8eu+w&&%w~Y(+z%`ME7>7
zViTN}*H|w_ulLj#={OGmV5xbjs5!soHHF2_@KKX0(8VT5U!Ja%{1ivWxYowt@Y&^9
z{R!>i4&I$_MSpG9?_7kXAW4Pq&<q7p_o}!pfMZ^c@Nk<eyt(4w@hZu<pS8D)&{?jc
z#^F4Aa>GFC0fDo9Hrm}<(I|bqpkpf9{kHrv$7j#3X+U>Ck2gcdMz*T(s}=*Z=|rV^
z=PwpNZua`V`toFRdN%!qDL=)zU^yz}x}xkE>ff}L0vk?2g`W7A=-#f5j=d!rsJS(`
ziBR7PFwTzyPri&K+GL9nQ&DB|hQzy;X9k+`Zr^N@vyLj`o*je5nBfc;Aojwboo)<|
zsn`&_W}y})2<^O>Lu+!3=5S23Iytg0{D>SK&qGh31fe^)6LzzbBzJvq0xiJzM$X1g
zHGdjU#HS1OjXHr8`i()%E*FU0m?fyMwVc_~WX~6;^XOCu(XL2H#uH5k!JkcJ@A_{C
zpp`a|dJiB`pVtAUGJFB|p~C!pd|R_i0o|dl+e5C~yp%7iw{$X6F~|czuvsgQQ-A)O
zZ4qOK?Y-kjdRidL&CmQgOv1JYG<L!4$N*D|jOWA>Bp@(6Apx`UC4|k%STKdq*S%U}
zo!5O6^en4{SX$fRPM=-r*ROiA`8^&Ze8?*|>3W=SMZ{i~+Yc-^&&#*9dn`Q_XmmBH
zbpd$M;19Xz@pfH52tU}YAwRE=?XsusgYvvM-4B=SCXX)@aAu|S*v8`w3A_{mUnMg%
zk@O(5;S$uCoYh@GlAYvswBL6zGIH81yTzoL($Gwt^bkp9cV+wBE@0a+8L|Z|P}a#7
z_Z0iO*Jv$>Bs8->IcXDh_g#LTN*Mw9qCfvw=RPu3`na>KJY{aHS&%#V-fau|&aTi9
z+>_9Om~UssgAi3HL$^I8M&D*@t=}u9u~EWz305XOJwazbA$jv5D40?O`zZBBgNTQ~
zD%H^eJ0n5~Z=tit9AB4oh;M)9Ctwm1Uy$8oeUqV`U~+gj!jcPp2kP&egX+S@9OiXq
zj3SH}!dM(?xMDjZlse1^GfFyHqEk8u@KcNaTHSPUs%kxthb8+AM|}EY(hy4fCMOJh
z%Q0M&B4jlL_mv`naf%HDvh_ZHTatvppfuB7b8<%c+;XQ+MShLG45{PI&|+x#Io+qG
z+SEGC?`IM<0A;G_V#E2A1`Y(w9q3<fHd>VvJ3A$q&))6d78voe{g8i$p!}>aPVN_z
zlNL~&8r0X$;uRY*HoOGLW_b_FgO=bYkg{a_8aHyY6-VBLM5g~8FU%%rQ%5my3I3dk
zy!LfNzgZ2}4pqU(%N-AF%C5utv>&B-FMuVjAu5!&o+Wp)GhZNw(En7(J_-?@0FSFy
z;n}k`@<dx<Qhgy~uGQ19+jh=ecNSrUBr0U2Ezfvj(7t#*X^NBe4Mn9B0AT#&5iG<B
zk~7d2frJqPP*m3-7ooZ+U5u0STY9D?X$y<!z|K5oBm6dsYn{%HL%=n9t4^qI@>&wI
zfbSCmRJj+*nI1b_URYu*@wwDKT&qL7(3-BCj~@C)CE)7_teH8j6GJ{k>_`JKWJ6Du
z4nK_vseP{dsn=c_tbkW;b;!Ld7e9Ympl1qu{bot|+9J)duR*7q(Z3u$BlW-;keIU8
z9X|jl4rV?uB`#tdqXeyx58jSY@fa)IN|7I7zJq`5g`LTC0{^P$pnSeK782hBp%EdM
z*-_i)Y|UsETRiCvOOv&soeO#eO2(F})cC@D1e^r<GE*Ua2WN0+1k|V}09;b=RBcA|
zN{`&)GvL_3b@<waaVmg5Lw-(arqINoDQg{U3d?O_nvuG%SD36P2jWIk(UuJ=P9)Cx
zjq&PJ*;0F*@2YXaVZ9yuWLHzZMyvzX(Fz~SdBTTz?~K8MXbaqzL}E-fem95dAM+*!
zEES@(`MRln(Z?LM)*KXqGin_?8Ce<F7$#leQ^kYv-X)(VCtUqs(|sRm)C(-fDLgK@
zTleM3sZX~ZX0<yREnI{kM!AZViSCJL%yBK{ne`t&;k<2K;$&y(ww&z<qfB~bOP5W?
z$YgJHMou*&Ls8Nj-M+o29#$I$t7r#yW_~4mYbe3~qC<Q15fUIbW@73LdkrV*IgDmv
zU9r|4sQSZ{omp>&EKxnj#>7;I@nrqR=-?z*_65sT55wa6eX3A@w)~`*yod-SA2!^~
zzCq98U%e`_GWAgYM3UhI4AHyZn1*i8)F5-!=wwL}cqxjz-_v02bVIFLOTZE2>0rH2
z6$k;F%v}2T5W?`)fr$+40@21bJ3q5KNt;?TX4D_P@r1;De|=Z>I5*Lu5UuZdA>7);
zp+_^ZbrNHG`Pd#s0Pz#1BRJ&hw7YY4rIUgIUu_sHPIXFCRpST}|82vQ8CV4y_cTv?
z3MVL=(#XJq<=uB0ro1@yDozOp>aTIyYfM$u(N~-pAOegZ3R=F~2_W8G$AU${25vt&
zg?Tdb`60uVMj!HI(x6j5ws0G8>kKC|9bjIoywgPK>p+*LcWXophV8C@s{wPj{R0nh
z?#CgL2T*!PAT9)X0=jFxu%O^3hwSWG>(a-!{jie_d6a_}lJ&1s{F<Ar!p51}9t`H`
z+Anjo4_@i!TbcBCbdA(D?&^2pH>w^|->%pvS<~Qj)Pf4J_WsDaj9oD6A7hEm9w1nz
zZp&9~i^Z!XZCzQydk>cSZZ*5P=J0s`WE-GU3Y}R0%+g`zl~!;q7)DVt6%=}7l;@$+
zi4C)+Etam^YrLJXF4q3^UWCC{^5t-?06rzIrr#=3&plyDR#zn$6nRVjyoT!=D``dJ
zj4KYvL=NnLF{#4^gi!Mt6r`xa&%oul5jzwwD8fam=pCHOGbtR<eUrtNW-}PEL?1jZ
zth=;+r`KDUhbVY$C`AB_0&PbmR*BwTY4b$I(gj%nJC{8dD)gKee%htBe!pw5*kOyd
zi(#O0y``jw>|D50aHHdTCz)Yuq4SXc0@c$Fnn!tTXHS?VVY?JaR(S2<ya!nZ^t^AL
zLEd2I@+^~Yy2KsQ%0Ub;xO`jh^Id?|*JWt_kTM+*+r*nC0NC#omOb$9JxkN`Jcu^5
zV!U5h{cZpPJ8>*$W;oa$A?>UAKkUB5x#G}HUc;yMH&=|g?aRh8GWnHASHSDCAS-{r
zuDQgQ<bSwH;}5y<HFxD0HkddWGv{;WV9P0aU%~yr$~q6SjAgfW=e4dXV6n3OPGi}Q
z^B_TOp-QD)Px~d_K-%)7{3zY)_dVx6pKYyC`;N4yhcEYnhA~5n>X8KOfzvZ9ddoaX
zgfShG;R@e3q{}$(QA)7(?e2_sF}0=D>cZ@Kzu#5Y9}k0F>lZa47k8d4(X4aI2Q5+;
zTC8$K9B*{SiUP=vW}g9G?<rP`Y0n0;E^@Ajp5UICPZHu>1$?~CMm`^(@?^rx8!V?i
zFWzGada&}fo5scxN;O+F^wCv*O>uLm^b{(!u9g$R?5Ru=!r{$;_cnsf$A{KC)@m5%
z2>hDE6RDj5BS^&IpTe<{0@*Yq+nlvzb11f1_X@yG>}h<D*{RY{g&pAVNuO+DwhGx=
z)P$95Bg9vI4B?ge;>zJpyTlse{HB-vel_MUn+)NYC!{%&@IttF*(;ikHI+?(uqn)3
zw)EKTOOtTX|6uQ}g5nCgc3~t~aCf&5bRf7TBte2D5Zpbuy9Rf64;I{A26uON8C(Wu
zkTc}1_xtOwQ*|!R_34YLV)rn+cX#h4y`Ht6-V_vY=C{WhpucnZ`<lNYF}F&)%}q$`
z0S`E$uH0()+AhbVCheXoLW0Xa_zTWgG%le@6m2vOze(GDg8v|_2FV)wLtuf=oVchH
zdJ8Q*K?2nxd&CsSyM6}|6{a^=Ej>}E3fEzegwPk-+dy0QV}<Azcw$}Erj*?pDDpUU
zd8EcaRU*v>kcUjqGyBZnIv6}cq-31N4UaeMml@iLhuR3Gx;L<gYC#(3N_mv4r<eNQ
z4TaLs*&KfTxDLx-{<UR-<{LjxbT#pG^|H(Yw5I&_*pguX>`961GfbJKH@VhbN(PZw
za(t%s)L9<b<o<Ex_(YqlLRPR*1F|_-Ax`qS9T0X5;dF@yciKN+oty+P0n<fgz0$Bv
z7>Lbg;x25@I7d!NwY`_JtbpFT5oi+6KP^T2m=j*9L(6*tvh~^kdkitrRt#sC0eLB_
zC`5B5X5IiMT)2Z%!w5%3!6nzPv8tLa@nM%>4${?wQ@z%`l{zQq{@*lU@DLSy6d9R~
za|HpG`6{`y#Jl$+-4?T9h2FCLkO8r-$L8s=PK+Q5hOO!fBdKT_@Y@k0t(AkR9nJG1
zcTDH-Jt6R0b44KYU+Ve$L#=Hc2%`F`5oRK(VBq+~G$H#i56{V)R7@(D0j~m)!_VIr
zR15kTqMNV5M@fl{{Z)BYAsfKJn$G+yOdP&PRU-IQ6;ysBMh??L%1q3M4K9x838um0
z+GIdhVIm=E8cAoOWg5?9@maUh?~c^pQ#A+1R{ACql!)ns67>gyFcn}~!yVYKX#?*L
zKl$jSNq^XtHN<o5y~T#8&o4(2r!8aw;(U;VFN7fY9V;i_>;D!LCU-`h6SM0<^xom#
zrX_RNFQr@K)91D0e#>rP%zS!6CL<Y359b^)9?lP9;I$4Yn+-{|w^&-xH8<+CTkO?e
z+E}ijUFPJ`GTc2Nw-{O(AG^yo+dc2G-}uRs@t)DUVwc9z@u0bM_NmcDx~D#cHNARf
z#n>RM$&I$@7o<A6-Qj&VlH1n7iJwk~O&{CRr>0(yd%d-!k|eVgkG5Y4bs?52smoX2
zPSA=26OlGAvl&IA9<cFv{Oa6CRm=AP+O-j-Ipuc`>GRrW9z;3~9z2%CHz~pu?$Mi(
z$_uI^=`iOXu=U9$e4MHNV8<oj>v0l8SlrG-R}jlvOtSx+m3Xwcjw}XMb?W*|m9d1n
zMe@$6bxb5-cb?pv<%m|9zo#Ta0(wMEyp;fkV-&2n)2O*Va*&FojW2fc^fy%h>Ld|w
zUC&?(yx*Z{9|&M}ssiWk?x@4ORePw|6@r}mmCCEib*5Ne3=>~V$-C7Bp510T19NF_
zB<vQVl|p;r5Hyl-TO3_y$Bc!*7FdBjCPc#C?z;u>!>-#1wB)f_CWR0j2ICc<Al+Uz
z<v#XJNOwYeHc&o!n6Mzqr7(&XN`TIX?w0u{(8xb<bnB?Ns+aWni3Fha04VukIrNHA
zuiF&jLq5BpmDI!vvmA5VCzh3L81mf1|KTq)+9T*Ccof8^%O*p6I9Xd`52wu&4cZBx
zOdm`{<AN2gV5L$`Pm!X)xZ__I!!^;Aq_J0|NI#%fX$=?=v!U1z$L0{h`y}S}21=mY
zz#UUaO&jb%i#6Q^Q_hBj!6!%xupTfR{&8*&r)xZ1ATuIPn0{6+dtaW8_;t>wsak?o
zoV#zm$ley2)Z=fd@nsEhp7lcvIY03Tddg6EHs-z1mVOxFF_oT|fN*9;-=c^ty>xQg
zRN{uwY$Ut9(XkFlpMrG!urq^0m)iS;tc!5<IF@+BnDulXMjc_q@C4sYA>nMf^BIwc
zD6GC}+r*}&rg(47J8*(qd*sQ1P5Y*!lLdz{Xsy-Vqv>N}0`~g6GS~e0Ii#JE&|D|&
zFU|*7q)tkDuJu_&7J5S#mz0^KvZNaC`QP_}Bd9uJUDD&xHXs%ewcW5b*dgZv&dUIE
zYrmvY(9*BtPcBo&GK=d~Ok81>8n{HlmhUsq7`e(S=2!`u611E-CaO&d{206xuj6Px
zgMiW%+|y&|j+RGbZDkr;ANW(WxyL@}8zh7&O6$tca%|~&+I~>2Bopbl(bBchEqY?s
zGvyD0HMmAv>$JnTM6zJ34sS6U#UVg<PrFMvwOCA)KD{X`eE~}Y*F1^Pv>MOWj2&#e
zlepo{_ZE>=m*9wbH?7j&=kHJ@z$&3RT<mvkMqDo1q(~vMYhXanD~mGbekUV}$AYEs
z0LJ^m{XHpi%;L<nHgNW)fUmu}Ybl@CCYR`sgy{Tzh#B+)-{?~q<g@^yYQ5<-^~O3r
z=syz#++VN}p~i)HG9%>9JBYc#Ddz@z2w_aW@rJ_;*aUqSUurLiGrlsoS$F&NmBO}L
zJbI2AdHS;!2ekOE(@d~m?&n>>gfdpA<i%>1#72Tu+f!_R=OAgLo<twQE*qU20qUqv
zJ6O&G>H}9zUmG7iDGCU5TlHV}6&qWlYC;Sj7l~-lM=~%@2;{JpjYB2Dx~UlEJ8LA<
zi$IF3vKGp*Dr@}4&hLsiBw#Y~fncJ@wo1%(4iW|E$x%;@RQ|E^Q!B`u%_h2zDwEt(
zN8jo?Q_nSRA&@bS;_N4W0mnqaUqUM$l%!Dum0ODA7hQZc0!*`VEtgXkKX=ULNF7<T
zHA&wRtr`y~mB`|Xd^FcbOri9G*j7%;>4~tbCA<C5pl&n;l_Xsf&6c&_TJBfb9&R{A
z*xGm6@2wPKNAdtgSIIHqFH5@O5<SxfpExW_SqzO%q4EWj8U8oS=;}H6m!ItcdgBF1
z)bG7hbZT>4<g+jv8m^jS*K~K_#Mfb_3)G#^eCI|Ft+`V#&6cpbipLR_n-(NJyRv3%
zM0X*f7JY-d?ZczpnfnYe7Q;v01hCbnLtQhl`OlUFXMKGaZ}ls-V0to%;v_szN0y%N
zs?e-rHyN&&8|YagIcoMfYQCHy+N5J`7S&sY{V^!gup>hRO=_v976^3n30>(b_f9^)
zpv600`+9n+wR5W7-5SMN^&*YzZKd|~C$SsJTexA%W;cm(_0&7i)&0FY;aJG8@x=Me
zoQew3r>w{=QTL{%uqZP1Zc<nv8VPB?%JMgW194AU79+s?<1E(7TU63Dlt!v?%#|~#
zUt4E|=2r>-k#)M#9nl}vRgwYA57?ZIOENx~64<=ug8bGl)4jbx(ej~{WhW2#Wq!dL
zJeYCz7`E&ISQn=R>Y_WcN5fB@za0KLgM_yFf;bM#(20=b7>$0sVN-@FLkX3q-BdHN
z6A3n)NnSJ*NKS5eA5)0|GskypQ(&=pl>FFwL7C!nf3Zj>Q}~cnnj50h)mF8PHyqsl
zwTc4-{zGLj{!1aYVB3>3V4qMNyY2YR8ZM5M`)~_qqpA`xnrk<$1_5+A<lOr~z#p5J
z@l8?&AejP#Zj0H(?UwIsy;CK{x=8sYA|g8JtD83eF67%7E7`;X;&P}*HBaJquS)+|
zuFsOp)xlXDaWfgasw}(5s{C;iNh*`34t&7C;*HtMI7!tsc~^w*K)>Cr3WSDohgx4S
zHx~+dTu0<vADqMy4Y}pbPEg<lg*3ev^&62R9eXQoP`QIZ!cbSQ67!I9d^CVPab`H`
zV;=)mxNeDym`*rjTQ=En6^>J$j8Wgz)9e%v;30(5Sco^#fAl^+NreJe$P3phhW4Tw
zu5^Xy9t`8uDw2MVaIljUAKlKKa2HI~m6Yg{fJB|!Hjw&=78hInj;Y~$W|G|Fjtfsp
z2|~acD&u1t8jH`U0XtyIi$6C=p2pT(WEbgjP*ouAJov8WI*!knChcL&Fjj}rLnoy-
z`$^GNga;KBab;zx@+6FJs^qYvnhSd9S#L|L?(I5+*5?)bX%K*#=t)f1N;WhC{@90Z
zYCowPJ-^<4kP1ko#zryRNl?^|{(9)X=?_#?Q+^wpg2xlG<EuVnWO>?O*Zc)yHoF+1
zOdQf<S@!TI-X!L{(+<pB4%B9Gl}>&z=2U}LS%i}GwciSjdryVO<RaPh=42Yy{TB;>
zwT!>KDD2X>6W7d9XEyr_^}fU;wz6tZtHIL3(EG;um`_zsO6vY=1uo}YSSeGdj8^Jb
zDOY}a4crtw&IFGa+c(bTT8`>-V{{*AGOwTuU8pHU4{#LKS`|Fld~X-lvWXgu_h=&W
z^0eH7#_gy#S$a}wLaXsD=<;uW3y1aGP1so7#?Bf7<RrwSva0rdhw8w*4(K~)&Z;ci
zvz{GqIgRu7`;HE89a-bkTwwsqOW^1->!WMO$Mi(H?=}%yzzXZ^uz-`4Wm99f=+lU~
z%FVmFcmw{_NoXi6FR{G=X)Jetr#0;B)p=TM_<H=|a)Ame!C1lm&T&nDpr@;E<>7%7
zs-Ctw@~mQ{*R~yhRqnhr%1Fx$KvokuHAZG4JgjZ8u20Z|Vr?@C!_BR|Ds?sK+cMF|
ztr#8i#OF<99E!+Bhc-u4JtuW!6SI!iksgO|RgGC5bXvA<P?eX<HObq}gp$Dq&DcL@
zl3l`LDOcId1}8{>m$Z~S9>ilLtOpOA&GB^!UnNFyuhvxC3}!!M_=nG1s3QKxXZ;(;
zz1b?UM7)jfiS*9~eKHS5l5slnG9UobCA)TSj?48zG~f=%Qh&Nn?zrLOUrL<daqw2Y
z^B95xm~h-k>96ioa|Y$?rO6V+ok)-gd4AB?;<OcMUGMp-a=cj#R+#AafN?=4^JC-f
zmmA(+!%wh(?jW`L%S}BOsbCa)14d5AJWPYzPt1h!aDVA8rVKz2O^ZUDaq$Z&GU@n{
z<9AQG>nQRsF|9wj&r&@*SP0Z*jiySeS8j6xl-V+qGs!<j#n(X-GL9Eh<=o(PhG5<O
zNH-}N^<MUV8jGw3P40@TH$C7Gk;rK<F96u%L+;`4IOa+?gJ%}}Y`Mh2cZ#_wlUxC|
z<Krev;|9c_)fmpt%u83uJv*+LeWV;>gMB72R%(hU$&cjja&=v0?ICya-51S2KMW7{
zJdRtYTs)v<o{1(t)#fN>!M=$)RbBkO4I<C0fMBF$b*>)_IjW^WY+2c6foPfA$)tcp
zsc~11%VhL20axs+MncPCBxpTNc0^FnMLTUm5>g~X$(yBSOkKk+7T=cHa^~TL!#+H&
zq{j=z3&{4baA)XUUSeFDiKR*t1N$dzJhIY4qmF)BJQl?8j5~BX9zX5H&gj0!H9`L?
zzwkWN>*c!_i?{dH5`sXo@^qmkoKPe$PhZj#Ue!bj?6gn0mLV0^{Ay);oi4a?dBhD=
zKOa~wNtv}ESk2T>pxvLLW(hHpKQXTLrentRQ``_$<6O)*1IaS%UCOXHoeJrb_)n+K
z6ScHreSSIcz&#nrIseg9%G^8A%=o!q0(Y}5EaX<SKW7{9;cHeq&e_L$Gz_Y}5r1LA
zWv6+Y#8R?>Kpz<BF$?Tk=}XB7iH-kD54)a`GIgLFJdvm;9C;$T-h_KghY=qNWmKQ-
zDhtDyR&TjtWFsWyE=&(4cU`kv&j)dpC<~1J!~^^|aI8i2Y?Hjw76c3bR8VGY1))!V
zeg+_+eXj-~x0U}yBqP3%;`G)g?dVw0nkZ$ABWxefdb`I(y=TC4%smCI1RL(X_$4U9
z8}yq{S+7xn|BKh>7U$>eZ&)$ri3te-X=xf6@9p>ePaV9Mf4d?K`mfMrJcfye(7hif
zZV%G5DIB2H`$ktKdLI*=@V$wqTC)xewzIJC^1E*w!bJfGcV7<UiEH2Hj6%b_4;*#(
z9?I<s*Zk!Jy2ZDb@iLnIGFfSYx0(+`DqRtjv4Gys=!ZhYal)>9=XBKuRyBH=^NT<;
zCH9hT+YF2GAk%F&A{=%aJLV#9E}T&<qVf5_AlDld37EGyw15aLL}(CUaHx(2GCwS2
zm@w#FgYgsi-h)42@&al9_QuSPr($>5JEd|F7~`9!dfuIucrm+a6`mS5GWYTnWxXv{
zCGQ?^j#&)%i~kbEbB`NXPuf%3TU09LmJ|#bQfuFH9~<j)He(LkQt8Y+t6>lhNs+G;
zgn(-{r}=mm5US`rS%(=gdk)kYx`bO}LOR(i2f$Q{B3i?9SMn*xY6B`JZr|q$$X@XR
zyb&ohH7Pk2`Y7&QlxK`Nk~J8H4_m4Ta7WFaC_NR&U(V0%VV}V9d^n_O$S3Xw@V|H0
z8L-+v_>t2S6jnyJ8#B}>gx@_h9*E3P^Oksq1g}Jv=bB_c@}LQUtppS!U;L2z%O^Q>
z@3j=6!2c!+$10O-<P{2G_!{k7y}M4^(y)uNR3xD+epoLHlGwh-&Kuqj%k=AgTp&OC
zJmXVC`4D1K5QG>@AY}0K%6HX$u?Cazjw5TGLnuGpE1Is|p0zEAtMuCHxrHrmMc)RD
zVWfWb@h#&6z^zFcEpeR}0siYwvoFe9#Bb!+Y0y8Q3PWz<h06;RPGocVLSrvp*AL`Z
z4Yj{>v!cVrL;f%DET$w+cjHX+(~^6*oVz^!t3Ug%&6fd-|A(+V&+7jMR54-J_4-rb
zG(NXuq7sF6{WBoV+uKw4j*D`^rXx8diW|>hh6vL6LAS+LBjz-&hT_*M;{&ok{vl$D
zNxtkDFSK1EDftF#)|8gAtgNh96$zz9r2=>WhkLVPr{zLxS-e@$f=2KYIlbgC@rlo9
zA9KYcT&#L*1Ztg?jb6cVD<4Vzkzd%YhK9J0V6+4o48V?*&>U<*Bjv+GR;Nazy?8o@
zID2$(X>;9fs#6FpVB?#<W<5e0UghWX8wJ6`*%FoQ;iV$MXM@-QE|r9Hc<)kD0S>d-
zYZLeFhP32+E0+E!O3<eY5g8)Uz`=@018~W9GKUu$rrY)A-Np8Z2XA7;x|ITy6AFq{
z`HlBVpN!oEJ7Rp<L|GcaS6kV8W9)?UNFBJwngL)PXaO9kHDO)N3GMZc8?3b(<8C4x
znILY7GN50gkKBwSVS*Q9$6<p#O$6jI+|ol8|EjicYD@v21LN@Vh4}Yv_19A{I!vTR
zKp;P)*$(L8-4`pY(SH<&c7DXdxoR1XaqJ3ueVVXyyvJn|zt{XeBR91if=r%l-ko+8
z%5O=!52u~-?sFcP^PUg0x1WQ4d%@u0pMfHH4a~?c?RI`G@$rM97d@(20<P*v?}iPY
z%~W4knb*hdHN8M`Rf#*keszFPKghAa+|)Uz9xlF0Zx7kcxwgBxh+OL-ipI+P`q|bf
zugx;2p@w`8L+czRQ+Dr<S&K?U*PlP+1x7HvJvR+~%_?}d)<{#mV<cJL1n|)fTaIw<
zwcTS&BuKo_Y-`ZWet^oO5*lsmlHU9bi6H3oO{9+G*pG#C=!!LcjWOkkyAgw~T}_|&
za|A`~v5yvNhebi@R#%%5aTPas@3MhN!K>M>xEFE@zp>Pd;6v$roM#Yp<Bvw^R?oX}
zSj)`~<#mpH1wCns{^w;HV^$}SFpm1ApxlFF$7?8e-R<r{;^g-??)>cFPKl0l>jy3>
zDs$9$I+Rx94sS#|X2gpbPIOsjs+wIic`m&rIsm~73ZL$~`dy#g9@-;Hl}ZM}(kEoV
znk@-#)O!wB|3N&%WgXsiRwaouy7px(S@!BXAy_1emVQ1Qf*Ml#;!MP*EWXl>tCppm
zvUkn@`~DZPk&#h+0)AW#U+5z92$8$%bjhG=kg_4CrwiR6Yqz9og7}sOb)yQNUU_fj
z{-dwh>94hP!7~S#>~+7)@MrgTy}gi-w00Pnq_GT`#!ES**M8{NxD}v#G=}ucKXi58
zSPePR=yAKd!5fah0JAYf3na$ab8(pZk3LD<uH>JS+o*!F&uO;yEIRmXD41R_{&07E
z_YPki`$Ew)@|DalS%mhDGqVpTL1YLm=#*pb1%mHJ{JVb@0CJ!{%nJD;N+P)wuF7fY
zC#eaD@*#ks_Lt?myxEhh$i*Onrf@7~XlD}Y*xnWwuzawlni`E9IK1A%7F$W@NdLW+
zilj0Y^GoE*A~tPXt5~wg-2;Q<O0^>?^o{I4lgFIC{7qpN|8IBx2al`(QX?%JM;IFd
z4=@L8jeoYWBDT9BvPW1T*!iS}?V2y1?tWE{_GS)BSrTz^oTh^9ieP-lL?HUN(H<$~
zH-;;o($7=g=BondFmn(4n(E#$f_H2=L}oj6jfH4639K00Q%;N)n+|a59~X<?$ykFn
zp2R+UB4<l<V$XTz&d5Qj^1pABQwxZhqk#P~9!1-84gS>0BNu6CWNoqz%&BREhs`9r
z;)5X<tQBpsTnEy4iMU|#&a;{2{d<Psz<)(=f6jLigXSh4F8IJ0WLw{7=R;^2-=%IN
z)no82qz*3EKDVyfsdU2<n$WJ0i|em7nUe|F`QoNbHfkuH@|u*Hcph+TcNGh^xi9L=
zMHx7W*HMq;OZBjh{cdrehMXSuFK<qDlb!{&q7YHa4y+o{wQ*;lClNhaK)%00IcVW`
z*urYz9qnteppLQ5)3n{)oGVj@jcybE+jpb(k}eGnWjD7Fv>!>ae-%DE4@D-g*(Q<^
z4Ybx>+F*vwe5}?%>f_D1Waoky<wN<aa4OAkFaHP!MyO5W)g6lBK0|D;3<o$c-dA1@
zTiCi)AUefti#z~u#e8-*(5MfnMb}LQkc&!aJZd9%doCXN3!!QFx*Mp}X7(5vB@-~>
z&JkDE^<r>oB=+LW=Ln7o`<|bEza)X(&OO)0A3Tb>VK51%TusA^tLOV&D`w(LAU<`Z
zVC^g08sgHK)|j*vtc@iFt^r;DE*+q?T0ou>c%$c5h}u`JKNLw~Yva(kHDSm;u3ajn
z(@!|8uzz;s>D02GMFHGcU{B0H4-$QZh4z{y&2RP$PJ3jk_1(~LiQ;9!WZRpYH}es>
zuB;Lq1s=ZUp(^~<c2+`oU03d=N8y+c26!=NW5zREoZ*peC}fKyEycWyx3)}lnP{|!
ze!s+7?Xzz;upXQ9v7PbfIo!U)RnJ5g&g+Lz5C<*JrL6hUR+fYo5W6d%MkQlOA1BlO
zI*HV=!SgbK^NM89Mv>R=Sy2_Yu%R;4gIOat3)~7{rICCbO58`OqGJuF&hH`sL3d<3
z=_qrQwpVn`<+%#7>wM5cLyi<FXId(}W0~#grp#iyPXCqD52H28EZHu9W~7r>X~Bpj
zJmwpag?*z>2UU1~vQ#J^DLvo#JVB)I1U$*t^D5xq2Vt&Hwl<OMaxW>nq!WrV?;MeX
z<bSC(eV2viM7n~cB$@?y6ke6}4E8_wprrWI7puTkLGSPM!2{gGLqlDoqq6w6X+x_C
z{gBH&`^P(581>plc%P}MEZAQ&h1lZ}L~=nlW5uQBA70aD*x8F`tDqTz9Htu?yo|Jo
zv^^dU$e_PVSQEzzNEvkWwwNimwcGgfX%mVUJJ|Z7BL3YvOIW(jw3knURcA1{z`)Av
z#Kyvdtb_(z%nC}Y&erD$C1M(y*<Ug~uL|L@{b*t>CFBSD_R%V4(%7wT)uV4O7?myK
ztaHAF5;s>{nd)4i^zr%pEBx=*Vc7a~BP=trv+M8P234e=AJBejYff?7Y@#EtFfwK_
zo~kE@`t-XP0#e3f*!5&>QcrktsZxs`;jM8A^WRb%BAlv_*hJ4v%D_)A8&^`CHBmoz
zpKxv{833R+Mt{BgBdU3J8#_atlj2$%4t*JiLp&TwMRX`$Jmb0T37xQA^R%`yE$=>%
z9xY7OTvir%wnn&(TbAE*n=xyxjnO*Y7S(`KcuzarJVZ$4Xld-E{$nrEw1+@Vv&*|I
zq(U02%I-bI);qOMgk^}MnOptsdMddDJCVTSmI;CfFOX|A9Gxwtp1&nNAaKv0n~BkC
zS_<xgrxn4x5SEQRZOa6p@6K%4P#a%)8wox3E8yd84ItgK)`|>7bX#A>Ynem0UaW>D
zTYes!Fe|$$OsTbg8<JcHt=~aNa|$(LmH%ThVK+sT4zPjxpY}>b&ibE>l?{_F^ZN7m
zehEoUJ<vAZI#M@pGHFhI8$3GdD4X}L5n=PpNGU5&=qEyPIV3o<T&aXDOH&GC<1v?<
zP(0!LS((vz7KwX7IQqmyQ<wYSlsLME9))d?S4OJ#RU_B3_rqeByy%PFq`mpwJr&Bm
zEDGrw*75@@il(~c3I$Tmva;y@2iG*z5KXt}_*k8)I%^qd9_ARPY$_@SR-KC|N(*ap
zS;XD7`S0$cFr9j6VyC7^nY>sn*BZ3KTUh%8Y?5_qrB@Cu8@*9a={xF+{_P#I2mIsk
zWD3*nD_{hBbJumCd<_cUq2wg;a><Z$9S+u|IEHC?WaAl=-sY(e-_LgHHQ_VE2c6XU
zeRN|szK=h*ym0JT<GDXfv>cItK@ymN(m47D4ZC{kQQIziZ+`C%Y~<tKds%3?tt>9~
zkJ?`UB7hX1=IiT=7>lTlGXh7V$mG~1O<!>NZH{Ox&o2R8?&kfj>cR|NTuQ4k?d(rJ
zQ~fx)$RuiOSarBHK4WC!ckc>qehNwWyS{XwQjx5s4qifp#)YCzYHpXz%i4a7S<lgf
ze`EAq{rUu6(UN(tCy-{{>9L|+8q3@d5l()|J$gT<(0D?n*v|LO&6K;54+neiYZr%#
zkcQ?S|CN2edH<)kl>1-54J=~kFh<5D+xhgYDB>xv`&ML;R>iD+aTbBNo=6#wFG;Ue
z3QC>2|2a>WcgFs4AUo)<Ovl|o&JQ_PUyJqs6J1*!E5wV*>2(%hU6ydg9vVE%CnraL
zx3(v9)twQ1qFj+HPsVsLt&iiZ`mVH!mSw;%hTBK0+az(af{^Lyn9Y;@(iTUNEglzd
zA+S+G5NontTdPDa_9_aV&Pp(3&<zzxu8zyyleQq@G=Dx){><E#CahYVmZ`7v!zQ>W
zi;QMh7rk$;0q6Kk{E9<f+|8_)16!luKS=c*hU&|XqDyb!Odpj_pOf$l=z%n1roA38
zt+E^c#*wBAW<zXbwfBovF<p7h@O?+w)e+pOjs^YJ<TBH-Wsj<DdLDkS;miU6tobQF
zC^%iim%bGD09W(8xGEaB38N@&j$*b2EN@#0d901jBj@(N6;3)<l^hfLdfo<fBsE@G
z_dPl}ks_H)g=x@u$4yRmxGJ_KfXLbZ(*HTicosraXLwvl^AI8!d|TCRm*?w$3j{sq
zsdF+kZ@U7^g0j6Cr?MQnN}5A=;-9|I{fy&j!~GLTlE}_xn15txNY}WfW=U@^K|Bay
zRds8`5~dH{@22-}^GF}`J{?*x#&~=``hMeCzJ&O`ge|$5^v~71i?DXaM@dG`zJ{VS
z3eO^tP4=37p~&EI6GYO<di?RFErX-qjFacF!@tSB=+2W@-!m2W-J;G9K^DgMQf!A`
zz|t8-X_FeCmn7B!*Q%s@LenWW^Xhg$5y_DjcYXrgkF7dkHP<7IgZaW?1^2jnn$mJs
zOtwt36Wec3jfCY^TE#e99I5W<c|D*L_<)pydlQETlJ+;y%A#v+OX6o;isdN6-L(8;
zGq1NbjfqP#aZsGKs8m$ec{O|6L%1?DfQ>=ut*s@s(qeROqw?*PM{HMWifd?)?|UxC
z_ntnce?A}-fK?(QH&svYMYfq^h$A~o5NI7Ar@Y%GDUp4{cd3$2^~(_EvU?0;)82vJ
zsWjnAOJZDGNqVUmM+UYbhWx<IX%wg&?y*2RU2Z*Sb+~rJ_T|=6>P|(1>E!4KVKsh2
zoaSE7Omxkytv$8CaTk3ito9d365wTddc(TaV>wmnte}>vwVjvN^APTvfrg5)(5~!S
zslpy%Bkq}s^b#R`vfGOI8uEP2?;>0P?qi|LwZ;}t9Y_cBF|Et){ABwlq4**xGWrF>
zm3pSqiS1sg(5LT)&U;tFf_7u$e)n-^#3VXm`aejG?>?OI#~YLD$~lrw<+dSLBURFR
z6pDtuzYJD)jo%MBo%detO_b{qIUc&tfBJ@rZEdGJCQW|W#Ya`!&OXTKgbUnzr^wj+
zc@B0@bvc%&3jU8t1uFWH%;RlBcrDM1cD{zR>hadszFd=TO?3cR#fwbv7Y%jyw;p)J
z_dt=49{J2nT!I;tMTd(OxXh5%JIe0R^d}eL+wS|9`k(VYHMoH7rz5e+zS6%;rDlTz
zR^s8TFb&FI&@8|DKa1m5xxQTMWqa?0^|+NAebXmU7G{S!N6^JPT%7z(zfJ~!=!CLX
zdE0Y8J{EyYmRx!JSXGT{LZS(cO_g`kQI_ZE&+%-Lcuc`<*PDso)C3tY4wO0=T15Yu
zoV^wcT~ai}`*<e_VtyOr`%p*E2TYIers%0Hp}#D7``*o!tNMBoSMF6X!PDVGbHJQj
zT<f}yh*Sl545VlGW?GukwUBR_^lgFoR)U}Vo}24=f@wAQIIH{1Mws|Q0(inbIzsZ~
zop5iIn0-CTP?}c*2A~K0+9w@l&|wrohfyIes8Z`lpVR$m3S9DM`@mQzNF59=Ie*JX
z_(pp_={#GR@9~7LK>gMnl`T#8!_ww=YfMt<P82)2pMY!mmSpvpo<nsTL0Oc#_#Kta
z+0`QtEEmVyVsmS$-vQ@@nA{JrFa|->KEjLZ%9{iWHbW0eRo1_&>TjkLC(X?POWYnP
zn(%_r7s<>RFm-=ZL`Ab|1qE>^9YTg`o#+{MI3_Djjqgt)-#9wZv1FrTd)+*QDfIMd
z{pFZQ!M>aW+;&cv1~+9fnU}NG+hgp@7Y>Uko8V^&>vsqiivAhn7nQYkxiOYxAJB{o
zyFaFWL7|L(ROPRs%oqx-&RX<*bx?Zt?i$RA(9)N=8!wiAM>ykJ9WDvXvW)Xd-Ql)L
zVVE{fR~jvgz|AKpE}S7+(@l+KRC(po87pCP?R*$q*4<GAiSaN?h26yLtcBDjEp3=$
z;^#|*=(y~NUc#7F96PK>v+Z10M&F;<R%8B*d0y1snyX{<3?+o+)n_mXBXu~9n94yA
zhoYm6-R5OctaG}h%ePNj9~>CY07=85D+Kd@3^b1~ibW!e$Y_?d9=Vd78xh&%A%UN&
zJ1KN{yYJ726odF;u1uLs{aVr~xfi2_u?<=j?>cO!P>VV6GpO`Fp<LWLQ9tQ1hCduB
z^cZVpwXX>WaqX4EDVJ7rZ2Z~e(@~;EM3iy!JLqoKy~A`2?B8G-@pOU_x%TQWdSpvF
zu5ecL0E3(<Uw3_#Fy@WT9}NieOX_-ATMUx>2W($5CdQ(Um_KdDY!3qq-4PSr5^9=n
z8tWKl@<VIW55-MprTf+Su;z%T>_>lU{x~@fIRwcJ&hO^!#>Z_<1@7CM!_H;W)D+TV
zKP{zaogN$>d`nj03bT@HW8cjAq1FE$8g*ryS%+aIL%uct^nhXCeQ8#r3OxFt*D$}l
zl2;cqAwtm;zApntUGpbYidJ5$+*ce$CtgiITB^x?*lH$kP2doPAdYw1rBsA=HVE2{
z{FLf0FQVrH(fzfuFGgk7SkS8tni@JZRyv!(56l;DSALVE6s`H){lM)(P(fcn-1xfg
zai^B5F^#t0iJZRd&<<3)mwfQ<V9wmaT!NQorC3s3#q|PF5P}(#Y%THSd&zL(+0tL(
zABbEiY3%Lpja3=A*wiN>p0%jVSvG$hmH~EV*UtIDtSxM>a>eGc{XTi|GU>;RGZCg^
ztE)hvMYkry)23&2iB%-z)!!Hx9bNp@uVDb?jd^~;X7-j59-vgj<Vhy+7=vE4;n60$
zOW`4>A0Mwfh><`fq-jx#Yc0Z&MrC9WT}Vyey_XpkkTO+5$InloV`HVw-Rqi<3J$)x
zJH5*+^d{>yEbr7Wr?E5w3?i{*$q~6X;VOB?4`yXj-L2IViigzMP}Ob|Pt8&0SCV8W
zc9A1VJ(Q=IO4J;##;Z@wd&uVuihXrt&4&!9G;hH0uL`9ctIW@x|2aWfxPXsge$SC&
zUdX2@HRX;lQe-NvnG9PQedQ%$tJcp{24@DP1poO73N`&?1tM94<7L_LFv;KYPne=a
z{i9y14@PFRQvioRn#+ar5sYMHS^iY2Na%YUiU!p<3jPS&^$)mGLLwDHng^1nSiEC=
zU*vz)J^M4cL{cX~euhV|Ad;_PE<5I&q9L}eD89CN@jx|nNYa8#T-#J|%yb?~+3nMV
z;GUA9`1K&fOlCb1`__s&Y#ig+0sVrepcgx5ot3(+mP9%sA-%$z%4#_w->=+LkaM=l
zcfU!rva#b^z@pgRe6NhE1G3_Elf3}e`~wj#PM8{S{o6szd(N8B5D&;kz(g&-rR8L3
zk--YU7!T*U;d37T&mXF8u~+C2Vu1=YX-ey@=BI&qM|Vd3F7g36(HRFmQ<0$==bJdg
z>hC|$e=1c89nm>Bv;uPFzV4W8FTK3wxH7&%b_QxzCswx&-~E!H%B4J2czF}p+LW-u
zi^NTIVM27n({!|r!tL|NTZq)j(&W@{>@Hj_*mRsiW|(oy`_vg*5EHS7&2V(?1n+oh
zB(*2RznQ!6&1!$EB>1o_`No3L`H68P1IxF+De43+M5`%dhp9VQR&y-%I&E;ZIrdf`
zGM}-{7ml!eQ)%Re99WJkwb~ZsdxA;~LJSOIpSgTwR~4239Qh?!EY?A<r>R~35ZV@7
zIWoiH2w&h8)f+8nZcgT5H97TPbIhf$*cU-;mH<NUJ?i)rQx$t#fZ5%yEqqv>(%sm<
zEu~!*$*R#%ZFEo8cl}|1l;Bke>3wb%<g!=o{$smN$v;}k{w?|XD@qF{&kDCo`L~4p
z|6&35IM@Rnto6O*9qFYs<Z<WvPjJkK7qKV%LkyOOq#Arpk|~+{YrAT}f*uCWSgn=e
zp&wPc4o$+zTP0Jr0?wR~P|^~^=1U-IYh4k+l*_9#YXODPiSaY_48_)d)&yUo+9QGu
zkWj)#d##&823--m1i4>I<e+axk4n+G$XI;o7~@70nFokGr&5FQ8Q;_D5+z&9T|r+E
z>-%?^yDQDs=i01ZCrc^!^6ABONCeu+k>o+a)0?(vzizIUkR?6&M?=c4an_@~mB5AH
z4Y7%}s1*n6fES2y?cWOa7q<}<#U&9qeR~v_TMqg*E7~WNdDQVLKSCzOrEQ2MK+k)i
zlNlJ@+xWo)<EAVbkdIo0ks$Lt&DL6QW>h`c5pL3qv%J~m`ss5^w2M1_+_pVRx+#qv
zu0PTT^`z7HOSY%vs4q&qQ;5WpFAnTL?}e{->qAT@`{IR{0pD4k`Mq<{@nu{bk*v6Y
zMrN76V}#3XEQKJ-Bgs<<cXCQSjC-5hqhDssP&1tcHr>nLxl8D00W*kC<gj?zG1pVv
zL)LWZEp(Sr&6#;>%F2ZW;-1~vyCM^~T+2f`)Z9~|y+VDEo}@$@jxM9l(J$$$_uiqX
z$>#kYll$W2w<~?S1<}O7-~vlkUsCN}kXBxV1wWRqY#ptitj{a>Pzz;pD-PYS(%LU-
z!3TEQFA!<;<zZLES(ZWiT?f+ATr!APE?1T=(|m{m+eQ<M5@bklB=#0B#YdLEl-^^a
zMK0Ui2*JZ|z4ZE?>n8%QNiJXXe0_ej3V~dGo#l)s?9Bo2&r$4j_fmJ~vkj^b*Lq9W
z<X?}k7%%SnD~P#yF-x?ls+beG#!^RWi@c2;f8&E%3eMNMs#I~saq1eaBE+KlMRm86
zHN_(e&4-&hEQjOWpfsMDJ5h|AReG=}gQSBsZdd|lG}}VJ4d-#z+`>yLhDW$+UJE^E
zz}<>y2=B{>^wswEEJ7aDG*8N`DpWOsqs}C6uaq9{ULv?44%deo|5NvrALAaMCKt`^
zw&4fT1rwOgK>AjT0oWI)uEM|I<uN>WE!smLL3kbw5*bu9Dwd$JjH}~CMRIC8bSFHO
zi{scWhIu6aX2&<{B-^s=))J0$_*K#8#UbHdZITBj&X*rbZs=^eZWZp%Gw5z7Cjijm
zO0(QnR9hp_1F(4PklFk1!_AupBHm6Ixn~*DP7l|Txh$&oB73v+O^&d7R-Ei@yulH1
z54aYp!)^~;n}ci~{PyocOuFl<xz9Kb!g<ZNvJ5*~6xA#dDysz@VM|aC#{k|nKKJGl
zRoULwXklS#O^Q`qv<&h&kjMt2=ODvSm<5SRW;GUJ=Wm_r1o)bbG~T0diIL>PjV;X`
zfvtPoi&$bK)_w!t=5*{V{4FU%DuXhvOCd&Cvid7p=C0Ri%_JJbHFrl6P08jysh*|D
zX(QVu5`ao(!_yg5Ht0dE{;->?VC+q}Xx8q}Xcc`udDGS44nZMu<SS0FWHd9z&09|k
zMOJ>|AdaRcthL49zgpZWY2Q>ecfUNIxG_Q_amMomh)&^#BkU_EZO|O0=_B$6c>5hH
zZP}NtN2{j!yh(NPy(#?>M1$4Z?Xgb|w^tn|b3@|GOQg1@DN#{K-&cO}E06TQ@0><}
z|G<v+;ms7|#K#-onVL_!xIz$IE>E0X_a?ttnZ;ZFcvqM}jWqA9F=_{A_Ki#KUi7Fl
zo#7-11E8`2$wP7Fs;)oMpd6t4YxcP1HB34nJJJb6FgUZyjf@t5M(3U_)%@{M)0CS&
zQRDpDmd03tu}`4H`QIbpAv$?G@I4>M<9@e(V28=*uQ{InAvAM=Dk5->Te}q=(k^nr
zjB~5Ab(v+h1Joj9XuUwpmDXVp*g^%DbmW3K^g-dxUA}BJq(39H)nBd3m=_k>s%gLA
zC$)yo$ZW3+$<x1onP~LQ%e@{OsQo9qmtvZXw|lq8Zz^`PAiiVPbo#=sBz}s5sWoK*
z7vGMmM8l53FkbhPRJ<O`Xyz2ef>F3aF6RNGQitZmAG55C=l+(`zZ{o$7zxhDK0PJW
zGbJ6{i6Ua$Sh=)bdZHbx%Q#u3tZBZE<h3>FtB@m-JVb3JMXHr9P0ak9(N}&M_J0Zf
z@n%_V@cBKe{kkMn1)em9nRqiqq2yfb+uP5YrnewWu1=F@jh&97-j=GdxVh7wFtiT)
zGWqSVEt0>i`31WgP*<Q|0&{rO<kdU5d?w0IUG7}BZ6|}pxJn4=ss#64*W6h{C(76E
zZjZ<J7Xs+|F}t?IL$n~mL>$I^&yg@=cbI8i`&8WttNp3HISBlB@|peS24d&8HvKPa
z@AiPgC|T&JcSpRb&&;o3h1aHX`o8<4Geu}CW_RLjX@%KCcurl(;;JoQuD4!C>!DEr
z3*X26tf>L5_Sl*E)7<@%bnzn;^}$EF5SfN5mgU-%8MW>U)4i*;ocN+IZP9Q2jH@lK
zjTP22`Z^N%AMHU25!qZ7o>^aAS3{mGxJX4a#ebDB$Spxc;&NVOocgO+RDqG)l;g%?
z9|2j6)_JAIlwk#<x^0jziAGlR&eQ8D_zE&N4Rg#u`N>$5U^i~0EJjdtvnf}Rb$GAq
z_VAadP1Fx;|5MGOypI+5y!u>bg%v~kXQM^<@C|m8nV|D&p2>LTA@b|m#T-ex_l3P0
z&97|%Ip9A<h+e0HM@;Wu*|UE=5#Rs6(nI>Rc>k%3_y7Lo|1@Kb7kb(D-ui@nT+KBC
z5b;A1o=gNqF^)p!S1<at?ckJCqkZ5oTvN6Kp|^Oz?CwbHxBb4;Jc}RNklputIyhB5
zOWvl^)@V<dVQOP1yF4C^?rgJtZW8%Zur$+CbH2~*^Iep&ZSr-sUYng1t9L#3Eotu+
zuiNE)2l{cjfcuD>&#IaR2Pi2^bkyJ+Z!dDtXr|q6QR|Y+!UWgy6=D&Sreb82FYsDA
z#40(FSIOKAe77I)_ea{lF@i>Vd%r@}9Tcz7<EYIw@$q(mP)fT2e>(GIrySy==GVq9
zFwAc#WG|{Eaat~%TwhMhFA}N?LN!7Q){!{vf@(io>Y|eQm=;Sea~wvTL&S|y|EPM!
z^TjXCq+-cHQ%r=Gdd}NV@CyhyEp~!~Q7wMk90V52-H8X(M9p$^j<*zV>)8#{-K`5M
z*2Yp7Isy~G;WVxg<2{jmj~{7=hg<<D)*fAfWf}m>^^w%C(?pvp)~7Z7F0sz6CT=?}
z1f?r7r*i?}_V8$HXdzmXhXqh0eo^l95Hp#Z;rzJP2p(R0IsCxyoe;^&bjBoVL-lUN
zC!)iK0}m~zg0SY-sJH&B3o%vzMf{C2*fw+4>!}SW9V~1)OT@RvB|Ux0y}oXAra@J<
z=&LmsY)VtEX0av7br(2d{BLEM9R?e%?vGi3OBZW5WFtzE?sKmvA`wU8J$J}-+uGgd
z&u2`nw@E*uZ{Fr2u8nT2j~O{9NwxB_zx8ghHzBq?CH5WfBMv74!?XpBQB9lR*z1t^
zbM>;2I5T=hwRT&X6I9%^z_(L4a~UPn=@}IRbrrG%8$q)yrS9u`F1Lc`EtgCp@5hY}
zLOt(<h@@=VSjI&;V>ha2J(8`ga*V{&{lv}}&pEq4pE2lmSgZZ?qGWI9O`}Fv5V8&w
zT8N}?Z_8S97VVYjUm?bMfwf1<+Pfqax0B!hp6TIC*;z$dsp~=5@olgAXQ*!=*HVQx
zfIR5(dvJ<3+hTB?trFSi<jfCI{i{5jkg7jdUK=RdPkm{yw{xhdwkAF1s40`VKKJdU
z-_E>fQ*MaSpaQ?<lv}eIIQMD9#S+g0tZ{l^&wDF;@m3mDXn#%Vf8^1?=*C09??5aD
znYT3F&x$hl9AS@~Twj}XqB*!yR!zn-c1EJt!+WE_NCmC!n~(ezB3wzw9T(xK0)#)+
zI6y20&w=1(j#3AB6z}1#`|@XWxYm+{mnghy;Rh~(9Sc3DHe%r%)cY(}hUKLhe1Z`*
z%F9DSSE!L=;L4J5f#xkN5Ip$fT7oE5t^F6<5oS7T9>_q3!oqkm{;%5AtjJI#eq09l
ztvtid#1n5E(H8Ptx{(Kv-6x2m>3if$cQ?w~ErPT?TY30+VMsVv9w)0Y8?zIE0o$^~
zUQk7JW&K*JuQ25{?`?AO)5uZjK$)P)6GYKfk4fl**Uz>e!4Zc?#}N(o{4KztZi_m7
zwgG+9uAjyQc>ljW_cVugOeR+84x3fcEMsGcoG0&W^60l$rRVa58BPRiZnBY96GUQp
zqbIB!xTw3+Z1K&5DuF&N%c!sWcC%HFbxtQ-KiHihgb9+WBR(oJ=dCodv-XKEPGZ$X
zjB9TQ6*klUyY*ujFSu(hFe$N2UHazg;_BdSiT!QW7A3!omr(4)y{lm+ilKu)@1k_#
ztfh<od^S8vD>Ih;9K<k{U5gu(y>=&v#JOGL*faOiF-ANjbYA6G&2T7vpe~}x9hxMn
zHP}Ih+j4tq>^!F~@={Dx;-&m5l3ttFjn@PEmoe2rO^#T`B+d7uoR4o3IBFg)BSwNL
zJ7F4FvG|D$9?+iE+%nwHWG+LQzG?M646<_+ykrgXNO1NTprRDbbC8^&*-!;YK^+~>
zuY&IgYqkRZl%6eR!8#+@xHstbwE;p<N;36knAMW6FaHTx=m)sQ>8SwaY+T>Di4vaj
z3V6joCse<yhC;zZM%i-YuwKH_->gUc@?pI@xypdp-kSJDv-$$8r?L$pg1g^sTiXHc
zX@Ujp<=F1mZZC$*(WBhaNWPp);VzFw5DC>M(jUAYF`|W#`2swNOQN{d%)xeG8;qtX
z-F|76+4MMRul`R$cy^BFPbs%ny1iS@lF9cUa<vzOho8FlttK%4tI7w)SFcgw%b;cz
zd(dedA$Vy4>rpuU0-5N`$W@^mX>hVyl`d=xd=_Y%x1WougEXt0Iy@Q7b0&K<j{j9f
zDM9t(uY@EaG%aUi+bP5>qt@31=8x9u#rb7l_o<j?Qu%uZmnk}5RE7I@AUj;W2)-A6
zoQkNksP;6jF|VhT^FAR4z6v8RyS03FF3*uirLpid!61~UmW|C#S(}|OmSlpSQ)hz8
z=0guwwHK-PLEaZa>_IBv`|46@xnb6Cu0i?SxycZ3MWU%`a+4@F|47%&!Od$PEI?cT
zBfIVu=^5wK=GvXR+qAGy=sdxgUi!LG>Y^=P1#4=zf9G!(KHtt<-dxJ#h|Oh9Ft_}_
z!rahZvtx4Be9DmivPl{IZJ_gI&^6C$sb{I_N27(BhBZ8P$CXH&*VEghRdK-Ww4;Tp
zNYsKzf}zENr_uEH+rQxX_-_Bc3d7;U02yR6xBXPt69~)Dk=(IK+Tz{C2Qdw;I}7JS
zaj=H^pk{se<FMS{I^AbC))qL%m|8F9CT3%<rOHGm`7vF`#ocmdlk0FDF3Sj9%qLTR
z4W6={wsj{x=dOyBE4|!n6lb>WOHV{Jh+^6b-;S7Hb@KfV7mKhfCA)WP%8H}6ftw^i
z$2ehLG-Q^`Ycwz4$iELLefW?-Hy+xPuPdCAl=fDuIn&z<zCGMCDMF(muEk0uSFJCv
z(J21F<bTwX$r*vpi`7g0Y@d6$*1*zWf6C2pQ7O<6$5i*@<F`G5@!d=l;Dk5{jY{_a
zW;s^zCnO{^HZ~U0zRqgkFVna(r^~)}d*rw*w9Rvnye7jxv}{a??beReTsb5b9!dJ0
zhz%CZStR-XLTA_~Otd`566Hg>SM%cqCJhbVlOmGQQ5`F&-7AZbVCRtawcNtduzsih
z2mRW~J<u7m;bzWlQE{;b)#7R!D@=j#y8hB7E3uk}t67)JW6Ry4)~hvpA5vG@D^A$<
zVh(rO827xr7ki(Z3s+Ve<?geVN(1GWw3{xvdxsOGu@d|+Vz;@lPHWq;OW><B)MT?&
zzW7Fv59@|;Ix5lBjTQ|lN-}oX+He$AD*U{QSqOGIh1B+Wc6bTQZ9OKPS6mzlc~~8m
zp3X9v3ws$ZC45OrDi9s_d^*jCcJYGfW9xR!+x%aJhG-SRAslpURZ8WbI^Pg6bL^(0
z-m@5%e)|i@Q6>vonGDTXOde~*@lff2-kIO3({8VCesy#em0iW42IQ)F03}lzn9OBS
zyCH@Nu^!bMDU{$-RQxQyM=&*So%b+8+!yZV-_x)MQ)#$pLdNg*lRXD&mk-EG{?nEV
zY%f&4TAlG}vIsu(ezmd$LT$oTI|VV?n$D?Aj7VXC<m~L1#83$5O}9mLQa_f>=dpHy
zG#(SXhbvPG5(?OlQU}!9p2EL(<VEOrYw#Zr#=SR#a+>8lf4RK*E1zXNy(iNaG;cQl
z0(j1MOznMr;L)6aL3)cMK=K3?ZDIz$VHT|2v?TjA4LE<$Klano(%bC#;}x89OxlsU
z)9Nmznvmn8pfo>tZQ&r!Yen2dL<Eh2`=d9f?W^cWjO@Ps4AEYLrrr34Y{?@}u-bfl
zd>i<9i<PZ)aTnFjw1+3XG8orgohF<ICf}sUj(tAwA7ADYvbGR#anoS2Gx9z@K-s`N
z3|AeCU?RpuHH>$%a8f45F?nBmWQ{MHWH*MVQ-pblM0t_OS|5=q04Y7A`Jzi1`9T=4
z6SS3Vc8^YH&MT+u0s9x*V^N5YDi48(p!62;^3K6-kK67);%EQhdei^$iO?@g(;hTZ
zW#w#FXEwy<ZD^hueQmr^iOr|0RI3LUO*?C>v4E_d;N72rk>UM2q_SIEhFfCNl5QUF
z;#8D0-_6B-QZHbn)sZuNw%1ct_=|HdIem1UvKCIam0~CtAZPsiGD^L~8`M+vIpn$4
z>rVO8LlE=DgD2;KcNBHw#n1Jr-7lC?G?P1DXG%hPM2TfKlMdpwoto_sh|}H&yV%p4
zo{4WaF~{ti;4t-wEnU6avWH8q63V#3+zx3T75jP}WgP_m`~zUQT>IxU5<3jy$}MVv
zkZ{P<)MvW37i<_<X9t9AXvb2$sl8X;KmYLYgL*M4R1WkcB3z;OUCX>()JfBgK-uo#
z>rzM3BikQ7mY<ef-<8%5h}i&k5*6uQ_|nNV^hRH7qKQRx(0)>t`Q6i&A@=Au=@>xL
zopPZqG<gbRfO6ZM)nS4oH56(z#(ucE5-Yc*Gqo9GIJHI^#@x|pLnh`I@*<5>AYqc8
zF=tM9d>b<2a&<iMg(Px{`SC-{ZZB+)mAaINq}DIqxpx1n;GN;xm4tICE+SV#8x<i%
z#kk<dsV|$vm8vYNW2%LPd;wJ^ZvdBl+S6kLi%o)s#l<vRNq)#pe=D?`k2Xgbv>O>?
zZ$sJ0n%h?GeSRaYE%k1_*#4k|o&-t8efY=WWswSa7rc>(zf<~+j+L+rF<|qpKl<DL
z8ljBcGoxtxzNBm_`E36#8dQ%gN&hHPD+;Sd*EhIXsPT9Tb|En?K+n$?`Tkv9p@Eb?
z@f1|8=&0TW+XE<B;gJtbd%&Jg;BX?17VT>E{D1(}@K0~n9qVE;uno*%Pzl1rJ)qp`
z!l+Unk6ymk|Es<44r{XM`ivkdf)o*H0wPTWrAa4XL68!HQbUUhf=E+(3B-cZK{}xX
z3q?dg2)#v$AS5IYz4zX0LQU8kpXYsduf4wO+r4)GediBuZidNZ&YU@O<~OH!H@1sL
zv}RnSJ`+nv)F`=aUp>v7cvDf$u3InysT%f)nMnz`JYIi3>JnH-l;5>B$n?uob?YIo
z<i=oTcSVx7N2E{O8WaEQ`otBwV=TZ8cJ|maqN&XH6q^T6G8L`SjFP%?%8%yJGKap|
z(w*2bXv-wGrWrFxk_Hj^!h%ukU5lcL7a7?CeR)k3{ZSWRd9}Uu6N@AwfQQa+wQkqX
zTxw?eg_?+}%@z9`x+&)qK636%!8y^Anz~E_W0pC_Q!e3`1AXP`fDc%%W}G~@7`uCL
zvJ+{WWJ@Hkoaj%mfBpioI>caB`5f}rW{#lb9eIpH9NxSMIo{`;4$D7XZrHDi{gFen
zdRFwX4AWxO7<xvo7?D6{gT4GF5>%jZsP_KjYfLEj<Hw5?QkLSy+Qgu*SiHdG@MQ&E
zWqNF6<L0x=&1<HyyK^@qD6=fQox7tGO{#4An_JRB>ahEI>ZW=b!XJ{Ce*OOSpnY_&
zZwL9AYcJ{Qd8+7n+}4AWJPg`Mg*~la#+nNZO31J$&mT*5L<dbeN@Qi?-*gP^Xf?J5
zV$VEn%r4wjm5Z!r4$4sH+rZuCNI&p>&Rst0Cr$}u{pNiP;!Nipl1#0R58q|&_YDlB
znxi{6csZ>lUu_8?3|N|tQM+WO=B?oY?_Y6c4UrY5=R=RI&R;ZzH}FON%BM0~*>FzW
zekX*Dzpr1(bGvcw13AfzCS|u>e7y2PXM|yBszPupvV7c6>!ft}R4B3=vj<tfr2BAD
zY&cLoHFHcWZdmY5>)VEnLlMe1zot?xDKuP!O+_Ak){=gn1F{K!g1njLG?abLMibni
z6`sVhwQRJy<Sj|NKjI(gxBlsFFbumOF7L8`_G_xza2bTB_D$a+TD^FW&+{!XV>gNa
z4LB8&XR96A;ApEHBd%k%Jr4C>I}CUyVY#hlY-|jws4l1b2*_$sR8*9z++$U$6@v6J
z#Q+8i4G-_70P!Vbc<u@wbFGF8O%^gkXILM8<<zNh&+HG=rd?lOL|;Bs|KVGR<bc~X
zLu^*6B$ZzL2%4lled0{T7am>}AL;qmuS;BdbeJK>Q=oq9&qn&2h<<lI{9UXhTPV!n
z{x2?5#DS*FT$fUW=Mk~{E1=A%ZvG_&=KiD5$oyF{z#%2#WMl@hZDW!CSUIVz`CAb<
z{+*R|=;Qwky4s|9^=|{G<BB5Izgq)+1Kb?c@F)AiaRn>Sr~j)a8oHjxUO^$hk<rcr
zl}@-;W3A)2bN{rS#@^rkNeyCNE{r->vUu)v{T&hhPj^iau2bB8QTFw1$M>4{jo+!9
z1)sjJ+DyTugr`&5fChh;J=Yh2jnDC=O?e!5SJna%+#FZq$cwoXxX9U_-a*tCsMx*!
zd6mD-hQaNJwI}S9s^7WG-NXga+)DRb$oD}$3QoF{c4ZP_4P*L}dB@-OxLBs9y4rrU
z0z%{5rkdv3@?XvV+I=XSTk-lt+~}kIA2&#v0(_$CqT$O{zb+MY;I18O8^@(@HhcJ1
z6X?aP-Luey<$H#x%pIdY<O6;byv=a2ebjPW4_*>GyfP&1Y}Jy2B?^%1{l1JdT5(D{
z3pmP@8UC<Wu`sEDIQi6yVfd!BM@!QdVy0j}++-^)IAjR<)N_nM1oL2r9XAmVIhOs-
z-YPe1m1?_3Ez~Bw1tD=|NUXmOB^RD8{n_!07#@9&sGY8WR*Q-pe3?Mn=2DI6Q!{IQ
zpFbqMGC)X7U<h4Vvo^Io@{wO2Bn+QU-{8WqbfLk?iO{Ao!p~Q`p3?*#lfsM|uJhF&
zx*?uBL@UY(O!LV}%R>HBO@)Hq6B?S>iVxjAOTS0TP;#Mc^qyS||4P~Z1Q+;O>aX+;
zjGgR9#ECC=)-reg%1K6<heAJ&4Y1(SSqrb*YDUw{9=TktJ&3d&w3nKWe21?p4}3J&
z{^9gc(RBF^;L(t?J8wquH)~DX1DzPrDt=a&fKOU$UW-zxoO^f9Ed6dWY1Jvv!5SaW
zy5mj^$(6WP8=MqpC)+T!JQF3L2Tf_2a^XQy`VIWl*H0D(PPM=CAK@vPdcNdP#3zaz
z5Z7R?O?@@~Nl#l=YBdrSK?W_oSKQyJh!e}hU%2iY_DW^-@}p^$=|0Qh=)05Zk5<RK
z5Y&eItMt5WacirBie%c05rtT<FRXKDfnBGx`mX}afBDZd$^?i=?_}L3-MRZOCM}Xv
zhj2dYW8#;*N*K5w$Zm!s$5igJXA6DLV*EH~b2!V#hRN_vXRrK~j3XCODY-R2F7R=y
zpN-z4L;VfxSPmp!R*PZtoqu*78*ZUFOLc1_+ZTDv%Hk#KqQ@c%7&;J|5Zg3?1P5t%
zSP`ax3B_M`r(tlDfzIkK7$+};nGcuP#C<m~)|>ro+smf$Vw~OSN9UHb2(vuqSzDLH
z{&W7PEn%(tzVAfY+~%pN+Kfu-VI6Oj?76lS;`^M@5361WVV_PQOp$L&uNVKlNJ2u|
ztKQ4e=0BoamW;VEa`x1BGa^XN7lBS|44LaPla&arsXgdVz@UkJvk&d){#TSmvhi<}
z<;#tmO%auwIy<N2SuR`%5%?=3x=%}Pw@FNC?eV{C0er;G$i6lolYdszNZZ#!XP=UJ
zDii&bgCp$y@K^5yFq%PA#71GSFuWJww-x6ub@LoeM%Mf&pV%lic5Fqfq1CJ&d#(<=
zjnrf}k4|_j&-viuaXz9a7W&40n=pMkU*U`7cr?v86ZAAqZG`Ii>9Dr}44$#T5YJWa
zOZ~`>_$;%&vDJ8sFH%tXEs_JFNKg-7Qfq}DUU=I@OAlOxu2N3~fhjlQGJK-Hwv2w7
z|2L9D>(yRLGrJ9Aq&AwTM4eCNim`GAgWqrL!#_*cY+1ZVCI=4?xQ^=Me75SvoqluG
z{x}vPod}h%JRdJ@>7^Y$*KKV&5N(z6MlYu;aDVv?b1aCP<POJP0TI=vA64u~H_MHN
zG!jxfrcO;cnG^Sm8G`e(e7{4rMK(x^=))chTW?;xB<1J7;Tl1c5=<-w!bjMNdKA)<
zMQp{jHY!c4y^-AV|Es6B>o4JupNTLDSZpxY$7a1izl+sSYeYc|e<gM&;IP=Saf<Kl
zDON;hQ(3Lwr{i5MlK_}Axy^}Zi@f>C(7OgEq!%Xd+AP-dn6fUtJU>c#Ju{0-H-eb!
zsA0T&s6qjTyQDyo@5%*9#{=n<Yp1`evnRW?v(K7Z@?pW|fb9~?{TD|Mny6!^_0}x#
zpZmrNhfX%$_&~pPQO42f4Ate7ln<M-7t2UH-Lf($dDMo=A+;arjiSDAJp|V-@bUd}
zWSEm8tPS$O%9eT6u3@8-;wHJgT{#fSr_L+eaWl+9RQajwSv8HFDG%@zAfe&HLKH@e
z<4%hzae5s9qb#3-^AGfv1%sq*{QI28AFtc}%-mpfiWf`C)1Ml?9<qvF-SzOo`qX@0
zu$e7%vl|{((wiTnV`g@JBM7&xFS+c6#k}e<{+l=_P1fXPm%?MiqllMgf8ifnbMR&W
z)-HM8smPk~!KtR&ibxAI&feD@xl>|(f9z#!?BX%8q81bfM5&axZRkSX)OS^bEjDoE
z^F+zP*YGD?S?zV1vAL3~<5anQIykVWU=#a1O68)P=HZ4nXJ9~9B?Zp81x8U^D-qU?
zZy9~EK)}SgIg*P46GHn%r(p8!wDv0E_p;^i$bI5>dD>(cc&bm&&yTyPXibLDXi(nz
zn`12o=ErLeOZb)70e!i<C#IKNo(9YR=mfubbok=L-W)YR&R%+})m{pUOiWTohn${S
z)`w1Jz-D$cB<HU!!O9{WBz?B_OS}hU=<rYJY;WMM3@yX4vd34Gc%?YAGKVX(h1T{)
z+mo7f2^hcT!pCjlfN_gkcKL}d>LoSkt{lBCdBOSET!<B)$c?so=+Uup!YX}tYMlw>
z)bBs}ne{F4hS-y(ZIu`DgI2{(xB|C}JcBG<Rk4|cd0Ycy*1Xg&%V#P^LeJ!}_RU&9
zalQP#n#~2h2nRGDs>=pxjqD1jeZyzy##SDPhWs`js&p3x`;(2dLM%T4R>3o-$m=!p
zyRQoL5nLAKqxhdewGe%N>a;>#L}gyPuug&9hKk6;s?#5Au^F$nO>Fgc8g^Q)+1{|3
z-*&rVN5|4dekf`ztwOaZKK6bH89BH11rPO--V9O@X0s$U0D`66A@{}~1*Xz>n%|}3
z=_t?_1ns@LyQB3Tft>b;>yv*meYI6xkyUn-ukRwCM!{7P2Q0@%`cj6G?nK#>>;grd
z!3pHlU;%r_M3fmf`%|%Nf~#G3g*eQL6gfjV$D{hP>{c$av#FM+?Dio-f1LjDfyMQT
z(ns-unEXY;fN=;s3@i@c7WqhLMowZ)dT1K>uKvEp7`aJ(QvVjk)8{#~Xt%2o-wHUi
zKi4vdmT!vQ5E)+Sw0b0_Y~fOuaMqvpaqZxF{)Kz<l`}{;@<eHkF#TNtho{26E_}9!
zqv4&+6E=XWhVic^XPG$n$%_ceaLBo@A~&W?I_*5Ke0}#W$P{9`y>w4UUFGXFoB6Go
zli-f`VGylWMW?K$(U|#|^iXEyp{wq~7!HoOc<&S&GWq0g$(29eC{mVQR&IcD3jRkq
zb-AL#oThv<hia@LK+hGd4WGIFb?Djj@ctW8p)-ElSV{PHdWaOLg2mliIwtj6=+d&A
zn$tB()vE&zi%_3!ue1I<(k7Qg9qvhU$$3Snni?z!T$xLJM8Bl5f0Co-xkRR`;?M3*
z^EW9~FSR%t&K+n=zB!{l{#&{;>ei>+^KAKNKyG#U4L<&&H0Gewx}3^KS5F8k$4Pgv
zmWNFV-Jrbw6n<H-nU{$9Ws-dDH|GMRO+st<oBoHI&mq6D-5)lw>GZD84eLAaY7oFD
zDJn74Og8HtW1*a7(JP-)N*2=3fKyvx`bM#q-J#P-%I+?Su8r*Pp5KQb^2UrQOW7kp
zF=}3y#Fg8Yp-~TS59zA+b2B)M4aRJGfVNf~#qd|hsXGkoi=4Ogs{d=Rj$^RszToxl
zKkkgc8M~)Nd$9M-*FX+Uu2X;$kGH9k!(8up0hn;eE_#N0fq3}C#7B8>Vz54;zlbj=
zBV*6vUv3TO2i}A1RV+sUJO0P6pH-|U^R&ZFf)3IJ8jTd{emv=Wsk2`qI`~|Ka^_V+
z#NqP>8uOln43p;E^&9xLxuCTHW&Ccw!lyC*E4iZ&!wN=f7YPo|!Hy~%Pte<fgo&#d
z1+$c|8rL1*@sAceLgQHrJV`D~8u*jy*@OH7E{3(N3D?s@0{RnlZ|r#QO1-pL2?<}g
z<Dno}5JlegawL9!Oh{s0S&q;+=hf0zx9XVYY6dugnctT+rtP_q_|}ypr|LkN8}Ny+
zqZ)ABWHr~&;O_eUcfPsQ`@|?FiM?4)gL2*V_qCz~qzSV9r+b@zn!^icLy2mpI7CHQ
z7;GrSab24sV(1&!0Ff^${W7LArs(#2P18Pxz30%F2cQYT^uo)T&u^POay(nkmqX*<
zsh2~~;0V=#DA8Ac3tjL}+ir}~7#*c~4vj6sa(9*QowU38{I2tLreMeVxrd*=2(o&Q
z>LBXrB{+FbxtHer?uVPY+I(@;Bv&LT(TNrrD9{j}l{8Ms;P}kXM%g@{Yq(Ez4Co~L
zD8K$?&cMmF_liwBV_9T5&*bER;(3p1h8Xarmp$vutgH?if8S^RhBRTV8l_f;H3cI3
zn4F%|#x(c!=Gyr-Yd2)fL)^Z!gC&N@tQ7@m4T0_b_oullyxgxy{nD!%h}!0l&`@>J
zGJ}YV*cv@t^h!(f(#JcT>!#^vl~(>RU00UyX79a+Kw<DZylZq^z{jv{BKdrI0eHc%
zW-%KITot8dAuj?t0dP*f@{gH1T)4o(Ul4ey+<hxJBgC#KQ_}aVaU=pfd<Kk&|8?(`
zh2tHoZ})MzE*>V%wXXb3L7wloEoIqFA6Ay>2UVvF1*}NR)L5SJK53)CaVPv*GImO+
zV8n8<;rB(Rpo80fy)l|g+j4jF-<4S9(62iNY<P?uSCn232(Fy4yIN{2G3J@_W5`0z
z-%4%DIiFt9vURhQXMNp*hkj-1Ha>(PgdK<YJfL%!*+;Rk#%LaW&ppN-ff4W#G*w2q
zr`$U>)}qb!Y!+`*ll^|wcaOURe|(GCnEXjBS-9#OSfFvUH1~b|yWcK7LayJMIvYY;
znaf1%ebo#x`VY;G@7{9|4%Nl|{#v<C61?&mT&Geey2!63jdJ_}7)o2f^fq4);!4_L
zULfxS`Q1!^4u~~J-3anWUlzzqTnA0<Z8iq`u^t9Uv##-9*?J+zuB9Ja_U*&hgchEY
zzU(SYQoda;b@HAUT~g8S93!&=CZQXYNJyabS^h!vD_(V$%Fi@$mG8qE6NG9_f2O6B
zHNE3XIeMi!#MYPdewXf@(2PZqQJ;aiL34LcOOYkXu>8L?4*x@%_kZJI8q*@Onboqg
z!M^EZ!kps=f;l{g-T}a?bY}I|FMcD_*b>ss$AZH*ikdTcSp(8SV3zuRnGCFt1HU^x
zz;`E%O&pXXr)Cy3wlAADxGh1nSI6(Q#b0c?4!+;Nc<04Sp<=8GD_T^nMlbaZO}doJ
z*DIe}D#zQ=>$hl^u?g!#i;*v%^`Ya<R3;6XSlQuv^j;@-D_OTfY~FVG7k~#@Ogvt#
z&xneBFB1J4tRjY8`)gajfz%dhVXn8!EzV9R2az@}uP7C6sn9D#^RiC4i2B}ReaWzu
zj93Krw;>jeZf=|A9<`T(cMp`$mp@m(9iEr_wU!R9t}rQjz~WMvaT-`?^M7u-Oca1r
zjt1)^e4apfl+tt+?@o+8)HCR}T>k^hUl`r6R7-xA#a>o~V}wF&4Q~(Z=yBqAL`|<!
zENkCukZ16p$S8l}f?RQnTbx<BKPXE@BpTkf4t)pC$^lh0cD=qODHwgSa`I7O!rMSM
zzz<{CMAuAGlxBG4N4yCOc2%+Ng!NgPd%%U6;Xlb)+1!7)*7sKreHEmpcE8E`nwGrH
zFU6a8LQC**K)`*j4xIo&!0smP9}Fla<DrG=la}i9d1!$3k3jA8|Hfnfzd@t_2b}3Y
zP5uQm#2mS<QQv+qSo4p@5~v><!|Vn?t8L7f5cBhoPsN&LMQ#+F+X>?xx>I`UiGRC@
zocqfPuSX&ZF(Nzq(zSL{ec8gH`kbPDk0Q9rAlXm8C1eV`5j$IXt5}nfhvljG#f!Ji
z`uXRm0yHM#Cy^J3I~&OZDDd)L(b&$i($<V`UB;T&8EF;}P|n_AJPABry<wp}0X#om
zZn_0LKv(}${U5UYhaLV;%OFHq5CjTyT3r!$+quhA?0r<<;C#S!?ylR2mWX{TM0PX{
z7U*cP8t7q4CNo`dO`I9D^nPiWi10`gWe2^`VWU0qsv*VyAPg~6?Z{9~@!#QBEvC5M
zJVT)LmR(XbYL(=$N{+F=;L71XH%diRO`-6VUisTBAjK@02qWl1?+CNARFHxLlec=6
zcsb#c)o+$$Awl9-T)wQ<+^UxM-dh@wzQdEtAOo{|mfVLX?T=m8Zauy`j?+XxF#Rpu
z3HqrL&Uxl|z0(Ptq5&SaZil=+el=hL8Uf`((0^0?u8Rc4;uCN?oK3lzuC9s0rPq0@
zBWXaRI-Z&!(E2GxNBskmGwR?|5vt!vpNVAGQkH{pBQ;Ab^e2-JBIY&n4`<(7)_q%J
zKQbvOY;R&nDPCWcMhzU!)<%!iPTlHV$upwp`DZM(#-2vwHVG6M*8cL$djXW+C<+Cx
z6<(QIg66}^3KhipkkZbkem6irEwlk?rU)w)l-b!r#@<^SO}kf)6y$|2>yFCF7^=On
zp0$(~%#(D~9?Idvr`*-_{LC#Ht=mU}Xx-SU`yq)-a&1o=I_-8eXWrHONK^EiqqC{q
zNUdn)3yq5iCy(riuMqMwv8^QocOAYDQ!Y?e$K@zwIvIfst^)M>+4?*^job=`9kxad
zm#wU0R|b;`3JN?Bb6P0H8w(d`kYG}&gVR^AU*&`q%AYa-qo|kV*x()w-tb6FW$UQ+
z^q(EBRbVTmMoLf&_MWXf-mssfgE$=JTfrU}UZgqk@f9GPU&R?)>^#)V4anywXS)w|
z=+4l`6|WD5%eZfbl*so8SEHd?Efkdh8aci&Ih_FAwp-2cm`2+qvP09l(4Jix`a>=J
z_>|XGdV3=aFa#-6kH;!$G<^iNF_M5nx|&wy1rSJbT;>+;__TxKz@8`xYs#HokDaG2
zx5U^aIb-f&T5OxwzbF97Wt?V_YkS{)sw5paV;u}N?Iw)vXJTdH6c#YH9}V+fX&2^C
z{cw+?7u$HcH|Z&|T6QFk*c!%M>$NVP(G`zU>hLAcmPvZp&BVKRlJV}aI+8(^pJSKT
zK(a*Trj-Mpo`6_?WJ0BM!7BV*d)Kth$K34(kx0u~xWQWKNzka~s5u=l+t7SmEUB@0
zy_YOeJrRqqJ*=^map`w#P8z*S8K7+SI2>WHZR<w}i)^Z=sR&{3iv+d3%H!xofXQ?X
zzS60`gQr{Gp76AN0pVlS%P7QVZym?(&W+hz8oR&r9jh~Biq@N2vx;NyQ!w4>unIVh
z*<7Ov??hjUA=68)RrQL@2%tPkLEjH1<1g)w&Dqy~K;!qCv6tw-fTNFOx>ko1K5<0i
z+U~`5DXlG+tc)dKVPgm1g69WHuFI|trj|j|;B*2~t@U77WmY^FheF+zZpuNFI?+~Y
zNq(6a51X?m!S(d}YO=S#FY6q9(IRf_?#uH34y#s}YrcLCrnuIyT(?pS^Lq(N9NDwI
z=)$#aP6Kik)B+ZC+V|IUnCV%S;{9T6)E2b}<xA?8xHOX7yo}p#k+<8hQrBrIqb3zp
z=WoqFoD@pW3yjY)4Ulpdjl3UNtfY(VPdykC$s(=wWr}O>)f&oH?=1|Ie{Qup%sr*{
z2)ZAw=(^#c)>YV5<2)J1M?QgSNOQa4p_nMz9_dar$)Zc<X#S%gGgGFwk7447hgbHc
z1rIsYW<5q`W+t3;4n>J+mZ%GW_ma{RxJo7MHpXf{^yZ1oE@9mj6Y8qPwvI{`##9F%
zRVg^N<NcXzdo$1(dsB{iHX#T5onW(!9r^V618NJ(o}$}_lFt`*ZiH76H~TTg>l77P
zo5s;?>*4s#@t1a^6sL=xOzo4z^mMLZ;(<?Vum#3xjMzyYFOb;n4q;<V0{!F>2FO*z
zN_$XDosfeat)~bAq4L-WxM6iP`e`_i>|7l0LVuj?v~T4e)+&WO#+i6&5wb(h!Ay;4
z>*whzQDA#Nn>_-3-3CR!w>IP~c6$A4VhmWWml#52dOBrCT}tdtoy}euTW&j7ID+cU
z79tw8DDp^NiX-*$#=Y}nemXLxQoLR!ikWJrNBMg}V(UHfN6>W4wI2wySvQ&Th}|99
zP&mXd&US|ZhVg%92jAXr(IdMI#FW9ivjax=Q0ir27x9dFQ1|v*Ud!Bi1htqIWr8Z)
z5W*eYBT~)G-{YMI*nbWrkq*fA^>CNAH#W$>6p|U$<9R~?8SlylsDtB>o(y!3vOA6g
zhw>WR#-~^&MfF6Yj!-CvvC1o^fe0IAW}$Wty|&LpeI-9kPVdtJwxrB}{bY$nJ~Vl3
znMi>z>k)D4{PToKz*-q6YphncKX^047yocXc1d<BY(wm5DI33U4INbPiQhCFa-RvP
zMfp!PNvP+@FQ_ET0lw7i*j1ZzdC;X*3aoPB)@&5G)-Tb5+1GTiSv}o?Z$+E<4$>0s
z<l3tWhe9B2f?BqFb1k-?Ip{&V%rj}g-X-d|ojI&JS925FyVyB9;gGx19)%Vvy^fNv
zQxLBkLlGKrzSYPMl-y8s?QLkHT6aPsGo&4l6U}ml+9#@c`GjuBTES}blrY%}9Q$2x
zfB(~+shN(r@PQ3<c1ec2&pPR@TkE^V&fQJ)%DSw3>pJa%&*AveDBQREt3+yF?Dyd`
z7<1jOvQ~X<SGPTZKSFQo{R-+}-qF=~tqTkrpmaV6Xi1+7RV3hXQ&3`eIv6&4_zJYn
zuYbICX-9tH?vme1@wkCP-7`%~5}V@g8Xit76CZRtf?LKWwgkottFJ*%dD)K0Hp)!3
zX`>WxYPX?$d@TmYcG~W7gVilF*h|?k)BC-G{Fh>dl)4j!sB5z&mMWsS!i;3GFTqbI
z{Y7VIiFiVvq<YM+goI4DUGW4%|E~eG3j;`eA3*oLx4^oXtH)Q&<8O*Ma1DJ(yk1>w
zi<>yH;xDahx~$)aOV6F%me{4pcI}lzXV}#H;|fLs76u37guTHisOo;3S&t(5yF`Y!
z$tH8E>=OTuDTGBLLskT5mw_hjsKz+Jk@7oEe$we9wF`)EqPo~EqwGKji$ssQl2U*)
z^pwI$MOl8iYYInR#nXAv*+dfH_fROAj_pUi^Y)rSBT2^+P81h(0;K<txNlr}IF;HJ
zxKe_z+y92Ibui<0Jm{j}fm~!i15jRTvmWP!TDK}!de^dMvdg|(tAPi~C6@v>iLlx%
zb=j!eM%q-2hq0?2yhs+uhoG`Y_mFOB4KkHJ-ALntf$hzT3q_asEt2j*m;EX5Vwq%d
zHAOXV0#+vLp_l?<fjWE?2N%gQ+yYOa&ke~O5~KDq6H-!2<TKEyK6J*tuJ=OPZEP*J
z18Xk0H!2FY58%$`n(1hA`1>r+#tvwiGXm*o(&ueY-6^wM3<zlb;Wn5Z(bmv<*P4_(
zQ*<4sCW#`=<j9D!6)$^pf15mm?+qumSM4mf0Xh+J(p4>q0HzgFU~KJX;Kr<H_u|zM
zLgS(MEsaaAv(A0iAJ`#7m~|DXUB{{pcW{#XjB9BoMXyj8wC;7SRKMcm6ULtwk8!i2
zj3*Qwcobalnc8uqgS?-Pwz1z3VF|V$B`ww{YkU2r$mG|rUk~?fj6_uK9|@I`v~{!!
z_udk*MX=FzpKIPVV}w#5ReX-(@up*xrxW|SF2b1$#ecNhl52F$fopHI+h||bELXjZ
zjt0;z30!AD2Bp`upGpBVOlXr1zkQ8XX@<yq22kJ{Vt_?#ydw8`%n^}%KkK1(?zF*e
z(5vU7$Ddqe%FCW?yR=EnG`cp!bF_Z6+0rGNV{|R6yj;Q4(=#_eAChZy{?rN3w|GFN
z8C=eKD07g4;^O4|Ef}pDt1DT1la`j&cXuM#eSN$>UMH)&yL-B%OJCR7Isf$ukP#Ok
z13!i(xcS^$m*(@Gj$veC5^0TLz9^Q2+XKQ5rctR>#L>YRaeVv{H#hes0icVg#~RtU
zhf1?XuM*;Qe1FMIz$uHSS~vI)D1>ws%=4aaM%NM;dE_Mk7drf3pYHww{{5QZ@mRuj
zgyUMGe}gk9wcS0v)1wLMIQZBOv@ql~5Nua{Gr-YtDP~P8lA9D(y|}i9?5PBX<ujKj
zO#=|aK>Hf)UIUV{a@g*SM5)&-Vr@MZ1`ZF=bfWB}AfSsyA)t$Qo|=sx76+1bV(aTJ
zDSJqjmX;2bI2fu81P0u|E_V+5E#<pXBygnzmF3vKkWiH!@?1nQvlXzYoc|md`T}g-
z5}Y51Wl-9@G3)L}vVE3YTH3LYRQVa=5n{qZ9T%Ruxe#T4mgl7R>IyN(sOU{P2y|jf
zTjREo3cA&kL&5jS2~f_>IY6+Tbp%dBu|nSJB?7=92Vw83C#DUtLi>0@2i5l8sd}^|
z8N%TiPjPj7Wc=orDVZIMA-B~A$iR?_K?OETwym^sbuwFGZ(b290UGZfb#_XB@tUmx
z<QjTCHACv;c&77kg>;+<L?#5@2+WQ(V&j+7SRI(CcHpG8{+fCEJ&()pax7(qtuDH%
zs%o1|&aSRjX>V`O%`aVM2YpOYlmTX52VjTHPoD(7XhrL1J!~B;b#!mx^%iQSKV835
zyB07|>S(Hy75f^PyD7CVtRRq42f+#g(O0KzM{voCT)%!DR_*0nx8GA}H(KM%B{NM@
zmwGx}@p5mluP$+Qb+x;vhyD!+)Kh_d20#lvUyQEtD&2Xp++U=0u#CZYtqczPOhpb<
zd%IpsXu}?qx{OqH_w~*Fd`%0mA21)c*o*ZzK_A<W*|w*Lm;McjL>j2_bPU|@%E-oI
z)f04P<XjDJBpq)T?nJP{-C!oU`v9{YbAr)Ql(p4JjBq0a0#WjqH#l|rG<;`&#!czm
zxpRs1v_QSu=i>ntrlh1W@+x=71cE>{CCKCN37iEP|F^T?#?gs34*Ql0TDsihdhL7q
K8U=SAz4;$@fem;7

diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index f42321435dd0d..0f01a6a8daadd 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -19,3 +19,21 @@ However, since Argo CD now sends unmodified kubeVersions to Helm, the generated
 The `--staticassets` directory in the API server (`/app/shared` by default) is now protected against out-of-bounds
 symlinks. This is to help protect against symlink attacks. If you have any symlinks in your `--staticassets` directory
 to a location outside the directory, they will return a 500 error starting with 3.1.
+
+## OpenID Connect authorization code flow with PKCE is now handled by the server instead of the UI
+
+Previously, when PKCE was enabled, the authorization code flow (the process which happens when you log in to Argo CD using OpenID Connect) was handled by the UI, whereas this flow was handled by the server if PKCE was not enabled. The server now always handles this flow, PKCE being enabled or not.
+
+### Detection
+
+To check whether PKCE is used or not, run the following command:
+
+```shell
+kubectl get cm argocd-cm -o=jsonpath="{.data.oidc\.config}" | grep enablePKCEAuthentication
+```
+
+If it returns `"enablePKCEAuthentication": true`, then PKCE is used.
+
+### Remediation
+
+On your identity provider, ensure that the OIDC client used for Argo CD has the `/auth/callback` endpoint of your Argo CD URL (e.g. https://argocd.example.com/auth/callback) in the redirect URIs.
diff --git a/docs/operator-manual/user-management/index.md b/docs/operator-manual/user-management/index.md
index c8285326f300d..24bc7a4acaae1 100644
--- a/docs/operator-manual/user-management/index.md
+++ b/docs/operator-manual/user-management/index.md
@@ -347,10 +347,9 @@ data:
     # use the same clientID as the Argo CD server
     cliClientID: vvvvwwwwxxxxyyyyzzzz
 
-    # PKCE authentication flow processes authorization flow from browser only - default false
-    # uses the clientID
-    # make sure the Identity Provider (IdP) is public and doesn't need clientSecret
-    # make sure the Identity Provider (IdP) has this redirect URI registered: https://argocd.example.com/pkce/verify
+    # PKCE is an OIDC extension to prevent authorization code interception attacks.
+    # Make sure the identity provider supports it and that it is activated for Argo CD OIDC client.
+    # Default is false.
     enablePKCEAuthentication: true
 ```
 
diff --git a/docs/operator-manual/user-management/keycloak.md b/docs/operator-manual/user-management/keycloak.md
index 4511dcf7f6a2b..02b0049c0b50a 100644
--- a/docs/operator-manual/user-management/keycloak.md
+++ b/docs/operator-manual/user-management/keycloak.md
@@ -107,7 +107,6 @@ Also you can set __Home URL__ to _/applications_ path and __Valid Post logout re
 The Valid Redirect URIs should be set to:
 - http://localhost:8085/auth/callback (needed for argo-cd cli, depends on value from [--sso-port](../../user-guide/commands/argocd_login.md))
 - https://{hostname}/auth/callback
-- https://{hostname}/pkce/verify
 
 ![Keycloak configure client](../../assets/keycloak-configure-client-pkce.png "Keycloak configure client")
 
diff --git a/server/server_test.go b/server/server_test.go
index f195bdeb14074..bc11f0f71c4ed 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -622,7 +622,7 @@ func getTestServer(t *testing.T, anonymousEnabled bool, withFakeSSO bool, useDex
 	})
 	oidcServer := ts
 	if !useDexForSSO {
-		oidcServer = testutil.GetOIDCTestServer(t)
+		oidcServer = testutil.GetOIDCTestServer(t, nil)
 	}
 	if withFakeSSO {
 		cm.Data["url"] = ts.URL
diff --git a/ui/package.json b/ui/package.json
index f56b6a5ac899c..f66a38d7a3efb 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -31,7 +31,6 @@
     "minimatch": "^3.1.2",
     "moment": "^2.29.4",
     "monaco-editor": "^0.33.0",
-    "oauth4webapi": "^2.3.0",
     "path": "^0.12.7",
     "prop-types": "^15.8.1",
     "react": "^16.9.3",
diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx
index bc3629ffc5aee..54434bc15e498 100644
--- a/ui/src/app/app.tsx
+++ b/ui/src/app/app.tsx
@@ -1,4 +1,4 @@
-import {DataLoader, NavigationManager, NotificationType, Notifications, NotificationsManager, PageContext, Popup, PopupManager, PopupProps} from 'argo-ui';
+import {DataLoader, NavigationManager, Notifications, NotificationsManager, PageContext, Popup, PopupManager, PopupProps} from 'argo-ui';
 import {createBrowserHistory} from 'history';
 import * as PropTypes from 'prop-types';
 import * as React from 'react';
@@ -19,8 +19,6 @@ import {hashCode} from './shared/utils';
 import {Banner} from './ui-banner/ui-banner';
 import userInfo from './user-info';
 import {AuthSettings} from './shared/models';
-import {PKCEVerification} from './login/components/pkce-verify';
-import {getPKCERedirectURI, pkceLogin} from './login/components/utils';
 import {SystemLevelExtension} from './shared/services/extensions-service';
 
 services.viewPreferences.init();
@@ -36,8 +34,7 @@ const routes: Routes = {
     '/applications': {component: applications.component},
     '/settings': {component: settings.component},
     '/user-info': {component: userInfo.component},
-    '/help': {component: help.component},
-    '/pkce/verify': {component: PKCEVerification, noLayout: true}
+    '/help': {component: help.component}
 };
 
 interface NavItem {
@@ -250,18 +247,7 @@ export class App extends React.Component<{}, {popupProps: PopupProps; showVersio
                 // If basehref is the default `/` it will become an empty string.
                 const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, '');
                 if (isSSO) {
-                    const authSettings = await services.authService.settings();
-
-                    if (authSettings?.oidcConfig?.enablePKCEAuthentication) {
-                        pkceLogin(authSettings.oidcConfig, getPKCERedirectURI().toString()).catch(err => {
-                            this.getChildContext().apis.notifications.show({
-                                type: NotificationType.Error,
-                                content: err?.message || JSON.stringify(err)
-                            });
-                        });
-                    } else {
-                        window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`;
-                    }
+                    window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`;
                 } else {
                     history.push(`/login?return_url=${encodeURIComponent(location.href)}`);
                 }
diff --git a/ui/src/app/login/components/login.tsx b/ui/src/app/login/components/login.tsx
index 6d3bb97fae05c..1b6641836201b 100644
--- a/ui/src/app/login/components/login.tsx
+++ b/ui/src/app/login/components/login.tsx
@@ -1,4 +1,4 @@
-import {FormField, NotificationType} from 'argo-ui';
+import {FormField} from 'argo-ui';
 import * as PropTypes from 'prop-types';
 import * as React from 'react';
 import {Form, Text} from 'react-form';
@@ -7,7 +7,6 @@ import {RouteComponentProps} from 'react-router';
 import {AppContext} from '../../shared/context';
 import {AuthSettings} from '../../shared/models';
 import {services} from '../../shared/services';
-import {getPKCERedirectURI, pkceLogin} from './utils';
 
 require('./login.scss');
 
@@ -62,18 +61,7 @@ export class Login extends React.Component<RouteComponentProps<{}>, State> {
                     </div>
                     {ssoConfigured && (
                         <div className='login__box_saml width-control'>
-                            <a
-                                {...(authSettings?.oidcConfig?.enablePKCEAuthentication
-                                    ? {
-                                          onClick: () =>
-                                              pkceLogin(authSettings.oidcConfig, getPKCERedirectURI().toString()).catch(err => {
-                                                  this.appContext.apis.notifications.show({
-                                                      type: NotificationType.Error,
-                                                      content: err?.message || JSON.stringify(err)
-                                                  });
-                                              })
-                                      }
-                                    : {href: `auth/login?return_url=${encodeURIComponent(this.state.returnUrl)}`})}>
+                            <a href={`auth/login?return_url=${encodeURIComponent(this.state.returnUrl)}`}>
                                 <button className='argo-button argo-button--base argo-button--full-width argo-button--xlg'>
                                     {(authSettings.oidcConfig && <span>Log in via {authSettings.oidcConfig.name}</span>) ||
                                         (authSettings.dexConfig.connectors.length === 1 && <span>Log in via {authSettings.dexConfig.connectors[0].name}</span>) || (
diff --git a/ui/src/app/login/components/pkce-verify.scss b/ui/src/app/login/components/pkce-verify.scss
deleted file mode 100644
index 8cb58d10b23e1..0000000000000
--- a/ui/src/app/login/components/pkce-verify.scss
+++ /dev/null
@@ -1,8 +0,0 @@
-.pkce-verify {
-    &__container {
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        height: 100vh;
-    }
-}
\ No newline at end of file
diff --git a/ui/src/app/login/components/pkce-verify.tsx b/ui/src/app/login/components/pkce-verify.tsx
deleted file mode 100644
index 9c069e7eda3b5..0000000000000
--- a/ui/src/app/login/components/pkce-verify.tsx
+++ /dev/null
@@ -1,47 +0,0 @@
-import React, {useEffect, useState} from 'react';
-import {RouteComponentProps} from 'react-router';
-import {services} from '../../shared/services';
-import {PKCECodeVerifier, PKCEState, PKCELoginError, getPKCERedirectURI, pkceCallback} from './utils';
-import requests from '../../shared/services/requests';
-
-import './pkce-verify.scss';
-
-export const PKCEVerification = (props: RouteComponentProps<any>) => {
-    const [loading, setLoading] = useState(true);
-    const [error, setError] = useState<PKCELoginError | Error>();
-
-    useEffect(() => {
-        setLoading(true);
-        services.authService
-            .settings()
-            .then(authSettings => pkceCallback(props.location.search, authSettings.oidcConfig, getPKCERedirectURI().toString()))
-            .catch(err => setError(err))
-            .finally(() => {
-                setLoading(false);
-                PKCECodeVerifier.unset();
-                PKCEState.unset();
-            });
-    }, [props.location]);
-
-    if (loading) {
-        return <div className='pkce-verify__container'>Processing...</div>;
-    }
-
-    if (error) {
-        return (
-            <div className='pkce-verify__container'>
-                <div>
-                    <h3>Error occurred: </h3>
-                    <p>{error?.message || JSON.stringify(error)}</p>
-                    <a href={requests.toAbsURL('/login')}>Try to Login again</a>
-                </div>
-            </div>
-        );
-    }
-
-    return (
-        <div className='pkce-verify__container'>
-            success. if you are not being redirected automatically please &nbsp;<a href='/applications'>click here</a>
-        </div>
-    );
-};
diff --git a/ui/src/app/login/components/utils.ts b/ui/src/app/login/components/utils.ts
deleted file mode 100644
index b363a4a934d63..0000000000000
--- a/ui/src/app/login/components/utils.ts
+++ /dev/null
@@ -1,177 +0,0 @@
-import {
-    AuthorizationServer,
-    Client,
-    authorizationCodeGrantRequest,
-    calculatePKCECodeChallenge,
-    discoveryRequest,
-    generateRandomCodeVerifier,
-    generateRandomState,
-    isOAuth2Error,
-    parseWwwAuthenticateChallenges,
-    processAuthorizationCodeOpenIDResponse,
-    processDiscoveryResponse,
-    validateAuthResponse
-} from 'oauth4webapi';
-import {AuthSettings} from '../../shared/models';
-import requests from '../../shared/services/requests';
-
-export const discoverAuthServer = (issuerURL: URL): Promise<AuthorizationServer> => discoveryRequest(issuerURL).then(res => processDiscoveryResponse(issuerURL, res));
-
-export const PKCECodeVerifier = {
-    get: () => sessionStorage.getItem(window.btoa('code_verifier')),
-    set: (codeVerifier: string) => sessionStorage.setItem(window.btoa('code_verifier'), codeVerifier),
-    unset: () => sessionStorage.removeItem(window.btoa('code_verifier'))
-};
-
-export const PKCEState = {
-    get: () => sessionStorage.getItem(window.btoa('pkce_session_id')),
-    set: (sessionId: string) => sessionStorage.setItem(window.btoa('pkce_session_id'), sessionId),
-    unset: () => sessionStorage.removeItem(window.btoa('pkce_session_id'))
-};
-
-export const getPKCERedirectURI = () => {
-    const currentOrigin = new URL(window.location.origin);
-
-    currentOrigin.pathname = requests.toAbsURL('/pkce/verify');
-
-    return currentOrigin;
-};
-
-export class PKCELoginError extends Error {
-    constructor(message: string) {
-        super(message);
-        this.name = 'PKCELoginError';
-    }
-}
-
-const validateAndGetOIDCForPKCE = async (oidcConfig: AuthSettings['oidcConfig']) => {
-    if (!oidcConfig) {
-        throw new PKCELoginError('No OIDC Config found');
-    }
-
-    let issuerURL: URL;
-    try {
-        issuerURL = new URL(oidcConfig.issuer);
-    } catch (e) {
-        throw new PKCELoginError(`Invalid oidc issuer ${oidcConfig.issuer}`);
-    }
-
-    if (!oidcConfig.clientID) {
-        throw new PKCELoginError('No OIDC Client Id found');
-    }
-
-    let authorizationServer: AuthorizationServer;
-    try {
-        authorizationServer = await discoverAuthServer(issuerURL);
-    } catch (e) {
-        throw new PKCELoginError(e);
-    }
-
-    return {
-        issuerURL,
-        authorizationServer,
-        clientID: oidcConfig.clientID
-    };
-};
-
-export const pkceLogin = async (oidcConfig: AuthSettings['oidcConfig'], redirectURI: string) => {
-    const {authorizationServer} = await validateAndGetOIDCForPKCE(oidcConfig);
-
-    // This sets the return path for the user after the pkce auth flow.
-    // This is ignored if the return path would be the login page as it would just loop.
-    if (!location.pathname.startsWith(requests.toAbsURL('/login'))) {
-        sessionStorage.setItem('return_url', location.pathname + location.search);
-    }
-
-    if (!authorizationServer.authorization_endpoint) {
-        throw new PKCELoginError('No Authorization Server endpoint found');
-    }
-
-    const state = generateRandomState();
-
-    const codeVerifier = generateRandomCodeVerifier();
-
-    const codeChallange = await calculatePKCECodeChallenge(codeVerifier);
-
-    const authorizationServerConsentScreen = new URL(authorizationServer.authorization_endpoint);
-
-    authorizationServerConsentScreen.searchParams.set('client_id', oidcConfig.clientID);
-    authorizationServerConsentScreen.searchParams.set('code_challenge', codeChallange);
-    authorizationServerConsentScreen.searchParams.set('code_challenge_method', 'S256');
-    authorizationServerConsentScreen.searchParams.set('redirect_uri', redirectURI);
-    authorizationServerConsentScreen.searchParams.set('response_type', 'code');
-    authorizationServerConsentScreen.searchParams.set('scope', oidcConfig.scopes.join(' '));
-    authorizationServerConsentScreen.searchParams.set('state', state);
-
-    PKCECodeVerifier.set(codeVerifier);
-    PKCEState.set(state);
-
-    window.location.replace(authorizationServerConsentScreen.toString());
-};
-
-export const pkceCallback = async (queryParams: string, oidcConfig: AuthSettings['oidcConfig'], redirectURI: string) => {
-    const codeVerifier = PKCECodeVerifier.get();
-
-    if (!codeVerifier) {
-        throw new PKCELoginError('No code verifier found in session');
-    }
-
-    let callbackQueryParams = new URLSearchParams();
-    try {
-        callbackQueryParams = new URLSearchParams(queryParams);
-    } catch (e) {
-        throw new PKCELoginError('Invalid query parameters');
-    }
-
-    if (!callbackQueryParams.get('code')) {
-        throw new PKCELoginError('No code in query parameters');
-    }
-
-    const {authorizationServer} = await validateAndGetOIDCForPKCE(oidcConfig);
-
-    const client: Client = {
-        client_id: oidcConfig.clientID,
-        token_endpoint_auth_method: 'none'
-    };
-
-    const expectedState = PKCEState.get();
-
-    const params = validateAuthResponse(authorizationServer, client, callbackQueryParams, expectedState);
-
-    if (isOAuth2Error(params)) {
-        throw new PKCELoginError('Error validating auth response');
-    }
-
-    const response = await authorizationCodeGrantRequest(authorizationServer, client, params, redirectURI, codeVerifier);
-
-    const authChallengeExtract = parseWwwAuthenticateChallenges(response);
-
-    if (authChallengeExtract?.length > 0) {
-        throw new PKCELoginError('Error parsing authentication challenge');
-    }
-
-    const result = await processAuthorizationCodeOpenIDResponse(authorizationServer, client, response);
-
-    if (isOAuth2Error(result)) {
-        throw new PKCELoginError(`Error getting token ${result.error_description}`);
-    }
-
-    if (!result.id_token) {
-        throw new PKCELoginError('No token in response');
-    }
-
-    // This regex removes any leading or trailing '/' characters and the result is appended to a '/'.
-    // This is because when base href if not just '/' toAbsURL() will append a trailing '/'.
-    // Just removing a trailing '/' from the string would break when base href is not specified, defaulted to '/'.
-    // This pattern is used to handle both cases.
-    document.cookie = `argocd.token=${result.id_token}; path=/${requests.toAbsURL('').replace(/^\/|\/$/g, '')}`;
-
-    const returnURL = sessionStorage.getItem('return_url');
-
-    if (returnURL) {
-        sessionStorage.removeItem('return_url');
-        window.location.replace(returnURL);
-    } else {
-        window.location.replace(requests.toAbsURL('/applications'));
-    }
-};
diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts
index c8ae223efd556..89f0522f1f764 100644
--- a/ui/src/app/shared/models.ts
+++ b/ui/src/app/shared/models.ts
@@ -551,10 +551,6 @@ export interface AuthSettings {
     };
     oidcConfig: {
         name: string;
-        issuer: string;
-        clientID: string;
-        scopes: string[];
-        enablePKCEAuthentication: boolean;
     };
     help: {
         chatUrl: string;
diff --git a/ui/yarn.lock b/ui/yarn.lock
index e807d733d7b84..68c7a8bac40e1 100644
--- a/ui/yarn.lock
+++ b/ui/yarn.lock
@@ -6897,11 +6897,6 @@ oas-validator@^5.0.8:
     should "^13.2.1"
     yaml "^1.10.0"
 
-oauth4webapi@^2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/oauth4webapi/-/oauth4webapi-2.3.0.tgz#d01aeb83b60dbe3ff9ef1c6ec4a39e29c7be7ff6"
-  integrity sha512-JGkb5doGrwzVDuHwgrR4nHJayzN4h59VCed6EW8Tql6iHDfZIabCJvg6wtbn5q6pyB2hZruI3b77Nudvq7NmvA==
-
 object-assign@^4.0.1, object-assign@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
diff --git a/util/dex/config.go b/util/dex/config.go
index a7a25565d577d..85f59d5e1b402 100644
--- a/util/dex/config.go
+++ b/util/dex/config.go
@@ -87,7 +87,7 @@ func GenerateDexConfigYAML(argocdSettings *settings.ArgoCDSettings, disableTLS b
 		"id":   "argo-cd-pkce",
 		"name": "Argo CD PKCE",
 		"redirectURIs": []string{
-			"http://localhost:4000/pkce/verify",
+			"http://localhost:4000/auth/callback",
 		},
 		"public": true,
 	}
diff --git a/util/oidc/oidc.go b/util/oidc/oidc.go
index 78bb806926a27..6308897188aec 100644
--- a/util/oidc/oidc.go
+++ b/util/oidc/oidc.go
@@ -62,6 +62,8 @@ type ClientApp struct {
 	clientID string
 	// OAuth2 client secret of this application
 	clientSecret string
+	// Use Proof Key for Code Exchange (PKCE)
+	usePKCE bool
 	// Use Azure Workload Identity for clientID auth instead of clientSecret
 	useAzureWorkloadIdentity bool
 	// Callback URL for OAuth2 responses (e.g. https://argocd.example.com/auth/callback)
@@ -117,6 +119,7 @@ func NewClientApp(settings *settings.ArgoCDSettings, dexServerAddr string, dexTL
 	a := ClientApp{
 		clientID:                 settings.OAuth2ClientID(),
 		clientSecret:             settings.OAuth2ClientSecret(),
+		usePKCE:                  settings.OAuth2UsePKCE(),
 		useAzureWorkloadIdentity: settings.UseAzureWorkloadIdentity(),
 		redirectURI:              redirectURL,
 		issuerURL:                settings.IssuerURL(),
@@ -183,7 +186,7 @@ func (a *ClientApp) oauth2Config(request *http.Request, scopes []string) (*oauth
 }
 
 // generateAppState creates an app state nonce
-func (a *ClientApp) generateAppState(returnURL string, w http.ResponseWriter) (string, error) {
+func (a *ClientApp) generateAppState(returnURL string, pkceVerifier string, w http.ResponseWriter) (string, error) {
 	// According to the spec (https://www.rfc-editor.org/rfc/rfc6749#section-10.10), this must be guessable with
 	// probability <= 2^(-128). The following call generates one of 52^24 random strings, ~= 2^136 possibilities.
 	randStr, err := rand.String(24)
@@ -193,7 +196,7 @@ func (a *ClientApp) generateAppState(returnURL string, w http.ResponseWriter) (s
 	if returnURL == "" {
 		returnURL = a.baseHRef
 	}
-	cookieValue := fmt.Sprintf("%s:%s", randStr, returnURL)
+	cookieValue := fmt.Sprintf("%s\n%s\n%s", randStr, returnURL, pkceVerifier)
 	if encrypted, err := crypto.Encrypt([]byte(cookieValue), a.encryptionKey); err != nil {
 		return "", err
 	} else {
@@ -211,23 +214,24 @@ func (a *ClientApp) generateAppState(returnURL string, w http.ResponseWriter) (s
 	return randStr, nil
 }
 
-func (a *ClientApp) verifyAppState(r *http.Request, w http.ResponseWriter, state string) (string, error) {
+func (a *ClientApp) verifyAppState(r *http.Request, w http.ResponseWriter, state string) (string, string, error) {
 	c, err := r.Cookie(common.StateCookieName)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	val, err := hex.DecodeString(c.Value)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	val, err = crypto.Decrypt(val, a.encryptionKey)
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
 	cookieVal := string(val)
 	redirectURL := a.baseHRef
-	parts := strings.SplitN(cookieVal, ":", 2)
-	if len(parts) == 2 && parts[1] != "" {
+	pkceVerifier := ""
+	parts := strings.SplitN(cookieVal, "\n", 3)
+	if len(parts) > 1 && parts[1] != "" {
 		if !isValidRedirectURL(parts[1],
 			append([]string{a.settings.URL, a.baseHRef}, a.settings.AdditionalURLs...)) {
 			sanitizedURL := parts[1]
@@ -235,12 +239,15 @@ func (a *ClientApp) verifyAppState(r *http.Request, w http.ResponseWriter, state
 				sanitizedURL = sanitizedURL[:100]
 			}
 			log.Warnf("Failed to verify app state - got invalid redirectURL %q", sanitizedURL)
-			return "", fmt.Errorf("failed to verify app state: %w", ErrInvalidRedirectURL)
+			return "", "", fmt.Errorf("failed to verify app state: %w", ErrInvalidRedirectURL)
 		}
 		redirectURL = parts[1]
 	}
+	if len(parts) > 2 {
+		pkceVerifier = parts[2]
+	}
 	if parts[0] != state {
-		return "", fmt.Errorf("invalid state in '%s' cookie", common.AuthCookieName)
+		return "", "", fmt.Errorf("invalid state in '%s' cookie", common.AuthCookieName)
 	}
 	// set empty cookie to clear it
 	http.SetCookie(w, &http.Cookie{
@@ -250,7 +257,7 @@ func (a *ClientApp) verifyAppState(r *http.Request, w http.ResponseWriter, state
 		SameSite: http.SameSiteLaxMode,
 		Secure:   a.secureCookie,
 	})
-	return redirectURL, nil
+	return redirectURL, pkceVerifier, nil
 }
 
 // isValidRedirectURL checks whether the given redirectURL matches on of the
@@ -309,6 +316,7 @@ func (a *ClientApp) HandleLogin(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	scopes := make([]string, 0)
+	pkceVerifier := ""
 	var opts []oauth2.AuthCodeOption
 	if config := a.settings.OIDCConfig(); config != nil {
 		scopes = GetScopesOrDefault(config.RequestedScopes)
@@ -328,7 +336,11 @@ func (a *ClientApp) HandleLogin(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "Invalid redirect URL: the protocol and host (including port) must match and the path must be within allowed URLs if provided", http.StatusBadRequest)
 		return
 	}
-	stateNonce, err := a.generateAppState(returnURL, w)
+	if a.usePKCE {
+		pkceVerifier = oauth2.GenerateVerifier()
+		opts = append(opts, oauth2.S256ChallengeOption(pkceVerifier))
+	}
+	stateNonce, err := a.generateAppState(returnURL, pkceVerifier, w)
 	if err != nil {
 		log.Errorf("Failed to initiate login flow: %v", err)
 		http.Error(w, "Failed to initiate login flow", http.StatusInternalServerError)
@@ -412,7 +424,7 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		a.handleImplicitFlow(r, w, state)
 		return
 	}
-	returnURL, err := a.verifyAppState(r, w, state)
+	returnURL, pkceVerifier, err := a.verifyAppState(r, w, state)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@@ -434,6 +446,10 @@ func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	if a.usePKCE {
+		options = append(options, oauth2.VerifierOption(pkceVerifier))
+	}
+
 	token, err := oauth2Config.Exchange(ctx, code, options...)
 	if err != nil {
 		http.Error(w, fmt.Sprintf("failed to get token: %v", err), http.StatusInternalServerError)
@@ -544,7 +560,8 @@ func (a *ClientApp) handleImplicitFlow(r *http.Request, w http.ResponseWriter, s
 		CookieName: common.AuthCookieName,
 	}
 	if state != "" {
-		returnURL, err := a.verifyAppState(r, w, state)
+		// Not using pkceVerifier, since PKCE is not supported in implicit flow.
+		returnURL, _, err := a.verifyAppState(r, w, state)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
diff --git a/util/oidc/oidc_test.go b/util/oidc/oidc_test.go
index f2bab53d8e4ac..4db70d2cc096e 100644
--- a/util/oidc/oidc_test.go
+++ b/util/oidc/oidc_test.go
@@ -127,7 +127,7 @@ func TestHandleCallback(t *testing.T) {
 }
 
 func TestClientApp_HandleLogin(t *testing.T) {
-	oidcTestServer := test.GetOIDCTestServer(t)
+	oidcTestServer := test.GetOIDCTestServer(t, nil)
 	t.Cleanup(oidcTestServer.Close)
 
 	dexTestServer := test.GetDexTestServer(t)
@@ -408,7 +408,7 @@ func Test_Login_Flow(t *testing.T) {
 	// Show that SSO login works when no redirect URL is provided, and we fall back to the configured base href for the
 	// Argo CD instance.
 
-	oidcTestServer := test.GetOIDCTestServer(t)
+	oidcTestServer := test.GetOIDCTestServer(t, nil)
 	t.Cleanup(oidcTestServer.Close)
 
 	cdSettings := &settings.ArgoCDSettings{
@@ -416,8 +416,8 @@ func Test_Login_Flow(t *testing.T) {
 		OIDCConfigRAW: fmt.Sprintf(`
 name: Test
 issuer: %s
-clientID: xxx
-clientSecret: yyy
+clientID: test-client-id
+clientSecret: test-client-secret
 requestedScopes: ["oidc"]`, oidcTestServer.URL),
 		OIDCTLSInsecureSkipVerify: true,
 	}
@@ -435,7 +435,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
 	redirectURL, err := w.Result().Location()
 	require.NoError(t, err)
 
-	state := redirectURL.Query()["state"]
+	state := redirectURL.Query().Get("state")
 
 	req = httptest.NewRequest(http.MethodGet, fmt.Sprintf("https://argocd.example.com/auth/callback?state=%s&code=abc", state), http.NoBody)
 	for _, cookie := range w.Result().Cookies() {
@@ -446,11 +446,65 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
 
 	app.HandleCallback(w, req)
 
+	assert.Equal(t, 303, w.Code)
+	assert.NotContains(t, w.Body.String(), ErrInvalidRedirectURL.Error())
+}
+
+func Test_Login_Flow_With_PKCE(t *testing.T) {
+	var codeChallenge string
+
+	oidcTestServer := test.GetOIDCTestServer(t, func(r *http.Request) {
+		codeVerifier := r.FormValue("code_verifier")
+		assert.NotEmpty(t, codeVerifier)
+		assert.Equal(t, oauth2.S256ChallengeFromVerifier(codeVerifier), codeChallenge)
+	})
+	t.Cleanup(oidcTestServer.Close)
+
+	cdSettings := &settings.ArgoCDSettings{
+		URL: "https://example.com/argocd",
+		OIDCConfigRAW: fmt.Sprintf(`
+name: Test
+issuer: %s
+clientID: test-client-id
+clientSecret: test-client-secret
+requestedScopes: ["oidc"]
+enablePKCEAuthentication: true`, oidcTestServer.URL),
+		OIDCTLSInsecureSkipVerify: true,
+	}
+	app, err := NewClientApp(cdSettings, "", nil, "/", cache.NewInMemoryCache(24*time.Hour))
+	require.NoError(t, err)
+
+	w := httptest.NewRecorder()
+
+	req := httptest.NewRequest(http.MethodGet, "https://example.com/argocd/auth/login", http.NoBody)
+
+	app.HandleLogin(w, req)
+
+	redirectURL, err := w.Result().Location()
+	require.NoError(t, err)
+
+	codeChallenge = redirectURL.Query().Get("code_challenge")
+
+	assert.NotEmpty(t, codeChallenge)
+	assert.Equal(t, "S256", redirectURL.Query().Get("code_challenge_method"))
+
+	state := redirectURL.Query().Get("state")
+
+	req = httptest.NewRequest(http.MethodGet, fmt.Sprintf("https://example.com/argocd/auth/callback?state=%s&code=abc", state), http.NoBody)
+	for _, cookie := range w.Result().Cookies() {
+		req.AddCookie(cookie)
+	}
+
+	w = httptest.NewRecorder()
+
+	app.HandleCallback(w, req)
+
+	assert.Equal(t, 303, w.Code)
 	assert.NotContains(t, w.Body.String(), ErrInvalidRedirectURL.Error())
 }
 
 func TestClientApp_HandleCallback(t *testing.T) {
-	oidcTestServer := test.GetOIDCTestServer(t)
+	oidcTestServer := test.GetOIDCTestServer(t, nil)
 	t.Cleanup(oidcTestServer.Close)
 
 	dexTestServer := test.GetDexTestServer(t)
@@ -758,7 +812,8 @@ func TestGenerateAppState(t *testing.T) {
 	app, err := NewClientApp(&settings.ArgoCDSettings{ServerSignature: signature, URL: expectedReturnURL}, "", nil, "", cache.NewInMemoryCache(24*time.Hour))
 	require.NoError(t, err)
 	generateResponse := httptest.NewRecorder()
-	state, err := app.generateAppState(expectedReturnURL, generateResponse)
+	expectedPKCEVerifier := oauth2.GenerateVerifier()
+	state, err := app.generateAppState(expectedReturnURL, expectedPKCEVerifier, generateResponse)
 	require.NoError(t, err)
 
 	t.Run("VerifyAppState_Successful", func(t *testing.T) {
@@ -767,9 +822,10 @@ func TestGenerateAppState(t *testing.T) {
 			req.AddCookie(cookie)
 		}
 
-		returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state)
+		returnURL, pkceVerifier, err := app.verifyAppState(req, httptest.NewRecorder(), state)
 		require.NoError(t, err)
 		assert.Equal(t, expectedReturnURL, returnURL)
+		assert.Equal(t, expectedPKCEVerifier, pkceVerifier)
 	})
 
 	t.Run("VerifyAppState_Failed", func(t *testing.T) {
@@ -778,7 +834,7 @@ func TestGenerateAppState(t *testing.T) {
 			req.AddCookie(cookie)
 		}
 
-		_, err := app.verifyAppState(req, httptest.NewRecorder(), "wrong state")
+		_, _, err := app.verifyAppState(req, httptest.NewRecorder(), "wrong state")
 		require.Error(t, err)
 	})
 }
@@ -803,7 +859,7 @@ func TestGenerateAppState_XSS(t *testing.T) {
 
 		expectedReturnURL := "javascript: alert('hi')"
 		generateResponse := httptest.NewRecorder()
-		state, err := app.generateAppState(expectedReturnURL, generateResponse)
+		state, err := app.generateAppState(expectedReturnURL, "", generateResponse)
 		require.NoError(t, err)
 
 		req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
@@ -811,7 +867,7 @@ func TestGenerateAppState_XSS(t *testing.T) {
 			req.AddCookie(cookie)
 		}
 
-		returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state)
+		returnURL, _, err := app.verifyAppState(req, httptest.NewRecorder(), state)
 		require.ErrorIs(t, err, ErrInvalidRedirectURL)
 		assert.Empty(t, returnURL)
 	})
@@ -819,7 +875,7 @@ func TestGenerateAppState_XSS(t *testing.T) {
 	t.Run("valid return URL succeeds", func(t *testing.T) {
 		expectedReturnURL := "https://argocd.example.com/some/path"
 		generateResponse := httptest.NewRecorder()
-		state, err := app.generateAppState(expectedReturnURL, generateResponse)
+		state, err := app.generateAppState(expectedReturnURL, "", generateResponse)
 		require.NoError(t, err)
 
 		req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
@@ -827,7 +883,7 @@ func TestGenerateAppState_XSS(t *testing.T) {
 			req.AddCookie(cookie)
 		}
 
-		returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), state)
+		returnURL, _, err := app.verifyAppState(req, httptest.NewRecorder(), state)
 		require.NoError(t, err)
 		assert.Equal(t, expectedReturnURL, returnURL)
 	})
@@ -847,7 +903,7 @@ func TestGenerateAppState_NoReturnURL(t *testing.T) {
 	require.NoError(t, err)
 
 	req.AddCookie(&http.Cookie{Name: common.StateCookieName, Value: hex.EncodeToString(encrypted)})
-	returnURL, err := app.verifyAppState(req, httptest.NewRecorder(), "123")
+	returnURL, _, err := app.verifyAppState(req, httptest.NewRecorder(), "123")
 	require.NoError(t, err)
 	assert.Equal(t, "/argo-cd", returnURL)
 }
diff --git a/util/session/sessionmanager_test.go b/util/session/sessionmanager_test.go
index bfb220fc58f67..ce1f4cb2d51ce 100644
--- a/util/session/sessionmanager_test.go
+++ b/util/session/sessionmanager_test.go
@@ -593,7 +593,7 @@ func getKubeClientWithConfig(config map[string]string, secretConfig map[string][
 }
 
 func TestSessionManager_VerifyToken(t *testing.T) {
-	oidcTestServer := utiltest.GetOIDCTestServer(t)
+	oidcTestServer := utiltest.GetOIDCTestServer(t, nil)
 	t.Cleanup(oidcTestServer.Close)
 
 	dexTestServer := utiltest.GetDexTestServer(t)
diff --git a/util/settings/settings.go b/util/settings/settings.go
index e2b05412e55dc..14c509334dc42 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -1893,6 +1893,13 @@ func (a *ArgoCDSettings) OAuth2ClientSecret() string {
 	return ""
 }
 
+func (a *ArgoCDSettings) OAuth2UsePKCE() bool {
+	if oidcConfig := a.OIDCConfig(); oidcConfig != nil {
+		return oidcConfig.EnablePKCEAuthentication
+	}
+	return false
+}
+
 func (a *ArgoCDSettings) UseAzureWorkloadIdentity() bool {
 	if oidcConfig := a.OIDCConfig(); oidcConfig != nil && oidcConfig.Azure != nil {
 		return oidcConfig.Azure.UseWorkloadIdentity
diff --git a/util/test/testutil.go b/util/test/testutil.go
index 8ec1e099c8be1..0271a6241c1a6 100644
--- a/util/test/testutil.go
+++ b/util/test/testutil.go
@@ -215,13 +215,13 @@ func oidcMockHandler(t *testing.T, url string, tokenRequestPreHandler func(r *ht
 	}
 }
 
-func GetOIDCTestServer(t *testing.T) *httptest.Server {
+func GetOIDCTestServer(t *testing.T, tokenRequestPreHandler func(r *http.Request)) *httptest.Server {
 	t.Helper()
 	ts := httptest.NewTLSServer(http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
 		// Start with a placeholder. We need the server URL before setting up the real handler.
 	}))
 	ts.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		oidcMockHandler(t, ts.URL, nil)(w, r)
+		oidcMockHandler(t, ts.URL, tokenRequestPreHandler)(w, r)
 	})
 	return ts
 }
@@ -258,14 +258,19 @@ func mockTokenEndpointResponse(issuer string) (TokenResponse, error) {
 
 // Helper function to generate a JWT token
 func generateJWTToken(issuer string) (string, error) {
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+	token := jwt.NewWithClaims(jwt.SigningMethodRS512, jwt.MapClaims{
 		"sub":  "1234567890",
+		"aud":  "test-client-id",
 		"name": "John Doe",
 		"iat":  time.Now().Unix(),
 		"iss":  issuer,
 		"exp":  time.Now().Add(time.Hour).Unix(), // Set the expiration time
 	})
-	tokenString, err := token.SignedString([]byte("secret"))
+	key, err := jwt.ParseRSAPrivateKeyFromPEM(PrivateKey)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse RSA private key: %w", err)
+	}
+	tokenString, err := token.SignedString(key)
 	if err != nil {
 		return "", err
 	}

From 12eaaaa9bbec7eb90e5fb9d7dc015f678d54dc21 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 17 Jun 2025 14:34:02 -0400
Subject: [PATCH 016/383] chore(test): add e2e tests for gitops-engine (#23304)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod                            |   2 +-
 go.sum                            |   4 +-
 test/e2e/app_sync_options_test.go |  61 ---------------
 test/e2e/sync_options_test.go     | 121 +++++++++++++++++++++++++++++-
 4 files changed, 120 insertions(+), 68 deletions(-)
 delete mode 100644 test/e2e/app_sync_options_test.go

diff --git a/go.mod b/go.mod
index 403831ba12149..0dc221a5ebb22 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
-	github.com/argoproj/gitops-engine v0.7.1-0.20250613154745-f8f1b61ba3fd
+	github.com/argoproj/gitops-engine v0.7.1-0.20250616212358-8007df5f6c5d
 	github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
diff --git a/go.sum b/go.sum
index cff33288e1610..e5ef94dd9af77 100644
--- a/go.sum
+++ b/go.sum
@@ -113,8 +113,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
-github.com/argoproj/gitops-engine v0.7.1-0.20250613154745-f8f1b61ba3fd h1:VZqcXq8o+iEMAiIrhtKABcKdU884R1JTf5UjO5z8E9A=
-github.com/argoproj/gitops-engine v0.7.1-0.20250613154745-f8f1b61ba3fd/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
+github.com/argoproj/gitops-engine v0.7.1-0.20250616212358-8007df5f6c5d h1:Zv34cXFLw5S+FUiksr6N7gVVvq7qvXuxmnwE2prND+k=
+github.com/argoproj/gitops-engine v0.7.1-0.20250616212358-8007df5f6c5d/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
 github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872 h1:ADGAdyN9ty0+RmTT/yn+xV9vwkqvLn9O1ccqeP0Zeas=
 github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
 github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM=
diff --git a/test/e2e/app_sync_options_test.go b/test/e2e/app_sync_options_test.go
deleted file mode 100644
index d1c8a620d03a3..0000000000000
--- a/test/e2e/app_sync_options_test.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package e2e
-
-import (
-	"testing"
-
-	"github.com/argoproj/gitops-engine/pkg/health"
-	. "github.com/argoproj/gitops-engine/pkg/sync/common"
-	"github.com/stretchr/testify/assert"
-	corev1 "k8s.io/api/core/v1"
-
-	. "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-	. "github.com/argoproj/argo-cd/v3/test/e2e/fixture"
-	. "github.com/argoproj/argo-cd/v3/test/e2e/fixture/app"
-)
-
-// Given application is set with --sync-option CreateNamespace=true and --sync-option ServerSideApply=true
-//
-//		application --dest-namespace exists
-//
-//	Then, --dest-namespace is created with server side apply
-//		  	application is synced and healthy with resource
-//		  	application resources created with server side apply in the newly created namespace.
-func TestNamespaceCreationWithSSA(t *testing.T) {
-	SkipOnEnv(t, "OPENSHIFT")
-	namespace := "guestbook-ui-with-ssa"
-	defer func() {
-		if !t.Skipped() {
-			_, err := Run("", "kubectl", "delete", "namespace", namespace)
-			assert.NoError(t, err)
-		}
-	}()
-
-	ctx := Given(t)
-	ctx.
-		SetAppNamespace(AppNamespace()).
-		Timeout(30).
-		Path("guestbook").
-		When().
-		CreateFromFile(func(app *Application) {
-			app.Spec.SyncPolicy = &SyncPolicy{
-				SyncOptions: SyncOptions{"CreateNamespace=true", "ServerSideApply=true"},
-			}
-		}).
-		Then().
-		Expect(NoNamespace(namespace)).
-		When().
-		AppSet("--dest-namespace", namespace).
-		Sync().
-		Then().
-		Expect(Success("")).
-		Expect(Namespace(namespace, func(_ *Application, ns *corev1.Namespace) {
-			assert.NotContains(t, ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration")
-		})).
-		Expect(SyncStatusIs(SyncStatusCodeSynced)).
-		Expect(HealthIs(health.HealthStatusHealthy)).
-		Expect(OperationPhaseIs(OperationSucceeded)).
-		Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", namespace, health.HealthStatusHealthy)).
-		Expect(ResourceSyncStatusWithNamespaceIs("Deployment", "guestbook-ui", namespace, SyncStatusCodeSynced)).
-		Expect(ResourceHealthWithNamespaceIs("Service", "guestbook-ui", namespace, health.HealthStatusHealthy)).
-		Expect(ResourceSyncStatusWithNamespaceIs("Service", "guestbook-ui", namespace, SyncStatusCodeSynced))
-}
diff --git a/test/e2e/sync_options_test.go b/test/e2e/sync_options_test.go
index 4a7786cc2fffe..ddfe7d3e60f1a 100644
--- a/test/e2e/sync_options_test.go
+++ b/test/e2e/sync_options_test.go
@@ -1,20 +1,90 @@
 package e2e
 
 import (
+	"fmt"
 	"os"
 	"testing"
 
+	"github.com/argoproj/gitops-engine/pkg/health"
 	. "github.com/argoproj/gitops-engine/pkg/sync/common"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
 	. "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v3/test/e2e/fixture"
+	. "github.com/argoproj/argo-cd/v3/test/e2e/fixture"
 	. "github.com/argoproj/argo-cd/v3/test/e2e/fixture/app"
 	"github.com/argoproj/argo-cd/v3/util/errors"
 )
 
+// TestSyncWithCreateNamespace verifies that the namespace is created when the
+// CreateNamespace=true is provided as part of the normal sync resources
+func TestSyncWithCreateNamespace(t *testing.T) {
+	newNamespace := getNewNamespace(t)
+	defer func() {
+		if !t.Skipped() {
+			errors.NewHandler(t).FailOnErr(Run("", "kubectl", "delete", "namespace", newNamespace))
+		}
+	}()
+
+	Given(t).
+		Path(guestbookPath).
+		When().
+		CreateFromFile(func(app *Application) {
+			app.Spec.Destination.Namespace = newNamespace
+			app.Spec.SyncPolicy = &SyncPolicy{
+				SyncOptions: SyncOptions{
+					"CreateNamespace=true",
+				},
+			}
+		}).
+		Then().
+		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
+		When().
+		Sync().
+		Then().
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		Expect(HealthIs(health.HealthStatusHealthy)).
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(ResourceResultNumbering(3))
+}
+
+// TestSyncWithCreateNamespaceAndDryRunError verifies that the namespace is created before the
+// DryRun validation is made on the resources, even if the sync fails. This allows transient errors
+// to be resolved on sync retries
+func TestSyncWithCreateNamespaceAndDryRunError(t *testing.T) {
+	newNamespace := getNewNamespace(t)
+	defer func() {
+		if !t.Skipped() {
+			errors.NewHandler(t).FailOnErr(Run("", "kubectl", "delete", "namespace", newNamespace))
+		}
+	}()
+
+	Given(t).
+		Path("failure-during-sync").
+		When().
+		CreateFromFile(func(app *Application) {
+			app.Spec.Destination.Namespace = newNamespace
+			app.Spec.SyncPolicy = &SyncPolicy{
+				SyncOptions: SyncOptions{
+					"CreateNamespace=true",
+				},
+			}
+		}).
+		Then().
+		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
+		When().
+		IgnoreErrors().
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationFailed)).
+		Expect(ResourceResultNumbering(2)).
+		Expect(ResourceResultMatches(ResourceResult{Version: "v1", Kind: "Namespace", Name: newNamespace, Status: ResultCodeSynced, Message: fmt.Sprintf("namespace/%s created", newNamespace), HookPhase: OperationRunning, SyncPhase: SyncPhasePreSync})).
+		Expect(ResourceResultMatches(ResourceResult{Version: "v1", Kind: "ServiceAccount", Namespace: newNamespace, Name: "failure-during-sync", Status: ResultCodeSyncFailed, Message: `ServiceAccount "failure-during-sync" is invalid: metadata.labels: Invalid value`, HookPhase: OperationFailed, SyncPhase: SyncPhaseSync}))
+}
+
 // TestSyncOptionsValidateFalse verifies we can disable validation during kubectl apply, using the
 // 'argocd.argoproj.io/sync-options: Validate=false' sync option
 func TestSyncOptionsValidateFalse(t *testing.T) {
@@ -53,7 +123,7 @@ func TestSyncWithStatusIgnored(t *testing.T) {
 		Path(guestbookPath).
 		When().
 		And(func() {
-			require.NoError(t, fixture.SetResourceOverrides(map[string]ResourceOverride{
+			require.NoError(t, SetResourceOverrides(map[string]ResourceOverride{
 				"/": {
 					IgnoreDifferences: OverrideIgnoreDiff{JSONPointers: []string{"/status"}},
 				},
@@ -73,7 +143,7 @@ func TestSyncWithStatusIgnored(t *testing.T) {
 		// app should remain synced if k8s change detected
 		When().
 		And(func() {
-			errors.NewHandler(t).FailOnErr(fixture.KubeClientset.AppsV1().Deployments(fixture.DeploymentNamespace()).Patch(t.Context(),
+			errors.NewHandler(t).FailOnErr(KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Patch(t.Context(),
 				"guestbook-ui", types.JSONPatchType, []byte(`[{ "op": "replace", "path": "/status/observedGeneration", "value": 2 }]`), metav1.PatchOptions{}))
 		}).
 		Then().
@@ -104,7 +174,7 @@ func TestSyncWithApplyOutOfSyncOnly(t *testing.T) {
 }
 
 func TestSyncWithSkipHook(t *testing.T) {
-	fixture.SkipOnEnv(t, "OPENSHIFT")
+	SkipOnEnv(t, "OPENSHIFT")
 	Given(t).
 		Path(guestbookPath).
 		When().
@@ -146,3 +216,46 @@ func TestSyncWithForceReplace(t *testing.T) {
 		Then().
 		Expect(SyncStatusIs(SyncStatusCodeSynced))
 }
+
+// Given application is set with --sync-option CreateNamespace=true and --sync-option ServerSideApply=true
+//
+//		application --dest-namespace exists
+//
+//	Then, --dest-namespace is created with server side apply
+//		  	application is synced and healthy with resource
+//		  	application resources created with server side apply in the newly created namespace.
+func TestNamespaceCreationWithSSA(t *testing.T) {
+	SkipOnEnv(t, "OPENSHIFT")
+	namespace := getNewNamespace(t)
+	defer func() {
+		if !t.Skipped() {
+			errors.NewHandler(t).FailOnErr(Run("", "kubectl", "delete", "namespace", namespace))
+		}
+	}()
+
+	Given(t).
+		Path("guestbook").
+		When().
+		CreateFromFile(func(app *Application) {
+			app.Spec.Destination.Namespace = namespace
+			app.Spec.SyncPolicy = &SyncPolicy{
+				SyncOptions: SyncOptions{"CreateNamespace=true", "ServerSideApply=true"},
+			}
+		}).
+		Then().
+		Expect(NoNamespace(namespace)).
+		When().
+		Sync().
+		Then().
+		Expect(Success("")).
+		Expect(Namespace(namespace, func(_ *Application, ns *corev1.Namespace) {
+			assert.NotContains(t, ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration")
+		})).
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		Expect(HealthIs(health.HealthStatusHealthy)).
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(ResourceHealthWithNamespaceIs("Deployment", "guestbook-ui", namespace, health.HealthStatusHealthy)).
+		Expect(ResourceSyncStatusWithNamespaceIs("Deployment", "guestbook-ui", namespace, SyncStatusCodeSynced)).
+		Expect(ResourceHealthWithNamespaceIs("Service", "guestbook-ui", namespace, health.HealthStatusHealthy)).
+		Expect(ResourceSyncStatusWithNamespaceIs("Service", "guestbook-ui", namespace, SyncStatusCodeSynced))
+}

From ca66f018341b167116f77dd295f5a54f65aad1c9 Mon Sep 17 00:00:00 2001
From: rumstead <37445536+rumstead@users.noreply.github.com>
Date: Tue, 17 Jun 2025 16:01:00 -0400
Subject: [PATCH 017/383] fix(goreleaser): add darwin with CGO enabled and
 remove static to gorelease (#23457)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .goreleaser.yaml | 35 +++++++++++++++--------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 3953b73c49724..4f553fd97689b 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -21,41 +21,36 @@ builds:
       - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
       - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
       - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - -extldflags="-static"
+      - '{{ if or (eq .Runtime.Goos "linux") (eq .Runtime.Goos "windows") }}-extldflags="-static"{{ end }}'
     goos:
       - linux
       - windows
+      - darwin
     goarch:
       - amd64
       - arm64
       - s390x
       - ppc64le
     ignore:
+      - goos: darwin
+        goarch: s390x
+      - goos: darwin
+        goarch: ppc64le
       - goos: windows
         goarch: s390x
       - goos: windows
         goarch: ppc64le
       - goos: windows
         goarch: arm64
-  - id: argocd-cli-darwin
-    main: ./cmd
-    binary: argocd-{{ .Os}}-{{ .Arch}}
-    env:
-      - CGO_ENABLED=1
-    flags:
-      - -v
-    ldflags:
-      - -X github.com/argoproj/argo-cd/v3/common.version={{ .Version }}
-      - -X github.com/argoproj/argo-cd/v3/common.buildDate={{ .Date }}
-      - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
-      - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
-      - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - -extldflags="-static"
-    goos:
-      - darwin
-    goarch:
-      - amd64
-      - arm64
+    overrides:
+      - goos: darwin
+        goarch: amd64
+        env:
+          - CGO_ENABLED=1
+      - goos: darwin
+        goarch: arm64
+        env:
+          - CGO_ENABLED=1
 
 archives:
   - id: argocd-archive

From 862df08ec75d793a1c292f37c3b3189267939fbd Mon Sep 17 00:00:00 2001
From: Collin Walker <10523817+lets-call-n-walk@users.noreply.github.com>
Date: Wed, 18 Jun 2025 01:43:06 -0400
Subject: [PATCH 018/383] fix(appset): Add token to enterprise client (#23240)
 (#23455)

Signed-off-by: Collin Walker <cwalker@ancestry.com>
Co-authored-by: Collin Walker <cwalker@ancestry.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/services/pull_request/github.go | 6 +++++-
 applicationset/services/scm_provider/github.go | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go
index 8b962a95716e6..79b128b3b1d1e 100644
--- a/applicationset/services/pull_request/github.go
+++ b/applicationset/services/pull_request/github.go
@@ -37,7 +37,11 @@ func NewGithubService(token, url, owner, repo string, labels []string, optionalH
 		}
 	} else {
 		var err error
-		client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
+		if token == "" {
+			client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
+		} else {
+			client, err = github.NewClient(httpClient).WithAuthToken(token).WithEnterpriseURLs(url, url)
+		}
 		if err != nil {
 			return nil, err
 		}
diff --git a/applicationset/services/scm_provider/github.go b/applicationset/services/scm_provider/github.go
index 218daa97bba44..6684269a60313 100644
--- a/applicationset/services/scm_provider/github.go
+++ b/applicationset/services/scm_provider/github.go
@@ -36,7 +36,11 @@ func NewGithubProvider(organization string, token string, url string, allBranche
 		}
 	} else {
 		var err error
-		client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
+		if token == "" {
+			client, err = github.NewClient(httpClient).WithEnterpriseURLs(url, url)
+		} else {
+			client, err = github.NewClient(httpClient).WithAuthToken(token).WithEnterpriseURLs(url, url)
+		}
 		if err != nil {
 			return nil, err
 		}

From c8b09cb9f2ab58bc51c87eb759c8d9c2c711eb83 Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Wed, 18 Jun 2025 12:45:34 +0200
Subject: [PATCH 019/383] fix: minor oci fixes (#23434)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .mockery.yaml                                 |   3 +
 controller/appcontroller_test.go              |  12 +-
 controller/state.go                           |   2 +-
 controller/state_test.go                      |  28 ++
 reposerver/repository/repository.go           |   2 +-
 reposerver/repository/repository_test.go      |  76 ++-
 .../application-create-panel.tsx              |  11 +-
 .../application-parameters/source-panel.tsx   |  11 +-
 util/oci/mocks/Client.go                      | 433 ++++++++++++++++++
 9 files changed, 541 insertions(+), 37 deletions(-)
 create mode 100644 util/oci/mocks/Client.go

diff --git a/.mockery.yaml b/.mockery.yaml
index ca4a28b745206..5a25211e49be0 100644
--- a/.mockery.yaml
+++ b/.mockery.yaml
@@ -66,6 +66,9 @@ packages:
   github.com/argoproj/argo-cd/v3/util/helm:
     interfaces:
       Client: {}
+  github.com/argoproj/argo-cd/v3/util/oci:
+    interfaces:
+      Client: {}
   github.com/argoproj/argo-cd/v3/util/io:
     interfaces:
       TempPaths: {}
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index a1b8a641bf0d6..2061815242a7f 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -95,10 +95,10 @@ func (m *MockKubectl) DeleteResource(ctx context.Context, config *rest.Config, g
 }
 
 func newFakeController(data *fakeData, repoErr error) *ApplicationController {
-	return newFakeControllerWithResync(data, time.Minute, repoErr)
+	return newFakeControllerWithResync(data, time.Minute, repoErr, nil)
 }
 
-func newFakeControllerWithResync(data *fakeData, appResyncPeriod time.Duration, repoErr error) *ApplicationController {
+func newFakeControllerWithResync(data *fakeData, appResyncPeriod time.Duration, repoErr, revisionPathsErr error) *ApplicationController {
 	var clust corev1.Secret
 	err := yaml.Unmarshal([]byte(fakeCluster), &clust)
 	if err != nil {
@@ -124,7 +124,11 @@ func newFakeControllerWithResync(data *fakeData, appResyncPeriod time.Duration,
 		}
 	}
 
-	mockRepoClient.On("UpdateRevisionForPaths", mock.Anything, mock.Anything).Return(data.updateRevisionForPathsResponse, nil)
+	if revisionPathsErr != nil {
+		mockRepoClient.On("UpdateRevisionForPaths", mock.Anything, mock.Anything).Return(nil, revisionPathsErr)
+	} else {
+		mockRepoClient.On("UpdateRevisionForPaths", mock.Anything, mock.Anything).Return(data.updateRevisionForPathsResponse, nil)
+	}
 
 	mockRepoClientset := mockrepoclient.Clientset{RepoServerServiceClient: &mockRepoClient}
 
@@ -1898,7 +1902,7 @@ apps/Deployment:
 			{},
 			{},
 		},
-	}, time.Millisecond*10, nil)
+	}, time.Millisecond*10, nil, nil)
 
 	testCases := []struct {
 		name           string
diff --git a/controller/state.go b/controller/state.go
index efb6d9352f25a..a24856eeb498d 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -260,7 +260,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 			appNamespace = ""
 		}
 
-		if !source.IsHelm() && syncedRevision != "" && keyManifestGenerateAnnotationExists && keyManifestGenerateAnnotationVal != "" {
+		if !source.IsHelm() && !source.IsOCI() && syncedRevision != "" && keyManifestGenerateAnnotationExists && keyManifestGenerateAnnotationVal != "" {
 			// Validate the manifest-generate-path annotation to avoid generating manifests if it has not changed.
 			updateRevisionResult, err := repoClient.UpdateRevisionForPaths(context.Background(), &apiclient.UpdateRevisionForPathsRequest{
 				Repo:               repo,
diff --git a/controller/state_test.go b/controller/state_test.go
index 883e6c29db867..e6636b95f1e41 100644
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -1825,3 +1825,31 @@ func Test_normalizeClusterScopeTracking(t *testing.T) {
 	require.NoError(t, err)
 	require.True(t, called, "normalization function should have called the callback function")
 }
+
+func TestCompareAppState_DoesNotCallUpdateRevisionForPaths_ForOCI(t *testing.T) {
+	app := newFakeApp()
+	// Enable the manifest-generate-paths annotation and set a synced revision
+	app.SetAnnotations(map[string]string{v1alpha1.AnnotationKeyManifestGeneratePaths: "."})
+	app.Status.Sync = v1alpha1.SyncStatus{
+		Revision: "abc123",
+		Status:   v1alpha1.SyncStatusCodeSynced,
+	}
+
+	data := fakeData{
+		manifestResponse: &apiclient.ManifestResponse{
+			Manifests: []string{},
+			Namespace: test.FakeDestNamespace,
+			Server:    test.FakeClusterURL,
+			Revision:  "abc123",
+		},
+	}
+	ctrl := newFakeControllerWithResync(&data, time.Minute, nil, errors.New("this should not be called"))
+
+	source := app.Spec.GetSource()
+	source.RepoURL = "oci://example.com/argo/argo-cd"
+	sources := make([]v1alpha1.ApplicationSource, 0)
+	sources = append(sources, source)
+
+	_, _, _, err := ctrl.appStateManager.GetRepoObjs(app, sources, "abc123", []string{"123456"}, false, false, false, &defaultProj, false, false)
+	require.NoError(t, err)
+}
diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go
index ff9faaf257846..aa5526e14d842 100644
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -585,7 +585,7 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq
 	var err error
 
 	// Skip this path for ref only sources
-	if q.HasMultipleSources && q.ApplicationSource.Path == "" && !q.ApplicationSource.IsHelm() && q.ApplicationSource.IsRef() {
+	if q.HasMultipleSources && q.ApplicationSource.Path == "" && !q.ApplicationSource.IsOCI() && !q.ApplicationSource.IsHelm() && q.ApplicationSource.IsRef() {
 		log.Debugf("Skipping manifest generation for ref only source for application: %s and ref %s", q.AppName, q.ApplicationSource.Ref)
 		_, revision, err := s.newClientResolveRevision(q.Repo, q.Revision, git.WithCache(s.cache, !q.NoRevisionCache && !q.NoCache))
 		res = &apiclient.ManifestResponse{
diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go
index d9b942ae19ee2..af5bb0dc72ef3 100644
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -25,6 +25,8 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/apimachinery/pkg/util/intstr"
 
+	"github.com/argoproj/argo-cd/v3/util/oci"
+
 	cacheutil "github.com/argoproj/argo-cd/v3/util/cache"
 
 	"github.com/stretchr/testify/assert"
@@ -49,6 +51,7 @@ import (
 	helmmocks "github.com/argoproj/argo-cd/v3/util/helm/mocks"
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 	iomocks "github.com/argoproj/argo-cd/v3/util/io/mocks"
+	ocimocks "github.com/argoproj/argo-cd/v3/util/oci/mocks"
 )
 
 const testSignature = `gpg: Signature made Wed Feb 26 23:22:34 2020 CET
@@ -56,7 +59,7 @@ gpg:                using RSA key 4AEE18F83AFDEB23
 gpg: Good signature from "GitHub (web-flow commit signing) <noreply@github.com>" [ultimate]
 `
 
-type clientFunc func(*gitmocks.Client, *helmmocks.Client, *iomocks.TempPaths)
+type clientFunc func(*gitmocks.Client, *helmmocks.Client, *ocimocks.Client, *iomocks.TempPaths)
 
 type repoCacheMocks struct {
 	mock.Mock
@@ -104,7 +107,7 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git
 	if err != nil {
 		panic(err)
 	}
-	return newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) {
+	return newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, ociClient *ocimocks.Client, paths *iomocks.TempPaths) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
@@ -133,6 +136,10 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git
 		helmClient.On("CleanChartCache", oobChart, version).Return(nil)
 		helmClient.On("DependencyBuild").Return(nil)
 
+		ociClient.On("GetTags", mock.Anything, mock.Anything).Return(nil)
+		ociClient.On("ResolveRevision", mock.Anything, mock.Anything, mock.Anything).Return("", nil)
+		ociClient.On("Extract", mock.Anything, mock.Anything).Return("./testdata/my-chart", utilio.NopCloser, nil)
+
 		paths.On("Add", mock.Anything, mock.Anything).Return(root, nil)
 		paths.On("GetPath", mock.Anything).Return(root, nil)
 		paths.On("GetPathIfExists", mock.Anything).Return(root, nil)
@@ -144,8 +151,9 @@ func newServiceWithOpt(t *testing.T, cf clientFunc, root string) (*Service, *git
 	t.Helper()
 	helmClient := &helmmocks.Client{}
 	gitClient := &gitmocks.Client{}
+	ociClient := &ocimocks.Client{}
 	paths := &iomocks.TempPaths{}
-	cf(gitClient, helmClient, paths)
+	cf(gitClient, helmClient, ociClient, paths)
 	cacheMocks := newCacheMocks()
 	t.Cleanup(cacheMocks.mockCache.StopRedisCallback)
 	service := NewService(metrics.NewMetricsServer(), cacheMocks.cache, RepoServerInitConstants{ParallelismLimit: 1}, &git.NoopCredsStore{}, root)
@@ -156,6 +164,9 @@ func newServiceWithOpt(t *testing.T, cf clientFunc, root string) (*Service, *git
 	service.newHelmClient = func(_ string, _ helm.Creds, _ bool, _ string, _ string, _ ...helm.ClientOpts) helm.Client {
 		return helmClient
 	}
+	service.newOCIClient = func(_ string, _ oci.Creds, _ string, _ string, _ []string, _ ...oci.ClientOpts) (oci.Client, error) {
+		return ociClient, nil
+	}
 	service.gitRepoInitializer = func(_ string) goio.Closer {
 		return utilio.NopCloser
 	}
@@ -184,7 +195,7 @@ func newServiceWithCommitSHA(t *testing.T, root, revision string) *Service {
 		revisionErr = errors.New("not a commit SHA")
 	}
 
-	service, gitClient, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+	service, gitClient, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
@@ -3515,7 +3526,7 @@ func TestErrorGetGitDirectories(t *testing.T) {
 			},
 		}, want: nil, wantErr: assert.Error},
 		{name: "InvalidResolveRevision", fields: fields{service: func() *Service {
-			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 				gitClient.On("LsRemote", mock.Anything).Return("", errors.New("ah error"))
 				gitClient.On("Root").Return(root)
@@ -3532,7 +3543,7 @@ func TestErrorGetGitDirectories(t *testing.T) {
 			},
 		}, want: nil, wantErr: assert.Error},
 		{name: "ErrorVerifyCommit", fields: fields{service: func() *Service {
-			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 				gitClient.On("LsRemote", mock.Anything).Return("", errors.New("ah error"))
 				gitClient.On("VerifyCommitSignature", mock.Anything).Return("", fmt.Errorf("revision %s is not signed", "sadfsadf"))
@@ -3566,7 +3577,7 @@ func TestErrorGetGitDirectories(t *testing.T) {
 func TestGetGitDirectories(t *testing.T) {
 	// test not using the cache
 	root := "./testdata/git-files-dirs"
-	s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+	s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
@@ -3599,7 +3610,7 @@ func TestGetGitDirectories(t *testing.T) {
 func TestGetGitDirectoriesWithHiddenDirSupported(t *testing.T) {
 	// test not using the cache
 	root := "./testdata/git-files-dirs"
-	s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+	s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
@@ -3657,7 +3668,7 @@ func TestErrorGetGitFiles(t *testing.T) {
 			},
 		}, want: nil, wantErr: assert.Error},
 		{name: "InvalidResolveRevision", fields: fields{service: func() *Service {
-			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 				gitClient.On("LsRemote", mock.Anything).Return("", errors.New("ah error"))
 				gitClient.On("Root").Return(root)
@@ -3693,7 +3704,7 @@ func TestGetGitFiles(t *testing.T) {
 		"./testdata/git-files-dirs/config.yaml", "./testdata/git-files-dirs/config.yaml", "./testdata/git-files-dirs/app/foo/bar/config.yaml",
 	}
 	root := ""
-	s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+	s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 		gitClient.On("Init").Return(nil)
 		gitClient.On("IsRevisionPresent", mock.Anything).Return(false)
 		gitClient.On("Fetch", mock.Anything).Return(nil)
@@ -3760,7 +3771,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) {
 			},
 		}, want: nil, wantErr: assert.Error},
 		{name: "InvalidResolveRevision", fields: fields{service: func() *Service {
-			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 				gitClient.On("LsRemote", mock.Anything).Return("", errors.New("ah error"))
 				gitClient.On("Root").Return(root)
@@ -3778,7 +3789,7 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) {
 			},
 		}, want: nil, wantErr: assert.Error},
 		{name: "InvalidResolveSyncedRevision", fields: fields{service: func() *Service {
-			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 				gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
 				gitClient.On("LsRemote", mock.Anything).Return("", errors.New("ah error"))
@@ -3831,7 +3842,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
 		cacheHit *cacheHit
 	}{
 		{name: "NoPathAbort", fields: func() fields {
-			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *iomocks.TempPaths) {
+			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, _ *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 			}, ".")
 			return fields{
@@ -3846,7 +3857,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
 			},
 		}, want: &apiclient.UpdateRevisionForPathsResponse{}, wantErr: assert.NoError},
 		{name: "SameResolvedRevisionAbort", fields: func() fields {
-			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Checkout", mock.Anything, mock.Anything).Return("", nil)
 				gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
 				gitClient.On("LsRemote", "SYNCEDHEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil)
@@ -3869,7 +3880,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
 			Revision: "632039659e542ed7de0c170a4fcc1c571b288fc0",
 		}, wantErr: assert.NoError},
 		{name: "ChangedFilesDoNothing", fields: func() fields {
-			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Init").Return(nil)
 				gitClient.On("Fetch", mock.Anything).Once().Return(nil)
 				gitClient.On("IsRevisionPresent", "632039659e542ed7de0c170a4fcc1c571b288fc0").Once().Return(false)
@@ -3902,7 +3913,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
 			Changes:  true,
 		}, wantErr: assert.NoError},
 		{name: "NoChangesUpdateCache", fields: func() fields {
-			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Init").Return(nil)
 				gitClient.On("Fetch", mock.Anything).Once().Return(nil)
 				gitClient.On("IsRevisionPresent", "632039659e542ed7de0c170a4fcc1c571b288fc0").Once().Return(false)
@@ -3944,7 +3955,7 @@ func TestUpdateRevisionForPaths(t *testing.T) {
 			revision:         "632039659e542ed7de0c170a4fcc1c571b288fc0",
 		}},
 		{name: "NoChangesHelmMultiSourceUpdateCache", fields: func() fields {
-			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, paths *iomocks.TempPaths) {
+			s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, _ *helmmocks.Client, _ *ocimocks.Client, paths *iomocks.TempPaths) {
 				gitClient.On("Init").Return(nil)
 				gitClient.On("IsRevisionPresent", "632039659e542ed7de0c170a4fcc1c571b288fc0").Once().Return(false)
 				gitClient.On("Fetch", mock.Anything).Once().Return(nil)
@@ -4480,3 +4491,34 @@ func Test_SkipSchemaValidation(t *testing.T) {
 		require.ErrorContains(t, err, "values don't meet the specifications of the schema(s)")
 	})
 }
+
+func TestGenerateManifest_OCISourceSkipsGitClient(t *testing.T) {
+	svc := newService(t, t.TempDir())
+
+	gitCalled := false
+	svc.newGitClient = func(_, _ string, _ git.Creds, _, _ bool, _, _ string, _ ...git.ClientOpts) (git.Client, error) {
+		gitCalled = true
+		return nil, errors.New("git should not be called for OCI")
+	}
+
+	req := &apiclient.ManifestRequest{
+		HasMultipleSources: true,
+		Repo: &v1alpha1.Repository{
+			Repo: "oci://example.com/foo",
+		},
+		ApplicationSource: &v1alpha1.ApplicationSource{
+			Path:           "",
+			TargetRevision: "v1",
+			Ref:            "foo",
+			RepoURL:        "oci://example.com/foo",
+		},
+		ProjectName:        "foo-project",
+		ProjectSourceRepos: []string{"*"},
+	}
+
+	_, err := svc.GenerateManifest(t.Context(), req)
+	require.NoError(t, err)
+
+	// verify that newGitClient was never invoked
+	assert.False(t, gitCalled, "GenerateManifest should not invoke Git for OCI sources")
+}
diff --git a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
index 709ac01029353..4c9d6124482af 100644
--- a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
+++ b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
@@ -363,14 +363,11 @@ export const ApplicationCreatePanel = (props: {
                                                             <DataLoader
                                                                 input={{repoURL: app.spec.source.repoURL, revision: app.spec.source.targetRevision}}
                                                                 load={async src =>
-                                                                    (src.repoURL &&
-                                                                        services.repos
-                                                                            .apps(src.repoURL, src.revision, app.metadata.name, app.spec.project)
-                                                                            .then(apps => Array.from(new Set(apps.map(item => item.path))).sort())
-                                                                            .catch(() => new Array<string>())) ||
+                                                                    src.repoURL &&
+                                                                    // TODO: for autocomplete we need to fetch paths that are used by other apps within the same project making use of the same OCI repo
                                                                     new Array<string>()
                                                                 }>
-                                                                {(apps: string[]) => (
+                                                                {(paths: string[]) => (
                                                                     <FormField
                                                                         formApi={api}
                                                                         label='Path'
@@ -378,7 +375,7 @@ export const ApplicationCreatePanel = (props: {
                                                                         field='spec.source.path'
                                                                         component={AutocompleteField}
                                                                         componentProps={{
-                                                                            items: apps,
+                                                                            items: paths,
                                                                             filterSuggestions: true
                                                                         }}
                                                                     />
diff --git a/ui/src/app/applications/components/application-parameters/source-panel.tsx b/ui/src/app/applications/components/application-parameters/source-panel.tsx
index 537c5aba47cd4..130510f4b76dd 100644
--- a/ui/src/app/applications/components/application-parameters/source-panel.tsx
+++ b/ui/src/app/applications/components/application-parameters/source-panel.tsx
@@ -227,21 +227,18 @@ export const SourcePanel = (props: {
                                                                 revision: api.getFormState().values.spec?.source?.targetRevision
                                                             }}
                                                             load={async src =>
-                                                                (src.repoURL &&
-                                                                    (await services.repos
-                                                                        .apps(src.repoURL, src.revision, appInEdit.metadata.name, props.appCurrent.spec.project)
-                                                                        .then(apps => Array.from(new Set(apps.map(item => item.path))).sort())
-                                                                        .catch(() => new Array<string>()))) ||
+                                                                src.repoURL &&
+                                                                // TODO: for autocomplete we need to fetch paths that are used by other apps within the same project making use of the same OCI repo
                                                                 new Array<string>()
                                                             }>
-                                                            {(apps: string[]) => (
+                                                            {(paths: string[]) => (
                                                                 <FormField
                                                                     formApi={api}
                                                                     label='Path'
                                                                     field='spec.source.path'
                                                                     component={AutocompleteField}
                                                                     componentProps={{
-                                                                        items: apps,
+                                                                        items: paths,
                                                                         filterSuggestions: true
                                                                     }}
                                                                 />
diff --git a/util/oci/mocks/Client.go b/util/oci/mocks/Client.go
new file mode 100644
index 0000000000000..88ff601ba53b7
--- /dev/null
+++ b/util/oci/mocks/Client.go
@@ -0,0 +1,433 @@
+// Code generated by mockery; DO NOT EDIT.
+// github.com/vektra/mockery
+// template: testify
+
+package mocks
+
+import (
+	"context"
+
+	"github.com/argoproj/argo-cd/v3/util/io"
+	"github.com/opencontainers/image-spec/specs-go/v1"
+	mock "github.com/stretchr/testify/mock"
+)
+
+// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewClient(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *Client {
+	mock := &Client{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
+
+// Client is an autogenerated mock type for the Client type
+type Client struct {
+	mock.Mock
+}
+
+type Client_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *Client) EXPECT() *Client_Expecter {
+	return &Client_Expecter{mock: &_m.Mock}
+}
+
+// CleanCache provides a mock function for the type Client
+func (_mock *Client) CleanCache(revision string) error {
+	ret := _mock.Called(revision)
+
+	if len(ret) == 0 {
+		panic("no return value specified for CleanCache")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(string) error); ok {
+		r0 = returnFunc(revision)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// Client_CleanCache_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'CleanCache'
+type Client_CleanCache_Call struct {
+	*mock.Call
+}
+
+// CleanCache is a helper method to define mock.On call
+//   - revision string
+func (_e *Client_Expecter) CleanCache(revision interface{}) *Client_CleanCache_Call {
+	return &Client_CleanCache_Call{Call: _e.mock.On("CleanCache", revision)}
+}
+
+func (_c *Client_CleanCache_Call) Run(run func(revision string)) *Client_CleanCache_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *Client_CleanCache_Call) Return(err error) *Client_CleanCache_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *Client_CleanCache_Call) RunAndReturn(run func(revision string) error) *Client_CleanCache_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// DigestMetadata provides a mock function for the type Client
+func (_mock *Client) DigestMetadata(ctx context.Context, digest string) (*v1.Manifest, error) {
+	ret := _mock.Called(ctx, digest)
+
+	if len(ret) == 0 {
+		panic("no return value specified for DigestMetadata")
+	}
+
+	var r0 *v1.Manifest
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) (*v1.Manifest, error)); ok {
+		return returnFunc(ctx, digest)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *v1.Manifest); ok {
+		r0 = returnFunc(ctx, digest)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*v1.Manifest)
+		}
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context, string) error); ok {
+		r1 = returnFunc(ctx, digest)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Client_DigestMetadata_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DigestMetadata'
+type Client_DigestMetadata_Call struct {
+	*mock.Call
+}
+
+// DigestMetadata is a helper method to define mock.On call
+//   - ctx context.Context
+//   - digest string
+func (_e *Client_Expecter) DigestMetadata(ctx interface{}, digest interface{}) *Client_DigestMetadata_Call {
+	return &Client_DigestMetadata_Call{Call: _e.mock.On("DigestMetadata", ctx, digest)}
+}
+
+func (_c *Client_DigestMetadata_Call) Run(run func(ctx context.Context, digest string)) *Client_DigestMetadata_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *Client_DigestMetadata_Call) Return(manifest *v1.Manifest, err error) *Client_DigestMetadata_Call {
+	_c.Call.Return(manifest, err)
+	return _c
+}
+
+func (_c *Client_DigestMetadata_Call) RunAndReturn(run func(ctx context.Context, digest string) (*v1.Manifest, error)) *Client_DigestMetadata_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Extract provides a mock function for the type Client
+func (_mock *Client) Extract(ctx context.Context, revision string) (string, io.Closer, error) {
+	ret := _mock.Called(ctx, revision)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Extract")
+	}
+
+	var r0 string
+	var r1 io.Closer
+	var r2 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) (string, io.Closer, error)); ok {
+		return returnFunc(ctx, revision)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) string); ok {
+		r0 = returnFunc(ctx, revision)
+	} else {
+		r0 = ret.Get(0).(string)
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context, string) io.Closer); ok {
+		r1 = returnFunc(ctx, revision)
+	} else {
+		if ret.Get(1) != nil {
+			r1 = ret.Get(1).(io.Closer)
+		}
+	}
+	if returnFunc, ok := ret.Get(2).(func(context.Context, string) error); ok {
+		r2 = returnFunc(ctx, revision)
+	} else {
+		r2 = ret.Error(2)
+	}
+	return r0, r1, r2
+}
+
+// Client_Extract_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Extract'
+type Client_Extract_Call struct {
+	*mock.Call
+}
+
+// Extract is a helper method to define mock.On call
+//   - ctx context.Context
+//   - revision string
+func (_e *Client_Expecter) Extract(ctx interface{}, revision interface{}) *Client_Extract_Call {
+	return &Client_Extract_Call{Call: _e.mock.On("Extract", ctx, revision)}
+}
+
+func (_c *Client_Extract_Call) Run(run func(ctx context.Context, revision string)) *Client_Extract_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *Client_Extract_Call) Return(s string, closer io.Closer, err error) *Client_Extract_Call {
+	_c.Call.Return(s, closer, err)
+	return _c
+}
+
+func (_c *Client_Extract_Call) RunAndReturn(run func(ctx context.Context, revision string) (string, io.Closer, error)) *Client_Extract_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// GetTags provides a mock function for the type Client
+func (_mock *Client) GetTags(ctx context.Context, noCache bool) ([]string, error) {
+	ret := _mock.Called(ctx, noCache)
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetTags")
+	}
+
+	var r0 []string
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context, bool) ([]string, error)); ok {
+		return returnFunc(ctx, noCache)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context, bool) []string); ok {
+		r0 = returnFunc(ctx, noCache)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]string)
+		}
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context, bool) error); ok {
+		r1 = returnFunc(ctx, noCache)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Client_GetTags_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetTags'
+type Client_GetTags_Call struct {
+	*mock.Call
+}
+
+// GetTags is a helper method to define mock.On call
+//   - ctx context.Context
+//   - noCache bool
+func (_e *Client_Expecter) GetTags(ctx interface{}, noCache interface{}) *Client_GetTags_Call {
+	return &Client_GetTags_Call{Call: _e.mock.On("GetTags", ctx, noCache)}
+}
+
+func (_c *Client_GetTags_Call) Run(run func(ctx context.Context, noCache bool)) *Client_GetTags_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 bool
+		if args[1] != nil {
+			arg1 = args[1].(bool)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *Client_GetTags_Call) Return(strings []string, err error) *Client_GetTags_Call {
+	_c.Call.Return(strings, err)
+	return _c
+}
+
+func (_c *Client_GetTags_Call) RunAndReturn(run func(ctx context.Context, noCache bool) ([]string, error)) *Client_GetTags_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// ResolveRevision provides a mock function for the type Client
+func (_mock *Client) ResolveRevision(ctx context.Context, revision string, noCache bool) (string, error) {
+	ret := _mock.Called(ctx, revision, noCache)
+
+	if len(ret) == 0 {
+		panic("no return value specified for ResolveRevision")
+	}
+
+	var r0 string
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, bool) (string, error)); ok {
+		return returnFunc(ctx, revision, noCache)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, bool) string); ok {
+		r0 = returnFunc(ctx, revision, noCache)
+	} else {
+		r0 = ret.Get(0).(string)
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context, string, bool) error); ok {
+		r1 = returnFunc(ctx, revision, noCache)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Client_ResolveRevision_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ResolveRevision'
+type Client_ResolveRevision_Call struct {
+	*mock.Call
+}
+
+// ResolveRevision is a helper method to define mock.On call
+//   - ctx context.Context
+//   - revision string
+//   - noCache bool
+func (_e *Client_Expecter) ResolveRevision(ctx interface{}, revision interface{}, noCache interface{}) *Client_ResolveRevision_Call {
+	return &Client_ResolveRevision_Call{Call: _e.mock.On("ResolveRevision", ctx, revision, noCache)}
+}
+
+func (_c *Client_ResolveRevision_Call) Run(run func(ctx context.Context, revision string, noCache bool)) *Client_ResolveRevision_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 bool
+		if args[2] != nil {
+			arg2 = args[2].(bool)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+		)
+	})
+	return _c
+}
+
+func (_c *Client_ResolveRevision_Call) Return(s string, err error) *Client_ResolveRevision_Call {
+	_c.Call.Return(s, err)
+	return _c
+}
+
+func (_c *Client_ResolveRevision_Call) RunAndReturn(run func(ctx context.Context, revision string, noCache bool) (string, error)) *Client_ResolveRevision_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// TestRepo provides a mock function for the type Client
+func (_mock *Client) TestRepo(ctx context.Context) (bool, error) {
+	ret := _mock.Called(ctx)
+
+	if len(ret) == 0 {
+		panic("no return value specified for TestRepo")
+	}
+
+	var r0 bool
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context) (bool, error)); ok {
+		return returnFunc(ctx)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context) bool); ok {
+		r0 = returnFunc(ctx)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context) error); ok {
+		r1 = returnFunc(ctx)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Client_TestRepo_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'TestRepo'
+type Client_TestRepo_Call struct {
+	*mock.Call
+}
+
+// TestRepo is a helper method to define mock.On call
+//   - ctx context.Context
+func (_e *Client_Expecter) TestRepo(ctx interface{}) *Client_TestRepo_Call {
+	return &Client_TestRepo_Call{Call: _e.mock.On("TestRepo", ctx)}
+}
+
+func (_c *Client_TestRepo_Call) Run(run func(ctx context.Context)) *Client_TestRepo_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *Client_TestRepo_Call) Return(b bool, err error) *Client_TestRepo_Call {
+	_c.Call.Return(b, err)
+	return _c
+}
+
+func (_c *Client_TestRepo_Call) RunAndReturn(run func(ctx context.Context) (bool, error)) *Client_TestRepo_Call {
+	_c.Call.Return(run)
+	return _c
+}

From 30409e98c766f14f3a8425fd1989394ade6f346b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Jun 2025 01:06:24 -1000
Subject: [PATCH 020/383] chore(deps): bump sigstore/cosign-installer from
 3.8.2 to 3.9.0 (#23467)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/image-reuse.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index fe30fd9471da5..658ada5a6c792 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -73,7 +73,7 @@ jobs:
           cache: false
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+        uses: sigstore/cosign-installer@fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3 # v3.9.0
 
       - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

From 92c0bef43316130024102b31ad32337f02f1d1e3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 18 Jun 2025 21:27:45 +0300
Subject: [PATCH 021/383] chore(deps): bump docker/setup-buildx-action from
 3.10.0 to 3.11.0 (#23442)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/image-reuse.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index 658ada5a6c792..73bc9a22a984d 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -76,7 +76,7 @@ jobs:
         uses: sigstore/cosign-installer@fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3 # v3.9.0
 
       - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Setup tags for container image as a CSV type
         run: |

From 3758cd13da0765f380f50f0ea6a4014af6447bd0 Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Wed, 18 Jun 2025 11:38:12 -0700
Subject: [PATCH 022/383] fix: bump gitops-engine for ssd fix (#23456)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0dc221a5ebb22..0171b6c4b0726 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
-	github.com/argoproj/gitops-engine v0.7.1-0.20250616212358-8007df5f6c5d
+	github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58
 	github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
diff --git a/go.sum b/go.sum
index e5ef94dd9af77..e6976d9fb0f96 100644
--- a/go.sum
+++ b/go.sum
@@ -113,8 +113,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
-github.com/argoproj/gitops-engine v0.7.1-0.20250616212358-8007df5f6c5d h1:Zv34cXFLw5S+FUiksr6N7gVVvq7qvXuxmnwE2prND+k=
-github.com/argoproj/gitops-engine v0.7.1-0.20250616212358-8007df5f6c5d/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
+github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58 h1:9ESamu44v3dR9j/I4/4Aa1Fx3QSIE8ElK1CR8Z285uk=
+github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
 github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872 h1:ADGAdyN9ty0+RmTT/yn+xV9vwkqvLn9O1ccqeP0Zeas=
 github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
 github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM=

From 9c7b98661c94560e6e2ea393a7cec75ab2ba8507 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 18 Jun 2025 14:50:41 -0400
Subject: [PATCH 023/383] chore(deps): update dependency markdown to v3.8.1
 (#23480)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index ff7dc98ae0dd9..59f3cb330bb0b 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -5,5 +5,5 @@ mkdocs-material==7.1.8
 markdown_include==0.8.1
 pygments==2.19.1
 jinja2==3.1.6
-markdown==3.8
+markdown==3.8.1
 pymdown-extensions==10.15
\ No newline at end of file

From 0616899aa79c73f58063fae9df34b60d223be125 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 18 Jun 2025 16:37:57 -0400
Subject: [PATCH 024/383] fix(tests): race condition creating the sync id
 (#23481)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/sync.go           | 13 ++++------
 controller/syncid/id.go      | 20 ++++++++++++++++
 controller/syncid/id_test.go | 46 ++++++++++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+), 9 deletions(-)
 create mode 100644 controller/syncid/id.go
 create mode 100644 controller/syncid/id_test.go

diff --git a/controller/sync.go b/controller/sync.go
index 29e7e21a2da8d..b455bd2860fb8 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -7,7 +7,6 @@ import (
 	"os"
 	"strconv"
 	"strings"
-	"sync/atomic"
 	"time"
 
 	"k8s.io/apimachinery/pkg/util/strategicpatch"
@@ -29,6 +28,7 @@ import (
 	"k8s.io/kubectl/pkg/util/openapi"
 
 	"github.com/argoproj/argo-cd/v3/controller/metrics"
+	"github.com/argoproj/argo-cd/v3/controller/syncid"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	listersv1alpha1 "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1"
 	applog "github.com/argoproj/argo-cd/v3/util/app/log"
@@ -38,11 +38,8 @@ import (
 	kubeutil "github.com/argoproj/argo-cd/v3/util/kube"
 	logutils "github.com/argoproj/argo-cd/v3/util/log"
 	"github.com/argoproj/argo-cd/v3/util/lua"
-	"github.com/argoproj/argo-cd/v3/util/rand"
 )
 
-var syncIdPrefix uint64
-
 const (
 	// EnvVarSyncWaveDelay is an environment variable which controls the delay in seconds between
 	// each sync-wave
@@ -96,6 +93,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	// concrete git commit SHA, the SHA is remembered in the status.operationState.syncResult field.
 	// This ensures that when resuming an operation, we sync to the same revision that we initially
 	// started with.
+
 	var revision string
 	var syncOp v1alpha1.SyncOperation
 	var syncRes *v1alpha1.SyncOperationResult
@@ -248,15 +246,12 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		return
 	}
 
-	atomic.AddUint64(&syncIdPrefix, 1)
-	randSuffix, err := rand.String(5)
+	syncId, err := syncid.Generate()
 	if err != nil {
 		state.Phase = common.OperationError
-		state.Message = fmt.Sprintf("Failed generate random sync ID: %v", err)
+		state.Message = fmt.Sprintf("Failed to generate sync ID: %v", err)
 		return
 	}
-	syncId := fmt.Sprintf("%05d-%s", syncIdPrefix, randSuffix)
-
 	logEntry := log.WithFields(applog.GetAppLogFields(app)).WithField("syncId", syncId)
 	initialResourcesRes := make([]common.ResourceSyncResult, len(syncRes.Resources))
 	for i, res := range syncRes.Resources {
diff --git a/controller/syncid/id.go b/controller/syncid/id.go
new file mode 100644
index 0000000000000..d5f6f97c93a7c
--- /dev/null
+++ b/controller/syncid/id.go
@@ -0,0 +1,20 @@
+package syncid
+
+import (
+	"fmt"
+	"sync/atomic"
+
+	"github.com/argoproj/argo-cd/v3/util/rand"
+)
+
+var globalCount = &atomic.Uint64{}
+
+// Generate generates a new ID
+func Generate() (string, error) {
+	randSuffix, err := rand.String(5)
+	if err != nil {
+		return "", fmt.Errorf("failed to generate random suffix: %w", err)
+	}
+	prefix := globalCount.Add(1)
+	return fmt.Sprintf("%05d-%s", prefix, randSuffix), nil
+}
diff --git a/controller/syncid/id_test.go b/controller/syncid/id_test.go
new file mode 100644
index 0000000000000..4842d47e899ad
--- /dev/null
+++ b/controller/syncid/id_test.go
@@ -0,0 +1,46 @@
+package syncid
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGenerate(t *testing.T) {
+	t.Parallel()
+	const goroutines = 10
+	const idsPerGoroutine = 50
+	idsCh := make(chan string, goroutines*idsPerGoroutine)
+	errCh := make(chan error, goroutines*idsPerGoroutine)
+
+	// Reset globalCount for deterministic test (not strictly necessary, but can help in CI)
+	globalCount.Store(0)
+
+	// Run goroutines in parallel to test for race conditions
+	for g := 0; g < goroutines; g++ {
+		go func() {
+			for i := 0; i < idsPerGoroutine; i++ {
+				id, err := Generate()
+				if err != nil {
+					errCh <- err
+					continue
+				}
+				idsCh <- id
+			}
+		}()
+	}
+
+	ids := make(map[string]any)
+	for i := 0; i < goroutines*idsPerGoroutine; i++ {
+		select {
+		case err := <-errCh:
+			require.NoError(t, err)
+		case id := <-idsCh:
+			assert.Regexp(t, `^\d{5}-[a-zA-Z0-9]{5}$`, id, "ID should match the expected format")
+			_, exists := ids[id]
+			assert.False(t, exists, "ID should be unique")
+			ids[id] = id
+		}
+	}
+}

From a9ee4a7862573f11a307fd600098d7ef1ccf72ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcus=20S=C3=B6derberg?= <msoderb@gmail.com>
Date: Thu, 19 Jun 2025 13:01:37 +0200
Subject: [PATCH 025/383] docs(docs/operator-manual/ui-customization.md): fix
 typo in setting name (#23485)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Marcus Söderberg <msoderb@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/ui-customization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/ui-customization.md b/docs/operator-manual/ui-customization.md
index 4a8aade0756ca..6569d1fa6b6be 100644
--- a/docs/operator-manual/ui-customization.md
+++ b/docs/operator-manual/ui-customization.md
@@ -10,7 +10,7 @@ For the Pods view, the default grouping mechanism can be configured using the `p
 
 ## Node Labels in Pod View
 
-It's possible to propagate node labels to node information in the pod view by configuring `applications.allowedNodeLabels` in the [argocd-cm](argocd-cm-yaml.md) ConfigMap.
+It's possible to propagate node labels to node information in the pod view by configuring `application.allowedNodeLabels` in the [argocd-cm](argocd-cm-yaml.md) ConfigMap.
 
 The following configuration:
 ```yaml

From 6faea33bee526283e987c10262d8819bc80c6406 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Thu, 19 Jun 2025 17:20:31 +0530
Subject: [PATCH 026/383] update unit test

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/cache/cache.go      | 108 +++++++++++++++++++--------------------
 util/cache/cache_test.go |  40 ++++++++++++++-
 2 files changed, 93 insertions(+), 55 deletions(-)

diff --git a/util/cache/cache.go b/util/cache/cache.go
index e0a6dabfd13a4..28843d0289084 100644
--- a/util/cache/cache.go
+++ b/util/cache/cache.go
@@ -25,7 +25,7 @@ const (
 	// envRedisPassword is an env variable name which stores redis password
 	envRedisPassword = "REDIS_PASSWORD"
 	// envRedisUsername is an env variable name which stores redis username (for acl setup)
-	envRedisUsername = "REDIS_PASSWORD"
+	envRedisUsername = "REDIS_USERNAME"
 	// envRedisRetryCount is an env variable name which stores redis retry count
 	envRedisRetryCount = "REDIS_RETRY_COUNT"
 	// defaultRedisRetryCount holds default number of retries
@@ -140,19 +140,57 @@ func getFlagVal[T any](cmd *cobra.Command, o Options, name string, getVal func(n
 }
 
 // loadRedisCredsFromFile loads Redis credentials from a file mounted at the specified path.
-func loadRedisCredsFromFile(mountPath string) *redisCreds {
+func loadRedisCredsFromSecret(mountPath string, opt Options) *redisCreds {
 	creds := &redisCreds{}
-	readAuthDetailsFromFile := func(filename string) string {
-		data, err := os.ReadFile(filepath.Join(mountPath, filename))
-		if err != nil {
-			return ""
+	if mountPath != "" {
+		log.Info("Loading Redis credentials from file: ", mountPath)
+		readAuthDetailsFromFile := func(filename string) string {
+			data, err := os.ReadFile(filepath.Join(mountPath, filename))
+			if err != nil {
+				return ""
+			}
+			return strings.TrimSpace(string(data))
+		}
+		creds.password = readAuthDetailsFromFile("auth")
+		creds.username = readAuthDetailsFromFile("auth_username")
+		creds.sentinelUsername = readAuthDetailsFromFile("sentinel_username")
+		creds.sentinelPassword = readAuthDetailsFromFile("sentinel_auth")
+	}
+	// If credentials were not successfully loaded from file, or if file path was not provided,
+	// then read from individual environment variables. Environment variables also override file if specified via flag.
+	if creds.username == "" { // Only fall back if not set by file
+		creds.username = os.Getenv(envRedisUsername)
+		if opt.FlagPrefix != "" {
+			if val := os.Getenv(opt.getEnvPrefix() + envRedisUsername); val != "" {
+				creds.username = val
+			}
+		}
+	}
+	if creds.password == "" { // Only fall back if not set by file
+		creds.password = os.Getenv(envRedisPassword)
+		if opt.FlagPrefix != "" {
+			if val := os.Getenv(opt.getEnvPrefix() + envRedisPassword); val != "" {
+				creds.password = val
+			}
+		}
+	}
+	if creds.sentinelUsername == "" { // Only fall back if not set by file
+		creds.sentinelUsername = os.Getenv(envRedisSentinelUsername)
+		if opt.FlagPrefix != "" {
+			if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelUsername); val != "" {
+				creds.sentinelUsername = val
+			}
+		}
+	}
+	if creds.sentinelPassword == "" { // Only fall back if not set by file
+		creds.sentinelPassword = os.Getenv(envRedisSentinelPassword)
+		if opt.FlagPrefix != "" {
+			if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelPassword); val != "" {
+				creds.sentinelPassword = val
+			}
 		}
-		return strings.TrimSpace(string(data))
 	}
-	creds.password = readAuthDetailsFromFile("auth")
-	creds.username = readAuthDetailsFromFile("auth_username")
-	creds.sentinelUsername = readAuthDetailsFromFile("sentinel_username")
-	creds.sentinelPassword = readAuthDetailsFromFile("sentinel_auth")
+
 	return creds
 }
 
@@ -240,49 +278,11 @@ func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...Options) func() (*Cache, err
 				credsFilePath = val
 			}
 		}
-		// Try to read credentials from the file first
-		if credsFilePath != "" {
-			log.Info("Loading Redis credentials from file: ", credsFilePath)
-			creds := loadRedisCredsFromFile(credsFilePath)
-			password = creds.password
-			username = creds.username
-			sentinelUsername = creds.sentinelUsername
-			sentinelPassword = creds.sentinelPassword
-		}
-		// If credentials were not successfully loaded from file, or if file path was not provided,
-		// then read from individual environment variables. Environment variables also override file if specified via flag.
-		if username == "" { // Only fall back if not set by file
-			username = os.Getenv(envRedisUsername)
-			if opt.FlagPrefix != "" {
-				if val := os.Getenv(opt.getEnvPrefix() + envRedisUsername); val != "" {
-					username = val
-				}
-			}
-		}
-		if password == "" { // Only fall back if not set by file
-			password = os.Getenv(envRedisPassword)
-			if opt.FlagPrefix != "" {
-				if val := os.Getenv(opt.getEnvPrefix() + envRedisPassword); val != "" {
-					password = val
-				}
-			}
-		}
-		if sentinelUsername == "" { // Only fall back if not set by file
-			sentinelUsername = os.Getenv(envRedisSentinelUsername)
-			if opt.FlagPrefix != "" {
-				if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelUsername); val != "" {
-					sentinelUsername = val
-				}
-			}
-		}
-		if sentinelPassword == "" { // Only fall back if not set by file
-			sentinelPassword = os.Getenv(envRedisSentinelPassword)
-			if opt.FlagPrefix != "" {
-				if val := os.Getenv(opt.getEnvPrefix() + envRedisSentinelPassword); val != "" {
-					sentinelPassword = val
-				}
-			}
-		}
+		creds := loadRedisCredsFromSecret(credsFilePath, opt)
+		password = creds.password
+		username = creds.username
+		sentinelUsername = creds.sentinelUsername
+		sentinelPassword = creds.sentinelPassword
 		maxRetries := env.ParseNumFromEnv(envRedisRetryCount, defaultRedisRetryCount, 0, math.MaxInt32)
 		compression, err := CompressionTypeFromString(compressionStr)
 		if err != nil {
diff --git a/util/cache/cache_test.go b/util/cache/cache_test.go
index b465d5829facd..67e61cad32052 100644
--- a/util/cache/cache_test.go
+++ b/util/cache/cache_test.go
@@ -103,9 +103,47 @@ func TestLoadRedisCredsFromFile(t *testing.T) {
 	writeFile("sentinel_username", "sentineluser")
 	writeFile("sentinel_auth", "sentinelpass")
 
-	creds := loadRedisCredsFromFile(dir)
+	creds := loadRedisCredsFromSecret(dir, Options{})
 	assert.Equal(t, "mypassword", creds.password)
 	assert.Equal(t, "myuser", creds.username)
 	assert.Equal(t, "sentineluser", creds.sentinelUsername)
 	assert.Equal(t, "sentinelpass", creds.sentinelPassword)
 }
+func TestLoadRedisCredsFromEnv(t *testing.T) {
+	// Set environment variables
+	t.Setenv(envRedisPassword, "mypassword")
+	t.Setenv(envRedisUsername, "myuser")
+	t.Setenv(envRedisSentinelUsername, "sentineluser")
+	t.Setenv(envRedisSentinelPassword, "sentinelpass")
+
+	creds := loadRedisCredsFromSecret("", Options{})
+	assert.Equal(t, "mypassword", creds.password)
+	assert.Equal(t, "myuser", creds.username)
+	assert.Equal(t, "sentineluser", creds.sentinelUsername)
+	assert.Equal(t, "sentinelpass", creds.sentinelPassword)
+}
+
+func TestLoadRedisCredsFromBothEnvAndFile(t *testing.T) {
+	// Set environment variables
+	t.Setenv(envRedisPassword, "mypassword")
+	t.Setenv(envRedisUsername, "myuser")
+	t.Setenv(envRedisSentinelUsername, "sentineluser")
+	t.Setenv(envRedisSentinelPassword, "sentinelpass")
+
+	dir := t.TempDir()
+	// Helper to write a file
+	writeFile := func(name, content string) {
+		require.NoError(t, os.WriteFile(filepath.Join(dir, name), []byte(content), 0600))
+	}
+	// Write all files
+	writeFile("auth", "filepassword\n")
+	writeFile("auth_username", "fileuser")
+	writeFile("sentinel_username", "filesentineluser")
+	writeFile("sentinel_auth", "filesentinelpass")
+
+	creds := loadRedisCredsFromSecret(dir, Options{})
+	assert.Equal(t, "filepassword", creds.password)
+	assert.Equal(t, "fileuser", creds.username)
+	assert.Equal(t, "filesentineluser", creds.sentinelUsername)
+	assert.Equal(t, "filesentinelpass", creds.sentinelPassword)
+}

From f078ccc146d6b3818c8f943822900c039463d9be Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Thu, 19 Jun 2025 17:33:27 +0530
Subject: [PATCH 027/383] run gofumpt

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/cache/cache_test.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/util/cache/cache_test.go b/util/cache/cache_test.go
index 67e61cad32052..6e300e24145c6 100644
--- a/util/cache/cache_test.go
+++ b/util/cache/cache_test.go
@@ -95,7 +95,7 @@ func TestLoadRedisCredsFromFile(t *testing.T) {
 	dir := t.TempDir()
 	// Helper to write a file
 	writeFile := func(name, content string) {
-		require.NoError(t, os.WriteFile(filepath.Join(dir, name), []byte(content), 0600))
+		require.NoError(t, os.WriteFile(filepath.Join(dir, name), []byte(content), 0o400))
 	}
 	// Write all files
 	writeFile("auth", "mypassword\n")
@@ -109,6 +109,7 @@ func TestLoadRedisCredsFromFile(t *testing.T) {
 	assert.Equal(t, "sentineluser", creds.sentinelUsername)
 	assert.Equal(t, "sentinelpass", creds.sentinelPassword)
 }
+
 func TestLoadRedisCredsFromEnv(t *testing.T) {
 	// Set environment variables
 	t.Setenv(envRedisPassword, "mypassword")
@@ -133,7 +134,7 @@ func TestLoadRedisCredsFromBothEnvAndFile(t *testing.T) {
 	dir := t.TempDir()
 	// Helper to write a file
 	writeFile := func(name, content string) {
-		require.NoError(t, os.WriteFile(filepath.Join(dir, name), []byte(content), 0600))
+		require.NoError(t, os.WriteFile(filepath.Join(dir, name), []byte(content), 0o400))
 	}
 	// Write all files
 	writeFile("auth", "filepassword\n")

From 08f146e729cbe7321c09a458c4c2eb613af3e04e Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Thu, 19 Jun 2025 18:04:59 +0200
Subject: [PATCH 028/383] chore(test): prevent data race (#23488)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/admin/dashboard_test.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cmd/argocd/commands/admin/dashboard_test.go b/cmd/argocd/commands/admin/dashboard_test.go
index ebfadc86a2547..5013ac1c9a06f 100644
--- a/cmd/argocd/commands/admin/dashboard_test.go
+++ b/cmd/argocd/commands/admin/dashboard_test.go
@@ -24,24 +24,24 @@ func TestRun_SignalHandling_GracefulShutdown(t *testing.T) {
 		},
 	}
 
-	var err error
+	var runErr error
 	doneCh := make(chan struct{})
 	go func() {
-		err = d.Run(t.Context(), &DashboardConfig{ClientOpts: &apiclient.ClientOptions{}})
+		runErr = d.Run(t.Context(), &DashboardConfig{ClientOpts: &apiclient.ClientOptions{}})
 		close(doneCh)
 	}()
 
 	// Allow some time for the dashboard to register the signal handler
 	time.Sleep(50 * time.Millisecond)
 
-	proc, err := os.FindProcess(os.Getpid())
-	require.NoErrorf(t, err, "failed to find process: %v", err)
-	err = proc.Signal(syscall.SIGINT)
-	require.NoErrorf(t, err, "failed to send SIGINT: %v", err)
+	proc, procErr := os.FindProcess(os.Getpid())
+	require.NoErrorf(t, procErr, "failed to find process: %v", procErr)
+	sigErr := proc.Signal(syscall.SIGINT)
+	require.NoErrorf(t, sigErr, "failed to send SIGINT: %v", sigErr)
 
 	select {
 	case <-doneCh:
-		require.NoError(t, err)
+		require.NoError(t, runErr)
 	case <-time.After(500 * time.Millisecond):
 		t.Fatal("timeout: dashboard.Run did not exit after SIGINT")
 	}

From bba0a7f0acaa6514072471d8508cb7a0685ee4fc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 19 Jun 2025 12:55:41 -0400
Subject: [PATCH 029/383] chore(deps): bump
 github.com/hashicorp/go-retryablehttp from 0.7.7 to 0.7.8 (#23482)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0171b6c4b0726..5f77b17731822 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2
 	github.com/grpc-ecosystem/grpc-gateway v1.16.0
-	github.com/hashicorp/go-retryablehttp v0.7.7
+	github.com/hashicorp/go-retryablehttp v0.7.8
 	github.com/improbable-eng/grpc-web v0.15.1-0.20230209220825-1d9bbb09a099
 	github.com/itchyny/gojq v0.12.17
 	github.com/jarcoal/httpmock v1.4.0
diff --git a/go.sum b/go.sum
index e6976d9fb0f96..c7506fca8a07f 100644
--- a/go.sum
+++ b/go.sum
@@ -518,8 +518,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-retryablehttp v0.5.1/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
-github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48=
+github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw=
 github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
 github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=

From dd5551eff4633b8ba234b0ee90f21feb105715f0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 19 Jun 2025 12:56:58 -0400
Subject: [PATCH 030/383] chore(deps): update dependency
 gotestyourself/gotestsum to v1.12.3 (#23483)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/installers/install-gotestsum.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/installers/install-gotestsum.sh b/hack/installers/install-gotestsum.sh
index 2ed97cf79e360..6afd1a61b15ee 100755
--- a/hack/installers/install-gotestsum.sh
+++ b/hack/installers/install-gotestsum.sh
@@ -10,7 +10,7 @@ PATH="${INSTALL_PATH}:${PATH}"
 [ -d $INSTALL_PATH ] || mkdir -p $INSTALL_PATH
 
 # renovate: datasource=github-releases depName=gotestyourself/gotestsum packageName=gotestyourself/gotestsum
-GOTESTSUM_VERSION=1.12.2
+GOTESTSUM_VERSION=1.12.3
 
 OS=$(go env GOOS)
 ARCH=$(go env GOARCH)

From 680a194ddd79f9db0bb80cbe3464916f319eaac4 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Thu, 19 Jun 2025 13:00:01 -0400
Subject: [PATCH 031/383] ci: fix supported-version script (#23496)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/update-supported-versions.sh | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/hack/update-supported-versions.sh b/hack/update-supported-versions.sh
index 428b102fccb5f..ae25b598c35be 100755
--- a/hack/update-supported-versions.sh
+++ b/hack/update-supported-versions.sh
@@ -3,25 +3,22 @@
 out="| Argo CD version | Kubernetes versions |\n"
 out+="|-----------------|---------------------|\n"
 
-argocd_minor_version=$(git rev-parse --abbrev-ref HEAD | sed 's/release-//')
-argocd_major_version_num=$(echo "$argocd_minor_version" | sed -E 's/\.[0-9]+//')
-argocd_minor_version_num=$(echo "$argocd_minor_version" | sed -E 's/[0-9]+\.//')
+argocd_current_version=$(git rev-parse --abbrev-ref HEAD | sed 's/release-//')
+argocd_major_version_num=$(echo "$argocd_current_version" | sed -E 's/\.[0-9]+//')
+argocd_minor_version_num=$(echo "$argocd_current_version" | sed -E 's/[0-9]+\.//')
 
-minor_version_decrement=0
 for _ in {1..3}; do
-  minor_version_num=$((argocd_minor_version_num - minor_version_decrement))
-  minor_version="${argocd_major_version_num}.${minor_version_num}"
-  git checkout "release-$minor_version" > /dev/null || exit 1
+  argocd_version="${argocd_major_version_num}.${argocd_minor_version_num}"
+  git checkout "release-$argocd_version" > /dev/null || exit 1
 
   line=$(yq '.jobs["test-e2e"].strategy.matrix |
     # k3s-version was an array prior to 2.12. This checks for the old format first and then falls back to the new format.
     (.["k3s-version"] // (.k3s | map(.version))) |
     .[]' .github/workflows/ci-build.yaml | \
-    jq --arg minor_version "$minor_version" --raw-input --slurp --raw-output \
-    'split("\n")[:-1] | map(sub("\\.[0-9]+$"; "")) | join(", ") | "| \($minor_version) | \(.) |"')
+    jq --arg argocd_version "$argocd_version" --raw-input --slurp --raw-output \
+    'split("\n")[:-1] | map(sub("\\.[0-9]+$"; "")) | join(", ") | "| \($argocd_version) | \(.) |"')
   out+="$line\n"
 
-  minor_version_decrement=$((minor_version_decrement + 1))
 
   # If we're at minor version 0, there's no further version back in this series. Instead, move to the latest version in
   # the previous major release series.
@@ -29,13 +26,11 @@ for _ in {1..3}; do
     argocd_major_version_num=$((argocd_major_version_num - 1))
     # Get the latest minor version in the previous series.
     argocd_minor_version_num=$(git tag -l "v$argocd_major_version_num.*" | sort -V | tail -n 1 | sed -E 's/\.[0-9]+$//' | sed -E 's/^v[0-9]+\.//')
-
-    # Don't decrement the minor version, since we're switching to the previous major release series. We want the latest
-    # minor version in that series.
-    minor_version_decrement=0
+  else
+    argocd_minor_version_num=$((argocd_minor_version_num - 1))
   fi
 done
 
-git checkout "release-$argocd_minor_version"
+git checkout "release-$argocd_current_version"
 
 printf "$out" > docs/operator-manual/tested-kubernetes-versions.md

From f6212d4c5da934db9c3b13990b27dbcc0a97921e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 19 Jun 2025 22:06:23 -0400
Subject: [PATCH 032/383] chore(deps): update dependency markdown to v3.8.2
 (#23499)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index 59f3cb330bb0b..a6b1d04116d7a 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -5,5 +5,5 @@ mkdocs-material==7.1.8
 markdown_include==0.8.1
 pygments==2.19.1
 jinja2==3.1.6
-markdown==3.8.1
+markdown==3.8.2
 pymdown-extensions==10.15
\ No newline at end of file

From 5a8d80353eb7dafb8119cc131085900e938fa0df Mon Sep 17 00:00:00 2001
From: Nicolas Richard <nicolas.richard@chime.com>
Date: Fri, 20 Jun 2025 11:38:04 -0700
Subject: [PATCH 033/383] feat(health):  Add healthCheck for CRD DatadogMetric
 (#23464)

Signed-off-by: Nicolas Richard <nicolas.richard@chime.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../datadoghq.com/DatadogMetric/health.lua    | 32 +++++++++++++++++++
 .../DatadogMetric/health_test.yaml            | 13 ++++++++
 .../testdata/degraded_error.yaml              | 24 ++++++++++++++
 .../testdata/degraded_invalid.yaml            | 19 +++++++++++
 .../DatadogMetric/testdata/healthy.yaml       | 25 +++++++++++++++
 5 files changed, 113 insertions(+)
 create mode 100644 resource_customizations/datadoghq.com/DatadogMetric/health.lua
 create mode 100644 resource_customizations/datadoghq.com/DatadogMetric/health_test.yaml
 create mode 100644 resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_error.yaml
 create mode 100644 resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_invalid.yaml
 create mode 100644 resource_customizations/datadoghq.com/DatadogMetric/testdata/healthy.yaml

diff --git a/resource_customizations/datadoghq.com/DatadogMetric/health.lua b/resource_customizations/datadoghq.com/DatadogMetric/health.lua
new file mode 100644
index 0000000000000..d10e4b0277969
--- /dev/null
+++ b/resource_customizations/datadoghq.com/DatadogMetric/health.lua
@@ -0,0 +1,32 @@
+-- Reference CRD can be found here:
+-- https://github.com/DataDog/helm-charts/blob/main/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml
+
+hs = {}
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for i, condition in ipairs(obj.status.conditions) do
+    -- Check for the "Error: True" condition first
+    if condition.type == "Error" and condition.status == "True" then
+      hs.status = "Degraded"
+      local reason = condition.reason or ""
+      local message = condition.message or "DatadogMetric reported an error"
+      if reason ~= "" then
+        hs.message = reason .. ": " .. message
+      else
+        hs.message = message
+      end
+      return hs
+    end
+  end
+  for i, condition in ipairs(obj.status.conditions) do
+    -- Check for the "Valid: False" condition
+    if condition.type == "Valid" and condition.status == "False" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "DatadogMetric is not valid"
+      return hs
+    end
+  end
+end
+-- If no "Degraded" conditions are found, default to Healthy
+hs.status = "Healthy"
+hs.message = "DatadogMetric is healthy"
+return hs
diff --git a/resource_customizations/datadoghq.com/DatadogMetric/health_test.yaml b/resource_customizations/datadoghq.com/DatadogMetric/health_test.yaml
new file mode 100644
index 0000000000000..b76369aca5098
--- /dev/null
+++ b/resource_customizations/datadoghq.com/DatadogMetric/health_test.yaml
@@ -0,0 +1,13 @@
+tests:
+  - healthStatus:
+      status: Degraded
+      message: "Unable to fetch data from Datadog: Processing data from API failed, reason: no serie was found for this query in API Response, check Cluster Agent logs for QueryIndex errors, query was: max:foo.bar.metric"
+    inputPath: testdata/degraded_error.yaml
+  - healthStatus:
+      status: Degraded
+      message: "The metric query is invalid"
+    inputPath: testdata/degraded_invalid.yaml
+  - healthStatus:
+      status: Healthy
+      message: "DatadogMetric is healthy"
+    inputPath: testdata/healthy.yaml
diff --git a/resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_error.yaml b/resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_error.yaml
new file mode 100644
index 0000000000000..2299770bb3429
--- /dev/null
+++ b/resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_error.yaml
@@ -0,0 +1,24 @@
+apiVersion: datadoghq.com/v1alpha1
+kind: DatadogMetric
+metadata:
+  name: foo-bar-metric
+  namespace: foo-namespace
+status:
+  autoscalerReferences:
+    - hpa:foo-namespace/foo-bar-hpa
+  conditions:
+    - lastTransitionTime: "2025-02-05T00:03:00Z"
+      lastUpdateTime: "2025-06-17T17:49:45Z"
+      status: "True"
+      type: Active
+    - lastTransitionTime: "2025-02-05T00:03:00Z"
+      lastUpdateTime: "2025-06-17T17:49:45Z"
+      status: "False"
+      type: Valid
+    - lastTransitionTime: "2025-02-05T00:03:30Z"
+      lastUpdateTime: "2025-06-17T17:49:45Z"
+      message: "Processing data from API failed, reason: no serie was found for this query in API Response, check Cluster Agent logs for QueryIndex errors, query was: max:foo.bar.metric"
+      reason: Unable to fetch data from Datadog
+      status: "True"
+      type: Error
+  currentValue: 0
diff --git a/resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_invalid.yaml b/resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_invalid.yaml
new file mode 100644
index 0000000000000..28ca69e2d8e50
--- /dev/null
+++ b/resource_customizations/datadoghq.com/DatadogMetric/testdata/degraded_invalid.yaml
@@ -0,0 +1,19 @@
+apiVersion: datadoghq.com/v1alpha1
+kind: DatadogMetric
+metadata:
+  name: foo-bar-metric-invalid
+  namespace: foo-namespace
+status:
+  autoscalerReferences:
+    - hpa:foo-namespace/foo-bar-hpa
+  conditions:
+    - lastTransitionTime: "2025-02-05T00:03:00Z"
+      lastUpdateTime: "2025-06-17T17:49:45Z"
+      status: "True"
+      type: Active
+    - lastTransitionTime: "2025-02-05T00:03:00Z"
+      lastUpdateTime: "2025-06-17T17:49:45Z"
+      status: "False"
+      type: Valid
+      message: "The metric query is invalid"
+  currentValue: 0 
\ No newline at end of file
diff --git a/resource_customizations/datadoghq.com/DatadogMetric/testdata/healthy.yaml b/resource_customizations/datadoghq.com/DatadogMetric/testdata/healthy.yaml
new file mode 100644
index 0000000000000..de708e7c506ee
--- /dev/null
+++ b/resource_customizations/datadoghq.com/DatadogMetric/testdata/healthy.yaml
@@ -0,0 +1,25 @@
+apiVersion: datadoghq.com/v1alpha1
+kind: DatadogMetric
+metadata:
+  name: foo-bar-metric
+  namespace: foo-namespace
+status:
+  autoscalerReferences:
+    - hpa:foo-namespace/foo-bar-hpa
+  conditions:
+    - lastTransitionTime: "2025-04-23T18:40:58Z"
+      lastUpdateTime: "2025-06-17T20:45:05Z"
+      status: "True"
+      type: Active
+    - lastTransitionTime: "2025-06-16T14:07:12Z"
+      lastUpdateTime: "2025-06-17T20:45:05Z"
+      status: "True"
+      type: Valid
+    - lastUpdateTime: "2025-06-17T20:44:30Z"
+      status: "True"
+      type: Updated
+    - lastTransitionTime: "2025-06-16T14:07:12Z"
+      lastUpdateTime: "2025-06-17T20:45:05Z"
+      status: "False"
+      type: Error
+  currentValue: 0

From dc13edf0de933df529bfea097af8a54eaf26fda5 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 21 Jun 2025 16:28:19 -0400
Subject: [PATCH 034/383] chore(deps): update docs dependencies (#23510)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index a6b1d04116d7a..3dc6ba50e31fd 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -3,7 +3,7 @@ mkdocs==1.6.1
 # Thus pointing to the older version of mkdocs-material.
 mkdocs-material==7.1.8
 markdown_include==0.8.1
-pygments==2.19.1
+pygments==2.19.2
 jinja2==3.1.6
 markdown==3.8.2
-pymdown-extensions==10.15
\ No newline at end of file
+pymdown-extensions==10.16
\ No newline at end of file

From ff9d673ad9283d9a14e5b74885d9ec481ca19caf Mon Sep 17 00:00:00 2001
From: Regina Voloshin <regina.voloshin@codefresh.io>
Date: Sun, 22 Jun 2025 17:09:02 +0300
Subject: [PATCH 035/383] fix(docs): fix
 applicationsetcontroller.enable.github.api.metrics to false in docs cm
 (#23516)

Signed-off-by: reggie-k <regina.voloshin@codefresh.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/argocd-cmd-params-cm.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml
index a773e57808976..ed79acfaabe11 100644
--- a/docs/operator-manual/argocd-cmd-params-cm.yaml
+++ b/docs/operator-manual/argocd-cmd-params-cm.yaml
@@ -283,7 +283,7 @@ data:
   # Comma delimited list of labels to preserve in generated applications
   applicationsetcontroller.global.preserved.labels: "acme.com/label1,acme.com/label2"
   # Enable GitHub API metrics for generators that use GitHub API
-  applicationsetcontroller.enable.github.api.metrics: "true"
+  applicationsetcontroller.enable.github.api.metrics: "false"
 
   ## Argo CD Notifications Controller Properties
   # Set the logging level. One of: debug|info|warn|error (default "info")

From 482ff42f7b4e0f458d670da4656f9bedbe713b34 Mon Sep 17 00:00:00 2001
From: dudinea <eugene.doudine@octopus.com>
Date: Sun, 22 Jun 2025 17:54:39 +0300
Subject: [PATCH 036/383] chore: Upgrade ubuntu base image to latest 25.04
 digest (#23479) (#23514)

Signed-off-by: Eugene Doudine <eugene.doudine@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Dockerfile                | 2 +-
 test/container/Dockerfile | 9 ++++++++-
 test/remote/Dockerfile    | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fe1f7bd61bba8..453b01acdba53 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
+ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 ####################################################################################################
 # Builder image
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index dc3a22e2461f9..73753eef006eb 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,9 +14,13 @@ FROM docker.io/library/registry:3.0@sha256:1fc7de654f2ac1247f0b67e8a459e273b0993
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
-FROM docker.io/library/ubuntu:24.04@sha256:1e622c5f073b4f6bfad6632f2616c7f59ef256e96fe78bf6a595d1dc4376ac02
+FROM docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
 ENV DEBIAN_FRONTEND=noninteractive
+
+# NOTE: binutils-gold contains the gold linker, which was recently removed
+#       from binutils, but is still nesessary for building lint-tools on arm64 only
+#       until this Golang issue is fixed: https://github.com/golang/go/issues/22040
 RUN  apt-get update && apt-get install --fix-missing -y \
     ca-certificates \
     curl \
@@ -34,6 +38,9 @@ RUN  apt-get update && apt-get install --fix-missing -y \
     sudo \
     tini \
     zip && \
+    if [ "$(uname -m)" = "aarch64" ]; then \
+       apt-get install --fix-missing -y binutils-gold; \
+    fi && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index ba89102783ea7..a1989a6eed9a1 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
+ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
 FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS go
 

From 9c868eebbb81a7198a0e8e6c4dee1ee18086b6b4 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 00:07:45 +0000
Subject: [PATCH 037/383] [Bot] docs: Update Snyk report (#23512)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   55 +-
 docs/snyk/master/argocd-iac-install.html      |   70 +-
 .../master/argocd-iac-namespace-install.html  |   70 +-
 docs/snyk/master/argocd-test.html             |   48 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    |    4 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    4 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    4 +-
 .../quay.io_argoproj_argocd_latest.html       |  106 +-
 docs/snyk/v2.13.8/argocd-iac-install.html     |    4 +-
 .../v2.13.8/argocd-iac-namespace-install.html |    4 +-
 docs/snyk/v2.13.8/argocd-test.html            |    6 +-
 .../v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html   |    6 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |    4 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |    4 +-
 .../quay.io_argoproj_argocd_v2.13.8.html      |  249 +-
 docs/snyk/v2.13.8/redis_7.0.15-alpine.html    |    4 +-
 .../argocd-iac-install.html                   |    4 +-
 .../argocd-iac-namespace-install.html         |    4 +-
 .../{v2.14.14 => v2.14.15}/argocd-test.html   |    4 +-
 .../ghcr.io_dexidp_dex_v2.41.1.html           |    6 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |    4 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |    4 +-
 .../quay.io_argoproj_argocd_v2.14.15.html}    |  499 ++-
 .../redis_7.0.15-alpine.html                  |    4 +-
 .../argocd-iac-install.html                   |    4 +-
 .../argocd-iac-namespace-install.html         |    4 +-
 docs/snyk/{v3.0.6 => v3.0.9}/argocd-test.html |  159 +-
 .../ghcr.io_dexidp_dex_v2.41.1.html           |    6 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    4 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    4 +-
 .../quay.io_argoproj_argocd_v3.0.9.html}      |  571 ++--
 .../redis_7.2.7-alpine.html                   |    4 +-
 docs/snyk/v3.1.0-rc1/argocd-iac-install.html  | 2891 ++++++++++++++++
 .../argocd-iac-namespace-install.html         | 2845 ++++++++++++++++
 docs/snyk/v3.1.0-rc1/argocd-test.html         | 1435 ++++++++
 .../ghcr.io_dexidp_dex_v2.43.0.html           | 2059 ++++++++++++
 ...s_docker_library_haproxy_3.0.8-alpine.html |  492 +++
 ...aws_docker_library_redis_7.2.7-alpine.html |  484 +++
 .../quay.io_argoproj_argocd_v3.1.0-rc1.html   | 2902 +++++++++++++++++
 39 files changed, 14296 insertions(+), 739 deletions(-)
 rename docs/snyk/{v2.14.14 => v2.14.15}/argocd-iac-install.html (99%)
 rename docs/snyk/{v2.14.14 => v2.14.15}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v2.14.14 => v2.14.15}/argocd-test.html (99%)
 rename docs/snyk/{v3.0.6 => v2.14.15}/ghcr.io_dexidp_dex_v2.41.1.html (99%)
 rename docs/snyk/{v2.14.14 => v2.14.15}/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html (99%)
 rename docs/snyk/{v2.14.14 => v2.14.15}/public.ecr.aws_docker_library_redis_7.0.15-alpine.html (99%)
 rename docs/snyk/{v2.14.14/quay.io_argoproj_argocd_v2.14.14.html => v2.14.15/quay.io_argoproj_argocd_v2.14.15.html} (89%)
 rename docs/snyk/{v2.14.14 => v2.14.15}/redis_7.0.15-alpine.html (99%)
 rename docs/snyk/{v3.0.6 => v3.0.9}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.0.6 => v3.0.9}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.0.6 => v3.0.9}/argocd-test.html (96%)
 rename docs/snyk/{v2.14.14 => v3.0.9}/ghcr.io_dexidp_dex_v2.41.1.html (99%)
 rename docs/snyk/{v3.0.6 => v3.0.9}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.0.6 => v3.0.9}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.0.6/quay.io_argoproj_argocd_v3.0.6.html => v3.0.9/quay.io_argoproj_argocd_v3.0.9.html} (90%)
 rename docs/snyk/{v3.0.6 => v3.0.9}/redis_7.2.7-alpine.html (99%)
 create mode 100644 docs/snyk/v3.1.0-rc1/argocd-iac-install.html
 create mode 100644 docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
 create mode 100644 docs/snyk/v3.1.0-rc1/argocd-test.html
 create mode 100644 docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
 create mode 100644 docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
 create mode 100644 docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
 create mode 100644 docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index 1f3993d67a2b1..db452278533a1 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -22,33 +22,46 @@ recent minor releases.
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.0.6
+### v3.1.0-rc1
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.0.6/argocd-test.html) | 0 | 3 | 7 | 0 |
-| [ui/yarn.lock](v3.0.6/argocd-test.html) | 0 | 1 | 2 | 4 |
-| [dex:v2.41.1](v3.0.6/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:3.0.8-alpine](v3.0.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.0.6/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.0.6](v3.0.6/quay.io_argoproj_argocd_v3.0.6.html) | 0 | 0 | 4 | 9 |
-| [redis:7.2.7-alpine](v3.0.6/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v3.0.6/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.0.6/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.1.0-rc1/argocd-test.html) | 0 | 0 | 5 | 0 |
+| [ui/yarn.lock](v3.1.0-rc1/argocd-test.html) | 0 | 0 | 1 | 2 |
+| [dex:v2.43.0](v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
+| [haproxy:3.0.8-alpine](v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.1.0-rc1](v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html) | 0 | 0 | 4 | 9 |
+| [install.yaml](v3.1.0-rc1/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.1.0-rc1/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.14.14
+### v3.0.9
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.14.14/argocd-test.html) | 0 | 1 | 8 | 0 |
-| [ui/yarn.lock](v2.14.14/argocd-test.html) | 0 | 0 | 2 | 3 |
-| [dex:v2.41.1](v2.14.14/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:2.6.17-alpine](v2.14.14/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
-| [redis:7.0.15-alpine](v2.14.14/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.14.14](v2.14.14/quay.io_argoproj_argocd_v2.14.14.html) | 0 | 0 | 4 | 9 |
-| [redis:7.0.15-alpine](v2.14.14/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [install.yaml](v2.14.14/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.14.14/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.0.9/argocd-test.html) | 0 | 3 | 5 | 0 |
+| [ui/yarn.lock](v3.0.9/argocd-test.html) | 0 | 1 | 2 | 4 |
+| [dex:v2.41.1](v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
+| [haproxy:3.0.8-alpine](v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.0.9](v3.0.9/quay.io_argoproj_argocd_v3.0.9.html) | 0 | 0 | 5 | 9 |
+| [redis:7.2.7-alpine](v3.0.9/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v3.0.9/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.0.9/argocd-iac-namespace-install.html) | - | - | - | - |
+
+### v2.14.15
+
+|    | Critical | High | Medium | Low |
+|---:|:--------:|:----:|:------:|:---:|
+| [go.mod](v2.14.15/argocd-test.html) | 0 | 1 | 8 | 0 |
+| [ui/yarn.lock](v2.14.15/argocd-test.html) | 0 | 0 | 2 | 3 |
+| [dex:v2.41.1](v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
+| [haproxy:2.6.17-alpine](v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
+| [redis:7.0.15-alpine](v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
+| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 5 | 9 |
+| [redis:7.0.15-alpine](v2.14.15/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
+| [install.yaml](v2.14.15/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.14.15/argocd-iac-namespace-install.html) | - | - | - | - |
 
 ### v2.13.8
 
@@ -59,7 +72,7 @@ recent minor releases.
 | [dex:v2.41.1](v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 5 | 9 |
+| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 6 | 9 |
 | [redis:7.0.15-alpine](v2.13.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.13.8/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.13.8/argocd-iac-namespace-install.html) | - | - | - | - |
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index d0bd4edc5a6e5..215e087933611 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:25:46 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:25:37 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -881,7 +881,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25466
+                              Line number: 25472
                           </li>
                       </ul>
               
@@ -933,7 +933,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25785
+                              Line number: 25791
                           </li>
                       </ul>
               
@@ -1049,7 +1049,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25262
+                              Line number: 25268
                           </li>
                       </ul>
               
@@ -1107,7 +1107,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25210
+                              Line number: 25216
                           </li>
                       </ul>
               
@@ -1165,7 +1165,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25324
+                              Line number: 25330
                           </li>
                       </ul>
               
@@ -1223,7 +1223,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25437
+                              Line number: 25443
                           </li>
                       </ul>
               
@@ -1281,7 +1281,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25461
+                              Line number: 25467
                           </li>
                       </ul>
               
@@ -1339,7 +1339,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25785
+                              Line number: 25791
                           </li>
                       </ul>
               
@@ -1397,7 +1397,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25520
+                              Line number: 25526
                           </li>
                       </ul>
               
@@ -1455,7 +1455,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25872
+                              Line number: 25878
                           </li>
                       </ul>
               
@@ -1513,7 +1513,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26276
+                              Line number: 26288
                           </li>
                       </ul>
               
@@ -1565,7 +1565,7 @@ <h2 class="card__title">Container is running with multiple open ports</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25242
+                              Line number: 25248
                           </li>
                       </ul>
               
@@ -1669,7 +1669,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25210
+                              Line number: 25216
                           </li>
                       </ul>
               
@@ -1721,7 +1721,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25437
+                              Line number: 25443
                           </li>
                       </ul>
               
@@ -1837,7 +1837,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25210
+                              Line number: 25216
                           </li>
                       </ul>
               
@@ -1895,7 +1895,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25262
+                              Line number: 25268
                           </li>
                       </ul>
               
@@ -1953,7 +1953,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25324
+                              Line number: 25330
                           </li>
                       </ul>
               
@@ -2011,7 +2011,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25437
+                              Line number: 25443
                           </li>
                       </ul>
               
@@ -2069,7 +2069,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25461
+                              Line number: 25467
                           </li>
                       </ul>
               
@@ -2127,7 +2127,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25785
+                              Line number: 25791
                           </li>
                       </ul>
               
@@ -2185,7 +2185,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25520
+                              Line number: 25526
                           </li>
                       </ul>
               
@@ -2243,7 +2243,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25872
+                              Line number: 25878
                           </li>
                       </ul>
               
@@ -2301,7 +2301,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26276
+                              Line number: 26288
                           </li>
                       </ul>
               
@@ -2357,7 +2357,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25132
+                              Line number: 25138
                           </li>
                       </ul>
               
@@ -2413,7 +2413,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25270
+                              Line number: 25276
                           </li>
                       </ul>
               
@@ -2469,7 +2469,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25245
+                              Line number: 25251
                           </li>
                       </ul>
               
@@ -2525,7 +2525,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25369
+                              Line number: 25375
                           </li>
                       </ul>
               
@@ -2581,7 +2581,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25454
+                              Line number: 25460
                           </li>
                       </ul>
               
@@ -2637,7 +2637,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25468
+                              Line number: 25474
                           </li>
                       </ul>
               
@@ -2693,7 +2693,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25792
+                              Line number: 25798
                           </li>
                       </ul>
               
@@ -2749,7 +2749,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25758
+                              Line number: 25764
                           </li>
                       </ul>
               
@@ -2805,7 +2805,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26175
+                              Line number: 26187
                           </li>
                       </ul>
               
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26539
+                              Line number: 26551
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index 3945b52447d30..768ad2fdc8ca3 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:25:58 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:25:47 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -835,7 +835,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1269
+                              Line number: 1275
                           </li>
                       </ul>
               
@@ -887,7 +887,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1588
+                              Line number: 1594
                           </li>
                       </ul>
               
@@ -1003,7 +1003,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1065
+                              Line number: 1071
                           </li>
                       </ul>
               
@@ -1061,7 +1061,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1013
+                              Line number: 1019
                           </li>
                       </ul>
               
@@ -1119,7 +1119,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1127
+                              Line number: 1133
                           </li>
                       </ul>
               
@@ -1177,7 +1177,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1240
+                              Line number: 1246
                           </li>
                       </ul>
               
@@ -1235,7 +1235,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1264
+                              Line number: 1270
                           </li>
                       </ul>
               
@@ -1293,7 +1293,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1588
+                              Line number: 1594
                           </li>
                       </ul>
               
@@ -1351,7 +1351,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1323
+                              Line number: 1329
                           </li>
                       </ul>
               
@@ -1409,7 +1409,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1675
+                              Line number: 1681
                           </li>
                       </ul>
               
@@ -1467,7 +1467,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2079
+                              Line number: 2091
                           </li>
                       </ul>
               
@@ -1519,7 +1519,7 @@ <h2 class="card__title">Container is running with multiple open ports</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1045
+                              Line number: 1051
                           </li>
                       </ul>
               
@@ -1623,7 +1623,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1013
+                              Line number: 1019
                           </li>
                       </ul>
               
@@ -1675,7 +1675,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1240
+                              Line number: 1246
                           </li>
                       </ul>
               
@@ -1791,7 +1791,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1013
+                              Line number: 1019
                           </li>
                       </ul>
               
@@ -1849,7 +1849,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1065
+                              Line number: 1071
                           </li>
                       </ul>
               
@@ -1907,7 +1907,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1127
+                              Line number: 1133
                           </li>
                       </ul>
               
@@ -1965,7 +1965,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1240
+                              Line number: 1246
                           </li>
                       </ul>
               
@@ -2023,7 +2023,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1264
+                              Line number: 1270
                           </li>
                       </ul>
               
@@ -2081,7 +2081,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1588
+                              Line number: 1594
                           </li>
                       </ul>
               
@@ -2139,7 +2139,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1323
+                              Line number: 1329
                           </li>
                       </ul>
               
@@ -2197,7 +2197,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1675
+                              Line number: 1681
                           </li>
                       </ul>
               
@@ -2255,7 +2255,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2079
+                              Line number: 2091
                           </li>
                       </ul>
               
@@ -2311,7 +2311,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 935
+                              Line number: 941
                           </li>
                       </ul>
               
@@ -2367,7 +2367,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1073
+                              Line number: 1079
                           </li>
                       </ul>
               
@@ -2423,7 +2423,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1048
+                              Line number: 1054
                           </li>
                       </ul>
               
@@ -2479,7 +2479,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1172
+                              Line number: 1178
                           </li>
                       </ul>
               
@@ -2535,7 +2535,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1257
+                              Line number: 1263
                           </li>
                       </ul>
               
@@ -2591,7 +2591,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1271
+                              Line number: 1277
                           </li>
                       </ul>
               
@@ -2647,7 +2647,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1595
+                              Line number: 1601
                           </li>
                       </ul>
               
@@ -2703,7 +2703,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1561
+                              Line number: 1567
                           </li>
                       </ul>
               
@@ -2759,7 +2759,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1978
+                              Line number: 1990
                           </li>
                       </ul>
               
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2342
+                              Line number: 2354
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index bb6ec6da80532..bcf4b531134a7 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:23:32 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:23:23 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,7 +470,7 @@ <h1 class="project__header__title">Snyk test report</h1>
               <div class="meta-counts">
                 <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
                 <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2104</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2103</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -625,7 +625,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7
+                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.8
         
                     </li>
                 </ul>
@@ -640,7 +640,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -651,7 +651,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -662,7 +662,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         gitlab.com/gitlab-org/api/client-go@0.130.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -675,7 +675,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -688,7 +688,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -701,7 +701,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -716,7 +716,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -731,7 +731,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -746,7 +746,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -761,7 +761,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -778,7 +778,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -795,7 +795,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                         
                                 </span>
         
@@ -841,7 +841,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    github.com/argoproj/argo-cd/v3@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others
+                                    github.com/argoproj/argo-cd/v3@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.8 and others
                     </li>
                 </ul>
         
@@ -855,7 +855,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -879,7 +879,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         gitlab.com/gitlab-org/api/client-go@0.130.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -894,7 +894,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -911,7 +911,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -928,7 +928,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -947,7 +947,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -966,7 +966,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index 35c30c8f59838..affe831d3d2cd 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:23:41 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:23:32 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 854e1b4a46965..06e93682b685c 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:23:46 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:23:37 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index c625264a740f8..201a6798355db 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:23:51 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:23:43 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index f456642225fbd..0e84a1bf1cd4e 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:24:12 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:24:02 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -603,7 +603,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libsystemd0@255.4-1ubuntu8.8
                                         
@@ -620,9 +620,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libsystemd0@255.4-1ubuntu8.8
                                         
@@ -728,7 +728,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -743,7 +743,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -754,7 +754,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -765,7 +765,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -780,7 +780,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -795,9 +795,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -812,11 +812,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -825,7 +825,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -840,9 +840,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -851,7 +851,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -860,9 +860,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -873,7 +873,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -888,7 +888,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -897,7 +897,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -908,7 +908,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -967,7 +967,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -982,7 +982,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -993,7 +993,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1004,7 +1004,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1019,7 +1019,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1034,9 +1034,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1051,11 +1051,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1064,7 +1064,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1079,9 +1079,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1090,7 +1090,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1099,9 +1099,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1112,7 +1112,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1127,7 +1127,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1136,7 +1136,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1147,7 +1147,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -1239,7 +1239,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
@@ -1454,7 +1454,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.7
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.8
         
                     </li>
                 </ul>
@@ -1469,7 +1469,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        github.com/hashicorp/go-retryablehttp@v0.7.8
                                         
                                 </span>
         
@@ -1694,7 +1694,7 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250613154745-f8f1b61ba3fd
+                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
         
                     </li>
                 </ul>
@@ -1709,7 +1709,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250613154745-f8f1b61ba3fd
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
                                         
                                 </span>
         
@@ -1763,7 +1763,7 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250613154745-f8f1b61ba3fd
+                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
         
                     </li>
                 </ul>
@@ -1778,7 +1778,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250613154745-f8f1b61ba3fd
+                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
                                         
                                 </span>
         
@@ -2475,7 +2475,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libsystemd0@255.4-1ubuntu8.8
                                          <span class="list-paths__item__arrow">›</span> 
diff --git a/docs/snyk/v2.13.8/argocd-iac-install.html b/docs/snyk/v2.13.8/argocd-iac-install.html
index 39a2731dcedfa..97bf8c22056d4 100644
--- a/docs/snyk/v2.13.8/argocd-iac-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:33:38 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:35:54 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
index dd262e43ff6cf..2e64e0e4e6666 100644
--- a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:33:47 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:36:03 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-test.html b/docs/snyk/v2.13.8/argocd-test.html
index 6bc70151e14cd..09968185bb63c 100644
--- a/docs/snyk/v2.13.8/argocd-test.html
+++ b/docs/snyk/v2.13.8/argocd-test.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:31:33 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:33:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -1607,7 +1607,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
diff --git a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
index a196ea321f195..ece271ad04d14 100644
--- a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:31:40 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:33:54 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -1216,7 +1216,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index e3f7d16c47cf8..bedef59a3b1ec 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:31:44 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:33:58 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index c79f686d0464c..cdb3419e3d765 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:31:48 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:34:02 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
index 1fcfcf5baac2d..ce793da846851 100644
--- a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
+++ b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="30 known vulnerabilities found in 108 vulnerable dependency paths.">
+  <meta name="description" content="31 known vulnerabilities found in 122 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:32:07 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:34:23 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,8 +470,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>30</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>108 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>31</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>122 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2361</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -997,6 +997,243 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            pam/libpam0g
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and pam/libpam0g@1.5.3-5ubuntu5.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>pam</code> to version 1.5.3-5ubuntu5.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-10379114">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
@@ -1813,7 +2050,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
diff --git a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
index a56c5d3a84913..9020e831c5727 100644
--- a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:32:11 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:34:28 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.14/argocd-iac-install.html b/docs/snyk/v2.14.15/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v2.14.14/argocd-iac-install.html
rename to docs/snyk/v2.14.15/argocd-iac-install.html
index 47083a0b19d3b..f44359ce8c2fd 100644
--- a/docs/snyk/v2.14.14/argocd-iac-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:31:07 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:33:23 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.14/argocd-iac-namespace-install.html b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v2.14.14/argocd-iac-namespace-install.html
rename to docs/snyk/v2.14.15/argocd-iac-namespace-install.html
index 80b9622900e6b..5bf7160ab44d1 100644
--- a/docs/snyk/v2.14.14/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:31:17 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:33:32 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.14/argocd-test.html b/docs/snyk/v2.14.15/argocd-test.html
similarity index 99%
rename from docs/snyk/v2.14.14/argocd-test.html
rename to docs/snyk/v2.14.15/argocd-test.html
index 693734afd8038..388ba085c1f20 100644
--- a/docs/snyk/v2.14.14/argocd-test.html
+++ b/docs/snyk/v2.14.15/argocd-test.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:28:55 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:31:11 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.6/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
similarity index 99%
rename from docs/snyk/v3.0.6/ghcr.io_dexidp_dex_v2.41.1.html
rename to docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
index 561e9c0c46418..ef19a24340a51 100644
--- a/docs/snyk/v3.0.6/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:26:25 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:31:17 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -1216,7 +1216,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
diff --git a/docs/snyk/v2.14.14/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
similarity index 99%
rename from docs/snyk/v2.14.14/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
rename to docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index 5cf0b1e46cca2..2d5253b29de42 100644
--- a/docs/snyk/v2.14.14/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:29:07 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:31:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.14/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
similarity index 99%
rename from docs/snyk/v2.14.14/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
rename to docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index 35aea14762560..70c2e13ca898c 100644
--- a/docs/snyk/v2.14.14/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:29:12 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:31:26 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.14/quay.io_argoproj_argocd_v2.14.14.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
similarity index 89%
rename from docs/snyk/v2.14.14/quay.io_argoproj_argocd_v2.14.14.html
rename to docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
index 51b3451709dcd..09b275da338e4 100644
--- a/docs/snyk/v2.14.14/quay.io_argoproj_argocd_v2.14.14.html
+++ b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="26 known vulnerabilities found in 94 vulnerable dependency paths.">
+  <meta name="description" content="27 known vulnerabilities found in 108 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,22 +456,22 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:29:32 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:31:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.14/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.14//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.14/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.14/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.15//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>26</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>94 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>108 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -492,7 +492,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -563,7 +563,7 @@ <h2 class="card__title">Denial of Service (DoS)</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -646,7 +646,7 @@ <h2 class="card__title">Race Condition</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -659,7 +659,7 @@ <h2 class="card__title">Race Condition</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and systemd/libsystemd0@255.4-1ubuntu8.8
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and systemd/libsystemd0@255.4-1ubuntu8.8
         
                     </li>
                 </ul>
@@ -672,7 +672,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libsystemd0@255.4-1ubuntu8.8
                                         
@@ -681,7 +681,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -692,7 +692,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         procps/libproc2-0@2:4.0.4-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -703,7 +703,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         procps@2:4.0.4-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -714,7 +714,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -725,7 +725,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux/bsdutils@1:2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -736,7 +736,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -749,7 +749,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -766,7 +766,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -785,7 +785,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libudev1@255.4-1ubuntu8.8
                                         
@@ -794,7 +794,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -805,7 +805,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -816,7 +816,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -856,6 +856,243 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            pam/libpam0g
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and pam/libpam0g@1.5.3-5ubuntu5.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>pam</code> to version 1.5.3-5ubuntu5.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-10379114">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
@@ -869,7 +1106,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -882,7 +1119,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and pam/libpam0g@1.5.3-5ubuntu5.1
         
                     </li>
                 </ul>
@@ -895,7 +1132,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.1
                                         
@@ -904,7 +1141,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -915,7 +1152,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -926,7 +1163,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -941,7 +1178,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -958,7 +1195,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -977,7 +1214,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.1
                                         
@@ -986,7 +1223,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1003,7 +1240,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.1
                                         
@@ -1012,7 +1249,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1023,7 +1260,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1034,7 +1271,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1049,7 +1286,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                         
@@ -1058,7 +1295,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1108,7 +1345,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1121,7 +1358,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and pam/libpam0g@1.5.3-5ubuntu5.1
         
                     </li>
                 </ul>
@@ -1134,7 +1371,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.1
                                         
@@ -1143,7 +1380,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1154,7 +1391,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1165,7 +1402,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1180,7 +1417,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1197,7 +1434,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1216,7 +1453,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.1
                                         
@@ -1225,7 +1462,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1242,7 +1479,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.1
                                         
@@ -1251,7 +1488,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1262,7 +1499,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1273,7 +1510,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1288,7 +1525,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                         
@@ -1297,7 +1534,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1350,7 +1587,7 @@ <h2 class="card__title">LGPL-3.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1410,7 +1647,7 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1453,7 +1690,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
@@ -1535,7 +1772,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1595,7 +1832,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1655,7 +1892,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1715,7 +1952,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1775,7 +2012,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1835,7 +2072,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1895,7 +2132,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1965,7 +2202,7 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2034,7 +2271,7 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2103,7 +2340,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2117,7 +2354,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v2.14.14, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2129,7 +2366,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2140,7 +2377,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                         
@@ -2149,7 +2386,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.4.1-1ubuntu0.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2196,7 +2433,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2209,7 +2446,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -2222,7 +2459,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2231,7 +2468,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2242,7 +2479,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2255,7 +2492,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2301,7 +2538,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2314,7 +2551,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2327,7 +2564,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2371,7 +2608,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2384,7 +2621,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2397,7 +2634,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2446,7 +2683,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2459,7 +2696,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -2472,7 +2709,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2481,7 +2718,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2492,7 +2729,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2503,7 +2740,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2514,7 +2751,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2525,7 +2762,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2538,7 +2775,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2553,7 +2790,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2570,7 +2807,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2587,7 +2824,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2596,7 +2833,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2644,7 +2881,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2657,7 +2894,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2670,7 +2907,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2679,7 +2916,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2690,7 +2927,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2701,7 +2938,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2712,7 +2949,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2725,7 +2962,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2738,7 +2975,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2751,7 +2988,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2810,7 +3047,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2823,7 +3060,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnupg2/gpgv@2.4.4-2ubuntu17.2
         
                     </li>
                 </ul>
@@ -2836,7 +3073,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpgv@2.4.4-2ubuntu17.2
                                         
@@ -2845,7 +3082,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2856,7 +3093,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2867,7 +3104,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2878,7 +3115,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2889,7 +3126,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.2
                                         
@@ -2898,7 +3135,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                         
@@ -2907,7 +3144,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.2
                                         
@@ -2956,7 +3193,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2969,7 +3206,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and glibc/libc-bin@2.39-0ubuntu8.4
         
                     </li>
                 </ul>
@@ -2982,7 +3219,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc-bin@2.39-0ubuntu8.4
                                         
@@ -2991,7 +3228,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc6@2.39-0ubuntu8.4
                                         
@@ -3037,7 +3274,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3051,7 +3288,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v2.14.14, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -3063,7 +3300,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3116,7 +3353,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.14/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3129,7 +3366,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v2.14.14 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -3142,7 +3379,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.14
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         
diff --git a/docs/snyk/v2.14.14/redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
similarity index 99%
rename from docs/snyk/v2.14.14/redis_7.0.15-alpine.html
rename to docs/snyk/v2.14.15/redis_7.0.15-alpine.html
index 414f179b45b40..9356f7e820bbe 100644
--- a/docs/snyk/v2.14.14/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:29:36 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:31:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.6/argocd-iac-install.html b/docs/snyk/v3.0.9/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.0.6/argocd-iac-install.html
rename to docs/snyk/v3.0.9/argocd-iac-install.html
index dbdf2aabc674a..ce725cca7710a 100644
--- a/docs/snyk/v3.0.6/argocd-iac-install.html
+++ b/docs/snyk/v3.0.9/argocd-iac-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:28:26 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:30:40 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.6/argocd-iac-namespace-install.html b/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.0.6/argocd-iac-namespace-install.html
rename to docs/snyk/v3.0.9/argocd-iac-namespace-install.html
index 237616e3d146d..375be43165be2 100644
--- a/docs/snyk/v3.0.6/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:28:36 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:30:50 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.6/argocd-test.html b/docs/snyk/v3.0.9/argocd-test.html
similarity index 96%
rename from docs/snyk/v3.0.6/argocd-test.html
rename to docs/snyk/v3.0.9/argocd-test.html
index 43b0baedd45f8..eb48b44be6249 100644
--- a/docs/snyk/v3.0.6/argocd-test.html
+++ b/docs/snyk/v3.0.9/argocd-test.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="17 known vulnerabilities found in 108 vulnerable dependency paths.">
+  <meta name="description" content="15 known vulnerabilities found in 105 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:26:16 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:28:34 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -468,9 +468,9 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>108 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2079</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>15</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>105 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2085</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -1765,151 +1765,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            gopkg.in/retry.v1
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v3@0.0.0, github.com/Azure/kubelogin/pkg/token@0.1.9 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/kubelogin/pkg/token@0.1.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/kubelogin/pkg/internal/token@0.1.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@1.0.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>LGPL-3.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Unexpected Status Code or Return Value</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/redis/go-redis/v9
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/redis/go-redis/v9@9.7.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@9.7.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-redis/cache/v9@9.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@9.7.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in <code>initConn()</code>, which causes out of order responses when <code>CLIENT SETINFO</code> times out while establishing a connection.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by setting <code>DisableIndentity</code> to true when initializing a client.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/redis/go-redis/v9</code> to version 9.5.5, 9.6.3, 9.7.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6">GitHub Commit</a></li>
-        <li><a href="https://github.com/redis/go-redis/pull/3295">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMREDISGOREDISV9-9486471">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
@@ -3185,7 +3040,7 @@ <h2 id="poc">PoC</h2>
         );
         </code></pre>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
diff --git a/docs/snyk/v2.14.14/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
similarity index 99%
rename from docs/snyk/v2.14.14/ghcr.io_dexidp_dex_v2.41.1.html
rename to docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
index ae16e1852ddc7..84426cdcb307d 100644
--- a/docs/snyk/v2.14.14/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:29:02 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:28:40 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -1216,7 +1216,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
diff --git a/docs/snyk/v3.0.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index f9ffcfade40d5..f69085d8e9c7c 100644
--- a/docs/snyk/v3.0.6/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:26:28 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:28:43 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.6/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.6/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index d4ca98ca0d0b9..a71158e22d230 100644
--- a/docs/snyk/v3.0.6/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:26:31 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:28:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.6/quay.io_argoproj_argocd_v3.0.6.html b/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
similarity index 90%
rename from docs/snyk/v3.0.6/quay.io_argoproj_argocd_v3.0.6.html
rename to docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
index 6ddc33d9fc144..a9b3631b0aa2c 100644
--- a/docs/snyk/v3.0.6/quay.io_argoproj_argocd_v3.0.6.html
+++ b/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="27 known vulnerabilities found in 95 vulnerable dependency paths.">
+  <meta name="description" content="26 known vulnerabilities found in 107 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,23 +456,23 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:26:48 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:29:04 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.6/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.6//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.6/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.6/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.9//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>95 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2359</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>26</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>107 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -492,7 +492,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -562,7 +562,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -632,7 +632,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -702,7 +702,7 @@ <h2 class="card__title">Race Condition</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -715,7 +715,7 @@ <h2 class="card__title">Race Condition</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and systemd/libsystemd0@255.4-1ubuntu8.8
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and systemd/libsystemd0@255.4-1ubuntu8.8
         
                     </li>
                 </ul>
@@ -728,7 +728,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libsystemd0@255.4-1ubuntu8.8
                                         
@@ -737,7 +737,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -748,7 +748,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         procps/libproc2-0@2:4.0.4-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -759,7 +759,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         procps@2:4.0.4-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -770,7 +770,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -781,7 +781,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux/bsdutils@1:2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -792,7 +792,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -805,7 +805,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -822,7 +822,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -841,7 +841,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libudev1@255.4-1ubuntu8.8
                                         
@@ -850,7 +850,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -861,7 +861,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -872,7 +872,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -914,7 +914,7 @@ <h2 id="references">References</h2>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
+            <h2 class="card__title">Directory Traversal</h2>
             <div class="card__section">
         
                 <div class="label label--medium">
@@ -925,7 +925,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -938,7 +938,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and pam/libpam0g@1.5.3-5ubuntu5.1
         
                     </li>
                 </ul>
@@ -951,7 +951,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.1
                                         
@@ -960,7 +960,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -971,7 +971,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -982,7 +982,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -997,7 +997,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1014,7 +1014,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1033,7 +1033,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.1
                                         
@@ -1042,7 +1042,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1059,7 +1059,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.1
                                         
@@ -1068,7 +1068,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1079,7 +1079,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1090,7 +1090,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1105,7 +1105,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                         
@@ -1114,7 +1114,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1132,28 +1132,26 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
+        <p>A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>pam</code> to version 1.5.3-5ubuntu5.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-10379114">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Authentication</h2>
+            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
                 <div class="label label--medium">
@@ -1164,7 +1162,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1177,7 +1175,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and pam/libpam0g@1.5.3-5ubuntu5.1
         
                     </li>
                 </ul>
@@ -1190,7 +1188,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.1
                                         
@@ -1199,7 +1197,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1210,7 +1208,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1221,7 +1219,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1236,7 +1234,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1253,7 +1251,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1272,7 +1270,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.1
                                         
@@ -1281,7 +1279,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1298,7 +1296,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.1
                                         
@@ -1307,7 +1305,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1318,7 +1316,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1329,7 +1327,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1344,7 +1342,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.1
                                         
@@ -1353,7 +1351,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1371,31 +1369,28 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
+        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
         <h2 id="remediation">Remediation</h2>
         <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
+            <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
                 <div class="label label--medium">
@@ -1406,20 +1401,20 @@ <h2 class="card__title">LGPL-3.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            gopkg.in/retry.v1
+                            pam/libpam0g
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and gopkg.in/retry.v1@v1.0.3
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and pam/libpam0g@1.5.3-5ubuntu5.1
         
                     </li>
                 </ul>
@@ -1432,9 +1427,174 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@v1.0.3
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
                                         
                                 </span>
         
@@ -1445,12 +1605,29 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>LGPL-3.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -1466,7 +1643,7 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1509,7 +1686,7 @@ <h2 id="overview">Overview</h2>
         <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
         <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
         <h2 id="details">Details</h2>
-        <p>A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.</p>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
         <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
         <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
         <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
@@ -1578,76 +1755,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Unexpected Status Code or Return Value</h2>
-            <div class="card__section">
-        
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/redis/go-redis/v9
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/redis/go-redis/v9@v9.7.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@v9.7.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in <code>initConn()</code>, which causes out of order responses when <code>CLIENT SETINFO</code> times out while establishing a connection.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by setting <code>DisableIndentity</code> to true when initializing a client.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/redis/go-redis/v9</code> to version 9.5.5, 9.6.3, 9.7.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6">GitHub Commit</a></li>
-        <li><a href="https://github.com/redis/go-redis/pull/3295">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMREDISGOREDISV9-9486471">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
@@ -1661,7 +1768,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1721,7 +1828,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1781,7 +1888,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1841,7 +1948,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1901,7 +2008,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1961,7 +2068,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2021,7 +2128,7 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2090,7 +2197,7 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2159,7 +2266,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2173,7 +2280,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.6, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.9, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2185,7 +2292,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2196,7 +2303,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                         
@@ -2205,7 +2312,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.4.1-1ubuntu0.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2252,7 +2359,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2265,7 +2372,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -2278,7 +2385,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2287,7 +2394,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2298,7 +2405,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2311,7 +2418,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2357,7 +2464,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2370,7 +2477,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2383,7 +2490,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2427,7 +2534,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2440,7 +2547,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2453,7 +2560,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2502,7 +2609,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2515,7 +2622,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -2528,7 +2635,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2537,7 +2644,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2548,7 +2655,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2559,7 +2666,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2570,7 +2677,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2581,7 +2688,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2594,7 +2701,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2609,7 +2716,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2626,7 +2733,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2643,7 +2750,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2652,7 +2759,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2700,7 +2807,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2713,7 +2820,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2726,7 +2833,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2735,7 +2842,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2746,7 +2853,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2757,7 +2864,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2768,7 +2875,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2781,7 +2888,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2794,7 +2901,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2807,7 +2914,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2866,7 +2973,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2879,7 +2986,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and gnupg2/gpgv@2.4.4-2ubuntu17.2
         
                     </li>
                 </ul>
@@ -2892,7 +2999,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpgv@2.4.4-2ubuntu17.2
                                         
@@ -2901,7 +3008,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2912,7 +3019,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2923,7 +3030,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2934,7 +3041,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2945,7 +3052,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.2
                                         
@@ -2954,7 +3061,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.2
                                         
@@ -2963,7 +3070,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.2
                                         
@@ -3012,7 +3119,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3025,7 +3132,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and glibc/libc-bin@2.39-0ubuntu8.4
         
                     </li>
                 </ul>
@@ -3038,7 +3145,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc-bin@2.39-0ubuntu8.4
                                         
@@ -3047,7 +3154,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc6@2.39-0ubuntu8.4
                                         
@@ -3093,7 +3200,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3107,7 +3214,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.6, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.9, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -3119,7 +3226,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3172,7 +3279,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.6/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3185,7 +3292,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.6 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.0.9 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -3198,7 +3305,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.6
+                                        docker-image|quay.io/argoproj/argocd@v3.0.9
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         
diff --git a/docs/snyk/v3.0.6/redis_7.2.7-alpine.html b/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.6/redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.9/redis_7.2.7-alpine.html
index 706266bd59048..eae699c2ca429 100644
--- a/docs/snyk/v3.0.6/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
@@ -141,7 +141,7 @@
       padding-top: 2em;
     }
     .project__header {
-      background-color: #4b45a9;
+      background-color: #030328;
       color: #fff;
       margin-bottom: -1px;
       padding-top: 1em;
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 15th 2025, 12:26:52 am (UTC+00:00)</p>
+                <p class="timestamp">June 22nd 2025, 12:29:08 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html b/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
new file mode 100644
index 0000000000000..7a3fde5c06503
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
@@ -0,0 +1,2891 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content=" known vulnerabilities found in .">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:28:03 am (UTC+00:00)</p>
+              </div>
+                <div class="source-panel">
+                  <span>Scanned the following path:</span>
+                  <ul>
+                    <li class="paths">/argo-cd/manifests/install.yaml (Kubernetes)</li>
+                  </ul>
+                </div>
+    
+                <div class="meta-counts">
+                  <div class="meta-count"><span>44</span> <span>total issues</span></div>
+                </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+        <section class="layout-container">
+            <table class="metatable">
+                <tbody>
+                <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr>
+                <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/install.yaml</td></tr>
+                <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr>
+                </tbody>
+            </table>
+        </section>        <div class="layout-container" style="padding-top: 35px;">
+          <div class="cards--vuln filter--patch filter--ignore">
+              <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--high">
+                          <span class="label__text">high severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 17]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[5]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24380
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 10]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24060
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 11]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[4]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24148
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 12]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24176
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 13]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[1]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24206
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 13]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[3]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24224
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 14]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24242
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 15]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24264
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container could be running with outdated image</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  imagePullPolicy
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25472
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>The container may run with outdated or unauthorized image</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container could be running with outdated image</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  imagePullPolicy
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25791
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>The container may run with outdated or unauthorized image</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 45]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24967
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25268
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25216
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 47]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-notifications-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25330
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25443
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25467
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25791
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-repo-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25526
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 50]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25878
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 51]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-application-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 26288
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running with multiple open ports</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  ports
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25248
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Increases the attack surface of the application and the container.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Reduce &#x60;ports&#x60; count to 2</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without liveness probe</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 45]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  livenessProbe
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24967
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without liveness probe</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  livenessProbe
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25216
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without liveness probe</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  livenessProbe
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25443
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 45]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 24967
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25216
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25268
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 47]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-notifications-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25330
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25443
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25467
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25791
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-repo-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25526
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 50]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25878
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 51]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-application-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 26288
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 45]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25138
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25276
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 46]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25251
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 47]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-notifications-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25375
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25460
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 48]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25474
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25798
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 49]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-repo-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 25764
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 50]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 26187
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 51]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-application-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 26551
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+          </div>
+        </div>
+        
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html b/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
new file mode 100644
index 0000000000000..e54ba740a0dff
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
@@ -0,0 +1,2845 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content=" known vulnerabilities found in .">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:28:14 am (UTC+00:00)</p>
+              </div>
+                <div class="source-panel">
+                  <span>Scanned the following path:</span>
+                  <ul>
+                    <li class="paths">/argo-cd/manifests/namespace-install.yaml (Kubernetes)</li>
+                  </ul>
+                </div>
+    
+                <div class="meta-counts">
+                  <div class="meta-count"><span>43</span> <span>total issues</span></div>
+                </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+        <section class="layout-container">
+            <table class="metatable">
+                <tbody>
+                <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/namespace-install.yaml</td></tr>
+                <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/namespace-install.yaml</td></tr>
+                <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr>
+                </tbody>
+            </table>
+        </section>        <div class="layout-container" style="padding-top: 35px;">
+          <div class="cards--vuln filter--patch filter--ignore">
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 7]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 77
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 8]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[4]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 165
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 9]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 193
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 10]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[1]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 223
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 10]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[3]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 241
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 11]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 259
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--medium">
+                          <span class="label__text">medium severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 12]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  rules[0]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 281
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Consider removing these permissions</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container could be running with outdated image</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  imagePullPolicy
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1275
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>The container may run with outdated or unauthorized image</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container could be running with outdated image</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  imagePullPolicy
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1594
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>The container may run with outdated or unauthorized image</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 36]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 770
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1071
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1019
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 38]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-notifications-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1133
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1246
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1270
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1594
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-repo-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1329
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 41]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1681
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container has no CPU limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 42]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-application-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  cpu
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 2091
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running with multiple open ports</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  ports
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1051
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Increases the attack surface of the application and the container.</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Reduce &#x60;ports&#x60; count to 2</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without liveness probe</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 36]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  livenessProbe
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 770
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without liveness probe</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  livenessProbe
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1019
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without liveness probe</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  livenessProbe
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1246
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 36]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 770
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1019
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1071
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 38]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-notifications-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1133
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1246
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1270
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1594
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-repo-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1329
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 41]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1681
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container is running without memory limit</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 42]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-application-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  resources
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  limits
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  memory
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 2091
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 36]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-applicationset-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 941
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1079
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 37]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[dex]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1054
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 38]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-notifications-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1178
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[redis]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1263
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 39]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[secret-init]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1277
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  initContainers[copyutil]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1601
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 40]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-repo-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1567
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 41]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-server]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 1990
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
+                  <div class="card__section">
+              
+                      <div class="label label--low">
+                          <span class="label__text">low severity</span>
+                      </div>
+              
+                      <hr/>
+              
+                      <ul class="card__meta">
+                          <li class="card__meta__item">
+                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
+                          </li>
+              
+                          <li class="card__meta__item">Introduced through:
+                                  [DocId: 42]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  input
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  template
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  spec
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  containers[argocd-application-controller]
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  securityContext
+                                   <span class="list-paths__item__arrow">›</span> 
+                                  runAsUser
+                                  
+                          </li>
+              
+                          <li class="card__meta__item">
+                              Line number: 2354
+                          </li>
+                      </ul>
+              
+                      <hr/>
+              
+                          <h2>Impact</h2>
+                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
+              
+                          <h2>Remediation</h2>
+                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
+              
+              
+                          <hr/>
+                  </div><!-- .card__section -->
+              
+                  <div class="cta card__cta">
+                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
+                  </div>
+              
+              </div><!-- .card -->
+          </div>
+        </div>
+        
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-test.html b/docs/snyk/v3.1.0-rc1/argocd-test.html
new file mode 100644
index 0000000000000..ac2ad448e0400
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/argocd-test.html
@@ -0,0 +1,1435 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="8 known vulnerabilities found in 28 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:25:58 am (UTC+00:00)</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">/argo-cd/argoproj/argo-cd/v3/go.mod (gomodules)</li>
+                  <li class="paths">/argo-cd/argoproj/argo-cd/get-previous-release/hack/get-previous-release/go.mod (gomodules)</li>
+                  <li class="paths">/argo-cd/ui/yarn.lock (yarn)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2103</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/r3labs/diff/v3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/r3labs/diff/v3@3.0.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/r3labs/diff/v3@3.0.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:v3:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-version
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    github.com/argoproj/argo-cd/v3@0.0.0, code.gitea.io/sdk/gitea@0.21.0 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        code.gitea.io/sdk/gitea@0.21.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-version@1.7.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-retryablehttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gitlab.com/gitlab-org/api/client-go@0.130.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/api@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/controller@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/api@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/controller@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-cleanhttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    github.com/argoproj/argo-cd/v3@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gitlab.com/gitlab-org/api/client-go@0.130.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gitlab.com/gitlab-org/api/client-go@0.130.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/api@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/controller@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@0.7.7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> go.mod
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/gosimple/slug
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/gosimple/slug@1.15.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@0.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/gosimple/slug@1.15.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            foundation-sites
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                argo-cd-ui@1.0.0 and foundation-sites@6.8.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        foundation-sites@6.8.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        argo-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        foundation-sites@6.8.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://github.com/zurb/foundation-sites">foundation-sites</a> is a responsive front-end framework</p>
+        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code>https://www.&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;
+        </code></pre>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
+        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
+        <p>Let’s take the following regular expression as an example:</p>
+        <pre><code class="language-js">regex = /A(B|C+)+D/
+        </code></pre>
+        <p>This regular expression accomplishes the following:</p>
+        <ul>
+        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
+        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
+        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
+        </ul>
+        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
+        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
+        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
+        1.79s user 0.02s system 99% cpu 1.812 total
+        </code></pre>
+        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
+        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
+        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
+        <ol>
+        <li>CCC</li>
+        <li>CC+C</li>
+        <li>C+CC</li>
+        <li>C+C+C.</li>
+        </ol>
+        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
+        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
+        <table>
+        <thead>
+        <tr>
+        <th>String</th>
+        <th align="right">Number of C&#39;s</th>
+        <th align="right">Number of steps</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td>ACCCX</td>
+        <td align="right">3</td>
+        <td align="right">38</td>
+        </tr>
+        <tr>
+        <td>ACCCCX</td>
+        <td align="right">4</td>
+        <td align="right">71</td>
+        </tr>
+        <tr>
+        <td>ACCCCCX</td>
+        <td align="right">5</td>
+        <td align="right">136</td>
+        </tr>
+        <tr>
+        <td>ACCCCCCCCCCCCCCX</td>
+        <td align="right">14</td>
+        <td align="right">65,553</td>
+        </tr>
+        </tbody></table>
+        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>foundation-sites</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://securitylab.github.com/advisories/GHSL-2020-290-redos-foundation-sites">GitHub Advisory</a></li>
+        <li><a href="https://github.com/foundation/foundation-sites/issues/12180">GitHub Issue</a></li>
+        <li><a href="https://github.com/foundation/foundation-sites/blob/develop/js/foundation.abide.js#L864">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-FOUNDATIONSITES-8310364">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Insecure Randomness</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            formidable
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@8.1.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@8.1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        formidable@2.1.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Insecure Randomness due to its use of the <code>hexoid()</code> function in the generation of fingerprint IDs.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>formidable</code> to version 2.1.3, 3.5.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5">GitHub Commit</a></li>
+        <li><a href="https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md">Vulnerability Report</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-FORMIDABLE-9788127">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            brace-expansion
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, minimatch@3.1.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        minimatch@3.1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        brace-expansion@1.1.11
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        redoc@2.4.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        @redocly/openapi-core@1.30.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        minimatch@5.1.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        brace-expansion@2.0.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://github.com/juliangruber/brace-expansion">brace-expansion</a> is a Brace expansion as known from sh/bash</p>
+        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the <code>expand()</code> function, which is prone to catastrophic backtracking on very long malicious inputs.</p>
+        <h2 id="poc">PoC</h2>
+        <pre><code class="language-js">import index from &quot;./index.js&quot;;
+        
+        let str = &quot;{a}&quot; + &quot;,&quot;.repeat(100000) + &quot;\u0000&quot;;
+        
+        let startTime = performance.now();
+        
+        const result = index(str);
+        
+        let endTime = performance.now();
+        
+        let timeTaken = endTime - startTime;
+        
+        console.log(`匹配耗时: ${timeTaken.toFixed(3)} 毫秒`);
+        </code></pre>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
+        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
+        <p>Let’s take the following regular expression as an example:</p>
+        <pre><code class="language-js">regex = /A(B|C+)+D/
+        </code></pre>
+        <p>This regular expression accomplishes the following:</p>
+        <ul>
+        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
+        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
+        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
+        </ul>
+        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
+        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
+        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
+        1.79s user 0.02s system 99% cpu 1.812 total
+        </code></pre>
+        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
+        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
+        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
+        <ol>
+        <li>CCC</li>
+        <li>CC+C</li>
+        <li>C+CC</li>
+        <li>C+C+C.</li>
+        </ol>
+        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
+        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
+        <table>
+        <thead>
+        <tr>
+        <th>String</th>
+        <th align="right">Number of C&#39;s</th>
+        <th align="right">Number of steps</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td>ACCCX</td>
+        <td align="right">3</td>
+        <td align="right">38</td>
+        </tr>
+        <tr>
+        <td>ACCCCX</td>
+        <td align="right">4</td>
+        <td align="right">71</td>
+        </tr>
+        <tr>
+        <td>ACCCCCX</td>
+        <td align="right">5</td>
+        <td align="right">136</td>
+        </tr>
+        <tr>
+        <td>ACCCCCCCCCCCCCCX</td>
+        <td align="right">14</td>
+        <td align="right">65,553</td>
+        </tr>
+        </tbody></table>
+        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>brace-expansion</code> to version 1.1.12, 2.0.2, 3.0.1, 4.0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/advisories/GHSA-v6h2-p8h4-qcjw">GitHub Advisory</a></li>
+        <li><a href="https://github.com/juliangruber/brace-expansion/commit/0b6a9781e18e9d2769bb2931f4856d1360243ed2">GitHub Commit</a></li>
+        <li><a href="https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466">GitHub Gist</a></li>
+        <li><a href="https://github.com/juliangruber/brace-expansion/pull/65">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
new file mode 100644
index 0000000000000..1828d2b38cca8
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
@@ -0,0 +1,2059 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="24 known vulnerabilities found in 33 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:26:04 am (UTC+00:00)</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.43.0/dexidp/dex (apk)</li>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4//usr/local/bin/gomplate (gomodules)</li>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.43.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)</li>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.43.0/dexidp/dex//usr/local/bin/dex (gomodules)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>33 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>1131</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/oauth2/jws
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/oauth2/jws@v0.24.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/oauth2/jws@v0.24.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper parsing of malformed tokens which can lead to memory consumption.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/oauth2/jws</code> to version 0.27.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3">GitHub Commit</a></li>
+        <li><a href="https://github.com/lestrrat-go/jwx/commit/d0bb4610154d45b7dce7d706a8068ea72586d249">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/71490">GitHub Issue</a></li>
+        <li><a href="https://github.com/lestrrat-go/jwx/pull/1308">GitHub PR</a></li>
+        <li><a href="https://pkg.go.dev/vuln/GO-2025-3488">Go Advisory</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/net/http/httpproxy
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/net/http/httpproxy@v0.32.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/net/http/httpproxy@v0.32.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/http/httpproxy">golang.org/x/net/http/httpproxy</a> is a package for HTTP proxy determination based on environment variables, as provided by net/http&#39;s ProxyFromEnvironment function</p>
+        <p>Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in <code>proxy.go</code>, because hostname matching against proxy patterns may treat an IPv6 zone ID as a hostname component. An environment variable value like <code>*.example.com</code> could be matched to a request intended for <code>[::1%25.example.com]:80</code>.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/net/http/httpproxy</code> to version 0.36.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://go-review.googlesource.com/c/go/+/654717/4/src/vendor/golang.org/x/net/http/httpproxy/proxy.go">Git Commit</a></li>
+        <li><a href="https://github.com/golang/go/commit/3705a6f1f0a66e70916bb09f50f4fcd1c520df53">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/net/commit/76f9bf3279eff2e596db4960a78a2665d0ff9405">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/71984">GitHub Issue</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/crypto/ssh
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/crypto/ssh@v0.31.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/crypto/ssh@v0.31.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/crypto/ssh?tab=doc">golang.org/x/crypto/ssh</a> is a SSH client and server</p>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in <code>handshakeTransport</code> in <code>handshake.go</code>. An internal queue gets populated with received packets during the key exchange process, while waiting for the client to send a <code>SSH_MSG_KEXINIT</code>. An attacker can cause the server to become unresponsive to new connections by delaying or withholding this message, or by causing the queue to consume all available memory.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/crypto/ssh</code> to version 0.35.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://go.dev/cl/652135">Git Commit</a></li>
+        <li><a href="https://go.dev/issue/71931">Go Issue</a></li>
+        <li><a href="https://pkg.go.dev/vuln/GO-2025-3487">Vulnerability Advisory</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
+            <div class="card__section">
+        
+                <div class="label label--high">
+                    <span class="label__text">high severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/golang-jwt/jwt/v5
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/golang-jwt/jwt/v5@v5.2.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/golang-jwt/jwt/v5@v5.2.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Asymmetric Resource Consumption (Amplification) through the <code>parse.ParseUnverified</code> function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the <code>Authorization</code> header.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/golang-jwt/jwt/v5</code> to version 5.2.2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang-jwt/jwt/releases/tag/v4.5.2">GitHub Release 4.5.2</a></li>
+        <li><a href="https://github.com/golang-jwt/jwt/releases/tag/v5.2.2">GitHub Release 5.2.2</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOLANGJWTJWTV5-9510922">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/vault/api
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/vault/api@v1.15.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/vault/api@v1.15.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:vault:api:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/serf/coordinate
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/serf/coordinate@v0.10.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/serf/coordinate@v0.10.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:serf:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow">›</span> /usr/local/bin/dex
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/hcl/v2
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/gohcl@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/hclparse@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/hclwrite@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/v2/json@v2.13.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:hcl:v2:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/hcl
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/hcl@v1.0.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl@v1.0.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/hcl/hcl/token@v1.0.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/golang-lru/simplelru
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/golang-lru/simplelru@v1.0.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/golang-lru/simplelru@v1.0.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:golang-lru:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-uuid
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-uuid@v1.0.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-uuid@v1.0.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-uuid:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-sockaddr
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-sockaddr@v1.0.7
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-sockaddr@v1.0.7
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-sockaddr/template@v1.0.7
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-sockaddr:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-secure-stdlib/strutil
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-secure-stdlib:strutil:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-secure-stdlib/parseutil
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-secure-stdlib:parseutil:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-secure-stdlib/awsutil
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/awsutil@v0.3.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-secure-stdlib/awsutil@v0.3.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-secure-stdlib:awsutil:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-rootcerts
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-rootcerts@v1.0.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-rootcerts@v1.0.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-rootcerts:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-retryablehttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-retryablehttp@v0.7.7
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-multierror
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-multierror@v1.1.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-multierror@v1.1.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-immutable-radix
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-immutable-radix@v1.3.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-immutable-radix@v1.3.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-immutable-radix:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-cleanhttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-cleanhttp@v0.5.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@v0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/errwrap
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/errwrap@v1.1.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/errwrap@v1.1.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:errwrap:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/consul/api
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/consul/api@v1.30.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/consul/api@v1.30.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:consul:api:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/gosimple/slug
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/gosimple/slug@v1.14.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/gosimple/slug@v1.14.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/dexidp/dex <span class="list-paths__item__arrow">›</span> /usr/local/bin/dex
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/go-sql-driver/mysql
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.9.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/dexidp/dex@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/go-sql-driver/mysql@v1.9.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:go-sql-driver:mysql:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/go-jose/go-jose/v4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/go-jose/go-jose/v4@v4.0.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/go-jose/go-jose/v4@v4.0.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/go-jose/go-jose/v4</code> to version 4.0.5 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
+        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
new file mode 100644
index 0000000000000..49fe930232ffa
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -0,0 +1,492 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:26:07 am (UTC+00:00)</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following path:</span>
+                <ul>
+                  <li class="paths">public.ecr.aws/docker/library/haproxy:3.0.8-alpine/docker/library/haproxy (apk)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>19</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+      <section class="layout-container">
+          <table class="metatable">
+              <tbody>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|public.ecr.aws/docker/library/haproxy</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">public.ecr.aws/docker/library/haproxy:3.0.8-alpine/docker/library/haproxy</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
+              
+              </tbody>
+          </table>
+      </section>
+    <div class="layout-container" style="padding-top: 35px;">
+      No known vulnerabilities detected.
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
new file mode 100644
index 0000000000000..9d69c28e7a294
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -0,0 +1,484 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:26:11 am (UTC+00:00)</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">public.ecr.aws/docker/library/redis:7.2.7-alpine/docker/library/redis (apk)</li>
+                  <li class="paths">public.ecr.aws/docker/library/redis:7.2.7-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>19</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      No known vulnerabilities detected.
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html b/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
new file mode 100644
index 0000000000000..49f80d5678107
--- /dev/null
+++ b/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
@@ -0,0 +1,2902 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="22 known vulnerabilities found in 90 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .label {
+      left: 0;
+      position: absolute;
+      top: 1.1em;
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">June 22nd 2025, 12:26:31 am (UTC+00:00)</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>22</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>90 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2369</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Race Condition</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            systemd/libsystemd0
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and systemd/libsystemd0@255.4-1ubuntu8.8
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        procps/libproc2-0@2:4.0.4-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        procps@2:4.0.4-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux/bsdutils@1:2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt/libapt-pkg6.0t64@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.14.0-1build3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt/libapt-pkg6.0t64@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
+        <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>systemd</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4598">https://access.redhat.com/security/cve/CVE-2025-4598</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369242">https://bugzilla.redhat.com/show_bug.cgi?id=2369242</a></li>
+        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">https://www.openwall.com/lists/oss-security/2025/05/29/3</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/1">http://www.openwall.com/lists/oss-security/2025/06/05/1</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/3">http://www.openwall.com/lists/oss-security/2025/06/05/3</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            pam/libpam0g
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and pam/libpam0g@1.5.3-5ubuntu5.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Authentication</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            pam/libpam0g
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and pam/libpam0g@1.5.3-5ubuntu5.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/net/html
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/net/html@v0.33.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
+        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
+        <h2 id="details">Details</h2>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
+        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
+        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
+        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
+        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
+        <h3 id="types-of-attacks">Types of attacks</h3>
+        <p>There are a few methods by which XSS can be manipulated:</p>
+        <table>
+        <thead>
+        <tr>
+        <th>Type</th>
+        <th>Origin</th>
+        <th>Description</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td><strong>Stored</strong></td>
+        <td>Server</td>
+        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
+        </tr>
+        <tr>
+        <td><strong>Reflected</strong></td>
+        <td>Server</td>
+        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
+        </tr>
+        <tr>
+        <td><strong>DOM-based</strong></td>
+        <td>Client</td>
+        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
+        </tr>
+        <tr>
+        <td><strong>Mutated</strong></td>
+        <td></td>
+        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
+        </tr>
+        </tbody></table>
+        <h3 id="affected-environments">Affected environments</h3>
+        <p>The following environments are susceptible to an XSS attack:</p>
+        <ul>
+        <li>Web servers</li>
+        <li>Application servers</li>
+        <li>Web application environments</li>
+        </ul>
+        <h3 id="how-to-prevent">How to prevent</h3>
+        <p>This section describes the top best practices designed to specifically protect your code: </p>
+        <ul>
+        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
+        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
+        <li>Give users the option to disable client-side scripts.</li>
+        <li>Redirect invalid requests.</li>
+        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
+        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
+        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
+        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/r3labs/diff/v3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/r3labs/diff/v3@v3.0.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/r3labs/diff/v3@v3.0.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:v3:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-version
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.7.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-version@v1.7.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-retryablehttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.7
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-multierror
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-multierror@v1.1.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-cleanhttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@v0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/gosimple/slug
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/gosimple/slug@v1.15.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/gosimple/slug@v1.15.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/argoproj/gitops-engine/pkg/utils/kube
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
+        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/argoproj/gitops-engine/pkg/diff
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
+        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc1, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called &#34;sideband channel&#34;. These messages will be prefixed with &#34;remote:&#34; and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>git</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329">https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329</a></li>
+        <li><a href="https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net">https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-8637112">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2024-56433</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            shadow/passwd
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>shadow</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SHADOW-8600509">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            patch
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and patch@2.7.6-7build3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        patch@2.7.6-7build3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
+        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6707039">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            patch
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and patch@2.7.6-7build3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        patch@2.7.6-7build3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952</a></li>
+        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952</a></li>
+        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">https://security-tracker.debian.org/tracker/CVE-2018-6952</a></li>
+        <li><a href="https://security.gentoo.org/glsa/201904-17">https://security.gentoo.org/glsa/201904-17</a></li>
+        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">https://savannah.gnu.org/bugs/index.php?53133</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">https://access.redhat.com/errata/RHSA-2019:2033</a></li>
+        <li><a href="http://www.securityfocus.com/bid/103047">http://www.securityfocus.com/bid/103047</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6720551">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2024-41996</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libssl3t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        coreutils@9.4-3ubuntu6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.14.0-1build3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20240203
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.13-0ubuntu3.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.20.1-6ubuntu2.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20240203
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996</a></li>
+        <li><a href="https://dheatattack.gitlab.io/details/">https://dheatattack.gitlab.io/details/</a></li>
+        <li><a href="https://dheatattack.gitlab.io/faq/">https://dheatattack.gitlab.io/faq/</a></li>
+        <li><a href="https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1">https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Information Exposure</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libgcrypt20
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and libgcrypt20@1.10.3-2build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt/libapt-pkg6.0t64@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libgcrypt20</code> package and not the <code>libgcrypt20</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A timing-based side-channel flaw was found in libgcrypt&#39;s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libgcrypt20</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:3534">https://access.redhat.com/errata/RHSA-2025:3534</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:3530">https://access.redhat.com/errata/RHSA-2025:3530</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBGCRYPT20-6693674">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Out-of-bounds Write</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnupg2/gpgv
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and gnupg2/gpgv@2.4.4-2ubuntu17.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnupg2</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2022-3219">https://access.redhat.com/security/cve/CVE-2022-3219</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2127010">https://bugzilla.redhat.com/show_bug.cgi?id=2127010</a></li>
+        <li><a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a></li>
+        <li><a href="https://dev.gnupg.org/T5993">https://dev.gnupg.org/T5993</a></li>
+        <li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">https://marc.info/?l=oss-security&amp;m=165696590211434&amp;w=4</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">https://security.netapp.com/advisory/ntap-20230324-0001/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUPG2-6702792">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and glibc/libc-bin@2.39-0ubuntu8.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013</a></li>
+        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">https://akkadia.org/drepper/SHA-crypt.txt</a></li>
+        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/</a></li>
+        <li><a href="https://twitter.com/solardiz/status/795601240151457793">https://twitter.com/solardiz/status/795601240151457793</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-6727419">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2025-0167</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            curl/libcurl3t64-gnutls
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc1, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>When asked to use a <code>.netrc</code> file for credentials <strong>and</strong> to follow HTTP
+        redirects, curl could leak the password used for the first host to the
+        followed-to host under certain circumstances.</p>
+        <p>This flaw only manifests itself if the netrc file has a <code>default</code> entry that
+        omits both login and password. A rare circumstance.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>curl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167</a></li>
+        <li><a href="https://curl.se/docs/CVE-2025-0167.json">https://curl.se/docs/CVE-2025-0167.json</a></li>
+        <li><a href="https://hackerone.com/reports/2917232">https://hackerone.com/reports/2917232</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20250306-0008/">https://security.netapp.com/advisory/ntap-20250306-0008/</a></li>
+        <li><a href="https://curl.se/docs/CVE-2025-0167.html">https://curl.se/docs/CVE-2025-0167.html</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-CURL-8689015">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Improper Input Validation</h2>
+            <div class="card__section">
+        
+                <div class="label label--low">
+                    <span class="label__text">low severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            coreutils
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and coreutils@9.4-3ubuntu6
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        coreutils@9.4-3ubuntu6
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>coreutils</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
+        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">https://security-tracker.debian.org/tracker/CVE-2016-2781</a></li>
+        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a></li>
+        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-COREUTILS-6727355">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>

From 03ee5f88d63a9159d21f63d65223d3cc2c29dc8c Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Sun, 22 Jun 2025 21:32:19 -0400
Subject: [PATCH 038/383] fix(controller): impersonation with destination name
 (#23309) (#23504)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/sync.go      |   6 +-
 controller/sync_test.go | 127 ++++++++++++++++++++++++++++++++++------
 2 files changed, 113 insertions(+), 20 deletions(-)

diff --git a/controller/sync.go b/controller/sync.go
index b455bd2860fb8..f8e2460b9fdec 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -324,7 +324,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		return
 	}
 	if impersonationEnabled {
-		serviceAccountToImpersonate, err := deriveServiceAccountToImpersonate(proj, app)
+		serviceAccountToImpersonate, err := deriveServiceAccountToImpersonate(proj, app, destCluster)
 		if err != nil {
 			state.Phase = common.OperationError
 			state.Message = fmt.Sprintf("failed to find a matching service account to impersonate: %v", err)
@@ -607,7 +607,7 @@ func syncWindowPreventsSync(app *v1alpha1.Application, proj *v1alpha1.AppProject
 
 // deriveServiceAccountToImpersonate determines the service account to be used for impersonation for the sync operation.
 // The returned service account will be fully qualified including namespace and the service account name in the format system:serviceaccount:<namespace>:<service_account>
-func deriveServiceAccountToImpersonate(project *v1alpha1.AppProject, application *v1alpha1.Application) (string, error) {
+func deriveServiceAccountToImpersonate(project *v1alpha1.AppProject, application *v1alpha1.Application, destCluster *v1alpha1.Cluster) (string, error) {
 	// spec.Destination.Namespace is optional. If not specified, use the Application's
 	// namespace
 	serviceAccountNamespace := application.Spec.Destination.Namespace
@@ -617,7 +617,7 @@ func deriveServiceAccountToImpersonate(project *v1alpha1.AppProject, application
 	// Loop through the destinationServiceAccounts and see if there is any destination that is a candidate.
 	// if so, return the service account specified for that destination.
 	for _, item := range project.Spec.DestinationServiceAccounts {
-		dstServerMatched, err := glob.MatchWithError(item.Server, application.Spec.Destination.Server)
+		dstServerMatched, err := glob.MatchWithError(item.Server, destCluster.Server)
 		if err != nil {
 			return "", fmt.Errorf("invalid glob pattern for destination server: %w", err)
 		}
diff --git a/controller/sync_test.go b/controller/sync_test.go
index bfb54e77e880f..ccde3c06af67a 100644
--- a/controller/sync_test.go
+++ b/controller/sync_test.go
@@ -651,6 +651,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 	type fixture struct {
 		project     *v1alpha1.AppProject
 		application *v1alpha1.Application
+		cluster     *v1alpha1.Cluster
 	}
 
 	setup := func(destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount, destinationNamespace, destinationServerURL, applicationNamespace string) *fixture {
@@ -676,9 +677,14 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 				},
 			},
 		}
+		cluster := &v1alpha1.Cluster{
+			Server: "https://kubernetes.svc.local",
+			Name:   "test-cluster",
+		}
 		return &fixture{
 			project:     project,
 			application: app,
+			cluster:     cluster,
 		}
 	}
 
@@ -694,7 +700,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 		assert.Equal(t, expectedSA, sa)
 
 		// then, there should be an error saying no valid match was found
@@ -718,7 +724,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should be no error and should use the right service account for impersonation
 		require.NoError(t, err)
@@ -757,7 +763,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should be no error and should use the right service account for impersonation
 		require.NoError(t, err)
@@ -796,7 +802,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should be no error and it should use the first matching service account for impersonation
 		require.NoError(t, err)
@@ -830,7 +836,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should not be any error and should use the first matching glob pattern service account for impersonation
 		require.NoError(t, err)
@@ -865,7 +871,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should be an error saying no match was found
 		require.EqualError(t, err, expectedErrMsg)
@@ -893,7 +899,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should not be any error and the service account configured for with empty namespace should be used.
 		require.NoError(t, err)
@@ -927,7 +933,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should not be any error and the catch all service account should be returned
 		require.NoError(t, err)
@@ -951,7 +957,7 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there must be an error as the glob pattern is invalid.
 		require.ErrorContains(t, err, "invalid glob pattern for destination namespace")
@@ -985,7 +991,35 @@ func TestDeriveServiceAccountMatchingNamespaces(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
+		assert.Equal(t, expectedSA, sa)
+
+		// then, there should not be any error and the service account with its namespace should be returned.
+		require.NoError(t, err)
+	})
+
+	t.Run("app destination name instead of server URL", func(t *testing.T) {
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+
+		// Use destination name instead of server URL
+		f.application.Spec.Destination.Server = ""
+		f.application.Spec.Destination.Name = f.cluster.Name
+
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 		assert.Equal(t, expectedSA, sa)
 
 		// then, there should not be any error and the service account with its namespace should be returned.
@@ -999,6 +1033,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 	type fixture struct {
 		project     *v1alpha1.AppProject
 		application *v1alpha1.Application
+		cluster     *v1alpha1.Cluster
 	}
 
 	setup := func(destinationServiceAccounts []v1alpha1.ApplicationDestinationServiceAccount, destinationNamespace, destinationServerURL, applicationNamespace string) *fixture {
@@ -1024,9 +1059,14 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 				},
 			},
 		}
+		cluster := &v1alpha1.Cluster{
+			Server: "https://kubernetes.svc.local",
+			Name:   "test-cluster",
+		}
 		return &fixture{
 			project:     project,
 			application: app,
+			cluster:     cluster,
 		}
 	}
 
@@ -1062,7 +1102,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should not be any error and the right service account must be returned.
 		require.NoError(t, err)
@@ -1101,7 +1141,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should not be any error and first matching service account should be used
 		require.NoError(t, err)
@@ -1135,7 +1175,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 		assert.Equal(t, expectedSA, sa)
 
 		// then, there should not be any error and the service account of the glob pattern, being the first match should be returned.
@@ -1170,7 +1210,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, &v1alpha1.Cluster{Server: destinationServerURL})
 
 		// then, there an error with appropriate message must be returned
 		require.EqualError(t, err, expectedErr)
@@ -1204,7 +1244,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there should not be any error and the service account of the glob pattern match must be returned.
 		require.NoError(t, err)
@@ -1228,7 +1268,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
 
 		// then, there must be an error as the glob pattern is invalid.
 		require.ErrorContains(t, err, "invalid glob pattern for destination server")
@@ -1262,12 +1302,40 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 
 		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
 		// when
-		sa, err := deriveServiceAccountToImpersonate(f.project, f.application)
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, &v1alpha1.Cluster{Server: destinationServerURL})
 
 		// then, there should not be any error and the service account with the given namespace prefix must be returned.
 		require.NoError(t, err)
 		assert.Equal(t, expectedSA, sa)
 	})
+
+	t.Run("app destination name instead of server URL", func(t *testing.T) {
+		t.Parallel()
+		destinationServiceAccounts := []v1alpha1.ApplicationDestinationServiceAccount{
+			{
+				Server:                "https://kubernetes.svc.local",
+				Namespace:             "*",
+				DefaultServiceAccount: "test-sa",
+			},
+		}
+		destinationNamespace := "testns"
+		destinationServerURL := "https://kubernetes.svc.local"
+		applicationNamespace := "argocd-ns"
+		expectedSA := "system:serviceaccount:testns:test-sa"
+
+		f := setup(destinationServiceAccounts, destinationNamespace, destinationServerURL, applicationNamespace)
+
+		// Use destination name instead of server URL
+		f.application.Spec.Destination.Server = ""
+		f.application.Spec.Destination.Name = f.cluster.Name
+
+		// when
+		sa, err := deriveServiceAccountToImpersonate(f.project, f.application, f.cluster)
+		assert.Equal(t, expectedSA, sa)
+
+		// then, there should not be any error and the service account with its namespace should be returned.
+		require.NoError(t, err)
+	})
 }
 
 func TestSyncWithImpersonate(t *testing.T) {
@@ -1409,6 +1477,31 @@ func TestSyncWithImpersonate(t *testing.T) {
 		assert.Equal(t, common.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
+
+	t.Run("app destination name instead of server URL", func(t *testing.T) {
+		// given app sync impersonation feature is enabled with an application referring a project matching service account
+		f := setup(true, test.FakeDestNamespace, "test-sa")
+		opMessage := "successfully synced (no more tasks)"
+
+		opState := &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Source: &v1alpha1.ApplicationSource{},
+				},
+			},
+			Phase: common.OperationRunning,
+		}
+
+		f.application.Spec.Destination.Server = ""
+		f.application.Spec.Destination.Name = "minikube"
+
+		// when
+		f.controller.appStateManager.SyncAppState(f.application, opState)
+
+		// then app sync should not fail
+		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Contains(t, opState.Message, opMessage)
+	})
 }
 
 func TestClientSideApplyMigration(t *testing.T) {

From 0bfff28a20c15b3cacbf77a9cd21e6425a1b7256 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Sun, 22 Jun 2025 22:23:06 -0400
Subject: [PATCH 039/383] docs: Add example of using argocd.argoproj.io/hook:
 Skip (#23505)

Signed-off-by: Josh Soref <jsoref@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/sync-waves.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/docs/user-guide/sync-waves.md b/docs/user-guide/sync-waves.md
index 2347902587f30..56d45edeb175c 100644
--- a/docs/user-guide/sync-waves.md
+++ b/docs/user-guide/sync-waves.md
@@ -106,6 +106,8 @@ Hooks and resources are assigned to wave zero by default. The wave can be negati
 
 ## Examples
 
+### Send message to Slack when sync completes
+
 The following example uses the Slack API to send a a Slack message when sync completes:
 
 ```yaml
@@ -166,3 +168,34 @@ spec:
       restartPolicy: Never
   backoffLimit: 1
 ```
+
+### Work around ArgoCD sync failure
+
+Upgrading ingress-nginx controller (managed by helm) with ArgoCD 2.x sometimes fails to work resulting in:
+
+.|.
+-|-
+OPERATION|Sync
+PHASE|Running
+MESSAGE|waiting for completion of hook batch/Job/ingress-nginx-admission-create
+
+.|.
+-|-
+KIND     |batch/v1/Job
+NAMESPACE|ingress-nginx
+NAME     |ingress-nginx-admission-create
+STATUS   |Running
+HOOK     |PreSync
+MESSAGE  |Pending deletion
+
+To work around this, a helm user can add:
+
+```yaml
+ingress-nginx:
+  controller:
+    admissionWebhooks:
+      annotations:
+        argocd.argoproj.io/hook: Skip
+```
+
+Which results in a successful sync.

From 341f6f287a36b1274765f2dfa65800c73141a6fa Mon Sep 17 00:00:00 2001
From: Dan Garfield <dan@codefresh.io>
Date: Sun, 22 Jun 2025 20:38:07 -0600
Subject: [PATCH 040/383] docs: Update how crd-install hook is handled in
 helm.md (#23452)

Signed-off-by: Dan Garfield <dan@codefresh.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/helm.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md
index 3e6f98e92cd47..fb2837b181f26 100644
--- a/docs/user-guide/helm.md
+++ b/docs/user-guide/helm.md
@@ -265,7 +265,7 @@ Argo CD supports many (most?) Helm hooks by mapping the Helm annotations onto Ar
 
 | Helm Annotation                 | Notes                                                                                         |
 | ------------------------------- |-----------------------------------------------------------------------------------------------|
-| `helm.sh/hook: crd-install`     | Supported as equivalent to `argocd.argoproj.io/hook: PreSync`.                                |
+| `helm.sh/hook: crd-install`     | Supported as equivalent to normal Argo CD CRD handling.                                |
 | `helm.sh/hook: pre-delete`      | Not supported. In Helm stable there are 3 cases used to clean up CRDs and 3 to clean-up jobs. |
 | `helm.sh/hook: pre-rollback`    | Not supported. Never used in Helm stable.                                                     |
 | `helm.sh/hook: pre-install`     | Supported as equivalent to `argocd.argoproj.io/hook: PreSync`.                                |
@@ -292,7 +292,6 @@ Unsupported hooks are ignored. In Argo CD, hooks are created by using `kubectl a
 ### Hook Tips
 
 * Make your hook idempotent.
-* Annotate `crd-install` with `hook-weight: "-2"` to make sure it runs to success before any install or upgrade hooks.
 * Annotate  `pre-install` and `post-install` with `hook-weight: "-1"`. This will make sure it runs to success before any upgrade hooks.
 * Annotate `pre-upgrade` and `post-upgrade` with `hook-delete-policy: before-hook-creation` to make sure it runs on every sync.
 

From aba89436a07019278ee3c56991999cede26422e7 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Sun, 22 Jun 2025 22:39:49 -0400
Subject: [PATCH 041/383] fix(tests): race condition creating the sync id
 (#23460)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/sync.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/controller/sync.go b/controller/sync.go
index f8e2460b9fdec..f20c395c20863 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -93,6 +93,13 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	// concrete git commit SHA, the SHA is remembered in the status.operationState.syncResult field.
 	// This ensures that when resuming an operation, we sync to the same revision that we initially
 	// started with.
+	syncId, err := syncid.Generate()
+	if err != nil {
+		state.Phase = common.OperationError
+		state.Message = fmt.Sprintf("Failed to generate sync ID: %v", err)
+		return
+	}
+	logEntry := log.WithFields(applog.GetAppLogFields(app)).WithField("syncId", syncId)
 
 	var revision string
 	var syncOp v1alpha1.SyncOperation
@@ -246,13 +253,6 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		return
 	}
 
-	syncId, err := syncid.Generate()
-	if err != nil {
-		state.Phase = common.OperationError
-		state.Message = fmt.Sprintf("Failed to generate sync ID: %v", err)
-		return
-	}
-	logEntry := log.WithFields(applog.GetAppLogFields(app)).WithField("syncId", syncId)
 	initialResourcesRes := make([]common.ResourceSyncResult, len(syncRes.Resources))
 	for i, res := range syncRes.Resources {
 		key := kube.ResourceKey{Group: res.Group, Kind: res.Kind, Namespace: res.Namespace, Name: res.Name}

From fdc7e003aea7e495ff1eb6fc80f02f1fd3f591fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 04:04:46 -1000
Subject: [PATCH 042/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.107.0 to 2.108.0 (#23518)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5f77b17731822..1fff70d354198 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.8.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.107.0
+	github.com/casbin/casbin/v2 v2.108.0
 	github.com/casbin/govaluate v1.7.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index c7506fca8a07f..c96ea4d7f29b6 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.107.0 h1:Kk1+9S2ou8aTTQd30L+vRvFBNf5YvbN65N5uCzdren8=
-github.com/casbin/casbin/v2 v2.107.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.108.0 h1:aMc3I81wfLpQe/uzMdElB1OBhEmPZoWMPb2nfEaKygY=
+github.com/casbin/casbin/v2 v2.108.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.7.0 h1:Es2j2K2jv7br+QHJhxKcdoOa4vND0g0TqsO6rJeqJbA=
 github.com/casbin/govaluate v1.7.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From cfb060fec661a48d38d305c6e203b6390736716a Mon Sep 17 00:00:00 2001
From: rumstead <37445536+rumstead@users.noreply.github.com>
Date: Mon, 23 Jun 2025 12:05:29 -0400
Subject: [PATCH 043/383] fix(darwin): remove the need for cgo when building a
 darwin binary on linux (#23507)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .goreleaser.yaml                              | 11 +-----
 .../commands/{azure.go => azure_cgo.go}       |  2 ++
 cmd/argocd-k8s-auth/commands/azure_no_cgo.go  | 25 +++++++++++++
 util/workloadidentity/workloadidentity.go     | 30 ----------------
 util/workloadidentity/workloadidentity_cgo.go | 36 +++++++++++++++++++
 .../workloadidentity_no_cgo.go                | 25 +++++++++++++
 6 files changed, 89 insertions(+), 40 deletions(-)
 rename cmd/argocd-k8s-auth/commands/{azure.go => azure_cgo.go} (96%)
 create mode 100644 cmd/argocd-k8s-auth/commands/azure_no_cgo.go
 create mode 100644 util/workloadidentity/workloadidentity_cgo.go
 create mode 100644 util/workloadidentity/workloadidentity_no_cgo.go

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 4f553fd97689b..983929a25c566 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -21,7 +21,7 @@ builds:
       - -X github.com/argoproj/argo-cd/v3/common.gitCommit={{ .FullCommit }}
       - -X github.com/argoproj/argo-cd/v3/common.gitTreeState={{ .Env.GIT_TREE_STATE }}
       - -X github.com/argoproj/argo-cd/v3/common.kubectlVersion={{ .Env.KUBECTL_VERSION }}
-      - '{{ if or (eq .Runtime.Goos "linux") (eq .Runtime.Goos "windows") }}-extldflags="-static"{{ end }}'
+      - -extldflags="-static"
     goos:
       - linux
       - windows
@@ -42,15 +42,6 @@ builds:
         goarch: ppc64le
       - goos: windows
         goarch: arm64
-    overrides:
-      - goos: darwin
-        goarch: amd64
-        env:
-          - CGO_ENABLED=1
-      - goos: darwin
-        goarch: arm64
-        env:
-          - CGO_ENABLED=1
 
 archives:
   - id: argocd-archive
diff --git a/cmd/argocd-k8s-auth/commands/azure.go b/cmd/argocd-k8s-auth/commands/azure_cgo.go
similarity index 96%
rename from cmd/argocd-k8s-auth/commands/azure.go
rename to cmd/argocd-k8s-auth/commands/azure_cgo.go
index 357144c5ad586..a3cfe7254076f 100644
--- a/cmd/argocd-k8s-auth/commands/azure.go
+++ b/cmd/argocd-k8s-auth/commands/azure_cgo.go
@@ -1,3 +1,5 @@
+//go:build !darwin || (cgo && darwin)
+
 package commands
 
 import (
diff --git a/cmd/argocd-k8s-auth/commands/azure_no_cgo.go b/cmd/argocd-k8s-auth/commands/azure_no_cgo.go
new file mode 100644
index 0000000000000..f68fbbd51f780
--- /dev/null
+++ b/cmd/argocd-k8s-auth/commands/azure_no_cgo.go
@@ -0,0 +1,25 @@
+//go:build darwin && !cgo
+
+// Package commands
+// This file is used when the GOOS is darwin and CGO is not enabled.
+// It provides a no-op implementation of newAzureCommand to allow goreleaser to build
+// a darwin binary on a linux machine.
+package commands
+
+import (
+	"log"
+
+	"github.com/spf13/cobra"
+
+	"github.com/argoproj/argo-cd/v3/util/workloadidentity"
+)
+
+func newAzureCommand() *cobra.Command {
+	command := &cobra.Command{
+		Use: "azure",
+		Run: func(c *cobra.Command, _ []string) {
+			log.Fatalf(workloadidentity.CGOError)
+		},
+	}
+	return command
+}
diff --git a/util/workloadidentity/workloadidentity.go b/util/workloadidentity/workloadidentity.go
index 08482b3ba6bdc..e49ae7cd7d0f1 100644
--- a/util/workloadidentity/workloadidentity.go
+++ b/util/workloadidentity/workloadidentity.go
@@ -1,12 +1,7 @@
 package workloadidentity
 
 import (
-	"context"
 	"time"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 )
 
 const (
@@ -22,34 +17,9 @@ type TokenProvider interface {
 	GetToken(scope string) (*Token, error)
 }
 
-type WorkloadIdentityTokenProvider struct {
-	tokenCredential azcore.TokenCredential
-}
-
 // Used to propagate initialization error if any
 var initError error
 
-func NewWorkloadIdentityTokenProvider() TokenProvider {
-	cred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{})
-	initError = err
-	return WorkloadIdentityTokenProvider{tokenCredential: cred}
-}
-
-func (c WorkloadIdentityTokenProvider) GetToken(scope string) (*Token, error) {
-	if initError != nil {
-		return nil, initError
-	}
-
-	token, err := c.tokenCredential.GetToken(context.Background(), policy.TokenRequestOptions{
-		Scopes: []string{scope},
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	return &Token{AccessToken: token.Token, ExpiresOn: token.ExpiresOn}, nil
-}
-
 func CalculateCacheExpiryBasedOnTokenExpiry(tokenExpiry time.Time) time.Duration {
 	// Calculate the cache expiry as 5 minutes before the token expires
 	cacheExpiry := time.Until(tokenExpiry) - time.Minute*5
diff --git a/util/workloadidentity/workloadidentity_cgo.go b/util/workloadidentity/workloadidentity_cgo.go
new file mode 100644
index 0000000000000..87a2e209c4c00
--- /dev/null
+++ b/util/workloadidentity/workloadidentity_cgo.go
@@ -0,0 +1,36 @@
+//go:build !darwin || (cgo && darwin)
+
+package workloadidentity
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+)
+
+type WorkloadIdentityTokenProvider struct {
+	tokenCredential azcore.TokenCredential
+}
+
+func NewWorkloadIdentityTokenProvider() TokenProvider {
+	cred, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{})
+	initError = err
+	return WorkloadIdentityTokenProvider{tokenCredential: cred}
+}
+
+func (c WorkloadIdentityTokenProvider) GetToken(scope string) (*Token, error) {
+	if initError != nil {
+		return nil, initError
+	}
+
+	token, err := c.tokenCredential.GetToken(context.Background(), policy.TokenRequestOptions{
+		Scopes: []string{scope},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &Token{AccessToken: token.Token, ExpiresOn: token.ExpiresOn}, nil
+}
diff --git a/util/workloadidentity/workloadidentity_no_cgo.go b/util/workloadidentity/workloadidentity_no_cgo.go
new file mode 100644
index 0000000000000..53cad763ed4bd
--- /dev/null
+++ b/util/workloadidentity/workloadidentity_no_cgo.go
@@ -0,0 +1,25 @@
+//go:build darwin && !cgo
+
+// Package workloadidentity
+// This file is used when the GOOS is darwin and CGO is not enabled.
+// It provides a no-op implementation of the WorkloadIdentityTokenProvider to allow goreleaser to build
+// a darwin binary on a linux machine.
+package workloadidentity
+
+import (
+	"errors"
+)
+
+type WorkloadIdentityTokenProvider struct {
+}
+
+const CGOError = "CGO is not enabled, cannot use workload identity token provider"
+
+// Code that does not require CGO
+func NewWorkloadIdentityTokenProvider() TokenProvider {
+	panic(CGOError)
+}
+
+func (c WorkloadIdentityTokenProvider) GetToken(scope string) (*Token, error) {
+	return nil, errors.New(CGOError)
+}

From e61f1e7849b304d0ab4d764d8b9b9343fbd59d12 Mon Sep 17 00:00:00 2001
From: Mubarak Jama <83465122+mubarak-j@users.noreply.github.com>
Date: Mon, 23 Jun 2025 22:46:18 -0600
Subject: [PATCH 044/383] fix(docs): include v3.1 upgrade docs (#23529)

Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 mkdocs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mkdocs.yml b/mkdocs.yml
index 99a4585e10c7e..20e5e89cf857b 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -131,6 +131,7 @@ nav:
     - operator-manual/server-commands/additional-configuration-method.md
   - Upgrading:
     - operator-manual/upgrading/overview.md
+    - operator-manual/upgrading/3.0-3.1.md
     - operator-manual/upgrading/2.14-3.0.md
     - operator-manual/upgrading/2.13-2.14.md
     - operator-manual/upgrading/2.12-2.13.md

From 282075746c52ab01b784379b6ff94414d93f18ed Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 23:31:00 -1000
Subject: [PATCH 045/383] chore(deps): bump sigstore/cosign-installer from
 3.9.0 to 3.9.1 (#23530)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/image-reuse.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index 73bc9a22a984d..031efb9de7625 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -73,7 +73,7 @@ jobs:
           cache: false
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@fb28c2b6339dcd94da6e4cbcbc5e888961f6f8c3 # v3.9.0
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
 
       - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

From c44897734baea2bca8591ea99fa1efcf1fe16f7b Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Tue, 24 Jun 2025 16:41:54 +0200
Subject: [PATCH 046/383] fix: kustomize components + monorepos (#23486)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/kustomize/kustomize.go                   | 16 ++++++---
 util/kustomize/kustomize_test.go              | 26 ++++++++++++++
 .../apps/hello-world/.argo-cd.yaml            |  3 ++
 .../apps/hello-world/kustomization.yaml       | 33 ++++++++++++++++++
 .../apps/hello-world/base/deployment.yaml     | 34 +++++++++++++++++++
 .../apps/hello-world/base/kustomization.yaml  |  8 +++++
 .../apps/hello-world/base/service.yaml        | 16 +++++++++
 .../apps/hello-world/base/serviceaccount.yaml |  7 ++++
 .../components/all/kustomization.yaml         | 19 +++++++++++
 9 files changed, 157 insertions(+), 5 deletions(-)
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/.argo-cd.yaml
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/kustomization.yaml
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/deployment.yaml
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/kustomization.yaml
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/service.yaml
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/serviceaccount.yaml
 create mode 100644 util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/components/all/kustomization.yaml

diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go
index cda1b3be23bcf..bb19e25d20f9a 100644
--- a/util/kustomize/kustomize.go
+++ b/util/kustomize/kustomize.go
@@ -15,6 +15,8 @@ import (
 	"github.com/Masterminds/semver/v3"
 	"sigs.k8s.io/yaml"
 
+	"github.com/argoproj/argo-cd/v3/util/io"
+
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -24,8 +26,6 @@ import (
 	executil "github.com/argoproj/argo-cd/v3/util/exec"
 	"github.com/argoproj/argo-cd/v3/util/git"
 	"github.com/argoproj/argo-cd/v3/util/proxy"
-
-	securejoin "github.com/cyphar/filepath-securejoin"
 )
 
 // Image represents a Docker image in the format NAME[:TAG].
@@ -346,12 +346,18 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp
 			foundComponents := opts.Components
 			if opts.IgnoreMissingComponents {
 				foundComponents = make([]string, 0)
+				root, err := os.OpenRoot(k.repoRoot)
+				defer io.Close(root)
+				if err != nil {
+					return nil, nil, nil, fmt.Errorf("failed to open the repo folder: %w", err)
+				}
+
 				for _, c := range opts.Components {
-					resolvedPath, err := securejoin.SecureJoin(k.path, c)
+					resolvedPath, err := filepath.Rel(k.repoRoot, filepath.Join(k.path, c))
 					if err != nil {
-						return nil, nil, nil, fmt.Errorf("Kustomize components path failed: %w", err)
+						return nil, nil, nil, fmt.Errorf("kustomize components path failed: %w", err)
 					}
-					_, err = os.Stat(resolvedPath)
+					_, err = root.Stat(resolvedPath)
 					if err != nil {
 						log.Debugf("%s component directory does not exist", resolvedPath)
 						continue
diff --git a/util/kustomize/kustomize_test.go b/util/kustomize/kustomize_test.go
index f7638960534a5..791f25ff58963 100644
--- a/util/kustomize/kustomize_test.go
+++ b/util/kustomize/kustomize_test.go
@@ -25,6 +25,7 @@ const (
 	kustomization6 = "kustomization_yaml_components"
 	kustomization7 = "label_without_selector"
 	kustomization8 = "kustomization_yaml_patches_empty"
+	kustomization9 = "kustomization_yaml_components_monorepo"
 )
 
 func testDataDir(tb testing.TB, testData string) (string, error) {
@@ -512,6 +513,31 @@ func TestKustomizeBuildComponents(t *testing.T) {
 	assert.Equal(t, int64(3), replicas)
 }
 
+func TestKustomizeBuildComponentsMonoRepo(t *testing.T) {
+	rootPath, err := testDataDir(t, kustomization9)
+	require.NoError(t, err)
+	appPath := path.Join(rootPath, "envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world")
+	kustomize := NewKustomizeApp(rootPath, appPath, git.NopCreds{}, "", "", "", "")
+	kustomizeSource := v1alpha1.ApplicationSourceKustomize{
+		Components:              []string{"../../../../../../kustomize/components/all"},
+		IgnoreMissingComponents: true,
+	}
+	objs, _, _, err := kustomize.Build(&kustomizeSource, nil, nil, nil)
+	require.NoError(t, err)
+	obj := objs[2]
+	require.Equal(t, "hello-world-kustomize", obj.GetName())
+	require.Equal(t, map[string]string{
+		"app.kubernetes.io/name":  "hello-world-kustomize",
+		"app.kubernetes.io/owner": "fire-team",
+	}, obj.GetLabels())
+	replicas, ok, err := unstructured.NestedSlice(obj.Object, "spec", "template", "spec", "tolerations")
+	require.NoError(t, err)
+	require.True(t, ok)
+	require.Len(t, replicas, 1)
+	require.Equal(t, "my-special-toleration", replicas[0].(map[string]any)["key"])
+	require.Equal(t, "Exists", replicas[0].(map[string]any)["operator"])
+}
+
 func TestKustomizeBuildPatches(t *testing.T) {
 	appPath, err := testDataDir(t, kustomization5)
 	require.NoError(t, err)
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/.argo-cd.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/.argo-cd.yaml
new file mode 100644
index 0000000000000..fe31f420012d2
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/.argo-cd.yaml
@@ -0,0 +1,3 @@
+---
+kustomize:
+  componentsPath: ../../../../../../kustomize/components
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/kustomization.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/kustomization.yaml
new file mode 100644
index 0000000000000..bc54882ea37d4
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/envs/inseng-pdx-egert-sandbox/namespaces/inst-system/apps/hello-world/kustomization.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# All the members of this group are meant be populated from the
+# same nonproduction overlay of the matching app
+resources:
+  - ../../../../../../kustomize/apps/hello-world/base
+
+nameSuffix: -kustomize
+
+labels:
+  - pairs:
+      app.kubernetes.io/name: hello-world-kustomize
+    includeSelectors: true
+    includeTemplates: true
+
+patches:
+  # Adjusting the serviceAccount ref
+  - patch: |-
+      apiVersion: apps/v1
+      kind: Deployment
+      metadata:
+        name: hello-world
+      spec:
+        template:
+          spec:
+            serviceAccountName: hello-world-kustomize
+
+# Container image versions across the members
+images:
+  - name: hello-world
+    newTag: 1.17.0
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/deployment.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/deployment.yaml
new file mode 100644
index 0000000000000..bdd7d8e2ee791
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/deployment.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hello-world
+  labels:
+    app.kubernetes.io/name: hello-world
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: hello-world
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: hello-world
+    spec:
+      serviceAccountName: hello-world
+      containers:
+        - name: hello-world
+          image: "nginx:1.16.0"
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+      tolerations: []
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/kustomization.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/kustomization.yaml
new file mode 100644
index 0000000000000..ec568c1a0fd34
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/kustomization.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- deployment.yaml
+- service.yaml
+- serviceaccount.yaml
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/service.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/service.yaml
new file mode 100644
index 0000000000000..6006a980af08e
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/service.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hello-world
+  labels:
+    app.kubernetes.io/name: hello-world
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: hello-world
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/serviceaccount.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/serviceaccount.yaml
new file mode 100644
index 0000000000000..a4b12e0487773
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/apps/hello-world/base/serviceaccount.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: hello-world
+  labels:
+    app.kubernetes.io/name: hello-world
diff --git a/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/components/all/kustomization.yaml b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/components/all/kustomization.yaml
new file mode 100644
index 0000000000000..c61d07ab9c77d
--- /dev/null
+++ b/util/kustomize/testdata/kustomization_yaml_components_monorepo/kustomize/components/all/kustomization.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+labels:
+  - pairs:
+      app.kubernetes.io/owner: fire-team
+    includeSelectors: false
+    includeTemplates: false
+
+patches:
+  - target:
+      kind: Deployment
+    patch: |-
+      - op: add
+        path: /spec/template/spec/tolerations/-
+        value:
+          key: my-special-toleration
+          operator: Exists

From bcdb9cd11eba812c016e2131439a6d7d29b53e3b Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 24 Jun 2025 15:20:00 +0000
Subject: [PATCH 047/383] chore: Bump version in master (#23527)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: crenshaw-dev <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 SECURITY-INSIGHTS.yml | 4 ++--
 VERSION               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
index 9af8b173d7975..9b2c952a6bf49 100644
--- a/SECURITY-INSIGHTS.yml
+++ b/SECURITY-INSIGHTS.yml
@@ -3,9 +3,9 @@ header:
   expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release.
   last-updated: '2023-10-27'
   last-reviewed: '2023-10-27'
-  commit-hash: 226a670fe6b3c6769ff6d18e6839298a58e4577d
+  commit-hash: 320f46f06beaf75f9c406e3a47e2e09d36e2047a
   project-url: https://github.com/argoproj/argo-cd
-  project-release: v3.1.0
+  project-release: v3.2.0
   changelog: https://github.com/argoproj/argo-cd/releases
   license: https://github.com/argoproj/argo-cd/blob/master/LICENSE
 project-lifecycle:
diff --git a/VERSION b/VERSION
index fd2a01863fdd3..944880fa15e85 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.1.0
+3.2.0

From 4dfa87c9fe49635e8ef21424fcb66c643b25bd7a Mon Sep 17 00:00:00 2001
From: Alexej Disterhoft <alexej@disterhoft.de>
Date: Tue, 24 Jun 2025 17:51:58 +0200
Subject: [PATCH 048/383] fix(controller): get commit server url from env
 (#23536)

Signed-off-by: Alexej Disterhoft <alexej.disterhoft@redcare-pharmacy.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../argocd-application-controller-deployment.yaml           | 6 ++++++
 .../argocd-application-controller-statefulset.yaml          | 6 ++++++
 manifests/core-install-with-hydrator.yaml                   | 6 ++++++
 manifests/core-install.yaml                                 | 6 ++++++
 manifests/ha/install-with-hydrator.yaml                     | 6 ++++++
 manifests/ha/install.yaml                                   | 6 ++++++
 manifests/ha/namespace-install-with-hydrator.yaml           | 6 ++++++
 manifests/ha/namespace-install.yaml                         | 6 ++++++
 manifests/install-with-hydrator.yaml                        | 6 ++++++
 manifests/install.yaml                                      | 6 ++++++
 manifests/namespace-install-with-hydrator.yaml              | 6 ++++++
 manifests/namespace-install.yaml                            | 6 ++++++
 12 files changed, 72 insertions(+)

diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml
index bf65aed35bb2f..bfc1ff7d38d89 100644
--- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml
+++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml
@@ -253,6 +253,12 @@ spec:
               name: argocd-cmd-params-cm
               key: controller.cluster.cache.events.processing.interval
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              name: argocd-cmd-params-cm
+              key: commit.server
+              optional: true
         image: quay.io/argoproj/argocd:latest
         imagePullPolicy: Always
         name: argocd-application-controller
diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
index e33d3917f0f27..52696f097fa45 100644
--- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
+++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
@@ -268,6 +268,12 @@ spec:
               name: argocd-cmd-params-cm
               key: controller.cluster.cache.events.processing.interval
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              name: argocd-cmd-params-cm
+              key: commit.server
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index 022582adadf7a..dd1ee0ab63db9 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -25612,6 +25612,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index d2fba8e5b884d..5e80da4ae4768 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -25446,6 +25446,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 503bf112932e7..15fb9564ffbe0 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -27657,6 +27657,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index 5d464939dcee9..174245e2a8a45 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -27493,6 +27493,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml
index dd56bf44bcc8a..370056baf1033 100644
--- a/manifests/ha/namespace-install-with-hydrator.yaml
+++ b/manifests/ha/namespace-install-with-hydrator.yaml
@@ -3460,6 +3460,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
index c7e07cbc83cf8..d544b81f385f3 100644
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -3296,6 +3296,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index b9f2a628ce365..11c98a2828c78 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -26701,6 +26701,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/install.yaml b/manifests/install.yaml
index e4fbecd70704a..44eb71c5a518b 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -26535,6 +26535,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml
index bd0cf329f9212..36594ff9b4789 100644
--- a/manifests/namespace-install-with-hydrator.yaml
+++ b/manifests/namespace-install-with-hydrator.yaml
@@ -2504,6 +2504,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest
diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml
index d767b4dc5b18b..492f2e080f54e 100644
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -2338,6 +2338,12 @@ spec:
               key: controller.cluster.cache.events.processing.interval
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
+          valueFrom:
+            configMapKeyRef:
+              key: commit.server
+              name: argocd-cmd-params-cm
+              optional: true
         - name: KUBECACHEDIR
           value: /tmp/kubecache
         image: quay.io/argoproj/argocd:latest

From 1c99f611546dbb940163342bfc5ec20fc0f810f0 Mon Sep 17 00:00:00 2001
From: Pavel Skuratovich <chupaka@gmail.com>
Date: Tue, 24 Jun 2025 19:17:39 +0300
Subject: [PATCH 049/383] docs: Fix a typo in 3.0-3.1 upgrade manual (#23544)

Signed-off-by: Pavel Skuratovich <chupaka@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.0-3.1.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index 0f01a6a8daadd..0e08ebf4ccd45 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -2,7 +2,7 @@
 
 ## No more KubeVersions variable modification
 
-Until v3.0, Argo CD removed `+` identifier from `kubeVersions` in Helm, Kustomize and Plugins. For example, if Argo CD receive `kubeVersions` as vX.Y.Z+, we convert to vX.Y.Z internally. Starting with v3.1, the internal conversation is entirely removed.
+Until v3.0, Argo CD removed `+` identifier from `kubeVersions` in Helm, Kustomize and Plugins. For example, if Argo CD receive `kubeVersions` as vX.Y.Z+, we convert to vX.Y.Z internally. Starting with v3.1, the internal conversion is entirely removed.
 
 ### Detection
 

From 7a22a8baeeb5eff46022b732544b4d10e1181fc3 Mon Sep 17 00:00:00 2001
From: ChristianCiach <christian.ciach@gmail.com>
Date: Tue, 24 Jun 2025 19:56:56 +0200
Subject: [PATCH 050/383] fix(applicationset): Git generator: Don't append
 default object to literal empty json array (#23500) (#23513)

Signed-off-by: Christian Ciach <christian.ciach@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/generators/git.go      | 19 +++++++++----------
 applicationset/generators/git_test.go | 14 ++++++++++++--
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go
index 891fababef203..8d92e3dc30154 100644
--- a/applicationset/generators/git.go
+++ b/applicationset/generators/git.go
@@ -222,19 +222,18 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al
 func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent []byte, values map[string]string, useGoTemplate bool, goTemplateOptions []string, pathParamPrefix string) ([]map[string]any, error) {
 	objectsFound := []map[string]any{}
 
-	// First, we attempt to parse as an array
-	err := yaml.Unmarshal(fileContent, &objectsFound)
-	if err != nil {
-		// If unable to parse as an array, attempt to parse as a single object
-		singleObj := make(map[string]any)
-		err = yaml.Unmarshal(fileContent, &singleObj)
+	// First, we attempt to parse as a single object.
+	// This will also succeed for empty files.
+	singleObj := map[string]any{}
+	err := yaml.Unmarshal(fileContent, &singleObj)
+	if err == nil {
+		objectsFound = append(objectsFound, singleObj)
+	} else {
+		// If unable to parse as an object, try to parse as an array
+		err = yaml.Unmarshal(fileContent, &objectsFound)
 		if err != nil {
 			return nil, fmt.Errorf("unable to parse file: %w", err)
 		}
-		objectsFound = append(objectsFound, singleObj)
-	} else if len(objectsFound) == 0 {
-		// If file is valid but empty, add a default empty item
-		objectsFound = append(objectsFound, map[string]any{})
 	}
 
 	res := []map[string]any{}
diff --git a/applicationset/generators/git_test.go b/applicationset/generators/git_test.go
index 9fa028b5a06b9..cddddf8ce181e 100644
--- a/applicationset/generators/git_test.go
+++ b/applicationset/generators/git_test.go
@@ -825,7 +825,7 @@ func TestGitGenerateParamsFromFiles(t *testing.T) {
 			},
 			repoPathsError: nil,
 			expected:       []map[string]any{},
-			expectedError:  errors.New("error generating params from git: unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}"),
+			expectedError:  errors.New("error generating params from git: unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type []map[string]interface {}"),
 		},
 		{
 			name:  "test JSON array",
@@ -982,6 +982,16 @@ cluster:
 			},
 			expectedError: nil,
 		},
+		{
+			name:  "test empty YAML array",
+			files: []v1alpha1.GitFileGeneratorItem{{Path: "**/config.yaml"}},
+			repoFileContents: map[string][]byte{
+				"cluster-config/production/config.yaml": []byte(`[]`),
+			},
+			repoPathsError: nil,
+			expected:       []map[string]any{},
+			expectedError:  nil,
+		},
 	}
 
 	for _, testCase := range cases {
@@ -2060,7 +2070,7 @@ func TestGitGenerateParamsFromFilesGoTemplate(t *testing.T) {
 			},
 			repoPathsError: nil,
 			expected:       []map[string]any{},
-			expectedError:  errors.New("error generating params from git: unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type map[string]interface {}"),
+			expectedError:  errors.New("error generating params from git: unable to process file 'cluster-config/production/config.json': unable to parse file: error unmarshaling JSON: while decoding JSON: json: cannot unmarshal string into Go value of type []map[string]interface {}"),
 		},
 		{
 			name:  "test JSON array",

From a8d46d8b7f69c784ea435ba2353251ad602862c5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 25 Jun 2025 18:42:56 +0300
Subject: [PATCH 051/383] chore(deps): bump github.com/Azure/kubelogin from
 0.2.8 to 0.2.9 (#23551)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1fff70d354198..2165b0b9acf25 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	dario.cat/mergo v1.0.2
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
-	github.com/Azure/kubelogin v0.2.8
+	github.com/Azure/kubelogin v0.2.9
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
diff --git a/go.sum b/go.sum
index c96ea4d7f29b6..813be48790887 100644
--- a/go.sum
+++ b/go.sum
@@ -70,8 +70,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/Azure/kubelogin v0.2.8 h1:5atb9sjD9aQ++OOuW4UqERLsVYwxojAGM+rRML7CC2s=
-github.com/Azure/kubelogin v0.2.8/go.mod h1:QS1EFQffesODbanqwj1BEUgcgssjYH/Qv0WJGEcRQCk=
+github.com/Azure/kubelogin v0.2.9 h1:WxTkf0K8o+cj97K37V8HTqR1Yr1NexRXGmPkHDJwBOY=
+github.com/Azure/kubelogin v0.2.9/go.mod h1:QS1EFQffesODbanqwj1BEUgcgssjYH/Qv0WJGEcRQCk=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=

From 63dbd07acf867d86cb2a70ed5b3ad81b0e0b9ced Mon Sep 17 00:00:00 2001
From: Christophe Collot <52134228+CCOLLOT@users.noreply.github.com>
Date: Thu, 26 Jun 2025 02:03:31 +0200
Subject: [PATCH 052/383] docs: update declarative-setup.md (azure auth)
 (#23408)

Signed-off-by: Christophe Collot <52134228+CCOLLOT@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/declarative-setup.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md
index 6a648da93ddb9..0a037596bae08 100644
--- a/docs/operator-manual/declarative-setup.md
+++ b/docs/operator-manual/declarative-setup.md
@@ -1007,15 +1007,15 @@ Azure cluster secret example using argocd-k8s-auth and [kubelogin](https://githu
 |Variable Name|Description|
 |-------------|-----------|
 |AAD_LOGIN_METHOD|One of devicecode, spn, ropc, msi, azurecli, or workloadidentity|
-|AAD_SERVICE_PRINCIPAL_CLIENT_CERTIFICATE|AAD client cert in pfx.  Used in spn login|
-|AAD_SERVICE_PRINCIPAL_CLIENT_ID|AAD client application ID|
-|AAD_SERVICE_PRINCIPAL_CLIENT_SECRET|AAD client application secret|
+|AZURE_CLIENT_CERTIFICATE_PATH|Path to AAD client cert in pfx.  Used in spn login and WorkloadIdentityLogin flow|
+|AZURE_CLIENT_CERTIFICATE_PASSWORD|Password for the client cert in pfx.  Used in spn login|
+|AZURE_CLIENT_ID|AAD client application ID|
+|AZURE_CLIENT_SECRET|AAD client application secret|
 |AAD_USER_PRINCIPAL_NAME|Used in the ropc flow|
 |AAD_USER_PRINCIPAL_PASSWORD|Used in the ropc flow|
 |AZURE_TENANT_ID|The AAD tenant ID.|
 |AZURE_AUTHORITY_HOST|Used in the WorkloadIdentityLogin flow|
 |AZURE_FEDERATED_TOKEN_FILE|Used in the WorkloadIdentityLogin flow|
-|AZURE_CLIENT_ID|Used in the WorkloadIdentityLogin flow|
 
 In addition to the environment variables above, argocd-k8s-auth accepts two extra environment variables to set the AAD environment, and to set the AAD server application ID.  The AAD server application ID will default to 6dae42f8-4368-4678-94ff-3960e28e3630 if not specified.  See [here](https://github.com/azure/kubelogin#exec-plugin-format) for details.
 
@@ -1089,9 +1089,9 @@ stringData:
         "command": "argocd-k8s-auth",
         "env": {
           "AAD_ENVIRONMENT_NAME": "AzurePublicCloud",
-          "AAD_SERVICE_PRINCIPAL_CLIENT_SECRET": "fill in your service principal client secret",
+          "AZURE_CLIENT_SECRET": "fill in your service principal client secret",
           "AZURE_TENANT_ID": "fill in tenant id",
-          "AAD_SERVICE_PRINCIPAL_CLIENT_ID": "fill in your service principal client id",
+          "AZURE_CLIENT_ID": "fill in your service principal client id",
           "AAD_LOGIN_METHOD": "spn"
         },
         "args": ["azure"],

From 5a2216a2a4a9e29b69ca89ac6ee1948b1780145a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 26 Jun 2025 07:42:18 -0400
Subject: [PATCH 053/383] chore(deps): bump sigs.k8s.io/yaml from 1.4.0 to
 1.5.0 (#23567)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 +++-
 go.sum | 7 ++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 2165b0b9acf25..1d5b74776588a 100644
--- a/go.mod
+++ b/go.mod
@@ -115,7 +115,7 @@ require (
 	oras.land/oras-go/v2 v2.6.0
 	sigs.k8s.io/controller-runtime v0.21.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.7.0
-	sigs.k8s.io/yaml v1.4.0
+	sigs.k8s.io/yaml v1.5.0
 )
 
 require (
@@ -265,6 +265,8 @@ require (
 	go.opentelemetry.io/otel/metric v1.36.0 // indirect
 	go.opentelemetry.io/otel/trace v1.36.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.6.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
+	go.yaml.in/yaml/v3 v3.0.3 // indirect
 	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/text v0.26.0 // indirect
diff --git a/go.sum b/go.sum
index 813be48790887..243cebe927100 100644
--- a/go.sum
+++ b/go.sum
@@ -947,6 +947,10 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
+go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=
+go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -1541,5 +1545,6 @@ sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vt
 sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
 sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ=
+sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4=

From 9e2c8e60a7c22987fc128b289539aaba96219f68 Mon Sep 17 00:00:00 2001
From: Diego Erdody <erdody@gmail.com>
Date: Thu, 26 Jun 2025 14:12:44 -0700
Subject: [PATCH 054/383] fix: OCI client, avoid calling tags/list if revision
 is not a constraint #23580 (#23581)

Signed-off-by: Diego Erdody <diego.erdody@dexterity.ai>
Co-authored-by: Diego Erdody <diego.erdody@dexterity.ai>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/oci/client.go         |  5 +++++
 util/oci/client_test.go    |  2 +-
 util/versions/tags.go      |  9 +++++++++
 util/versions/tags_test.go | 24 ++++++++++++++++++++++++
 4 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/util/oci/client.go b/util/oci/client.go
index f5c8721dd5846..8980f65a89d36 100644
--- a/util/oci/client.go
+++ b/util/oci/client.go
@@ -295,6 +295,11 @@ func (c *nativeOCIClient) DigestMetadata(ctx context.Context, digest string) (*i
 func (c *nativeOCIClient) ResolveRevision(ctx context.Context, revision string, noCache bool) (string, error) {
 	digest, err := c.resolveDigest(ctx, revision) // Lookup explicit revision
 	if err != nil {
+		// If the revision is not a semver constraint, just return the error
+		if !versions.IsConstraint(revision) {
+			return digest, err
+		}
+
 		tags, err := c.GetTags(ctx, noCache)
 		if err != nil {
 			return "", fmt.Errorf("error fetching tags: %w", err)
diff --git a/util/oci/client_test.go b/util/oci/client_test.go
index de73607ea07f3..724bad13b7bf3 100644
--- a/util/oci/client_test.go
+++ b/util/oci/client_test.go
@@ -374,7 +374,7 @@ func Test_nativeOCIClient_ResolveRevision(t *testing.T) {
 			fields: fields{repo: store, tagsFunc: func(context.Context, string) (tags []string, err error) {
 				return []string{"1.0.0", "1.1.0", "1.2.0", "2.0.0"}, nil
 			}},
-			expectedError: errors.New("no version for constraints: failed to determine semver constraint: improper constraint: sha256:abc123"),
+			expectedError: errors.New("cannot get digest for revision sha256:abc123: sha256:abc123: not found"),
 		},
 		{
 			name:     "resolve latest tag",
diff --git a/util/versions/tags.go b/util/versions/tags.go
index 4bb2c2f152b5b..0223b910b78d1 100644
--- a/util/versions/tags.go
+++ b/util/versions/tags.go
@@ -62,3 +62,12 @@ func MaxVersion(revision string, tags []string) (string, error) {
 	log.Debugf("Semver constraint '%s' resolved to version '%s'", constraints.String(), maxVersion.Original())
 	return maxVersion.Original(), nil
 }
+
+// Returns true if the given revision is not an exact semver and can be parsed as a semver constraint
+func IsConstraint(revision string) bool {
+	if _, err := semver.NewVersion(revision); err == nil {
+		return false
+	}
+	_, err := semver.NewConstraint(revision)
+	return err == nil
+}
diff --git a/util/versions/tags_test.go b/util/versions/tags_test.go
index 80f164c754748..3cf2713a0be98 100644
--- a/util/versions/tags_test.go
+++ b/util/versions/tags_test.go
@@ -65,3 +65,27 @@ func TestTags_MaxVersion(t *testing.T) {
 		require.Error(t, err)
 	})
 }
+
+func TestTags_IsConstraint(t *testing.T) {
+	t.Run("Exact", func(t *testing.T) {
+		assert.False(t, IsConstraint("0.5.3"))
+	})
+	t.Run("Exact nonsemver", func(t *testing.T) {
+		assert.False(t, IsConstraint("2024.03-LTS-RC19"))
+	})
+	t.Run("Constraint", func(t *testing.T) {
+		assert.True(t, IsConstraint("= 0.5.3"))
+	})
+	t.Run("Constraint", func(t *testing.T) {
+		assert.True(t, IsConstraint("> 0.5.3"))
+	})
+	t.Run("Constraint", func(t *testing.T) {
+		assert.True(t, IsConstraint(">0.5.0,<0.7.0"))
+	})
+	t.Run("Constraint", func(t *testing.T) {
+		assert.True(t, IsConstraint("0.7.*"))
+	})
+	t.Run("Constraint", func(t *testing.T) {
+		assert.True(t, IsConstraint("*"))
+	})
+}

From ad5f218b830f90d2e9f5caaee814f92616be04d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Jun 2025 14:21:31 -0400
Subject: [PATCH 055/383] chore(deps): bump github.com/go-jose/go-jose/v4 from
 4.1.0 to 4.1.1 (#23585)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1d5b74776588a..0203d9b3f50d0 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68
 	github.com/go-git/go-git/v5 v5.16.2
-	github.com/go-jose/go-jose/v4 v4.1.0
+	github.com/go-jose/go-jose/v4 v4.1.1
 	github.com/go-logr/logr v1.4.3
 	github.com/go-openapi/loads v0.22.0
 	github.com/go-openapi/runtime v0.28.0
diff --git a/go.sum b/go.sum
index 243cebe927100..1b526c8754d4c 100644
--- a/go.sum
+++ b/go.sum
@@ -306,8 +306,8 @@ github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lo
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY=
-github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw=
+github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI=
+github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

From e56cedb84e4a536722e09a4776995daa774c29b1 Mon Sep 17 00:00:00 2001
From: Charles Chan <425857+charlesmcchan@users.noreply.github.com>
Date: Fri, 27 Jun 2025 21:31:50 -0600
Subject: [PATCH 056/383] docs: Added Intel to USERS.md (#23596)

Signed-off-by: Charles Chan <charles.chan@intel.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 2d42e7234e122..b3238d2233b6c 100644
--- a/USERS.md
+++ b/USERS.md
@@ -173,6 +173,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Info Support](https://www.infosupport.com/)
 1. [InsideBoard](https://www.insideboard.com)
 1. [Instruqt](https://www.instruqt.com)
+1. [Intel](https://www.intel.com)
 1. [Intuit](https://www.intuit.com/)
 1. [Jellysmack](https://www.jellysmack.com)
 1. [Joblift](https://joblift.com/)

From 07300710b58b524aedbd6efb6d88223f3a57ddd3 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Mon, 30 Jun 2025 10:29:30 +0530
Subject: [PATCH 057/383] add logs

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/cache/cache.go      | 1 +
 util/cache/cache_test.go | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/util/cache/cache.go b/util/cache/cache.go
index 28843d0289084..30b9d66f38ea1 100644
--- a/util/cache/cache.go
+++ b/util/cache/cache.go
@@ -147,6 +147,7 @@ func loadRedisCredsFromSecret(mountPath string, opt Options) *redisCreds {
 		readAuthDetailsFromFile := func(filename string) string {
 			data, err := os.ReadFile(filepath.Join(mountPath, filename))
 			if err != nil {
+				log.Infof("Could not read Redis credential file %s: %v. Falling back to environment variable if available.", filepath.Join(mountPath, filename), err)
 				return ""
 			}
 			return strings.TrimSpace(string(data))
diff --git a/util/cache/cache_test.go b/util/cache/cache_test.go
index 6e300e24145c6..8c16fef3e3c7d 100644
--- a/util/cache/cache_test.go
+++ b/util/cache/cache_test.go
@@ -110,6 +110,7 @@ func TestLoadRedisCredsFromFile(t *testing.T) {
 	assert.Equal(t, "sentinelpass", creds.sentinelPassword)
 }
 
+// Test loading Redis credentials from environment variables
 func TestLoadRedisCredsFromEnv(t *testing.T) {
 	// Set environment variables
 	t.Setenv(envRedisPassword, "mypassword")
@@ -124,6 +125,7 @@ func TestLoadRedisCredsFromEnv(t *testing.T) {
 	assert.Equal(t, "sentinelpass", creds.sentinelPassword)
 }
 
+// Test loading Redis credentials from both environment variables and a file
 func TestLoadRedisCredsFromBothEnvAndFile(t *testing.T) {
 	// Set environment variables
 	t.Setenv(envRedisPassword, "mypassword")

From 2db8d5f369c628343b7cd254f3063fc6429032fa Mon Sep 17 00:00:00 2001
From: jaqxues <32979131+jaqxues@users.noreply.github.com>
Date: Mon, 30 Jun 2025 06:26:13 +0200
Subject: [PATCH 058/383] fix: UI error with ApplicationSet in any namespace
 (#23601)

Signed-off-by: jaqxues <32979131+jaqxues@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/src/app/shared/services/applications-service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts
index f65016e7ac904..6f5544ca6c474 100644
--- a/ui/src/app/shared/services/applications-service.ts
+++ b/ui/src/app/shared/services/applications-service.ts
@@ -547,7 +547,7 @@ export class ApplicationsService {
     public async getApplicationSet(name: string, namespace: string): Promise<models.ApplicationSet> {
         return requests
             .get(`/applicationsets/${name}`)
-            .query({namespace})
+            .query({appsetNamespace: namespace})
             .then(res => res.body as models.ApplicationSet);
     }
 }

From 4c48a9afe84cac0cac84a15d9051552c8c8c778a Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 30 Jun 2025 00:26:37 -0400
Subject: [PATCH 059/383] [Bot] docs: Update Snyk report (#23600)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   2 +-
 docs/snyk/master/argocd-iac-install.html      |   4 +-
 .../master/argocd-iac-namespace-install.html  |   4 +-
 docs/snyk/master/argocd-test.html             |  91 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    | 185 +++-
 ...s_docker_library_haproxy_3.0.8-alpine.html |  41 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |  41 +-
 .../quay.io_argoproj_argocd_latest.html       | 950 ++++++++----------
 docs/snyk/v2.13.8/argocd-iac-install.html     |   2 +-
 .../v2.13.8/argocd-iac-namespace-install.html |   2 +-
 docs/snyk/v2.13.8/argocd-test.html            | 155 ++-
 .../v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html   | 239 +++--
 ..._docker_library_haproxy_2.6.17-alpine.html |  95 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |  65 +-
 .../quay.io_argoproj_argocd_v2.13.8.html      | 230 +++--
 docs/snyk/v2.13.8/redis_7.0.15-alpine.html    |  65 +-
 docs/snyk/v2.14.15/argocd-iac-install.html    |   2 +-
 .../argocd-iac-namespace-install.html         |   2 +-
 docs/snyk/v2.14.15/argocd-test.html           | 125 ++-
 .../v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html  | 239 +++--
 ..._docker_library_haproxy_2.6.17-alpine.html |  95 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |  65 +-
 .../quay.io_argoproj_argocd_v2.14.15.html     | 204 ++--
 docs/snyk/v2.14.15/redis_7.0.15-alpine.html   |  65 +-
 docs/snyk/v3.0.9/argocd-iac-install.html      |   2 +-
 .../v3.0.9/argocd-iac-namespace-install.html  |   2 +-
 docs/snyk/v3.0.9/argocd-test.html             | 131 ++-
 .../v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html    | 239 +++--
 ...s_docker_library_haproxy_3.0.8-alpine.html |  41 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |  41 +-
 .../quay.io_argoproj_argocd_v3.0.9.html       | 198 ++--
 docs/snyk/v3.0.9/redis_7.2.7-alpine.html      |  41 +-
 docs/snyk/v3.1.0-rc1/argocd-iac-install.html  |   2 +-
 .../argocd-iac-namespace-install.html         |   2 +-
 docs/snyk/v3.1.0-rc1/argocd-test.html         |  89 +-
 .../ghcr.io_dexidp_dex_v2.43.0.html           | 185 +++-
 ...s_docker_library_haproxy_3.0.8-alpine.html |  41 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |  41 +-
 .../quay.io_argoproj_argocd_v3.1.0-rc1.html   | 173 +++-
 39 files changed, 2832 insertions(+), 1364 deletions(-)

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index db452278533a1..a175ab8582d25 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -18,7 +18,7 @@ recent minor releases.
 | [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
 | [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 9 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 8 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index 215e087933611..7f312f753164f 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:25:37 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:26:19 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26551
+                              Line number: 26557
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index 768ad2fdc8ca3..cc5d1ed242184 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:25:47 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:26:31 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2354
+                              Line number: 2360
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index bcf4b531134a7..d85f98950d7f2 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:23:23 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:24:00 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,7 +501,7 @@ <h1 class="project__header__title">Snyk test report</h1>
               <div class="meta-counts">
                 <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
                 <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2103</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2105</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -482,8 +513,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -542,8 +575,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -604,8 +639,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -819,8 +856,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -992,8 +1031,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1052,8 +1093,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1197,8 +1240,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Randomness</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1267,8 +1312,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index affe831d3d2cd..592a374f7b049 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:23:32 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:24:10 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -483,8 +514,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -554,8 +587,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -625,8 +660,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -695,8 +732,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -764,8 +803,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -824,8 +865,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -884,8 +927,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1007,8 +1052,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1076,8 +1123,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1136,8 +1185,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1196,8 +1247,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1265,8 +1318,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1325,8 +1380,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1385,8 +1442,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1445,8 +1504,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1505,8 +1566,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1565,8 +1628,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1625,8 +1690,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1685,8 +1752,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1745,8 +1814,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1805,8 +1876,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1865,8 +1938,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1925,8 +2000,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1985,8 +2062,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 06e93682b685c..454d39d4ed8fb 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:23:37 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:24:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 201a6798355db..232589218ba4c 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:23:43 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:24:21 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index 0e84a1bf1cd4e..759c4fa5e1ac1 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="22 known vulnerabilities found in 90 vulnerable dependency paths.">
+  <meta name="description" content="21 known vulnerabilities found in 84 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:24:02 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:24:41 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -470,9 +501,9 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>22</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>90 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2369</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>21</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>84 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2372</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -484,8 +515,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Race Condition</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -495,7 +528,7 @@ <h2 class="card__title">Race Condition</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -505,7 +538,7 @@ <h2 class="card__title">Race Condition</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@255.4-1ubuntu8.8
+                                docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@257.4-1ubuntu3.1
         
                     </li>
                 </ul>
@@ -520,7 +553,18 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@3.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -529,9 +573,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        coreutils@9.5-1ubuntu1.25.04.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -540,9 +584,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        procps/libproc2-0@2:4.0.4-4ubuntu3.2
+                                        procps/libproc2-0@2:4.0.4-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -551,9 +595,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        procps@2:4.0.4-4ubuntu3.2
+                                        procps@2:4.0.4-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -562,9 +606,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -573,9 +617,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/bsdutils@1:2.39.3-9ubuntu6.2
+                                        util-linux/bsdutils@1:2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -584,11 +628,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
+                                        apt/libapt-pkg7.0@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -597,15 +641,15 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -614,17 +658,17 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -633,7 +677,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        systemd/libudev1@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -642,9 +686,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
+                                        libfido2/libfido2-1@1.15.0-1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        systemd/libudev1@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -653,9 +697,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        systemd/libudev1@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -664,11 +708,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
+                                        apt/libapt-pkg7.0@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
+                                        systemd/libudev1@257.4-1ubuntu3.1
                                         
                                 </span>
         
@@ -681,11 +725,11 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
         <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>systemd</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>systemd</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
@@ -699,16 +743,18 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-SYSTEMD-10285339">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
+            <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -718,7 +764,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -728,7 +774,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-7ubuntu4.3
         
                     </li>
                 </ul>
@@ -743,7 +789,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -752,9 +798,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -763,9 +809,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -774,13 +820,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -789,15 +835,15 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -806,17 +852,17 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -825,7 +871,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -834,15 +880,15 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -851,7 +897,18 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -860,9 +917,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -871,9 +928,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -882,13 +939,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -897,7 +954,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -906,9 +963,20 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -921,33 +989,38 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>pam</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795583">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Authentication</h2>
+            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -957,7 +1030,7 @@ <h2 class="card__title">Improper Authentication</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -967,7 +1040,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@latest and pam/libpam0g@1.5.3-7ubuntu4.3
         
                     </li>
                 </ul>
@@ -982,7 +1055,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -991,9 +1064,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1002,9 +1075,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1013,13 +1086,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1028,15 +1101,15 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1045,17 +1118,17 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        pam/libpam0g@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1064,7 +1137,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1073,15 +1146,15 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1090,7 +1163,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1099,9 +1172,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1110,9 +1183,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        util-linux@2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1121,13 +1194,33 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        adduser@3.137ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.16.0-7ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-7ubuntu4.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1136,7 +1229,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        util-linux@2.40.2-14ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1145,9 +1240,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
                                 </span>
         
@@ -1160,27 +1255,24 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>pam</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795712">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -1188,8 +1280,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1313,8 +1407,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1373,8 +1469,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1433,8 +1531,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1493,8 +1593,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1553,8 +1655,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1613,8 +1717,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1673,8 +1779,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1742,8 +1850,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1811,8 +1921,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1822,7 +1934,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -1833,7 +1945,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.48.1-0ubuntu1 and others
                     </li>
                 </ul>
         
@@ -1847,9 +1959,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.48.1-0ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        git/git-man@1:2.48.1-0ubuntu1
                                         
                                 </span>
         
@@ -1858,7 +1970,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.48.1-0ubuntu1
                                         
                                 </span>
         
@@ -1867,9 +1979,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
+                                        git-lfs@3.6.1-1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.48.1-0ubuntu1
                                         
                                 </span>
         
@@ -1882,10 +1994,10 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called &#34;sideband channel&#34;. These messages will be prefixed with &#34;remote:&#34; and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>git</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>git</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005</a></li>
@@ -1896,7 +2008,7 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-8637112">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GIT-9792199">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -1904,8 +2016,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-56433</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1915,17 +2029,17 @@ <h2 class="card__title">CVE-2024-56433</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            shadow/passwd
+                            shadow/login.defs
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@latest and shadow/login.defs@1:4.16.0-7ubuntu1
         
                     </li>
                 </ul>
@@ -1940,7 +2054,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/login.defs@1:4.16.0-7ubuntu1
                                         
                                 </span>
         
@@ -1949,9 +2063,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/login.defs@1:4.16.0-7ubuntu1
                                         
                                 </span>
         
@@ -1960,11 +2074,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/login.defs@1:4.16.0-7ubuntu1
                                         
                                 </span>
         
@@ -1973,79 +2089,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         
                                 </span>
         
                             </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>shadow</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SHADOW-8600509">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
-            <div class="card__section">
-        
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            patch
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:9.9p1-3ubuntu3.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.16.0-7ubuntu1
+                                        
+                                </span>
         
-                    <ul class="card__meta__paths">
+                            </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        patch@2.7.6-7build3
+                                        apt@3.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.16.0-7ubuntu1
                                         
                                 </span>
         
@@ -2057,21 +2125,23 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>shadow</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
-        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6707039">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-SHADOW-9791968">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2079,8 +2149,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Double Free</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2090,7 +2162,7 @@ <h2 class="card__title">Double Free</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -2128,10 +2200,10 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>patch</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952</a></li>
@@ -2146,16 +2218,18 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6720551">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PATCH-9814413">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-41996</h2>
+            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2165,17 +2239,17 @@ <h2 class="card__title">CVE-2024-41996</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            openssl/libssl3t64
+                            patch
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2190,133 +2264,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.4-3ubuntu6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20240203
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20240203
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
+                                        patch@2.7.6-7build3
                                         
                                 </span>
         
@@ -2328,23 +2276,21 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssl</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>patch</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996</a></li>
-        <li><a href="https://dheatattack.gitlab.io/details/">https://dheatattack.gitlab.io/details/</a></li>
-        <li><a href="https://dheatattack.gitlab.io/faq/">https://dheatattack.gitlab.io/faq/</a></li>
-        <li><a href="https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1">https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
+        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PATCH-9821808">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2352,8 +2298,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Information Exposure</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2363,7 +2311,7 @@ <h2 class="card__title">Information Exposure</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -2373,7 +2321,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.11.0-6ubuntu1
         
                     </li>
                 </ul>
@@ -2388,18 +2336,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
+                                        libgcrypt20@1.11.0-6ubuntu1
                                         
                                 </span>
         
@@ -2408,9 +2345,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
+                                        libgcrypt20@1.11.0-6ubuntu1
                                         
                                 </span>
         
@@ -2419,9 +2356,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
+                                        libgcrypt20@1.11.0-6ubuntu1
                                         
                                 </span>
         
@@ -2430,11 +2367,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
+                                        libgcrypt20@1.11.0-6ubuntu1
                                         
                                 </span>
         
@@ -2443,11 +2378,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
+                                        libgcrypt20@1.11.0-6ubuntu1
                                         
                                 </span>
         
@@ -2456,30 +2391,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        gnupg2/gpg@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
+                                        libgcrypt20@1.11.0-6ubuntu1
                                         
                                 </span>
         
@@ -2492,10 +2408,10 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libgcrypt20</code> package and not the <code>libgcrypt20</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>A timing-based side-channel flaw was found in libgcrypt&#39;s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libgcrypt20</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>libgcrypt20</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236</a></li>
@@ -2510,7 +2426,7 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBGCRYPT20-6693674">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-LIBGCRYPT20-9794004">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2518,8 +2434,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Out-of-bounds Write</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2529,7 +2447,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -2539,7 +2457,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu23
         
                     </li>
                 </ul>
@@ -2554,7 +2472,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2563,9 +2481,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2574,9 +2492,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2585,9 +2503,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2596,9 +2514,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu23
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2607,7 +2525,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2616,7 +2534,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2625,7 +2543,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu23
                                         
                                 </span>
         
@@ -2638,10 +2556,10 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnupg2</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnupg2</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
@@ -2656,7 +2574,7 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUPG2-6702792">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUPG2-9801283">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2664,8 +2582,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2675,7 +2595,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -2685,7 +2605,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1
         
                     </li>
                 </ul>
@@ -2700,7 +2620,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        glibc/libc-bin@2.41-6ubuntu1
                                         
                                 </span>
         
@@ -2709,7 +2629,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
+                                        glibc/libc6@2.41-6ubuntu1
                                         
                                 </span>
         
@@ -2722,10 +2642,10 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>glibc</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013</a></li>
@@ -2737,7 +2657,7 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-6727419">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-9828016">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2745,8 +2665,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-0167</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2756,7 +2678,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -2767,7 +2689,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.48.1-0ubuntu1 and others
                     </li>
                 </ul>
         
@@ -2781,9 +2703,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.48.1-0ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
                                         
                                 </span>
         
@@ -2796,14 +2718,14 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>When asked to use a <code>.netrc</code> file for credentials <strong>and</strong> to follow HTTP
         redirects, curl could leak the password used for the first host to the
         followed-to host under certain circumstances.</p>
         <p>This flaw only manifests itself if the netrc file has a <code>default</code> entry that
         omits both login and password. A rare circumstance.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>curl</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>curl</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167</a></li>
@@ -2816,7 +2738,7 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-CURL-8689015">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-CURL-9791313">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2824,8 +2746,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Input Validation</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2835,7 +2759,7 @@ <h2 class="card__title">Improper Input Validation</h2>
                         Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: ubuntu:25.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
@@ -2845,7 +2769,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@latest and coreutils@9.5-1ubuntu1.25.04.1
         
                     </li>
                 </ul>
@@ -2860,7 +2784,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.4-3ubuntu6
+                                        coreutils@9.5-1ubuntu1.25.04.1
                                         
                                 </span>
         
@@ -2873,10 +2797,10 @@ <h3 class="card__section__title">Detailed paths</h3>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
         <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>coreutils</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>coreutils</code>.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
@@ -2890,7 +2814,7 @@ <h2 id="references">References</h2>
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-COREUTILS-6727355">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-COREUTILS-9827293">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
diff --git a/docs/snyk/v2.13.8/argocd-iac-install.html b/docs/snyk/v2.13.8/argocd-iac-install.html
index 97bf8c22056d4..819cd12c93c8c 100644
--- a/docs/snyk/v2.13.8/argocd-iac-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:35:54 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:37:32 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
index 2e64e0e4e6666..c5bead97c77a9 100644
--- a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:36:03 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:37:44 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-test.html b/docs/snyk/v2.13.8/argocd-test.html
index 09968185bb63c..d87ed07819bef 100644
--- a/docs/snyk/v2.13.8/argocd-test.html
+++ b/docs/snyk/v2.13.8/argocd-test.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:33:47 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:35:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -481,8 +512,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -811,8 +844,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -882,8 +917,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1186,8 +1223,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">LGPL-3.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1248,8 +1287,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1681,8 +1722,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Unexpected Status Code or Return Value</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1762,8 +1805,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1822,8 +1867,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1884,8 +1931,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2099,8 +2148,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2272,8 +2323,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2332,8 +2385,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2402,8 +2457,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Concurrent Execution using Shared Resource with Improper Synchronization (&#x27;Race Condition&#x27;)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2493,8 +2550,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2638,8 +2697,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3942,8 +4003,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Arbitrary Code Injection</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -4017,8 +4080,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insufficient Documentation of Error Handling Techniques</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -4092,8 +4157,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Randomness</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -4162,8 +4229,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
index ece271ad04d14..cf18f75374d8a 100644
--- a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:33:54 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:35:21 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -483,8 +514,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Incorrect Implementation of Authentication Algorithm</h2>
             <div class="card__section">
         
-                <div class="label label--critical">
-                    <span class="label__text">critical severity</span>
+                <div class="card__labels">
+                    <div class="label label--critical">
+                        <span class="label__text">critical severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -558,8 +591,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -715,8 +750,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -795,8 +832,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -875,8 +914,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Denial of Service (DoS)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -958,8 +999,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1028,8 +1071,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1097,8 +1142,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insertion of Sensitive Information into Log File</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1165,8 +1212,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1290,8 +1339,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1350,8 +1401,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1410,8 +1463,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1533,8 +1588,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1602,8 +1659,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1662,8 +1721,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1722,8 +1783,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1791,8 +1854,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1851,8 +1916,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1911,8 +1978,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1971,8 +2040,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2031,8 +2102,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2091,8 +2164,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2151,8 +2226,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2211,8 +2288,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2271,8 +2350,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2331,8 +2412,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2391,8 +2474,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2451,8 +2536,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2511,8 +2598,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2590,8 +2679,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2753,8 +2844,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2909,8 +3002,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3064,8 +3159,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index bedef59a3b1ec..4a7adbacfc10d 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:33:58 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:35:26 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
@@ -489,8 +520,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -679,8 +712,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Use After Free</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -798,8 +833,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Use After Free</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -917,8 +954,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-4741</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1110,8 +1149,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-5535</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1339,8 +1380,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1535,8 +1578,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1724,8 +1769,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1912,8 +1959,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index cdb3419e3d765..c744941b23020 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:34:02 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:35:30 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -481,8 +512,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -666,8 +699,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -844,8 +879,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1021,8 +1058,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
index ce793da846851..6f22996cb27bb 100644
--- a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
+++ b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:34:23 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:36:01 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -484,8 +515,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -555,8 +588,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -626,8 +661,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Denial of Service (DoS)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -709,8 +746,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -779,8 +818,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Race Condition</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1002,8 +1043,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Directory Traversal</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1226,6 +1269,7 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
         </ul>
         
               <hr/>
@@ -1239,8 +1283,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1478,8 +1524,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1720,8 +1768,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Reversible One-Way Hash</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1917,6 +1967,8 @@ <h2 id="references">References</h2>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359465">https://bugzilla.redhat.com/show_bug.cgi?id=2359465</a></li>
         <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:8411">https://access.redhat.com/errata/RHSA-2025:8411</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9418">https://access.redhat.com/errata/RHSA-2025:9418</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9430">https://access.redhat.com/errata/RHSA-2025:9430</a></li>
         </ul>
         
               <hr/>
@@ -1930,8 +1982,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">LGPL-3.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1990,8 +2044,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2124,8 +2180,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Unexpected Status Code or Return Value</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2194,8 +2252,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2254,8 +2314,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2314,8 +2376,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2374,8 +2438,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2434,8 +2500,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2494,8 +2562,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2554,8 +2624,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2623,8 +2695,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2692,8 +2766,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2785,8 +2861,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-56433</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2890,8 +2968,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2960,8 +3040,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Double Free</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3035,8 +3117,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-41996</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3233,8 +3317,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Information Exposure</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3399,8 +3485,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Out-of-bounds Write</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3545,8 +3633,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3626,8 +3716,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insufficient Documentation of Error Handling Techniques</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3695,8 +3787,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-0167</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3774,8 +3868,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Input Validation</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
index 9020e831c5727..52868c26b56e9 100644
--- a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:34:28 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:36:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -481,8 +512,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -666,8 +699,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -844,8 +879,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1021,8 +1058,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.14.15/argocd-iac-install.html b/docs/snyk/v2.14.15/argocd-iac-install.html
index f44359ce8c2fd..8532fe3058ec5 100644
--- a/docs/snyk/v2.14.15/argocd-iac-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:33:23 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:34:49 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
index 5bf7160ab44d1..03db73ef6d65d 100644
--- a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:33:32 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:35:00 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-test.html b/docs/snyk/v2.14.15/argocd-test.html
index 388ba085c1f20..5051565dd117b 100644
--- a/docs/snyk/v2.14.15/argocd-test.html
+++ b/docs/snyk/v2.14.15/argocd-test.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:31:11 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:32:28 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -482,8 +513,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -812,8 +845,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">LGPL-3.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -876,8 +911,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -936,8 +973,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -998,8 +1037,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1213,8 +1254,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1386,8 +1429,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1446,8 +1491,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1518,8 +1565,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1588,8 +1637,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1733,8 +1784,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2072,8 +2125,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Arbitrary Code Injection</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2147,8 +2202,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Randomness</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2217,8 +2274,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
index ef19a24340a51..07385f9947884 100644
--- a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:31:17 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:32:35 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -483,8 +514,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Incorrect Implementation of Authentication Algorithm</h2>
             <div class="card__section">
         
-                <div class="label label--critical">
-                    <span class="label__text">critical severity</span>
+                <div class="card__labels">
+                    <div class="label label--critical">
+                        <span class="label__text">critical severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -558,8 +591,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -715,8 +750,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -795,8 +832,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -875,8 +914,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Denial of Service (DoS)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -958,8 +999,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1028,8 +1071,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1097,8 +1142,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insertion of Sensitive Information into Log File</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1165,8 +1212,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1290,8 +1339,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1350,8 +1401,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1410,8 +1463,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1533,8 +1588,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1602,8 +1659,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1662,8 +1721,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1722,8 +1783,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1791,8 +1854,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1851,8 +1916,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1911,8 +1978,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1971,8 +2040,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2031,8 +2102,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2091,8 +2164,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2151,8 +2226,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2211,8 +2288,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2271,8 +2350,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2331,8 +2412,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2391,8 +2474,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2451,8 +2536,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2511,8 +2598,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2590,8 +2679,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2753,8 +2844,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2909,8 +3002,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3064,8 +3159,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index 2d5253b29de42..5c8948c85a331 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:31:22 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:32:42 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
@@ -489,8 +520,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -679,8 +712,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Use After Free</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -798,8 +833,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Use After Free</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -917,8 +954,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-4741</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1110,8 +1149,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-5535</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1339,8 +1380,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1535,8 +1578,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1724,8 +1769,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1912,8 +1959,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index 70c2e13ca898c..9082adde683fb 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:31:26 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:32:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -481,8 +512,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -666,8 +699,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -844,8 +879,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1021,8 +1058,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
index 09b275da338e4..b9d928ece21f3 100644
--- a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
+++ b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:31:47 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:33:11 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -484,8 +515,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -555,8 +588,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Denial of Service (DoS)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -638,8 +673,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Race Condition</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -861,8 +898,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Directory Traversal</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1085,6 +1124,7 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
         </ul>
         
               <hr/>
@@ -1098,8 +1138,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1337,8 +1379,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1579,8 +1623,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">LGPL-3.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1639,8 +1685,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1764,8 +1812,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1824,8 +1874,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1884,8 +1936,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1944,8 +1998,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2004,8 +2060,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2064,8 +2122,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2124,8 +2184,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2194,8 +2256,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2263,8 +2327,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2332,8 +2398,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2425,8 +2493,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-56433</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2530,8 +2600,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2600,8 +2672,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Double Free</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2675,8 +2749,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-41996</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2873,8 +2949,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Information Exposure</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3039,8 +3117,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Out-of-bounds Write</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3185,8 +3265,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3266,8 +3348,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-0167</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3345,8 +3429,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Input Validation</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
index 9356f7e820bbe..7992369b22f32 100644
--- a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:31:51 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:33:16 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -481,8 +512,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -666,8 +699,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -844,8 +879,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1021,8 +1058,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v3.0.9/argocd-iac-install.html b/docs/snyk/v3.0.9/argocd-iac-install.html
index ce725cca7710a..c63536c34189f 100644
--- a/docs/snyk/v3.0.9/argocd-iac-install.html
+++ b/docs/snyk/v3.0.9/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:30:40 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:31:55 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/argocd-iac-namespace-install.html b/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
index 375be43165be2..e0fc972f90ef3 100644
--- a/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:30:50 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:32:06 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/argocd-test.html b/docs/snyk/v3.0.9/argocd-test.html
index eb48b44be6249..a31eeb7a9350b 100644
--- a/docs/snyk/v3.0.9/argocd-test.html
+++ b/docs/snyk/v3.0.9/argocd-test.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:28:34 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:29:37 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -482,8 +513,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Prototype Pollution</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -648,8 +681,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -996,8 +1031,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1225,8 +1262,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1770,8 +1809,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1830,8 +1871,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1892,8 +1935,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2107,8 +2152,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2280,8 +2327,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2340,8 +2389,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2485,8 +2536,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2824,8 +2877,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Arbitrary Code Injection</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2899,8 +2954,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Randomness</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2969,8 +3026,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Cross-site Scripting (XSS)</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3114,8 +3173,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
index 84426cdcb307d..b5cedae0f62bf 100644
--- a/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:28:40 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:29:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -483,8 +514,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Incorrect Implementation of Authentication Algorithm</h2>
             <div class="card__section">
         
-                <div class="label label--critical">
-                    <span class="label__text">critical severity</span>
+                <div class="card__labels">
+                    <div class="label label--critical">
+                        <span class="label__text">critical severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -558,8 +591,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -715,8 +750,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -795,8 +832,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -875,8 +914,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Denial of Service (DoS)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -958,8 +999,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1028,8 +1071,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1097,8 +1142,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insertion of Sensitive Information into Log File</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1165,8 +1212,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1290,8 +1339,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1350,8 +1401,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1410,8 +1463,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1533,8 +1588,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1602,8 +1659,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1662,8 +1721,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1722,8 +1783,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1791,8 +1854,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1851,8 +1916,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1911,8 +1978,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1971,8 +2040,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2031,8 +2102,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2091,8 +2164,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2151,8 +2226,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2211,8 +2288,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2271,8 +2350,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2331,8 +2412,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2391,8 +2474,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2451,8 +2536,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2511,8 +2598,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2590,8 +2679,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-9143</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2753,8 +2844,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-13176</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2909,8 +3002,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-12797</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3064,8 +3159,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-26519</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index f69085d8e9c7c..59acad4d6acff 100644
--- a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:28:43 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:29:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index a71158e22d230..533a064cf8142 100644
--- a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:28:47 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:29:55 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html b/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
index a9b3631b0aa2c..0bc7bc7b85566 100644
--- a/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
+++ b/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:29:04 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:30:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -484,8 +515,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -554,8 +587,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -624,8 +659,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -694,8 +731,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Race Condition</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -917,8 +956,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Directory Traversal</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1141,6 +1182,7 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
         </ul>
         
               <hr/>
@@ -1154,8 +1196,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1393,8 +1437,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1635,8 +1681,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1760,8 +1808,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1820,8 +1870,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1880,8 +1932,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1940,8 +1994,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2000,8 +2056,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2060,8 +2118,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2120,8 +2180,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2189,8 +2251,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2258,8 +2322,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2351,8 +2417,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-56433</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2456,8 +2524,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2526,8 +2596,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Double Free</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2601,8 +2673,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-41996</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2799,8 +2873,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Information Exposure</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2965,8 +3041,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Out-of-bounds Write</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3111,8 +3189,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3192,8 +3272,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-0167</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -3271,8 +3353,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Input Validation</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v3.0.9/redis_7.2.7-alpine.html b/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
index eae699c2ca429..6281249286391 100644
--- a/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:29:08 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:30:20 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html b/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
index 7a3fde5c06503..fbde912cce0c9 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
+++ b/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:28:03 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:29:05 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html b/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
index e54ba740a0dff..bde4126a304f8 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:28:14 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:29:16 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-test.html b/docs/snyk/v3.1.0-rc1/argocd-test.html
index ac2ad448e0400..e145718b1c4da 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-test.html
+++ b/docs/snyk/v3.1.0-rc1/argocd-test.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:25:58 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:26:42 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -482,8 +513,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -542,8 +575,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -604,8 +639,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -819,8 +856,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -992,8 +1031,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1052,8 +1093,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1197,8 +1240,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Randomness</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1267,8 +1312,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
index 1828d2b38cca8..f14b1b3bbc604 100644
--- a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:26:04 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:26:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -483,8 +514,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -554,8 +587,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -625,8 +660,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -695,8 +732,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
             <div class="card__section">
         
-                <div class="label label--high">
-                    <span class="label__text">high severity</span>
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -764,8 +803,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -824,8 +865,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -884,8 +927,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1007,8 +1052,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1076,8 +1123,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1136,8 +1185,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1196,8 +1247,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1265,8 +1318,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1325,8 +1380,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1385,8 +1442,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1445,8 +1504,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1505,8 +1566,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1565,8 +1628,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1625,8 +1690,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1685,8 +1752,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1745,8 +1814,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1805,8 +1876,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1865,8 +1938,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1925,8 +2000,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1985,8 +2062,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 49fe930232ffa..5c84b5e752254 100644
--- a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:26:07 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:26:52 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 9d69c28e7a294..c1fe6bbed58f2 100644
--- a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:26:11 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:26:56 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html b/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
index 49f80d5678107..487d29dc89a95 100644
--- a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
+++ b/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
@@ -201,6 +201,15 @@
       padding: 1.5em;
     }
   
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
     .card .label {
       background-color: #767676;
       border: 2px solid #767676;
@@ -258,10 +267,7 @@
       padding-top: 4em;
     }
   
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
+    .card--vuln .card__labels > .label:first-child {
       padding-left: 1.9em;
       padding-right: 1.9em;
       border-radius: 0 0.25rem 0.25rem 0;
@@ -289,6 +295,7 @@
     .card--vuln .card__title {
       font-size: 28px;
       margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
     }
   
     .card--vuln .card__cta p {
@@ -296,6 +303,30 @@
       text-align: right;
     }
   
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
     .source-panel {
       clear: both;
       display: flex;
@@ -456,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 22nd 2025, 12:26:31 am (UTC+00:00)</p>
+                <p class="timestamp">June 29th 2025, 12:27:31 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -484,8 +515,10 @@ <h1 class="project__header__title">Snyk test report</h1>
             <h2 class="card__title">Race Condition</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -707,8 +740,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -946,8 +981,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1188,8 +1225,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1313,8 +1352,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1373,8 +1414,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1433,8 +1476,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1493,8 +1538,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1553,8 +1600,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1613,8 +1662,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1673,8 +1724,10 @@ <h3 class="card__section__title">Detailed paths</h3>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1742,8 +1795,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1811,8 +1866,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
             <div class="card__section">
         
-                <div class="label label--medium">
-                    <span class="label__text">medium severity</span>
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -1904,8 +1961,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-56433</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2009,8 +2068,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2079,8 +2140,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Double Free</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2154,8 +2217,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2024-41996</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2352,8 +2417,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Information Exposure</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2518,8 +2585,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Out-of-bounds Write</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2664,8 +2733,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2745,8 +2816,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">CVE-2025-0167</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>
@@ -2824,8 +2897,10 @@ <h2 id="references">References</h2>
             <h2 class="card__title">Improper Input Validation</h2>
             <div class="card__section">
         
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
                 </div>
         
                 <hr/>

From d8cb701ecfc0797c74e2e3c33690fac486dcaff7 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Mon, 30 Jun 2025 11:15:14 +0530
Subject: [PATCH 060/383] add documentation

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/faq.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/docs/faq.md b/docs/faq.md
index 3a1a3fad9fb7e..ec58850aad524 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -316,6 +316,25 @@ If for some reason authenticated Redis does not work for you and you want to use
 The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed.
 You can config your secret provider to generate Kubernetes secret accordingly.
 
+## How do I provide Redis credentials using a file mount?
+
+Redis credentials can be injected through mounted volumes instead of environment variables.
+
+Supported Filenames
+
+The following files are expected inside the mounted path:
+
+| Credential type    | File name        |
+|--------------------|------------------|
+| Redis password     | `auth`           |
+| Redis username     | `auth_username`  |
+| Sentinel username  | `sentinel_username` |
+| Sentinel password  | `sentinel_auth`  |
+
+* Fallback behavior
+
+If a credential file is missing or unreadable, Argo CD falls back to the corresponding environment variable (e.g., REDIS_PASSWORD, REDIS_USERNAME, etc.).
+
 ## How do I fix `Manifest generation error (cached)`?
 
 `Manifest generation error (cached)` means that there was an error when generating manifests and that the error message has been cached to avoid runaway retries.

From 60055d0c92b5986189fe32e4adecc34aba355257 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Mon, 30 Jun 2025 11:19:39 +0530
Subject: [PATCH 061/383] update faq documentation

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/faq.md | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/docs/faq.md b/docs/faq.md
index ec58850aad524..6e94fece7b9f9 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -318,22 +318,21 @@ You can config your secret provider to generate Kubernetes secret accordingly.
 
 ## How do I provide Redis credentials using a file mount?
 
-Redis credentials can be injected through mounted volumes instead of environment variables.
+You can inject Redis credentials by mounting files as volumes, instead of using environment variables.
 
-Supported Filenames
+**Supported Filenames**
 
-The following files are expected inside the mounted path:
+Place the following files inside the mounted path:
 
-| Credential type    | File name        |
-|--------------------|------------------|
-| Redis password     | `auth`           |
-| Redis username     | `auth_username`  |
-| Sentinel username  | `sentinel_username` |
-| Sentinel password  | `sentinel_auth`  |
+| **Credential Type**   | **File Name**         |
+|-----------------------|-----------------------|
+| Redis password        | `auth`                |
+| Redis username        | `auth_username`       |
+| Sentinel username     | `sentinel_username`   |
+| Sentinel password     | `sentinel_auth`       |
 
-* Fallback behavior
-
-If a credential file is missing or unreadable, Argo CD falls back to the corresponding environment variable (e.g., REDIS_PASSWORD, REDIS_USERNAME, etc.).
+**Fallback Behavior:**  
+If a credential file is missing or unreadable, Argo CD will fall back to the corresponding environment variable (e.g., `REDIS_PASSWORD`, `REDIS_USERNAME`, etc.).
 
 ## How do I fix `Manifest generation error (cached)`?
 

From 11da1470e62af51ca69fb26a3826fdbbc98db424 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Mon, 30 Jun 2025 16:12:10 +0530
Subject: [PATCH 062/383] add REDIS_CREDS_FILE_PATH env in faq doc

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/faq.md | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/docs/faq.md b/docs/faq.md
index 6e94fece7b9f9..be3202eec9b27 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -318,21 +318,31 @@ You can config your secret provider to generate Kubernetes secret accordingly.
 
 ## How do I provide Redis credentials using a file mount?
 
-You can inject Redis credentials by mounting files as volumes, instead of using environment variables.
+Redis credentials can be mounted as files in a specified directory, rather than being set directly as environment variables from a secret.
 
-**Supported Filenames**
+**Set the Environment Variable**
 
-Place the following files inside the mounted path:
+Set the `REDIS_CREDS_FILE_PATH` environment variable to the directory where your credential files are mounted.
 
-| **Credential Type**   | **File Name**         |
-|-----------------------|-----------------------|
-| Redis password        | `auth`                |
-| Redis username        | `auth_username`       |
-| Sentinel username     | `sentinel_username`   |
-| Sentinel password     | `sentinel_auth`       |
+| Variable Name           | Description                                   |
+|-------------------------|-----------------------------------------------|
+| `REDIS_CREDS_FILE_PATH` | Path to the directory containing credential files |
+
+**Provide Credential Files**
+
+Place the following files in the specified directory:
+
+| Credential Type      | File Name           |
+|----------------------|---------------------|
+| Redis password       | `auth`              |
+| Redis username       | `auth_username`     |
+| Sentinel username    | `sentinel_username` |
+| Sentinel password    | `sentinel_auth`     |
 
 **Fallback Behavior:**  
-If a credential file is missing or unreadable, Argo CD will fall back to the corresponding environment variable (e.g., `REDIS_PASSWORD`, `REDIS_USERNAME`, etc.).
+If a credential file is missing or cannot be read, Argo CD will automatically fall back to the corresponding environment variable (such as `REDIS_PASSWORD`, `REDIS_USERNAME`, etc.).
+
+This approach allows for more secure and flexible management of Redis credentials, especially when integrating with external secret management solutions.
 
 ## How do I fix `Manifest generation error (cached)`?
 

From b133178ee7832925b565d8ff59ffcdcc52ceab73 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Mon, 30 Jun 2025 16:13:09 +0530
Subject: [PATCH 063/383] feat: add title matching filter for Pull Request
 Generator (#23569)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/generators/pull_request.go     |    2 -
 .../services/pull_request/interface.go        |    1 +
 applicationset/services/pull_request/utils.go |    9 +
 .../services/pull_request/utils_test.go       |  125 +-
 assets/swagger.json                           |    3 +
 manifests/core-install-with-hydrator.yaml     |    6 +
 manifests/core-install.yaml                   |    6 +
 manifests/crds/applicationset-crd.yaml        |    6 +
 manifests/ha/install-with-hydrator.yaml       |    6 +
 manifests/ha/install.yaml                     |    6 +
 manifests/install-with-hydrator.yaml          |    6 +
 manifests/install.yaml                        |    6 +
 .../v1alpha1/applicationset_types.go          |    1 +
 pkg/apis/application/v1alpha1/generated.pb.go | 1563 +++++++++--------
 pkg/apis/application/v1alpha1/generated.proto |    2 +
 .../v1alpha1/zz_generated.deepcopy.go         |    5 +
 16 files changed, 991 insertions(+), 762 deletions(-)

diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go
index 88ff44853e9cc..f3868215c91b2 100644
--- a/applicationset/generators/pull_request.go
+++ b/applicationset/generators/pull_request.go
@@ -18,8 +18,6 @@ import (
 	argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )
 
-var _ Generator = (*PullRequestGenerator)(nil)
-
 const (
 	DefaultPullRequestRequeueAfter = 30 * time.Minute
 )
diff --git a/applicationset/services/pull_request/interface.go b/applicationset/services/pull_request/interface.go
index 07637b3f95973..67305836ec759 100644
--- a/applicationset/services/pull_request/interface.go
+++ b/applicationset/services/pull_request/interface.go
@@ -30,4 +30,5 @@ type PullRequestService interface {
 type Filter struct {
 	BranchMatch       *regexp.Regexp
 	TargetBranchMatch *regexp.Regexp
+	TitleMatch        *regexp.Regexp
 }
diff --git a/applicationset/services/pull_request/utils.go b/applicationset/services/pull_request/utils.go
index 100596fc3db9b..aed724265a257 100644
--- a/applicationset/services/pull_request/utils.go
+++ b/applicationset/services/pull_request/utils.go
@@ -25,6 +25,12 @@ func compileFilters(filters []argoprojiov1alpha1.PullRequestGeneratorFilter) ([]
 				return nil, fmt.Errorf("error compiling TargetBranchMatch regexp %q: %w", *filter.TargetBranchMatch, err)
 			}
 		}
+		if filter.TitleMatch != nil {
+			outFilter.TitleMatch, err = regexp.Compile(*filter.TitleMatch)
+			if err != nil {
+				return nil, fmt.Errorf("error compiling TitleMatch regexp %q: %w", *filter.TitleMatch, err)
+			}
+		}
 		outFilters = append(outFilters, outFilter)
 	}
 	return outFilters, nil
@@ -37,6 +43,9 @@ func matchFilter(pullRequest *PullRequest, filter *Filter) bool {
 	if filter.TargetBranchMatch != nil && !filter.TargetBranchMatch.MatchString(pullRequest.TargetBranch) {
 		return false
 	}
+	if filter.TitleMatch != nil && !filter.TitleMatch.MatchString(pullRequest.Title) {
+		return false
+	}
 
 	return true
 }
diff --git a/applicationset/services/pull_request/utils_test.go b/applicationset/services/pull_request/utils_test.go
index d25b25ae8386d..0400515e53b2c 100644
--- a/applicationset/services/pull_request/utils_test.go
+++ b/applicationset/services/pull_request/utils_test.go
@@ -137,6 +137,110 @@ func TestFilterTargetBranchMatch(t *testing.T) {
 	assert.Equal(t, "two", pullRequests[0].Branch)
 }
 
+func TestFilterTitleMatch(t *testing.T) {
+	provider, _ := NewFakeService(
+		t.Context(),
+		[]*PullRequest{
+			{
+				Number:       1,
+				Title:        "PR one - filter",
+				Branch:       "one",
+				TargetBranch: "master",
+				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name1",
+			},
+			{
+				Number:       2,
+				Title:        "PR two - ignore",
+				Branch:       "two",
+				TargetBranch: "branch1",
+				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name2",
+			},
+			{
+				Number:       3,
+				Title:        "[filter] PR three",
+				Branch:       "three",
+				TargetBranch: "branch2",
+				HeadSHA:      "389d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name3",
+			},
+			{
+				Number:       4,
+				Title:        "[ignore] PR four",
+				Branch:       "four",
+				TargetBranch: "branch3",
+				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name4",
+			},
+		},
+		nil,
+	)
+	filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{
+		{
+			TitleMatch: strp("\\[filter]"),
+		},
+	}
+	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
+	require.NoError(t, err)
+	assert.Len(t, pullRequests, 1)
+	assert.Equal(t, "three", pullRequests[0].Branch)
+}
+
+func TestMultiFilterOrWithTitle(t *testing.T) {
+	provider, _ := NewFakeService(
+		t.Context(),
+		[]*PullRequest{
+			{
+				Number:       1,
+				Title:        "PR one - filter",
+				Branch:       "one",
+				TargetBranch: "master",
+				HeadSHA:      "189d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name1",
+			},
+			{
+				Number:       2,
+				Title:        "PR two - ignore",
+				Branch:       "two",
+				TargetBranch: "branch1",
+				HeadSHA:      "289d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name2",
+			},
+			{
+				Number:       3,
+				Title:        "[filter] PR three",
+				Branch:       "three",
+				TargetBranch: "branch2",
+				HeadSHA:      "389d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name3",
+			},
+			{
+				Number:       4,
+				Title:        "[ignore] PR four",
+				Branch:       "four",
+				TargetBranch: "branch3",
+				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name4",
+			},
+		},
+		nil,
+	)
+	filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{
+		{
+			TitleMatch: strp("\\[filter]"),
+		},
+		{
+			TitleMatch: strp("- filter"),
+		},
+	}
+	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
+	require.NoError(t, err)
+	assert.Len(t, pullRequests, 2)
+	assert.Equal(t, "one", pullRequests[0].Branch)
+	assert.Equal(t, "three", pullRequests[1].Branch)
+}
+
 func TestMultiFilterOr(t *testing.T) {
 	provider, _ := NewFakeService(
 		t.Context(),
@@ -192,7 +296,7 @@ func TestMultiFilterOr(t *testing.T) {
 	assert.Equal(t, "four", pullRequests[2].Branch)
 }
 
-func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {
+func TestMultiFilterOrWithTargetBranchFilterOrWithTitleFilter(t *testing.T) {
 	provider, _ := NewFakeService(
 		t.Context(),
 		[]*PullRequest{
@@ -228,6 +332,14 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {
 				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
 				Author:       "name4",
 			},
+			{
+				Number:       5,
+				Title:        "PR title is different than branch name",
+				Branch:       "five",
+				TargetBranch: "branch3",
+				HeadSHA:      "489d92cbf9ff857a39e6feccd32798ca700fb958",
+				Author:       "name5",
+			},
 		},
 		nil,
 	)
@@ -240,12 +352,21 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) {
 			BranchMatch:       strp("r"),
 			TargetBranchMatch: strp("3"),
 		},
+		{
+			TitleMatch: strp("two"),
+		},
+		{
+			BranchMatch: strp("five"),
+			TitleMatch:  strp("PR title is different than branch name"),
+		},
 	}
 	pullRequests, err := ListPullRequests(t.Context(), provider, filters)
 	require.NoError(t, err)
-	assert.Len(t, pullRequests, 2)
+	assert.Len(t, pullRequests, 3)
 	assert.Equal(t, "two", pullRequests[0].Branch)
 	assert.Equal(t, "four", pullRequests[1].Branch)
+	assert.Equal(t, "five", pullRequests[2].Branch)
+	assert.Equal(t, "PR title is different than branch name", pullRequests[2].Title)
 }
 
 func TestNoFilters(t *testing.T) {
diff --git a/assets/swagger.json b/assets/swagger.json
index 4eb602b28b9ca..efe9c036145d4 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -9079,6 +9079,9 @@
         },
         "targetBranchMatch": {
           "type": "string"
+        },
+        "titleMatch": {
+          "type": "string"
         }
       }
     },
diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index dd1ee0ab63db9..97845d4a18ce0 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -12161,6 +12161,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -18001,6 +18003,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -21130,6 +21134,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index 5e80da4ae4768..be4b882d9385d 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -12161,6 +12161,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -18001,6 +18003,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -21130,6 +21134,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml
index 8cb86b7b94279..e2dbe67a26f20 100644
--- a/manifests/crds/applicationset-crd.yaml
+++ b/manifests/crds/applicationset-crd.yaml
@@ -6269,6 +6269,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -12109,6 +12111,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -15238,6 +15242,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 15fb9564ffbe0..c92eab9ea3995 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -12161,6 +12161,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -18001,6 +18003,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -21130,6 +21134,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index 174245e2a8a45..02e9481e5bd19 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -12161,6 +12161,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -18001,6 +18003,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -21130,6 +21134,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index 11c98a2828c78..22f53ffd3386d 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -12161,6 +12161,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -18001,6 +18003,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -21130,6 +21134,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/manifests/install.yaml b/manifests/install.yaml
index 44eb71c5a518b..33463a55ef6a7 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -12161,6 +12161,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -18001,6 +18003,8 @@ spec:
                                           type: string
                                         targetBranchMatch:
                                           type: string
+                                        titleMatch:
+                                          type: string
                                       type: object
                                     type: array
                                   gitea:
@@ -21130,6 +21134,8 @@ spec:
                                 type: string
                               targetBranchMatch:
                                 type: string
+                              titleMatch:
+                                type: string
                             type: object
                           type: array
                         gitea:
diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go
index 1bd56992cc9bb..bdb282e24466c 100644
--- a/pkg/apis/application/v1alpha1/applicationset_types.go
+++ b/pkg/apis/application/v1alpha1/applicationset_types.go
@@ -765,6 +765,7 @@ type BasicAuthBitbucketServer struct {
 type PullRequestGeneratorFilter struct {
 	BranchMatch       *string `json:"branchMatch,omitempty" protobuf:"bytes,1,opt,name=branchMatch"`
 	TargetBranchMatch *string `json:"targetBranchMatch,omitempty" protobuf:"bytes,2,opt,name=targetBranchMatch"`
+	TitleMatch        *string `json:"titleMatch,omitempty" protobuf:"bytes,3,op,name=titleMatch"`
 }
 
 type PluginConfigMapRef struct {
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index a9db3e77bb7bd..1f874903ad91f 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -4914,775 +4914,777 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12287 bytes of a gzipped FileDescriptorProto
+	// 12307 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xc9,
 	0x71, 0x18, 0xcc, 0x9e, 0xc1, 0x00, 0x33, 0x89, 0xd7, 0xa2, 0x76, 0xf7, 0x0e, 0xbb, 0xf7, 0xc0,
 	0xaa, 0x8f, 0x3a, 0x9e, 0x3e, 0xde, 0x01, 0xba, 0xbd, 0x3b, 0xea, 0x3e, 0x9d, 0x44, 0x09, 0x8f,
 	0x7d, 0x60, 0x17, 0x58, 0xe0, 0x6a, 0xb0, 0xbb, 0xe2, 0x51, 0xc7, 0x63, 0x63, 0xa6, 0x30, 0xe8,
 	0x45, 0x4f, 0xf7, 0x5c, 0x77, 0x0f, 0x16, 0x73, 0xa2, 0x28, 0x52, 0x24, 0x25, 0x4a, 0x7c, 0x9d,
-	0x45, 0x85, 0x79, 0xb4, 0x4d, 0x9a, 0xb2, 0xe4, 0x57, 0x38, 0x18, 0xa2, 0xad, 0x1f, 0x56, 0x84,
-	0xa4, 0x60, 0x48, 0x72, 0x30, 0x28, 0xcb, 0x0e, 0xc9, 0x0c, 0x5a, 0x94, 0x2d, 0x11, 0x26, 0xd7,
-	0x76, 0x50, 0xe1, 0x08, 0x2b, 0x42, 0xb2, 0x7f, 0x38, 0xd6, 0x0e, 0x87, 0xa3, 0xde, 0xd5, 0x3d,
-	0x3d, 0xc0, 0x60, 0xd1, 0xd8, 0x5d, 0x52, 0xf7, 0x6f, 0xa6, 0x32, 0xab, 0xb2, 0xba, 0x1e, 0x99,
-	0x59, 0x59, 0x99, 0x59, 0xb0, 0xd4, 0x70, 0xe3, 0xcd, 0xf6, 0xfa, 0x74, 0x2d, 0x68, 0xce, 0x38,
-	0x61, 0x23, 0x68, 0x85, 0xc1, 0x0d, 0xf6, 0xe3, 0xa9, 0x5a, 0x7d, 0x66, 0xfb, 0x99, 0x99, 0xd6,
-	0x56, 0x63, 0xc6, 0x69, 0xb9, 0xd1, 0x8c, 0xd3, 0x6a, 0x79, 0x6e, 0xcd, 0x89, 0xdd, 0xc0, 0x9f,
-	0xd9, 0x7e, 0xda, 0xf1, 0x5a, 0x9b, 0xce, 0xd3, 0x33, 0x0d, 0xe2, 0x93, 0xd0, 0x89, 0x49, 0x7d,
-	0xba, 0x15, 0x06, 0x71, 0x80, 0x7e, 0x44, 0xb7, 0x36, 0x2d, 0x5b, 0x63, 0x3f, 0x5e, 0xa9, 0xd5,
-	0xa7, 0xb7, 0x9f, 0x99, 0x6e, 0x6d, 0x35, 0xa6, 0x69, 0x6b, 0xd3, 0x46, 0x6b, 0xd3, 0xb2, 0xb5,
-	0xd3, 0x4f, 0x19, 0x7d, 0x69, 0x04, 0x8d, 0x60, 0x86, 0x35, 0xba, 0xde, 0xde, 0x60, 0xff, 0xd8,
-	0x1f, 0xf6, 0x8b, 0x13, 0x3b, 0x6d, 0x6f, 0x3d, 0x1f, 0x4d, 0xbb, 0x01, 0xed, 0xde, 0x4c, 0x2d,
-	0x08, 0xc9, 0xcc, 0x76, 0x57, 0x87, 0x4e, 0x5f, 0xd4, 0x38, 0x64, 0x27, 0x26, 0x7e, 0xe4, 0x06,
-	0x7e, 0xf4, 0x14, 0xed, 0x02, 0x09, 0xb7, 0x49, 0x68, 0x7e, 0x9e, 0x81, 0x90, 0xd5, 0xd2, 0xb3,
-	0xba, 0xa5, 0xa6, 0x53, 0xdb, 0x74, 0x7d, 0x12, 0x76, 0x74, 0xf5, 0x26, 0x89, 0x9d, 0xac, 0x5a,
-	0x33, 0xbd, 0x6a, 0x85, 0x6d, 0x3f, 0x76, 0x9b, 0xa4, 0xab, 0xc2, 0x3b, 0xf6, 0xab, 0x10, 0xd5,
-	0x36, 0x49, 0xd3, 0xe9, 0xaa, 0xf7, 0x4c, 0xaf, 0x7a, 0xed, 0xd8, 0xf5, 0x66, 0x5c, 0x3f, 0x8e,
-	0xe2, 0x30, 0x5d, 0xc9, 0xfe, 0x7b, 0x16, 0x8c, 0xce, 0x5e, 0xaf, 0xce, 0xb6, 0xe3, 0xcd, 0xf9,
-	0xc0, 0xdf, 0x70, 0x1b, 0xe8, 0x39, 0x18, 0xae, 0x79, 0xed, 0x28, 0x26, 0xe1, 0x15, 0xa7, 0x49,
-	0x26, 0xad, 0x33, 0xd6, 0x13, 0x95, 0xb9, 0xe3, 0x5f, 0xdd, 0x9d, 0x7a, 0xcb, 0xad, 0xdd, 0xa9,
-	0xe1, 0x79, 0x0d, 0xc2, 0x26, 0x1e, 0xfa, 0x01, 0x18, 0x0a, 0x03, 0x8f, 0xcc, 0xe2, 0x2b, 0x93,
-	0x05, 0x56, 0x65, 0x5c, 0x54, 0x19, 0xc2, 0xbc, 0x18, 0x4b, 0x38, 0x45, 0x6d, 0x85, 0xc1, 0x86,
-	0xeb, 0x91, 0xc9, 0x62, 0x12, 0x75, 0x95, 0x17, 0x63, 0x09, 0xb7, 0x3f, 0x5b, 0x80, 0xf1, 0xd9,
-	0x56, 0xeb, 0x22, 0x71, 0xbc, 0x78, 0xb3, 0x1a, 0x3b, 0x71, 0x3b, 0x42, 0x0d, 0x18, 0x8c, 0xd8,
-	0x2f, 0xd1, 0xb7, 0x15, 0x51, 0x7b, 0x90, 0xc3, 0x6f, 0xef, 0x4e, 0xfd, 0x68, 0xd6, 0x8a, 0x6e,
-	0xb8, 0x71, 0xd0, 0x8a, 0x9e, 0x22, 0x7e, 0xc3, 0xf5, 0x09, 0x1b, 0x97, 0x4d, 0xd6, 0xea, 0xb4,
-	0xd9, 0xf8, 0x7c, 0x50, 0x27, 0x58, 0x34, 0x4f, 0xfb, 0xd9, 0x24, 0x51, 0xe4, 0x34, 0x48, 0xfa,
-	0x93, 0x96, 0x79, 0x31, 0x96, 0x70, 0x14, 0x02, 0xf2, 0x9c, 0x28, 0x5e, 0x0b, 0x1d, 0x3f, 0x72,
-	0xe9, 0x92, 0x5e, 0x73, 0x9b, 0xfc, 0xeb, 0x86, 0xcf, 0xfe, 0x7f, 0xd3, 0x7c, 0x62, 0xa6, 0xcd,
-	0x89, 0xd1, 0xfb, 0x80, 0xae, 0x9b, 0xe9, 0xed, 0xa7, 0xa7, 0x69, 0x8d, 0xb9, 0x07, 0x6e, 0xed,
-	0x4e, 0xa1, 0xa5, 0xae, 0x96, 0x70, 0x46, 0xeb, 0xf6, 0x9f, 0x14, 0x00, 0x66, 0x5b, 0xad, 0xd5,
-	0x30, 0xb8, 0x41, 0x6a, 0x31, 0x7a, 0x2f, 0x94, 0x69, 0x53, 0x75, 0x27, 0x76, 0xd8, 0xc0, 0x0c,
-	0x9f, 0xfd, 0xc1, 0xfe, 0x08, 0xaf, 0xac, 0xd3, 0xfa, 0xcb, 0x24, 0x76, 0xe6, 0x90, 0xf8, 0x40,
-	0xd0, 0x65, 0x58, 0xb5, 0x8a, 0x7c, 0x18, 0x88, 0x5a, 0xa4, 0xc6, 0x06, 0x63, 0xf8, 0xec, 0xd2,
-	0xf4, 0x61, 0x76, 0xfa, 0xb4, 0xee, 0x79, 0xb5, 0x45, 0x6a, 0x73, 0x23, 0x82, 0xf2, 0x00, 0xfd,
-	0x87, 0x19, 0x1d, 0xb4, 0xad, 0x26, 0x9a, 0x0f, 0xe4, 0x95, 0xdc, 0x28, 0xb2, 0x56, 0xe7, 0xc6,
-	0x92, 0x0b, 0x47, 0xce, 0xbb, 0xfd, 0x4d, 0x0b, 0xc6, 0x34, 0xf2, 0x92, 0x1b, 0xc5, 0xe8, 0x27,
-	0xbb, 0x06, 0x77, 0xba, 0xbf, 0xc1, 0xa5, 0xb5, 0xd9, 0xd0, 0x1e, 0x13, 0xc4, 0xca, 0xb2, 0xc4,
-	0x18, 0xd8, 0x26, 0x94, 0xdc, 0x98, 0x34, 0xa3, 0xc9, 0xc2, 0x99, 0xe2, 0x13, 0xc3, 0x67, 0x2f,
-	0xe6, 0xf5, 0x9d, 0x73, 0xa3, 0x82, 0x68, 0x69, 0x91, 0x36, 0x8f, 0x39, 0x15, 0xfb, 0xaf, 0x47,
-	0xcd, 0xef, 0xa3, 0x03, 0x8e, 0x9e, 0x86, 0xe1, 0x28, 0x68, 0x87, 0x35, 0x82, 0x49, 0x2b, 0xa0,
-	0x1b, 0xab, 0x48, 0x97, 0x3b, 0xdd, 0xf0, 0x55, 0x5d, 0x8c, 0x4d, 0x1c, 0xf4, 0x49, 0x0b, 0x46,
-	0xea, 0x24, 0x8a, 0x5d, 0x9f, 0xd1, 0x97, 0x9d, 0x5f, 0x3b, 0x74, 0xe7, 0x65, 0xe1, 0x82, 0x6e,
-	0x7c, 0xee, 0x84, 0xf8, 0x90, 0x11, 0xa3, 0x30, 0xc2, 0x09, 0xfa, 0x94, 0x71, 0xd5, 0x49, 0x54,
-	0x0b, 0xdd, 0x16, 0xfd, 0x2f, 0x58, 0x8b, 0x62, 0x5c, 0x0b, 0x1a, 0x84, 0x4d, 0x3c, 0xe4, 0x43,
-	0x89, 0x32, 0xa6, 0x68, 0x72, 0x80, 0xf5, 0x7f, 0xf1, 0x70, 0xfd, 0x17, 0x83, 0x4a, 0x79, 0x9e,
-	0x1e, 0x7d, 0xfa, 0x2f, 0xc2, 0x9c, 0x0c, 0xfa, 0x84, 0x05, 0x93, 0x82, 0x71, 0x62, 0xc2, 0x07,
-	0xf4, 0xfa, 0xa6, 0x1b, 0x13, 0xcf, 0x8d, 0xe2, 0xc9, 0x12, 0xeb, 0xc3, 0x4c, 0x7f, 0x6b, 0xeb,
-	0x42, 0x18, 0xb4, 0x5b, 0x97, 0x5d, 0xbf, 0x3e, 0x77, 0x46, 0x50, 0x9a, 0x9c, 0xef, 0xd1, 0x30,
-	0xee, 0x49, 0x12, 0x7d, 0xda, 0x82, 0xd3, 0xbe, 0xd3, 0x24, 0x51, 0xcb, 0xa1, 0x53, 0xcb, 0xc1,
-	0x73, 0x9e, 0x53, 0xdb, 0x62, 0x3d, 0x1a, 0xbc, 0xb3, 0x1e, 0xd9, 0xa2, 0x47, 0xa7, 0xaf, 0xf4,
-	0x6c, 0x1a, 0xef, 0x41, 0x16, 0xfd, 0xaa, 0x05, 0x13, 0x41, 0xd8, 0xda, 0x74, 0x7c, 0x52, 0x97,
-	0xd0, 0x68, 0x72, 0x88, 0x6d, 0xbd, 0xf7, 0x1c, 0x6e, 0x8a, 0x56, 0xd2, 0xcd, 0x2e, 0x07, 0xbe,
-	0x1b, 0x07, 0x61, 0x95, 0xc4, 0xb1, 0xeb, 0x37, 0xa2, 0xb9, 0x93, 0xb7, 0x76, 0xa7, 0x26, 0xba,
-	0xb0, 0x70, 0x77, 0x7f, 0xd0, 0x4f, 0xc1, 0x70, 0xd4, 0xf1, 0x6b, 0xd7, 0x5d, 0xbf, 0x1e, 0xdc,
-	0x8c, 0x26, 0xcb, 0x79, 0x6c, 0xdf, 0xaa, 0x6a, 0x50, 0x6c, 0x40, 0x4d, 0x00, 0x9b, 0xd4, 0xb2,
-	0x27, 0x4e, 0x2f, 0xa5, 0x4a, 0xde, 0x13, 0xa7, 0x17, 0xd3, 0x1e, 0x64, 0xd1, 0xcf, 0x5b, 0x30,
-	0x1a, 0xb9, 0x0d, 0xdf, 0x89, 0xdb, 0x21, 0xb9, 0x4c, 0x3a, 0xd1, 0x24, 0xb0, 0x8e, 0x5c, 0x3a,
-	0xe4, 0xa8, 0x18, 0x4d, 0xce, 0x9d, 0x14, 0x7d, 0x1c, 0x35, 0x4b, 0x23, 0x9c, 0xa4, 0x9b, 0xb5,
-	0xd1, 0xf4, 0xb2, 0x1e, 0xce, 0x77, 0xa3, 0xe9, 0x45, 0xdd, 0x93, 0x24, 0xfa, 0x71, 0x38, 0xc6,
-	0x8b, 0xd4, 0xc8, 0x46, 0x93, 0x23, 0x8c, 0xd1, 0x9e, 0xb8, 0xb5, 0x3b, 0x75, 0xac, 0x9a, 0x82,
-	0xe1, 0x2e, 0x6c, 0xf4, 0x2a, 0x4c, 0xb5, 0x48, 0xd8, 0x74, 0xe3, 0x15, 0xdf, 0xeb, 0x48, 0xf6,
-	0x5d, 0x0b, 0x5a, 0xa4, 0x2e, 0xba, 0x13, 0x4d, 0x8e, 0x9e, 0xb1, 0x9e, 0x28, 0xcf, 0xbd, 0x4d,
-	0x74, 0x73, 0x6a, 0x75, 0x6f, 0x74, 0xbc, 0x5f, 0x7b, 0xe8, 0x2b, 0x16, 0x9c, 0x36, 0xb8, 0x6c,
-	0x95, 0x84, 0xdb, 0x6e, 0x8d, 0xcc, 0xd6, 0x6a, 0x41, 0xdb, 0x8f, 0xa3, 0xc9, 0x31, 0x36, 0x8c,
-	0xeb, 0x47, 0xc1, 0xf3, 0x93, 0xa4, 0xf4, 0xba, 0xec, 0x89, 0x12, 0xe1, 0x3d, 0x7a, 0x6a, 0xff,
-	0x41, 0x01, 0x8e, 0xa5, 0x35, 0x00, 0xf4, 0x8f, 0x2c, 0x18, 0xbf, 0x71, 0x33, 0x5e, 0x0b, 0xb6,
-	0x88, 0x1f, 0xcd, 0x75, 0x28, 0x9f, 0x66, 0xb2, 0x6f, 0xf8, 0x6c, 0x2d, 0x5f, 0x5d, 0x63, 0xfa,
-	0x52, 0x92, 0xca, 0x39, 0x3f, 0x0e, 0x3b, 0x73, 0x0f, 0x8a, 0x6f, 0x1a, 0xbf, 0x74, 0x7d, 0xcd,
-	0x84, 0xe2, 0x74, 0xa7, 0x4e, 0x7f, 0xcc, 0x82, 0x13, 0x59, 0x4d, 0xa0, 0x63, 0x50, 0xdc, 0x22,
-	0x1d, 0xae, 0x09, 0x63, 0xfa, 0x13, 0xbd, 0x0c, 0xa5, 0x6d, 0xc7, 0x6b, 0x13, 0xa1, 0xa6, 0x5d,
-	0x38, 0xdc, 0x87, 0xa8, 0x9e, 0x61, 0xde, 0xea, 0x0f, 0x17, 0x9e, 0xb7, 0xec, 0x3f, 0x2a, 0xc2,
-	0xb0, 0x31, 0x69, 0x77, 0x41, 0xf5, 0x0c, 0x12, 0xaa, 0xe7, 0x72, 0x6e, 0xeb, 0xad, 0xa7, 0xee,
-	0x79, 0x33, 0xa5, 0x7b, 0xae, 0xe4, 0x47, 0x72, 0x4f, 0xe5, 0x13, 0xc5, 0x50, 0x09, 0x5a, 0xf4,
-	0x88, 0x46, 0x75, 0x98, 0x81, 0x3c, 0xa6, 0x70, 0x45, 0x36, 0x37, 0x37, 0x7a, 0x6b, 0x77, 0xaa,
-	0xa2, 0xfe, 0x62, 0x4d, 0xc8, 0xfe, 0x86, 0x05, 0x27, 0x8c, 0x3e, 0xce, 0x07, 0x7e, 0x9d, 0x1d,
-	0x34, 0xd0, 0x19, 0x18, 0x88, 0x3b, 0x2d, 0x79, 0x0c, 0x54, 0x23, 0xb5, 0xd6, 0x69, 0x11, 0xcc,
-	0x20, 0xf7, 0xfb, 0x29, 0xe9, 0xd3, 0x16, 0x3c, 0x90, 0xcd, 0x60, 0xd0, 0xe3, 0x30, 0xc8, 0x6d,
-	0x00, 0xe2, 0xeb, 0xf4, 0x94, 0xb0, 0x52, 0x2c, 0xa0, 0x68, 0x06, 0x2a, 0x4a, 0xe0, 0x89, 0x6f,
-	0x9c, 0x10, 0xa8, 0x15, 0x2d, 0x25, 0x35, 0x0e, 0x1d, 0x34, 0xfa, 0x47, 0xa8, 0xa0, 0x6a, 0xd0,
-	0xd8, 0xa1, 0x99, 0x41, 0xec, 0xaf, 0x5b, 0xf0, 0xd6, 0x7e, 0xd8, 0xde, 0xd1, 0xf5, 0xb1, 0x0a,
-	0x27, 0xeb, 0x64, 0xc3, 0x69, 0x7b, 0x71, 0x92, 0xa2, 0xe8, 0xf4, 0x23, 0xa2, 0xf2, 0xc9, 0x85,
-	0x2c, 0x24, 0x9c, 0x5d, 0xd7, 0xfe, 0x4f, 0x16, 0x3b, 0xae, 0xcb, 0xcf, 0xba, 0x0b, 0x47, 0x27,
-	0x3f, 0x79, 0x74, 0x5a, 0xcc, 0x6d, 0x9b, 0xf6, 0x38, 0x3b, 0x7d, 0xc2, 0x82, 0xd3, 0x06, 0xd6,
-	0xb2, 0x13, 0xd7, 0x36, 0xcf, 0xed, 0xb4, 0x42, 0x12, 0x45, 0x74, 0x49, 0x3d, 0x62, 0xb0, 0xe3,
-	0xb9, 0x61, 0xd1, 0x42, 0xf1, 0x32, 0xe9, 0x70, 0xde, 0xfc, 0x24, 0x94, 0xf9, 0x9e, 0x0b, 0x42,
-	0x31, 0x49, 0xea, 0xdb, 0x56, 0x44, 0x39, 0x56, 0x18, 0xc8, 0x86, 0x41, 0xc6, 0x73, 0x29, 0x0f,
-	0xa2, 0x6a, 0x02, 0xd0, 0x79, 0xbf, 0xc6, 0x4a, 0xb0, 0x80, 0xd8, 0x51, 0xa2, 0x3b, 0xab, 0x21,
-	0x61, 0xeb, 0xa1, 0x7e, 0xde, 0x25, 0x5e, 0x3d, 0xa2, 0xc7, 0x3a, 0xc7, 0xf7, 0x83, 0x58, 0x9c,
-	0xd0, 0x8c, 0x63, 0xdd, 0xac, 0x2e, 0xc6, 0x26, 0x0e, 0x25, 0xea, 0x39, 0xeb, 0xc4, 0xe3, 0x23,
-	0x2a, 0x88, 0x2e, 0xb1, 0x12, 0x2c, 0x20, 0xf6, 0xad, 0x02, 0x3b, 0x40, 0x2a, 0x8e, 0x46, 0xee,
-	0x86, 0xf5, 0x21, 0x4c, 0x88, 0x80, 0xd5, 0xfc, 0xf8, 0x31, 0xe9, 0x6d, 0x81, 0x78, 0x2d, 0x25,
-	0x05, 0x70, 0xae, 0x54, 0xf7, 0xb6, 0x42, 0x7c, 0xa0, 0x08, 0x53, 0xc9, 0x0a, 0x5d, 0x42, 0x84,
-	0x1e, 0x79, 0x0d, 0x42, 0x69, 0x5b, 0x9d, 0x81, 0x8f, 0x4d, 0xbc, 0x1e, 0x7c, 0xb8, 0x70, 0x94,
-	0x7c, 0xd8, 0x14, 0x13, 0xc5, 0x7d, 0xc4, 0xc4, 0xe3, 0x6a, 0xd4, 0x07, 0x52, 0x3c, 0x2f, 0x29,
-	0x2a, 0xcf, 0xc0, 0x40, 0x14, 0x93, 0xd6, 0x64, 0x29, 0xc9, 0x66, 0xab, 0x31, 0x69, 0x61, 0x06,
-	0x41, 0x3f, 0x0a, 0xe3, 0xb1, 0x13, 0x36, 0x48, 0x1c, 0x92, 0x6d, 0x97, 0xd9, 0x75, 0xd9, 0x79,
-	0xb6, 0x32, 0x77, 0x9c, 0x6a, 0x5d, 0x6b, 0x0c, 0x84, 0x25, 0x08, 0xa7, 0x71, 0xed, 0xff, 0x56,
-	0x80, 0x07, 0x93, 0x53, 0xa0, 0x05, 0xe3, 0x8f, 0x25, 0x04, 0xe3, 0xdb, 0x4d, 0xc1, 0x78, 0x7b,
-	0x77, 0xea, 0xa1, 0x1e, 0xd5, 0xbe, 0x6b, 0xe4, 0x26, 0xba, 0x90, 0x9a, 0x84, 0x99, 0x2e, 0x2b,
-	0xeb, 0x23, 0x3d, 0xbe, 0x31, 0x35, 0x4b, 0x8f, 0xc3, 0x60, 0x48, 0x9c, 0x28, 0xf0, 0xc5, 0x3c,
-	0xa9, 0xd9, 0xc4, 0xac, 0x14, 0x0b, 0xa8, 0xfd, 0xb5, 0x4a, 0x7a, 0xb0, 0x2f, 0x70, 0x5b, 0x75,
-	0x10, 0x22, 0x17, 0x06, 0xd8, 0xa9, 0x8d, 0x73, 0x96, 0xcb, 0x87, 0xdb, 0x85, 0x54, 0x8a, 0xa8,
-	0xa6, 0xe7, 0xca, 0x74, 0xd6, 0x68, 0x11, 0x66, 0x24, 0xd0, 0x0e, 0x94, 0x6b, 0xf2, 0x30, 0x55,
-	0xc8, 0xc3, 0xec, 0x28, 0x8e, 0x52, 0x9a, 0xe2, 0x08, 0x65, 0xf7, 0xea, 0x04, 0xa6, 0xa8, 0x21,
-	0x02, 0xc5, 0x86, 0x1b, 0x8b, 0x69, 0x3d, 0xe4, 0x71, 0xf9, 0x82, 0x6b, 0x7c, 0xe2, 0x10, 0x95,
-	0x41, 0x17, 0xdc, 0x18, 0xd3, 0xf6, 0xd1, 0x47, 0x2c, 0x18, 0x8e, 0x6a, 0xcd, 0xd5, 0x30, 0xd8,
-	0x76, 0xeb, 0x24, 0x14, 0x3a, 0xe6, 0x21, 0x39, 0x5b, 0x75, 0x7e, 0x59, 0x36, 0xa8, 0xe9, 0x72,
-	0xf3, 0x85, 0x86, 0x60, 0x93, 0x2e, 0x3d, 0x7b, 0x3d, 0x28, 0xbe, 0x7d, 0x81, 0xd4, 0xd8, 0x8e,
-	0x93, 0x67, 0x66, 0xb6, 0x52, 0x0e, 0xad, 0x73, 0x2f, 0xb4, 0x6b, 0x5b, 0x74, 0xbf, 0xe9, 0x0e,
-	0x3d, 0x74, 0x6b, 0x77, 0xea, 0xc1, 0xf9, 0x6c, 0x9a, 0xb8, 0x57, 0x67, 0xd8, 0x80, 0xb5, 0xda,
-	0x9e, 0x87, 0xc9, 0xab, 0x6d, 0xc2, 0x2c, 0x62, 0x39, 0x0c, 0xd8, 0xaa, 0x6e, 0x30, 0x35, 0x60,
-	0x06, 0x04, 0x9b, 0x74, 0xd1, 0xab, 0x30, 0xd8, 0x74, 0xe2, 0xd0, 0xdd, 0x11, 0x66, 0xb0, 0x43,
-	0x9e, 0x82, 0x96, 0x59, 0x5b, 0x9a, 0x38, 0x13, 0xf4, 0xbc, 0x10, 0x0b, 0x42, 0xa8, 0x09, 0xa5,
-	0x26, 0x09, 0x1b, 0x64, 0xb2, 0x9c, 0x87, 0xc9, 0x7f, 0x99, 0x36, 0xa5, 0x09, 0x56, 0xa8, 0x72,
-	0xc5, 0xca, 0x30, 0xa7, 0x82, 0x5e, 0x86, 0x72, 0x44, 0x3c, 0x52, 0xa3, 0xea, 0x51, 0x85, 0x51,
-	0x7c, 0xa6, 0x4f, 0x55, 0x91, 0xea, 0x25, 0x55, 0x51, 0x95, 0x6f, 0x30, 0xf9, 0x0f, 0xab, 0x26,
-	0xe9, 0x00, 0xb6, 0xbc, 0x76, 0xc3, 0xf5, 0x27, 0x21, 0x8f, 0x01, 0x5c, 0x65, 0x6d, 0xa5, 0x06,
-	0x90, 0x17, 0x62, 0x41, 0xc8, 0xfe, 0xaf, 0x16, 0xa0, 0x24, 0x53, 0xbb, 0x0b, 0x3a, 0xf1, 0xab,
-	0x49, 0x9d, 0x78, 0x29, 0x4f, 0xa5, 0xa5, 0x87, 0x5a, 0xfc, 0x5b, 0x15, 0x48, 0x89, 0x83, 0x2b,
-	0x24, 0x8a, 0x49, 0xfd, 0x4d, 0x16, 0xfe, 0x26, 0x0b, 0x7f, 0x93, 0x85, 0x2b, 0x16, 0xbe, 0x9e,
-	0x62, 0xe1, 0xef, 0x34, 0x76, 0xbd, 0xf6, 0x3d, 0x78, 0x45, 0x39, 0x27, 0x98, 0x3d, 0x30, 0x10,
-	0x28, 0x27, 0xb8, 0x54, 0x5d, 0xb9, 0x92, 0xc9, 0xb3, 0x5f, 0x49, 0xf2, 0xec, 0xc3, 0x92, 0xf8,
-	0x9b, 0xc0, 0xa5, 0xbf, 0x62, 0xc1, 0xdb, 0x92, 0xdc, 0x4b, 0xae, 0x9c, 0xc5, 0x86, 0x1f, 0x84,
-	0x64, 0xc1, 0xdd, 0xd8, 0x20, 0x21, 0xf1, 0x6b, 0x24, 0x52, 0xb6, 0x1d, 0xab, 0x97, 0x6d, 0x07,
-	0x3d, 0x0b, 0x23, 0x37, 0xa2, 0xc0, 0x5f, 0x0d, 0x5c, 0x5f, 0xb0, 0x20, 0x7a, 0xe2, 0x38, 0x76,
-	0x6b, 0x77, 0x6a, 0x84, 0x8e, 0xa8, 0x2c, 0xc7, 0x09, 0x2c, 0x34, 0x0f, 0x13, 0x37, 0x5e, 0x5d,
-	0x75, 0x62, 0xc3, 0x9a, 0x20, 0xcf, 0xfd, 0xec, 0x3e, 0xea, 0xd2, 0x8b, 0x29, 0x20, 0xee, 0xc6,
-	0xb7, 0xff, 0x6e, 0x01, 0x4e, 0xa5, 0x3e, 0x24, 0xf0, 0xbc, 0xa0, 0x1d, 0xd3, 0x33, 0x11, 0xfa,
-	0xbc, 0x05, 0xc7, 0x9a, 0x49, 0x83, 0x45, 0x24, 0xcc, 0xdd, 0x3f, 0x91, 0x9b, 0x8c, 0x48, 0x59,
-	0x44, 0xe6, 0x26, 0xc5, 0x08, 0x1d, 0x4b, 0x01, 0x22, 0xdc, 0xd5, 0x17, 0xf4, 0x32, 0x54, 0x9a,
-	0xce, 0xce, 0xd5, 0x56, 0xdd, 0x89, 0xe5, 0x71, 0xb4, 0xb7, 0x15, 0xa1, 0x1d, 0xbb, 0xde, 0x34,
-	0xf7, 0x6a, 0x99, 0x5e, 0xf4, 0xe3, 0x95, 0xb0, 0x1a, 0x87, 0xae, 0xdf, 0xe0, 0x46, 0xce, 0x65,
-	0xd9, 0x0c, 0xd6, 0x2d, 0xda, 0x9f, 0xb3, 0xd2, 0x42, 0x4a, 0x8d, 0x4e, 0xe8, 0xc4, 0xa4, 0xd1,
-	0x41, 0xef, 0x83, 0x12, 0x3d, 0x37, 0xca, 0x51, 0xb9, 0x9e, 0xa7, 0xe4, 0x34, 0x66, 0x42, 0x0b,
-	0x51, 0xfa, 0x2f, 0xc2, 0x9c, 0xa8, 0xfd, 0xf9, 0x4a, 0x5a, 0x59, 0x60, 0x77, 0xf3, 0x67, 0x01,
-	0x1a, 0xc1, 0x1a, 0x69, 0xb6, 0x3c, 0x3a, 0x2c, 0x16, 0xbb, 0xe0, 0x51, 0xa6, 0x92, 0x0b, 0x0a,
-	0x82, 0x0d, 0x2c, 0xf4, 0x0b, 0x16, 0x40, 0x43, 0xae, 0x79, 0xa9, 0x08, 0x5c, 0xcd, 0xf3, 0x73,
-	0xf4, 0x8e, 0xd2, 0x7d, 0x51, 0x04, 0xb1, 0x41, 0x1c, 0xfd, 0xac, 0x05, 0xe5, 0x58, 0x76, 0x9f,
-	0x8b, 0xc6, 0xb5, 0x3c, 0x7b, 0x22, 0x3f, 0x5a, 0xeb, 0x44, 0x6a, 0x48, 0x14, 0x5d, 0xf4, 0x73,
-	0x16, 0x40, 0xd4, 0xf1, 0x6b, 0xab, 0x81, 0xe7, 0xd6, 0x3a, 0x42, 0x62, 0x5e, 0xcb, 0xd5, 0x9c,
-	0xa3, 0x5a, 0x9f, 0x1b, 0xa3, 0xa3, 0xa1, 0xff, 0x63, 0x83, 0x32, 0x7a, 0x3f, 0x94, 0x23, 0xb1,
-	0xdc, 0x84, 0x8c, 0x5c, 0xcb, 0xd7, 0xa8, 0xc4, 0xdb, 0x16, 0xec, 0x55, 0xfc, 0xc3, 0x8a, 0x26,
-	0xfa, 0x8c, 0x05, 0xe3, 0xad, 0xa4, 0x99, 0x50, 0x88, 0xc3, 0xfc, 0x78, 0x40, 0xca, 0x0c, 0xc9,
-	0xad, 0x2d, 0xa9, 0x42, 0x9c, 0xee, 0x05, 0xe5, 0x80, 0x7a, 0x05, 0xaf, 0xb4, 0xb8, 0xc9, 0x72,
-	0x48, 0x73, 0xc0, 0x0b, 0x69, 0x20, 0xee, 0xc6, 0x47, 0xab, 0x70, 0x82, 0xf6, 0xae, 0xc3, 0xd5,
-	0x4f, 0x29, 0x5e, 0x22, 0x26, 0x0c, 0xcb, 0x73, 0x0f, 0x8b, 0x15, 0xc2, 0xee, 0x3a, 0xd2, 0x38,
-	0x38, 0xb3, 0x26, 0xfa, 0x23, 0x0b, 0x1e, 0x76, 0x99, 0x18, 0x30, 0x0d, 0xf6, 0x5a, 0x22, 0x88,
-	0x8b, 0x76, 0x92, 0x2b, 0xaf, 0xe8, 0x25, 0x7e, 0xe6, 0xde, 0x2a, 0xbe, 0xe0, 0xe1, 0xc5, 0x3d,
-	0xba, 0x84, 0xf7, 0xec, 0x30, 0xfa, 0x21, 0x18, 0x95, 0xfb, 0x62, 0x95, 0xb2, 0x60, 0x26, 0x68,
-	0x2b, 0x73, 0x13, 0xb7, 0x76, 0xa7, 0x46, 0xd7, 0x4c, 0x00, 0x4e, 0xe2, 0xd9, 0xff, 0xba, 0x98,
-	0xb8, 0x25, 0x52, 0x36, 0x4c, 0xc6, 0x6e, 0x6a, 0xd2, 0xfe, 0x23, 0xb9, 0x67, 0xae, 0xec, 0x46,
-	0x59, 0x97, 0x34, 0xbb, 0x51, 0x45, 0x11, 0x36, 0x88, 0x53, 0xa5, 0x74, 0xc2, 0x49, 0x5b, 0x4a,
-	0x05, 0x07, 0x7c, 0x39, 0xcf, 0x2e, 0x75, 0xdf, 0xe9, 0x9d, 0x12, 0x5d, 0x9b, 0xe8, 0x02, 0xe1,
-	0xee, 0x2e, 0xa1, 0x9f, 0x86, 0x4a, 0xa8, 0x3c, 0x5b, 0x8a, 0x79, 0x1c, 0xd5, 0xe4, 0xb2, 0x11,
-	0xdd, 0x51, 0x17, 0x40, 0xda, 0x87, 0x45, 0x53, 0xb4, 0xff, 0x30, 0x79, 0x31, 0x66, 0xf0, 0x8e,
-	0x3e, 0x2e, 0xfd, 0x3e, 0x69, 0xc1, 0x70, 0x18, 0x78, 0x9e, 0xeb, 0x37, 0x28, 0x9f, 0x13, 0xc2,
-	0xfa, 0xdd, 0x47, 0x22, 0x2f, 0x05, 0x43, 0x63, 0x9a, 0x35, 0xd6, 0x34, 0xb1, 0xd9, 0x01, 0xfb,
-	0x9b, 0x16, 0x4c, 0xf6, 0xe2, 0xc7, 0x88, 0xc0, 0x43, 0x92, 0xd9, 0xa8, 0xa1, 0x58, 0xf1, 0x17,
-	0x88, 0x47, 0x94, 0xd9, 0xbc, 0x3c, 0xf7, 0x98, 0xf8, 0xcc, 0x87, 0x56, 0x7b, 0xa3, 0xe2, 0xbd,
-	0xda, 0x41, 0x2f, 0xc1, 0x31, 0xe3, 0xbb, 0x22, 0x35, 0x30, 0x95, 0xb9, 0x69, 0xaa, 0x00, 0xcd,
-	0xa6, 0x60, 0xb7, 0x77, 0xa7, 0x1e, 0x48, 0x97, 0x09, 0x81, 0xd1, 0xd5, 0x8e, 0xfd, 0x6b, 0x85,
-	0xf4, 0x6c, 0x29, 0x59, 0xff, 0x86, 0xd5, 0x65, 0x4d, 0xf8, 0x89, 0xa3, 0x90, 0xaf, 0xcc, 0xee,
-	0xa0, 0xdc, 0x30, 0x7a, 0xe3, 0xdc, 0xc3, 0x6b, 0x7b, 0xfb, 0xdf, 0x0c, 0xc0, 0x1e, 0x3d, 0xeb,
-	0x43, 0x79, 0x3f, 0xf0, 0x3d, 0xea, 0xc7, 0x2d, 0x75, 0x61, 0xc6, 0xf7, 0x70, 0xfd, 0xa8, 0xc6,
-	0x9e, 0x9f, 0x9f, 0x22, 0xee, 0x3a, 0xa2, 0xac, 0xe8, 0xc9, 0xab, 0x39, 0xf4, 0x05, 0x2b, 0x79,
-	0xe5, 0xc7, 0x9d, 0x1a, 0xdd, 0x23, 0xeb, 0x93, 0x71, 0x8f, 0xc8, 0x3b, 0xa6, 0x6f, 0x9f, 0x7a,
-	0xdd, 0x30, 0x4e, 0x03, 0x6c, 0xb8, 0xbe, 0xe3, 0xb9, 0xaf, 0xd1, 0xd3, 0x51, 0x89, 0x09, 0x78,
-	0xa6, 0x31, 0x9d, 0x57, 0xa5, 0xd8, 0xc0, 0x38, 0xfd, 0xff, 0xc3, 0xb0, 0xf1, 0xe5, 0x19, 0x1e,
-	0x2f, 0x27, 0x4c, 0x8f, 0x97, 0x8a, 0xe1, 0xa8, 0x72, 0xfa, 0x9d, 0x70, 0x2c, 0xdd, 0xc1, 0x83,
-	0xd4, 0xb7, 0xff, 0xd7, 0x50, 0xfa, 0x0e, 0x6e, 0x8d, 0x84, 0x4d, 0xda, 0xb5, 0x37, 0x0d, 0x5b,
-	0x6f, 0x1a, 0xb6, 0xde, 0x34, 0x6c, 0x99, 0x77, 0x13, 0xc2, 0x68, 0x33, 0x74, 0x97, 0x8c, 0x36,
-	0x09, 0x33, 0x54, 0x39, 0x77, 0x33, 0x94, 0xfd, 0x91, 0x2e, 0xcb, 0xfd, 0x5a, 0x48, 0x08, 0x0a,
-	0xa0, 0xe4, 0x07, 0x75, 0x22, 0x75, 0xdc, 0x4b, 0xf9, 0x28, 0x6c, 0x57, 0x82, 0xba, 0xe1, 0x2e,
-	0x4e, 0xff, 0x45, 0x98, 0xd3, 0xb1, 0x3f, 0x3c, 0x08, 0x09, 0x75, 0x92, 0xcf, 0xfb, 0x0f, 0xc0,
-	0x50, 0x48, 0x5a, 0xc1, 0x55, 0xbc, 0x24, 0x64, 0x99, 0x8e, 0xb6, 0xe1, 0xc5, 0x58, 0xc2, 0xa9,
-	0xcc, 0x6b, 0x39, 0xf1, 0xa6, 0x10, 0x66, 0x4a, 0xe6, 0xad, 0x3a, 0xf1, 0x26, 0x66, 0x10, 0xf4,
-	0x4e, 0x18, 0x8b, 0x13, 0x57, 0xe1, 0xe2, 0xca, 0xf7, 0x01, 0x81, 0x3b, 0x96, 0xbc, 0x28, 0xc7,
-	0x29, 0x6c, 0xf4, 0x2a, 0x0c, 0x6c, 0x12, 0xaf, 0x29, 0xa6, 0xbe, 0x9a, 0x9f, 0xac, 0x61, 0xdf,
-	0x7a, 0x91, 0x78, 0x4d, 0xce, 0x09, 0xe9, 0x2f, 0xcc, 0x48, 0xd1, 0x75, 0x5f, 0xd9, 0x6a, 0x47,
-	0x71, 0xd0, 0x74, 0x5f, 0x93, 0x96, 0xce, 0x9f, 0xc8, 0x99, 0xf0, 0x65, 0xd9, 0x3e, 0x37, 0x29,
-	0xa9, 0xbf, 0x58, 0x53, 0x66, 0xfd, 0xa8, 0xbb, 0x21, 0x5b, 0x32, 0x1d, 0x61, 0xb0, 0xcc, 0xbb,
-	0x1f, 0x0b, 0xb2, 0x7d, 0xde, 0x0f, 0xf5, 0x17, 0x6b, 0xca, 0xa8, 0xa3, 0xf6, 0xdf, 0x30, 0xeb,
-	0xc3, 0xd5, 0x9c, 0xfb, 0xc0, 0xf7, 0x5e, 0xe6, 0x3e, 0x7c, 0x0c, 0x4a, 0xb5, 0x4d, 0x27, 0x8c,
-	0x27, 0x47, 0xd8, 0xa2, 0x51, 0xab, 0x78, 0x9e, 0x16, 0x62, 0x0e, 0x43, 0x8f, 0x40, 0x31, 0x24,
-	0x1b, 0xcc, 0x3b, 0xd9, 0xf0, 0x8b, 0xc2, 0x64, 0x03, 0xd3, 0x72, 0xa5, 0x97, 0x8d, 0xf5, 0x74,
-	0x98, 0xfb, 0x95, 0x42, 0x52, 0xb1, 0x4b, 0x8e, 0x0c, 0xdf, 0x0f, 0xb5, 0x76, 0x18, 0x49, 0x03,
-	0x99, 0xb1, 0x1f, 0x58, 0x31, 0x96, 0x70, 0xf4, 0x41, 0x0b, 0x86, 0x6e, 0x44, 0x81, 0xef, 0x93,
-	0x58, 0x08, 0xd1, 0x6b, 0x39, 0x0f, 0xd6, 0x25, 0xde, 0xba, 0xee, 0x83, 0x28, 0xc0, 0x92, 0x2e,
-	0xed, 0x2e, 0xd9, 0xa9, 0x79, 0xed, 0x7a, 0x97, 0x33, 0xcc, 0x39, 0x5e, 0x8c, 0x25, 0x9c, 0xa2,
-	0xba, 0x3e, 0x47, 0x1d, 0x48, 0xa2, 0x2e, 0xfa, 0x02, 0x55, 0xc0, 0xed, 0xdf, 0x28, 0xc3, 0xc9,
-	0xcc, 0xed, 0x43, 0x55, 0x2e, 0xa6, 0xd4, 0x9c, 0x77, 0x3d, 0x22, 0xdd, 0xc0, 0x98, 0xca, 0x75,
-	0x4d, 0x95, 0x62, 0x03, 0x03, 0xfd, 0x0c, 0x40, 0xcb, 0x09, 0x9d, 0x26, 0x51, 0x06, 0xec, 0x43,
-	0x6b, 0x36, 0xb4, 0x1f, 0xab, 0xb2, 0x4d, 0x7d, 0x88, 0x57, 0x45, 0x11, 0x36, 0x48, 0xa2, 0xe7,
-	0x60, 0x38, 0x24, 0x1e, 0x71, 0x22, 0xe6, 0xfe, 0x9e, 0x8e, 0xe5, 0xc1, 0x1a, 0x84, 0x4d, 0x3c,
-	0xf4, 0xb8, 0xf2, 0x98, 0x4b, 0x79, 0x0e, 0x25, 0xbd, 0xe6, 0xd0, 0xa7, 0x2c, 0x18, 0xdb, 0x70,
-	0x3d, 0xa2, 0xa9, 0x8b, 0xc8, 0x9b, 0x95, 0xc3, 0x7f, 0xe4, 0x79, 0xb3, 0x5d, 0xcd, 0x43, 0x13,
-	0xc5, 0x11, 0x4e, 0x91, 0xa7, 0xd3, 0xbc, 0x4d, 0x42, 0xc6, 0x7c, 0x07, 0x93, 0xd3, 0x7c, 0x8d,
-	0x17, 0x63, 0x09, 0x47, 0xb3, 0x30, 0xde, 0x72, 0xa2, 0x68, 0x3e, 0x24, 0x75, 0xe2, 0xc7, 0xae,
-	0xe3, 0xf1, 0xb8, 0x98, 0xb2, 0x76, 0x27, 0x5f, 0x4d, 0x82, 0x71, 0x1a, 0x1f, 0xbd, 0x0b, 0x1e,
-	0xe4, 0x16, 0xa2, 0x65, 0x37, 0x8a, 0x5c, 0xbf, 0xa1, 0x97, 0x81, 0x30, 0x94, 0x4d, 0x89, 0xa6,
-	0x1e, 0x5c, 0xcc, 0x46, 0xc3, 0xbd, 0xea, 0xa3, 0x27, 0xa1, 0x1c, 0x6d, 0xb9, 0xad, 0xf9, 0xb0,
-	0x1e, 0xb1, 0xdb, 0xa1, 0xb2, 0x36, 0xcb, 0x56, 0x45, 0x39, 0x56, 0x18, 0xa8, 0x06, 0x23, 0x7c,
-	0x4a, 0xb8, 0xcb, 0x9f, 0xe0, 0xa0, 0x4f, 0xf5, 0x14, 0xe4, 0x22, 0x04, 0x76, 0x1a, 0x3b, 0x37,
-	0xcf, 0xc9, 0xbb, 0x2a, 0x7e, 0xb5, 0x72, 0xcd, 0x68, 0x06, 0x27, 0x1a, 0x4d, 0x9e, 0xe9, 0x86,
-	0xfb, 0x38, 0xd3, 0x3d, 0x07, 0xc3, 0x5b, 0xed, 0x75, 0x22, 0x46, 0x5e, 0x30, 0x36, 0xb5, 0xfa,
-	0x2e, 0x6b, 0x10, 0x36, 0xf1, 0x98, 0xb7, 0x65, 0xcb, 0x15, 0xff, 0xa2, 0xc9, 0x51, 0xc3, 0xdb,
-	0x72, 0x75, 0x51, 0x16, 0x63, 0x13, 0x87, 0x76, 0x8d, 0x8e, 0xc5, 0x1a, 0x89, 0x58, 0x30, 0x05,
-	0x1d, 0x2e, 0xd5, 0xb5, 0xaa, 0x04, 0x60, 0x8d, 0x83, 0x56, 0xe1, 0x04, 0xfd, 0x53, 0x65, 0x21,
-	0xc0, 0xd7, 0x1c, 0xcf, 0xad, 0x73, 0xd7, 0xbf, 0xf1, 0xa4, 0x7d, 0xb3, 0x9a, 0x81, 0x83, 0x33,
-	0x6b, 0xda, 0x9f, 0x2d, 0x24, 0x2d, 0x27, 0x26, 0x0b, 0x43, 0x11, 0x65, 0x54, 0xf1, 0x35, 0x27,
-	0x94, 0x0a, 0xcf, 0x21, 0x83, 0x9b, 0x44, 0xbb, 0xd7, 0x9c, 0xd0, 0x64, 0x79, 0x8c, 0x00, 0x96,
-	0x94, 0xd0, 0x0d, 0x18, 0x88, 0x3d, 0x27, 0xa7, 0x68, 0x48, 0x83, 0xa2, 0x36, 0x64, 0x2d, 0xcd,
-	0x46, 0x98, 0xd1, 0x40, 0x0f, 0xd3, 0xd3, 0xdb, 0xba, 0xbc, 0x69, 0x13, 0x07, 0xae, 0xf5, 0x08,
-	0xb3, 0x52, 0xfb, 0x97, 0x47, 0x33, 0xa4, 0x8e, 0x52, 0x04, 0xd0, 0x59, 0x00, 0xba, 0x68, 0x56,
-	0x43, 0xb2, 0xe1, 0xee, 0x08, 0x45, 0x4c, 0x71, 0xb6, 0x2b, 0x0a, 0x82, 0x0d, 0x2c, 0x59, 0xa7,
-	0xda, 0xde, 0xa0, 0x75, 0x0a, 0xdd, 0x75, 0x38, 0x04, 0x1b, 0x58, 0xe8, 0x59, 0x18, 0x74, 0x9b,
-	0x4e, 0x43, 0x39, 0x02, 0x3f, 0x4c, 0x59, 0xda, 0x22, 0x2b, 0xb9, 0xbd, 0x3b, 0x35, 0xa6, 0x3a,
-	0xc4, 0x8a, 0xb0, 0xc0, 0x45, 0xbf, 0x66, 0xc1, 0x48, 0x2d, 0x68, 0x36, 0x03, 0x9f, 0x1f, 0x9f,
-	0x85, 0x2d, 0xe0, 0xc6, 0x51, 0xa9, 0x49, 0xd3, 0xf3, 0x06, 0x31, 0x6e, 0x0c, 0x50, 0x61, 0x9b,
-	0x26, 0x08, 0x27, 0x7a, 0x65, 0x72, 0xbe, 0xd2, 0x3e, 0x9c, 0xef, 0x37, 0x2d, 0x98, 0xe0, 0x75,
-	0x8d, 0x53, 0xbd, 0x88, 0x50, 0x0c, 0x8e, 0xf8, 0xb3, 0xba, 0x0c, 0x1d, 0xca, 0xd8, 0xdb, 0x05,
-	0xc7, 0xdd, 0x9d, 0x44, 0x17, 0x60, 0x62, 0x23, 0x08, 0x6b, 0xc4, 0x1c, 0x08, 0xc1, 0xb6, 0x55,
-	0x43, 0xe7, 0xd3, 0x08, 0xb8, 0xbb, 0x0e, 0xba, 0x06, 0x0f, 0x18, 0x85, 0xe6, 0x38, 0x70, 0xce,
-	0xfd, 0xa8, 0x68, 0xed, 0x81, 0xf3, 0x99, 0x58, 0xb8, 0x47, 0xed, 0x24, 0x93, 0xac, 0xf4, 0xc1,
-	0x24, 0x5f, 0x81, 0x53, 0xb5, 0xee, 0x91, 0xd9, 0x8e, 0xda, 0xeb, 0x11, 0xe7, 0xe3, 0xe5, 0xb9,
-	0xef, 0x13, 0x0d, 0x9c, 0x9a, 0xef, 0x85, 0x88, 0x7b, 0xb7, 0x81, 0xde, 0x07, 0xe5, 0x90, 0xb0,
-	0x59, 0x89, 0x44, 0xb8, 0xde, 0x21, 0xad, 0x1d, 0x5a, 0x83, 0xe7, 0xcd, 0x6a, 0xc9, 0x24, 0x0a,
-	0x22, 0xac, 0x28, 0xa2, 0x9b, 0x30, 0xd4, 0x72, 0xe2, 0xda, 0xa6, 0x08, 0xd2, 0x3b, 0xb4, 0x6d,
-	0x5e, 0x11, 0x67, 0x57, 0x29, 0x46, 0xca, 0x03, 0x4e, 0x04, 0x4b, 0x6a, 0x54, 0x57, 0xab, 0x05,
-	0xcd, 0x56, 0xe0, 0x13, 0x3f, 0x96, 0x42, 0x64, 0x8c, 0xdf, 0x77, 0xc8, 0x52, 0x6c, 0x60, 0x74,
-	0xc9, 0x72, 0x8d, 0x36, 0x39, 0xb1, 0x87, 0x2c, 0x37, 0x5a, 0xeb, 0x55, 0x9f, 0x0a, 0x1b, 0x66,
-	0x56, 0xbc, 0xee, 0xc6, 0x9b, 0x41, 0x3b, 0x96, 0xa7, 0x64, 0x21, 0xa8, 0x94, 0xb0, 0x59, 0xca,
-	0xc0, 0xc1, 0x99, 0x35, 0xd3, 0x92, 0x75, 0xfc, 0xce, 0x24, 0xeb, 0xb1, 0x3e, 0x24, 0x6b, 0x15,
-	0x4e, 0xb2, 0x1e, 0x08, 0x2d, 0x59, 0x1a, 0x2d, 0xa3, 0x49, 0xc4, 0x3a, 0xaf, 0xe2, 0x5b, 0x96,
-	0xb2, 0x90, 0x70, 0x76, 0xdd, 0xd3, 0x3f, 0x06, 0x13, 0x5d, 0x4c, 0xee, 0x40, 0x06, 0xc9, 0x05,
-	0x78, 0x20, 0x9b, 0x9d, 0x1c, 0xc8, 0x2c, 0xf9, 0x1b, 0x29, 0xbf, 0x74, 0xe3, 0x88, 0xd6, 0x87,
-	0x89, 0xdb, 0x81, 0x22, 0xf1, 0xb7, 0x85, 0x74, 0x3d, 0x7f, 0xb8, 0x55, 0x7d, 0xce, 0xdf, 0xe6,
-	0xdc, 0x90, 0xd9, 0xf1, 0xce, 0xf9, 0xdb, 0x98, 0xb6, 0x8d, 0x7e, 0xc9, 0x4a, 0x1c, 0x20, 0xb8,
-	0x61, 0xfc, 0x3d, 0x47, 0x72, 0x26, 0xed, 0xfb, 0x4c, 0x61, 0xff, 0xdb, 0x02, 0x9c, 0xd9, 0xaf,
-	0x91, 0x3e, 0x86, 0xef, 0x31, 0x18, 0x8c, 0x98, 0xa7, 0x89, 0x10, 0x57, 0xc3, 0x74, 0x17, 0x73,
-	0xdf, 0x93, 0x57, 0xb0, 0x00, 0x21, 0x0f, 0x8a, 0x4d, 0xa7, 0x25, 0xec, 0xa5, 0x8b, 0x87, 0x8d,
-	0xdf, 0xa3, 0xff, 0x1d, 0x6f, 0xd9, 0x69, 0xf1, 0x35, 0x6f, 0x14, 0x60, 0x4a, 0x06, 0xc5, 0x50,
-	0x72, 0xc2, 0xd0, 0x91, 0x6e, 0x0d, 0x97, 0xf3, 0xa1, 0x37, 0x4b, 0x9b, 0xe4, 0xb7, 0xc2, 0x89,
-	0x22, 0xcc, 0x89, 0xd9, 0x9f, 0x29, 0x27, 0x82, 0xbd, 0x98, 0xaf, 0x4a, 0x04, 0x83, 0xc2, 0x4c,
-	0x6a, 0xe5, 0x1d, 0x36, 0xc9, 0xa3, 0xa9, 0x99, 0x05, 0x42, 0xe4, 0xa4, 0x10, 0xa4, 0xd0, 0xc7,
-	0x2c, 0x96, 0xf9, 0x41, 0x46, 0xd0, 0x89, 0x53, 0xfd, 0xd1, 0x24, 0xa2, 0x30, 0xf3, 0x49, 0xc8,
-	0x42, 0x6c, 0x52, 0x17, 0xd9, 0x6d, 0xd8, 0x69, 0xa6, 0x3b, 0xbb, 0x0d, 0x3b, 0x9d, 0x48, 0x38,
-	0xda, 0xc9, 0xf0, 0x49, 0xc9, 0x21, 0x7b, 0x40, 0x1f, 0x5e, 0x28, 0x5f, 0xb0, 0x60, 0xc2, 0x4d,
-	0x3b, 0x17, 0x88, 0x33, 0xf0, 0xf5, 0x7c, 0x6c, 0x9a, 0xdd, 0xbe, 0x0b, 0x4a, 0xd1, 0xe9, 0x02,
-	0xe1, 0xee, 0xce, 0xa0, 0x3a, 0x0c, 0xb8, 0xfe, 0x46, 0x20, 0xd4, 0xbb, 0xb9, 0xc3, 0x75, 0x6a,
-	0xd1, 0xdf, 0x08, 0xf4, 0x6e, 0xa6, 0xff, 0x30, 0x6b, 0x1d, 0x2d, 0xc1, 0x09, 0x19, 0xef, 0x73,
-	0xd1, 0x8d, 0xe2, 0x20, 0xec, 0x2c, 0xb9, 0x4d, 0x37, 0x66, 0xaa, 0x59, 0x71, 0x6e, 0x92, 0x8a,
-	0x37, 0x9c, 0x01, 0xc7, 0x99, 0xb5, 0xd0, 0x6b, 0x30, 0x24, 0x2f, 0xf4, 0xcb, 0x79, 0xd8, 0x13,
-	0xba, 0xd7, 0xbf, 0x5a, 0x4c, 0x55, 0x71, 0xa3, 0x2f, 0x09, 0xa2, 0x8f, 0x5a, 0x30, 0xc6, 0x7f,
-	0x5f, 0xec, 0xd4, 0x79, 0x88, 0x61, 0x25, 0x0f, 0xaf, 0xfd, 0x6a, 0xa2, 0xcd, 0x39, 0x74, 0x6b,
-	0x77, 0x6a, 0x2c, 0x59, 0x86, 0x53, 0x74, 0xed, 0x7f, 0x3c, 0x02, 0xdd, 0x2e, 0x10, 0x49, 0x7f,
-	0x07, 0xeb, 0x6e, 0xfb, 0x3b, 0xd0, 0x53, 0x65, 0xa4, 0x5d, 0x15, 0x72, 0xd8, 0x66, 0x82, 0xaa,
-	0xbe, 0x86, 0xee, 0xf8, 0x35, 0xcc, 0x68, 0xa0, 0x36, 0x0c, 0xf2, 0xe4, 0x52, 0x42, 0x02, 0x1c,
-	0xfe, 0xe6, 0xdb, 0x4c, 0x52, 0xa5, 0xcd, 0x5a, 0xbc, 0x14, 0x0b, 0x62, 0x68, 0x07, 0x86, 0x36,
-	0xf9, 0x72, 0x14, 0x67, 0xbd, 0xe5, 0xc3, 0x8e, 0x6f, 0x62, 0x8d, 0xeb, 0xc5, 0x27, 0x0a, 0xb0,
-	0x24, 0xc7, 0xdc, 0xeb, 0x0c, 0x07, 0x20, 0xce, 0x48, 0xf2, 0x8b, 0x96, 0xec, 0xdf, 0xfb, 0xe7,
-	0xbd, 0x30, 0x12, 0x92, 0x5a, 0xe0, 0xd7, 0x5c, 0x8f, 0xd4, 0x67, 0xe5, 0x85, 0xd8, 0x41, 0x82,
-	0xe4, 0x98, 0x35, 0x09, 0x1b, 0x6d, 0xe0, 0x44, 0x8b, 0x6c, 0x9f, 0xa9, 0xc0, 0x79, 0x3a, 0x21,
-	0x44, 0x5c, 0x7c, 0x2c, 0xe5, 0x14, 0xa6, 0xcf, 0xda, 0xe4, 0xfb, 0x2c, 0x59, 0x86, 0x53, 0x74,
-	0xd1, 0x4b, 0x00, 0xc1, 0x3a, 0xf7, 0xa1, 0x9b, 0x8d, 0xc5, 0x2d, 0xc8, 0x41, 0x3e, 0x75, 0x8c,
-	0x07, 0xdb, 0xca, 0x16, 0xb0, 0xd1, 0x1a, 0xba, 0x0c, 0xc0, 0x77, 0xce, 0x5a, 0xa7, 0x25, 0x0f,
-	0x84, 0x32, 0xca, 0x11, 0xaa, 0x0a, 0x72, 0x7b, 0x77, 0xaa, 0xdb, 0xe6, 0xcc, 0x1c, 0x85, 0x8c,
-	0xea, 0xe8, 0xa7, 0x60, 0x28, 0x6a, 0x37, 0x9b, 0x8e, 0xba, 0x23, 0xc9, 0x31, 0x7c, 0x97, 0xb7,
-	0x6b, 0x30, 0x46, 0x5e, 0x80, 0x25, 0x45, 0x74, 0x83, 0xb2, 0x78, 0xc1, 0xa1, 0xf8, 0x2e, 0xe2,
-	0x1a, 0x0a, 0xb7, 0x04, 0xbe, 0x43, 0x9e, 0x62, 0x70, 0x06, 0xce, 0xed, 0xdd, 0xa9, 0x07, 0x92,
-	0xe5, 0x4b, 0x81, 0x08, 0xa8, 0xcd, 0x6c, 0x13, 0x5d, 0x92, 0x79, 0xb4, 0xe8, 0x67, 0xcb, 0xf4,
-	0x2e, 0x4f, 0xe8, 0x3c, 0x5a, 0xac, 0xb8, 0xf7, 0x98, 0x99, 0x95, 0xd1, 0x32, 0x1c, 0xaf, 0x05,
-	0x7e, 0x1c, 0x06, 0x9e, 0xc7, 0x73, 0xec, 0xf1, 0xb3, 0x39, 0xbf, 0x43, 0x79, 0x48, 0x74, 0xfb,
-	0xf8, 0x7c, 0x37, 0x0a, 0xce, 0xaa, 0x47, 0x75, 0xf2, 0xb4, 0x7c, 0x18, 0xcb, 0xe5, 0x7a, 0x3d,
-	0xd1, 0xa6, 0xe0, 0x50, 0xca, 0xec, 0xbd, 0x8f, 0xa4, 0xf0, 0x93, 0x97, 0xac, 0x62, 0xc6, 0x9e,
-	0x85, 0x11, 0xb2, 0x13, 0x93, 0xd0, 0x77, 0xbc, 0xab, 0x78, 0x49, 0x5e, 0x58, 0xb0, 0x8d, 0x79,
-	0xce, 0x28, 0xc7, 0x09, 0x2c, 0x64, 0x2b, 0x2b, 0x99, 0x11, 0xb9, 0xce, 0xad, 0x64, 0xd2, 0x26,
-	0x66, 0x7f, 0xa9, 0x98, 0xd0, 0x59, 0xef, 0xc9, 0x95, 0x2e, 0x4b, 0x91, 0x24, 0x73, 0x49, 0x31,
-	0x80, 0x38, 0x8b, 0xe5, 0x49, 0x59, 0xa5, 0x48, 0x5a, 0x31, 0x09, 0xe1, 0x24, 0x5d, 0xb4, 0x05,
-	0xa5, 0xcd, 0x20, 0x8a, 0xe5, 0x09, 0xed, 0x90, 0x87, 0xc1, 0x8b, 0x41, 0x14, 0x33, 0x45, 0x4b,
-	0x7d, 0x36, 0x2d, 0x89, 0x30, 0xa7, 0x41, 0xcf, 0xfe, 0xd1, 0xa6, 0x13, 0xd6, 0xa3, 0x79, 0x96,
-	0x67, 0x62, 0x80, 0x69, 0x58, 0x4a, 0x9f, 0xae, 0x6a, 0x10, 0x36, 0xf1, 0xec, 0xef, 0x58, 0x89,
-	0x5b, 0xad, 0xeb, 0x2c, 0x68, 0x60, 0x9b, 0xf8, 0x94, 0x45, 0x99, 0x6e, 0x8a, 0x3f, 0x94, 0x0a,
-	0xc1, 0x7e, 0x5b, 0xaf, 0x74, 0x98, 0x37, 0x69, 0x0b, 0xd3, 0xac, 0x09, 0xc3, 0xa3, 0xf1, 0x03,
-	0x56, 0x32, 0x96, 0xbe, 0x90, 0xc7, 0xd1, 0xcd, 0xcc, 0x27, 0xb1, 0x6f, 0x58, 0xbe, 0xfd, 0x4b,
-	0x16, 0x0c, 0xcd, 0x39, 0xb5, 0xad, 0x60, 0x63, 0x03, 0x3d, 0x09, 0xe5, 0x7a, 0x3b, 0x34, 0xc3,
-	0xfa, 0x95, 0xb1, 0x6a, 0x41, 0x94, 0x63, 0x85, 0x41, 0x97, 0xfe, 0x86, 0x53, 0x93, 0x59, 0x25,
-	0x8a, 0x7c, 0xe9, 0x9f, 0x67, 0x25, 0x58, 0x40, 0xe8, 0xf0, 0x37, 0x9d, 0x1d, 0x59, 0x39, 0x7d,
-	0xa5, 0xb6, 0xac, 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0x95, 0x05, 0x93, 0x73, 0x4e, 0xe4, 0xd6, 0x66,
-	0xdb, 0xf1, 0xe6, 0x9c, 0x1b, 0xaf, 0xb7, 0x6b, 0x5b, 0x24, 0xe6, 0xd9, 0x47, 0x68, 0x2f, 0xdb,
-	0x11, 0xdd, 0x81, 0xea, 0xc4, 0xac, 0x7a, 0x79, 0x55, 0x94, 0x63, 0x85, 0x81, 0x5e, 0x83, 0xe1,
-	0x96, 0x13, 0x45, 0x37, 0x83, 0xb0, 0x8e, 0xc9, 0x46, 0x3e, 0xf9, 0x89, 0xaa, 0xa4, 0x16, 0x92,
-	0x18, 0x93, 0x0d, 0xe1, 0xa0, 0xa2, 0xdb, 0xc7, 0x26, 0x31, 0xfb, 0x17, 0x2c, 0x38, 0x31, 0x47,
-	0x9c, 0x90, 0x84, 0x2c, 0x9d, 0x91, 0xfa, 0x10, 0xf4, 0x2a, 0x94, 0x63, 0x5a, 0x42, 0x7b, 0x64,
-	0xe5, 0xdb, 0x23, 0xe6, 0x5a, 0xb2, 0x26, 0x1a, 0xc7, 0x8a, 0x8c, 0xfd, 0x49, 0x0b, 0x4e, 0x65,
-	0xf5, 0x65, 0xde, 0x0b, 0xda, 0xf5, 0x7b, 0xd1, 0xa1, 0xbf, 0x63, 0xc1, 0x08, 0xbb, 0xae, 0x5f,
-	0x20, 0xb1, 0xe3, 0x7a, 0x5d, 0xa9, 0x14, 0xad, 0x3e, 0x53, 0x29, 0x9e, 0x81, 0x81, 0xcd, 0xa0,
-	0x49, 0xd2, 0xae, 0x26, 0x17, 0x83, 0x26, 0xc1, 0x0c, 0x82, 0x9e, 0xa6, 0x8b, 0xd0, 0xf5, 0x63,
-	0x87, 0x6e, 0x47, 0x79, 0x9d, 0x31, 0xce, 0x17, 0xa0, 0x2a, 0xc6, 0x26, 0x8e, 0xfd, 0xbb, 0x15,
-	0x18, 0x12, 0x7e, 0x51, 0x7d, 0x67, 0xc3, 0x91, 0x56, 0x9c, 0x42, 0x4f, 0x2b, 0x4e, 0x04, 0x83,
-	0x35, 0x96, 0xef, 0x56, 0x68, 0xe8, 0x97, 0x73, 0x71, 0xa4, 0xe3, 0x29, 0x74, 0x75, 0xb7, 0xf8,
-	0x7f, 0x2c, 0x48, 0xa1, 0xd7, 0x2d, 0x18, 0xaf, 0x05, 0xbe, 0x4f, 0x6a, 0x5a, 0x77, 0x1c, 0xc8,
-	0xe3, 0x80, 0x30, 0x9f, 0x6c, 0x54, 0xdf, 0x04, 0xa7, 0x00, 0x38, 0x4d, 0x1e, 0xbd, 0x00, 0xa3,
-	0x7c, 0xcc, 0xae, 0x25, 0xee, 0x60, 0x74, 0x86, 0x3d, 0x13, 0x88, 0x93, 0xb8, 0x68, 0x9a, 0xdf,
-	0x65, 0x89, 0x5c, 0x76, 0x83, 0xda, 0x54, 0x6d, 0x64, 0xb1, 0x33, 0x30, 0x50, 0x08, 0x28, 0x24,
-	0x1b, 0x21, 0x89, 0x36, 0x85, 0xdf, 0x18, 0xd3, 0x5b, 0x87, 0xee, 0x2c, 0x8f, 0x05, 0xee, 0x6a,
-	0x09, 0x67, 0xb4, 0x8e, 0xb6, 0x84, 0x19, 0xa1, 0x9c, 0x07, 0x3f, 0x17, 0xd3, 0xdc, 0xd3, 0x9a,
-	0x30, 0x05, 0x25, 0x26, 0xba, 0x98, 0xbe, 0x5c, 0xe4, 0xb1, 0x93, 0x4c, 0xb0, 0x61, 0x5e, 0x8e,
-	0x16, 0xe0, 0x58, 0x2a, 0x3f, 0x60, 0x24, 0xee, 0x4a, 0x54, 0x9c, 0x5c, 0x2a, 0xb3, 0x60, 0x84,
-	0xbb, 0x6a, 0x98, 0x26, 0xa6, 0xe1, 0x7d, 0x4c, 0x4c, 0x1d, 0xe5, 0x9d, 0xcc, 0x6f, 0x31, 0x5e,
-	0xcc, 0x65, 0x00, 0xfa, 0x72, 0x45, 0xfe, 0x44, 0xca, 0x15, 0x79, 0x94, 0x75, 0xe0, 0x5a, 0x3e,
-	0x1d, 0x38, 0xb8, 0xdf, 0xf1, 0xbd, 0xf4, 0x23, 0xfe, 0x9f, 0x16, 0xc8, 0x79, 0x9d, 0x77, 0x6a,
-	0x9b, 0x84, 0x2e, 0x19, 0xf4, 0x4e, 0x18, 0x53, 0xd6, 0x09, 0xae, 0x12, 0x59, 0x6c, 0xd5, 0x28,
-	0xdd, 0x19, 0x27, 0xa0, 0x38, 0x85, 0x8d, 0x66, 0xa0, 0x42, 0xc7, 0x89, 0x57, 0xe5, 0x72, 0x5f,
-	0x59, 0x40, 0x66, 0x57, 0x17, 0x45, 0x2d, 0x8d, 0x83, 0x02, 0x98, 0xf0, 0x9c, 0x28, 0x66, 0x3d,
-	0xa8, 0x76, 0xfc, 0xda, 0x1d, 0x66, 0x91, 0x61, 0xc1, 0x58, 0x4b, 0xe9, 0x86, 0x70, 0x77, 0xdb,
-	0xf6, 0xbf, 0x2b, 0xc1, 0x68, 0x82, 0x33, 0x1e, 0x50, 0x61, 0x78, 0x12, 0xca, 0x52, 0x86, 0xa7,
-	0xd3, 0x65, 0x29, 0x41, 0xaf, 0x30, 0xa8, 0xd0, 0x5a, 0xd7, 0x52, 0x35, 0xad, 0xe0, 0x18, 0x02,
-	0x17, 0x9b, 0x78, 0x8c, 0x29, 0xc7, 0x5e, 0x34, 0xef, 0xb9, 0xc4, 0x8f, 0x79, 0x37, 0xf3, 0x61,
-	0xca, 0x6b, 0x4b, 0x55, 0xb3, 0x51, 0xcd, 0x94, 0x53, 0x00, 0x9c, 0x26, 0x8f, 0x3e, 0x6c, 0xc1,
-	0xa8, 0x73, 0x33, 0xd2, 0x49, 0xd9, 0x85, 0xd3, 0xf1, 0x21, 0x85, 0x54, 0x22, 0xcf, 0x3b, 0x37,
-	0xec, 0x27, 0x8a, 0x70, 0x92, 0x28, 0x7a, 0xc3, 0x02, 0x44, 0x76, 0x48, 0x4d, 0xba, 0x45, 0x8b,
-	0xbe, 0x0c, 0xe6, 0x71, 0x82, 0x3f, 0xd7, 0xd5, 0x2e, 0xe7, 0xea, 0xdd, 0xe5, 0x38, 0xa3, 0x0f,
-	0xe8, 0x12, 0xa0, 0xba, 0x1b, 0x39, 0xeb, 0x1e, 0x99, 0x0f, 0x9a, 0x32, 0x80, 0x58, 0xdc, 0xa7,
-	0x9f, 0x16, 0xe3, 0x8c, 0x16, 0xba, 0x30, 0x70, 0x46, 0x2d, 0xb6, 0xca, 0xc2, 0x60, 0xa7, 0x73,
-	0x35, 0xf4, 0x98, 0x94, 0x30, 0x57, 0x99, 0x28, 0xc7, 0x0a, 0xc3, 0xfe, 0x8b, 0xa2, 0xda, 0xca,
-	0x3a, 0x06, 0xc0, 0x31, 0x7c, 0x91, 0xad, 0x3b, 0xf7, 0x45, 0xd6, 0x9e, 0x52, 0xdd, 0x61, 0xf1,
-	0x89, 0x28, 0xda, 0xc2, 0x3d, 0x8a, 0xa2, 0xfd, 0x59, 0x2b, 0x91, 0x92, 0x6e, 0xf8, 0xec, 0x4b,
-	0xf9, 0xc6, 0x1f, 0x4c, 0x73, 0x2f, 0xae, 0x94, 0x5c, 0x49, 0x39, 0xef, 0x3d, 0x09, 0xe5, 0x0d,
-	0xcf, 0x61, 0x89, 0x54, 0xd8, 0x46, 0x35, 0x3c, 0xcc, 0xce, 0x8b, 0x72, 0xac, 0x30, 0x28, 0xd7,
-	0x37, 0x1a, 0x3d, 0x10, 0xd7, 0xfe, 0x8f, 0x45, 0x18, 0x36, 0x24, 0x7e, 0xa6, 0xfa, 0x66, 0xdd,
-	0x67, 0xea, 0x5b, 0xe1, 0x00, 0xea, 0xdb, 0xcf, 0x40, 0xa5, 0x26, 0xa5, 0x51, 0x3e, 0x29, 0xf6,
-	0xd3, 0x32, 0x4e, 0x0b, 0x24, 0x55, 0x84, 0x35, 0x4d, 0x74, 0x21, 0x11, 0xa9, 0x99, 0xb0, 0x0b,
-	0x64, 0x85, 0x52, 0x0a, 0x89, 0xd6, 0x5d, 0x27, 0xed, 0x1f, 0x50, 0xda, 0xdf, 0x3f, 0xc0, 0xfe,
-	0x86, 0xa5, 0x26, 0xf7, 0x2e, 0xa4, 0xe4, 0xb9, 0x91, 0x4c, 0xc9, 0x73, 0x2e, 0x97, 0x61, 0xee,
-	0x91, 0x8b, 0xe7, 0x0a, 0x0c, 0xcd, 0x07, 0xcd, 0xa6, 0xe3, 0xd7, 0xd1, 0xf7, 0xc3, 0x50, 0x8d,
-	0xff, 0x14, 0x36, 0x34, 0x76, 0x59, 0x2d, 0xa0, 0x58, 0xc2, 0xd0, 0xc3, 0x30, 0xe0, 0x84, 0x0d,
-	0x69, 0x37, 0x63, 0x4e, 0x70, 0xb3, 0x61, 0x23, 0xc2, 0xac, 0xd4, 0xfe, 0x2b, 0x0b, 0xc6, 0x68,
-	0x15, 0x97, 0x7d, 0x14, 0xfb, 0x9c, 0xc7, 0x61, 0xd0, 0x69, 0xc7, 0x9b, 0x41, 0xd7, 0x39, 0x6c,
-	0x96, 0x95, 0x62, 0x01, 0xa5, 0xe7, 0x30, 0x95, 0xcb, 0xc1, 0x38, 0x87, 0x2d, 0xd0, 0xb5, 0xcc,
-	0x20, 0x54, 0x95, 0x8d, 0xda, 0xeb, 0x59, 0xb7, 0xa5, 0x55, 0x5e, 0x8c, 0x25, 0x9c, 0x36, 0xb6,
-	0x1e, 0xd4, 0x3b, 0xc2, 0xb5, 0x57, 0x35, 0x36, 0x17, 0xd4, 0x3b, 0x98, 0x41, 0xd0, 0x23, 0x50,
-	0x8c, 0x36, 0x1d, 0x79, 0x2f, 0x2f, 0xbd, 0xcc, 0xab, 0x17, 0x67, 0x31, 0x2d, 0x57, 0x41, 0x13,
-	0xa1, 0x97, 0xf6, 0xb1, 0x4d, 0x06, 0x4d, 0x84, 0x9e, 0xfd, 0x2f, 0x06, 0x80, 0xf9, 0xdb, 0x38,
-	0x21, 0xa9, 0xaf, 0x05, 0x2c, 0x1b, 0xf0, 0x91, 0x5e, 0x6b, 0xeb, 0x83, 0xec, 0xfd, 0x7c, 0xb5,
-	0x6d, 0x5c, 0x6f, 0x16, 0xef, 0xf6, 0xf5, 0x66, 0xf6, 0x8d, 0xf5, 0xc0, 0x7d, 0x74, 0x63, 0x6d,
-	0x7f, 0xdc, 0x02, 0xa4, 0xbc, 0xa7, 0xb4, 0x4b, 0xc9, 0x0c, 0x54, 0x94, 0xbb, 0x96, 0xd8, 0x2f,
-	0x9a, 0x2d, 0x4a, 0x00, 0xd6, 0x38, 0x7d, 0x58, 0x2f, 0x1e, 0x93, 0x32, 0xab, 0x98, 0x8c, 0xb9,
-	0x60, 0x92, 0x4e, 0x88, 0x30, 0xfb, 0xf7, 0x0a, 0xf0, 0x00, 0x57, 0x97, 0x96, 0x1d, 0xdf, 0x69,
-	0x90, 0x26, 0xed, 0x55, 0xbf, 0x4e, 0x42, 0x35, 0x7a, 0x6c, 0x76, 0x65, 0x84, 0xc4, 0x61, 0xf9,
-	0x15, 0xe7, 0x33, 0x9c, 0xb3, 0x2c, 0xfa, 0x6e, 0x8c, 0x59, 0xe3, 0x28, 0x82, 0xb2, 0x7c, 0x8f,
-	0x48, 0xc8, 0x9f, 0x9c, 0x08, 0x29, 0x56, 0x2c, 0x34, 0x0b, 0x82, 0x15, 0x21, 0xaa, 0x3e, 0x78,
-	0x41, 0x6d, 0x8b, 0x6e, 0xf9, 0xb4, 0xfa, 0xb0, 0x24, 0xca, 0xb1, 0xc2, 0xb0, 0x9b, 0x30, 0x2e,
-	0xc7, 0xb0, 0x75, 0x99, 0x74, 0x30, 0xd9, 0xa0, 0x32, 0xb7, 0x26, 0x8b, 0x8c, 0x27, 0x92, 0x94,
-	0xcc, 0x9d, 0x37, 0x81, 0x38, 0x89, 0x2b, 0x13, 0x04, 0x17, 0xb2, 0x13, 0x04, 0xdb, 0xbf, 0x67,
-	0x41, 0x5a, 0xe8, 0x1b, 0xe9, 0x50, 0xad, 0x3d, 0xd3, 0xa1, 0x1e, 0x20, 0xa1, 0xe8, 0x4f, 0xc2,
-	0xb0, 0x13, 0x53, 0xad, 0x8e, 0x5b, 0x60, 0x8a, 0x77, 0x76, 0x73, 0xb8, 0x1c, 0xd4, 0xdd, 0x0d,
-	0x97, 0x59, 0x5e, 0xcc, 0xe6, 0xec, 0x37, 0x2c, 0xa8, 0x2c, 0x84, 0x9d, 0x83, 0x87, 0xaa, 0x75,
-	0x07, 0xa2, 0x15, 0x0e, 0x14, 0x88, 0x26, 0x43, 0xdd, 0x8a, 0xbd, 0x42, 0xdd, 0xec, 0xbf, 0x1e,
-	0x80, 0x89, 0xae, 0xd8, 0x4b, 0xf4, 0x3c, 0x8c, 0xa8, 0x59, 0x92, 0x66, 0xd7, 0x8a, 0xe9, 0xbc,
-	0xac, 0x61, 0x38, 0x81, 0xd9, 0xc7, 0x56, 0x5d, 0x84, 0xe3, 0x21, 0x79, 0xb5, 0x4d, 0xda, 0x64,
-	0x76, 0x23, 0x26, 0x61, 0x95, 0xd4, 0x02, 0xbf, 0xce, 0xf3, 0x09, 0x17, 0xe7, 0x1e, 0xbc, 0xb5,
-	0x3b, 0x75, 0x1c, 0x77, 0x83, 0x71, 0x56, 0x1d, 0xd4, 0x82, 0x51, 0xcf, 0x3c, 0x2f, 0x88, 0x63,
-	0xea, 0x1d, 0x1d, 0x35, 0xd4, 0x6a, 0x4d, 0x14, 0xe3, 0x24, 0x81, 0xe4, 0xa1, 0xa3, 0x74, 0x8f,
-	0x0e, 0x1d, 0x1f, 0xd2, 0x87, 0x0e, 0xee, 0x0b, 0xf4, 0xee, 0x9c, 0x63, 0x6f, 0xfb, 0x39, 0x75,
-	0x1c, 0xe6, 0x1c, 0xf1, 0x22, 0x94, 0xa5, 0x9f, 0x64, 0x5f, 0xfe, 0x85, 0x66, 0x3b, 0x3d, 0x78,
-	0xfb, 0xe3, 0xf0, 0xd6, 0x73, 0x61, 0x68, 0x0c, 0xe6, 0x95, 0x20, 0x9e, 0xf5, 0xbc, 0xe0, 0x26,
-	0x55, 0x57, 0xae, 0x46, 0x44, 0xd8, 0x01, 0xed, 0xdb, 0x05, 0xc8, 0x38, 0x52, 0xd3, 0x3d, 0xa9,
-	0xf5, 0xc2, 0xc4, 0x9e, 0x3c, 0x98, 0x6e, 0x88, 0x76, 0xb8, 0x2f, 0x29, 0xd7, 0x06, 0xde, 0x95,
-	0xb7, 0x49, 0x40, 0xbb, 0x97, 0x2a, 0x4e, 0xa9, 0x5c, 0x4c, 0xcf, 0x02, 0x68, 0x75, 0x5e, 0xe8,
-	0x84, 0xca, 0x39, 0x44, 0x6b, 0xfd, 0xd8, 0xc0, 0x42, 0xcf, 0xc1, 0xb0, 0xeb, 0x47, 0xb1, 0xe3,
-	0x79, 0x17, 0x5d, 0x3f, 0x16, 0x7a, 0xa2, 0x52, 0x7b, 0x16, 0x35, 0x08, 0x9b, 0x78, 0xa7, 0xdf,
-	0x61, 0xcc, 0xdf, 0x41, 0xe6, 0x7d, 0x13, 0x4e, 0x5d, 0x70, 0x63, 0x15, 0xa4, 0xa8, 0xd6, 0x1b,
-	0xd5, 0xd6, 0x15, 0xaf, 0xb2, 0x7a, 0x86, 0xe5, 0x1a, 0x41, 0x82, 0x85, 0x64, 0x4c, 0x63, 0x3a,
-	0x48, 0xd0, 0xae, 0xc1, 0x89, 0x0b, 0x6e, 0x7c, 0xde, 0xf5, 0xc8, 0x11, 0x12, 0xf9, 0xf2, 0x20,
-	0x8c, 0x98, 0xb1, 0xfb, 0x07, 0xe1, 0xec, 0x9f, 0xa4, 0x7a, 0xac, 0x18, 0x08, 0x57, 0x5d, 0x78,
-	0x5f, 0x3f, 0x74, 0x22, 0x81, 0xec, 0xc1, 0x35, 0x54, 0x59, 0x4d, 0x13, 0x9b, 0x1d, 0x40, 0x37,
-	0xa1, 0xb4, 0xc1, 0xe2, 0xdd, 0x8a, 0x79, 0xb8, 0x2a, 0x65, 0x0d, 0xbe, 0xde, 0xb9, 0x3c, 0x62,
-	0x8e, 0xd3, 0xa3, 0xea, 0x47, 0x98, 0x0c, 0xb3, 0x36, 0xa2, 0x10, 0x84, 0x5c, 0x53, 0x18, 0xbd,
-	0xa4, 0x47, 0xe9, 0x0e, 0xa4, 0x47, 0x82, 0x97, 0x0f, 0xde, 0x23, 0x5e, 0xce, 0x62, 0x17, 0xe3,
-	0x4d, 0xa6, 0x1c, 0x8b, 0xb0, 0xa9, 0x21, 0x36, 0x08, 0x46, 0xec, 0x62, 0x02, 0x8c, 0xd3, 0xf8,
-	0xe8, 0xfd, 0x4a, 0x1a, 0x94, 0xf3, 0xb8, 0x50, 0x30, 0x57, 0xf4, 0x51, 0x0b, 0x82, 0x8f, 0x17,
-	0x60, 0xec, 0x82, 0xdf, 0x5e, 0xbd, 0xb0, 0xda, 0x5e, 0xf7, 0xdc, 0xda, 0x65, 0xd2, 0xa1, 0xdc,
-	0x7e, 0x8b, 0x74, 0x16, 0x17, 0xc4, 0x0e, 0x52, 0x6b, 0xe6, 0x32, 0x2d, 0xc4, 0x1c, 0x46, 0xf9,
-	0xd6, 0x86, 0xeb, 0x37, 0x48, 0xd8, 0x0a, 0x5d, 0x61, 0xeb, 0x37, 0xf8, 0xd6, 0x79, 0x0d, 0xc2,
-	0x26, 0x1e, 0x6d, 0x3b, 0xb8, 0xe9, 0x93, 0x30, 0x7d, 0x4a, 0x58, 0xa1, 0x85, 0x98, 0xc3, 0x28,
-	0x52, 0x1c, 0xb6, 0x85, 0x29, 0xcd, 0x40, 0x5a, 0xa3, 0x85, 0x98, 0xc3, 0xc4, 0x29, 0x9d, 0x79,
-	0x82, 0x95, 0xba, 0x4e, 0xe9, 0xcc, 0x89, 0x42, 0xc2, 0x29, 0xea, 0x16, 0xe9, 0x2c, 0x38, 0xb1,
-	0x93, 0x3e, 0x64, 0x5f, 0xe6, 0xc5, 0x58, 0xc2, 0x59, 0x72, 0xe4, 0xe4, 0x70, 0x7c, 0xd7, 0x25,
-	0x47, 0x4e, 0x76, 0xbf, 0x87, 0x41, 0xe6, 0x6f, 0x17, 0x60, 0xe4, 0xcd, 0x17, 0x4c, 0x33, 0xde,
-	0xe6, 0xb9, 0x0e, 0x13, 0x5d, 0x11, 0xd3, 0x7d, 0x68, 0x48, 0xfb, 0x66, 0xb4, 0xb0, 0x31, 0x0c,
-	0xd3, 0x86, 0x65, 0x52, 0xc0, 0x79, 0x98, 0xe0, 0x9b, 0x97, 0x52, 0x62, 0x01, 0xb0, 0x2a, 0x0a,
-	0x9e, 0x5d, 0x66, 0x5d, 0x4b, 0x03, 0x71, 0x37, 0xbe, 0xfd, 0x09, 0x0b, 0x46, 0x13, 0x41, 0xec,
-	0x39, 0xe9, 0x72, 0x6c, 0x77, 0x07, 0xcc, 0x8b, 0x99, 0x45, 0x95, 0x14, 0x99, 0x18, 0xd6, 0xbb,
-	0x5b, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x41, 0x11, 0xca, 0xd2, 0xe3, 0xaa, 0x8f, 0xae, 0x7c, 0xcc,
-	0x82, 0x51, 0x75, 0x81, 0xc8, 0x2c, 0xbe, 0x85, 0x3c, 0x62, 0xea, 0x68, 0x0f, 0x94, 0xfd, 0xc4,
-	0xdf, 0x08, 0xf4, 0xc1, 0x02, 0x9b, 0xc4, 0x70, 0x92, 0x36, 0xba, 0x06, 0x10, 0x75, 0xa2, 0x98,
-	0x34, 0x0d, 0xdb, 0xb3, 0x6d, 0xac, 0xb2, 0xe9, 0x5a, 0x10, 0x12, 0xba, 0xa6, 0xae, 0x04, 0x75,
-	0x52, 0x55, 0x98, 0x5a, 0xc3, 0xd3, 0x65, 0xd8, 0x68, 0x09, 0xbd, 0xa6, 0xae, 0xbb, 0x07, 0xf2,
-	0x90, 0xeb, 0x72, 0x7c, 0xfb, 0xb9, 0xef, 0x3e, 0xc4, 0xfd, 0xb2, 0xfd, 0xeb, 0x05, 0x38, 0x96,
-	0x1e, 0x49, 0xf4, 0x6e, 0x18, 0x91, 0x83, 0x66, 0x98, 0x19, 0xa4, 0x9b, 0xdb, 0x08, 0x36, 0x60,
-	0xb7, 0x77, 0xa7, 0xa6, 0xba, 0x9f, 0xc2, 0x9e, 0x36, 0x51, 0x70, 0xa2, 0x31, 0x7e, 0xf9, 0x2c,
-	0xbc, 0x24, 0xe6, 0x3a, 0xb3, 0xad, 0x96, 0xb8, 0x41, 0x36, 0x2e, 0x9f, 0x4d, 0x28, 0x4e, 0x61,
-	0xa3, 0x55, 0x38, 0x61, 0x94, 0x5c, 0x21, 0x6e, 0x63, 0x73, 0x3d, 0x08, 0xe5, 0xb9, 0xf6, 0x61,
-	0xed, 0x54, 0xdb, 0x8d, 0x83, 0x33, 0x6b, 0x52, 0xc5, 0xa8, 0xe6, 0xb4, 0x9c, 0x9a, 0x1b, 0x77,
-	0xc4, 0x1d, 0x80, 0x62, 0xe3, 0xf3, 0xa2, 0x1c, 0x2b, 0x0c, 0xfb, 0x1f, 0x0c, 0xc0, 0x31, 0xee,
-	0x45, 0x4a, 0x94, 0x93, 0x34, 0x7a, 0x37, 0x54, 0xa2, 0xd8, 0x09, 0xb9, 0x51, 0xc3, 0x3a, 0x30,
-	0xeb, 0xd2, 0x91, 0xf7, 0xb2, 0x11, 0xac, 0xdb, 0x43, 0x2f, 0xb1, 0xb4, 0x65, 0x6e, 0xb4, 0xc9,
-	0x5a, 0x2f, 0xdc, 0x99, 0xc9, 0xe4, 0xbc, 0x6a, 0x01, 0x1b, 0xad, 0xa1, 0x1f, 0x81, 0x52, 0x6b,
-	0xd3, 0x89, 0xa4, 0x3d, 0xef, 0x71, 0xc9, 0x27, 0x56, 0x69, 0xe1, 0xed, 0xdd, 0xa9, 0x93, 0xe9,
-	0x4f, 0x65, 0x00, 0xcc, 0x2b, 0x99, 0x5c, 0x7e, 0x60, 0xff, 0xa7, 0x75, 0xea, 0x61, 0xa7, 0x7a,
-	0x71, 0x36, 0xfd, 0x18, 0xcb, 0x02, 0x2b, 0xc5, 0x02, 0x4a, 0x79, 0xd2, 0x26, 0x27, 0x59, 0xa7,
-	0xc8, 0x83, 0x49, 0x8d, 0xe3, 0xa2, 0x06, 0x61, 0x13, 0x0f, 0x7d, 0xbc, 0xdb, 0xc7, 0x78, 0xe8,
-	0x08, 0x62, 0x50, 0xfa, 0xf5, 0x2e, 0x3e, 0x07, 0x15, 0xd1, 0xd5, 0xb5, 0x00, 0x3d, 0x0f, 0x23,
-	0xdc, 0x5c, 0x34, 0x17, 0x3a, 0x7e, 0x6d, 0x33, 0x6d, 0xe4, 0x59, 0x33, 0x60, 0x38, 0x81, 0x69,
-	0x2f, 0xc3, 0x40, 0x9f, 0x4c, 0xb6, 0xaf, 0xb3, 0xfb, 0x8b, 0x50, 0xa6, 0xcd, 0xc9, 0x03, 0x5a,
-	0x1e, 0x4d, 0x06, 0x50, 0x96, 0x0f, 0x35, 0x22, 0x1b, 0x8a, 0xae, 0x23, 0x7d, 0x49, 0xd4, 0x16,
-	0x5a, 0x8c, 0xa2, 0x36, 0x5b, 0x76, 0x14, 0x88, 0x1e, 0x83, 0x22, 0xd9, 0x69, 0xa5, 0x9d, 0x46,
-	0xce, 0xed, 0xb4, 0xdc, 0x90, 0x44, 0x14, 0x89, 0xec, 0xb4, 0xd0, 0x69, 0x28, 0xb8, 0x75, 0xb1,
-	0x22, 0x41, 0xe0, 0x14, 0x16, 0x17, 0x70, 0xc1, 0xad, 0xdb, 0x3b, 0x50, 0x51, 0x2f, 0x43, 0xa2,
-	0x2d, 0xa9, 0x52, 0x59, 0x79, 0x78, 0x11, 0xcb, 0x76, 0x7b, 0x28, 0x53, 0x6d, 0x00, 0x9d, 0xd2,
-	0x21, 0x2f, 0x11, 0x7c, 0x06, 0x06, 0x6a, 0x81, 0x48, 0xc6, 0x53, 0xd6, 0xcd, 0x30, 0x5d, 0x8a,
-	0x41, 0xec, 0xeb, 0x30, 0x76, 0xd9, 0x0f, 0x6e, 0xb2, 0x07, 0x9c, 0x58, 0xbe, 0x62, 0xda, 0xf0,
-	0x06, 0xfd, 0x91, 0xd6, 0xdc, 0x19, 0x14, 0x73, 0x98, 0xca, 0xa4, 0x5a, 0xe8, 0x95, 0x49, 0xd5,
-	0xfe, 0x80, 0x05, 0x23, 0x2a, 0x36, 0xfc, 0xc2, 0xf6, 0x16, 0x6d, 0xb7, 0x11, 0x06, 0xed, 0x56,
-	0xba, 0x5d, 0xf6, 0x08, 0x2d, 0xe6, 0x30, 0x33, 0x69, 0x42, 0x61, 0x9f, 0xa4, 0x09, 0x67, 0x60,
-	0x60, 0xcb, 0xf5, 0xeb, 0x69, 0xa3, 0xe8, 0x65, 0xd7, 0xaf, 0x63, 0x06, 0xa1, 0x5d, 0x38, 0xa6,
-	0xba, 0x20, 0x75, 0xa6, 0xe7, 0x61, 0x64, 0xbd, 0xed, 0x7a, 0x75, 0x99, 0x88, 0x39, 0xb5, 0x5d,
-	0xe6, 0x0c, 0x18, 0x4e, 0x60, 0xa2, 0xb3, 0x00, 0xeb, 0xae, 0xef, 0x84, 0x9d, 0x55, 0xad, 0xa4,
-	0x29, 0xb9, 0x3d, 0xa7, 0x20, 0xd8, 0xc0, 0xb2, 0x3f, 0x55, 0x84, 0xb1, 0x64, 0x84, 0x7c, 0x1f,
-	0xb6, 0x8b, 0xc7, 0xa0, 0xc4, 0x82, 0xe6, 0xd3, 0x53, 0xcb, 0x73, 0x17, 0x73, 0x18, 0x8a, 0x60,
-	0x90, 0x6f, 0xe6, 0x7c, 0x1e, 0xf2, 0x54, 0x9d, 0x54, 0x96, 0x54, 0xe6, 0x6b, 0x2d, 0x0c, 0xd3,
-	0x82, 0x14, 0xfa, 0xb0, 0x05, 0x43, 0x41, 0xcb, 0xcc, 0xc0, 0xf9, 0xae, 0x3c, 0xb3, 0x07, 0x88,
-	0x10, 0x5d, 0xa1, 0x8f, 0xa8, 0xa9, 0x97, 0xd3, 0x21, 0x49, 0x9f, 0xfe, 0x61, 0x18, 0x31, 0x31,
-	0xf7, 0x53, 0x49, 0xca, 0xa6, 0x4a, 0xf2, 0x31, 0x73, 0x51, 0x88, 0xfc, 0x08, 0x7d, 0x6c, 0xb7,
-	0xab, 0x50, 0xaa, 0x29, 0x87, 0xb4, 0x3b, 0x4a, 0xdf, 0xaf, 0xf2, 0x87, 0xb1, 0xcb, 0x7e, 0xde,
-	0x9a, 0xfd, 0x0d, 0xcb, 0x58, 0x1f, 0x98, 0x44, 0x8b, 0x75, 0x14, 0x42, 0xb1, 0xb1, 0xbd, 0x25,
-	0xc4, 0xfc, 0xa5, 0x9c, 0x86, 0xf7, 0xc2, 0xf6, 0x96, 0x5e, 0xe3, 0x66, 0x29, 0xa6, 0xc4, 0xfa,
-	0x30, 0xf7, 0x27, 0xd2, 0x68, 0x14, 0xf7, 0x4f, 0xa3, 0x61, 0xbf, 0x51, 0x80, 0x89, 0xae, 0x45,
-	0x85, 0x5e, 0x83, 0x52, 0x48, 0xbf, 0x52, 0x7c, 0xde, 0x52, 0x6e, 0x89, 0x2f, 0xa2, 0xc5, 0xba,
-	0x16, 0x9f, 0xc9, 0x72, 0xcc, 0x49, 0xa2, 0x4b, 0x80, 0xb4, 0xdb, 0xa4, 0xba, 0x6b, 0xe0, 0x9f,
-	0xac, 0x7c, 0xab, 0x66, 0xbb, 0x30, 0x70, 0x46, 0x2d, 0xf4, 0x42, 0xfa, 0xca, 0xa2, 0x98, 0xbc,
-	0x2b, 0xdb, 0xeb, 0xf6, 0xc1, 0xfe, 0xed, 0x02, 0x8c, 0x26, 0x12, 0xa2, 0x22, 0x0f, 0xca, 0xc4,
-	0x63, 0x17, 0x99, 0x52, 0xd8, 0x1c, 0xf6, 0x79, 0x13, 0x25, 0x20, 0xcf, 0x89, 0x76, 0xb1, 0xa2,
-	0x70, 0x7f, 0xb8, 0x5c, 0x3d, 0x0f, 0x23, 0xb2, 0x43, 0xef, 0x72, 0x9a, 0x9e, 0x18, 0x40, 0xb5,
-	0x46, 0xcf, 0x19, 0x30, 0x9c, 0xc0, 0xb4, 0x7f, 0xbf, 0x08, 0x93, 0xfc, 0xe6, 0xb7, 0xae, 0x56,
-	0x9e, 0xf2, 0xe0, 0xf8, 0x45, 0x9d, 0xb6, 0xd8, 0xca, 0xe3, 0x0d, 0xef, 0x5e, 0x84, 0xfa, 0xf2,
-	0x14, 0xfe, 0x7c, 0xca, 0x53, 0x98, 0x9f, 0x4c, 0x1b, 0x47, 0xd4, 0xa3, 0xef, 0x2e, 0xd7, 0xe1,
-	0x7f, 0x52, 0x80, 0xf1, 0xd4, 0x53, 0x6d, 0xe8, 0x53, 0xc9, 0xd7, 0x3d, 0xac, 0x3c, 0x6e, 0xc5,
-	0xf6, 0x7c, 0xbd, 0xeb, 0x60, 0x6f, 0x7c, 0xdc, 0xa3, 0xad, 0x62, 0x7f, 0xbd, 0x00, 0x63, 0xc9,
-	0x37, 0xe6, 0xee, 0xc3, 0x91, 0x7a, 0x3b, 0x54, 0xd8, 0x33, 0x4a, 0x97, 0x49, 0x47, 0x5e, 0xaa,
-	0xf1, 0x17, 0x6b, 0x64, 0x21, 0xd6, 0xf0, 0xfb, 0xe2, 0xe9, 0x14, 0xfb, 0x9f, 0x59, 0x70, 0x92,
-	0x7f, 0x65, 0x7a, 0x1d, 0xfe, 0xad, 0xac, 0xd1, 0x7d, 0x39, 0xdf, 0x0e, 0xa6, 0xd2, 0x6d, 0xef,
-	0x37, 0xbe, 0xec, 0x25, 0x73, 0xd1, 0xdb, 0xe4, 0x52, 0xb8, 0x0f, 0x3b, 0x7b, 0xa0, 0xc5, 0x60,
-	0xff, 0xfb, 0x02, 0x0c, 0xaf, 0xcc, 0x2f, 0x2a, 0x16, 0x3e, 0x03, 0x95, 0x5a, 0x48, 0x1c, 0x6d,
-	0xed, 0x30, 0xfd, 0x8a, 0x24, 0x00, 0x6b, 0x1c, 0x7a, 0x68, 0xe0, 0x7e, 0x79, 0x51, 0xfa, 0xd0,
-	0xc0, 0xdd, 0xf6, 0x22, 0x2c, 0xe1, 0xe8, 0x49, 0x28, 0xb3, 0x88, 0xd9, 0xab, 0xa1, 0x94, 0x38,
-	0xfa, 0x24, 0xc9, 0xca, 0xf1, 0x12, 0x56, 0x18, 0xb4, 0xe1, 0x7a, 0x50, 0x8b, 0x28, 0x72, 0xca,
-	0x00, 0xb1, 0x40, 0x8b, 0xf1, 0x12, 0x96, 0x70, 0x96, 0xf0, 0x90, 0x1d, 0xd2, 0x29, 0x72, 0x29,
-	0xd9, 0x69, 0x7e, 0x9a, 0xa7, 0xe8, 0x1a, 0xe7, 0x20, 0x89, 0x31, 0x53, 0x51, 0x6b, 0x43, 0xfd,
-	0x45, 0xad, 0xd9, 0x5f, 0x2f, 0x82, 0x7e, 0x14, 0x1f, 0xb9, 0x22, 0x4d, 0x44, 0x2e, 0xe9, 0xdc,
-	0xab, 0x1d, 0xbf, 0xa6, 0x9f, 0xdf, 0x2f, 0xa7, 0xb2, 0x44, 0xfc, 0xbc, 0x05, 0xc3, 0xae, 0xef,
-	0xc6, 0xae, 0xc3, 0x4c, 0x61, 0xf9, 0xbc, 0x6c, 0xad, 0xc8, 0x2d, 0xf2, 0x96, 0x83, 0xd0, 0xbc,
-	0xe1, 0x56, 0xc4, 0xb0, 0x49, 0x19, 0xbd, 0x57, 0x04, 0x49, 0x15, 0x73, 0xcb, 0xb5, 0x52, 0x4e,
-	0x45, 0x46, 0xb5, 0xa8, 0x42, 0x1b, 0x87, 0x39, 0xa5, 0x28, 0xc2, 0xb4, 0x29, 0xf5, 0x32, 0x88,
-	0x3a, 0x32, 0xb0, 0x62, 0xcc, 0x09, 0xd9, 0x11, 0xa0, 0xee, 0xb1, 0x38, 0x60, 0x00, 0xca, 0x0c,
-	0x54, 0x9c, 0x76, 0x1c, 0x34, 0xe9, 0x30, 0x89, 0xfb, 0x71, 0x1d, 0x62, 0x23, 0x01, 0x58, 0xe3,
-	0xd8, 0x9f, 0x2a, 0x41, 0x2a, 0x69, 0x03, 0xda, 0x81, 0x8a, 0x4a, 0xdb, 0x90, 0x4f, 0x40, 0xa7,
-	0x5e, 0x51, 0xaa, 0x33, 0xaa, 0x08, 0x6b, 0x62, 0xa8, 0x21, 0xad, 0x8a, 0x7c, 0xb7, 0xbf, 0x98,
-	0xb6, 0x2a, 0xfe, 0x78, 0x7f, 0x97, 0x4c, 0x74, 0xad, 0xce, 0xf0, 0x34, 0x7d, 0xd3, 0xfb, 0x1a,
-	0x20, 0xf7, 0x7b, 0xdb, 0xfb, 0x83, 0xe2, 0x1d, 0x2e, 0x4c, 0xa2, 0xb6, 0x17, 0x8b, 0xd5, 0xf0,
-	0x62, 0x8e, 0xbb, 0x8c, 0x37, 0xac, 0x93, 0x1f, 0xf1, 0xff, 0xd8, 0x20, 0x9a, 0x34, 0x13, 0x0f,
-	0x1e, 0xa9, 0x99, 0x78, 0x28, 0x57, 0x33, 0xf1, 0x59, 0x00, 0xb6, 0xb6, 0xb9, 0xa3, 0x7c, 0x99,
-	0x59, 0xef, 0x94, 0x88, 0xc1, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x07, 0x21, 0x99, 0xbd, 0x0b, 0x4d,
-	0xc9, 0x64, 0x61, 0xfc, 0x02, 0x8c, 0xc5, 0x28, 0x26, 0xf2, 0x7a, 0xfd, 0xa6, 0x05, 0x66, 0x8a,
-	0x31, 0xf4, 0x2a, 0xcf, 0x65, 0x66, 0xe5, 0x71, 0xa1, 0x62, 0xb4, 0x3b, 0xbd, 0xec, 0xb4, 0x52,
-	0xce, 0x3d, 0x32, 0xa1, 0xd9, 0xe9, 0x77, 0x40, 0x59, 0x42, 0x0f, 0xa4, 0x2c, 0xbf, 0x1f, 0x8e,
-	0xcb, 0x7c, 0x07, 0xf2, 0xee, 0x43, 0x5c, 0xb2, 0xef, 0x6f, 0x52, 0x93, 0x76, 0xb2, 0x42, 0x2f,
-	0x3b, 0x99, 0x3a, 0xfd, 0x17, 0x7b, 0x66, 0x29, 0xff, 0x2d, 0x0b, 0xce, 0xa4, 0x3b, 0x10, 0x2d,
-	0x07, 0xbe, 0x1b, 0x07, 0x61, 0x95, 0xc4, 0xb1, 0xeb, 0x37, 0x58, 0xca, 0xd9, 0x9b, 0x4e, 0x28,
-	0x9f, 0x1d, 0x62, 0x8c, 0xf2, 0xba, 0x13, 0xfa, 0x98, 0x95, 0xa2, 0x0e, 0x0c, 0x72, 0xcf, 0x62,
-	0x71, 0x0a, 0x3a, 0xe4, 0xde, 0xc8, 0x18, 0x0e, 0x7d, 0x0c, 0xe3, 0x5e, 0xcd, 0x58, 0x10, 0xb4,
-	0xbf, 0x65, 0x01, 0x5a, 0xd9, 0x26, 0x61, 0xe8, 0xd6, 0x0d, 0x5f, 0x68, 0xf6, 0x9e, 0xa5, 0xf1,
-	0x6e, 0xa5, 0x99, 0x8d, 0x23, 0xf5, 0x9e, 0xa5, 0xf1, 0x2f, 0xfb, 0x3d, 0xcb, 0xc2, 0xc1, 0xde,
-	0xb3, 0x44, 0x2b, 0x70, 0xb2, 0xc9, 0x8f, 0x71, 0xfc, 0x8d, 0x38, 0x7e, 0xa6, 0x53, 0x81, 0xe3,
-	0xa7, 0x6e, 0xed, 0x4e, 0x9d, 0x5c, 0xce, 0x42, 0xc0, 0xd9, 0xf5, 0xec, 0x77, 0x00, 0xe2, 0x2e,
-	0xd0, 0xf3, 0x59, 0x5e, 0x9c, 0x3d, 0xcd, 0x5a, 0xf6, 0xe7, 0x4a, 0x30, 0x9e, 0x7a, 0x94, 0x82,
-	0x1e, 0xa1, 0xbb, 0xdd, 0x46, 0x0f, 0x2d, 0xbf, 0xbb, 0xbb, 0xd7, 0x97, 0x23, 0xaa, 0x0f, 0x25,
-	0xd7, 0x6f, 0xb5, 0xe3, 0x7c, 0xf2, 0x56, 0xf0, 0x4e, 0x2c, 0xd2, 0x06, 0x0d, 0x33, 0x3c, 0xfd,
-	0x8b, 0x39, 0x99, 0x3c, 0xdd, 0x5a, 0x13, 0x87, 0x9c, 0x81, 0x7b, 0x64, 0x66, 0xf9, 0xa0, 0x76,
-	0x32, 0x2d, 0xe5, 0x61, 0xb0, 0x4d, 0x2d, 0x96, 0xa3, 0xf6, 0x2c, 0xfa, 0x52, 0x01, 0x86, 0x8d,
-	0x49, 0x43, 0xbf, 0x92, 0x4c, 0xc0, 0x69, 0xe5, 0xf7, 0x49, 0xac, 0xfd, 0x69, 0x9d, 0x62, 0x93,
-	0x7f, 0xd2, 0xe3, 0xdd, 0xb9, 0x37, 0x6f, 0xef, 0x4e, 0x1d, 0x4b, 0x65, 0xd7, 0x4c, 0xe4, 0xe3,
-	0x3c, 0xfd, 0xd3, 0x30, 0x9e, 0x6a, 0x26, 0xe3, 0x93, 0xd7, 0xcc, 0x4f, 0x3e, 0xb4, 0xb9, 0xcf,
-	0x1c, 0xb2, 0x2f, 0xd2, 0x21, 0x13, 0xe1, 0xf2, 0x81, 0x47, 0xfa, 0xb0, 0x6d, 0xa7, 0xce, 0x17,
-	0x85, 0x3e, 0xb3, 0x62, 0x3c, 0x01, 0xe5, 0x56, 0xe0, 0xb9, 0x35, 0x57, 0xe5, 0xef, 0x66, 0x79,
-	0x38, 0x56, 0x45, 0x19, 0x56, 0x50, 0x74, 0x13, 0x2a, 0x37, 0x6e, 0xc6, 0xfc, 0x56, 0x4d, 0xdc,
-	0x1b, 0xe4, 0x75, 0x99, 0xa6, 0x94, 0x16, 0x75, 0x6d, 0x87, 0x35, 0x2d, 0x64, 0xc3, 0x20, 0x13,
-	0x82, 0x32, 0x74, 0x8e, 0xdd, 0x69, 0x30, 0xe9, 0x18, 0x61, 0x01, 0xb1, 0xbf, 0x03, 0x70, 0x22,
-	0xeb, 0x65, 0x20, 0xf4, 0x3e, 0x18, 0xe4, 0x7d, 0xcc, 0xe7, 0xf1, 0xb9, 0x2c, 0x1a, 0x17, 0x58,
-	0x83, 0xa2, 0x5b, 0xec, 0x37, 0x16, 0x34, 0x05, 0x75, 0xcf, 0x59, 0x17, 0x2b, 0xe4, 0x68, 0xa8,
-	0x2f, 0x39, 0x9a, 0xfa, 0x92, 0xc3, 0xa9, 0x7b, 0xce, 0x3a, 0xda, 0x81, 0x52, 0xc3, 0x8d, 0x89,
-	0x23, 0x8c, 0x33, 0xd7, 0x8f, 0x84, 0x38, 0x71, 0xb8, 0x96, 0xc6, 0x7e, 0x62, 0x4e, 0x10, 0x7d,
-	0xc1, 0x82, 0xf1, 0xf5, 0x64, 0x3a, 0x1e, 0xc1, 0x3c, 0x9d, 0x23, 0x78, 0xfd, 0x29, 0x49, 0x88,
-	0x3f, 0xe8, 0x9a, 0x2a, 0xc4, 0xe9, 0xee, 0xa0, 0x0f, 0x59, 0x30, 0xb4, 0xe1, 0x7a, 0xc6, 0xf3,
-	0x1a, 0x47, 0x30, 0x39, 0xe7, 0x19, 0x01, 0x7d, 0xe2, 0xe0, 0xff, 0x23, 0x2c, 0x29, 0xf7, 0x92,
-	0x54, 0x83, 0x87, 0x95, 0x54, 0x43, 0xf7, 0x48, 0x52, 0x7d, 0xd4, 0x82, 0x8a, 0x1a, 0x69, 0x91,
-	0xd6, 0xe4, 0xdd, 0x47, 0x38, 0xe5, 0xdc, 0x22, 0xa5, 0xfe, 0x62, 0x4d, 0x1c, 0xbd, 0x6e, 0xc1,
-	0xb0, 0xf3, 0x5a, 0x3b, 0x24, 0x75, 0xb2, 0x1d, 0xb4, 0x22, 0x91, 0x6f, 0xf4, 0xe5, 0xfc, 0x3b,
-	0x33, 0x4b, 0x89, 0x2c, 0x90, 0xed, 0x95, 0x56, 0x24, 0xc2, 0x7a, 0x75, 0x01, 0x36, 0xbb, 0x80,
-	0x7e, 0x4e, 0xcb, 0x71, 0xc8, 0x23, 0xeb, 0x74, 0x56, 0x6f, 0x8e, 0x5a, 0x98, 0xef, 0x16, 0x60,
-	0x6a, 0x9f, 0x51, 0x40, 0xcf, 0xc3, 0x48, 0x10, 0x36, 0x1c, 0xdf, 0x7d, 0xcd, 0xcc, 0x11, 0xa6,
-	0x34, 0xc5, 0x15, 0x03, 0x86, 0x13, 0x98, 0x66, 0xf2, 0x98, 0xc2, 0x3e, 0xc9, 0x63, 0xce, 0xc0,
-	0x40, 0x48, 0x5a, 0x41, 0xfa, 0xc0, 0xc3, 0x42, 0xe4, 0x18, 0x04, 0x3d, 0x02, 0x45, 0xa7, 0xe5,
-	0x0a, 0xab, 0x9f, 0x3a, 0xc7, 0xcd, 0xae, 0x2e, 0x62, 0x5a, 0x9e, 0xc8, 0x65, 0x55, 0xba, 0x2b,
-	0xb9, 0xac, 0xa8, 0x28, 0x13, 0xf7, 0x5a, 0x83, 0x5a, 0x94, 0x25, 0xef, 0x9b, 0xec, 0x37, 0x8a,
-	0xf0, 0xc8, 0x9e, 0x6b, 0x5e, 0xbb, 0x4e, 0x5b, 0x7b, 0xb8, 0x4e, 0xcb, 0xe1, 0x29, 0xec, 0x37,
-	0x3c, 0xc5, 0x1e, 0xc3, 0xf3, 0x21, 0xba, 0x95, 0x65, 0x6e, 0xb5, 0x7c, 0xde, 0x24, 0xef, 0x95,
-	0xaa, 0x4d, 0xec, 0x62, 0x09, 0xc5, 0x9a, 0x2e, 0x3d, 0xc7, 0x24, 0x12, 0xa7, 0x94, 0xf2, 0x10,
-	0x65, 0x3d, 0xf3, 0x9b, 0xf1, 0xfd, 0xdb, 0x2b, 0x1b, 0x8b, 0xfd, 0x3b, 0x03, 0xf0, 0x58, 0x1f,
-	0x12, 0xc8, 0x5c, 0xc5, 0x56, 0x9f, 0xab, 0xf8, 0xbb, 0x7c, 0x9a, 0x3e, 0x92, 0x39, 0x4d, 0x38,
-	0xff, 0x69, 0xda, 0x7b, 0x86, 0xd8, 0xd5, 0x80, 0x1f, 0x91, 0x5a, 0x3b, 0xe4, 0x61, 0x24, 0x46,
-	0xfc, 0xec, 0xa2, 0x28, 0xc7, 0x0a, 0x83, 0x9e, 0x4b, 0x6b, 0x0e, 0xdd, 0xfe, 0x43, 0x39, 0x25,
-	0xca, 0x30, 0x43, 0x71, 0xb9, 0x5a, 0x34, 0x3f, 0x4b, 0x39, 0x00, 0x27, 0x63, 0xff, 0xb2, 0x05,
-	0xa7, 0x7b, 0xab, 0x09, 0xe8, 0x69, 0x18, 0x5e, 0x67, 0x4e, 0x7d, 0xcb, 0xcc, 0x71, 0x48, 0x2c,
-	0x1d, 0xf6, 0xbd, 0xba, 0x18, 0x9b, 0x38, 0x68, 0x1e, 0x26, 0x4c, 0x6f, 0xc0, 0x65, 0xc3, 0xe3,
-	0x88, 0x19, 0x32, 0xd6, 0xd2, 0x40, 0xdc, 0x8d, 0x6f, 0x7f, 0xbb, 0x98, 0xdd, 0x2d, 0xae, 0x4e,
-	0x1e, 0x64, 0x35, 0x8b, 0xb5, 0x5a, 0xe8, 0x83, 0xe3, 0x16, 0xef, 0x36, 0xc7, 0x1d, 0xe8, 0xc5,
-	0x71, 0xd1, 0x02, 0x1c, 0x33, 0x9e, 0x0b, 0xe5, 0xa9, 0x53, 0xf8, 0xed, 0x8f, 0xca, 0x7b, 0xb6,
-	0x9a, 0x82, 0xe3, 0xae, 0x1a, 0xf7, 0xf9, 0xd2, 0xfb, 0x4a, 0x01, 0x4e, 0xf5, 0xd4, 0xe0, 0xef,
-	0x92, 0x44, 0x31, 0xa7, 0x7f, 0xe0, 0xee, 0x4c, 0xbf, 0x39, 0x29, 0xa5, 0x7d, 0x27, 0xa5, 0x1f,
-	0xf1, 0xfc, 0x27, 0x85, 0x9e, 0x9b, 0x85, 0x9e, 0xf8, 0xbe, 0x67, 0x47, 0xf2, 0x05, 0x18, 0x75,
-	0x5a, 0x2d, 0x8e, 0xc7, 0x3c, 0xfe, 0x53, 0xb9, 0x18, 0x67, 0x4d, 0x20, 0x4e, 0xe2, 0xf6, 0x35,
-	0xb0, 0x7f, 0x6e, 0x41, 0x05, 0x93, 0x0d, 0xce, 0xb1, 0xd0, 0x0d, 0x31, 0x44, 0x56, 0x1e, 0x09,
-	0xf1, 0xe9, 0xc0, 0x46, 0x2e, 0xcb, 0x12, 0x9f, 0x35, 0xd8, 0x87, 0x8d, 0xec, 0x57, 0x8f, 0x8c,
-	0x16, 0x7b, 0x3f, 0x32, 0x6a, 0x7f, 0xb9, 0x42, 0x3f, 0xaf, 0x15, 0xcc, 0x87, 0xa4, 0x1e, 0xd1,
-	0xf9, 0x6d, 0x87, 0x9e, 0x58, 0x24, 0x6a, 0x7e, 0xaf, 0xe2, 0x25, 0x4c, 0xcb, 0x13, 0x17, 0x81,
-	0x85, 0x03, 0x65, 0xa2, 0x2b, 0xee, 0x9b, 0x89, 0xee, 0x05, 0x18, 0x8d, 0xa2, 0xcd, 0xd5, 0xd0,
-	0xdd, 0x76, 0x62, 0x72, 0x99, 0xc8, 0x94, 0x35, 0x3a, 0x2b, 0x53, 0xf5, 0xa2, 0x06, 0xe2, 0x24,
-	0x2e, 0xba, 0x00, 0x13, 0x3a, 0x1f, 0x1c, 0x09, 0x63, 0x16, 0x4a, 0xc7, 0x57, 0x82, 0x4a, 0x47,
-	0xa2, 0x33, 0xc8, 0x09, 0x04, 0xdc, 0x5d, 0x87, 0xf2, 0xdc, 0x44, 0x21, 0xed, 0xc8, 0x60, 0x92,
-	0xe7, 0x26, 0xda, 0xa1, 0x7d, 0xe9, 0xaa, 0x81, 0x96, 0xe1, 0x38, 0x5f, 0x18, 0xb3, 0xad, 0x96,
-	0xf1, 0x45, 0x43, 0xc9, 0x2c, 0xe4, 0x17, 0xba, 0x51, 0x70, 0x56, 0x3d, 0xf4, 0x1c, 0x0c, 0xab,
-	0xe2, 0xc5, 0x05, 0x71, 0x87, 0xa5, 0x6c, 0x68, 0xaa, 0x99, 0xc5, 0x3a, 0x36, 0xf1, 0xd0, 0xbb,
-	0xe0, 0x41, 0xfd, 0x97, 0x87, 0x66, 0xf3, 0x8b, 0xdd, 0x05, 0x91, 0x6a, 0x53, 0x3d, 0x72, 0x75,
-	0x21, 0x13, 0xad, 0x8e, 0x7b, 0xd5, 0x47, 0xeb, 0x70, 0x5a, 0x81, 0xce, 0xf9, 0x31, 0x0b, 0x9e,
-	0x8c, 0xc8, 0x9c, 0x13, 0x31, 0x17, 0x05, 0x60, 0xdf, 0x69, 0x8b, 0xd6, 0x4f, 0x5f, 0x70, 0xe3,
-	0x8b, 0x59, 0x98, 0x78, 0x09, 0xef, 0xd1, 0x0a, 0x9a, 0x81, 0x0a, 0xf1, 0x9d, 0x75, 0x8f, 0xac,
-	0xcc, 0x2f, 0xb2, 0x94, 0x9d, 0xc6, 0x3d, 0xf2, 0x39, 0x09, 0xc0, 0x1a, 0x47, 0xf9, 0x8d, 0x8f,
-	0xf4, 0xf2, 0x1b, 0x47, 0xab, 0x70, 0xa2, 0x51, 0x6b, 0x51, 0xad, 0xd1, 0xad, 0x91, 0xd9, 0x1a,
-	0x73, 0x93, 0xa5, 0x13, 0xc3, 0xd3, 0xc3, 0xab, 0x00, 0x9c, 0x0b, 0xf3, 0xab, 0x5d, 0x38, 0x38,
-	0xb3, 0x26, 0x73, 0xa7, 0x0e, 0x83, 0x9d, 0xce, 0xe4, 0xf1, 0x94, 0x3b, 0x35, 0x2d, 0xc4, 0x1c,
-	0x86, 0x2e, 0x01, 0x62, 0x41, 0x68, 0x17, 0xe3, 0xb8, 0xa5, 0xd4, 0xd4, 0xc9, 0x13, 0xc9, 0xc4,
-	0x7b, 0xe7, 0xbb, 0x30, 0x70, 0x46, 0x2d, 0xaa, 0xf5, 0xf8, 0x01, 0x6b, 0x7d, 0xf2, 0xc1, 0xa4,
-	0xd6, 0x73, 0x85, 0x17, 0x63, 0x09, 0x47, 0x3f, 0x09, 0x93, 0xed, 0x88, 0xb0, 0x03, 0xf0, 0xf5,
-	0x20, 0xdc, 0xf2, 0x02, 0xa7, 0xbe, 0xc8, 0x5e, 0x33, 0x8d, 0x3b, 0x93, 0x93, 0x8c, 0xf8, 0x19,
-	0x51, 0x77, 0xf2, 0x6a, 0x0f, 0x3c, 0xdc, 0xb3, 0x85, 0x74, 0xe6, 0xc8, 0x53, 0x7d, 0x66, 0x8e,
-	0x5c, 0x85, 0x13, 0x52, 0xae, 0xad, 0xcc, 0x2f, 0xaa, 0x8f, 0x9e, 0x3c, 0x9d, 0x7c, 0x1e, 0x6d,
-	0x31, 0x03, 0x07, 0x67, 0xd6, 0xb4, 0xff, 0xcc, 0x82, 0x51, 0xc5, 0xc1, 0xee, 0x42, 0x30, 0xac,
-	0x97, 0x0c, 0x86, 0xbd, 0x70, 0x78, 0x19, 0xc0, 0x7a, 0xde, 0x23, 0x74, 0xe3, 0x33, 0xa3, 0x00,
-	0x5a, 0x4e, 0x28, 0x11, 0x6d, 0xf5, 0x14, 0xd1, 0xf7, 0x2d, 0x8f, 0xce, 0xca, 0x04, 0x58, 0xba,
-	0xb7, 0x99, 0x00, 0xab, 0x70, 0x52, 0x2e, 0x29, 0x7e, 0x77, 0x7b, 0x31, 0x88, 0x14, 0xcb, 0x37,
-	0xde, 0xbb, 0x5b, 0xcc, 0x42, 0xc2, 0xd9, 0x75, 0x13, 0xba, 0xdd, 0xd0, 0xbe, 0xba, 0x9d, 0xe2,
-	0x72, 0x4b, 0x1b, 0xf2, 0x35, 0xca, 0x14, 0x97, 0x5b, 0x3a, 0x5f, 0xc5, 0x1a, 0x27, 0x5b, 0xd4,
-	0x55, 0x72, 0x12, 0x75, 0x70, 0x60, 0x51, 0x27, 0x99, 0xee, 0x70, 0x4f, 0xa6, 0x2b, 0xef, 0x88,
-	0x46, 0x7a, 0xde, 0x11, 0xbd, 0x13, 0xc6, 0x5c, 0x7f, 0x93, 0x84, 0x6e, 0x4c, 0xea, 0x6c, 0x2f,
-	0x30, 0x86, 0x5c, 0xd6, 0x8a, 0xce, 0x62, 0x02, 0x8a, 0x53, 0xd8, 0x49, 0x49, 0x31, 0xd6, 0x87,
-	0xa4, 0xe8, 0x21, 0x9f, 0xc7, 0xf3, 0x91, 0xcf, 0xc7, 0x0e, 0x2f, 0x9f, 0x27, 0x8e, 0x54, 0x3e,
-	0xa3, 0x5c, 0xe4, 0x73, 0x5f, 0xa2, 0xcf, 0x38, 0xa4, 0x9f, 0xd8, 0xe7, 0x90, 0xde, 0x4b, 0x38,
-	0x9f, 0xbc, 0x63, 0xe1, 0x9c, 0x2d, 0x77, 0x1f, 0x78, 0x53, 0xee, 0xe6, 0x22, 0x77, 0x3f, 0x5a,
-	0x80, 0x93, 0x5a, 0x32, 0x51, 0x7e, 0xe0, 0x6e, 0x50, 0xde, 0xcc, 0x9e, 0x78, 0xe6, 0x37, 0xcb,
-	0x46, 0x08, 0xb6, 0x0e, 0x42, 0x57, 0x10, 0x6c, 0x60, 0xb1, 0x48, 0x66, 0x12, 0xb2, 0xc7, 0x45,
-	0xd2, 0x62, 0x6b, 0x5e, 0x94, 0x63, 0x85, 0x41, 0x07, 0x81, 0xfe, 0x16, 0x89, 0x34, 0xd2, 0x69,
-	0xab, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x09, 0x4e, 0x84, 0xb1, 0x4c, 0x2a, 0xba, 0x46, 0xf8,
-	0xb1, 0x52, 0x71, 0x49, 0x05, 0x95, 0xdd, 0x61, 0x91, 0xf6, 0xa5, 0xee, 0xee, 0x30, 0x27, 0x4d,
-	0x85, 0x61, 0xff, 0x0f, 0x0b, 0x4e, 0x65, 0x0e, 0xc5, 0x5d, 0x50, 0x47, 0x76, 0x92, 0xea, 0x48,
-	0x35, 0xaf, 0x23, 0xa9, 0xf1, 0x15, 0x3d, 0x54, 0x93, 0xff, 0x60, 0xc1, 0x98, 0xc6, 0xbf, 0x0b,
-	0x9f, 0xea, 0x26, 0x3f, 0x35, 0xbf, 0xd3, 0x77, 0xa5, 0xeb, 0xdb, 0x7e, 0xbf, 0x00, 0x2a, 0x95,
-	0xfc, 0x6c, 0x4d, 0x3e, 0xd4, 0xb1, 0x8f, 0xaf, 0x43, 0x07, 0x06, 0x99, 0xab, 0x46, 0x94, 0x8f,
-	0x1b, 0x5a, 0x92, 0x3e, 0x73, 0xfb, 0xd0, 0x37, 0x67, 0xec, 0x6f, 0x84, 0x05, 0x41, 0xf6, 0xf4,
-	0x0d, 0xcf, 0xd2, 0x5d, 0x17, 0x01, 0xb9, 0xfa, 0xe9, 0x1b, 0x51, 0x8e, 0x15, 0x06, 0x15, 0x98,
-	0x6e, 0x2d, 0xf0, 0xe7, 0x3d, 0x27, 0x8a, 0x84, 0x0e, 0xa7, 0x04, 0xe6, 0xa2, 0x04, 0x60, 0x8d,
-	0xc3, 0xbc, 0x38, 0xdc, 0xa8, 0xe5, 0x39, 0x1d, 0xc3, 0xc6, 0x62, 0x24, 0x8c, 0x52, 0x20, 0x6c,
-	0xe2, 0xd9, 0x4d, 0x98, 0x4c, 0x7e, 0xc4, 0x02, 0xd9, 0x60, 0x2e, 0xd4, 0x7d, 0x0d, 0xe7, 0x0c,
-	0x54, 0x1c, 0x56, 0x6b, 0xa9, 0xed, 0x08, 0x9e, 0xa0, 0x1d, 0x89, 0x25, 0x00, 0x6b, 0x1c, 0xfb,
-	0x9f, 0x5a, 0x70, 0x3c, 0x63, 0xd0, 0x72, 0x0c, 0x78, 0x8e, 0x35, 0xb7, 0xc9, 0x52, 0x75, 0x7e,
-	0x00, 0x86, 0xea, 0x64, 0xc3, 0x91, 0x4e, 0xba, 0xa6, 0x4f, 0x3f, 0x2f, 0xc6, 0x12, 0x6e, 0xff,
-	0x76, 0x01, 0xc6, 0x93, 0x7d, 0x8d, 0x58, 0x10, 0x21, 0x1f, 0x26, 0x37, 0xaa, 0x05, 0xdb, 0x24,
-	0xec, 0xd0, 0x2f, 0xb7, 0x52, 0x41, 0x84, 0x5d, 0x18, 0x38, 0xa3, 0x16, 0x7b, 0x48, 0xa2, 0xae,
-	0x46, 0x5b, 0xae, 0xc8, 0x6b, 0x79, 0xae, 0x48, 0x3d, 0x99, 0xa6, 0x43, 0x8f, 0x22, 0x89, 0x4d,
-	0xfa, 0x54, 0xe5, 0x62, 0x51, 0x19, 0x73, 0x6d, 0xd7, 0x8b, 0x5d, 0x5f, 0x7c, 0xb2, 0x58, 0xab,
-	0x4a, 0xe5, 0x5a, 0xee, 0x46, 0xc1, 0x59, 0xf5, 0xec, 0x6f, 0x0d, 0x80, 0x4a, 0xe6, 0xc1, 0x1c,
-	0x2e, 0x73, 0x72, 0x57, 0x3d, 0x68, 0x28, 0xaa, 0x5a, 0x5b, 0x03, 0x7b, 0x79, 0x40, 0x71, 0xc3,
-	0x9c, 0x69, 0xc1, 0x57, 0x03, 0xb6, 0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x3d, 0xf1, 0xdc, 0x6d, 0xc2,
-	0x2b, 0x0d, 0x26, 0x7b, 0xb2, 0x24, 0x01, 0x58, 0xe3, 0xb0, 0xbc, 0xd1, 0xee, 0xc6, 0x86, 0xb0,
-	0x32, 0xe9, 0xbc, 0xd1, 0xee, 0xc6, 0x06, 0x66, 0x10, 0xfe, 0xd4, 0x50, 0xb0, 0x25, 0x8e, 0x19,
-	0xc6, 0x53, 0x43, 0xc1, 0x16, 0x66, 0x10, 0x3a, 0x4b, 0x7e, 0x10, 0x36, 0x1d, 0xcf, 0x7d, 0x8d,
-	0xd4, 0x15, 0x15, 0x71, 0xbc, 0x50, 0xb3, 0x74, 0xa5, 0x1b, 0x05, 0x67, 0xd5, 0xa3, 0x0b, 0xba,
-	0x15, 0x92, 0xba, 0x5b, 0x8b, 0xcd, 0xd6, 0x20, 0xb9, 0xa0, 0x57, 0xbb, 0x30, 0x70, 0x46, 0x2d,
-	0x34, 0x0b, 0xe3, 0x32, 0x19, 0x8b, 0x4c, 0x60, 0x38, 0x9c, 0xcc, 0x82, 0x86, 0x93, 0x60, 0x9c,
-	0xc6, 0xa7, 0x4c, 0xb2, 0x29, 0xd2, 0xaf, 0xb2, 0xd3, 0x88, 0xc1, 0x24, 0x65, 0x5a, 0x56, 0xac,
-	0x30, 0xec, 0x0f, 0x16, 0xa9, 0x50, 0xef, 0x91, 0xe5, 0xf8, 0xae, 0xb9, 0x47, 0x27, 0x57, 0xe4,
-	0x40, 0x1f, 0x2b, 0xf2, 0x59, 0x18, 0xb9, 0x11, 0x05, 0xbe, 0x72, 0x3d, 0x2e, 0xf5, 0x74, 0x3d,
-	0x36, 0xb0, 0xb2, 0x5d, 0x8f, 0x07, 0xf3, 0x72, 0x3d, 0x1e, 0xba, 0x43, 0xd7, 0xe3, 0x3f, 0x2c,
-	0x81, 0x7a, 0x4b, 0xf2, 0x0a, 0x89, 0x6f, 0x06, 0xe1, 0x96, 0xeb, 0x37, 0x58, 0x62, 0x91, 0x2f,
-	0x58, 0x32, 0x37, 0xc9, 0x92, 0x19, 0x92, 0xbb, 0x91, 0xd3, 0x7b, 0x80, 0x09, 0x62, 0xd3, 0x6b,
-	0x06, 0x21, 0xee, 0xc2, 0x92, 0xca, 0x81, 0x22, 0x2e, 0x0d, 0x12, 0x3d, 0x42, 0x3f, 0x0d, 0x20,
-	0x4d, 0xf2, 0x1b, 0x92, 0x03, 0x2f, 0xe6, 0xd3, 0x3f, 0x4c, 0x36, 0xb4, 0x4a, 0xbd, 0xa6, 0x88,
-	0x60, 0x83, 0x20, 0xfa, 0xa8, 0x0e, 0x57, 0xe6, 0x31, 0x4a, 0xef, 0x3d, 0x92, 0xb1, 0xe9, 0x27,
-	0x58, 0x19, 0xc3, 0x90, 0xeb, 0x37, 0xe8, 0x3a, 0x11, 0x2e, 0x9a, 0x6f, 0xcb, 0xca, 0x5b, 0xb5,
-	0x14, 0x38, 0xf5, 0x39, 0xc7, 0x73, 0xfc, 0x1a, 0x09, 0x17, 0x39, 0xba, 0x96, 0xa0, 0xa2, 0x00,
-	0xcb, 0x86, 0xba, 0x1e, 0xbc, 0x2c, 0xf5, 0xf3, 0xe0, 0xe5, 0xe9, 0x1f, 0x83, 0x89, 0xae, 0xc9,
-	0x3c, 0x50, 0x6c, 0xf2, 0x21, 0x32, 0x56, 0xfd, 0xce, 0xa0, 0x16, 0x5a, 0x57, 0x82, 0x3a, 0x7f,
-	0x3f, 0x31, 0xd4, 0x33, 0x2a, 0x54, 0xe6, 0x1c, 0x97, 0x88, 0x12, 0x33, 0x46, 0x21, 0x36, 0x49,
-	0xd2, 0x35, 0xda, 0x72, 0x42, 0xe2, 0x1f, 0xf5, 0x1a, 0x5d, 0x55, 0x44, 0xb0, 0x41, 0x10, 0x6d,
-	0x26, 0x82, 0xe8, 0xce, 0x1f, 0x3e, 0x88, 0x8e, 0x65, 0x11, 0xcd, 0x7a, 0x66, 0xec, 0x75, 0x0b,
-	0xc6, 0xfc, 0xc4, 0xca, 0xcd, 0xc7, 0x6f, 0x3e, 0x7b, 0x57, 0xf0, 0xa7, 0x88, 0x93, 0x65, 0x38,
-	0x45, 0x3f, 0x4b, 0xa4, 0x95, 0x0e, 0x28, 0xd2, 0xf4, 0xfb, 0xad, 0x83, 0xbd, 0xde, 0x6f, 0x45,
-	0xbe, 0x7a, 0x58, 0x7b, 0x28, 0x8f, 0xbc, 0x1f, 0x89, 0x57, 0xb5, 0x21, 0xe3, 0x45, 0xed, 0xeb,
-	0x66, 0x8c, 0xed, 0xc1, 0x1f, 0x58, 0x1e, 0xed, 0x15, 0x8b, 0x6b, 0xff, 0xef, 0x01, 0x38, 0x26,
-	0x47, 0x44, 0xc6, 0xdc, 0x50, 0xf9, 0xc8, 0xe9, 0x6a, 0x5d, 0x59, 0xc9, 0xc7, 0x8b, 0x12, 0x80,
-	0x35, 0x0e, 0xd5, 0xc7, 0xda, 0x11, 0x59, 0x69, 0x11, 0x7f, 0xc9, 0x5d, 0x8f, 0xc4, 0xf5, 0xbb,
-	0xda, 0x28, 0x57, 0x35, 0x08, 0x9b, 0x78, 0x2c, 0x10, 0xd8, 0x50, 0x5a, 0xcd, 0x40, 0x60, 0xa1,
-	0xa8, 0x4a, 0x38, 0xfa, 0x6c, 0xe6, 0xb3, 0x0b, 0xf9, 0x44, 0xaa, 0x76, 0x85, 0x1a, 0x1d, 0xec,
-	0xbd, 0x05, 0xf4, 0x0f, 0x2d, 0x38, 0xc9, 0x4b, 0xe5, 0x48, 0x5e, 0x6d, 0xd5, 0x9d, 0x98, 0x44,
-	0xf9, 0x3c, 0x51, 0x95, 0xd1, 0x3f, 0x6d, 0x45, 0xcf, 0x22, 0x8b, 0xb3, 0x7b, 0x83, 0x3e, 0x65,
-	0xc1, 0xf8, 0x56, 0x22, 0x79, 0x94, 0x14, 0x1d, 0x87, 0xcd, 0xeb, 0x92, 0x68, 0x54, 0x6f, 0xb5,
-	0x64, 0x79, 0x84, 0xd3, 0xd4, 0xed, 0xbf, 0xb2, 0xc0, 0x64, 0xa3, 0x77, 0x3f, 0xe7, 0xd4, 0xc1,
-	0x55, 0x41, 0xa9, 0x5d, 0x96, 0x7a, 0x6a, 0x97, 0x8f, 0x40, 0xb1, 0xed, 0xd6, 0xc5, 0xf9, 0x42,
-	0x5f, 0xf8, 0x2f, 0x2e, 0x60, 0x5a, 0x6e, 0x7f, 0xb3, 0xa4, 0xcd, 0x20, 0x22, 0x10, 0xf4, 0x7b,
-	0xe2, 0xb3, 0x37, 0x54, 0x32, 0x59, 0xfe, 0xe5, 0x57, 0xba, 0x92, 0xc9, 0xfe, 0xc8, 0xc1, 0xe3,
-	0x7c, 0xf9, 0x00, 0xf5, 0xca, 0x25, 0x3b, 0xb4, 0x4f, 0x90, 0xef, 0x0d, 0x28, 0xd3, 0x23, 0x18,
-	0xb3, 0x67, 0x96, 0x13, 0x9d, 0x2a, 0x5f, 0x14, 0xe5, 0xb7, 0x77, 0xa7, 0x7e, 0xf8, 0xe0, 0xdd,
-	0x92, 0xb5, 0xb1, 0x6a, 0x1f, 0x45, 0x50, 0xa1, 0xbf, 0x59, 0x3c, 0xb2, 0x38, 0xdc, 0x5d, 0x55,
-	0x3c, 0x53, 0x02, 0x72, 0x09, 0x76, 0xd6, 0x74, 0x90, 0x0f, 0x15, 0x8a, 0xc8, 0x89, 0xf2, 0x33,
-	0xe0, 0xaa, 0x8a, 0x0a, 0x96, 0x80, 0xdb, 0xbb, 0x53, 0x2f, 0x1c, 0x9c, 0xa8, 0xaa, 0x8e, 0x35,
-	0x09, 0x43, 0x34, 0x0e, 0xf7, 0x7c, 0xda, 0xfc, 0xff, 0x0c, 0xe8, 0xf5, 0x2d, 0xf2, 0x0c, 0x7f,
-	0x4f, 0xac, 0xef, 0xe7, 0x53, 0xeb, 0xfb, 0x4c, 0xd7, 0xfa, 0x1e, 0xa3, 0x63, 0x96, 0x91, 0xfd,
-	0xf8, 0x6e, 0x2b, 0x0b, 0xfb, 0xdb, 0x24, 0x98, 0x96, 0xf4, 0x6a, 0xdb, 0x0d, 0x49, 0xb4, 0x1a,
-	0xb6, 0x7d, 0xd7, 0x6f, 0xb0, 0x25, 0x5b, 0x36, 0xb5, 0xa4, 0x04, 0x18, 0xa7, 0xf1, 0xe9, 0xc1,
-	0x9f, 0xae, 0x8b, 0xeb, 0xce, 0x36, 0x5f, 0x79, 0x46, 0x8e, 0xc7, 0xaa, 0x28, 0xc7, 0x0a, 0x03,
-	0x6d, 0xc2, 0xc3, 0xb2, 0x81, 0x05, 0xe2, 0x11, 0xfa, 0x41, 0xcc, 0x91, 0x31, 0x6c, 0xf2, 0xb0,
-	0x01, 0xee, 0x8b, 0xf2, 0x56, 0xd1, 0xc2, 0xc3, 0x78, 0x0f, 0x5c, 0xbc, 0x67, 0x4b, 0xf6, 0x17,
-	0x99, 0xeb, 0x82, 0x91, 0x96, 0x81, 0xae, 0x3e, 0xcf, 0x6d, 0xba, 0x32, 0x15, 0xa5, 0x5a, 0x7d,
-	0x4b, 0xb4, 0x10, 0x73, 0x18, 0xba, 0x09, 0x43, 0xeb, 0xfc, 0xc9, 0xf3, 0x7c, 0x9e, 0x1a, 0x12,
-	0xef, 0xa7, 0xb3, 0x34, 0xd4, 0xf2, 0x31, 0xf5, 0xdb, 0xfa, 0x27, 0x96, 0xd4, 0xec, 0xaf, 0x95,
-	0x60, 0x5c, 0xba, 0x97, 0x5d, 0x74, 0x23, 0xe6, 0x91, 0x60, 0xe6, 0xe6, 0x2f, 0xec, 0x9b, 0x9b,
-	0xff, 0x3d, 0x00, 0x75, 0xd2, 0xf2, 0x82, 0x0e, 0x53, 0x0e, 0x07, 0x0e, 0xac, 0x1c, 0xaa, 0xf3,
-	0xc4, 0x82, 0x6a, 0x05, 0x1b, 0x2d, 0x8a, 0xfc, 0x9b, 0x3c, 0xd5, 0x7f, 0x2a, 0xff, 0xa6, 0xf1,
-	0x20, 0xd9, 0xe0, 0xdd, 0x7d, 0x90, 0xcc, 0x85, 0x71, 0xde, 0x45, 0x95, 0xfc, 0xe0, 0x0e, 0x72,
-	0x1c, 0xb0, 0xf0, 0xb1, 0x85, 0x64, 0x33, 0x38, 0xdd, 0xae, 0xf9, 0xda, 0x58, 0xf9, 0x6e, 0xbf,
-	0x36, 0xf6, 0x76, 0xa8, 0xc8, 0x79, 0x8e, 0x26, 0x2b, 0x3a, 0x31, 0x8f, 0x5c, 0x06, 0x11, 0xd6,
-	0xf0, 0xae, 0x3c, 0x2e, 0x70, 0xaf, 0xf2, 0xb8, 0xd8, 0xaf, 0x17, 0xe9, 0xa9, 0x82, 0xf7, 0xeb,
-	0xc0, 0x8f, 0xf5, 0x5d, 0x34, 0x1e, 0xeb, 0x3b, 0xd8, 0x7c, 0x96, 0x53, 0x8f, 0xfa, 0x3d, 0x0c,
-	0x03, 0xb1, 0xd3, 0x90, 0xd1, 0xae, 0x0c, 0xba, 0xe6, 0x34, 0x22, 0xcc, 0x4a, 0x0f, 0x92, 0xae,
-	0xf8, 0x05, 0x18, 0x8d, 0xdc, 0x86, 0xef, 0xc4, 0xed, 0x90, 0x18, 0xf7, 0x97, 0xda, 0x49, 0xc7,
-	0x04, 0xe2, 0x24, 0x2e, 0xfa, 0x90, 0x05, 0x10, 0x12, 0x75, 0x66, 0x19, 0xcc, 0x63, 0x0d, 0x29,
-	0x36, 0x20, 0xdb, 0x35, 0xf3, 0x6f, 0xa8, 0xb3, 0x8a, 0x41, 0xd6, 0xfe, 0x88, 0x05, 0x13, 0x5d,
-	0xb5, 0x50, 0x0b, 0x06, 0x6b, 0xec, 0x49, 0xc5, 0x7c, 0x12, 0x3c, 0x26, 0x9f, 0x67, 0xe4, 0xc2,
-	0x89, 0x97, 0x61, 0x41, 0xc7, 0xfe, 0xf2, 0x08, 0x9c, 0xa8, 0xce, 0x2f, 0xcb, 0x07, 0x76, 0x8e,
-	0x2c, 0x7c, 0x37, 0x8b, 0xc6, 0xdd, 0x0b, 0xdf, 0xed, 0x41, 0xdd, 0x33, 0xc2, 0x77, 0x3d, 0x23,
-	0x7c, 0x37, 0x19, 0x4b, 0x59, 0xcc, 0x23, 0x96, 0x32, 0xab, 0x07, 0xfd, 0xc4, 0x52, 0x1e, 0x59,
-	0x3c, 0xef, 0x9e, 0x1d, 0x3a, 0x50, 0x3c, 0xaf, 0x0a, 0x76, 0xce, 0x25, 0x42, 0xac, 0xc7, 0x54,
-	0x65, 0x06, 0x3b, 0xab, 0x40, 0x53, 0x1e, 0xfd, 0x28, 0x84, 0xde, 0xcb, 0xf9, 0x77, 0xa0, 0x8f,
-	0x40, 0x53, 0x11, 0x80, 0x69, 0x06, 0x37, 0x0f, 0xe5, 0x11, 0xdc, 0x9c, 0xd5, 0x9d, 0x7d, 0x83,
-	0x9b, 0x5f, 0x80, 0xd1, 0x9a, 0x17, 0xf8, 0x64, 0x35, 0x0c, 0xe2, 0xa0, 0x16, 0xc8, 0x07, 0xac,
-	0xf5, 0x5b, 0x84, 0x26, 0x10, 0x27, 0x71, 0x7b, 0x45, 0x46, 0x57, 0x0e, 0x1b, 0x19, 0x0d, 0xf7,
-	0x28, 0x32, 0xda, 0x88, 0xfd, 0x1d, 0xce, 0x23, 0xf6, 0x37, 0x6b, 0x46, 0xfa, 0x7a, 0xa1, 0xfa,
-	0x0d, 0xfe, 0x7e, 0x3b, 0x3d, 0x8c, 0x70, 0x2e, 0xcc, 0xae, 0xe8, 0x86, 0xcf, 0xbe, 0x72, 0x04,
-	0x0b, 0xf6, 0x7a, 0x55, 0x93, 0x51, 0x6f, 0xba, 0xeb, 0x22, 0x9c, 0xec, 0xc8, 0x61, 0xc2, 0x92,
-	0x3f, 0x57, 0x80, 0xef, 0xdb, 0xb7, 0x0b, 0xe8, 0x26, 0x40, 0xec, 0x34, 0xc4, 0x42, 0x15, 0x17,
-	0x59, 0x87, 0xf4, 0x2b, 0x5e, 0x93, 0xed, 0xf1, 0xe4, 0x58, 0xea, 0x2f, 0xbb, 0x22, 0x92, 0xbf,
-	0x99, 0x3b, 0x71, 0xe0, 0x75, 0xe5, 0x66, 0xc6, 0x81, 0x47, 0x30, 0x83, 0x50, 0x45, 0x28, 0x24,
+	0x45, 0x87, 0x79, 0xb4, 0x4d, 0x9a, 0xb2, 0xe4, 0x57, 0x38, 0x18, 0xa2, 0xad, 0x1f, 0x56, 0x84,
+	0xa4, 0x60, 0xe8, 0x11, 0x0c, 0xca, 0xb2, 0x43, 0x32, 0x83, 0x16, 0x65, 0x4b, 0x84, 0xc9, 0xb5,
+	0x1d, 0x54, 0x38, 0xc2, 0x8a, 0x90, 0xec, 0x1f, 0x8e, 0xb5, 0xc3, 0xe1, 0xa8, 0x77, 0x75, 0x4f,
+	0x0f, 0x30, 0x58, 0x34, 0x76, 0x97, 0xd4, 0xfd, 0x9b, 0xa9, 0xcc, 0xaa, 0xac, 0xae, 0x47, 0x66,
+	0x56, 0x56, 0x66, 0x16, 0x2c, 0x35, 0xdc, 0x78, 0xb3, 0xbd, 0x3e, 0x5d, 0x0b, 0x9a, 0x33, 0x4e,
+	0xd8, 0x08, 0x5a, 0x61, 0x70, 0x83, 0xfd, 0x78, 0xaa, 0x56, 0x9f, 0xd9, 0x7e, 0x66, 0xa6, 0xb5,
+	0xd5, 0x98, 0x71, 0x5a, 0x6e, 0x34, 0xe3, 0xb4, 0x5a, 0x9e, 0x5b, 0x73, 0x62, 0x37, 0xf0, 0x67,
+	0xb6, 0x9f, 0x76, 0xbc, 0xd6, 0xa6, 0xf3, 0xf4, 0x4c, 0x83, 0xf8, 0x24, 0x74, 0x62, 0x52, 0x9f,
+	0x6e, 0x85, 0x41, 0x1c, 0xa0, 0x1f, 0xd1, 0xad, 0x4d, 0xcb, 0xd6, 0xd8, 0x8f, 0x57, 0x6a, 0xf5,
+	0xe9, 0xed, 0x67, 0xa6, 0x5b, 0x5b, 0x8d, 0x69, 0xda, 0xda, 0xb4, 0xd1, 0xda, 0xb4, 0x6c, 0xed,
+	0xf4, 0x53, 0x46, 0x5f, 0x1a, 0x41, 0x23, 0x98, 0x61, 0x8d, 0xae, 0xb7, 0x37, 0xd8, 0x3f, 0xf6,
+	0x87, 0xfd, 0xe2, 0xc4, 0x4e, 0xdb, 0x5b, 0xcf, 0x47, 0xd3, 0x6e, 0x40, 0xbb, 0x37, 0x53, 0x0b,
+	0x42, 0x32, 0xb3, 0xdd, 0xd5, 0xa1, 0xd3, 0x17, 0x35, 0x0e, 0xd9, 0x89, 0x89, 0x1f, 0xb9, 0x81,
+	0x1f, 0x3d, 0x45, 0xbb, 0x40, 0xc2, 0x6d, 0x12, 0x9a, 0x9f, 0x67, 0x20, 0x64, 0xb5, 0xf4, 0xac,
+	0x6e, 0xa9, 0xe9, 0xd4, 0x36, 0x5d, 0x9f, 0x84, 0x1d, 0x5d, 0xbd, 0x49, 0x62, 0x27, 0xab, 0xd6,
+	0x4c, 0xaf, 0x5a, 0x61, 0xdb, 0x8f, 0xdd, 0x26, 0xe9, 0xaa, 0xf0, 0x8e, 0xfd, 0x2a, 0x44, 0xb5,
+	0x4d, 0xd2, 0x74, 0xba, 0xea, 0x3d, 0xd3, 0xab, 0x5e, 0x3b, 0x76, 0xbd, 0x19, 0xd7, 0x8f, 0xa3,
+	0x38, 0x4c, 0x57, 0xb2, 0xff, 0xbe, 0x05, 0xa3, 0xb3, 0xd7, 0xab, 0xb3, 0xed, 0x78, 0x73, 0x3e,
+	0xf0, 0x37, 0xdc, 0x06, 0x7a, 0x0e, 0x86, 0x6b, 0x5e, 0x3b, 0x8a, 0x49, 0x78, 0xc5, 0x69, 0x92,
+	0x49, 0xeb, 0x8c, 0xf5, 0x44, 0x65, 0xee, 0xf8, 0x57, 0x77, 0xa7, 0xde, 0x72, 0x6b, 0x77, 0x6a,
+	0x78, 0x5e, 0x83, 0xb0, 0x89, 0x87, 0x7e, 0x00, 0x86, 0xc2, 0xc0, 0x23, 0xb3, 0xf8, 0xca, 0x64,
+	0x81, 0x55, 0x19, 0x17, 0x55, 0x86, 0x30, 0x2f, 0xc6, 0x12, 0x4e, 0x51, 0x5b, 0x61, 0xb0, 0xe1,
+	0x7a, 0x64, 0xb2, 0x98, 0x44, 0x5d, 0xe5, 0xc5, 0x58, 0xc2, 0xed, 0xcf, 0x16, 0x60, 0x7c, 0xb6,
+	0xd5, 0xba, 0x48, 0x1c, 0x2f, 0xde, 0xac, 0xc6, 0x4e, 0xdc, 0x8e, 0x50, 0x03, 0x06, 0x23, 0xf6,
+	0x4b, 0xf4, 0x6d, 0x45, 0xd4, 0x1e, 0xe4, 0xf0, 0xdb, 0xbb, 0x53, 0x3f, 0x9a, 0xb5, 0xa2, 0x1b,
+	0x6e, 0x1c, 0xb4, 0xa2, 0xa7, 0x88, 0xdf, 0x70, 0x7d, 0xc2, 0xc6, 0x65, 0x93, 0xb5, 0x3a, 0x6d,
+	0x36, 0x3e, 0x1f, 0xd4, 0x09, 0x16, 0xcd, 0xd3, 0x7e, 0x36, 0x49, 0x14, 0x39, 0x0d, 0x92, 0xfe,
+	0xa4, 0x65, 0x5e, 0x8c, 0x25, 0x1c, 0x85, 0x80, 0x3c, 0x27, 0x8a, 0xd7, 0x42, 0xc7, 0x8f, 0x5c,
+	0xba, 0xa4, 0xd7, 0xdc, 0x26, 0xff, 0xba, 0xe1, 0xb3, 0xff, 0xdf, 0x34, 0x9f, 0x98, 0x69, 0x73,
+	0x62, 0xf4, 0x3e, 0xa0, 0xeb, 0x66, 0x7a, 0xfb, 0xe9, 0x69, 0x5a, 0x63, 0xee, 0x81, 0x5b, 0xbb,
+	0x53, 0x68, 0xa9, 0xab, 0x25, 0x9c, 0xd1, 0xba, 0xfd, 0x27, 0x05, 0x80, 0xd9, 0x56, 0x6b, 0x35,
+	0x0c, 0x6e, 0x90, 0x5a, 0x8c, 0xde, 0x0b, 0x65, 0xda, 0x54, 0xdd, 0x89, 0x1d, 0x36, 0x30, 0xc3,
+	0x67, 0x7f, 0xb0, 0x3f, 0xc2, 0x2b, 0xeb, 0xb4, 0xfe, 0x32, 0x89, 0x9d, 0x39, 0x24, 0x3e, 0x10,
+	0x74, 0x19, 0x56, 0xad, 0x22, 0x1f, 0x06, 0xa2, 0x16, 0xa9, 0xb1, 0xc1, 0x18, 0x3e, 0xbb, 0x34,
+	0x7d, 0x98, 0x9d, 0x3e, 0xad, 0x7b, 0x5e, 0x6d, 0x91, 0xda, 0xdc, 0x88, 0xa0, 0x3c, 0x40, 0xff,
+	0x61, 0x46, 0x07, 0x6d, 0xab, 0x89, 0xe6, 0x03, 0x79, 0x25, 0x37, 0x8a, 0xac, 0xd5, 0xb9, 0xb1,
+	0xe4, 0xc2, 0x91, 0xf3, 0x6e, 0x7f, 0xd3, 0x82, 0x31, 0x8d, 0xbc, 0xe4, 0x46, 0x31, 0xfa, 0xc9,
+	0xae, 0xc1, 0x9d, 0xee, 0x6f, 0x70, 0x69, 0x6d, 0x36, 0xb4, 0xc7, 0x04, 0xb1, 0xb2, 0x2c, 0x31,
+	0x06, 0xb6, 0x09, 0x25, 0x37, 0x26, 0xcd, 0x68, 0xb2, 0x70, 0xa6, 0xf8, 0xc4, 0xf0, 0xd9, 0x8b,
+	0x79, 0x7d, 0xe7, 0xdc, 0xa8, 0x20, 0x5a, 0x5a, 0xa4, 0xcd, 0x63, 0x4e, 0xc5, 0xfe, 0xeb, 0x51,
+	0xf3, 0xfb, 0xe8, 0x80, 0xa3, 0xa7, 0x61, 0x38, 0x0a, 0xda, 0x61, 0x8d, 0x60, 0xd2, 0x0a, 0xe8,
+	0xc6, 0x2a, 0xd2, 0xe5, 0x4e, 0x37, 0x7c, 0x55, 0x17, 0x63, 0x13, 0x07, 0x7d, 0xd2, 0x82, 0x91,
+	0x3a, 0x89, 0x62, 0xd7, 0x67, 0xf4, 0x65, 0xe7, 0xd7, 0x0e, 0xdd, 0x79, 0x59, 0xb8, 0xa0, 0x1b,
+	0x9f, 0x3b, 0x21, 0x3e, 0x64, 0xc4, 0x28, 0x8c, 0x70, 0x82, 0x3e, 0x65, 0x5c, 0x75, 0x12, 0xd5,
+	0x42, 0xb7, 0x45, 0xff, 0x0b, 0xd6, 0xa2, 0x18, 0xd7, 0x82, 0x06, 0x61, 0x13, 0x0f, 0xf9, 0x50,
+	0xa2, 0x8c, 0x29, 0x9a, 0x1c, 0x60, 0xfd, 0x5f, 0x3c, 0x5c, 0xff, 0xc5, 0xa0, 0x52, 0x9e, 0xa7,
+	0x47, 0x9f, 0xfe, 0x8b, 0x30, 0x27, 0x83, 0x3e, 0x61, 0xc1, 0xa4, 0x60, 0x9c, 0x98, 0xf0, 0x01,
+	0xbd, 0xbe, 0xe9, 0xc6, 0xc4, 0x73, 0xa3, 0x78, 0xb2, 0xc4, 0xfa, 0x30, 0xd3, 0xdf, 0xda, 0xba,
+	0x10, 0x06, 0xed, 0xd6, 0x65, 0xd7, 0xaf, 0xcf, 0x9d, 0x11, 0x94, 0x26, 0xe7, 0x7b, 0x34, 0x8c,
+	0x7b, 0x92, 0x44, 0x9f, 0xb6, 0xe0, 0xb4, 0xef, 0x34, 0x49, 0xd4, 0x72, 0xe8, 0xd4, 0x72, 0xf0,
+	0x9c, 0xe7, 0xd4, 0xb6, 0x58, 0x8f, 0x06, 0xef, 0xac, 0x47, 0xb6, 0xe8, 0xd1, 0xe9, 0x2b, 0x3d,
+	0x9b, 0xc6, 0x7b, 0x90, 0x45, 0xbf, 0x62, 0xc1, 0x44, 0x10, 0xb6, 0x36, 0x1d, 0x9f, 0xd4, 0x25,
+	0x34, 0x9a, 0x1c, 0x62, 0x5b, 0xef, 0x3d, 0x87, 0x9b, 0xa2, 0x95, 0x74, 0xb3, 0xcb, 0x81, 0xef,
+	0xc6, 0x41, 0x58, 0x25, 0x71, 0xec, 0xfa, 0x8d, 0x68, 0xee, 0xe4, 0xad, 0xdd, 0xa9, 0x89, 0x2e,
+	0x2c, 0xdc, 0xdd, 0x1f, 0xf4, 0x53, 0x30, 0x1c, 0x75, 0xfc, 0xda, 0x75, 0xd7, 0xaf, 0x07, 0x37,
+	0xa3, 0xc9, 0x72, 0x1e, 0xdb, 0xb7, 0xaa, 0x1a, 0x14, 0x1b, 0x50, 0x13, 0xc0, 0x26, 0xb5, 0xec,
+	0x89, 0xd3, 0x4b, 0xa9, 0x92, 0xf7, 0xc4, 0xe9, 0xc5, 0xb4, 0x07, 0x59, 0xf4, 0xf3, 0x16, 0x8c,
+	0x46, 0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x2e, 0x93, 0x4e, 0x34, 0x09, 0xac, 0x23, 0x97, 0x0e,
+	0x39, 0x2a, 0x46, 0x93, 0x73, 0x27, 0x45, 0x1f, 0x47, 0xcd, 0xd2, 0x08, 0x27, 0xe9, 0x66, 0x6d,
+	0x34, 0xbd, 0xac, 0x87, 0xf3, 0xdd, 0x68, 0x7a, 0x51, 0xf7, 0x24, 0x89, 0x7e, 0x1c, 0x8e, 0xf1,
+	0x22, 0x35, 0xb2, 0xd1, 0xe4, 0x08, 0x63, 0xb4, 0x27, 0x6e, 0xed, 0x4e, 0x1d, 0xab, 0xa6, 0x60,
+	0xb8, 0x0b, 0x1b, 0xbd, 0x0a, 0x53, 0x2d, 0x12, 0x36, 0xdd, 0x78, 0xc5, 0xf7, 0x3a, 0x92, 0x7d,
+	0xd7, 0x82, 0x16, 0xa9, 0x8b, 0xee, 0x44, 0x93, 0xa3, 0x67, 0xac, 0x27, 0xca, 0x73, 0x6f, 0x13,
+	0xdd, 0x9c, 0x5a, 0xdd, 0x1b, 0x1d, 0xef, 0xd7, 0x1e, 0xfa, 0x8a, 0x05, 0xa7, 0x0d, 0x2e, 0x5b,
+	0x25, 0xe1, 0xb6, 0x5b, 0x23, 0xb3, 0xb5, 0x5a, 0xd0, 0xf6, 0xe3, 0x68, 0x72, 0x8c, 0x0d, 0xe3,
+	0xfa, 0x51, 0xf0, 0xfc, 0x24, 0x29, 0xbd, 0x2e, 0x7b, 0xa2, 0x44, 0x78, 0x8f, 0x9e, 0xda, 0x7f,
+	0x50, 0x80, 0x63, 0x69, 0x0d, 0x00, 0xfd, 0x63, 0x0b, 0xc6, 0x6f, 0xdc, 0x8c, 0xd7, 0x82, 0x2d,
+	0xe2, 0x47, 0x73, 0x1d, 0xca, 0xa7, 0x99, 0xec, 0x1b, 0x3e, 0x5b, 0xcb, 0x57, 0xd7, 0x98, 0xbe,
+	0x94, 0xa4, 0x72, 0xce, 0x8f, 0xc3, 0xce, 0xdc, 0x83, 0xe2, 0x9b, 0xc6, 0x2f, 0x5d, 0x5f, 0x33,
+	0xa1, 0x38, 0xdd, 0xa9, 0xd3, 0x1f, 0xb3, 0xe0, 0x44, 0x56, 0x13, 0xe8, 0x18, 0x14, 0xb7, 0x48,
+	0x87, 0x6b, 0xc2, 0x98, 0xfe, 0x44, 0x2f, 0x43, 0x69, 0xdb, 0xf1, 0xda, 0x44, 0xa8, 0x69, 0x17,
+	0x0e, 0xf7, 0x21, 0xaa, 0x67, 0x98, 0xb7, 0xfa, 0xc3, 0x85, 0xe7, 0x2d, 0xfb, 0x8f, 0x8a, 0x30,
+	0x6c, 0x4c, 0xda, 0x5d, 0x50, 0x3d, 0x83, 0x84, 0xea, 0xb9, 0x9c, 0xdb, 0x7a, 0xeb, 0xa9, 0x7b,
+	0xde, 0x4c, 0xe9, 0x9e, 0x2b, 0xf9, 0x91, 0xdc, 0x53, 0xf9, 0x44, 0x31, 0x54, 0x82, 0x16, 0x3d,
+	0xa2, 0x51, 0x1d, 0x66, 0x20, 0x8f, 0x29, 0x5c, 0x91, 0xcd, 0xcd, 0x8d, 0xde, 0xda, 0x9d, 0xaa,
+	0xa8, 0xbf, 0x58, 0x13, 0xb2, 0xbf, 0x61, 0xc1, 0x09, 0xa3, 0x8f, 0xf3, 0x81, 0x5f, 0x67, 0x07,
+	0x0d, 0x74, 0x06, 0x06, 0xe2, 0x4e, 0x4b, 0x1e, 0x03, 0xd5, 0x48, 0xad, 0x75, 0x5a, 0x04, 0x33,
+	0xc8, 0xfd, 0x7e, 0x4a, 0xfa, 0xb4, 0x05, 0x0f, 0x64, 0x33, 0x18, 0xf4, 0x38, 0x0c, 0x72, 0x1b,
+	0x80, 0xf8, 0x3a, 0x3d, 0x25, 0xac, 0x14, 0x0b, 0x28, 0x9a, 0x81, 0x8a, 0x12, 0x78, 0xe2, 0x1b,
+	0x27, 0x04, 0x6a, 0x45, 0x4b, 0x49, 0x8d, 0x43, 0x07, 0x8d, 0xfe, 0x11, 0x2a, 0xa8, 0x1a, 0x34,
+	0x76, 0x68, 0x66, 0x10, 0xfb, 0xeb, 0x16, 0xbc, 0xb5, 0x1f, 0xb6, 0x77, 0x74, 0x7d, 0xac, 0xc2,
+	0xc9, 0x3a, 0xd9, 0x70, 0xda, 0x5e, 0x9c, 0xa4, 0x28, 0x3a, 0xfd, 0x88, 0xa8, 0x7c, 0x72, 0x21,
+	0x0b, 0x09, 0x67, 0xd7, 0xb5, 0xff, 0x93, 0xc5, 0x8e, 0xeb, 0xf2, 0xb3, 0xee, 0xc2, 0xd1, 0xc9,
+	0x4f, 0x1e, 0x9d, 0x16, 0x73, 0xdb, 0xa6, 0x3d, 0xce, 0x4e, 0x9f, 0xb0, 0xe0, 0xb4, 0x81, 0xb5,
+	0xec, 0xc4, 0xb5, 0xcd, 0x73, 0x3b, 0xad, 0x90, 0x44, 0x11, 0x5d, 0x52, 0x8f, 0x18, 0xec, 0x78,
+	0x6e, 0x58, 0xb4, 0x50, 0xbc, 0x4c, 0x3a, 0x9c, 0x37, 0x3f, 0x09, 0x65, 0xbe, 0xe7, 0x82, 0x50,
+	0x4c, 0x92, 0xfa, 0xb6, 0x15, 0x51, 0x8e, 0x15, 0x06, 0xb2, 0x61, 0x90, 0xf1, 0x5c, 0xca, 0x83,
+	0xa8, 0x9a, 0x00, 0x74, 0xde, 0xaf, 0xb1, 0x12, 0x2c, 0x20, 0x76, 0x94, 0xe8, 0xce, 0x6a, 0x48,
+	0xd8, 0x7a, 0xa8, 0x9f, 0x77, 0x89, 0x57, 0x8f, 0xe8, 0xb1, 0xce, 0xf1, 0xfd, 0x20, 0x16, 0x27,
+	0x34, 0xe3, 0x58, 0x37, 0xab, 0x8b, 0xb1, 0x89, 0x43, 0x89, 0x7a, 0xce, 0x3a, 0xf1, 0xf8, 0x88,
+	0x0a, 0xa2, 0x4b, 0xac, 0x04, 0x0b, 0x88, 0x7d, 0xab, 0xc0, 0x0e, 0x90, 0x8a, 0xa3, 0x91, 0xbb,
+	0x61, 0x7d, 0x08, 0x13, 0x22, 0x60, 0x35, 0x3f, 0x7e, 0x4c, 0x7a, 0x5b, 0x20, 0x5e, 0x4b, 0x49,
+	0x01, 0x9c, 0x2b, 0xd5, 0xbd, 0xad, 0x10, 0x1f, 0x28, 0xc2, 0x54, 0xb2, 0x42, 0x97, 0x10, 0xa1,
+	0x47, 0x5e, 0x83, 0x50, 0xda, 0x56, 0x67, 0xe0, 0x63, 0x13, 0xaf, 0x07, 0x1f, 0x2e, 0x1c, 0x25,
+	0x1f, 0x36, 0xc5, 0x44, 0x71, 0x1f, 0x31, 0xf1, 0xb8, 0x1a, 0xf5, 0x81, 0x14, 0xcf, 0x4b, 0x8a,
+	0xca, 0x33, 0x30, 0x10, 0xc5, 0xa4, 0x35, 0x59, 0x4a, 0xb2, 0xd9, 0x6a, 0x4c, 0x5a, 0x98, 0x41,
+	0xd0, 0x8f, 0xc2, 0x78, 0xec, 0x84, 0x0d, 0x12, 0x87, 0x64, 0xdb, 0x65, 0x76, 0x5d, 0x76, 0x9e,
+	0xad, 0xcc, 0x1d, 0xa7, 0x5a, 0xd7, 0x1a, 0x03, 0x61, 0x09, 0xc2, 0x69, 0x5c, 0xfb, 0xbf, 0x15,
+	0xe0, 0xc1, 0xe4, 0x14, 0x68, 0xc1, 0xf8, 0x63, 0x09, 0xc1, 0xf8, 0x76, 0x53, 0x30, 0xde, 0xde,
+	0x9d, 0x7a, 0xa8, 0x47, 0xb5, 0xef, 0x1a, 0xb9, 0x89, 0x2e, 0xa4, 0x26, 0x61, 0xa6, 0xcb, 0xca,
+	0xfa, 0x48, 0x8f, 0x6f, 0x4c, 0xcd, 0xd2, 0xe3, 0x30, 0x18, 0x12, 0x27, 0x0a, 0x7c, 0x31, 0x4f,
+	0x6a, 0x36, 0x31, 0x2b, 0xc5, 0x02, 0x6a, 0x7f, 0xad, 0x92, 0x1e, 0xec, 0x0b, 0xdc, 0x56, 0x1d,
+	0x84, 0xc8, 0x85, 0x01, 0x76, 0x6a, 0xe3, 0x9c, 0xe5, 0xf2, 0xe1, 0x76, 0x21, 0x95, 0x22, 0xaa,
+	0xe9, 0xb9, 0x32, 0x9d, 0x35, 0x5a, 0x84, 0x19, 0x09, 0xb4, 0x03, 0xe5, 0x9a, 0x3c, 0x4c, 0x15,
+	0xf2, 0x30, 0x3b, 0x8a, 0xa3, 0x94, 0xa6, 0x38, 0x42, 0xd9, 0xbd, 0x3a, 0x81, 0x29, 0x6a, 0x88,
+	0x40, 0xb1, 0xe1, 0xc6, 0x62, 0x5a, 0x0f, 0x79, 0x5c, 0xbe, 0xe0, 0x1a, 0x9f, 0x38, 0x44, 0x65,
+	0xd0, 0x05, 0x37, 0xc6, 0xb4, 0x7d, 0xf4, 0x11, 0x0b, 0x86, 0xa3, 0x5a, 0x73, 0x35, 0x0c, 0xb6,
+	0xdd, 0x3a, 0x09, 0x85, 0x8e, 0x79, 0x48, 0xce, 0x56, 0x9d, 0x5f, 0x96, 0x0d, 0x6a, 0xba, 0xdc,
+	0x7c, 0xa1, 0x21, 0xd8, 0xa4, 0x4b, 0xcf, 0x5e, 0x0f, 0x8a, 0x6f, 0x5f, 0x20, 0x35, 0xb6, 0xe3,
+	0xe4, 0x99, 0x99, 0xad, 0x94, 0x43, 0xeb, 0xdc, 0x0b, 0xed, 0xda, 0x16, 0xdd, 0x6f, 0xba, 0x43,
+	0x0f, 0xdd, 0xda, 0x9d, 0x7a, 0x70, 0x3e, 0x9b, 0x26, 0xee, 0xd5, 0x19, 0x36, 0x60, 0xad, 0xb6,
+	0xe7, 0x61, 0xf2, 0x6a, 0x9b, 0x30, 0x8b, 0x58, 0x0e, 0x03, 0xb6, 0xaa, 0x1b, 0x4c, 0x0d, 0x98,
+	0x01, 0xc1, 0x26, 0x5d, 0xf4, 0x2a, 0x0c, 0x36, 0x9d, 0x38, 0x74, 0x77, 0x84, 0x19, 0xec, 0x90,
+	0xa7, 0xa0, 0x65, 0xd6, 0x96, 0x26, 0xce, 0x04, 0x3d, 0x2f, 0xc4, 0x82, 0x10, 0x6a, 0x42, 0xa9,
+	0x49, 0xc2, 0x06, 0x99, 0x2c, 0xe7, 0x61, 0xf2, 0x5f, 0xa6, 0x4d, 0x69, 0x82, 0x15, 0xaa, 0x5c,
+	0xb1, 0x32, 0xcc, 0xa9, 0xa0, 0x97, 0xa1, 0x1c, 0x11, 0x8f, 0xd4, 0xa8, 0x7a, 0x54, 0x61, 0x14,
+	0x9f, 0xe9, 0x53, 0x55, 0xa4, 0x7a, 0x49, 0x55, 0x54, 0xe5, 0x1b, 0x4c, 0xfe, 0xc3, 0xaa, 0x49,
+	0x3a, 0x80, 0x2d, 0xaf, 0xdd, 0x70, 0xfd, 0x49, 0xc8, 0x63, 0x00, 0x57, 0x59, 0x5b, 0xa9, 0x01,
+	0xe4, 0x85, 0x58, 0x10, 0xb2, 0xff, 0xab, 0x05, 0x28, 0xc9, 0xd4, 0xee, 0x82, 0x4e, 0xfc, 0x6a,
+	0x52, 0x27, 0x5e, 0xca, 0x53, 0x69, 0xe9, 0xa1, 0x16, 0xff, 0x66, 0x05, 0x52, 0xe2, 0xe0, 0x0a,
+	0x89, 0x62, 0x52, 0x7f, 0x93, 0x85, 0xbf, 0xc9, 0xc2, 0xdf, 0x64, 0xe1, 0x8a, 0x85, 0xaf, 0xa7,
+	0x58, 0xf8, 0x3b, 0x8d, 0x5d, 0xaf, 0x7d, 0x0f, 0x5e, 0x51, 0xce, 0x09, 0x66, 0x0f, 0x0c, 0x04,
+	0xca, 0x09, 0x2e, 0x55, 0x57, 0xae, 0x64, 0xf2, 0xec, 0x57, 0x92, 0x3c, 0xfb, 0xb0, 0x24, 0xfe,
+	0x26, 0x70, 0xe9, 0xaf, 0x58, 0xf0, 0xb6, 0x24, 0xf7, 0x92, 0x2b, 0x67, 0xb1, 0xe1, 0x07, 0x21,
+	0x59, 0x70, 0x37, 0x36, 0x48, 0x48, 0xfc, 0x1a, 0x89, 0x94, 0x6d, 0xc7, 0xea, 0x65, 0xdb, 0x41,
+	0xcf, 0xc2, 0xc8, 0x8d, 0x28, 0xf0, 0x57, 0x03, 0xd7, 0x17, 0x2c, 0x88, 0x9e, 0x38, 0x8e, 0xdd,
+	0xda, 0x9d, 0x1a, 0xa1, 0x23, 0x2a, 0xcb, 0x71, 0x02, 0x0b, 0xcd, 0xc3, 0xc4, 0x8d, 0x57, 0x57,
+	0x9d, 0xd8, 0xb0, 0x26, 0xc8, 0x73, 0x3f, 0xbb, 0x8f, 0xba, 0xf4, 0x62, 0x0a, 0x88, 0xbb, 0xf1,
+	0xed, 0xbf, 0x57, 0x80, 0x53, 0xa9, 0x0f, 0x09, 0x3c, 0x2f, 0x68, 0xc7, 0xf4, 0x4c, 0x84, 0x3e,
+	0x6f, 0xc1, 0xb1, 0x66, 0xd2, 0x60, 0x11, 0x09, 0x73, 0xf7, 0x4f, 0xe4, 0x26, 0x23, 0x52, 0x16,
+	0x91, 0xb9, 0x49, 0x31, 0x42, 0xc7, 0x52, 0x80, 0x08, 0x77, 0xf5, 0x05, 0xbd, 0x0c, 0x95, 0xa6,
+	0xb3, 0x73, 0xb5, 0x55, 0x77, 0x62, 0x79, 0x1c, 0xed, 0x6d, 0x45, 0x68, 0xc7, 0xae, 0x37, 0xcd,
+	0xbd, 0x5a, 0xa6, 0x17, 0xfd, 0x78, 0x25, 0xac, 0xc6, 0xa1, 0xeb, 0x37, 0xb8, 0x91, 0x73, 0x59,
+	0x36, 0x83, 0x75, 0x8b, 0xf6, 0xe7, 0xac, 0xb4, 0x90, 0x52, 0xa3, 0x13, 0x3a, 0x31, 0x69, 0x74,
+	0xd0, 0xfb, 0xa0, 0x44, 0xcf, 0x8d, 0x72, 0x54, 0xae, 0xe7, 0x29, 0x39, 0x8d, 0x99, 0xd0, 0x42,
+	0x94, 0xfe, 0x8b, 0x30, 0x27, 0x6a, 0x7f, 0xbe, 0x92, 0x56, 0x16, 0xd8, 0xdd, 0xfc, 0x59, 0x80,
+	0x46, 0xb0, 0x46, 0x9a, 0x2d, 0x8f, 0x0e, 0x8b, 0xc5, 0x2e, 0x78, 0x94, 0xa9, 0xe4, 0x82, 0x82,
+	0x60, 0x03, 0x0b, 0xfd, 0x82, 0x05, 0xd0, 0x90, 0x6b, 0x5e, 0x2a, 0x02, 0x57, 0xf3, 0xfc, 0x1c,
+	0xbd, 0xa3, 0x74, 0x5f, 0x14, 0x41, 0x6c, 0x10, 0x47, 0x3f, 0x6b, 0x41, 0x39, 0x96, 0xdd, 0xe7,
+	0xa2, 0x71, 0x2d, 0xcf, 0x9e, 0xc8, 0x8f, 0xd6, 0x3a, 0x91, 0x1a, 0x12, 0x45, 0x17, 0xfd, 0x9c,
+	0x05, 0x10, 0x75, 0xfc, 0xda, 0x6a, 0xe0, 0xb9, 0xb5, 0x8e, 0x90, 0x98, 0xd7, 0x72, 0x35, 0xe7,
+	0xa8, 0xd6, 0xe7, 0xc6, 0xe8, 0x68, 0xe8, 0xff, 0xd8, 0xa0, 0x8c, 0xde, 0x0f, 0xe5, 0x48, 0x2c,
+	0x37, 0x21, 0x23, 0xd7, 0xf2, 0x35, 0x2a, 0xf1, 0xb6, 0x05, 0x7b, 0x15, 0xff, 0xb0, 0xa2, 0x89,
+	0x3e, 0x63, 0xc1, 0x78, 0x2b, 0x69, 0x26, 0x14, 0xe2, 0x30, 0x3f, 0x1e, 0x90, 0x32, 0x43, 0x72,
+	0x6b, 0x4b, 0xaa, 0x10, 0xa7, 0x7b, 0x41, 0x39, 0xa0, 0x5e, 0xc1, 0x2b, 0x2d, 0x6e, 0xb2, 0x1c,
+	0xd2, 0x1c, 0xf0, 0x42, 0x1a, 0x88, 0xbb, 0xf1, 0xd1, 0x2a, 0x9c, 0xa0, 0xbd, 0xeb, 0x70, 0xf5,
+	0x53, 0x8a, 0x97, 0x88, 0x09, 0xc3, 0xf2, 0xdc, 0xc3, 0x62, 0x85, 0xb0, 0xbb, 0x8e, 0x34, 0x0e,
+	0xce, 0xac, 0x89, 0xfe, 0xc8, 0x82, 0x87, 0x5d, 0x26, 0x06, 0x4c, 0x83, 0xbd, 0x96, 0x08, 0xe2,
+	0xa2, 0x9d, 0xe4, 0xca, 0x2b, 0x7a, 0x89, 0x9f, 0xb9, 0xb7, 0x8a, 0x2f, 0x78, 0x78, 0x71, 0x8f,
+	0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x08, 0x46, 0xe5, 0xbe, 0x58, 0xa5, 0x2c, 0x98, 0x09, 0xda,
+	0xca, 0xdc, 0xc4, 0xad, 0xdd, 0xa9, 0xd1, 0x35, 0x13, 0x80, 0x93, 0x78, 0xf6, 0xbf, 0x2e, 0x26,
+	0x6e, 0x89, 0x94, 0x0d, 0x93, 0xb1, 0x9b, 0x9a, 0xb4, 0xff, 0x48, 0xee, 0x99, 0x2b, 0xbb, 0x51,
+	0xd6, 0x25, 0xcd, 0x6e, 0x54, 0x51, 0x84, 0x0d, 0xe2, 0x54, 0x29, 0x9d, 0x70, 0xd2, 0x96, 0x52,
+	0xc1, 0x01, 0x5f, 0xce, 0xb3, 0x4b, 0xdd, 0x77, 0x7a, 0xa7, 0x44, 0xd7, 0x26, 0xba, 0x40, 0xb8,
+	0xbb, 0x4b, 0xe8, 0xa7, 0xa1, 0x12, 0x2a, 0xcf, 0x96, 0x62, 0x1e, 0x47, 0x35, 0xb9, 0x6c, 0x44,
+	0x77, 0xd4, 0x05, 0x90, 0xf6, 0x61, 0xd1, 0x14, 0xed, 0x3f, 0x4c, 0x5e, 0x8c, 0x19, 0xbc, 0xa3,
+	0x8f, 0x4b, 0xbf, 0x4f, 0x5a, 0x30, 0x1c, 0x06, 0x9e, 0xe7, 0xfa, 0x0d, 0xca, 0xe7, 0x84, 0xb0,
+	0x7e, 0xf7, 0x91, 0xc8, 0x4b, 0xc1, 0xd0, 0x98, 0x66, 0x8d, 0x35, 0x4d, 0x6c, 0x76, 0xc0, 0xfe,
+	0xa6, 0x05, 0x93, 0xbd, 0xf8, 0x31, 0x22, 0xf0, 0x90, 0x64, 0x36, 0x6a, 0x28, 0x56, 0xfc, 0x05,
+	0xe2, 0x11, 0x65, 0x36, 0x2f, 0xcf, 0x3d, 0x26, 0x3e, 0xf3, 0xa1, 0xd5, 0xde, 0xa8, 0x78, 0xaf,
+	0x76, 0xd0, 0x4b, 0x70, 0xcc, 0xf8, 0xae, 0x48, 0x0d, 0x4c, 0x65, 0x6e, 0x9a, 0x2a, 0x40, 0xb3,
+	0x29, 0xd8, 0xed, 0xdd, 0xa9, 0x07, 0xd2, 0x65, 0x42, 0x60, 0x74, 0xb5, 0x63, 0xff, 0x6a, 0x21,
+	0x3d, 0x5b, 0x4a, 0xd6, 0xbf, 0x61, 0x75, 0x59, 0x13, 0x7e, 0xe2, 0x28, 0xe4, 0x2b, 0xb3, 0x3b,
+	0x28, 0x37, 0x8c, 0xde, 0x38, 0xf7, 0xf0, 0xda, 0xde, 0xfe, 0x37, 0x03, 0xb0, 0x47, 0xcf, 0xfa,
+	0x50, 0xde, 0x0f, 0x7c, 0x8f, 0xfa, 0x71, 0x4b, 0x5d, 0x98, 0xf1, 0x3d, 0x5c, 0x3f, 0xaa, 0xb1,
+	0xe7, 0xe7, 0xa7, 0x88, 0xbb, 0x8e, 0x28, 0x2b, 0x7a, 0xf2, 0x6a, 0x0e, 0x7d, 0xc1, 0x4a, 0x5e,
+	0xf9, 0x71, 0xa7, 0x46, 0xf7, 0xc8, 0xfa, 0x64, 0xdc, 0x23, 0xf2, 0x8e, 0xe9, 0xdb, 0xa7, 0x5e,
+	0x37, 0x8c, 0xd3, 0x00, 0x1b, 0xae, 0xef, 0x78, 0xee, 0x6b, 0xf4, 0x74, 0x54, 0x62, 0x02, 0x9e,
+	0x69, 0x4c, 0xe7, 0x55, 0x29, 0x36, 0x30, 0x4e, 0xff, 0xff, 0x30, 0x6c, 0x7c, 0x79, 0x86, 0xc7,
+	0xcb, 0x09, 0xd3, 0xe3, 0xa5, 0x62, 0x38, 0xaa, 0x9c, 0x7e, 0x27, 0x1c, 0x4b, 0x77, 0xf0, 0x20,
+	0xf5, 0xed, 0xff, 0x35, 0x94, 0xbe, 0x83, 0x5b, 0x23, 0x61, 0x93, 0x76, 0xed, 0x4d, 0xc3, 0xd6,
+	0x9b, 0x86, 0xad, 0x37, 0x0d, 0x5b, 0xe6, 0xdd, 0x84, 0x30, 0xda, 0x0c, 0xdd, 0x25, 0xa3, 0x4d,
+	0xc2, 0x0c, 0x55, 0xce, 0xdd, 0x0c, 0x65, 0x7f, 0xa4, 0xcb, 0x72, 0xbf, 0x16, 0x12, 0x82, 0x02,
+	0x28, 0xf9, 0x41, 0x9d, 0x48, 0x1d, 0xf7, 0x52, 0x3e, 0x0a, 0xdb, 0x95, 0xa0, 0x6e, 0xb8, 0x8b,
+	0xd3, 0x7f, 0x11, 0xe6, 0x74, 0xec, 0x0f, 0x0f, 0x42, 0x42, 0x9d, 0xe4, 0xf3, 0xfe, 0x03, 0x30,
+	0x14, 0x92, 0x56, 0x70, 0x15, 0x2f, 0x09, 0x59, 0xa6, 0xa3, 0x6d, 0x78, 0x31, 0x96, 0x70, 0x2a,
+	0xf3, 0x5a, 0x4e, 0xbc, 0x29, 0x84, 0x99, 0x92, 0x79, 0xab, 0x4e, 0xbc, 0x89, 0x19, 0x04, 0xbd,
+	0x13, 0xc6, 0xe2, 0xc4, 0x55, 0xb8, 0xb8, 0xf2, 0x7d, 0x40, 0xe0, 0x8e, 0x25, 0x2f, 0xca, 0x71,
+	0x0a, 0x1b, 0xbd, 0x0a, 0x03, 0x9b, 0xc4, 0x6b, 0x8a, 0xa9, 0xaf, 0xe6, 0x27, 0x6b, 0xd8, 0xb7,
+	0x5e, 0x24, 0x5e, 0x93, 0x73, 0x42, 0xfa, 0x0b, 0x33, 0x52, 0x74, 0xdd, 0x57, 0xb6, 0xda, 0x51,
+	0x1c, 0x34, 0xdd, 0xd7, 0xa4, 0xa5, 0xf3, 0x27, 0x72, 0x26, 0x7c, 0x59, 0xb6, 0xcf, 0x4d, 0x4a,
+	0xea, 0x2f, 0xd6, 0x94, 0x59, 0x3f, 0xea, 0x6e, 0xc8, 0x96, 0x4c, 0x47, 0x18, 0x2c, 0xf3, 0xee,
+	0xc7, 0x82, 0x6c, 0x9f, 0xf7, 0x43, 0xfd, 0xc5, 0x9a, 0x32, 0xea, 0xa8, 0xfd, 0x37, 0xcc, 0xfa,
+	0x70, 0x35, 0xe7, 0x3e, 0xf0, 0xbd, 0x97, 0xb9, 0x0f, 0x1f, 0x83, 0x52, 0x6d, 0xd3, 0x09, 0xe3,
+	0xc9, 0x11, 0xb6, 0x68, 0xd4, 0x2a, 0x9e, 0xa7, 0x85, 0x98, 0xc3, 0xd0, 0x23, 0x50, 0x0c, 0xc9,
+	0x06, 0xf3, 0x4e, 0x36, 0xfc, 0xa2, 0x30, 0xd9, 0xc0, 0xb4, 0x5c, 0xe9, 0x65, 0x63, 0x3d, 0x1d,
+	0xe6, 0x7e, 0xb9, 0x90, 0x54, 0xec, 0x92, 0x23, 0xc3, 0xf7, 0x43, 0xad, 0x1d, 0x46, 0xd2, 0x40,
+	0x66, 0xec, 0x07, 0x56, 0x8c, 0x25, 0x1c, 0x7d, 0xd0, 0x82, 0xa1, 0x1b, 0x51, 0xe0, 0xfb, 0x24,
+	0x16, 0x42, 0xf4, 0x5a, 0xce, 0x83, 0x75, 0x89, 0xb7, 0xae, 0xfb, 0x20, 0x0a, 0xb0, 0xa4, 0x4b,
+	0xbb, 0x4b, 0x76, 0x6a, 0x5e, 0xbb, 0xde, 0xe5, 0x0c, 0x73, 0x8e, 0x17, 0x63, 0x09, 0xa7, 0xa8,
+	0xae, 0xcf, 0x51, 0x07, 0x92, 0xa8, 0x8b, 0xbe, 0x40, 0x15, 0x70, 0xfb, 0xd7, 0xcb, 0x70, 0x32,
+	0x73, 0xfb, 0x50, 0x95, 0x8b, 0x29, 0x35, 0xe7, 0x5d, 0x8f, 0x48, 0x37, 0x30, 0xa6, 0x72, 0x5d,
+	0x53, 0xa5, 0xd8, 0xc0, 0x40, 0x3f, 0x03, 0xd0, 0x72, 0x42, 0xa7, 0x49, 0x94, 0x01, 0xfb, 0xd0,
+	0x9a, 0x0d, 0xed, 0xc7, 0xaa, 0x6c, 0x53, 0x1f, 0xe2, 0x55, 0x51, 0x84, 0x0d, 0x92, 0xe8, 0x39,
+	0x18, 0x0e, 0x89, 0x47, 0x9c, 0x88, 0xb9, 0xbf, 0xa7, 0x63, 0x79, 0xb0, 0x06, 0x61, 0x13, 0x0f,
+	0x3d, 0xae, 0x3c, 0xe6, 0x52, 0x9e, 0x43, 0x49, 0xaf, 0x39, 0xf4, 0x29, 0x0b, 0xc6, 0x36, 0x5c,
+	0x8f, 0x68, 0xea, 0x22, 0xf2, 0x66, 0xe5, 0xf0, 0x1f, 0x79, 0xde, 0x6c, 0x57, 0xf3, 0xd0, 0x44,
+	0x71, 0x84, 0x53, 0xe4, 0xe9, 0x34, 0x6f, 0x93, 0x90, 0x31, 0xdf, 0xc1, 0xe4, 0x34, 0x5f, 0xe3,
+	0xc5, 0x58, 0xc2, 0xd1, 0x2c, 0x8c, 0xb7, 0x9c, 0x28, 0x9a, 0x0f, 0x49, 0x9d, 0xf8, 0xb1, 0xeb,
+	0x78, 0x3c, 0x2e, 0xa6, 0xac, 0xdd, 0xc9, 0x57, 0x93, 0x60, 0x9c, 0xc6, 0x47, 0xef, 0x82, 0x07,
+	0xb9, 0x85, 0x68, 0xd9, 0x8d, 0x22, 0xd7, 0x6f, 0xe8, 0x65, 0x20, 0x0c, 0x65, 0x53, 0xa2, 0xa9,
+	0x07, 0x17, 0xb3, 0xd1, 0x70, 0xaf, 0xfa, 0xe8, 0x49, 0x28, 0x47, 0x5b, 0x6e, 0x6b, 0x3e, 0xac,
+	0x47, 0xec, 0x76, 0xa8, 0xac, 0xcd, 0xb2, 0x55, 0x51, 0x8e, 0x15, 0x06, 0xaa, 0xc1, 0x08, 0x9f,
+	0x12, 0xee, 0xf2, 0x27, 0x38, 0xe8, 0x53, 0x3d, 0x05, 0xb9, 0x08, 0x81, 0x9d, 0xc6, 0xce, 0xcd,
+	0x73, 0xf2, 0xae, 0x8a, 0x5f, 0xad, 0x5c, 0x33, 0x9a, 0xc1, 0x89, 0x46, 0x93, 0x67, 0xba, 0xe1,
+	0x3e, 0xce, 0x74, 0xcf, 0xc1, 0xf0, 0x56, 0x7b, 0x9d, 0x88, 0x91, 0x17, 0x8c, 0x4d, 0xad, 0xbe,
+	0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xe6, 0x6d, 0xd9, 0x72, 0xc5, 0xbf, 0x68, 0x72, 0xd4, 0xf0, 0xb6,
+	0x5c, 0x5d, 0x94, 0xc5, 0xd8, 0xc4, 0xa1, 0x5d, 0xa3, 0x63, 0xb1, 0x46, 0x22, 0x16, 0x4c, 0x41,
+	0x87, 0x4b, 0x75, 0xad, 0x2a, 0x01, 0x58, 0xe3, 0xa0, 0x55, 0x38, 0x41, 0xff, 0x54, 0x59, 0x08,
+	0xf0, 0x35, 0xc7, 0x73, 0xeb, 0xdc, 0xf5, 0x6f, 0x3c, 0x69, 0xdf, 0xac, 0x66, 0xe0, 0xe0, 0xcc,
+	0x9a, 0xf6, 0x67, 0x0b, 0x49, 0xcb, 0x89, 0xc9, 0xc2, 0x50, 0x44, 0x19, 0x55, 0x7c, 0xcd, 0x09,
+	0xa5, 0xc2, 0x73, 0xc8, 0xe0, 0x26, 0xd1, 0xee, 0x35, 0x27, 0x34, 0x59, 0x1e, 0x23, 0x80, 0x25,
+	0x25, 0x74, 0x03, 0x06, 0x62, 0xcf, 0xc9, 0x29, 0x1a, 0xd2, 0xa0, 0xa8, 0x0d, 0x59, 0x4b, 0xb3,
+	0x11, 0x66, 0x34, 0xd0, 0xc3, 0xf4, 0xf4, 0xb6, 0x2e, 0x6f, 0xda, 0xc4, 0x81, 0x6b, 0x3d, 0xc2,
+	0xac, 0xd4, 0xfe, 0xdb, 0xa3, 0x19, 0x52, 0x47, 0x29, 0x02, 0xe8, 0x2c, 0x00, 0x5d, 0x34, 0xab,
+	0x21, 0xd9, 0x70, 0x77, 0x84, 0x22, 0xa6, 0x38, 0xdb, 0x15, 0x05, 0xc1, 0x06, 0x96, 0xac, 0x53,
+	0x6d, 0x6f, 0xd0, 0x3a, 0x85, 0xee, 0x3a, 0x1c, 0x82, 0x0d, 0x2c, 0xf4, 0x2c, 0x0c, 0xba, 0x4d,
+	0xa7, 0xa1, 0x1c, 0x81, 0x1f, 0xa6, 0x2c, 0x6d, 0x91, 0x95, 0xdc, 0xde, 0x9d, 0x1a, 0x53, 0x1d,
+	0x62, 0x45, 0x58, 0xe0, 0xa2, 0x5f, 0xb5, 0x60, 0xa4, 0x16, 0x34, 0x9b, 0x81, 0xcf, 0x8f, 0xcf,
+	0xc2, 0x16, 0x70, 0xe3, 0xa8, 0xd4, 0xa4, 0xe9, 0x79, 0x83, 0x18, 0x37, 0x06, 0xa8, 0xb0, 0x4d,
+	0x13, 0x84, 0x13, 0xbd, 0x32, 0x39, 0x5f, 0x69, 0x1f, 0xce, 0xf7, 0x1b, 0x16, 0x4c, 0xf0, 0xba,
+	0xc6, 0xa9, 0x5e, 0x44, 0x28, 0x06, 0x47, 0xfc, 0x59, 0x5d, 0x86, 0x0e, 0x65, 0xec, 0xed, 0x82,
+	0xe3, 0xee, 0x4e, 0xa2, 0x0b, 0x30, 0xb1, 0x11, 0x84, 0x35, 0x62, 0x0e, 0x84, 0x60, 0xdb, 0xaa,
+	0xa1, 0xf3, 0x69, 0x04, 0xdc, 0x5d, 0x07, 0x5d, 0x83, 0x07, 0x8c, 0x42, 0x73, 0x1c, 0x38, 0xe7,
+	0x7e, 0x54, 0xb4, 0xf6, 0xc0, 0xf9, 0x4c, 0x2c, 0xdc, 0xa3, 0x76, 0x92, 0x49, 0x56, 0xfa, 0x60,
+	0x92, 0xaf, 0xc0, 0xa9, 0x5a, 0xf7, 0xc8, 0x6c, 0x47, 0xed, 0xf5, 0x88, 0xf3, 0xf1, 0xf2, 0xdc,
+	0xf7, 0x89, 0x06, 0x4e, 0xcd, 0xf7, 0x42, 0xc4, 0xbd, 0xdb, 0x40, 0xef, 0x83, 0x72, 0x48, 0xd8,
+	0xac, 0x44, 0x22, 0x5c, 0xef, 0x90, 0xd6, 0x0e, 0xad, 0xc1, 0xf3, 0x66, 0xb5, 0x64, 0x12, 0x05,
+	0x11, 0x56, 0x14, 0xd1, 0x4d, 0x18, 0x6a, 0x39, 0x71, 0x6d, 0x53, 0x04, 0xe9, 0x1d, 0xda, 0x36,
+	0xaf, 0x88, 0xb3, 0xab, 0x14, 0x23, 0xe5, 0x01, 0x27, 0x82, 0x25, 0x35, 0xaa, 0xab, 0xd5, 0x82,
+	0x66, 0x2b, 0xf0, 0x89, 0x1f, 0x4b, 0x21, 0x32, 0xc6, 0xef, 0x3b, 0x64, 0x29, 0x36, 0x30, 0xba,
+	0x64, 0xb9, 0x46, 0x9b, 0x9c, 0xd8, 0x43, 0x96, 0x1b, 0xad, 0xf5, 0xaa, 0x4f, 0x85, 0x0d, 0x33,
+	0x2b, 0x5e, 0x77, 0xe3, 0xcd, 0xa0, 0x1d, 0xcb, 0x53, 0xb2, 0x10, 0x54, 0x4a, 0xd8, 0x2c, 0x65,
+	0xe0, 0xe0, 0xcc, 0x9a, 0x69, 0xc9, 0x3a, 0x7e, 0x67, 0x92, 0xf5, 0x58, 0x1f, 0x92, 0xb5, 0x0a,
+	0x27, 0x59, 0x0f, 0x84, 0x96, 0x2c, 0x8d, 0x96, 0xd1, 0x24, 0x62, 0x9d, 0x57, 0xf1, 0x2d, 0x4b,
+	0x59, 0x48, 0x38, 0xbb, 0xee, 0xe9, 0x1f, 0x83, 0x89, 0x2e, 0x26, 0x77, 0x20, 0x83, 0xe4, 0x02,
+	0x3c, 0x90, 0xcd, 0x4e, 0x0e, 0x64, 0x96, 0xfc, 0xf5, 0x94, 0x5f, 0xba, 0x71, 0x44, 0xeb, 0xc3,
+	0xc4, 0xed, 0x40, 0x91, 0xf8, 0xdb, 0x42, 0xba, 0x9e, 0x3f, 0xdc, 0xaa, 0x3e, 0xe7, 0x6f, 0x73,
+	0x6e, 0xc8, 0xec, 0x78, 0xe7, 0xfc, 0x6d, 0x4c, 0xdb, 0x46, 0xbf, 0x64, 0x25, 0x0e, 0x10, 0xdc,
+	0x30, 0xfe, 0x9e, 0x23, 0x39, 0x93, 0xf6, 0x7d, 0xa6, 0xb0, 0xff, 0x6d, 0x01, 0xce, 0xec, 0xd7,
+	0x48, 0x1f, 0xc3, 0xf7, 0x18, 0x0c, 0x46, 0xcc, 0xd3, 0x44, 0x88, 0xab, 0x61, 0xba, 0x8b, 0xb9,
+	0xef, 0xc9, 0x2b, 0x58, 0x80, 0x90, 0x07, 0xc5, 0xa6, 0xd3, 0x12, 0xf6, 0xd2, 0xc5, 0xc3, 0xc6,
+	0xef, 0xd1, 0xff, 0x8e, 0xb7, 0xec, 0xb4, 0xf8, 0x9a, 0x37, 0x0a, 0x30, 0x25, 0x83, 0x62, 0x28,
+	0x39, 0x61, 0xe8, 0x48, 0xb7, 0x86, 0xcb, 0xf9, 0xd0, 0x9b, 0xa5, 0x4d, 0xf2, 0x5b, 0xe1, 0x44,
+	0x11, 0xe6, 0xc4, 0xec, 0xcf, 0x94, 0x13, 0xc1, 0x5e, 0xcc, 0x57, 0x25, 0x82, 0x41, 0x61, 0x26,
+	0xb5, 0xf2, 0x0e, 0x9b, 0xe4, 0xd1, 0xd4, 0xcc, 0x02, 0x21, 0x72, 0x52, 0x08, 0x52, 0xe8, 0x63,
+	0x16, 0xcb, 0xfc, 0x20, 0x23, 0xe8, 0xc4, 0xa9, 0xfe, 0x68, 0x12, 0x51, 0x98, 0xf9, 0x24, 0x64,
+	0x21, 0x36, 0xa9, 0x8b, 0xec, 0x36, 0xec, 0x34, 0xd3, 0x9d, 0xdd, 0x86, 0x9d, 0x4e, 0x24, 0x1c,
+	0xed, 0x64, 0xf8, 0xa4, 0xe4, 0x90, 0x3d, 0xa0, 0x0f, 0x2f, 0x94, 0x2f, 0x58, 0x30, 0xe1, 0xa6,
+	0x9d, 0x0b, 0xc4, 0x19, 0xf8, 0x7a, 0x3e, 0x36, 0xcd, 0x6e, 0xdf, 0x05, 0xa5, 0xe8, 0x74, 0x81,
+	0x70, 0x77, 0x67, 0x50, 0x1d, 0x06, 0x5c, 0x7f, 0x23, 0x10, 0xea, 0xdd, 0xdc, 0xe1, 0x3a, 0xb5,
+	0xe8, 0x6f, 0x04, 0x7a, 0x37, 0xd3, 0x7f, 0x98, 0xb5, 0x8e, 0x96, 0xe0, 0x84, 0x8c, 0xf7, 0xb9,
+	0xe8, 0x46, 0x71, 0x10, 0x76, 0x96, 0xdc, 0xa6, 0x1b, 0x33, 0xd5, 0xac, 0x38, 0x37, 0x49, 0xc5,
+	0x1b, 0xce, 0x80, 0xe3, 0xcc, 0x5a, 0xe8, 0x35, 0x18, 0x92, 0x17, 0xfa, 0xe5, 0x3c, 0xec, 0x09,
+	0xdd, 0xeb, 0x5f, 0x2d, 0xa6, 0xaa, 0xb8, 0xd1, 0x97, 0x04, 0xd1, 0x47, 0x2d, 0x18, 0xe3, 0xbf,
+	0x2f, 0x76, 0xea, 0x3c, 0xc4, 0xb0, 0x92, 0x87, 0xd7, 0x7e, 0x35, 0xd1, 0xe6, 0x1c, 0xba, 0xb5,
+	0x3b, 0x35, 0x96, 0x2c, 0xc3, 0x29, 0xba, 0xf6, 0x3f, 0x19, 0x81, 0x6e, 0x17, 0x88, 0xa4, 0xbf,
+	0x83, 0x75, 0xb7, 0xfd, 0x1d, 0xe8, 0xa9, 0x32, 0xd2, 0xae, 0x0a, 0x39, 0x6c, 0x33, 0x41, 0x55,
+	0x5f, 0x43, 0x77, 0xfc, 0x1a, 0x66, 0x34, 0x50, 0x1b, 0x06, 0x79, 0x72, 0x29, 0x21, 0x01, 0x0e,
+	0x7f, 0xf3, 0x6d, 0x26, 0xa9, 0xd2, 0x66, 0x2d, 0x5e, 0x8a, 0x05, 0x31, 0xb4, 0x03, 0x43, 0x9b,
+	0x7c, 0x39, 0x8a, 0xb3, 0xde, 0xf2, 0x61, 0xc7, 0x37, 0xb1, 0xc6, 0xf5, 0xe2, 0x13, 0x05, 0x58,
+	0x92, 0x63, 0xee, 0x75, 0x86, 0x03, 0x10, 0x67, 0x24, 0xf9, 0x45, 0x4b, 0xf6, 0xef, 0xfd, 0xf3,
+	0x5e, 0x18, 0x09, 0x49, 0x2d, 0xf0, 0x6b, 0xae, 0x47, 0xea, 0xb3, 0xf2, 0x42, 0xec, 0x20, 0x41,
+	0x72, 0xcc, 0x9a, 0x84, 0x8d, 0x36, 0x70, 0xa2, 0x45, 0xb6, 0xcf, 0x54, 0xe0, 0x3c, 0x9d, 0x10,
+	0x22, 0x2e, 0x3e, 0x96, 0x72, 0x0a, 0xd3, 0x67, 0x6d, 0xf2, 0x7d, 0x96, 0x2c, 0xc3, 0x29, 0xba,
+	0xe8, 0x25, 0x80, 0x60, 0x9d, 0xfb, 0xd0, 0xcd, 0xc6, 0xe2, 0x16, 0xe4, 0x20, 0x9f, 0x3a, 0xc6,
+	0x83, 0x6d, 0x65, 0x0b, 0xd8, 0x68, 0x0d, 0x5d, 0x06, 0xe0, 0x3b, 0x67, 0xad, 0xd3, 0x92, 0x07,
+	0x42, 0x19, 0xe5, 0x08, 0x55, 0x05, 0xb9, 0xbd, 0x3b, 0xd5, 0x6d, 0x73, 0x66, 0x8e, 0x42, 0x46,
+	0x75, 0xf4, 0x53, 0x30, 0x14, 0xb5, 0x9b, 0x4d, 0x47, 0xdd, 0x91, 0xe4, 0x18, 0xbe, 0xcb, 0xdb,
+	0x35, 0x18, 0x23, 0x2f, 0xc0, 0x92, 0x22, 0xba, 0x41, 0x59, 0xbc, 0xe0, 0x50, 0x7c, 0x17, 0x71,
+	0x0d, 0x85, 0x5b, 0x02, 0xdf, 0x21, 0x4f, 0x31, 0x38, 0x03, 0xe7, 0xf6, 0xee, 0xd4, 0x03, 0xc9,
+	0xf2, 0xa5, 0x40, 0x04, 0xd4, 0x66, 0xb6, 0x89, 0x2e, 0xc9, 0x3c, 0x5a, 0xf4, 0xb3, 0x65, 0x7a,
+	0x97, 0x27, 0x74, 0x1e, 0x2d, 0x56, 0xdc, 0x7b, 0xcc, 0xcc, 0xca, 0x68, 0x19, 0x8e, 0xd7, 0x02,
+	0x3f, 0x0e, 0x03, 0xcf, 0xe3, 0x39, 0xf6, 0xf8, 0xd9, 0x9c, 0xdf, 0xa1, 0x3c, 0x24, 0xba, 0x7d,
+	0x7c, 0xbe, 0x1b, 0x05, 0x67, 0xd5, 0xa3, 0x3a, 0x79, 0x5a, 0x3e, 0x8c, 0xe5, 0x72, 0xbd, 0x9e,
+	0x68, 0x53, 0x70, 0x28, 0x65, 0xf6, 0xde, 0x47, 0x52, 0xf8, 0xc9, 0x4b, 0x56, 0x31, 0x63, 0xcf,
+	0xc2, 0x08, 0xd9, 0x89, 0x49, 0xe8, 0x3b, 0xde, 0x55, 0xbc, 0x24, 0x2f, 0x2c, 0xd8, 0xc6, 0x3c,
+	0x67, 0x94, 0xe3, 0x04, 0x16, 0xb2, 0x95, 0x95, 0xcc, 0x88, 0x5c, 0xe7, 0x56, 0x32, 0x69, 0x13,
+	0xb3, 0xbf, 0x54, 0x4c, 0xe8, 0xac, 0xf7, 0xe4, 0x4a, 0x97, 0xa5, 0x48, 0x92, 0xb9, 0xa4, 0x18,
+	0x40, 0x9c, 0xc5, 0xf2, 0xa4, 0xac, 0x52, 0x24, 0xad, 0x98, 0x84, 0x70, 0x92, 0x2e, 0xda, 0x82,
+	0xd2, 0x66, 0x10, 0xc5, 0xf2, 0x84, 0x76, 0xc8, 0xc3, 0xe0, 0xc5, 0x20, 0x8a, 0x99, 0xa2, 0xa5,
+	0x3e, 0x9b, 0x96, 0x44, 0x98, 0xd3, 0xa0, 0x67, 0xff, 0x68, 0xd3, 0x09, 0xeb, 0xd1, 0x3c, 0xcb,
+	0x33, 0x31, 0xc0, 0x34, 0x2c, 0xa5, 0x4f, 0x57, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x77, 0xac, 0xc4,
+	0xad, 0xd6, 0x75, 0x16, 0x34, 0xb0, 0x4d, 0x7c, 0xca, 0xa2, 0x4c, 0x37, 0xc5, 0x1f, 0x4a, 0x85,
+	0x60, 0xbf, 0xad, 0x57, 0x3a, 0xcc, 0x9b, 0xb4, 0x85, 0x69, 0xd6, 0x84, 0xe1, 0xd1, 0xf8, 0x01,
+	0x2b, 0x19, 0x4b, 0x5f, 0xc8, 0xe3, 0xe8, 0x66, 0xe6, 0x93, 0xd8, 0x37, 0x2c, 0xdf, 0xfe, 0x25,
+	0x0b, 0x86, 0xe6, 0x9c, 0xda, 0x56, 0xb0, 0xb1, 0x81, 0x9e, 0x84, 0x72, 0xbd, 0x1d, 0x9a, 0x61,
+	0xfd, 0xca, 0x58, 0xb5, 0x20, 0xca, 0xb1, 0xc2, 0xa0, 0x4b, 0x7f, 0xc3, 0xa9, 0xc9, 0xac, 0x12,
+	0x45, 0xbe, 0xf4, 0xcf, 0xb3, 0x12, 0x2c, 0x20, 0x74, 0xf8, 0x9b, 0xce, 0x8e, 0xac, 0x9c, 0xbe,
+	0x52, 0x5b, 0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0xbf, 0x6f, 0xc1, 0xe4, 0x9c, 0x13, 0xb9, 0xb5, 0xd9,
+	0x76, 0xbc, 0x39, 0xe7, 0xc6, 0xeb, 0xed, 0xda, 0x16, 0x89, 0x79, 0xf6, 0x11, 0xda, 0xcb, 0x76,
+	0x44, 0x77, 0xa0, 0x3a, 0x31, 0xab, 0x5e, 0x5e, 0x15, 0xe5, 0x58, 0x61, 0xa0, 0xd7, 0x60, 0xb8,
+	0xe5, 0x44, 0xd1, 0xcd, 0x20, 0xac, 0x63, 0xb2, 0x91, 0x4f, 0x7e, 0xa2, 0x2a, 0xa9, 0x85, 0x24,
+	0xc6, 0x64, 0x43, 0x38, 0xa8, 0xe8, 0xf6, 0xb1, 0x49, 0xcc, 0xfe, 0x05, 0x0b, 0x4e, 0xcc, 0x11,
+	0x27, 0x24, 0x21, 0x4b, 0x67, 0xa4, 0x3e, 0x04, 0xbd, 0x0a, 0xe5, 0x98, 0x96, 0xd0, 0x1e, 0x59,
+	0xf9, 0xf6, 0x88, 0xb9, 0x96, 0xac, 0x89, 0xc6, 0xb1, 0x22, 0x63, 0x7f, 0xd2, 0x82, 0x53, 0x59,
+	0x7d, 0x99, 0xf7, 0x82, 0x76, 0xfd, 0x5e, 0x74, 0xe8, 0xef, 0x5a, 0x30, 0xc2, 0xae, 0xeb, 0x17,
+	0x48, 0xec, 0xb8, 0x5e, 0x57, 0x2a, 0x45, 0xab, 0xcf, 0x54, 0x8a, 0x67, 0x60, 0x60, 0x33, 0x68,
+	0x92, 0xb4, 0xab, 0xc9, 0xc5, 0xa0, 0x49, 0x30, 0x83, 0xa0, 0xa7, 0xe9, 0x22, 0x74, 0xfd, 0xd8,
+	0xa1, 0xdb, 0x51, 0x5e, 0x67, 0x8c, 0xf3, 0x05, 0xa8, 0x8a, 0xb1, 0x89, 0x63, 0xff, 0x4e, 0x05,
+	0x86, 0x84, 0x5f, 0x54, 0xdf, 0xd9, 0x70, 0xa4, 0x15, 0xa7, 0xd0, 0xd3, 0x8a, 0x13, 0xc1, 0x60,
+	0x8d, 0xe5, 0xbb, 0x15, 0x1a, 0xfa, 0xe5, 0x5c, 0x1c, 0xe9, 0x78, 0x0a, 0x5d, 0xdd, 0x2d, 0xfe,
+	0x1f, 0x0b, 0x52, 0xe8, 0x75, 0x0b, 0xc6, 0x6b, 0x81, 0xef, 0x93, 0x9a, 0xd6, 0x1d, 0x07, 0xf2,
+	0x38, 0x20, 0xcc, 0x27, 0x1b, 0xd5, 0x37, 0xc1, 0x29, 0x00, 0x4e, 0x93, 0x47, 0x2f, 0xc0, 0x28,
+	0x1f, 0xb3, 0x6b, 0x89, 0x3b, 0x18, 0x9d, 0x61, 0xcf, 0x04, 0xe2, 0x24, 0x2e, 0x9a, 0xe6, 0x77,
+	0x59, 0x22, 0x97, 0xdd, 0xa0, 0x36, 0x55, 0x1b, 0x59, 0xec, 0x0c, 0x0c, 0x14, 0x02, 0x0a, 0xc9,
+	0x46, 0x48, 0xa2, 0x4d, 0xe1, 0x37, 0xc6, 0xf4, 0xd6, 0xa1, 0x3b, 0xcb, 0x63, 0x81, 0xbb, 0x5a,
+	0xc2, 0x19, 0xad, 0xa3, 0x2d, 0x61, 0x46, 0x28, 0xe7, 0xc1, 0xcf, 0xc5, 0x34, 0xf7, 0xb4, 0x26,
+	0x4c, 0x41, 0x89, 0x89, 0x2e, 0xa6, 0x2f, 0x17, 0x79, 0xec, 0x24, 0x13, 0x6c, 0x98, 0x97, 0xa3,
+	0x05, 0x38, 0x96, 0xca, 0x0f, 0x18, 0x89, 0xbb, 0x12, 0x15, 0x27, 0x97, 0xca, 0x2c, 0x18, 0xe1,
+	0xae, 0x1a, 0xa6, 0x89, 0x69, 0x78, 0x1f, 0x13, 0x53, 0x47, 0x79, 0x27, 0xf3, 0x5b, 0x8c, 0x17,
+	0x73, 0x19, 0x80, 0xbe, 0x5c, 0x91, 0x3f, 0x91, 0x72, 0x45, 0x1e, 0x65, 0x1d, 0xb8, 0x96, 0x4f,
+	0x07, 0x0e, 0xee, 0x77, 0x7c, 0x2f, 0xfd, 0x88, 0xff, 0xa7, 0x05, 0x72, 0x5e, 0xe7, 0x9d, 0xda,
+	0x26, 0xa1, 0x4b, 0x06, 0xbd, 0x13, 0xc6, 0x94, 0x75, 0x82, 0xab, 0x44, 0x16, 0x5b, 0x35, 0x4a,
+	0x77, 0xc6, 0x09, 0x28, 0x4e, 0x61, 0xa3, 0x19, 0xa8, 0xd0, 0x71, 0xe2, 0x55, 0xb9, 0xdc, 0x57,
+	0x16, 0x90, 0xd9, 0xd5, 0x45, 0x51, 0x4b, 0xe3, 0xa0, 0x00, 0x26, 0x3c, 0x27, 0x8a, 0x59, 0x0f,
+	0xaa, 0x1d, 0xbf, 0x76, 0x87, 0x59, 0x64, 0x58, 0x30, 0xd6, 0x52, 0xba, 0x21, 0xdc, 0xdd, 0xb6,
+	0xfd, 0xef, 0x4a, 0x30, 0x9a, 0xe0, 0x8c, 0x07, 0x54, 0x18, 0x9e, 0x84, 0xb2, 0x94, 0xe1, 0xe9,
+	0x74, 0x59, 0x4a, 0xd0, 0x2b, 0x0c, 0x2a, 0xb4, 0xd6, 0xb5, 0x54, 0x4d, 0x2b, 0x38, 0x86, 0xc0,
+	0xc5, 0x26, 0x1e, 0x63, 0xca, 0xb1, 0x17, 0xcd, 0x7b, 0x2e, 0xf1, 0x63, 0xde, 0xcd, 0x7c, 0x98,
+	0xf2, 0xda, 0x52, 0xd5, 0x6c, 0x54, 0x33, 0xe5, 0x14, 0x00, 0xa7, 0xc9, 0xa3, 0x0f, 0x5b, 0x30,
+	0xea, 0xdc, 0x8c, 0x74, 0x52, 0x76, 0xe1, 0x74, 0x7c, 0x48, 0x21, 0x95, 0xc8, 0xf3, 0xce, 0x0d,
+	0xfb, 0x89, 0x22, 0x9c, 0x24, 0x8a, 0xde, 0xb0, 0x00, 0x91, 0x1d, 0x52, 0x93, 0x6e, 0xd1, 0xa2,
+	0x2f, 0x83, 0x79, 0x9c, 0xe0, 0xcf, 0x75, 0xb5, 0xcb, 0xb9, 0x7a, 0x77, 0x39, 0xce, 0xe8, 0x03,
+	0xba, 0x04, 0xa8, 0xee, 0x46, 0xce, 0xba, 0x47, 0xe6, 0x83, 0xa6, 0x0c, 0x20, 0x16, 0xf7, 0xe9,
+	0xa7, 0xc5, 0x38, 0xa3, 0x85, 0x2e, 0x0c, 0x9c, 0x51, 0x8b, 0xad, 0xb2, 0x30, 0xd8, 0xe9, 0x5c,
+	0x0d, 0x3d, 0x26, 0x25, 0xcc, 0x55, 0x26, 0xca, 0xb1, 0xc2, 0xb0, 0xff, 0xa2, 0xa8, 0xb6, 0xb2,
+	0x8e, 0x01, 0x70, 0x0c, 0x5f, 0x64, 0xeb, 0xce, 0x7d, 0x91, 0xb5, 0xa7, 0x54, 0x77, 0x58, 0x7c,
+	0x22, 0x8a, 0xb6, 0x70, 0x8f, 0xa2, 0x68, 0x7f, 0xd6, 0x4a, 0xa4, 0xa4, 0x1b, 0x3e, 0xfb, 0x52,
+	0xbe, 0xf1, 0x07, 0xd3, 0xdc, 0x8b, 0x2b, 0x25, 0x57, 0x52, 0xce, 0x7b, 0x4f, 0x42, 0x79, 0xc3,
+	0x73, 0x58, 0x22, 0x15, 0xb6, 0x51, 0x0d, 0x0f, 0xb3, 0xf3, 0xa2, 0x1c, 0x2b, 0x0c, 0xca, 0xf5,
+	0x8d, 0x46, 0x0f, 0xc4, 0xb5, 0xff, 0x63, 0x11, 0x86, 0x0d, 0x89, 0x9f, 0xa9, 0xbe, 0x59, 0xf7,
+	0x99, 0xfa, 0x56, 0x38, 0x80, 0xfa, 0xf6, 0x33, 0x50, 0xa9, 0x49, 0x69, 0x94, 0x4f, 0x8a, 0xfd,
+	0xb4, 0x8c, 0xd3, 0x02, 0x49, 0x15, 0x61, 0x4d, 0x13, 0x5d, 0x48, 0x44, 0x6a, 0x26, 0xec, 0x02,
+	0x59, 0xa1, 0x94, 0x42, 0xa2, 0x75, 0xd7, 0x49, 0xfb, 0x07, 0x94, 0xf6, 0xf7, 0x0f, 0xb0, 0xbf,
+	0x61, 0xa9, 0xc9, 0xbd, 0x0b, 0x29, 0x79, 0x6e, 0x24, 0x53, 0xf2, 0x9c, 0xcb, 0x65, 0x98, 0x7b,
+	0xe4, 0xe2, 0xb9, 0x02, 0x43, 0xf3, 0x41, 0xb3, 0xe9, 0xf8, 0x75, 0xf4, 0xfd, 0x30, 0x54, 0xe3,
+	0x3f, 0x85, 0x0d, 0x8d, 0x5d, 0x56, 0x0b, 0x28, 0x96, 0x30, 0xf4, 0x30, 0x0c, 0x38, 0x61, 0x43,
+	0xda, 0xcd, 0x98, 0x13, 0xdc, 0x6c, 0xd8, 0x88, 0x30, 0x2b, 0xb5, 0xff, 0xca, 0x82, 0x31, 0x5a,
+	0xc5, 0x65, 0x1f, 0xc5, 0x3e, 0xe7, 0x71, 0x18, 0x74, 0xda, 0xf1, 0x66, 0xd0, 0x75, 0x0e, 0x9b,
+	0x65, 0xa5, 0x58, 0x40, 0xe9, 0x39, 0x4c, 0xe5, 0x72, 0x30, 0xce, 0x61, 0x0b, 0x74, 0x2d, 0x33,
+	0x08, 0x55, 0x65, 0xa3, 0xf6, 0x7a, 0xd6, 0x6d, 0x69, 0x95, 0x17, 0x63, 0x09, 0xa7, 0x8d, 0xad,
+	0x07, 0xf5, 0x8e, 0x70, 0xed, 0x55, 0x8d, 0xcd, 0x05, 0xf5, 0x0e, 0x66, 0x10, 0xf4, 0x08, 0x14,
+	0xa3, 0x4d, 0x47, 0xde, 0xcb, 0x4b, 0x2f, 0xf3, 0xea, 0xc5, 0x59, 0x4c, 0xcb, 0x55, 0xd0, 0x44,
+	0xe8, 0xa5, 0x7d, 0x6c, 0x93, 0x41, 0x13, 0xa1, 0x67, 0xff, 0xcb, 0x01, 0x60, 0xfe, 0x36, 0x4e,
+	0x48, 0xea, 0x6b, 0x01, 0xcb, 0x06, 0x7c, 0xa4, 0xd7, 0xda, 0xfa, 0x20, 0x7b, 0x3f, 0x5f, 0x6d,
+	0x1b, 0xd7, 0x9b, 0xc5, 0xbb, 0x7d, 0xbd, 0x99, 0x7d, 0x63, 0x3d, 0x70, 0x1f, 0xdd, 0x58, 0xdb,
+	0x1f, 0xb7, 0x00, 0x29, 0xef, 0x29, 0xed, 0x52, 0x32, 0x03, 0x15, 0xe5, 0xae, 0x25, 0xf6, 0x8b,
+	0x66, 0x8b, 0x12, 0x80, 0x35, 0x4e, 0x1f, 0xd6, 0x8b, 0xc7, 0xa4, 0xcc, 0x2a, 0x26, 0x63, 0x2e,
+	0x98, 0xa4, 0x13, 0x22, 0xcc, 0xfe, 0xdd, 0x02, 0x3c, 0xc0, 0xd5, 0xa5, 0x65, 0xc7, 0x77, 0x1a,
+	0xa4, 0x49, 0x7b, 0xd5, 0xaf, 0x93, 0x50, 0x8d, 0x1e, 0x9b, 0x5d, 0x19, 0x21, 0x71, 0x58, 0x7e,
+	0xc5, 0xf9, 0x0c, 0xe7, 0x2c, 0x8b, 0xbe, 0x1b, 0x63, 0xd6, 0x38, 0x8a, 0xa0, 0x2c, 0xdf, 0x23,
+	0x12, 0xf2, 0x27, 0x27, 0x42, 0x8a, 0x15, 0x0b, 0xcd, 0x82, 0x60, 0x45, 0x88, 0xaa, 0x0f, 0x5e,
+	0x50, 0xdb, 0xa2, 0x5b, 0x3e, 0xad, 0x3e, 0x2c, 0x89, 0x72, 0xac, 0x30, 0xec, 0x26, 0x8c, 0xcb,
+	0x31, 0x6c, 0x5d, 0x26, 0x1d, 0x4c, 0x36, 0xa8, 0xcc, 0xad, 0xc9, 0x22, 0xe3, 0x89, 0x24, 0x25,
+	0x73, 0xe7, 0x4d, 0x20, 0x4e, 0xe2, 0xca, 0x04, 0xc1, 0x85, 0xec, 0x04, 0xc1, 0xf6, 0xef, 0x5a,
+	0x90, 0x16, 0xfa, 0x46, 0x3a, 0x54, 0x6b, 0xcf, 0x74, 0xa8, 0x07, 0x48, 0x28, 0xfa, 0x93, 0x30,
+	0xec, 0xc4, 0x54, 0xab, 0xe3, 0x16, 0x98, 0xe2, 0x9d, 0xdd, 0x1c, 0x2e, 0x07, 0x75, 0x77, 0xc3,
+	0x65, 0x96, 0x17, 0xb3, 0x39, 0xfb, 0x0d, 0x0b, 0x2a, 0x0b, 0x61, 0xe7, 0xe0, 0xa1, 0x6a, 0xdd,
+	0x81, 0x68, 0x85, 0x03, 0x05, 0xa2, 0xc9, 0x50, 0xb7, 0x62, 0xaf, 0x50, 0x37, 0xfb, 0xaf, 0x07,
+	0x60, 0xa2, 0x2b, 0xf6, 0x12, 0x3d, 0x0f, 0x23, 0x6a, 0x96, 0xa4, 0xd9, 0xb5, 0x62, 0x3a, 0x2f,
+	0x6b, 0x18, 0x4e, 0x60, 0xf6, 0xb1, 0x55, 0x17, 0xe1, 0x78, 0x48, 0x5e, 0x6d, 0x93, 0x36, 0x99,
+	0xdd, 0x88, 0x49, 0x58, 0x25, 0xb5, 0xc0, 0xaf, 0xf3, 0x7c, 0xc2, 0xc5, 0xb9, 0x07, 0x6f, 0xed,
+	0x4e, 0x1d, 0xc7, 0xdd, 0x60, 0x9c, 0x55, 0x07, 0xb5, 0x60, 0xd4, 0x33, 0xcf, 0x0b, 0xe2, 0x98,
+	0x7a, 0x47, 0x47, 0x0d, 0xb5, 0x5a, 0x13, 0xc5, 0x38, 0x49, 0x20, 0x79, 0xe8, 0x28, 0xdd, 0xa3,
+	0x43, 0xc7, 0x87, 0xf4, 0xa1, 0x83, 0xfb, 0x02, 0xbd, 0x3b, 0xe7, 0xd8, 0xdb, 0x7e, 0x4e, 0x1d,
+	0x87, 0x39, 0x47, 0xbc, 0x08, 0x65, 0xe9, 0x27, 0xd9, 0x97, 0x7f, 0xa1, 0xd9, 0x4e, 0x0f, 0xde,
+	0xfe, 0x38, 0xbc, 0xf5, 0x5c, 0x18, 0x1a, 0x83, 0x79, 0x25, 0x88, 0x67, 0x3d, 0x2f, 0xb8, 0x49,
+	0xd5, 0x95, 0xab, 0x11, 0x11, 0x76, 0x40, 0xfb, 0x76, 0x01, 0x32, 0x8e, 0xd4, 0x74, 0x4f, 0x6a,
+	0xbd, 0x30, 0xb1, 0x27, 0x0f, 0xa6, 0x1b, 0xa2, 0x1d, 0xee, 0x4b, 0xca, 0xb5, 0x81, 0x77, 0xe5,
+	0x6d, 0x12, 0xd0, 0xee, 0xa5, 0x8a, 0x53, 0x2a, 0x17, 0xd3, 0xb3, 0x00, 0x5a, 0x9d, 0x17, 0x3a,
+	0xa1, 0x72, 0x0e, 0xd1, 0x5a, 0x3f, 0x36, 0xb0, 0xd0, 0x73, 0x30, 0xec, 0xfa, 0x51, 0xec, 0x78,
+	0xde, 0x45, 0xd7, 0x8f, 0x85, 0x9e, 0xa8, 0xd4, 0x9e, 0x45, 0x0d, 0xc2, 0x26, 0xde, 0xe9, 0x77,
+	0x18, 0xf3, 0x77, 0x90, 0x79, 0xdf, 0x84, 0x53, 0x17, 0xdc, 0x58, 0x05, 0x29, 0xaa, 0xf5, 0x46,
+	0xb5, 0x75, 0xc5, 0xab, 0xac, 0x9e, 0x61, 0xb9, 0x46, 0x90, 0x60, 0x21, 0x19, 0xd3, 0x98, 0x0e,
+	0x12, 0xb4, 0x6b, 0x70, 0xe2, 0x82, 0x1b, 0x9f, 0x77, 0x3d, 0x72, 0x84, 0x44, 0xbe, 0x3c, 0x08,
+	0x23, 0x66, 0xec, 0xfe, 0x41, 0x38, 0xfb, 0x27, 0xa9, 0x1e, 0x2b, 0x06, 0xc2, 0x55, 0x17, 0xde,
+	0xd7, 0x0f, 0x9d, 0x48, 0x20, 0x7b, 0x70, 0x0d, 0x55, 0x56, 0xd3, 0xc4, 0x66, 0x07, 0xd0, 0x4d,
+	0x28, 0x6d, 0xb0, 0x78, 0xb7, 0x62, 0x1e, 0xae, 0x4a, 0x59, 0x83, 0xaf, 0x77, 0x2e, 0x8f, 0x98,
+	0xe3, 0xf4, 0xa8, 0xfa, 0x11, 0x26, 0xc3, 0xac, 0x8d, 0x28, 0x04, 0x21, 0xd7, 0x14, 0x46, 0x2f,
+	0xe9, 0x51, 0xba, 0x03, 0xe9, 0x91, 0xe0, 0xe5, 0x83, 0xf7, 0x88, 0x97, 0xb3, 0xd8, 0xc5, 0x78,
+	0x93, 0x29, 0xc7, 0x22, 0x6c, 0x6a, 0x88, 0x0d, 0x82, 0x11, 0xbb, 0x98, 0x00, 0xe3, 0x34, 0x3e,
+	0x7a, 0xbf, 0x92, 0x06, 0xe5, 0x3c, 0x2e, 0x14, 0xcc, 0x15, 0x7d, 0xd4, 0x82, 0xe0, 0xe3, 0x05,
+	0x18, 0xbb, 0xe0, 0xb7, 0x57, 0x2f, 0xac, 0xb6, 0xd7, 0x3d, 0xb7, 0x76, 0x99, 0x74, 0x28, 0xb7,
+	0xdf, 0x22, 0x9d, 0xc5, 0x05, 0xb1, 0x83, 0xd4, 0x9a, 0xb9, 0x4c, 0x0b, 0x31, 0x87, 0x51, 0xbe,
+	0xb5, 0xe1, 0xfa, 0x0d, 0x12, 0xb6, 0x42, 0x57, 0xd8, 0xfa, 0x0d, 0xbe, 0x75, 0x5e, 0x83, 0xb0,
+	0x89, 0x47, 0xdb, 0x0e, 0x6e, 0xfa, 0x24, 0x4c, 0x9f, 0x12, 0x56, 0x68, 0x21, 0xe6, 0x30, 0x8a,
+	0x14, 0x87, 0x6d, 0x61, 0x4a, 0x33, 0x90, 0xd6, 0x68, 0x21, 0xe6, 0x30, 0x71, 0x4a, 0x67, 0x9e,
+	0x60, 0xa5, 0xae, 0x53, 0x3a, 0x73, 0xa2, 0x90, 0x70, 0x8a, 0xba, 0x45, 0x3a, 0x0b, 0x4e, 0xec,
+	0xa4, 0x0f, 0xd9, 0x97, 0x79, 0x31, 0x96, 0x70, 0x96, 0x1c, 0x39, 0x39, 0x1c, 0xdf, 0x75, 0xc9,
+	0x91, 0x93, 0xdd, 0xef, 0x61, 0x90, 0xf9, 0x3b, 0x05, 0x18, 0x79, 0xf3, 0x05, 0xd3, 0x8c, 0xb7,
+	0x79, 0xae, 0xc3, 0x44, 0x57, 0xc4, 0x74, 0x1f, 0x1a, 0xd2, 0xbe, 0x19, 0x2d, 0x6c, 0x0c, 0xc3,
+	0xb4, 0x61, 0x99, 0x14, 0x70, 0x1e, 0x26, 0xf8, 0xe6, 0xa5, 0x94, 0x58, 0x00, 0xac, 0x8a, 0x82,
+	0x67, 0x97, 0x59, 0xd7, 0xd2, 0x40, 0xdc, 0x8d, 0x6f, 0x7f, 0xc2, 0x82, 0xd1, 0x44, 0x10, 0x7b,
+	0x4e, 0xba, 0x1c, 0xdb, 0xdd, 0x01, 0xf3, 0x62, 0x66, 0x51, 0x25, 0x45, 0x26, 0x86, 0xf5, 0xee,
+	0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0x7f, 0x50, 0x84, 0xb2, 0xf4, 0xb8, 0xea, 0xa3, 0x2b, 0x1f, 0xb3,
+	0x60, 0x54, 0x5d, 0x20, 0x32, 0x8b, 0x6f, 0x21, 0x8f, 0x98, 0x3a, 0xda, 0x03, 0x65, 0x3f, 0xf1,
+	0x37, 0x02, 0x7d, 0xb0, 0xc0, 0x26, 0x31, 0x9c, 0xa4, 0x8d, 0xae, 0x01, 0x44, 0x9d, 0x28, 0x26,
+	0x4d, 0xc3, 0xf6, 0x6c, 0x1b, 0xab, 0x6c, 0xba, 0x16, 0x84, 0x84, 0xae, 0xa9, 0x2b, 0x41, 0x9d,
+	0x54, 0x15, 0xa6, 0xd6, 0xf0, 0x74, 0x19, 0x36, 0x5a, 0x42, 0xaf, 0xa9, 0xeb, 0xee, 0x81, 0x3c,
+	0xe4, 0xba, 0x1c, 0xdf, 0x7e, 0xee, 0xbb, 0x0f, 0x71, 0xbf, 0x6c, 0xff, 0x5a, 0x01, 0x8e, 0xa5,
+	0x47, 0x12, 0xbd, 0x1b, 0x46, 0xe4, 0xa0, 0x19, 0x66, 0x06, 0xe9, 0xe6, 0x36, 0x82, 0x0d, 0xd8,
+	0xed, 0xdd, 0xa9, 0xa9, 0xee, 0xa7, 0xb0, 0xa7, 0x4d, 0x14, 0x9c, 0x68, 0x8c, 0x5f, 0x3e, 0x0b,
+	0x2f, 0x89, 0xb9, 0xce, 0x6c, 0xab, 0x25, 0x6e, 0x90, 0x8d, 0xcb, 0x67, 0x13, 0x8a, 0x53, 0xd8,
+	0x68, 0x15, 0x4e, 0x18, 0x25, 0x57, 0x88, 0xdb, 0xd8, 0x5c, 0x0f, 0x42, 0x79, 0xae, 0x7d, 0x58,
+	0x3b, 0xd5, 0x76, 0xe3, 0xe0, 0xcc, 0x9a, 0x54, 0x31, 0xaa, 0x39, 0x2d, 0xa7, 0xe6, 0xc6, 0x1d,
+	0x71, 0x07, 0xa0, 0xd8, 0xf8, 0xbc, 0x28, 0xc7, 0x0a, 0xc3, 0xfe, 0x87, 0x03, 0x70, 0x8c, 0x7b,
+	0x91, 0x12, 0xe5, 0x24, 0x8d, 0xde, 0x0d, 0x95, 0x28, 0x76, 0x42, 0x6e, 0xd4, 0xb0, 0x0e, 0xcc,
+	0xba, 0x74, 0xe4, 0xbd, 0x6c, 0x04, 0xeb, 0xf6, 0xd0, 0x4b, 0x2c, 0x6d, 0x99, 0x1b, 0x6d, 0xb2,
+	0xd6, 0x0b, 0x77, 0x66, 0x32, 0x39, 0xaf, 0x5a, 0xc0, 0x46, 0x6b, 0xe8, 0x47, 0xa0, 0xd4, 0xda,
+	0x74, 0x22, 0x69, 0xcf, 0x7b, 0x5c, 0xf2, 0x89, 0x55, 0x5a, 0x78, 0x7b, 0x77, 0xea, 0x64, 0xfa,
+	0x53, 0x19, 0x00, 0xf3, 0x4a, 0x26, 0x97, 0x1f, 0xd8, 0xff, 0x69, 0x9d, 0x7a, 0xd8, 0xa9, 0x5e,
+	0x9c, 0x4d, 0x3f, 0xc6, 0xb2, 0xc0, 0x4a, 0xb1, 0x80, 0x52, 0x9e, 0xb4, 0xc9, 0x49, 0xd6, 0x29,
+	0xf2, 0x60, 0x52, 0xe3, 0xb8, 0xa8, 0x41, 0xd8, 0xc4, 0x43, 0x1f, 0xef, 0xf6, 0x31, 0x1e, 0x3a,
+	0x82, 0x18, 0x94, 0x7e, 0xbd, 0x8b, 0xcf, 0x41, 0x45, 0x74, 0x75, 0x2d, 0x40, 0xcf, 0xc3, 0x08,
+	0x37, 0x17, 0xcd, 0x85, 0x8e, 0x5f, 0xdb, 0x4c, 0x1b, 0x79, 0xd6, 0x0c, 0x18, 0x4e, 0x60, 0xda,
+	0xcb, 0x30, 0xd0, 0x27, 0x93, 0xed, 0xeb, 0xec, 0xfe, 0x22, 0x94, 0x69, 0x73, 0xf2, 0x80, 0x96,
+	0x47, 0x93, 0x01, 0x94, 0xe5, 0x43, 0x8d, 0xc8, 0x86, 0xa2, 0xeb, 0x48, 0x5f, 0x12, 0xb5, 0x85,
+	0x16, 0xa3, 0xa8, 0xcd, 0x96, 0x1d, 0x05, 0xa2, 0xc7, 0xa0, 0x48, 0x76, 0x5a, 0x69, 0xa7, 0x91,
+	0x73, 0x3b, 0x2d, 0x37, 0x24, 0x11, 0x45, 0x22, 0x3b, 0x2d, 0x74, 0x1a, 0x0a, 0x6e, 0x5d, 0xac,
+	0x48, 0x10, 0x38, 0x85, 0xc5, 0x05, 0x5c, 0x70, 0xeb, 0xf6, 0x0e, 0x54, 0xd4, 0xcb, 0x90, 0x68,
+	0x4b, 0xaa, 0x54, 0x56, 0x1e, 0x5e, 0xc4, 0xb2, 0xdd, 0x1e, 0xca, 0x54, 0x1b, 0x40, 0xa7, 0x74,
+	0xc8, 0x4b, 0x04, 0x9f, 0x81, 0x81, 0x5a, 0x20, 0x92, 0xf1, 0x94, 0x75, 0x33, 0x4c, 0x97, 0x62,
+	0x10, 0xfb, 0x3a, 0x8c, 0x5d, 0xf6, 0x83, 0x9b, 0xec, 0x01, 0x27, 0x96, 0xaf, 0x98, 0x36, 0xbc,
+	0x41, 0x7f, 0xa4, 0x35, 0x77, 0x06, 0xc5, 0x1c, 0xa6, 0x32, 0xa9, 0x16, 0x7a, 0x65, 0x52, 0xb5,
+	0x3f, 0x60, 0xc1, 0x88, 0x8a, 0x0d, 0xbf, 0xb0, 0xbd, 0x45, 0xdb, 0x6d, 0x84, 0x41, 0xbb, 0x95,
+	0x6e, 0x97, 0x3d, 0x42, 0x8b, 0x39, 0xcc, 0x4c, 0x9a, 0x50, 0xd8, 0x27, 0x69, 0xc2, 0x19, 0x18,
+	0xd8, 0x72, 0xfd, 0x7a, 0xda, 0x28, 0x7a, 0xd9, 0xf5, 0xeb, 0x98, 0x41, 0x68, 0x17, 0x8e, 0xa9,
+	0x2e, 0x48, 0x9d, 0xe9, 0x79, 0x18, 0x59, 0x6f, 0xbb, 0x5e, 0x5d, 0x26, 0x62, 0x4e, 0x6d, 0x97,
+	0x39, 0x03, 0x86, 0x13, 0x98, 0xe8, 0x2c, 0xc0, 0xba, 0xeb, 0x3b, 0x61, 0x67, 0x55, 0x2b, 0x69,
+	0x4a, 0x6e, 0xcf, 0x29, 0x08, 0x36, 0xb0, 0xec, 0x4f, 0x15, 0x61, 0x2c, 0x19, 0x21, 0xdf, 0x87,
+	0xed, 0xe2, 0x31, 0x28, 0xb1, 0xa0, 0xf9, 0xf4, 0xd4, 0xf2, 0xdc, 0xc5, 0x1c, 0x86, 0x22, 0x18,
+	0xe4, 0x9b, 0x39, 0x9f, 0x87, 0x3c, 0x55, 0x27, 0x95, 0x25, 0x95, 0xf9, 0x5a, 0x0b, 0xc3, 0xb4,
+	0x20, 0x85, 0x3e, 0x6c, 0xc1, 0x50, 0xd0, 0x32, 0x33, 0x70, 0xbe, 0x2b, 0xcf, 0xec, 0x01, 0x22,
+	0x44, 0x57, 0xe8, 0x23, 0x6a, 0xea, 0xe5, 0x74, 0x48, 0xd2, 0xa7, 0x7f, 0x18, 0x46, 0x4c, 0xcc,
+	0xfd, 0x54, 0x92, 0xb2, 0xa9, 0x92, 0x7c, 0xcc, 0x5c, 0x14, 0x22, 0x3f, 0x42, 0x1f, 0xdb, 0xed,
+	0x2a, 0x94, 0x6a, 0xca, 0x21, 0xed, 0x8e, 0xd2, 0xf7, 0xab, 0xfc, 0x61, 0xec, 0xb2, 0x9f, 0xb7,
+	0x66, 0x7f, 0xc3, 0x32, 0xd6, 0x07, 0x26, 0xd1, 0x62, 0x1d, 0x85, 0x50, 0x6c, 0x6c, 0x6f, 0x09,
+	0x31, 0x7f, 0x29, 0xa7, 0xe1, 0xbd, 0xb0, 0xbd, 0xa5, 0xd7, 0xb8, 0x59, 0x8a, 0x29, 0xb1, 0x3e,
+	0xcc, 0xfd, 0x89, 0x34, 0x1a, 0xc5, 0xfd, 0xd3, 0x68, 0xd8, 0x6f, 0x14, 0x60, 0xa2, 0x6b, 0x51,
+	0xa1, 0xd7, 0xa0, 0x14, 0xd2, 0xaf, 0x14, 0x9f, 0xb7, 0x94, 0x5b, 0xe2, 0x8b, 0x68, 0xb1, 0xae,
+	0xc5, 0x67, 0xb2, 0x1c, 0x73, 0x92, 0xe8, 0x12, 0x20, 0xed, 0x36, 0xa9, 0xee, 0x1a, 0xf8, 0x27,
+	0x2b, 0xdf, 0xaa, 0xd9, 0x2e, 0x0c, 0x9c, 0x51, 0x0b, 0xbd, 0x90, 0xbe, 0xb2, 0x28, 0x26, 0xef,
+	0xca, 0xf6, 0xba, 0x7d, 0xb0, 0x7f, 0xab, 0x00, 0xa3, 0x89, 0x84, 0xa8, 0xc8, 0x83, 0x32, 0xf1,
+	0xd8, 0x45, 0xa6, 0x14, 0x36, 0x87, 0x7d, 0xde, 0x44, 0x09, 0xc8, 0x73, 0xa2, 0x5d, 0xac, 0x28,
+	0xdc, 0x1f, 0x2e, 0x57, 0xcf, 0xc3, 0x88, 0xec, 0xd0, 0xbb, 0x9c, 0xa6, 0x27, 0x06, 0x50, 0xad,
+	0xd1, 0x73, 0x06, 0x0c, 0x27, 0x30, 0xed, 0xdf, 0x2b, 0xc2, 0x24, 0xbf, 0xf9, 0xad, 0xab, 0x95,
+	0xa7, 0x3c, 0x38, 0x7e, 0x51, 0xa7, 0x2d, 0xb6, 0xf2, 0x78, 0xc3, 0xbb, 0x17, 0xa1, 0xbe, 0x3c,
+	0x85, 0x3f, 0x9f, 0xf2, 0x14, 0xe6, 0x27, 0xd3, 0xc6, 0x11, 0xf5, 0xe8, 0xbb, 0xcb, 0x75, 0xf8,
+	0x9f, 0x16, 0x60, 0x3c, 0xf5, 0x54, 0x1b, 0xfa, 0x54, 0xf2, 0x75, 0x0f, 0x2b, 0x8f, 0x5b, 0xb1,
+	0x3d, 0x5f, 0xef, 0x3a, 0xd8, 0x1b, 0x1f, 0xf7, 0x68, 0xab, 0xd8, 0x5f, 0x2f, 0xc0, 0x58, 0xf2,
+	0x8d, 0xb9, 0xfb, 0x70, 0xa4, 0xde, 0x0e, 0x15, 0xf6, 0x8c, 0xd2, 0x65, 0xd2, 0x91, 0x97, 0x6a,
+	0xfc, 0xc5, 0x1a, 0x59, 0x88, 0x35, 0xfc, 0xbe, 0x78, 0x3a, 0xc5, 0xfe, 0xe7, 0x16, 0x9c, 0xe4,
+	0x5f, 0x99, 0x5e, 0x87, 0x7f, 0x2b, 0x6b, 0x74, 0x5f, 0xce, 0xb7, 0x83, 0xa9, 0x74, 0xdb, 0xfb,
+	0x8d, 0x2f, 0x7b, 0xc9, 0x5c, 0xf4, 0x36, 0xb9, 0x14, 0xee, 0xc3, 0xce, 0x1e, 0x68, 0x31, 0xd8,
+	0xff, 0xbe, 0x00, 0xc3, 0x2b, 0xf3, 0x8b, 0x8a, 0x85, 0xcf, 0x40, 0xa5, 0x16, 0x12, 0x47, 0x5b,
+	0x3b, 0x4c, 0xbf, 0x22, 0x09, 0xc0, 0x1a, 0x87, 0x1e, 0x1a, 0xb8, 0x5f, 0x5e, 0x94, 0x3e, 0x34,
+	0x70, 0xb7, 0xbd, 0x08, 0x4b, 0x38, 0x7a, 0x12, 0xca, 0x2c, 0x62, 0xf6, 0x6a, 0x28, 0x25, 0x8e,
+	0x3e, 0x49, 0xb2, 0x72, 0xbc, 0x84, 0x15, 0x06, 0x6d, 0xb8, 0x1e, 0xd4, 0x22, 0x8a, 0x9c, 0x32,
+	0x40, 0x2c, 0xd0, 0x62, 0xbc, 0x84, 0x25, 0x9c, 0x25, 0x3c, 0x64, 0x87, 0x74, 0x8a, 0x5c, 0x4a,
+	0x76, 0x9a, 0x9f, 0xe6, 0x29, 0xba, 0xc6, 0x39, 0x48, 0x62, 0xcc, 0x54, 0xd4, 0xda, 0x50, 0x7f,
+	0x51, 0x6b, 0xf6, 0xd7, 0x8b, 0xa0, 0x1f, 0xc5, 0x47, 0xae, 0x48, 0x13, 0x91, 0x4b, 0x3a, 0xf7,
+	0x6a, 0xc7, 0xaf, 0xe9, 0xe7, 0xf7, 0xcb, 0xa9, 0x2c, 0x11, 0x3f, 0x6f, 0xc1, 0xb0, 0xeb, 0xbb,
+	0xb1, 0xeb, 0x30, 0x53, 0x58, 0x3e, 0x2f, 0x5b, 0x2b, 0x72, 0x8b, 0xbc, 0xe5, 0x20, 0x34, 0x6f,
+	0xb8, 0x15, 0x31, 0x6c, 0x52, 0x46, 0xef, 0x15, 0x41, 0x52, 0xc5, 0xdc, 0x72, 0xad, 0x94, 0x53,
+	0x91, 0x51, 0x2d, 0xaa, 0xd0, 0xc6, 0x61, 0x4e, 0x29, 0x8a, 0x30, 0x6d, 0x4a, 0xbd, 0x0c, 0xa2,
+	0x8e, 0x0c, 0xac, 0x18, 0x73, 0x42, 0x76, 0x04, 0xa8, 0x7b, 0x2c, 0x0e, 0x18, 0x80, 0x32, 0x03,
+	0x15, 0xa7, 0x1d, 0x07, 0x4d, 0x3a, 0x4c, 0xe2, 0x7e, 0x5c, 0x87, 0xd8, 0x48, 0x00, 0xd6, 0x38,
+	0xf6, 0xa7, 0x4a, 0x90, 0x4a, 0xda, 0x80, 0x76, 0xa0, 0xa2, 0xd2, 0x36, 0xe4, 0x13, 0xd0, 0xa9,
+	0x57, 0x94, 0xea, 0x8c, 0x2a, 0xc2, 0x9a, 0x18, 0x6a, 0x48, 0xab, 0x22, 0xdf, 0xed, 0x2f, 0xa6,
+	0xad, 0x8a, 0x3f, 0xde, 0xdf, 0x25, 0x13, 0x5d, 0xab, 0x33, 0x3c, 0x4d, 0xdf, 0xf4, 0xbe, 0x06,
+	0xc8, 0xfd, 0xde, 0xf6, 0xfe, 0xa0, 0x78, 0x87, 0x0b, 0x93, 0xa8, 0xed, 0xc5, 0x62, 0x35, 0xbc,
+	0x98, 0xe3, 0x2e, 0xe3, 0x0d, 0xeb, 0xe4, 0x47, 0xfc, 0x3f, 0x36, 0x88, 0x26, 0xcd, 0xc4, 0x83,
+	0x47, 0x6a, 0x26, 0x1e, 0xca, 0xd5, 0x4c, 0x7c, 0x16, 0x80, 0xad, 0x6d, 0xee, 0x28, 0x5f, 0x66,
+	0xd6, 0x3b, 0x25, 0x62, 0xb0, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x41, 0x48, 0x66, 0xef, 0x42, 0x53,
+	0x32, 0x59, 0x18, 0xbf, 0x00, 0x63, 0x31, 0x8a, 0x89, 0xbc, 0x5e, 0xbf, 0x61, 0x81, 0x99, 0x62,
+	0x0c, 0xbd, 0xca, 0x73, 0x99, 0x59, 0x79, 0x5c, 0xa8, 0x18, 0xed, 0x4e, 0x2f, 0x3b, 0xad, 0x94,
+	0x73, 0x8f, 0x4c, 0x68, 0x76, 0xfa, 0x1d, 0x50, 0x96, 0xd0, 0x03, 0x29, 0xcb, 0xef, 0x87, 0xe3,
+	0x32, 0xdf, 0x81, 0xbc, 0xfb, 0x10, 0x97, 0xec, 0xfb, 0x9b, 0xd4, 0xa4, 0x9d, 0xac, 0xd0, 0xcb,
+	0x4e, 0xa6, 0x4e, 0xff, 0xc5, 0x9e, 0x59, 0xca, 0x7f, 0xd3, 0x82, 0x33, 0xe9, 0x0e, 0x44, 0xcb,
+	0x81, 0xef, 0xc6, 0x41, 0x58, 0x25, 0x71, 0xec, 0xfa, 0x0d, 0x96, 0x72, 0xf6, 0xa6, 0x13, 0xca,
+	0x67, 0x87, 0x18, 0xa3, 0xbc, 0xee, 0x84, 0x3e, 0x66, 0xa5, 0xa8, 0x03, 0x83, 0xdc, 0xb3, 0x58,
+	0x9c, 0x82, 0x0e, 0xb9, 0x37, 0x32, 0x86, 0x43, 0x1f, 0xc3, 0xb8, 0x57, 0x33, 0x16, 0x04, 0xed,
+	0x6f, 0x59, 0x80, 0x56, 0xb6, 0x49, 0x18, 0xba, 0x75, 0xc3, 0x17, 0x9a, 0xbd, 0x67, 0x69, 0xbc,
+	0x5b, 0x69, 0x66, 0xe3, 0x48, 0xbd, 0x67, 0x69, 0xfc, 0xcb, 0x7e, 0xcf, 0xb2, 0x70, 0xb0, 0xf7,
+	0x2c, 0xd1, 0x0a, 0x9c, 0x6c, 0xf2, 0x63, 0x1c, 0x7f, 0x23, 0x8e, 0x9f, 0xe9, 0x54, 0xe0, 0xf8,
+	0xa9, 0x5b, 0xbb, 0x53, 0x27, 0x97, 0xb3, 0x10, 0x70, 0x76, 0x3d, 0xfb, 0x1d, 0x80, 0xb8, 0x0b,
+	0xf4, 0x7c, 0x96, 0x17, 0x67, 0x4f, 0xb3, 0x96, 0xfd, 0xb9, 0x12, 0x8c, 0xa7, 0x1e, 0xa5, 0xa0,
+	0x47, 0xe8, 0x6e, 0xb7, 0xd1, 0x43, 0xcb, 0xef, 0xee, 0xee, 0xf5, 0xe5, 0x88, 0xea, 0x43, 0xc9,
+	0xf5, 0x5b, 0xed, 0x38, 0x9f, 0xbc, 0x15, 0xbc, 0x13, 0x8b, 0xb4, 0x41, 0xc3, 0x0c, 0x4f, 0xff,
+	0x62, 0x4e, 0x26, 0x4f, 0xb7, 0xd6, 0xc4, 0x21, 0x67, 0xe0, 0x1e, 0x99, 0x59, 0x3e, 0xa8, 0x9d,
+	0x4c, 0x4b, 0x79, 0x18, 0x6c, 0x53, 0x8b, 0xe5, 0xa8, 0x3d, 0x8b, 0xbe, 0x54, 0x80, 0x61, 0x63,
+	0xd2, 0xd0, 0x2f, 0x27, 0x13, 0x70, 0x5a, 0xf9, 0x7d, 0x12, 0x6b, 0x7f, 0x5a, 0xa7, 0xd8, 0xe4,
+	0x9f, 0xf4, 0x78, 0x77, 0xee, 0xcd, 0xdb, 0xbb, 0x53, 0xc7, 0x52, 0xd9, 0x35, 0x13, 0xf9, 0x38,
+	0x4f, 0xff, 0x34, 0x8c, 0xa7, 0x9a, 0xc9, 0xf8, 0xe4, 0x35, 0xf3, 0x93, 0x0f, 0x6d, 0xee, 0x33,
+	0x87, 0xec, 0x8b, 0x74, 0xc8, 0x44, 0xb8, 0x7c, 0xe0, 0x91, 0x3e, 0x6c, 0xdb, 0xa9, 0xf3, 0x45,
+	0xa1, 0xcf, 0xac, 0x18, 0x4f, 0x40, 0xb9, 0x15, 0x78, 0x6e, 0xcd, 0x55, 0xf9, 0xbb, 0x59, 0x1e,
+	0x8e, 0x55, 0x51, 0x86, 0x15, 0x14, 0xdd, 0x84, 0xca, 0x8d, 0x9b, 0x31, 0xbf, 0x55, 0x13, 0xf7,
+	0x06, 0x79, 0x5d, 0xa6, 0x29, 0xa5, 0x45, 0x5d, 0xdb, 0x61, 0x4d, 0x0b, 0xd9, 0x30, 0xc8, 0x84,
+	0xa0, 0x0c, 0x9d, 0x63, 0x77, 0x1a, 0x4c, 0x3a, 0x46, 0x58, 0x40, 0xec, 0xef, 0x00, 0x9c, 0xc8,
+	0x7a, 0x19, 0x08, 0xbd, 0x0f, 0x06, 0x79, 0x1f, 0xf3, 0x79, 0x7c, 0x2e, 0x8b, 0xc6, 0x05, 0xd6,
+	0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4d, 0x41, 0xdd, 0x73, 0xd6, 0xc5, 0x0a, 0x39, 0x1a, 0xea,
+	0x4b, 0x8e, 0xa6, 0xbe, 0xe4, 0x70, 0xea, 0x9e, 0xb3, 0x8e, 0x76, 0xa0, 0xd4, 0x70, 0x63, 0xe2,
+	0x08, 0xe3, 0xcc, 0xf5, 0x23, 0x21, 0x4e, 0x1c, 0xae, 0xa5, 0xb1, 0x9f, 0x98, 0x13, 0x44, 0x5f,
+	0xb0, 0x60, 0x7c, 0x3d, 0x99, 0x8e, 0x47, 0x30, 0x4f, 0xe7, 0x08, 0x5e, 0x7f, 0x4a, 0x12, 0xe2,
+	0x0f, 0xba, 0xa6, 0x0a, 0x71, 0xba, 0x3b, 0xe8, 0x43, 0x16, 0x0c, 0x6d, 0xb8, 0x9e, 0xf1, 0xbc,
+	0xc6, 0x11, 0x4c, 0xce, 0x79, 0x46, 0x40, 0x9f, 0x38, 0xf8, 0xff, 0x08, 0x4b, 0xca, 0xbd, 0x24,
+	0xd5, 0xe0, 0x61, 0x25, 0xd5, 0xd0, 0x3d, 0x92, 0x54, 0x1f, 0xb5, 0xa0, 0xa2, 0x46, 0x5a, 0xa4,
+	0x35, 0x79, 0xf7, 0x11, 0x4e, 0x39, 0xb7, 0x48, 0xa9, 0xbf, 0x58, 0x13, 0x47, 0xaf, 0x5b, 0x30,
+	0xec, 0xbc, 0xd6, 0x0e, 0x49, 0x9d, 0x6c, 0x07, 0xad, 0x48, 0xe4, 0x1b, 0x7d, 0x39, 0xff, 0xce,
+	0xcc, 0x52, 0x22, 0x0b, 0x64, 0x7b, 0xa5, 0x15, 0x89, 0xb0, 0x5e, 0x5d, 0x80, 0xcd, 0x2e, 0xa0,
+	0x9f, 0xd3, 0x72, 0x1c, 0xf2, 0xc8, 0x3a, 0x9d, 0xd5, 0x9b, 0xa3, 0x16, 0xe6, 0xbb, 0x05, 0x98,
+	0xda, 0x67, 0x14, 0xd0, 0xf3, 0x30, 0x12, 0x84, 0x0d, 0xc7, 0x77, 0x5f, 0x33, 0x73, 0x84, 0x29,
+	0x4d, 0x71, 0xc5, 0x80, 0xe1, 0x04, 0xa6, 0x99, 0x3c, 0xa6, 0xb0, 0x4f, 0xf2, 0x98, 0x33, 0x30,
+	0x10, 0x92, 0x56, 0x90, 0x3e, 0xf0, 0xb0, 0x10, 0x39, 0x06, 0x41, 0x8f, 0x40, 0xd1, 0x69, 0xb9,
+	0xc2, 0xea, 0xa7, 0xce, 0x71, 0xb3, 0xab, 0x8b, 0x98, 0x96, 0x27, 0x72, 0x59, 0x95, 0xee, 0x4a,
+	0x2e, 0x2b, 0x2a, 0xca, 0xc4, 0xbd, 0xd6, 0xa0, 0x16, 0x65, 0xc9, 0xfb, 0x26, 0xfb, 0x8d, 0x22,
+	0x3c, 0xb2, 0xe7, 0x9a, 0xd7, 0xae, 0xd3, 0xd6, 0x1e, 0xae, 0xd3, 0x72, 0x78, 0x0a, 0xfb, 0x0d,
+	0x4f, 0xb1, 0xc7, 0xf0, 0x7c, 0x88, 0x6e, 0x65, 0x99, 0x5b, 0x2d, 0x9f, 0x37, 0xc9, 0x7b, 0xa5,
+	0x6a, 0x13, 0xbb, 0x58, 0x42, 0xb1, 0xa6, 0x4b, 0xcf, 0x31, 0x89, 0xc4, 0x29, 0xa5, 0x3c, 0x44,
+	0x59, 0xcf, 0xfc, 0x66, 0x7c, 0xff, 0xf6, 0xca, 0xc6, 0x62, 0xff, 0xf6, 0x00, 0x3c, 0xd6, 0x87,
+	0x04, 0x32, 0x57, 0xb1, 0xd5, 0xe7, 0x2a, 0xfe, 0x2e, 0x9f, 0xa6, 0x8f, 0x64, 0x4e, 0x13, 0xce,
+	0x7f, 0x9a, 0xf6, 0x9e, 0x21, 0x76, 0x35, 0xe0, 0x47, 0xa4, 0xd6, 0x0e, 0x79, 0x18, 0x89, 0x11,
+	0x3f, 0xbb, 0x28, 0xca, 0xb1, 0xc2, 0xa0, 0xe7, 0xd2, 0x9a, 0x43, 0xb7, 0xff, 0x50, 0x4e, 0x89,
+	0x32, 0xcc, 0x50, 0x5c, 0xae, 0x16, 0xcd, 0xcf, 0x52, 0x0e, 0xc0, 0xc9, 0xd8, 0xbf, 0x6f, 0xc1,
+	0xe9, 0xde, 0x6a, 0x02, 0x7a, 0x1a, 0x86, 0xd7, 0x99, 0x53, 0xdf, 0x32, 0x73, 0x1c, 0x12, 0x4b,
+	0x87, 0x7d, 0xaf, 0x2e, 0xc6, 0x26, 0x0e, 0x9a, 0x87, 0x09, 0xd3, 0x1b, 0x70, 0xd9, 0xf0, 0x38,
+	0x62, 0x86, 0x8c, 0xb5, 0x34, 0x10, 0x77, 0xe3, 0xa3, 0x69, 0x80, 0xd8, 0x8d, 0x3d, 0xc2, 0x6b,
+	0xf3, 0x85, 0xc6, 0x2c, 0x7d, 0x6b, 0xaa, 0x14, 0x1b, 0x18, 0xf6, 0xb7, 0x8b, 0xd9, 0x9f, 0xc1,
+	0xd5, 0xcf, 0x83, 0xac, 0x7e, 0xb1, 0xb6, 0x0b, 0x7d, 0x70, 0xe8, 0xe2, 0xdd, 0xe6, 0xd0, 0x03,
+	0xbd, 0x38, 0x34, 0x5a, 0x80, 0x63, 0xc6, 0xf3, 0xa2, 0x3c, 0xd5, 0x0a, 0xbf, 0x2d, 0x52, 0x79,
+	0xd2, 0x56, 0x53, 0x70, 0xdc, 0x55, 0xe3, 0x3e, 0x5f, 0xaa, 0x5f, 0x29, 0xc0, 0xa9, 0x9e, 0x1a,
+	0xff, 0x5d, 0x92, 0x40, 0xe6, 0xf4, 0x0f, 0xdc, 0x9d, 0xe9, 0x37, 0x27, 0xa5, 0xb4, 0xef, 0xa4,
+	0xf4, 0x23, 0xce, 0xff, 0xa4, 0xd0, 0x73, 0xb3, 0xd0, 0x13, 0xe2, 0xf7, 0xec, 0x48, 0xbe, 0x00,
+	0xa3, 0x4e, 0xab, 0xc5, 0xf1, 0x58, 0x84, 0x40, 0x2a, 0x77, 0xe3, 0xac, 0x09, 0xc4, 0x49, 0xdc,
+	0xbe, 0x06, 0xf6, 0xcf, 0x2d, 0xa8, 0x60, 0xb2, 0xc1, 0x39, 0x1c, 0xba, 0x21, 0x86, 0xc8, 0xca,
+	0x23, 0x81, 0x3e, 0x1d, 0xd8, 0xc8, 0x65, 0x59, 0xe5, 0xb3, 0x06, 0xfb, 0xb0, 0x99, 0x00, 0xd4,
+	0xa3, 0xa4, 0xc5, 0xde, 0x8f, 0x92, 0xda, 0x5f, 0xae, 0xd0, 0xcf, 0x6b, 0x05, 0xf3, 0x21, 0xa9,
+	0x47, 0x74, 0x7e, 0xdb, 0xa1, 0x27, 0x16, 0x89, 0x9a, 0xdf, 0xab, 0x78, 0x09, 0xd3, 0xf2, 0xc4,
+	0xc5, 0x61, 0xe1, 0x40, 0x99, 0xeb, 0x8a, 0xfb, 0x66, 0xae, 0x7b, 0x01, 0x46, 0xa3, 0x68, 0x73,
+	0x35, 0x74, 0xb7, 0x9d, 0x98, 0x5c, 0x26, 0x32, 0xc5, 0x8d, 0xce, 0xe2, 0x54, 0xbd, 0xa8, 0x81,
+	0x38, 0x89, 0x8b, 0x2e, 0xc0, 0x84, 0xce, 0x1f, 0x47, 0xc2, 0x98, 0x85, 0xde, 0xf1, 0x95, 0xa0,
+	0xd2, 0x97, 0xe8, 0x8c, 0x73, 0x02, 0x01, 0x77, 0xd7, 0xa1, 0x3c, 0x37, 0x51, 0x48, 0x3b, 0x32,
+	0x98, 0xe4, 0xb9, 0x89, 0x76, 0x68, 0x5f, 0xba, 0x6a, 0xa0, 0x65, 0x38, 0xce, 0x17, 0xc6, 0x6c,
+	0xab, 0x65, 0x7c, 0xd1, 0x50, 0x32, 0x6b, 0xf9, 0x85, 0x6e, 0x14, 0x9c, 0x55, 0x0f, 0x3d, 0x07,
+	0xc3, 0xaa, 0x78, 0x71, 0x41, 0xdc, 0x79, 0x29, 0x9b, 0x9b, 0x6a, 0x66, 0xb1, 0x8e, 0x4d, 0x3c,
+	0xf4, 0x2e, 0x78, 0x50, 0xff, 0xe5, 0xa1, 0xdc, 0xfc, 0x22, 0x78, 0x41, 0xa4, 0xe6, 0x54, 0x8f,
+	0x62, 0x5d, 0xc8, 0x44, 0xab, 0xe3, 0x5e, 0xf5, 0xd1, 0x3a, 0x9c, 0x56, 0xa0, 0x73, 0x7e, 0xcc,
+	0x82, 0x2d, 0x23, 0x32, 0xe7, 0x44, 0xcc, 0xa5, 0x01, 0xd8, 0x77, 0xda, 0xa2, 0xf5, 0xd3, 0x17,
+	0xdc, 0xf8, 0x62, 0x16, 0x26, 0x5e, 0xc2, 0x7b, 0xb4, 0x82, 0x66, 0xa0, 0x42, 0x7c, 0x67, 0xdd,
+	0x23, 0x2b, 0xf3, 0x8b, 0x2c, 0xc5, 0xa7, 0x71, 0xef, 0x7c, 0x4e, 0x02, 0xb0, 0xc6, 0x51, 0x7e,
+	0xe6, 0x23, 0xbd, 0xfc, 0xcc, 0xd1, 0x2a, 0x9c, 0x68, 0xd4, 0x5a, 0x54, 0xcb, 0x74, 0x6b, 0x64,
+	0xb6, 0xc6, 0xdc, 0x6a, 0xe9, 0xc4, 0xf0, 0x74, 0xf2, 0x2a, 0x60, 0xe7, 0xc2, 0xfc, 0x6a, 0x17,
+	0x0e, 0xce, 0xac, 0xc9, 0xdc, 0xaf, 0xc3, 0x60, 0xa7, 0x33, 0x79, 0x3c, 0xe5, 0x7e, 0x4d, 0x0b,
+	0x31, 0x87, 0xa1, 0x4b, 0x80, 0x58, 0xd0, 0xda, 0xc5, 0x38, 0x6e, 0x29, 0xb5, 0x76, 0xf2, 0x44,
+	0x32, 0x51, 0xdf, 0xf9, 0x2e, 0x0c, 0x9c, 0x51, 0x8b, 0x6a, 0x3d, 0x7e, 0xc0, 0x5a, 0x9f, 0x7c,
+	0x30, 0xa9, 0xf5, 0x5c, 0xe1, 0xc5, 0x58, 0xc2, 0xd1, 0x4f, 0xc2, 0x64, 0x3b, 0x22, 0xec, 0xc0,
+	0x7c, 0x3d, 0x08, 0xb7, 0xbc, 0xc0, 0xa9, 0x2f, 0xb2, 0xd7, 0x4f, 0xe3, 0xce, 0xe4, 0x24, 0x23,
+	0x7e, 0x46, 0xd4, 0x9d, 0xbc, 0xda, 0x03, 0x0f, 0xf7, 0x6c, 0x21, 0x9d, 0x69, 0xf2, 0x54, 0x9f,
+	0x99, 0x26, 0x57, 0xe1, 0x84, 0x94, 0x6b, 0x2b, 0xf3, 0x8b, 0xea, 0xa3, 0x27, 0x4f, 0x27, 0x9f,
+	0x53, 0x5b, 0xcc, 0xc0, 0xc1, 0x99, 0x35, 0xed, 0x3f, 0xb3, 0x60, 0x54, 0x71, 0xb0, 0xbb, 0x10,
+	0x3c, 0xeb, 0x25, 0x83, 0x67, 0x2f, 0x1c, 0x5e, 0x06, 0xb0, 0x9e, 0xf7, 0x08, 0xf5, 0xf8, 0xcc,
+	0x28, 0x80, 0x96, 0x13, 0x4a, 0x44, 0x5b, 0x3d, 0x45, 0xf4, 0x7d, 0xcb, 0xa3, 0xb3, 0x32, 0x07,
+	0x96, 0xee, 0x6d, 0xe6, 0xc0, 0x2a, 0x9c, 0x94, 0x4b, 0x8a, 0xdf, 0xf5, 0x5e, 0x0c, 0x22, 0xc5,
+	0xf2, 0x8d, 0xf7, 0xf1, 0x16, 0xb3, 0x90, 0x70, 0x76, 0xdd, 0x84, 0x6e, 0x37, 0xb4, 0xaf, 0x6e,
+	0xa7, 0xb8, 0xdc, 0xd2, 0x86, 0x7c, 0xbd, 0x32, 0xc5, 0xe5, 0x96, 0xce, 0x57, 0xb1, 0xc6, 0xc9,
+	0x16, 0x75, 0x95, 0x9c, 0x44, 0x1d, 0x1c, 0x58, 0xd4, 0x49, 0xa6, 0x3b, 0xdc, 0x93, 0xe9, 0xca,
+	0x3b, 0xa5, 0x91, 0x9e, 0x77, 0x4a, 0xef, 0x84, 0x31, 0xd7, 0xdf, 0x24, 0xa1, 0x1b, 0x93, 0x3a,
+	0xdb, 0x0b, 0x8c, 0x21, 0x97, 0xb5, 0xa2, 0xb3, 0x98, 0x80, 0xe2, 0x14, 0x76, 0x52, 0x52, 0x8c,
+	0xf5, 0x21, 0x29, 0x7a, 0xc8, 0xe7, 0xf1, 0x7c, 0xe4, 0xf3, 0xb1, 0xc3, 0xcb, 0xe7, 0x89, 0x23,
+	0x95, 0xcf, 0x28, 0x17, 0xf9, 0xdc, 0x97, 0xe8, 0x33, 0x0e, 0xe9, 0x27, 0xf6, 0x39, 0xa4, 0xf7,
+	0x12, 0xce, 0x27, 0xef, 0x58, 0x38, 0x67, 0xcb, 0xdd, 0x07, 0xde, 0x94, 0xbb, 0xb9, 0xc8, 0xdd,
+	0x8f, 0x16, 0xe0, 0xa4, 0x96, 0x4c, 0x94, 0x1f, 0xb8, 0x1b, 0x94, 0x37, 0xb3, 0x27, 0xa1, 0xf9,
+	0x4d, 0xb4, 0x11, 0xb2, 0xad, 0x83, 0xd6, 0x15, 0x04, 0x1b, 0x58, 0x2c, 0xf2, 0x99, 0x84, 0xec,
+	0x31, 0x92, 0xb4, 0xd8, 0x9a, 0x17, 0xe5, 0x58, 0x61, 0xd0, 0x41, 0xa0, 0xbf, 0x45, 0xe2, 0x8d,
+	0x74, 0x9a, 0xeb, 0x79, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x82, 0x13, 0x61, 0x2c, 0x93, 0x8a, 0xae,
+	0x11, 0x7e, 0xac, 0x54, 0x5c, 0x52, 0x41, 0x65, 0x77, 0x58, 0x64, 0x7e, 0xa9, 0xbb, 0x3b, 0xcc,
+	0xa9, 0x53, 0x61, 0xd8, 0xff, 0xc3, 0x82, 0x53, 0x99, 0x43, 0x71, 0x17, 0xd4, 0x91, 0x9d, 0xa4,
+	0x3a, 0x52, 0xcd, 0xeb, 0x48, 0x6a, 0x7c, 0x45, 0x0f, 0xd5, 0xe4, 0x3f, 0x58, 0x30, 0xa6, 0xf1,
+	0xef, 0xc2, 0xa7, 0xba, 0xc9, 0x4f, 0xcd, 0xef, 0xf4, 0x5d, 0xe9, 0xfa, 0xb6, 0xdf, 0x2b, 0x80,
+	0x4a, 0x3d, 0x3f, 0x5b, 0x93, 0x0f, 0x7b, 0xec, 0xe3, 0x1b, 0xd1, 0x81, 0x41, 0xe6, 0xda, 0x11,
+	0xe5, 0xe3, 0xb6, 0x96, 0xa4, 0xcf, 0xdc, 0x44, 0xf4, 0x4d, 0x1b, 0xfb, 0x1b, 0x61, 0x41, 0x90,
+	0x3d, 0x95, 0xc3, 0xb3, 0x7a, 0xd7, 0x45, 0x00, 0xaf, 0x7e, 0x2a, 0x47, 0x94, 0x63, 0x85, 0x41,
+	0x05, 0xa6, 0x5b, 0x0b, 0xfc, 0x79, 0xcf, 0x89, 0x22, 0xa1, 0xc3, 0x29, 0x81, 0xb9, 0x28, 0x01,
+	0x58, 0xe3, 0x30, 0xaf, 0x0f, 0x37, 0x6a, 0x79, 0x4e, 0xc7, 0xb0, 0xb1, 0x18, 0x09, 0xa6, 0x14,
+	0x08, 0x9b, 0x78, 0x76, 0x13, 0x26, 0x93, 0x1f, 0xb1, 0x40, 0x36, 0x98, 0xcb, 0x75, 0x5f, 0xc3,
+	0x39, 0x03, 0x15, 0x87, 0xd5, 0x5a, 0x6a, 0x3b, 0x82, 0x27, 0x68, 0xc7, 0x63, 0x09, 0xc0, 0x1a,
+	0xc7, 0xfe, 0x67, 0x16, 0x1c, 0xcf, 0x18, 0xb4, 0x1c, 0x03, 0xa4, 0x63, 0xcd, 0x6d, 0xb2, 0x54,
+	0x9d, 0x1f, 0x80, 0xa1, 0x3a, 0xd9, 0x70, 0xa4, 0x53, 0xaf, 0x19, 0x03, 0xc0, 0x8b, 0xb1, 0x84,
+	0xdb, 0xbf, 0x55, 0x80, 0xf1, 0x64, 0x5f, 0x23, 0x16, 0x74, 0xc8, 0x87, 0xc9, 0x8d, 0x6a, 0xc1,
+	0x36, 0x09, 0x3b, 0xf4, 0xcb, 0xad, 0x54, 0xd0, 0x61, 0x17, 0x06, 0xce, 0xa8, 0xc5, 0x1e, 0x9e,
+	0xa8, 0xab, 0xd1, 0x96, 0x2b, 0xf2, 0x5a, 0x9e, 0x2b, 0x52, 0x4f, 0xa6, 0xe9, 0x00, 0xa4, 0x48,
+	0x62, 0x93, 0x3e, 0x55, 0xb9, 0x58, 0x14, 0xc7, 0x5c, 0xdb, 0xf5, 0x62, 0xd7, 0x17, 0x9f, 0x2c,
+	0xd6, 0xaa, 0x52, 0xb9, 0x96, 0xbb, 0x51, 0x70, 0x56, 0x3d, 0xfb, 0x5b, 0x03, 0xa0, 0x92, 0x7f,
+	0x30, 0x07, 0xcd, 0x9c, 0xdc, 0x5b, 0x0f, 0x1a, 0xba, 0xaa, 0xd6, 0xd6, 0xc0, 0x5e, 0x1e, 0x53,
+	0xdc, 0x30, 0x67, 0x5a, 0xf0, 0xd5, 0x80, 0xad, 0x69, 0x10, 0x36, 0xf1, 0x68, 0x4f, 0x3c, 0x77,
+	0x9b, 0xf0, 0x4a, 0x83, 0xc9, 0x9e, 0x2c, 0x49, 0x00, 0xd6, 0x38, 0x2c, 0xcf, 0xb4, 0xbb, 0xb1,
+	0x21, 0xac, 0x4c, 0x3a, 0xcf, 0xb4, 0xbb, 0xb1, 0x81, 0x19, 0x84, 0x3f, 0x4d, 0x14, 0x6c, 0x89,
+	0x63, 0x86, 0xf1, 0x34, 0x51, 0xb0, 0x85, 0x19, 0x84, 0xce, 0x92, 0x1f, 0x84, 0x4d, 0xc7, 0x73,
+	0x5f, 0x23, 0x75, 0x45, 0x45, 0x1c, 0x2f, 0xd4, 0x2c, 0x5d, 0xe9, 0x46, 0xc1, 0x59, 0xf5, 0xe8,
+	0x82, 0x6e, 0x85, 0xa4, 0xee, 0xd6, 0x62, 0xb3, 0x35, 0x48, 0x2e, 0xe8, 0xd5, 0x2e, 0x0c, 0x9c,
+	0x51, 0x0b, 0xcd, 0xc2, 0xb8, 0x4c, 0xde, 0x22, 0x13, 0x1e, 0x0e, 0x27, 0xb3, 0xa6, 0xe1, 0x24,
+	0x18, 0xa7, 0xf1, 0x29, 0x93, 0x6c, 0x8a, 0x74, 0xad, 0xec, 0x34, 0x62, 0x30, 0x49, 0x99, 0xc6,
+	0x15, 0x2b, 0x0c, 0xfb, 0x83, 0x45, 0x2a, 0xd4, 0x7b, 0x64, 0x45, 0xbe, 0x6b, 0xee, 0xd4, 0xc9,
+	0x15, 0x39, 0xd0, 0xc7, 0x8a, 0x7c, 0x16, 0x46, 0x6e, 0x44, 0x81, 0xaf, 0x5c, 0x95, 0x4b, 0x3d,
+	0x5d, 0x95, 0x0d, 0xac, 0x6c, 0x57, 0xe5, 0xc1, 0xbc, 0x5c, 0x95, 0x87, 0xee, 0xd0, 0x55, 0xf9,
+	0x0f, 0x4b, 0xa0, 0xde, 0x9e, 0xbc, 0x42, 0xe2, 0x9b, 0x41, 0xb8, 0xe5, 0xfa, 0x0d, 0x96, 0x88,
+	0xe4, 0x0b, 0x96, 0xcc, 0x65, 0xb2, 0x64, 0x86, 0xf0, 0x6e, 0xe4, 0xf4, 0x7e, 0x60, 0x82, 0xd8,
+	0xf4, 0x9a, 0x41, 0x88, 0xbb, 0xbc, 0xa4, 0x72, 0xa6, 0x88, 0x4b, 0x83, 0x44, 0x8f, 0xd0, 0x4f,
+	0x03, 0x48, 0x93, 0xfc, 0x86, 0xe4, 0xc0, 0x8b, 0xf9, 0xf4, 0x0f, 0x93, 0x0d, 0xad, 0x52, 0xaf,
+	0x29, 0x22, 0xd8, 0x20, 0x88, 0x3e, 0xaa, 0xc3, 0x9b, 0x79, 0x4c, 0xd3, 0x7b, 0x8f, 0x64, 0x6c,
+	0xfa, 0x09, 0x6e, 0xc6, 0x30, 0xe4, 0xfa, 0x0d, 0xba, 0x4e, 0x84, 0x4b, 0xe7, 0xdb, 0xb2, 0xf2,
+	0x5c, 0x2d, 0x05, 0x4e, 0x7d, 0xce, 0xf1, 0x1c, 0xbf, 0x46, 0xc2, 0x45, 0x8e, 0xae, 0x25, 0xa8,
+	0x28, 0xc0, 0xb2, 0xa1, 0xae, 0x07, 0x32, 0x4b, 0xfd, 0x3c, 0x90, 0x79, 0xfa, 0xc7, 0x60, 0xa2,
+	0x6b, 0x32, 0x0f, 0x14, 0xcb, 0x7c, 0x88, 0x0c, 0x57, 0xbf, 0x3d, 0xa8, 0x85, 0xd6, 0x95, 0xa0,
+	0xce, 0xdf, 0x5b, 0x0c, 0xf5, 0x8c, 0x0a, 0x95, 0x39, 0xc7, 0x25, 0xa2, 0xc4, 0x8c, 0x51, 0x88,
+	0x4d, 0x92, 0x74, 0x8d, 0xb6, 0x9c, 0x90, 0xf8, 0x47, 0xbd, 0x46, 0x57, 0x15, 0x11, 0x6c, 0x10,
+	0x44, 0x9b, 0x89, 0xa0, 0xbb, 0xf3, 0x87, 0x0f, 0xba, 0x63, 0x59, 0x47, 0xb3, 0x9e, 0x25, 0x7b,
+	0xdd, 0x82, 0x31, 0x3f, 0xb1, 0x72, 0xf3, 0xf1, 0xb3, 0xcf, 0xde, 0x15, 0xfc, 0xe9, 0xe2, 0x64,
+	0x19, 0x4e, 0xd1, 0xcf, 0x12, 0x69, 0xa5, 0x03, 0x8a, 0x34, 0xfd, 0xde, 0xeb, 0x60, 0xaf, 0xf7,
+	0x5e, 0x91, 0xaf, 0x1e, 0xe2, 0x1e, 0xca, 0x23, 0x4f, 0x48, 0xe2, 0x15, 0x6e, 0xc8, 0x78, 0x81,
+	0xfb, 0xba, 0x19, 0x93, 0x7b, 0xf0, 0x07, 0x99, 0x47, 0x7b, 0xc5, 0xee, 0xda, 0xff, 0x7b, 0x00,
+	0x8e, 0xc9, 0x11, 0x91, 0x31, 0x3a, 0x54, 0x3e, 0x72, 0xba, 0x5a, 0x57, 0x56, 0xf2, 0xf1, 0xa2,
+	0x04, 0x60, 0x8d, 0x43, 0xf5, 0xb1, 0x76, 0x44, 0x56, 0x5a, 0xc4, 0x5f, 0x72, 0xd7, 0x23, 0x71,
+	0xfd, 0xae, 0x36, 0xca, 0x55, 0x0d, 0xc2, 0x26, 0x1e, 0x0b, 0x1c, 0x36, 0x94, 0x56, 0x33, 0x70,
+	0x58, 0x28, 0xaa, 0x12, 0x8e, 0x3e, 0x9b, 0xf9, 0x4c, 0x43, 0x3e, 0x91, 0xad, 0x5d, 0xa1, 0x49,
+	0x07, 0x7b, 0x9f, 0x01, 0xfd, 0x23, 0x0b, 0x4e, 0xf2, 0x52, 0x39, 0x92, 0x57, 0x5b, 0x75, 0x27,
+	0x26, 0x51, 0x3e, 0x4f, 0x5a, 0x65, 0xf4, 0x4f, 0x5b, 0xd1, 0xb3, 0xc8, 0xe2, 0xec, 0xde, 0xa0,
+	0x4f, 0x59, 0x30, 0xbe, 0x95, 0x48, 0x36, 0x25, 0x45, 0xc7, 0x61, 0xf3, 0xc0, 0x24, 0x1a, 0xd5,
+	0x5b, 0x2d, 0x59, 0x1e, 0xe1, 0x34, 0x75, 0xfb, 0xaf, 0x2c, 0x30, 0xd9, 0xe8, 0xdd, 0xcf, 0x51,
+	0x75, 0x70, 0x55, 0x50, 0x6a, 0x97, 0xa5, 0x9e, 0xda, 0xe5, 0x23, 0x50, 0x6c, 0xbb, 0x75, 0x71,
+	0xbe, 0xd0, 0x17, 0xfe, 0x8b, 0x0b, 0x98, 0x96, 0xdb, 0xdf, 0x2c, 0x69, 0x33, 0x88, 0x08, 0x1c,
+	0xfd, 0x9e, 0xf8, 0xec, 0x0d, 0x95, 0x7c, 0x96, 0x7f, 0xf9, 0x95, 0xae, 0xe4, 0xb3, 0x3f, 0x72,
+	0xf0, 0xb8, 0x60, 0x3e, 0x40, 0xbd, 0x72, 0xcf, 0x0e, 0xed, 0x13, 0x14, 0x7c, 0x03, 0xca, 0xf4,
+	0x08, 0xc6, 0xec, 0x99, 0xe5, 0x44, 0xa7, 0xca, 0x17, 0x45, 0xf9, 0xed, 0xdd, 0xa9, 0x1f, 0x3e,
+	0x78, 0xb7, 0x64, 0x6d, 0xac, 0xda, 0x47, 0x11, 0x54, 0xe8, 0x6f, 0x16, 0xbf, 0x2c, 0x0e, 0x77,
+	0x57, 0x15, 0xcf, 0x94, 0x80, 0x5c, 0x82, 0xa3, 0x35, 0x1d, 0xe4, 0x43, 0x85, 0x22, 0x72, 0xa2,
+	0xfc, 0x0c, 0xb8, 0xaa, 0xa2, 0x88, 0x25, 0xe0, 0xf6, 0xee, 0xd4, 0x0b, 0x07, 0x27, 0xaa, 0xaa,
+	0x63, 0x4d, 0xc2, 0x10, 0x8d, 0xc3, 0x3d, 0x9f, 0x42, 0xff, 0x3f, 0x03, 0x7a, 0x7d, 0x8b, 0xbc,
+	0xc4, 0xdf, 0x13, 0xeb, 0xfb, 0xf9, 0xd4, 0xfa, 0x3e, 0xd3, 0xb5, 0xbe, 0xc7, 0xe8, 0x98, 0x65,
+	0x64, 0x4b, 0xbe, 0xdb, 0xca, 0xc2, 0xfe, 0x36, 0x09, 0xa6, 0x25, 0xbd, 0xda, 0x76, 0x43, 0x12,
+	0xad, 0x86, 0x6d, 0xdf, 0xf5, 0x1b, 0x6c, 0xc9, 0x96, 0x4d, 0x2d, 0x29, 0x01, 0xc6, 0x69, 0x7c,
+	0x7a, 0xf0, 0xa7, 0xeb, 0xe2, 0xba, 0xb3, 0xcd, 0x57, 0x9e, 0x91, 0x13, 0xb2, 0x2a, 0xca, 0xb1,
+	0xc2, 0x40, 0x9b, 0xf0, 0xb0, 0x6c, 0x60, 0x81, 0x78, 0x84, 0x7e, 0x10, 0x73, 0x64, 0x0c, 0x9b,
+	0x3c, 0xcc, 0x80, 0xfb, 0xa2, 0xbc, 0x55, 0xb4, 0xf0, 0x30, 0xde, 0x03, 0x17, 0xef, 0xd9, 0x92,
+	0xfd, 0x45, 0xe6, 0xba, 0x60, 0xa4, 0x71, 0xa0, 0xab, 0xcf, 0x73, 0x9b, 0xae, 0x4c, 0x5d, 0xa9,
+	0x56, 0xdf, 0x12, 0x2d, 0xc4, 0x1c, 0x86, 0x6e, 0xc2, 0xd0, 0x3a, 0x7f, 0x22, 0x3d, 0x9f, 0xa7,
+	0x89, 0xc4, 0x7b, 0xeb, 0x2c, 0x6d, 0xb5, 0x7c, 0x7c, 0xfd, 0xb6, 0xfe, 0x89, 0x25, 0x35, 0xfb,
+	0x6b, 0x25, 0x18, 0x97, 0xee, 0x65, 0x17, 0xdd, 0x88, 0x79, 0x24, 0x98, 0xb9, 0xfc, 0x0b, 0xfb,
+	0xe6, 0xf2, 0x7f, 0x0f, 0x40, 0x9d, 0xb4, 0xbc, 0xa0, 0xc3, 0x94, 0xc3, 0x81, 0x03, 0x2b, 0x87,
+	0xea, 0x3c, 0xb1, 0xa0, 0x5a, 0xc1, 0x46, 0x8b, 0x22, 0x5f, 0x27, 0x7f, 0x1a, 0x20, 0x95, 0xaf,
+	0xd3, 0x78, 0xc0, 0x6c, 0xf0, 0xee, 0x3e, 0x60, 0xe6, 0xc2, 0x38, 0xef, 0xa2, 0x4a, 0x96, 0x70,
+	0x07, 0x39, 0x11, 0x58, 0xb8, 0xd9, 0x42, 0xb2, 0x19, 0x9c, 0x6e, 0xd7, 0x7c, 0x9d, 0xac, 0x7c,
+	0xb7, 0x5f, 0x27, 0x7b, 0x3b, 0x54, 0xe4, 0x3c, 0x47, 0x93, 0x15, 0x9d, 0xc8, 0x47, 0x2e, 0x83,
+	0x08, 0x6b, 0x78, 0x57, 0xde, 0x17, 0xb8, 0x57, 0x79, 0x5f, 0xec, 0xd7, 0x8b, 0xf4, 0x54, 0xc1,
+	0xfb, 0x75, 0xe0, 0xc7, 0xfd, 0x2e, 0x1a, 0x8f, 0xfb, 0x1d, 0x6c, 0x3e, 0xcb, 0xa9, 0x47, 0x00,
+	0x1f, 0x86, 0x81, 0xd8, 0x69, 0xc8, 0xe8, 0x58, 0x06, 0x5d, 0x73, 0x1a, 0x11, 0x66, 0xa5, 0x07,
+	0x49, 0x6f, 0xfc, 0x02, 0x8c, 0x46, 0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x8c, 0xfb, 0x4b, 0xed,
+	0xa4, 0x63, 0x02, 0x71, 0x12, 0x17, 0x7d, 0xc8, 0x02, 0x08, 0x89, 0x3a, 0xb3, 0x0c, 0xe6, 0xb1,
+	0x86, 0x14, 0x1b, 0x90, 0xed, 0x9a, 0xf9, 0x3a, 0xd4, 0x59, 0xc5, 0x20, 0x6b, 0x7f, 0xc4, 0x82,
+	0x89, 0xae, 0x5a, 0xa8, 0x05, 0x83, 0x35, 0xf6, 0x04, 0x63, 0x3e, 0x09, 0x21, 0x93, 0xcf, 0x39,
+	0x72, 0xe1, 0xc4, 0xcb, 0xb0, 0xa0, 0x63, 0x7f, 0x79, 0x04, 0x4e, 0x54, 0xe7, 0x97, 0xe5, 0x83,
+	0x3c, 0x47, 0x16, 0xee, 0x9b, 0x45, 0xe3, 0xee, 0x85, 0xfb, 0xf6, 0xa0, 0xee, 0x19, 0xe1, 0xbe,
+	0x9e, 0x11, 0xee, 0x9b, 0x8c, 0xbd, 0x2c, 0xe6, 0x11, 0x7b, 0x99, 0xd5, 0x83, 0x7e, 0x62, 0x2f,
+	0x8f, 0x2c, 0xfe, 0x77, 0xcf, 0x0e, 0x1d, 0x28, 0xfe, 0x57, 0x05, 0x47, 0xe7, 0x12, 0x51, 0xd6,
+	0x63, 0xaa, 0x32, 0x83, 0xa3, 0x55, 0x60, 0x2a, 0x8f, 0x96, 0x14, 0x42, 0xef, 0xe5, 0xfc, 0x3b,
+	0xd0, 0x47, 0x60, 0xaa, 0x08, 0xd8, 0x34, 0x83, 0xa1, 0x87, 0xf2, 0x08, 0x86, 0xce, 0xea, 0xce,
+	0xbe, 0xc1, 0xd0, 0x2f, 0xc0, 0x68, 0xcd, 0x0b, 0x7c, 0xb2, 0x1a, 0x06, 0x71, 0x50, 0x0b, 0xe4,
+	0x83, 0xd7, 0xfa, 0xed, 0x42, 0x13, 0x88, 0x93, 0xb8, 0xbd, 0x22, 0xa9, 0x2b, 0x87, 0x8d, 0xa4,
+	0x86, 0x7b, 0x14, 0x49, 0x6d, 0xc4, 0x0a, 0x0f, 0xe7, 0x11, 0x2b, 0x9c, 0x35, 0x23, 0x7d, 0xbd,
+	0x68, 0xfd, 0x06, 0x7f, 0xef, 0x9d, 0x1e, 0x46, 0x38, 0x17, 0x66, 0x57, 0x74, 0xc3, 0x67, 0x5f,
+	0x39, 0x82, 0x05, 0x7b, 0xbd, 0xaa, 0xc9, 0xa8, 0x37, 0xe0, 0x75, 0x11, 0x4e, 0x76, 0xe4, 0x30,
+	0x61, 0xcc, 0x9f, 0x2b, 0xc0, 0xf7, 0xed, 0xdb, 0x05, 0x74, 0x13, 0x20, 0x76, 0x1a, 0x62, 0xa1,
+	0x8a, 0x8b, 0xac, 0x43, 0xfa, 0x15, 0xaf, 0xc9, 0xf6, 0x44, 0x88, 0x9d, 0x6a, 0x1e, 0x1b, 0xa4,
+	0x98, 0x3b, 0x71, 0xe0, 0x75, 0xe5, 0x72, 0xc6, 0x81, 0x47, 0x30, 0x83, 0x50, 0x45, 0x28, 0x24,
 	0x0d, 0xaa, 0xdc, 0x17, 0x93, 0x8a, 0x10, 0x66, 0xa5, 0x58, 0x40, 0xd1, 0x73, 0x30, 0xec, 0x78,
-	0x1e, 0x0f, 0xdf, 0x23, 0x91, 0x78, 0x24, 0x54, 0x27, 0x89, 0xd5, 0x20, 0x6c, 0xe2, 0xd9, 0x7f,
-	0x59, 0x80, 0xa9, 0x7d, 0x78, 0x4a, 0x57, 0xd8, 0x76, 0xa9, 0xef, 0xb0, 0x6d, 0x11, 0xae, 0x34,
-	0xd8, 0x23, 0x5c, 0xe9, 0x39, 0x18, 0x8e, 0x89, 0xd3, 0x14, 0x9e, 0x88, 0xe9, 0xdc, 0x87, 0x6b,
+	0x1e, 0x0f, 0xf7, 0x23, 0x91, 0x78, 0x54, 0x54, 0x27, 0x95, 0xd5, 0x20, 0x6c, 0xe2, 0xd9, 0x7f,
+	0x59, 0x80, 0xa9, 0x7d, 0x78, 0x4a, 0x57, 0x98, 0x77, 0xa9, 0xef, 0x30, 0x6f, 0x11, 0xae, 0x34,
+	0xd8, 0x23, 0x5c, 0xe9, 0x39, 0x18, 0x8e, 0x89, 0xd3, 0x14, 0x9e, 0x88, 0xe9, 0x5c, 0x89, 0x6b,
 	0x1a, 0x84, 0x4d, 0x3c, 0xca, 0xc5, 0xc6, 0x9c, 0x5a, 0x8d, 0x44, 0x91, 0x8c, 0x47, 0x12, 0x56,
 	0xee, 0xdc, 0x82, 0x9d, 0xd8, 0xe5, 0xc1, 0x6c, 0x82, 0x04, 0x4e, 0x91, 0x4c, 0x0f, 0x78, 0xa5,
-	0xcf, 0x01, 0xff, 0xd5, 0x02, 0x3c, 0xb2, 0xa7, 0x74, 0xeb, 0x3b, 0x54, 0xac, 0x1d, 0x91, 0x30,
+	0xcf, 0x01, 0xff, 0x95, 0x02, 0x3c, 0xb2, 0xa7, 0x74, 0xeb, 0x3b, 0x54, 0xac, 0x1d, 0x91, 0x30,
 	0xbd, 0x70, 0xae, 0x46, 0x24, 0xc4, 0x0c, 0xc2, 0x47, 0xa9, 0xd5, 0x52, 0x5e, 0xe4, 0xf9, 0xc7,
 	0x56, 0xf2, 0x51, 0x4a, 0x90, 0xc0, 0x29, 0x92, 0x77, 0xba, 0x2c, 0xbf, 0x36, 0x00, 0x8f, 0xf5,
-	0xa1, 0x03, 0xe4, 0x18, 0x83, 0x9a, 0x8c, 0x97, 0x2e, 0xde, 0xa3, 0x78, 0xe9, 0x3b, 0x1b, 0xae,
-	0x37, 0xc3, 0xac, 0xfb, 0x8a, 0x75, 0xfd, 0x62, 0x01, 0x4e, 0xf7, 0x56, 0x58, 0xd0, 0x8f, 0xc2,
-	0x78, 0xa8, 0x5c, 0x12, 0xcd, 0x50, 0xeb, 0xe3, 0xdc, 0xc6, 0x95, 0x00, 0xe1, 0x34, 0x2e, 0x9a,
-	0x06, 0x68, 0x39, 0xf1, 0x66, 0x74, 0x6e, 0xc7, 0x8d, 0x62, 0x91, 0x34, 0x6e, 0x8c, 0xdf, 0xbc,
+	0xa1, 0x03, 0xe4, 0x18, 0x83, 0x9a, 0x8c, 0xaf, 0x2e, 0xde, 0xa3, 0xf8, 0xea, 0x3b, 0x1b, 0xae,
+	0x37, 0xc3, 0xb2, 0xfb, 0x8a, 0x75, 0xfd, 0x62, 0x01, 0x4e, 0xf7, 0x56, 0x58, 0xd0, 0x8f, 0xc2,
+	0x78, 0xa8, 0x5c, 0x12, 0xcd, 0xd0, 0xec, 0xe3, 0xdc, 0xc6, 0x95, 0x00, 0xe1, 0x34, 0x2e, 0x9a,
+	0x06, 0x68, 0x39, 0xf1, 0x66, 0x74, 0x6e, 0xc7, 0x8d, 0x62, 0x91, 0x64, 0x6e, 0x8c, 0xdf, 0xbc,
 	0xca, 0x52, 0x6c, 0x60, 0x50, 0x72, 0xec, 0xdf, 0x42, 0x70, 0x25, 0x88, 0x79, 0x25, 0x7e, 0xf4,
-	0x3c, 0x2e, 0x5f, 0x14, 0x34, 0x40, 0x38, 0x8d, 0x4b, 0xc9, 0xb1, 0xbb, 0x7d, 0xde, 0x51, 0x7e,
-	0x26, 0x65, 0xe4, 0x96, 0x54, 0x29, 0x36, 0x30, 0xd2, 0x41, 0xe4, 0xa5, 0xfd, 0x83, 0xc8, 0xed,
-	0x7f, 0x59, 0x80, 0x53, 0x3d, 0x15, 0xde, 0xfe, 0xd8, 0xd4, 0xfd, 0x17, 0xf8, 0x7d, 0x87, 0x3b,
-	0xec, 0x40, 0x01, 0xc3, 0xf6, 0x9f, 0xf7, 0x58, 0x69, 0x22, 0x18, 0xf8, 0xce, 0xf3, 0xa0, 0xdc,
-	0x7f, 0xe3, 0xd9, 0x15, 0xff, 0x3b, 0x70, 0x80, 0xf8, 0xdf, 0xd4, 0x64, 0x94, 0xfa, 0x94, 0x0e,
-	0xff, 0x65, 0xa0, 0xe7, 0xf0, 0xd2, 0x03, 0x72, 0x5f, 0x37, 0x08, 0x0b, 0x70, 0xcc, 0xf5, 0xd9,
-	0x1b, 0xb1, 0xd5, 0xf6, 0xba, 0xc8, 0x23, 0xc6, 0x93, 0xe5, 0xaa, 0xe8, 0x9b, 0xc5, 0x14, 0x1c,
-	0x77, 0xd5, 0xb8, 0x0f, 0xe3, 0xb1, 0xef, 0x6c, 0x48, 0x0f, 0xc8, 0xb9, 0x57, 0xe0, 0xa4, 0x1c,
-	0x8a, 0x4d, 0x27, 0x24, 0x75, 0x21, 0x6c, 0x23, 0x11, 0x6f, 0x75, 0x8a, 0xc7, 0x6c, 0x65, 0x20,
-	0xe0, 0xec, 0x7a, 0xec, 0x41, 0xcf, 0xa0, 0xe5, 0xd6, 0xc4, 0x51, 0x50, 0x3f, 0xe8, 0x49, 0x0b,
-	0x31, 0x87, 0x69, 0x79, 0x51, 0xb9, 0x3b, 0xf2, 0xe2, 0x3d, 0x50, 0x51, 0xe3, 0xcd, 0x63, 0x2a,
-	0xd4, 0x22, 0xef, 0x8a, 0xa9, 0x50, 0x2b, 0xdc, 0xc0, 0xda, 0xef, 0xdd, 0xfc, 0x67, 0x60, 0x44,
-	0xd9, 0x02, 0xfb, 0x7d, 0x56, 0xd5, 0xfe, 0xbf, 0x05, 0x48, 0xbd, 0x20, 0x86, 0x76, 0xa0, 0x52,
-	0x97, 0x2f, 0xd7, 0xe7, 0x93, 0xac, 0x59, 0x3d, 0x84, 0xaf, 0x2f, 0xc2, 0x54, 0x11, 0xd6, 0xc4,
-	0xd0, 0xfb, 0x78, 0x5e, 0x64, 0x41, 0xba, 0x90, 0x47, 0x4c, 0x7e, 0x55, 0xb5, 0x67, 0xbe, 0x9b,
-	0x28, 0xcb, 0xb0, 0x41, 0x0f, 0xc5, 0x50, 0xd9, 0x94, 0x2f, 0xa5, 0xe5, 0xc3, 0xee, 0xd4, 0xc3,
-	0x6b, 0x5c, 0x45, 0x53, 0x7f, 0xb1, 0x26, 0x64, 0xff, 0x59, 0x01, 0x4e, 0x24, 0x27, 0x40, 0x5c,
-	0x5c, 0xfe, 0xba, 0x05, 0x0f, 0x7a, 0x4e, 0x14, 0x57, 0xdb, 0xec, 0xa0, 0xb0, 0xd1, 0xf6, 0x56,
-	0x52, 0x29, 0xb4, 0x0f, 0x6b, 0x6c, 0x51, 0x0d, 0xa7, 0x5f, 0xd6, 0x9b, 0x7b, 0xe8, 0xd6, 0xee,
-	0xd4, 0x83, 0x4b, 0xd9, 0xc4, 0x71, 0xaf, 0x5e, 0xa1, 0xd7, 0x2d, 0x38, 0x56, 0x6b, 0x87, 0x21,
-	0xf1, 0x63, 0xdd, 0x55, 0x3e, 0x8b, 0x57, 0x72, 0x19, 0x48, 0xdd, 0xc1, 0x13, 0x94, 0xa1, 0xce,
-	0xa7, 0x68, 0xe1, 0x2e, 0xea, 0xf6, 0x2f, 0x52, 0xc9, 0xd9, 0xf3, 0x3b, 0xff, 0x86, 0x3d, 0x05,
-	0xf8, 0x9d, 0x41, 0x18, 0x4d, 0xe4, 0x09, 0x4f, 0x5c, 0xf6, 0x59, 0xfb, 0x5e, 0xf6, 0xb1, 0x08,
-	0xc1, 0xb6, 0x2f, 0x5f, 0x49, 0x37, 0x22, 0x04, 0xdb, 0x3e, 0xc1, 0x1c, 0x26, 0x86, 0x14, 0xb7,
-	0x7d, 0x11, 0x0b, 0x60, 0x0e, 0x29, 0x6e, 0xfb, 0x58, 0x40, 0xd1, 0x07, 0x2c, 0x18, 0x61, 0x9b,
-	0x4f, 0x5c, 0x95, 0x0a, 0x81, 0x76, 0x29, 0x87, 0xed, 0x2e, 0x73, 0xe2, 0x33, 0xdf, 0x51, 0xb3,
-	0x04, 0x27, 0x28, 0xa2, 0x0f, 0x5b, 0x50, 0x51, 0x4f, 0xb2, 0x8a, 0xbb, 0x91, 0x6a, 0xbe, 0x69,
-	0xd8, 0x53, 0x5c, 0x4f, 0xe5, 0xc3, 0xc6, 0x9a, 0x30, 0x8a, 0xd4, 0x3d, 0xe6, 0xd0, 0xd1, 0xdc,
-	0x63, 0x42, 0xc6, 0x1d, 0xe6, 0xdb, 0xa1, 0xd2, 0x74, 0x7c, 0x77, 0x83, 0x44, 0x31, 0xbf, 0x5a,
-	0x94, 0xaf, 0x6e, 0xc8, 0x42, 0xac, 0xe1, 0x54, 0xd9, 0x8f, 0xd8, 0x87, 0xc5, 0xc6, 0x5d, 0x20,
-	0x53, 0xf6, 0xab, 0xba, 0x18, 0x9b, 0x38, 0xe6, 0xc5, 0x25, 0xdc, 0xd3, 0x8b, 0xcb, 0xe1, 0x7d,
-	0x2e, 0x2e, 0xab, 0x70, 0xd2, 0x69, 0xc7, 0xc1, 0x45, 0xe2, 0x78, 0xb3, 0x71, 0x4c, 0x9a, 0xad,
-	0x38, 0xe2, 0xa9, 0xe5, 0x47, 0x98, 0x09, 0x58, 0x79, 0xbb, 0x55, 0x89, 0xb7, 0xd1, 0x85, 0x84,
-	0xb3, 0xeb, 0xda, 0xff, 0xdc, 0x82, 0x93, 0x99, 0x4b, 0xe1, 0xfe, 0x8d, 0x33, 0xb0, 0x3f, 0x5d,
-	0x82, 0xe3, 0x19, 0xaf, 0x08, 0xa0, 0x8e, 0xb9, 0x49, 0xac, 0x3c, 0x5c, 0xf6, 0x92, 0x1e, 0x68,
-	0x72, 0x6e, 0x32, 0x76, 0xc6, 0xc1, 0x7c, 0x11, 0xb4, 0x3f, 0x40, 0xf1, 0xee, 0xfa, 0x03, 0x18,
-	0x6b, 0x7d, 0xe0, 0x9e, 0xae, 0xf5, 0xd2, 0x3e, 0x6b, 0xfd, 0x4b, 0x16, 0x4c, 0x36, 0x7b, 0x3c,
-	0x09, 0x26, 0xee, 0x93, 0xae, 0x1d, 0xcd, 0x83, 0x63, 0x73, 0x0f, 0xdf, 0xda, 0x9d, 0xea, 0xf9,
-	0x12, 0x1b, 0xee, 0xd9, 0x2b, 0xfb, 0x5b, 0x45, 0x60, 0xfa, 0x1a, 0xcb, 0x14, 0xdd, 0x41, 0xef,
-	0x37, 0x1f, 0x23, 0xb1, 0xf2, 0x7a, 0x38, 0x83, 0x37, 0xae, 0x1e, 0x33, 0xe1, 0x23, 0x98, 0xf5,
-	0xb6, 0x49, 0x9a, 0x13, 0x16, 0xfa, 0xe0, 0x84, 0x9e, 0x7c, 0xf5, 0xa5, 0x98, 0xff, 0xab, 0x2f,
-	0x95, 0xf4, 0x8b, 0x2f, 0x7b, 0x4f, 0xf1, 0xc0, 0x7d, 0x39, 0xc5, 0xbf, 0x6b, 0x71, 0xc6, 0x93,
-	0x9a, 0x05, 0xad, 0x6e, 0x58, 0x7b, 0xa8, 0x1b, 0x4f, 0x42, 0x39, 0x12, 0x9c, 0x59, 0xa8, 0x25,
-	0xda, 0x15, 0x4c, 0x94, 0x63, 0x85, 0x41, 0x4f, 0x5d, 0x8e, 0xe7, 0x05, 0x37, 0xcf, 0x35, 0x5b,
-	0x71, 0x47, 0x28, 0x28, 0xea, 0x58, 0x30, 0xab, 0x20, 0xd8, 0xc0, 0x42, 0x8f, 0xc1, 0x20, 0xcf,
-	0x34, 0x21, 0x8c, 0x3b, 0xc3, 0x74, 0x1f, 0xf2, 0x34, 0x14, 0x75, 0x2c, 0x40, 0xf6, 0x26, 0x18,
-	0xa7, 0x8a, 0x3b, 0x7f, 0x66, 0xb9, 0x8f, 0x67, 0xfd, 0xff, 0x7e, 0x41, 0x90, 0xe2, 0xa7, 0x04,
-	0xed, 0x19, 0x68, 0x1d, 0xd0, 0x33, 0xf0, 0x7d, 0x00, 0xb5, 0xa0, 0xd9, 0xa2, 0xe7, 0xe6, 0xb5,
-	0x20, 0x9f, 0xc3, 0xd6, 0xbc, 0x6a, 0x4f, 0x8f, 0xaa, 0x2e, 0xc3, 0x06, 0xbd, 0x04, 0x6b, 0x2f,
-	0xee, 0xcb, 0xda, 0x13, 0x5c, 0x6e, 0x60, 0x6f, 0x2e, 0x67, 0xff, 0xa5, 0x05, 0x09, 0xad, 0x0f,
-	0xb5, 0xa0, 0x44, 0xbb, 0xdb, 0x11, 0x0c, 0x63, 0x25, 0x3f, 0x15, 0x93, 0x72, 0x6a, 0xb1, 0x0b,
-	0xd9, 0x4f, 0xcc, 0x09, 0x21, 0x4f, 0x78, 0x41, 0xe6, 0x72, 0xf8, 0x31, 0x09, 0x5e, 0x0c, 0x82,
-	0x2d, 0xee, 0x4c, 0xa4, 0x3d, 0x2a, 0xed, 0xe7, 0x61, 0xa2, 0xab, 0x53, 0xec, 0x69, 0xe6, 0x40,
-	0x9e, 0xe0, 0x8d, 0xdd, 0xc3, 0x12, 0x3e, 0x60, 0x0e, 0xb3, 0xbf, 0x68, 0xc1, 0xb1, 0x74, 0xf3,
-	0xe8, 0x0d, 0x0b, 0x26, 0xa2, 0x74, 0x7b, 0x47, 0x35, 0x76, 0x2a, 0xda, 0xa1, 0x0b, 0x84, 0xbb,
-	0x3b, 0x61, 0xff, 0x77, 0x21, 0x0d, 0xae, 0xbb, 0x7e, 0x3d, 0xb8, 0xa9, 0xf4, 0x24, 0xab, 0xa7,
-	0x9e, 0x44, 0xd9, 0x43, 0x6d, 0x93, 0xd4, 0xdb, 0x5e, 0x57, 0x1a, 0x8a, 0xaa, 0x28, 0xc7, 0x0a,
-	0x83, 0x45, 0xdd, 0xb7, 0xc5, 0xb9, 0x35, 0xb5, 0x28, 0x17, 0x44, 0x39, 0x56, 0x18, 0xe8, 0x59,
-	0x18, 0x31, 0x3e, 0x52, 0xae, 0x4b, 0x76, 0xe8, 0x30, 0x24, 0x78, 0x84, 0x13, 0x58, 0x68, 0x1a,
-	0x40, 0xe9, 0x5c, 0x52, 0x62, 0x33, 0x43, 0xbb, 0x62, 0x8c, 0x11, 0x36, 0x30, 0x58, 0x8e, 0x0b,
-	0xaf, 0x1d, 0xb1, 0x9b, 0xe4, 0x41, 0xfd, 0x72, 0xc2, 0xbc, 0x28, 0xc3, 0x0a, 0x4a, 0x99, 0x5b,
-	0xd3, 0xf1, 0xdb, 0x8e, 0x47, 0x47, 0x48, 0x98, 0xce, 0xd4, 0x36, 0x5c, 0x56, 0x10, 0x6c, 0x60,
-	0xd1, 0x2f, 0x8e, 0xdd, 0x26, 0x79, 0x29, 0xf0, 0xa5, 0x97, 0xba, 0x76, 0x2e, 0x10, 0xe5, 0x58,
-	0x61, 0xa0, 0xe7, 0x61, 0xd8, 0xf1, 0xeb, 0x5c, 0x41, 0x0c, 0x42, 0x71, 0x47, 0xa9, 0x4e, 0x9f,
-	0x57, 0x23, 0x32, 0xab, 0xa1, 0xd8, 0x44, 0x4d, 0x3f, 0x1b, 0x01, 0x7d, 0x3e, 0x4b, 0xf7, 0x17,
-	0x16, 0x8c, 0xeb, 0xa4, 0x45, 0xcc, 0xc2, 0x96, 0x30, 0x2d, 0x5a, 0xfb, 0x9a, 0x16, 0x93, 0xb9,
-	0x4b, 0x0a, 0x7d, 0xe5, 0x2e, 0x31, 0xd3, 0x8a, 0x14, 0xf7, 0x4c, 0x2b, 0xf2, 0xfd, 0x30, 0xb4,
-	0x45, 0x3a, 0x46, 0xfe, 0x11, 0x26, 0x1c, 0x2e, 0xf3, 0x22, 0x2c, 0x61, 0xc8, 0x86, 0xc1, 0x9a,
-	0xa3, 0x72, 0x18, 0x8e, 0x08, 0xdf, 0xb4, 0x59, 0x86, 0x24, 0x20, 0xf6, 0x0a, 0x54, 0xd4, 0xa5,
-	0xbe, 0xb4, 0xf4, 0x59, 0xd9, 0x96, 0xbe, 0xbe, 0xd2, 0x1b, 0xcc, 0xad, 0x7f, 0xf5, 0xdb, 0x8f,
-	0xbe, 0xe5, 0x8f, 0xbf, 0xfd, 0xe8, 0x5b, 0xfe, 0xf4, 0xdb, 0x8f, 0xbe, 0xe5, 0x03, 0xb7, 0x1e,
-	0xb5, 0xbe, 0x7a, 0xeb, 0x51, 0xeb, 0x8f, 0x6f, 0x3d, 0x6a, 0xfd, 0xe9, 0xad, 0x47, 0xad, 0x6f,
-	0xdd, 0x7a, 0xd4, 0x7a, 0xfd, 0x3f, 0x3f, 0xfa, 0x96, 0x97, 0x32, 0xe3, 0x22, 0xe8, 0x8f, 0xa7,
-	0x6a, 0xf5, 0x99, 0xed, 0x67, 0x98, 0x6b, 0x3e, 0xdd, 0xcf, 0x33, 0xc6, 0x22, 0x9e, 0x91, 0xfb,
-	0xf9, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, 0xe3, 0xbb, 0x00, 0x38, 0x37, 0xff, 0x00, 0x00,
+	0x3c, 0x2e, 0x5f, 0x20, 0x34, 0x40, 0x38, 0x8d, 0x4b, 0xc9, 0xb1, 0xbb, 0x7d, 0xde, 0xd1, 0x01,
+	0x1d, 0xcc, 0xbd, 0xa4, 0x4a, 0xb1, 0x81, 0x91, 0x0e, 0x3a, 0x2f, 0xed, 0x1f, 0x74, 0x6e, 0xff,
+	0xab, 0x02, 0x9c, 0xea, 0xa9, 0xf0, 0xf6, 0xc7, 0xa6, 0xee, 0xbf, 0xc0, 0xef, 0x3b, 0xdc, 0x61,
+	0x07, 0x0a, 0x18, 0xb6, 0xff, 0xbc, 0xc7, 0x4a, 0x13, 0xc1, 0xc0, 0x77, 0x9e, 0x37, 0xe5, 0xfe,
+	0x1b, 0xcf, 0xae, 0xf8, 0xdf, 0x81, 0x03, 0xc4, 0xff, 0xa6, 0x26, 0xa3, 0xd4, 0xa7, 0x74, 0xf8,
+	0x2f, 0x03, 0x3d, 0x87, 0x97, 0x1e, 0x90, 0xfb, 0xba, 0x41, 0x58, 0x80, 0x63, 0xae, 0xcf, 0xde,
+	0x94, 0xad, 0xb6, 0xd7, 0x45, 0xde, 0x31, 0x9e, 0x5c, 0x57, 0x45, 0xdf, 0x2c, 0xa6, 0xe0, 0xb8,
+	0xab, 0xc6, 0x7d, 0x18, 0x8f, 0x7d, 0x67, 0x43, 0x7a, 0x40, 0xce, 0xbd, 0x02, 0x27, 0xe5, 0x50,
+	0x6c, 0x3a, 0x21, 0xa9, 0x0b, 0x61, 0x1b, 0x89, 0x78, 0xab, 0x53, 0x3c, 0x66, 0x2b, 0x03, 0x01,
+	0x67, 0xd7, 0x63, 0x0f, 0x80, 0x06, 0x2d, 0xb7, 0x26, 0x8e, 0x82, 0xfa, 0x01, 0x50, 0x5a, 0x88,
+	0x39, 0x4c, 0xcb, 0x8b, 0xca, 0xdd, 0x91, 0x17, 0xef, 0x81, 0x8a, 0x1a, 0x6f, 0x1e, 0x53, 0xa1,
+	0x16, 0x79, 0x57, 0x4c, 0x85, 0x5a, 0xe1, 0x06, 0xd6, 0x7e, 0xef, 0xec, 0x3f, 0x03, 0x23, 0xca,
+	0x16, 0xd8, 0xef, 0x33, 0xac, 0xf6, 0xff, 0x2d, 0x40, 0xea, 0xc5, 0x31, 0xb4, 0x03, 0x95, 0xba,
+	0x7c, 0xe9, 0x3e, 0x9f, 0xe4, 0xce, 0xea, 0xe1, 0x7c, 0x7d, 0x11, 0xa6, 0x8a, 0xb0, 0x26, 0x86,
+	0xde, 0xc7, 0xf3, 0x28, 0x0b, 0xd2, 0x85, 0x3c, 0x62, 0xf2, 0xab, 0xaa, 0x3d, 0xf3, 0x9d, 0x45,
+	0x59, 0x86, 0x0d, 0x7a, 0x28, 0x86, 0xca, 0xa6, 0x7c, 0x59, 0x2d, 0x1f, 0x76, 0xa7, 0x1e, 0x6a,
+	0xe3, 0x2a, 0x9a, 0xfa, 0x8b, 0x35, 0x21, 0xfb, 0xcf, 0x0a, 0x70, 0x22, 0x39, 0x01, 0xe2, 0xe2,
+	0xf2, 0xd7, 0x2c, 0x78, 0xd0, 0x73, 0xa2, 0xb8, 0xda, 0x66, 0x07, 0x85, 0x8d, 0xb6, 0xb7, 0x92,
+	0x4a, 0xb9, 0x7d, 0x58, 0x63, 0x8b, 0x6a, 0x38, 0xfd, 0x12, 0xdf, 0xdc, 0x43, 0xb7, 0x76, 0xa7,
+	0x1e, 0x5c, 0xca, 0x26, 0x8e, 0x7b, 0xf5, 0x0a, 0xbd, 0x6e, 0xc1, 0xb1, 0x5a, 0x3b, 0x0c, 0x89,
+	0x1f, 0xeb, 0xae, 0xf2, 0x59, 0xbc, 0x92, 0xcb, 0x40, 0xea, 0x0e, 0x9e, 0xa0, 0x0c, 0x75, 0x3e,
+	0x45, 0x0b, 0x77, 0x51, 0xb7, 0x7f, 0x91, 0x4a, 0xce, 0x9e, 0xdf, 0xf9, 0x37, 0xec, 0xe9, 0xc0,
+	0xef, 0x0c, 0xc2, 0x68, 0x22, 0xaf, 0x78, 0xe2, 0xb2, 0xcf, 0xda, 0xf7, 0xb2, 0x8f, 0x45, 0x08,
+	0xb6, 0x7d, 0xf9, 0xaa, 0xba, 0x11, 0x21, 0xd8, 0xf6, 0x09, 0xe6, 0x30, 0x31, 0xa4, 0xb8, 0xed,
+	0x8b, 0x58, 0x00, 0x73, 0x48, 0x71, 0xdb, 0xc7, 0x02, 0x8a, 0x3e, 0x60, 0xc1, 0x08, 0xdb, 0x7c,
+	0xe2, 0xaa, 0x54, 0x08, 0xb4, 0x4b, 0x39, 0x6c, 0x77, 0x99, 0x43, 0x9f, 0xf9, 0x8e, 0x9a, 0x25,
+	0x38, 0x41, 0x11, 0x7d, 0xd8, 0x82, 0x8a, 0x7a, 0xc2, 0x55, 0xdc, 0x8d, 0x54, 0xf3, 0x4d, 0xdb,
+	0x9e, 0xe2, 0x7a, 0x2a, 0x7f, 0x36, 0xd6, 0x84, 0x51, 0xa4, 0xee, 0x31, 0x87, 0x8e, 0xe6, 0x1e,
+	0x13, 0x32, 0xee, 0x30, 0xdf, 0x0e, 0x95, 0xa6, 0xe3, 0xbb, 0x1b, 0x24, 0x8a, 0xf9, 0xd5, 0xa2,
+	0x7c, 0xa5, 0x43, 0x16, 0x62, 0x0d, 0xa7, 0xca, 0x7e, 0xc4, 0x3e, 0x2c, 0x36, 0xee, 0x02, 0x99,
+	0xb2, 0x5f, 0xd5, 0xc5, 0xd8, 0xc4, 0x31, 0x2f, 0x2e, 0xe1, 0x9e, 0x5e, 0x5c, 0x0e, 0xef, 0x73,
+	0x71, 0x59, 0x85, 0x93, 0x4e, 0x3b, 0x0e, 0x2e, 0x12, 0xc7, 0x9b, 0x8d, 0x63, 0xd2, 0x6c, 0xc5,
+	0x11, 0x4f, 0x45, 0x3f, 0xc2, 0x4c, 0xc0, 0xca, 0xdb, 0xad, 0x4a, 0xbc, 0x8d, 0x2e, 0x24, 0x9c,
+	0x5d, 0xd7, 0xfe, 0x17, 0x16, 0x9c, 0xcc, 0x5c, 0x0a, 0xf7, 0x6f, 0x9c, 0x81, 0xfd, 0xe9, 0x12,
+	0x1c, 0xcf, 0x78, 0x75, 0x00, 0x75, 0xcc, 0x4d, 0x62, 0xe5, 0xe1, 0xb2, 0x97, 0xf4, 0x40, 0x93,
+	0x73, 0x93, 0xb1, 0x33, 0x0e, 0xe6, 0x8b, 0xa0, 0xfd, 0x01, 0x8a, 0x77, 0xd7, 0x1f, 0xc0, 0x58,
+	0xeb, 0x03, 0xf7, 0x74, 0xad, 0x97, 0xf6, 0x59, 0xeb, 0x5f, 0xb2, 0x60, 0xb2, 0xd9, 0xe3, 0x09,
+	0x31, 0x71, 0x9f, 0x74, 0xed, 0x68, 0x1e, 0x28, 0x9b, 0x7b, 0xf8, 0xd6, 0xee, 0x54, 0xcf, 0x97,
+	0xdb, 0x70, 0xcf, 0x5e, 0xd9, 0xdf, 0x2a, 0x02, 0xd3, 0xd7, 0x58, 0x66, 0xe9, 0x0e, 0x7a, 0xbf,
+	0xf9, 0x78, 0x89, 0x95, 0xd7, 0x43, 0x1b, 0xbc, 0x71, 0xf5, 0xf8, 0x09, 0x1f, 0xc1, 0xac, 0xb7,
+	0x50, 0xd2, 0x9c, 0xb0, 0xd0, 0x07, 0x27, 0xf4, 0xe4, 0x2b, 0x31, 0xc5, 0xfc, 0x5f, 0x89, 0xa9,
+	0xa4, 0x5f, 0x88, 0xd9, 0x7b, 0x8a, 0x07, 0xee, 0xcb, 0x29, 0xfe, 0x1d, 0x8b, 0x33, 0x9e, 0xd4,
+	0x2c, 0x68, 0x75, 0xc3, 0xda, 0x43, 0xdd, 0x78, 0x12, 0xca, 0x91, 0xe0, 0xcc, 0x42, 0x2d, 0xd1,
+	0xae, 0x60, 0xa2, 0x1c, 0x2b, 0x0c, 0x7a, 0xea, 0x72, 0x3c, 0x2f, 0xb8, 0x79, 0xae, 0xd9, 0x8a,
+	0x3b, 0x42, 0x41, 0x51, 0xc7, 0x82, 0x59, 0x05, 0xc1, 0x06, 0x16, 0x7a, 0x0c, 0x06, 0x79, 0xa6,
+	0x09, 0x61, 0xdc, 0x19, 0xa6, 0xfb, 0x90, 0xa7, 0xa1, 0xa8, 0x63, 0x01, 0xb2, 0x37, 0xc1, 0x38,
+	0x55, 0xdc, 0xf9, 0xb3, 0xcc, 0xea, 0x81, 0xd8, 0x42, 0xaf, 0x07, 0x62, 0xed, 0x7f, 0x50, 0x10,
+	0xa4, 0xf8, 0x29, 0x41, 0x7b, 0x06, 0x5a, 0x07, 0xf4, 0x0c, 0x7c, 0x1f, 0x40, 0x2d, 0x68, 0xb6,
+	0xe8, 0xb9, 0x79, 0x2d, 0xc8, 0xe7, 0xb0, 0x35, 0xaf, 0xda, 0xd3, 0xa3, 0xaa, 0xcb, 0xb0, 0x41,
+	0x2f, 0xc1, 0xda, 0x8b, 0xfb, 0xb2, 0xf6, 0x04, 0x97, 0x1b, 0xd8, 0x9b, 0xcb, 0xd9, 0x7f, 0x69,
+	0x41, 0x42, 0xeb, 0x43, 0x2d, 0x28, 0xd1, 0xee, 0x76, 0x04, 0xc3, 0x58, 0xc9, 0x4f, 0xc5, 0xa4,
+	0x9c, 0x5a, 0xec, 0x42, 0xf6, 0x13, 0x73, 0x42, 0xc8, 0x13, 0x5e, 0x90, 0xb9, 0x1c, 0x7e, 0x4c,
+	0x82, 0x17, 0x83, 0x60, 0x8b, 0x3b, 0x13, 0x69, 0x8f, 0x4a, 0xfb, 0x79, 0x98, 0xe8, 0xea, 0x14,
+	0x7b, 0xca, 0x39, 0x90, 0x27, 0x78, 0x63, 0xf7, 0xb0, 0x84, 0x0f, 0x98, 0xc3, 0xec, 0x2f, 0x5a,
+	0x70, 0x2c, 0xdd, 0x3c, 0x7a, 0xc3, 0x82, 0x89, 0x28, 0xdd, 0xde, 0x51, 0x8d, 0x9d, 0x8a, 0x76,
+	0xe8, 0x02, 0xe1, 0xee, 0x4e, 0xd8, 0xff, 0x5d, 0x48, 0x83, 0xeb, 0xae, 0x5f, 0x0f, 0x6e, 0x2a,
+	0x3d, 0xc9, 0xea, 0xa9, 0x27, 0x51, 0xf6, 0x50, 0xdb, 0x24, 0xf5, 0xb6, 0xd7, 0x95, 0x86, 0xa2,
+	0x2a, 0xca, 0xb1, 0xc2, 0x60, 0x51, 0xf7, 0x6d, 0x71, 0x6e, 0x4d, 0x2d, 0xca, 0x05, 0x51, 0x8e,
+	0x15, 0x06, 0x7a, 0x16, 0x46, 0x8c, 0x8f, 0x94, 0xeb, 0x92, 0x1d, 0x3a, 0x0c, 0x09, 0x1e, 0xe1,
+	0x04, 0x16, 0x9a, 0x06, 0x50, 0x3a, 0x97, 0x94, 0xd8, 0xcc, 0xd0, 0xae, 0x18, 0x63, 0x84, 0x0d,
+	0x0c, 0x96, 0xe3, 0xc2, 0x6b, 0x47, 0xec, 0x26, 0x79, 0x50, 0xbf, 0xb4, 0x30, 0x2f, 0xca, 0xb0,
+	0x82, 0x52, 0xe6, 0xd6, 0x74, 0xfc, 0xb6, 0xe3, 0xd1, 0x11, 0x12, 0xa6, 0x33, 0xb5, 0x0d, 0x97,
+	0x15, 0x04, 0x1b, 0x58, 0xf4, 0x8b, 0x63, 0xb7, 0x49, 0x5e, 0x0a, 0x7c, 0xe9, 0xa5, 0xae, 0x9d,
+	0x0b, 0x44, 0x39, 0x56, 0x18, 0xe8, 0x79, 0x18, 0x76, 0xfc, 0x3a, 0x57, 0x10, 0x83, 0x50, 0xdc,
+	0x51, 0xaa, 0xd3, 0xe7, 0xd5, 0x88, 0xcc, 0x6a, 0x28, 0x36, 0x51, 0xd3, 0xcf, 0x4c, 0x40, 0x9f,
+	0xcf, 0xd8, 0xfd, 0x85, 0x05, 0xe3, 0x3a, 0x69, 0x11, 0xb3, 0xb0, 0x25, 0x4c, 0x8b, 0xd6, 0xbe,
+	0xa6, 0xc5, 0x64, 0xee, 0x92, 0x42, 0x5f, 0xb9, 0x4b, 0xcc, 0xb4, 0x22, 0xc5, 0x3d, 0xd3, 0x8a,
+	0x7c, 0x3f, 0x0c, 0x6d, 0x91, 0x8e, 0x91, 0x7f, 0x84, 0x09, 0x87, 0xcb, 0xbc, 0x08, 0x4b, 0x18,
+	0xb2, 0x61, 0xb0, 0xe6, 0xa8, 0x1c, 0x86, 0x23, 0xc2, 0x37, 0x6d, 0x96, 0x21, 0x09, 0x88, 0xbd,
+	0x02, 0x15, 0x75, 0xa9, 0x2f, 0x2d, 0x7d, 0x56, 0xb6, 0xa5, 0xaf, 0xaf, 0xf4, 0x06, 0x73, 0xeb,
+	0x5f, 0xfd, 0xf6, 0xa3, 0x6f, 0xf9, 0xe3, 0x6f, 0x3f, 0xfa, 0x96, 0x3f, 0xfd, 0xf6, 0xa3, 0x6f,
+	0xf9, 0xc0, 0xad, 0x47, 0xad, 0xaf, 0xde, 0x7a, 0xd4, 0xfa, 0xe3, 0x5b, 0x8f, 0x5a, 0x7f, 0x7a,
+	0xeb, 0x51, 0xeb, 0x5b, 0xb7, 0x1e, 0xb5, 0x5e, 0xff, 0xcf, 0x8f, 0xbe, 0xe5, 0xa5, 0xcc, 0xb8,
+	0x08, 0xfa, 0xe3, 0xa9, 0x5a, 0x7d, 0x66, 0xfb, 0x19, 0xe6, 0x9a, 0x4f, 0xf7, 0xf3, 0x8c, 0xb1,
+	0x88, 0x67, 0xe4, 0x7e, 0xfe, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x3f, 0x2c, 0x1c, 0xba, 0x67,
+	0xff, 0x00, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
@@ -12467,6 +12469,13 @@ func (m *PullRequestGeneratorFilter) MarshalToSizedBuffer(dAtA []byte) (int, err
 	_ = i
 	var l int
 	_ = l
+	if m.TitleMatch != nil {
+		i -= len(*m.TitleMatch)
+		copy(dAtA[i:], *m.TitleMatch)
+		i = encodeVarintGenerated(dAtA, i, uint64(len(*m.TitleMatch)))
+		i--
+		dAtA[i] = 0x1a
+	}
 	if m.TargetBranchMatch != nil {
 		i -= len(*m.TargetBranchMatch)
 		copy(dAtA[i:], *m.TargetBranchMatch)
@@ -18585,6 +18594,10 @@ func (m *PullRequestGeneratorFilter) Size() (n int) {
 		l = len(*m.TargetBranchMatch)
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	if m.TitleMatch != nil {
+		l = len(*m.TitleMatch)
+		n += 1 + l + sovGenerated(uint64(l))
+	}
 	return n
 }
 
@@ -21826,6 +21839,7 @@ func (this *PullRequestGeneratorFilter) String() string {
 	s := strings.Join([]string{`&PullRequestGeneratorFilter{`,
 		`BranchMatch:` + valueToStringGenerated(this.BranchMatch) + `,`,
 		`TargetBranchMatch:` + valueToStringGenerated(this.TargetBranchMatch) + `,`,
+		`TitleMatch:` + valueToStringGenerated(this.TitleMatch) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -44684,6 +44698,39 @@ func (m *PullRequestGeneratorFilter) Unmarshal(dAtA []byte) error {
 			s := string(dAtA[iNdEx:postIndex])
 			m.TargetBranchMatch = &s
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TitleMatch", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.TitleMatch = &s
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index d4312a5bb9665..b916c1c04e7c9 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -1663,6 +1663,8 @@ message PullRequestGeneratorFilter {
   optional string branchMatch = 1;
 
   optional string targetBranchMatch = 2;
+
+  optional string titleMatch = 3;
 }
 
 // PullRequestGeneratorGitLab defines connection info specific to GitLab.
diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
index 6de732c4f50b0..c70479b70ff1c 100644
--- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
@@ -3294,6 +3294,11 @@ func (in *PullRequestGeneratorFilter) DeepCopyInto(out *PullRequestGeneratorFilt
 		*out = new(string)
 		**out = **in
 	}
+	if in.TitleMatch != nil {
+		in, out := &in.TitleMatch, &out.TitleMatch
+		*out = new(string)
+		**out = **in
+	}
 	return
 }
 

From 17c782aa7d8497957be051068a9e6f8a51ccbb28 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 30 Jun 2025 08:44:15 -0400
Subject: [PATCH 064/383] chore(deps): update module
 github.com/golangci/golangci-lint to v2.2.1 (#23598)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml       | 2 +-
 hack/installers/install-lint-tools.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 329d403128112..b9a37b36f045f 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -112,7 +112,7 @@ jobs:
         uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
         with:
           # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
-          version: v2.1.6
+          version: v2.2.1
           args: --verbose
 
   test-go:
diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh
index 09caae63d04bf..2f2163c55312d 100755
--- a/hack/installers/install-lint-tools.sh
+++ b/hack/installers/install-lint-tools.sh
@@ -2,6 +2,6 @@
 set -eux -o pipefail
 
 # renovate: datasource=go packageName=github.com/golangci/golangci-lint
-GOLANGCI_LINT_VERSION=2.1.6
+GOLANGCI_LINT_VERSION=2.2.1
 
 GO111MODULE=on go install "github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v${GOLANGCI_LINT_VERSION}"

From 60199e3332ee87306f9b330477ec5b2eb4d9ac32 Mon Sep 17 00:00:00 2001
From: Dziyana Tsetserava <67862638+sea-gull-diana@users.noreply.github.com>
Date: Mon, 30 Jun 2025 14:46:59 +0200
Subject: [PATCH 065/383] fix(ui): enable natural sort ordering for resources,
 add autocomplete attributes to login form #22853 (#23599)

Signed-off-by: DziyanaT <dziyana.tsetserava@etu.umontpellier.fr>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-resource-list.tsx                |  2 +-
 .../components/application-pod-view/pod-view.tsx |  2 +-
 .../application-resource-tree.tsx                |  6 +++---
 .../application-sync-panel.tsx                   |  2 +-
 .../applications-list/applications-list.tsx      |  5 ++++-
 ui/src/app/login/components/login.tsx            | 16 ++++++++++++++--
 6 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/ui/src/app/applications/components/application-details/application-resource-list.tsx b/ui/src/app/applications/components/application-details/application-resource-list.tsx
index 53f92148d8a1d..f3c869f51297d 100644
--- a/ui/src/app/applications/components/application-details/application-resource-list.tsx
+++ b/ui/src/app/applications/components/application-details/application-resource-list.tsx
@@ -69,7 +69,7 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) =>
                         </div>
                     </div>
                     {props.resources
-                        .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second)))
+                        .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second), undefined, {numeric: true}))
                         .map(res => {
                             const groupkindjoin = [res.group, res.kind].filter(item => !!item).join('/');
                             return (
diff --git a/ui/src/app/applications/components/application-pod-view/pod-view.tsx b/ui/src/app/applications/components/application-pod-view/pod-view.tsx
index d2244ed919fdc..8784da60b8bd6 100644
--- a/ui/src/app/applications/components/application-pod-view/pod-view.tsx
+++ b/ui/src/app/applications/components/application-pod-view/pod-view.tsx
@@ -427,7 +427,7 @@ export class PodView extends React.Component<PodViewProps> {
             }
         });
 
-        Object.values(groupRefs).forEach(group => group.pods.sort((first, second) => nodeKey(first).localeCompare(nodeKey(second))));
+        Object.values(groupRefs).forEach(group => group.pods.sort((first, second) => nodeKey(first).localeCompare(nodeKey(second), undefined, {numeric: true})));
 
         return Object.values(groupRefs)
             .sort((a, b) => (a.name > b.name ? 1 : a.name === b.name ? 0 : -1)) // sort by name
diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx
index ea6a60ae1afd2..3ecc673baceac 100644
--- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx
+++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx
@@ -210,7 +210,7 @@ export function compareNodes(first: ResourceTreeNode, second: ResourceTreeNode)
         const numberA = Number(a);
         const numberB = Number(b);
         if (isNaN(numberA) || isNaN(numberB)) {
-            return a.localeCompare(b);
+            return a.localeCompare(b, undefined, {numeric: true});
         }
         return Math.sign(numberA - numberB);
     }
@@ -229,13 +229,13 @@ export function compareNodes(first: ResourceTreeNode, second: ResourceTreeNode)
         return (
             orphanedToInt(first.orphaned) - orphanedToInt(second.orphaned) ||
             compareRevision(getRevision(second), getRevision(first)) ||
-            nodeKey(first).localeCompare(nodeKey(second)) ||
+            nodeKey(first).localeCompare(nodeKey(second), undefined, {numeric: true}) ||
             0
         );
     }
     return (
         orphanedToInt(first.orphaned) - orphanedToInt(second.orphaned) ||
-        nodeKey(first).localeCompare(nodeKey(second)) ||
+        nodeKey(first).localeCompare(nodeKey(second), undefined, {numeric: true}) ||
         compareRevision(getRevision(first), getRevision(second)) ||
         0
     );
diff --git a/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx b/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx
index c1a4505eeeba0..2820279e29ec2 100644
--- a/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx
+++ b/ui/src/app/applications/components/application-sync-panel/application-sync-panel.tsx
@@ -23,7 +23,7 @@ export const ApplicationSyncPanel = ({application, selectedResource, hide}: {app
     const [form, setForm] = React.useState<FormApi>(null);
     const isVisible = !!(selectedResource && application);
     const appResources = ((application && selectedResource && application.status && application.status.resources) || [])
-        .sort((first, second) => nodeKey(first).localeCompare(nodeKey(second)))
+        .sort((first, second) => nodeKey(first).localeCompare(nodeKey(second), undefined, {numeric: true}))
         .filter(item => !item.hook);
     const syncResIndex = appResources.findIndex(item => nodeKey(item) === selectedResource);
     const syncStrategy = {} as models.SyncStrategy;
diff --git a/ui/src/app/applications/components/applications-list/applications-list.tsx b/ui/src/app/applications/components/applications-list/applications-list.tsx
index 5ba613d282db8..2412af50978a3 100644
--- a/ui/src/app/applications/components/applications-list/applications-list.tsx
+++ b/ui/src/app/applications/components/applications-list/applications-list.tsx
@@ -534,7 +534,10 @@ export const ApplicationsList = (props: RouteComponentProps<{}>) => {
                                                                             </EmptyState>
                                                                         )}
                                                                         sortOptions={[
-                                                                            {title: 'Name', compare: (a, b) => a.metadata.name.localeCompare(b.metadata.name)},
+                                                                            {
+                                                                                title: 'Name',
+                                                                                compare: (a, b) => a.metadata.name.localeCompare(b.metadata.name, undefined, {numeric: true})
+                                                                            },
                                                                             {
                                                                                 title: 'Created At',
                                                                                 compare: (b, a) => a.metadata.creationTimestamp.localeCompare(b.metadata.creationTimestamp)
diff --git a/ui/src/app/login/components/login.tsx b/ui/src/app/login/components/login.tsx
index 1b6641836201b..a61a4c4698c39 100644
--- a/ui/src/app/login/components/login.tsx
+++ b/ui/src/app/login/components/login.tsx
@@ -87,10 +87,22 @@ export class Login extends React.Component<RouteComponentProps<{}>, State> {
                             {formApi => (
                                 <form role='form' className='width-control' onSubmit={formApi.submitForm}>
                                     <div className='argo-form-row'>
-                                        <FormField formApi={formApi} label='Username' field='username' component={Text} componentProps={{autoCapitalize: 'none'}} />
+                                        <FormField
+                                            formApi={formApi}
+                                            label='Username'
+                                            field='username'
+                                            component={Text}
+                                            componentProps={{name: 'username', autoCapitalize: 'none', autoComplete: 'username'}}
+                                        />
                                     </div>
                                     <div className='argo-form-row'>
-                                        <FormField formApi={formApi} label='Password' field='password' component={Text} componentProps={{type: 'password'}} />
+                                        <FormField
+                                            formApi={formApi}
+                                            label='Password'
+                                            field='password'
+                                            component={Text}
+                                            componentProps={{name: 'password', type: 'password', autoComplete: 'password'}}
+                                        />
                                         {this.state.loginError && <div className='argo-form-row__error-msg'>{this.state.loginError}</div>}
                                     </div>
                                     <div className='login__form-row'>

From 90ab5a3a41125f4239ddd6f806e21c7e676a169d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jun 2025 09:14:44 -0400
Subject: [PATCH 066/383] chore(deps): bump github.com/Masterminds/semver/v3
 from 3.3.1 to 3.4.0 (#23603)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0203d9b3f50d0..4b855a14b9cc5 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
 	github.com/Azure/kubelogin v0.2.9
-	github.com/Masterminds/semver/v3 v3.3.1
+	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
diff --git a/go.sum b/go.sum
index 1b526c8754d4c..73872b699adce 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
-github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=

From ac21fc1f062392d42c769344fc1cbe680d02874e Mon Sep 17 00:00:00 2001
From: sathiya06 <64639742+sathiya06@users.noreply.github.com>
Date: Mon, 30 Jun 2025 13:00:33 -0400
Subject: [PATCH 067/383] feat: Export metrics to track number of users
 (#20801)  (#23343)

Signed-off-by: Sathiya Narayanan Venkatesan <sathiyavenkat06@gmail.com>
Signed-off-by: sathiya06 <64639742+sathiya06@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/metrics.md |  5 +++--
 server/metrics/metrics.go       | 16 ++++++++++++++++
 server/server.go                |  3 +++
 server/session/session.go       | 13 +++++++++++++
 util/session/sessionmanager.go  | 19 +++++++++++++++++++
 5 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md
index 47f2a12499a4c..8a28b3b00ddc3 100644
--- a/docs/operator-manual/metrics.md
+++ b/docs/operator-manual/metrics.md
@@ -210,8 +210,9 @@ argocd_cluster_labels{label_environment="production",label_team_name="team3",nam
 Metrics about API Server API request and response activity (request totals, response codes, etc...).
 Scraped at the `argocd-server-metrics:8083/metrics` endpoint.
 
-| Metric                                            |   Type    | Description                                                                                 |
-| ------------------------------------------------- | :-------: | ------------------------------------------------------------------------------------------- |
+| Metric                                            |   Type    | Description                                                                        
+|---------------------------------------------------|:---------:|---------------------------------------------------------------------------------------------|
+| `argocd_login_request_total`                      | counter   | Number of login requests.                                                                   |
 | `argocd_redis_request_duration`                   | histogram | Redis requests duration.                                                                    |
 | `argocd_redis_request_total`                      |  counter  | Number of Kubernetes requests executed during application reconciliation.                   |
 | `grpc_server_handled_total`                       |  counter  | Total number of RPCs completed on the server, regardless of success or failure.             |
diff --git a/server/metrics/metrics.go b/server/metrics/metrics.go
index 3450093583f51..dbae33767893d 100644
--- a/server/metrics/metrics.go
+++ b/server/metrics/metrics.go
@@ -20,6 +20,7 @@ type MetricsServer struct {
 	redisRequestHistogram    *prometheus.HistogramVec
 	extensionRequestCounter  *prometheus.CounterVec
 	extensionRequestDuration *prometheus.HistogramVec
+	loginRequestCounter      *prometheus.CounterVec
 }
 
 var (
@@ -53,6 +54,13 @@ var (
 		},
 		[]string{"extension"},
 	)
+	loginRequestCounter = prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "argocd_login_request_total",
+			Help: "Number of login requests to the Argo CD API server.",
+		},
+		[]string{"status"},
+	)
 	argoVersion = prometheus.NewGaugeVec(
 		prometheus.GaugeOpts{
 			Name: "argocd_info",
@@ -78,6 +86,7 @@ func NewMetricsServer(host string, port int) *MetricsServer {
 	registry.MustRegister(redisRequestHistogram)
 	registry.MustRegister(extensionRequestCounter)
 	registry.MustRegister(extensionRequestDuration)
+	registry.MustRegister(loginRequestCounter)
 	registry.MustRegister(argoVersion)
 
 	kubectl.RegisterWithClientGo()
@@ -92,6 +101,7 @@ func NewMetricsServer(host string, port int) *MetricsServer {
 		redisRequestHistogram:    redisRequestHistogram,
 		extensionRequestCounter:  extensionRequestCounter,
 		extensionRequestDuration: extensionRequestDuration,
+		loginRequestCounter:      loginRequestCounter,
 	}
 }
 
@@ -111,3 +121,9 @@ func (m *MetricsServer) IncExtensionRequestCounter(extension string, status int)
 func (m *MetricsServer) ObserveExtensionRequestDuration(extension string, duration time.Duration) {
 	m.extensionRequestDuration.WithLabelValues(extension).Observe(duration.Seconds())
 }
+
+// IncLoginRequestCounter increments the login request counter with the given status
+// status can be "success" or "failure"
+func (m *MetricsServer) IncLoginRequestCounter(status string) {
+	m.loginRequestCounter.WithLabelValues(status).Inc()
+}
diff --git a/server/server.go b/server/server.go
index 564a768f37cff..ad818f7faf6c3 100644
--- a/server/server.go
+++ b/server/server.go
@@ -573,6 +573,9 @@ func (server *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) {
 	server.userStateStorage.Init(ctx)
 
 	svcSet := newArgoCDServiceSet(server)
+	if server.sessionMgr != nil {
+		server.sessionMgr.CollectMetrics(metricsServ)
+	}
 	server.serviceSet = svcSet
 	grpcS, appResourceTreeFn := server.newGRPCServer()
 	grpcWebS := grpcweb.WrapServer(grpcS)
diff --git a/server/session/session.go b/server/session/session.go
index 8ba56f042f571..dae5ba74029c8 100644
--- a/server/session/session.go
+++ b/server/session/session.go
@@ -29,6 +29,11 @@ type Authenticator interface {
 	Authenticate(ctx context.Context) (context.Context, error)
 }
 
+const (
+	success = "success"
+	failure = "failure"
+)
+
 // NewServer returns a new instance of the Session service
 func NewServer(mgr *sessionmgr.SessionManager, settingsMgr *settings.SettingsManager, authenticator Authenticator, policyEnf *rbacpolicy.RBACPolicyEnforcer, rateLimiter func() (utilio.Closer, error)) *Server {
 	return &Server{mgr, settingsMgr, authenticator, policyEnf, rateLimiter}
@@ -40,27 +45,33 @@ func (s *Server) Create(_ context.Context, q *session.SessionCreateRequest) (*se
 	if s.limitLoginAttempts != nil {
 		closer, err := s.limitLoginAttempts()
 		if err != nil {
+			s.mgr.IncLoginRequestCounter(failure)
 			return nil, err
 		}
 		defer utilio.Close(closer)
 	}
 
 	if q.Token != "" {
+		s.mgr.IncLoginRequestCounter(failure)
 		return nil, status.Errorf(codes.Unauthenticated, "token-based session creation no longer supported. please upgrade argocd cli to v0.7+")
 	}
 	if q.Username == "" || q.Password == "" {
+		s.mgr.IncLoginRequestCounter(failure)
 		return nil, status.Errorf(codes.Unauthenticated, "no credentials supplied")
 	}
 	err := s.mgr.VerifyUsernamePassword(q.Username, q.Password)
 	if err != nil {
+		s.mgr.IncLoginRequestCounter(failure)
 		return nil, err
 	}
 	uniqueId, err := uuid.NewRandom()
 	if err != nil {
+		s.mgr.IncLoginRequestCounter(failure)
 		return nil, err
 	}
 	argoCDSettings, err := s.settingsMgr.GetSettings()
 	if err != nil {
+		s.mgr.IncLoginRequestCounter(failure)
 		return nil, err
 	}
 	jwtToken, err := s.mgr.Create(
@@ -68,8 +79,10 @@ func (s *Server) Create(_ context.Context, q *session.SessionCreateRequest) (*se
 		int64(argoCDSettings.UserSessionDuration.Seconds()),
 		uniqueId.String())
 	if err != nil {
+		s.mgr.IncLoginRequestCounter(failure)
 		return nil, err
 	}
+	s.mgr.IncLoginRequestCounter(success)
 	return &session.SessionResponse{Token: jwtToken}, nil
 }
 
diff --git a/util/session/sessionmanager.go b/util/session/sessionmanager.go
index 782197c37f97a..39285ee7f584d 100644
--- a/util/session/sessionmanager.go
+++ b/util/session/sessionmanager.go
@@ -43,6 +43,7 @@ type SessionManager struct {
 	sleep                         func(d time.Duration)
 	verificationDelayNoiseEnabled bool
 	failedLock                    sync.RWMutex
+	metricsRegistry               MetricsRegistry
 }
 
 // LoginAttempts is a timestamped counter for failed login attempts
@@ -53,6 +54,10 @@ type LoginAttempts struct {
 	FailCount int `json:"failCount"`
 }
 
+type MetricsRegistry interface {
+	IncLoginRequestCounter(status string)
+}
+
 const (
 	// SessionManagerClaimsIssuer fills the "iss" field of the token.
 	SessionManagerClaimsIssuer = "argocd"
@@ -172,6 +177,20 @@ func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64, id
 	return mgr.signClaims(claims)
 }
 
+func (mgr *SessionManager) CollectMetrics(registry MetricsRegistry) {
+	mgr.metricsRegistry = registry
+	if mgr.metricsRegistry == nil {
+		log.Warn("Metrics registry is not set, metrics will not be collected")
+		return
+	}
+}
+
+func (mgr *SessionManager) IncLoginRequestCounter(status string) {
+	if mgr.metricsRegistry != nil {
+		mgr.metricsRegistry.IncLoginRequestCounter(status)
+	}
+}
+
 func (mgr *SessionManager) signClaims(claims jwt.Claims) (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 	settings, err := mgr.settingsMgr.GetSettings()

From d2858d6dd0ca1587095d66ef9e48059900b76c1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20Gond=C5=BEa?= <ogondza@gmail.com>
Date: Mon, 30 Jun 2025 19:16:27 +0200
Subject: [PATCH 068/383] chore(sonar): Fix sonar warnings in
 applicationset/generators/cluster.go (#23210)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Oliver Gondža <ogondza@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/generators/cluster.go | 110 ++++++++++++++-------------
 1 file changed, 57 insertions(+), 53 deletions(-)

diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go
index d0edb6cc9a7d7..ea30118aa3fb0 100644
--- a/applicationset/generators/cluster.go
+++ b/applicationset/generators/cluster.go
@@ -79,14 +79,10 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap
 		return nil, fmt.Errorf("error getting cluster secrets: %w", err)
 	}
 
-	res := []map[string]any{}
+	paramHolder := &paramHolder{isFlatMode: appSetGenerator.Clusters.FlatList}
+	logCtx.Debugf("Using flat mode = %t for cluster generator", paramHolder.isFlatMode)
 
 	secretsFound := []corev1.Secret{}
-
-	isFlatMode := appSetGenerator.Clusters.FlatList
-	logCtx.Debugf("Using flat mode = %t for cluster generator", isFlatMode)
-	clustersParams := make([]map[string]any, 0)
-
 	for _, cluster := range clustersFromArgoCD {
 		// If there is a secret for this cluster, then it's a non-local cluster, so it will be
 		// handled by the next step.
@@ -105,72 +101,80 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap
 				return nil, fmt.Errorf("error appending templated values for local cluster: %w", err)
 			}
 
-			if isFlatMode {
-				clustersParams = append(clustersParams, params)
-			} else {
-				res = append(res, params)
-			}
-
+			paramHolder.append(params)
 			logCtx.WithField("cluster", "local cluster").Info("matched local cluster")
 		}
 	}
 
 	// For each matching cluster secret (non-local clusters only)
 	for _, cluster := range secretsFound {
-		params := map[string]any{}
-
-		params["name"] = string(cluster.Data["name"])
-		params["nameNormalized"] = utils.SanitizeName(string(cluster.Data["name"]))
-		params["server"] = string(cluster.Data["server"])
+		params := g.getClusterParameters(cluster, appSet)
 
-		project, ok := cluster.Data["project"]
-		if ok {
-			params["project"] = string(project)
-		} else {
-			params["project"] = ""
+		err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
+		if err != nil {
+			return nil, fmt.Errorf("error appending templated values for cluster: %w", err)
 		}
 
-		if appSet.Spec.GoTemplate {
-			meta := map[string]any{}
+		paramHolder.append(params)
+		logCtx.WithField("cluster", cluster.Name).Debug("matched cluster secret")
+	}
 
-			if len(cluster.Annotations) > 0 {
-				meta["annotations"] = cluster.Annotations
-			}
-			if len(cluster.Labels) > 0 {
-				meta["labels"] = cluster.Labels
-			}
+	return paramHolder.consolidate(), nil
+}
 
-			params["metadata"] = meta
-		} else {
-			for key, value := range cluster.Annotations {
-				params["metadata.annotations."+key] = value
-			}
+type paramHolder struct {
+	isFlatMode bool
+	params     []map[string]any
+}
 
-			for key, value := range cluster.Labels {
-				params["metadata.labels."+key] = value
-			}
-		}
+func (p *paramHolder) append(params map[string]any) {
+	p.params = append(p.params, params)
+}
 
-		err = appendTemplatedValues(appSetGenerator.Clusters.Values, params, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions)
-		if err != nil {
-			return nil, fmt.Errorf("error appending templated values for cluster: %w", err)
+func (p *paramHolder) consolidate() []map[string]any {
+	if p.isFlatMode {
+		p.params = []map[string]any{
+			{"clusters": p.params},
 		}
+	}
+	return p.params
+}
 
-		if isFlatMode {
-			clustersParams = append(clustersParams, params)
-		} else {
-			res = append(res, params)
-		}
+func (g *ClusterGenerator) getClusterParameters(cluster corev1.Secret, appSet *argoappsetv1alpha1.ApplicationSet) map[string]any {
+	params := map[string]any{}
 
-		logCtx.WithField("cluster", cluster.Name).Debug("matched cluster secret")
+	params["name"] = string(cluster.Data["name"])
+	params["nameNormalized"] = utils.SanitizeName(string(cluster.Data["name"]))
+	params["server"] = string(cluster.Data["server"])
+
+	project, ok := cluster.Data["project"]
+	if ok {
+		params["project"] = string(project)
+	} else {
+		params["project"] = ""
 	}
 
-	if isFlatMode {
-		res = append(res, map[string]any{
-			"clusters": clustersParams,
-		})
+	if appSet.Spec.GoTemplate {
+		meta := map[string]any{}
+
+		if len(cluster.Annotations) > 0 {
+			meta["annotations"] = cluster.Annotations
+		}
+		if len(cluster.Labels) > 0 {
+			meta["labels"] = cluster.Labels
+		}
+
+		params["metadata"] = meta
+	} else {
+		for key, value := range cluster.Annotations {
+			params["metadata.annotations."+key] = value
+		}
+
+		for key, value := range cluster.Labels {
+			params["metadata.labels."+key] = value
+		}
 	}
-	return res, nil
+	return params
 }
 
 func (g *ClusterGenerator) getSecretsByClusterName(log *log.Entry, appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator) (map[string]corev1.Secret, error) {

From c39d21802f63fd8c7219c0590033f443369539d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 30 Jun 2025 17:40:22 +0000
Subject: [PATCH 069/383] chore(deps): bump github.com/casbin/govaluate from
 1.7.0 to 1.8.0 (#23602)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4b855a14b9cc5..eb5d547e24a38 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
 	github.com/casbin/casbin/v2 v2.108.0
-	github.com/casbin/govaluate v1.7.0
+	github.com/casbin/govaluate v1.8.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
 	github.com/coreos/go-oidc/v3 v3.14.1
diff --git a/go.sum b/go.sum
index 73872b699adce..8a9e5b473194c 100644
--- a/go.sum
+++ b/go.sum
@@ -178,8 +178,8 @@ github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVO
 github.com/casbin/casbin/v2 v2.108.0 h1:aMc3I81wfLpQe/uzMdElB1OBhEmPZoWMPb2nfEaKygY=
 github.com/casbin/casbin/v2 v2.108.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
-github.com/casbin/govaluate v1.7.0 h1:Es2j2K2jv7br+QHJhxKcdoOa4vND0g0TqsO6rJeqJbA=
-github.com/casbin/govaluate v1.7.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
+github.com/casbin/govaluate v1.8.0 h1:1dUaV/I0LFP2tcY1uNQEb6wBCbp8GMTcC/zhwQDWvZo=
+github.com/casbin/govaluate v1.8.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=

From 15c67b791b0999cbcb0cfa6bc970ad161484ee91 Mon Sep 17 00:00:00 2001
From: Henry Liu <henry.liu@daocloud.io>
Date: Tue, 1 Jul 2025 21:46:28 +0800
Subject: [PATCH 070/383] fix(fullscreen log): retain filters after fullscreen
 log (issue #23608) (#23614)

Signed-off-by: henry.liu <henry.liu@daocloud.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../pod-logs-viewer/fullscreen-button.tsx     | 12 +++++++----
 .../pod-logs-viewer/pod-logs-viewer.tsx       | 21 +++++++++++++++++--
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx b/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx
index 89e266c8577c3..763b074dc7838 100644
--- a/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx
+++ b/ui/src/app/applications/components/pod-logs-viewer/fullscreen-button.tsx
@@ -1,6 +1,6 @@
 import {Link} from 'react-router-dom';
 import * as React from 'react';
-import {PodLogsProps} from './pod-logs-viewer';
+import {PodLogsProps, PodLogsQueryProps} from './pod-logs-viewer';
 import {Button} from '../../../shared/components/button';
 
 export const FullscreenButton = ({
@@ -16,11 +16,15 @@ export const FullscreenButton = ({
     viewPodNames,
     viewTimestamps,
     follow,
-    showPreviousLogs
-}: PodLogsProps & {fullscreen?: boolean}) => {
+    showPreviousLogs,
+    filterText,
+    matchCase,
+    tail,
+    sinceSeconds
+}: PodLogsProps & PodLogsQueryProps & {fullscreen?: boolean}) => {
     const fullscreenURL =
         `/applications/${applicationNamespace}/${applicationName}/${namespace}/${containerName}/logs?` +
-        `podName=${podName}&group=${group}&kind=${kind}&name=${name}&viewPodNames=${viewPodNames}&viewTimestamps=${viewTimestamps}&follow=${follow}&showPreviousLogs=${showPreviousLogs}`;
+        `podName=${podName}&group=${group}&kind=${kind}&name=${name}&viewPodNames=${viewPodNames}&viewTimestamps=${viewTimestamps}&follow=${follow}&showPreviousLogs=${showPreviousLogs}&filterText=${filterText}&matchCase=${matchCase}&tail=${tail}&sinceSeconds=${sinceSeconds}`;
     return (
         !fullscreen && (
             <Link to={fullscreenURL} target='_blank' rel='noopener noreferrer'>
diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx
index 245d88c2f8cb1..946e58be32fa0 100644
--- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx
+++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx
@@ -43,10 +43,17 @@ export interface PodLogsProps {
     containerGroups?: any[];
     onClickContainer?: (group: any, i: number, tab: string) => void;
     fullscreen?: boolean;
+}
+
+export interface PodLogsQueryProps {
     viewPodNames?: boolean;
     viewTimestamps?: boolean;
     follow?: boolean;
     showPreviousLogs?: boolean;
+    filterText?: string;
+    tail?: number;
+    matchCase?: boolean;
+    sinceSeconds?: number;
 }
 
 // ansi colors, see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors
@@ -91,7 +98,7 @@ export const PodsLogsViewer = (props: PodLogsProps) => {
     const [previous, setPreviousLogs] = useState(queryParams.get('showPreviousLogs') === 'true');
     const [tail, setTail] = useState<number>(parseInt(queryParams.get('tail'), 10) || 1000);
     const [matchCase, setMatchCase] = useState(queryParams.get('matchCase') === 'true');
-    const [sinceSeconds, setSinceSeconds] = useState(0);
+    const [sinceSeconds, setSinceSeconds] = useState(parseInt(queryParams.get('sinceSeconds'), 10) || 0);
     const [filter, setFilter] = useState(queryParams.get('filterText') || '');
     const [highlight, setHighlight] = useState<RegExp>(matchNothing);
     const [scrollToBottom, setScrollToBottom] = useState(true);
@@ -288,7 +295,17 @@ export const PodsLogsViewer = (props: PodLogsProps) => {
                             <span>
                                 <CopyLogsButton logs={logs} />
                                 <DownloadLogsButton {...props} />
-                                <FullscreenButton {...props} viewPodNames={viewPodNames} viewTimestamps={viewTimestamps} follow={follow} showPreviousLogs={previous} />
+                                <FullscreenButton
+                                    {...props}
+                                    viewPodNames={viewPodNames}
+                                    viewTimestamps={viewTimestamps}
+                                    follow={follow}
+                                    showPreviousLogs={previous}
+                                    filterText={filter}
+                                    matchCase={matchCase}
+                                    tail={tail}
+                                    sinceSeconds={sinceSeconds}
+                                />
                             </span>
                         </div>
                         <div className={classNames('pod-logs-viewer', {'pod-logs-viewer--inverted': prefs.appDetails.darkMode})} onWheel={handleScroll}>

From 1aadad1096eb73ddf66ef4e82a766dcf706586fb Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 1 Jul 2025 10:38:43 -0400
Subject: [PATCH 071/383] feat(helm): upgrade to 3.18.3 (#23618)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.0-3.1.md                    | 5 +++++
 .../checksums/helm-v3.18.3-darwin-amd64.tar.gz.sha256        | 1 +
 .../checksums/helm-v3.18.3-darwin-arm64.tar.gz.sha256        | 1 +
 .../checksums/helm-v3.18.3-linux-amd64.tar.gz.sha256         | 1 +
 .../checksums/helm-v3.18.3-linux-arm64.tar.gz.sha256         | 1 +
 .../checksums/helm-v3.18.3-linux-ppc64le.tar.gz.sha256       | 1 +
 .../checksums/helm-v3.18.3-linux-s390x.tar.gz.sha256         | 1 +
 hack/tool-versions.sh                                        | 2 +-
 8 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 hack/installers/checksums/helm-v3.18.3-darwin-amd64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.3-darwin-arm64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.3-linux-amd64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.3-linux-arm64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.3-linux-ppc64le.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.3-linux-s390x.tar.gz.sha256

diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index 0e08ebf4ccd45..613e771b5b6d8 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -37,3 +37,8 @@ If it returns `"enablePKCEAuthentication": true`, then PKCE is used.
 ### Remediation
 
 On your identity provider, ensure that the OIDC client used for Argo CD has the `/auth/callback` endpoint of your Argo CD URL (e.g. https://argocd.example.com/auth/callback) in the redirect URIs.
+
+## Helm Upgraded to 3.18.3
+
+Argo CD v3.1 upgrades the bundled Helm version to 3.18.3. There are no breaking changes in Helm 3.18 according to the
+[release notes](https://github.com/helm/helm/releases/tag/v3.18.0).
diff --git a/hack/installers/checksums/helm-v3.18.3-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.3-darwin-amd64.tar.gz.sha256
new file mode 100644
index 0000000000000..9353ff006e7d0
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.3-darwin-amd64.tar.gz.sha256
@@ -0,0 +1 @@
+d186851d40b1999c5d75696bc0b754e4d29e860c8d0cf4c132ac1b1940c5cffc  helm-v3.18.3-darwin-amd64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.3-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.3-darwin-arm64.tar.gz.sha256
new file mode 100644
index 0000000000000..1f257e71be0c7
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.3-darwin-arm64.tar.gz.sha256
@@ -0,0 +1 @@
+3fe3e9739ab3c75d88bfe13e464a79a2a7a804fc692c3258fa6a9d185d53e377  helm-v3.18.3-darwin-arm64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.3-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.3-linux-amd64.tar.gz.sha256
new file mode 100644
index 0000000000000..89c0590b5e890
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.3-linux-amd64.tar.gz.sha256
@@ -0,0 +1 @@
+6ec85f306dd8fe9eb05c61ba4593182b2afcfefb52f21add3fe043ebbdc48e39  helm-v3.18.3-linux-amd64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.3-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.3-linux-arm64.tar.gz.sha256
new file mode 100644
index 0000000000000..5544384d0e4d9
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.3-linux-arm64.tar.gz.sha256
@@ -0,0 +1 @@
+3382ebdc6d6e027371551a63fc6e0a3073a1aec1061e346692932da61cfd8d24  helm-v3.18.3-linux-arm64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.3-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.3-linux-ppc64le.tar.gz.sha256
new file mode 100644
index 0000000000000..1b51200aee35d
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.3-linux-ppc64le.tar.gz.sha256
@@ -0,0 +1 @@
+ca5ab0bb205488276095881f04b72bfed5c0ddb92f715940dde6a7ccae72818c  helm-v3.18.3-linux-ppc64le.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.3-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.3-linux-s390x.tar.gz.sha256
new file mode 100644
index 0000000000000..81ab71f4dbe1f
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.3-linux-s390x.tar.gz.sha256
@@ -0,0 +1 @@
+be261f040b59c04ad4f1ce6fc2f976e500167475cadb468bf78cb9772300fb5d  helm-v3.18.3-linux-s390x.tar.gz
diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh
index 749eccc8f4fb0..a367fe334bae8 100644
--- a/hack/tool-versions.sh
+++ b/hack/tool-versions.sh
@@ -11,7 +11,7 @@
 # Use ./hack/installers/checksums/add-helm-checksums.sh and
 # add-kustomize-checksums.sh to help download checksums.
 ###############################################################################
-helm3_version=3.17.1
+helm3_version=3.18.3
 kustomize5_version=5.6.0
 protoc_version=29.3
 oras_version=1.2.0

From da1841eb07bb60df4cc303d73f402fdf8862c85b Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 1 Jul 2025 11:21:09 -0400
Subject: [PATCH 072/383] feat(kustomize): upgrade to 5.7.0 (#23619)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.0-3.1.md                    | 5 +++++
 .../checksums/kustomize_5.7.0_darwin_amd64.tar.gz.sha256     | 1 +
 .../checksums/kustomize_5.7.0_darwin_arm64.tar.gz.sha256     | 1 +
 .../checksums/kustomize_5.7.0_linux_amd64.tar.gz.sha256      | 1 +
 .../checksums/kustomize_5.7.0_linux_arm64.tar.gz.sha256      | 1 +
 .../checksums/kustomize_5.7.0_linux_ppc64le.tar.gz.sha256    | 1 +
 .../checksums/kustomize_5.7.0_linux_s390x.tar.gz.sha256      | 1 +
 hack/tool-versions.sh                                        | 2 +-
 8 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 hack/installers/checksums/kustomize_5.7.0_darwin_amd64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/kustomize_5.7.0_darwin_arm64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/kustomize_5.7.0_linux_amd64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/kustomize_5.7.0_linux_arm64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/kustomize_5.7.0_linux_ppc64le.tar.gz.sha256
 create mode 100644 hack/installers/checksums/kustomize_5.7.0_linux_s390x.tar.gz.sha256

diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index 613e771b5b6d8..34b85a430969b 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -42,3 +42,8 @@ On your identity provider, ensure that the OIDC client used for Argo CD has the
 
 Argo CD v3.1 upgrades the bundled Helm version to 3.18.3. There are no breaking changes in Helm 3.18 according to the
 [release notes](https://github.com/helm/helm/releases/tag/v3.18.0).
+
+## Kustomize Upgraded to 5.7.0
+
+Argo CD v3.1 upgrades the bundled Kustomize version to 5.7.0. There are no breaking changes in Kustomize 5.7 according 
+to the [release notes](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.7.0).
diff --git a/hack/installers/checksums/kustomize_5.7.0_darwin_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.7.0_darwin_amd64.tar.gz.sha256
new file mode 100644
index 0000000000000..dad1946c31199
--- /dev/null
+++ b/hack/installers/checksums/kustomize_5.7.0_darwin_amd64.tar.gz.sha256
@@ -0,0 +1 @@
+277a7401f969ce3945e8f0ff8b0cce6f4353854db1ff89ba070001e3246e7f22  kustomize_5.7.0_darwin_amd64.tar.gz
diff --git a/hack/installers/checksums/kustomize_5.7.0_darwin_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.7.0_darwin_arm64.tar.gz.sha256
new file mode 100644
index 0000000000000..d827e21115495
--- /dev/null
+++ b/hack/installers/checksums/kustomize_5.7.0_darwin_arm64.tar.gz.sha256
@@ -0,0 +1 @@
+c0dac68dc7870e1f673ae4d8fb554df971e0b9b9f0affc4be4c0852f62d0796e  kustomize_5.7.0_darwin_arm64.tar.gz
diff --git a/hack/installers/checksums/kustomize_5.7.0_linux_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.7.0_linux_amd64.tar.gz.sha256
new file mode 100644
index 0000000000000..5bda5bfeac309
--- /dev/null
+++ b/hack/installers/checksums/kustomize_5.7.0_linux_amd64.tar.gz.sha256
@@ -0,0 +1 @@
+0d98f06d6d2c2c0ff8923cc136a517af74aaa187f1b9f3e17ff370d0625ede84  kustomize_5.7.0_linux_amd64.tar.gz
diff --git a/hack/installers/checksums/kustomize_5.7.0_linux_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.7.0_linux_arm64.tar.gz.sha256
new file mode 100644
index 0000000000000..6cb5c3323fe7d
--- /dev/null
+++ b/hack/installers/checksums/kustomize_5.7.0_linux_arm64.tar.gz.sha256
@@ -0,0 +1 @@
+744bb1bc1854b6634dea9eaf6db2f401a734ed25d6837baa6f91157d79c27d5e  kustomize_5.7.0_linux_arm64.tar.gz
diff --git a/hack/installers/checksums/kustomize_5.7.0_linux_ppc64le.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.7.0_linux_ppc64le.tar.gz.sha256
new file mode 100644
index 0000000000000..55559ddbb0ef3
--- /dev/null
+++ b/hack/installers/checksums/kustomize_5.7.0_linux_ppc64le.tar.gz.sha256
@@ -0,0 +1 @@
+752e750d5f349156ea228ae01cf57be22e6cc29f0f05748a1bca7fa870393561  kustomize_5.7.0_linux_ppc64le.tar.gz
diff --git a/hack/installers/checksums/kustomize_5.7.0_linux_s390x.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.7.0_linux_s390x.tar.gz.sha256
new file mode 100644
index 0000000000000..9cce78309e092
--- /dev/null
+++ b/hack/installers/checksums/kustomize_5.7.0_linux_s390x.tar.gz.sha256
@@ -0,0 +1 @@
+64898beb154a111c1a98f8cff066fdfa866c4c73505e9a9b5fa6ec39f0292558  kustomize_5.7.0_linux_s390x.tar.gz
diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh
index a367fe334bae8..1ec9f326bdf9b 100644
--- a/hack/tool-versions.sh
+++ b/hack/tool-versions.sh
@@ -12,6 +12,6 @@
 # add-kustomize-checksums.sh to help download checksums.
 ###############################################################################
 helm3_version=3.18.3
-kustomize5_version=5.6.0
+kustomize5_version=5.7.0
 protoc_version=29.3
 oras_version=1.2.0

From 8e5da64a8d3fcd17c07197f6770e6fd5e626af24 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 1 Jul 2025 11:28:06 -0400
Subject: [PATCH 073/383] fix(appset): do not remove progressive sync
 conditions (#23506)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Makefile                                      |   1 +
 .../controllers/applicationset_controller.go  | 258 +++++----
 .../applicationset_controller_test.go         | 515 ++++++++++++++----
 .../v1alpha1/applicationset_types.go          |  70 ++-
 .../argoproj.io/ApplicationSet/health.lua     |  16 +
 .../ApplicationSet/health_test.yaml           |  14 +-
 .../progressiveSyncApplicationSet.yaml        |  58 ++
 .../resourceNotUpdatedApplicationSet.yaml     |  40 ++
 test/e2e/applicationset_git_generator_test.go |   8 +-
 test/e2e/applicationset_test.go               |   4 +-
 10 files changed, 718 insertions(+), 266 deletions(-)
 create mode 100644 resource_customizations/argoproj.io/ApplicationSet/testdata/progressiveSyncApplicationSet.yaml
 create mode 100644 resource_customizations/argoproj.io/ApplicationSet/testdata/resourceNotUpdatedApplicationSet.yaml

diff --git a/Makefile b/Makefile
index 77e4690bf0bec..4c56781668146 100644
--- a/Makefile
+++ b/Makefile
@@ -604,6 +604,7 @@ install-test-tools-local:
 .PHONY: install-codegen-tools-local
 install-codegen-tools-local:
 	./hack/install.sh codegen-tools
+	./hack/install.sh codegen-go-tools
 
 # Installs all tools required for running codegen (Go packages)
 .PHONY: install-go-tools-local
diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go
index 0fe1569364ce4..b152087ed3d67 100644
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -154,7 +154,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	// Log a warning if there are unrecognized generators
 	_ = utils.CheckInvalidGenerators(&applicationSetInfo)
 	// desiredApplications is the main list of all expected Applications from all generators in this appset.
-	desiredApplications, applicationSetReason, err := template.GenerateApplications(logCtx, applicationSetInfo, r.Generators, r.Renderer, r.Client)
+	generatedApplications, applicationSetReason, err := template.GenerateApplications(logCtx, applicationSetInfo, r.Generators, r.Renderer, r.Client)
 	if err != nil {
 		logCtx.Errorf("unable to generate applications: %v", err)
 		_ = r.setApplicationSetStatusCondition(ctx,
@@ -172,7 +172,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 
 	parametersGenerated = true
 
-	validateErrors, err := r.validateGeneratedApplications(ctx, desiredApplications, applicationSetInfo)
+	validateErrors, err := r.validateGeneratedApplications(ctx, generatedApplications, applicationSetInfo)
 	if err != nil {
 		// While some generators may return an error that requires user intervention,
 		// other generators reference external resources that may change to cause
@@ -225,7 +225,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				appMap[app.Name] = app
 			}
 
-			appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, desiredApplications, appMap)
+			appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, generatedApplications, appMap)
 			if err != nil {
 				return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err)
 			}
@@ -233,17 +233,23 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	}
 
 	var validApps []argov1alpha1.Application
-	for i := range desiredApplications {
-		if validateErrors[i] == nil {
-			validApps = append(validApps, desiredApplications[i])
+	for i := range generatedApplications {
+		if validateErrors[generatedApplications[i].QualifiedName()] == nil {
+			validApps = append(validApps, generatedApplications[i])
 		}
 	}
 
 	if len(validateErrors) > 0 {
+		errorApps := make([]string, 0, len(validateErrors))
+		for key := range validateErrors {
+			errorApps = append(errorApps, key)
+		}
+		sort.Strings(errorApps)
+
 		var message string
-		for _, v := range validateErrors {
-			message = v.Error()
-			logCtx.Errorf("validation error found during application validation: %s", message)
+		for _, appName := range errorApps {
+			message = validateErrors[appName].Error()
+			logCtx.WithField("application", appName).Errorf("validation error found during application validation: %s", message)
 		}
 		if len(validateErrors) > 1 {
 			// Only the last message gets added to the appset status, to keep the size reasonable.
@@ -298,12 +304,12 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	}
 
 	if utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowDelete() {
-		err = r.deleteInCluster(ctx, logCtx, applicationSetInfo, desiredApplications)
+		err = r.deleteInCluster(ctx, logCtx, applicationSetInfo, generatedApplications)
 		if err != nil {
 			_ = r.setApplicationSetStatusCondition(ctx,
 				&applicationSetInfo,
 				argov1alpha1.ApplicationSetCondition{
-					Type:    argov1alpha1.ApplicationSetConditionResourcesUpToDate,
+					Type:    argov1alpha1.ApplicationSetConditionErrorOccurred,
 					Message: err.Error(),
 					Reason:  argov1alpha1.ApplicationSetReasonDeleteApplicationError,
 					Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
@@ -358,119 +364,119 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 }
 
 func getParametersGeneratedCondition(parametersGenerated bool, message string) argov1alpha1.ApplicationSetCondition {
-	var paramtersGeneratedCondition argov1alpha1.ApplicationSetCondition
+	var parametersGeneratedCondition argov1alpha1.ApplicationSetCondition
 	if parametersGenerated {
-		paramtersGeneratedCondition = argov1alpha1.ApplicationSetCondition{
+		parametersGeneratedCondition = argov1alpha1.ApplicationSetCondition{
 			Type:    argov1alpha1.ApplicationSetConditionParametersGenerated,
 			Message: "Successfully generated parameters for all Applications",
 			Reason:  argov1alpha1.ApplicationSetReasonParametersGenerated,
 			Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
 		}
 	} else {
-		paramtersGeneratedCondition = argov1alpha1.ApplicationSetCondition{
+		parametersGeneratedCondition = argov1alpha1.ApplicationSetCondition{
 			Type:    argov1alpha1.ApplicationSetConditionParametersGenerated,
 			Message: message,
 			Reason:  argov1alpha1.ApplicationSetReasonErrorOccurred,
 			Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
 		}
 	}
-	return paramtersGeneratedCondition
-}
-
-func getResourceUpToDateCondition(errorOccurred bool, message string, reason string) argov1alpha1.ApplicationSetCondition {
-	var resourceUpToDateCondition argov1alpha1.ApplicationSetCondition
-	if errorOccurred {
-		resourceUpToDateCondition = argov1alpha1.ApplicationSetCondition{
-			Type:    argov1alpha1.ApplicationSetConditionResourcesUpToDate,
-			Message: message,
-			Reason:  reason,
-			Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
-		}
-	} else {
-		resourceUpToDateCondition = argov1alpha1.ApplicationSetCondition{
-			Type:    argov1alpha1.ApplicationSetConditionResourcesUpToDate,
-			Message: "ApplicationSet up to date",
-			Reason:  argov1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-			Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
-		}
-	}
-	return resourceUpToDateCondition
+	return parametersGeneratedCondition
 }
 
-func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, condition argov1alpha1.ApplicationSetCondition, paramtersGenerated bool) error {
-	// check if error occurred during reconcile process
-	errOccurred := condition.Type == argov1alpha1.ApplicationSetConditionErrorOccurred
-
-	var errOccurredCondition argov1alpha1.ApplicationSetCondition
-
-	if errOccurred {
-		errOccurredCondition = condition
-	} else {
-		errOccurredCondition = argov1alpha1.ApplicationSetCondition{
-			Type:    argov1alpha1.ApplicationSetConditionErrorOccurred,
-			Message: "Successfully generated parameters for all Applications",
-			Reason:  argov1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-			Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
-		}
-	}
-
-	paramtersGeneratedCondition := getParametersGeneratedCondition(paramtersGenerated, condition.Message)
-	resourceUpToDateCondition := getResourceUpToDateCondition(errOccurred, condition.Message, condition.Reason)
-
+func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet, condition argov1alpha1.ApplicationSetCondition, parametersGenerated bool) error {
+	// Initialize the default condition types that this method evaluates
 	evaluatedTypes := map[argov1alpha1.ApplicationSetConditionType]bool{
-		argov1alpha1.ApplicationSetConditionErrorOccurred:       true,
 		argov1alpha1.ApplicationSetConditionParametersGenerated: true,
-		argov1alpha1.ApplicationSetConditionResourcesUpToDate:   true,
+		argov1alpha1.ApplicationSetConditionErrorOccurred:       false,
+		argov1alpha1.ApplicationSetConditionResourcesUpToDate:   false,
+		argov1alpha1.ApplicationSetConditionRolloutProgressing:  false,
 	}
-	newConditions := []argov1alpha1.ApplicationSetCondition{errOccurredCondition, paramtersGeneratedCondition, resourceUpToDateCondition}
+	// Evaluate current condition
+	evaluatedTypes[condition.Type] = true
+	newConditions := []argov1alpha1.ApplicationSetCondition{condition}
 
-	if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) {
+	if !isRollingSyncStrategy(applicationSet) {
+		// Progressing sync is always evaluated so conditions are removed when it is not enabled
 		evaluatedTypes[argov1alpha1.ApplicationSetConditionRolloutProgressing] = true
+	}
+
+	// Evaluate ParametersGenerated since it is always provided
+	if condition.Type != argov1alpha1.ApplicationSetConditionParametersGenerated {
+		newConditions = append(newConditions, getParametersGeneratedCondition(parametersGenerated, condition.Message))
+	}
 
-		if condition.Type == argov1alpha1.ApplicationSetConditionRolloutProgressing {
-			newConditions = append(newConditions, condition)
+	// Evaluate dependencies between conditions.
+	switch condition.Type {
+	case argov1alpha1.ApplicationSetConditionResourcesUpToDate:
+		if condition.Status == argov1alpha1.ApplicationSetConditionStatusTrue {
+			// If the resources are up to date, we know there was no errors
+			evaluatedTypes[argov1alpha1.ApplicationSetConditionErrorOccurred] = true
+			newConditions = append(newConditions, argov1alpha1.ApplicationSetCondition{
+				Type:    argov1alpha1.ApplicationSetConditionErrorOccurred,
+				Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
+				Reason:  condition.Reason,
+				Message: condition.Message,
+			})
+		}
+	case argov1alpha1.ApplicationSetConditionErrorOccurred:
+		if condition.Status == argov1alpha1.ApplicationSetConditionStatusTrue {
+			// If there is an error anywhere in the reconciliation, we cannot consider the resources up to date
+			evaluatedTypes[argov1alpha1.ApplicationSetConditionResourcesUpToDate] = true
+			newConditions = append(newConditions, argov1alpha1.ApplicationSetCondition{
+				Type:    argov1alpha1.ApplicationSetConditionResourcesUpToDate,
+				Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
+				Reason:  argov1alpha1.ApplicationSetReasonErrorOccurred,
+				Message: condition.Message,
+			})
+		}
+	case argov1alpha1.ApplicationSetConditionRolloutProgressing:
+		if !isRollingSyncStrategy(applicationSet) {
+			// if the condition is a rolling sync and it is disabled, ignore it
+			evaluatedTypes[condition.Type] = false
 		}
 	}
 
-	needToUpdateConditions := false
-	for _, condition := range newConditions {
-		// do nothing if appset already has same condition
-		for _, c := range applicationSet.Status.Conditions {
-			if c.Type == condition.Type && (c.Reason != condition.Reason || c.Status != condition.Status || c.Message != condition.Message) {
+	// Update the applicationSet conditions
+	previousConditions := applicationSet.Status.Conditions
+	applicationSet.Status.SetConditions(newConditions, evaluatedTypes)
+
+	// Try to not call get/update if nothing has changed
+	needToUpdateConditions := len(applicationSet.Status.Conditions) != len(previousConditions)
+	if !needToUpdateConditions {
+		for i, c := range applicationSet.Status.Conditions {
+			previous := previousConditions[i]
+			if c.Type != previous.Type || c.Reason != previous.Reason || c.Status != previous.Status || c.Message != previous.Message {
 				needToUpdateConditions = true
 				break
 			}
 		}
 	}
 
-	if needToUpdateConditions || len(applicationSet.Status.Conditions) < len(newConditions) {
-		// fetch updated Application Set object before updating it
-		// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
-		err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
-			namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}
-			updatedAppset := &argov1alpha1.ApplicationSet{}
-			if err := r.Get(ctx, namespacedName, updatedAppset); err != nil {
-				if client.IgnoreNotFound(err) != nil {
-					return nil
-				}
-				return fmt.Errorf("error fetching updated application set: %w", err)
+	if !needToUpdateConditions {
+		return nil
+	}
+	// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
+	err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
+		updatedAppset := &argov1alpha1.ApplicationSet{}
+		if err := r.Get(ctx, types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}, updatedAppset); err != nil {
+			if client.IgnoreNotFound(err) != nil {
+				return nil
 			}
+			return fmt.Errorf("error fetching updated application set: %w", err)
+		}
 
-			updatedAppset.Status.SetConditions(
-				newConditions, evaluatedTypes,
-			)
+		updatedAppset.Status.SetConditions(newConditions, evaluatedTypes)
 
-			// Update the newly fetched object with new set of conditions
-			err := r.Client.Status().Update(ctx, updatedAppset)
-			if err != nil {
-				return err
-			}
-			updatedAppset.DeepCopyInto(applicationSet)
-			return nil
-		})
-		if err != nil && !apierrors.IsNotFound(err) {
-			return fmt.Errorf("unable to set application set condition: %w", err)
+		// Update the newly fetched object with new set of conditions
+		err := r.Client.Status().Update(ctx, updatedAppset)
+		if err != nil {
+			return err
 		}
+		updatedAppset.DeepCopyInto(applicationSet)
+		return nil
+	})
+	if err != nil && !apierrors.IsNotFound(err) {
+		return fmt.Errorf("unable to set application set condition: %w", err)
 	}
 
 	return nil
@@ -478,33 +484,33 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context.
 
 // validateGeneratedApplications uses the Argo CD validation functions to verify the correctness of the
 // generated applications.
-func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Context, desiredApplications []argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet) (map[int]error, error) {
-	errorsByIndex := map[int]error{}
+func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Context, desiredApplications []argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet) (map[string]error, error) {
+	errorsByApp := map[string]error{}
 	namesSet := map[string]bool{}
-	for i, app := range desiredApplications {
+	for i := range desiredApplications {
+		app := &desiredApplications[i]
 		if namesSet[app.Name] {
-			errorsByIndex[i] = fmt.Errorf("ApplicationSet %s contains applications with duplicate name: %s", applicationSetInfo.Name, app.Name)
+			errorsByApp[app.QualifiedName()] = fmt.Errorf("ApplicationSet %s contains applications with duplicate name: %s", applicationSetInfo.Name, app.Name)
 			continue
 		}
 		namesSet[app.Name] = true
-
 		appProject := &argov1alpha1.AppProject{}
 		err := r.Get(ctx, types.NamespacedName{Name: app.Spec.Project, Namespace: r.ArgoCDNamespace}, appProject)
 		if err != nil {
 			if apierrors.IsNotFound(err) {
-				errorsByIndex[i] = fmt.Errorf("application references project %s which does not exist", app.Spec.Project)
+				errorsByApp[app.QualifiedName()] = fmt.Errorf("application references project %s which does not exist", app.Spec.Project)
 				continue
 			}
 			return nil, err
 		}
 
 		if _, err = argoutil.GetDestinationCluster(ctx, app.Spec.Destination, r.ArgoDB); err != nil {
-			errorsByIndex[i] = fmt.Errorf("application destination spec is invalid: %s", err.Error())
+			errorsByApp[app.QualifiedName()] = fmt.Errorf("application destination spec is invalid: %s", err.Error())
 			continue
 		}
 	}
 
-	return errorsByIndex, nil
+	return errorsByApp, nil
 }
 
 func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1alpha1.ApplicationSet) time.Duration {
@@ -800,7 +806,7 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte
 		}
 
 		if !matchingCluster {
-			appLog.Warnf("A match for the destination cluster for %s, by server url, couldn't be found.", app.Name)
+			appLog.Warnf("A match for the destination cluster for %s, by server url, couldn't be found", app.Name)
 		}
 
 		validDestination = matchingCluster
@@ -1207,44 +1213,56 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 }
 
 func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditions(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet) []argov1alpha1.ApplicationSetCondition {
-	appSetProgressing := false
+	if !isRollingSyncStrategy(applicationSet) {
+		return applicationSet.Status.Conditions
+	}
+
+	completedWaves := map[string]bool{}
 	for _, appStatus := range applicationSet.Status.ApplicationStatus {
-		if appStatus.Status != "Healthy" {
-			appSetProgressing = true
-			break
+		if v, ok := completedWaves[appStatus.Step]; !ok {
+			completedWaves[appStatus.Step] = appStatus.Status == "Healthy"
+		} else {
+			completedWaves[appStatus.Step] = v && appStatus.Status == "Healthy"
 		}
 	}
 
-	appSetConditionProgressing := false
-	for _, appSetCondition := range applicationSet.Status.Conditions {
-		if appSetCondition.Type == argov1alpha1.ApplicationSetConditionRolloutProgressing && appSetCondition.Status == argov1alpha1.ApplicationSetConditionStatusTrue {
-			appSetConditionProgressing = true
+	isProgressing := false
+	progressingStep := ""
+	for i := range applicationSet.Spec.Strategy.RollingSync.Steps {
+		step := strconv.Itoa(i + 1)
+		isCompleted, ok := completedWaves[step]
+		if !ok {
+			// Step has no applications, so it is completed
+			continue
+		}
+		if !isCompleted {
+			isProgressing = true
+			progressingStep = step
 			break
 		}
 	}
 
-	if appSetProgressing && !appSetConditionProgressing {
+	if isProgressing {
 		_ = r.setApplicationSetStatusCondition(ctx,
 			applicationSet,
 			argov1alpha1.ApplicationSetCondition{
 				Type:    argov1alpha1.ApplicationSetConditionRolloutProgressing,
-				Message: "ApplicationSet Rollout Rollout started",
+				Message: "ApplicationSet is performing rollout of step " + progressingStep,
 				Reason:  argov1alpha1.ApplicationSetReasonApplicationSetModified,
 				Status:  argov1alpha1.ApplicationSetConditionStatusTrue,
 			}, true,
 		)
-	} else if !appSetProgressing && appSetConditionProgressing {
+	} else {
 		_ = r.setApplicationSetStatusCondition(ctx,
 			applicationSet,
 			argov1alpha1.ApplicationSetCondition{
 				Type:    argov1alpha1.ApplicationSetConditionRolloutProgressing,
-				Message: "ApplicationSet Rollout Rollout complete",
+				Message: "ApplicationSet Rollout has completed",
 				Reason:  argov1alpha1.ApplicationSetReasonApplicationSetRolloutComplete,
 				Status:  argov1alpha1.ApplicationSetConditionStatusFalse,
 			}, true,
 		)
 	}
-
 	return applicationSet.Status.Conditions
 }
 
@@ -1363,17 +1381,17 @@ func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Contex
 	}
 
 	if needToUpdateStatus {
-		namespacedName := types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}
+		// sort to make sure the array is always in the same order
+		applicationSet.Status.ApplicationStatus = make([]argov1alpha1.ApplicationSetApplicationStatus, len(applicationStatuses))
+		copy(applicationSet.Status.ApplicationStatus, applicationStatuses)
+		sort.Slice(applicationSet.Status.ApplicationStatus, func(i, j int) bool {
+			return applicationSet.Status.ApplicationStatus[i].Application < applicationSet.Status.ApplicationStatus[j].Application
+		})
 
-		// rebuild ApplicationStatus from scratch, we don't need any previous status history
-		applicationSet.Status.ApplicationStatus = []argov1alpha1.ApplicationSetApplicationStatus{}
-		for i := range applicationStatuses {
-			applicationSet.Status.SetApplicationStatus(applicationStatuses[i])
-		}
 		// DefaultRetry will retry 5 times with a backoff factor of 1, jitter of 0.1 and a duration of 10ms
 		err := retry.RetryOnConflict(retry.DefaultRetry, func() error {
 			updatedAppset := &argov1alpha1.ApplicationSet{}
-			if err := r.Get(ctx, namespacedName, updatedAppset); err != nil {
+			if err := r.Get(ctx, types.NamespacedName{Namespace: applicationSet.Namespace, Name: applicationSet.Name}, updatedAppset); err != nil {
 				if client.IgnoreNotFound(err) != nil {
 					return nil
 				}
@@ -1437,7 +1455,7 @@ func syncApplication(application argov1alpha1.Application, prune bool) argov1alp
 		Info: []*argov1alpha1.Info{
 			{
 				Name:  "Reason",
-				Value: "ApplicationSet RollingSync triggered a sync of this Application resource.",
+				Value: "ApplicationSet RollingSync triggered a sync of this Application resource",
 			},
 		},
 		Sync: &argov1alpha1.SyncOperation{},
diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go
index a160639387392..77fae3908d265 100644
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
@@ -1954,14 +1954,15 @@ func TestValidateGeneratedApplications(t *testing.T) {
 	for _, cc := range []struct {
 		name             string
 		apps             []v1alpha1.Application
-		validationErrors map[int]error
+		validationErrors map[string]error
 	}{
 		{
 			name: "valid app should return true",
 			apps: []v1alpha1.Application{
 				{
-					TypeMeta:   metav1.TypeMeta{},
-					ObjectMeta: metav1.ObjectMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "app",
+					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "default",
 						Source: &v1alpha1.ApplicationSource{
@@ -1976,14 +1977,15 @@ func TestValidateGeneratedApplications(t *testing.T) {
 					},
 				},
 			},
-			validationErrors: map[int]error{},
+			validationErrors: map[string]error{},
 		},
 		{
 			name: "can't have both name and server defined",
 			apps: []v1alpha1.Application{
 				{
-					TypeMeta:   metav1.TypeMeta{},
-					ObjectMeta: metav1.ObjectMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "app",
+					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "default",
 						Source: &v1alpha1.ApplicationSource{
@@ -1999,14 +2001,15 @@ func TestValidateGeneratedApplications(t *testing.T) {
 					},
 				},
 			},
-			validationErrors: map[int]error{0: errors.New("application destination spec is invalid: application destination can't have both name and server defined: my-cluster my-server")},
+			validationErrors: map[string]error{"app": errors.New("application destination spec is invalid: application destination can't have both name and server defined: my-cluster my-server")},
 		},
 		{
 			name: "project mismatch should return error",
 			apps: []v1alpha1.Application{
 				{
-					TypeMeta:   metav1.TypeMeta{},
-					ObjectMeta: metav1.ObjectMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "app",
+					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "DOES-NOT-EXIST",
 						Source: &v1alpha1.ApplicationSource{
@@ -2021,14 +2024,15 @@ func TestValidateGeneratedApplications(t *testing.T) {
 					},
 				},
 			},
-			validationErrors: map[int]error{0: errors.New("application references project DOES-NOT-EXIST which does not exist")},
+			validationErrors: map[string]error{"app": errors.New("application references project DOES-NOT-EXIST which does not exist")},
 		},
 		{
 			name: "valid app should return true",
 			apps: []v1alpha1.Application{
 				{
-					TypeMeta:   metav1.TypeMeta{},
-					ObjectMeta: metav1.ObjectMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "app",
+					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "default",
 						Source: &v1alpha1.ApplicationSource{
@@ -2043,14 +2047,15 @@ func TestValidateGeneratedApplications(t *testing.T) {
 					},
 				},
 			},
-			validationErrors: map[int]error{},
+			validationErrors: map[string]error{},
 		},
 		{
 			name: "cluster should match",
 			apps: []v1alpha1.Application{
 				{
-					TypeMeta:   metav1.TypeMeta{},
-					ObjectMeta: metav1.ObjectMeta{},
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "app",
+					},
 					Spec: v1alpha1.ApplicationSpec{
 						Project: "default",
 						Source: &v1alpha1.ApplicationSource{
@@ -2065,7 +2070,7 @@ func TestValidateGeneratedApplications(t *testing.T) {
 					},
 				},
 			},
-			validationErrors: map[int]error{0: errors.New("application destination spec is invalid: there are no clusters with this name: nonexistent-cluster")},
+			validationErrors: map[string]error{"app": errors.New("application destination spec is invalid: there are no clusters with this name: nonexistent-cluster")},
 		},
 	} {
 		t.Run(cc.name, func(t *testing.T) {
@@ -2198,13 +2203,20 @@ func TestSetApplicationSetStatusCondition(t *testing.T) {
 	scheme := runtime.NewScheme()
 	err := v1alpha1.AddToScheme(scheme)
 	require.NoError(t, err)
+	kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...)
+	someTime := &metav1.Time{Time: time.Now().Add(-5 * time.Minute)}
+	existingParameterGeneratedCondition := getParametersGeneratedCondition(true, "")
+	existingParameterGeneratedCondition.LastTransitionTime = someTime
 
-	testCases := []struct {
-		appset     v1alpha1.ApplicationSet
-		conditions []v1alpha1.ApplicationSetCondition
-		testfunc   func(t *testing.T, appset v1alpha1.ApplicationSet)
+	for _, c := range []struct {
+		name                string
+		appset              v1alpha1.ApplicationSet
+		condition           v1alpha1.ApplicationSetCondition
+		parametersGenerated bool
+		testfunc            func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition)
 	}{
 		{
+			name: "has parameters generated condition when false",
 			appset: v1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "name",
@@ -2221,20 +2233,62 @@ func TestSetApplicationSetStatusCondition(t *testing.T) {
 					Template: v1alpha1.ApplicationSetTemplate{},
 				},
 			},
-			conditions: []v1alpha1.ApplicationSetCondition{
-				{
-					Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
-					Message: "All applications have been generated successfully",
-					Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-					Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
+				Message: "This is a message",
+				Reason:  "test",
+				Status:  v1alpha1.ApplicationSetConditionStatusFalse,
+			},
+			parametersGenerated: false,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
+				t.Helper()
+				require.Len(t, conditions, 2)
+
+				// Conditions are ordered by type, so the order is deterministic
+				assert.Equal(t, v1alpha1.ApplicationSetConditionParametersGenerated, conditions[0].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[0].Status)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionResourcesUpToDate, conditions[1].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[1].Status)
+				assert.Equal(t, "test", conditions[1].Reason)
+			},
+		},
+		{
+			name: "parameters generated condition is used when specified",
+			appset: v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "argocd",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{
+						{List: &v1alpha1.ListGenerator{
+							Elements: []apiextensionsv1.JSON{{
+								Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`),
+							}},
+						}},
+					},
+					Template: v1alpha1.ApplicationSetTemplate{},
 				},
 			},
-			testfunc: func(t *testing.T, appset v1alpha1.ApplicationSet) {
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionParametersGenerated,
+				Message: "This is a message",
+				Reason:  "test",
+				Status:  v1alpha1.ApplicationSetConditionStatusFalse,
+			},
+			parametersGenerated: true,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
 				t.Helper()
-				assert.Len(t, appset.Status.Conditions, 3)
+				require.Len(t, conditions, 1)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionParametersGenerated, conditions[0].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[0].Status)
+				assert.Equal(t, "test", conditions[0].Reason)
 			},
 		},
 		{
+			name: "has parameter conditions when true",
 			appset: v1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "name",
@@ -2251,37 +2305,69 @@ func TestSetApplicationSetStatusCondition(t *testing.T) {
 					Template: v1alpha1.ApplicationSetTemplate{},
 				},
 			},
-			conditions: []v1alpha1.ApplicationSetCondition{
-				{
-					Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
-					Message: "All applications have been generated successfully",
-					Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-					Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
+				Message: "This is a message",
+				Reason:  "test",
+				Status:  v1alpha1.ApplicationSetConditionStatusFalse,
+			},
+			parametersGenerated: true,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
+				t.Helper()
+				require.Len(t, conditions, 2)
+
+				// Conditions are ordered by type, so the order is deterministic
+				assert.Equal(t, v1alpha1.ApplicationSetConditionParametersGenerated, conditions[0].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusTrue, conditions[0].Status)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionResourcesUpToDate, conditions[1].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[1].Status)
+				assert.Equal(t, "test", conditions[1].Reason)
+			},
+		},
+		{
+			name: "resource up to date sets error condition to false",
+			appset: v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "argocd",
 				},
-				{
-					Type:    v1alpha1.ApplicationSetConditionRolloutProgressing,
-					Message: "ApplicationSet Rollout Rollout started",
-					Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-					Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{
+						{List: &v1alpha1.ListGenerator{
+							Elements: []apiextensionsv1.JSON{{
+								Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`),
+							}},
+						}},
+					},
+					Template: v1alpha1.ApplicationSetTemplate{},
 				},
 			},
-			testfunc: func(t *testing.T, appset v1alpha1.ApplicationSet) {
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
+				Message: "Completed",
+				Reason:  "test",
+				Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+			},
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
 				t.Helper()
-				assert.Len(t, appset.Status.Conditions, 3)
+				require.Len(t, conditions, 3)
 
-				isProgressingCondition := false
+				assert.Equal(t, v1alpha1.ApplicationSetConditionErrorOccurred, conditions[0].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[0].Status)
+				assert.Equal(t, "test", conditions[0].Reason)
+				assert.Equal(t, "Completed", conditions[0].Message)
 
-				for _, condition := range appset.Status.Conditions {
-					if condition.Type == v1alpha1.ApplicationSetConditionRolloutProgressing {
-						isProgressingCondition = true
-						break
-					}
-				}
+				assert.Equal(t, v1alpha1.ApplicationSetConditionParametersGenerated, conditions[1].Type)
 
-				assert.False(t, isProgressingCondition, "no RolloutProgressing should be set for applicationsets that don't have rolling strategy")
+				assert.Equal(t, v1alpha1.ApplicationSetConditionResourcesUpToDate, conditions[2].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusTrue, conditions[2].Status)
+				assert.Equal(t, "test", conditions[2].Reason)
+				assert.Equal(t, "Completed", conditions[2].Message)
 			},
 		},
 		{
+			name: "error condition sets resource up to date to false",
 			appset: v1alpha1.ApplicationSet{
 				ObjectMeta: metav1.ObjectMeta{
 					Name:      "name",
@@ -2296,83 +2382,290 @@ func TestSetApplicationSetStatusCondition(t *testing.T) {
 						}},
 					},
 					Template: v1alpha1.ApplicationSetTemplate{},
+				},
+			},
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionErrorOccurred,
+				Message: "Error",
+				Reason:  "test",
+				Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+			},
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
+				t.Helper()
+				require.Len(t, conditions, 3)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionErrorOccurred, conditions[0].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusTrue, conditions[0].Status)
+				assert.Equal(t, "test", conditions[0].Reason)
+				assert.Equal(t, "Error", conditions[0].Message)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionParametersGenerated, conditions[1].Type)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionResourcesUpToDate, conditions[2].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[2].Status)
+				assert.Equal(t, v1alpha1.ApplicationSetReasonErrorOccurred, conditions[2].Reason)
+				assert.Equal(t, "Error", conditions[2].Message)
+			},
+		},
+		{
+			name: "updating an unchanged condition does not mutate existing conditions",
+			appset: v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "argocd",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{
+						{List: &v1alpha1.ListGenerator{
+							Elements: []apiextensionsv1.JSON{{
+								Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`),
+							}},
+						}},
+					},
 					Strategy: &v1alpha1.ApplicationSetStrategy{
-						Type: "RollingSync",
-						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{
-							Steps: []v1alpha1.ApplicationSetRolloutStep{
-								{
-									MatchExpressions: []v1alpha1.ApplicationMatchExpression{
-										{
-											Key:      "test",
-											Operator: "In",
-											Values:   []string{"test"},
-										},
-									},
-								},
-							},
+						Type:        "RollingSync",
+						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{},
+					},
+					Template: v1alpha1.ApplicationSetTemplate{},
+				},
+				Status: v1alpha1.ApplicationSetStatus{
+					Conditions: []v1alpha1.ApplicationSetCondition{
+						{
+							Type:               v1alpha1.ApplicationSetConditionErrorOccurred,
+							Message:            "existing",
+							LastTransitionTime: someTime,
+						},
+						existingParameterGeneratedCondition,
+						{
+							Type:               v1alpha1.ApplicationSetConditionResourcesUpToDate,
+							Message:            "existing",
+							Status:             v1alpha1.ApplicationSetConditionStatusFalse,
+							LastTransitionTime: someTime,
+						},
+						{
+							Type:               v1alpha1.ApplicationSetConditionRolloutProgressing,
+							Message:            "existing",
+							LastTransitionTime: someTime,
 						},
 					},
 				},
 			},
-			conditions: []v1alpha1.ApplicationSetCondition{
-				{
-					Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
-					Message: "All applications have been generated successfully",
-					Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-					Status:  v1alpha1.ApplicationSetConditionStatusTrue,
-				},
-				{
-					Type:    v1alpha1.ApplicationSetConditionRolloutProgressing,
-					Message: "ApplicationSet Rollout Rollout started",
-					Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
-					Status:  v1alpha1.ApplicationSetConditionStatusTrue,
-				},
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
+				Message: "existing",
+				Status:  v1alpha1.ApplicationSetConditionStatusFalse,
 			},
-			testfunc: func(t *testing.T, appset v1alpha1.ApplicationSet) {
+			parametersGenerated: true,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
 				t.Helper()
-				assert.Len(t, appset.Status.Conditions, 4)
+				require.Len(t, conditions, 4)
 
-				isProgressingCondition := false
+				assert.Equal(t, v1alpha1.ApplicationSetConditionErrorOccurred, conditions[0].Type)
+				assert.Equal(t, someTime, conditions[0].LastTransitionTime)
 
-				for _, condition := range appset.Status.Conditions {
-					if condition.Type == v1alpha1.ApplicationSetConditionRolloutProgressing {
-						isProgressingCondition = true
-						break
-					}
-				}
+				assert.Equal(t, v1alpha1.ApplicationSetConditionParametersGenerated, conditions[1].Type)
+				assert.Equal(t, someTime, conditions[1].LastTransitionTime)
 
-				assert.True(t, isProgressingCondition, "RolloutProgressing should be set for rollout strategy appset")
+				assert.Equal(t, v1alpha1.ApplicationSetConditionResourcesUpToDate, conditions[2].Type)
+				assert.Equal(t, someTime, conditions[2].LastTransitionTime)
+
+				assert.Equal(t, v1alpha1.ApplicationSetConditionRolloutProgressing, conditions[3].Type)
+				assert.Equal(t, someTime, conditions[3].LastTransitionTime)
 			},
 		},
-	}
-
-	kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...)
-
-	for _, testCase := range testCases {
-		client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&testCase.appset).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).WithStatusSubresource(&testCase.appset).Build()
-		metrics := appsetmetrics.NewFakeAppsetMetrics()
+		{
+			name: "progressing conditions is removed when AppSet is not configured",
+			appset: v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "argocd",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{
+						{List: &v1alpha1.ListGenerator{
+							Elements: []apiextensionsv1.JSON{{
+								Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`),
+							}},
+						}},
+					},
+					// Strategy removed
+					// Strategy: &v1alpha1.ApplicationSetStrategy{
+					// 	Type:        "RollingSync",
+					// 	RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{},
+					// },
+					Template: v1alpha1.ApplicationSetTemplate{},
+				},
+				Status: v1alpha1.ApplicationSetStatus{
+					Conditions: []v1alpha1.ApplicationSetCondition{
+						{
+							Type:               v1alpha1.ApplicationSetConditionErrorOccurred,
+							Message:            "existing",
+							LastTransitionTime: someTime,
+						},
+						existingParameterGeneratedCondition,
+						{
+							Type:               v1alpha1.ApplicationSetConditionResourcesUpToDate,
+							Message:            "existing",
+							Status:             v1alpha1.ApplicationSetConditionStatusFalse,
+							LastTransitionTime: someTime,
+						},
+						{
+							Type:               v1alpha1.ApplicationSetConditionRolloutProgressing,
+							Message:            "existing",
+							LastTransitionTime: someTime,
+						},
+					},
+				},
+			},
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
+				Message: "existing",
+				Status:  v1alpha1.ApplicationSetConditionStatusFalse,
+			},
+			parametersGenerated: true,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
+				t.Helper()
+				require.Len(t, conditions, 3)
+				for _, c := range conditions {
+					assert.NotEqual(t, v1alpha1.ApplicationSetConditionRolloutProgressing, c.Type)
+				}
+			},
+		},
+		{
+			name: "progressing conditions is ignored when AppSet is not configured",
+			appset: v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "argocd",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{
+						{List: &v1alpha1.ListGenerator{
+							Elements: []apiextensionsv1.JSON{{
+								Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`),
+							}},
+						}},
+					},
+					// Strategy removed
+					// Strategy: &v1alpha1.ApplicationSetStrategy{
+					// 	Type:        "RollingSync",
+					// 	RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{},
+					// },
+					Template: v1alpha1.ApplicationSetTemplate{},
+				},
+				Status: v1alpha1.ApplicationSetStatus{
+					Conditions: []v1alpha1.ApplicationSetCondition{
+						{
+							Type:               v1alpha1.ApplicationSetConditionErrorOccurred,
+							Message:            "existing",
+							LastTransitionTime: someTime,
+						},
+						existingParameterGeneratedCondition,
+						{
+							Type:               v1alpha1.ApplicationSetConditionResourcesUpToDate,
+							Message:            "existing",
+							Status:             v1alpha1.ApplicationSetConditionStatusFalse,
+							LastTransitionTime: someTime,
+						},
+					},
+				},
+			},
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionRolloutProgressing,
+				Message: "do not add me",
+				Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+			},
+			parametersGenerated: true,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
+				t.Helper()
+				require.Len(t, conditions, 3)
+				for _, c := range conditions {
+					assert.NotEqual(t, v1alpha1.ApplicationSetConditionRolloutProgressing, c.Type)
+				}
+			},
+		},
+		{
+			name: "progressing conditions is updated correctly when configured",
+			appset: v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "name",
+					Namespace: "argocd",
+				},
+				Spec: v1alpha1.ApplicationSetSpec{
+					Generators: []v1alpha1.ApplicationSetGenerator{
+						{List: &v1alpha1.ListGenerator{
+							Elements: []apiextensionsv1.JSON{{
+								Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc"}`),
+							}},
+						}},
+					},
+					Strategy: &v1alpha1.ApplicationSetStrategy{
+						Type:        "RollingSync",
+						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{},
+					},
+					Template: v1alpha1.ApplicationSetTemplate{},
+				},
+				Status: v1alpha1.ApplicationSetStatus{
+					Conditions: []v1alpha1.ApplicationSetCondition{
+						{
+							Type:               v1alpha1.ApplicationSetConditionErrorOccurred,
+							Message:            "existing",
+							LastTransitionTime: someTime,
+						},
+						existingParameterGeneratedCondition,
+						{
+							Type:               v1alpha1.ApplicationSetConditionResourcesUpToDate,
+							Message:            "existing",
+							Status:             v1alpha1.ApplicationSetConditionStatusFalse,
+							LastTransitionTime: someTime,
+						},
+						{
+							Type:    v1alpha1.ApplicationSetConditionRolloutProgressing,
+							Message: "old value",
+							Status:  v1alpha1.ApplicationSetConditionStatusTrue,
+						},
+					},
+				},
+			},
+			condition: v1alpha1.ApplicationSetCondition{
+				Type:    v1alpha1.ApplicationSetConditionRolloutProgressing,
+				Message: "new value",
+				Status:  v1alpha1.ApplicationSetConditionStatusFalse,
+			},
+			parametersGenerated: true,
+			testfunc: func(t *testing.T, conditions []v1alpha1.ApplicationSetCondition) {
+				t.Helper()
+				require.Len(t, conditions, 4)
 
-		argodb := db.NewDB("argocd", settings.NewSettingsManager(t.Context(), kubeclientset, "argocd"), kubeclientset)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionRolloutProgressing, conditions[3].Type)
+				assert.Equal(t, v1alpha1.ApplicationSetConditionStatusFalse, conditions[3].Status)
+				assert.Equal(t, "new value", conditions[3].Message)
+			},
+		},
+	} {
+		t.Run(c.name, func(t *testing.T) {
+			client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&c.appset).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).WithStatusSubresource(&c.appset).Build()
+			metrics := appsetmetrics.NewFakeAppsetMetrics()
+			argodb := db.NewDB("argocd", settings.NewSettingsManager(t.Context(), kubeclientset, "argocd"), kubeclientset)
 
-		r := ApplicationSetReconciler{
-			Client:   client,
-			Scheme:   scheme,
-			Renderer: &utils.Render{},
-			Recorder: record.NewFakeRecorder(1),
-			Generators: map[string]generators.Generator{
-				"List": generators.NewListGenerator(),
-			},
-			ArgoDB:        argodb,
-			KubeClientset: kubeclientset,
-			Metrics:       metrics,
-		}
+			r := ApplicationSetReconciler{
+				Client:   client,
+				Scheme:   scheme,
+				Renderer: &utils.Render{},
+				Recorder: record.NewFakeRecorder(1),
+				Generators: map[string]generators.Generator{
+					"List": generators.NewListGenerator(),
+				},
+				ArgoDB:        argodb,
+				KubeClientset: kubeclientset,
+				Metrics:       metrics,
+			}
 
-		for _, condition := range testCase.conditions {
-			err = r.setApplicationSetStatusCondition(t.Context(), &testCase.appset, condition, true)
+			err = r.setApplicationSetStatusCondition(t.Context(), &c.appset, c.condition, c.parametersGenerated)
 			require.NoError(t, err)
-		}
 
-		testCase.testfunc(t, testCase.appset)
+			c.testfunc(t, c.appset.Status.Conditions)
+		})
 	}
 }
 
@@ -7134,7 +7427,7 @@ func TestSyncApplication(t *testing.T) {
 					Info: []*v1alpha1.Info{
 						{
 							Name:  "Reason",
-							Value: "ApplicationSet RollingSync triggered a sync of this Application resource.",
+							Value: "ApplicationSet RollingSync triggered a sync of this Application resource",
 						},
 					},
 					Sync: &v1alpha1.SyncOperation{
@@ -7176,7 +7469,7 @@ func TestSyncApplication(t *testing.T) {
 					Info: []*v1alpha1.Info{
 						{
 							Name:  "Reason",
-							Value: "ApplicationSet RollingSync triggered a sync of this Application resource.",
+							Value: "ApplicationSet RollingSync triggered a sync of this Application resource",
 						},
 					},
 					Sync: &v1alpha1.SyncOperation{
diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go
index bdb282e24466c..09fc1e1daf447 100644
--- a/pkg/apis/application/v1alpha1/applicationset_types.go
+++ b/pkg/apis/application/v1alpha1/applicationset_types.go
@@ -18,7 +18,6 @@ package v1alpha1
 
 import (
 	"encoding/json"
-	"fmt"
 	"sort"
 
 	"github.com/argoproj/argo-cd/v3/common"
@@ -918,33 +917,63 @@ func (a *ApplicationSet) RefreshRequired() bool {
 // If the applicationset has a pre-existing condition of a type that is not in the evaluated list,
 // it will be preserved. If the applicationset has a pre-existing condition of a type, status, reason that
 // is in the evaluated list, but not in the incoming conditions list, it will be removed.
-func (status *ApplicationSetStatus) SetConditions(conditions []ApplicationSetCondition, _ map[ApplicationSetConditionType]bool) {
-	applicationSetConditions := make([]ApplicationSetCondition, 0)
+func (status *ApplicationSetStatus) SetConditions(conditions []ApplicationSetCondition, evaluatedTypes map[ApplicationSetConditionType]bool) {
+	newConditions := make([]ApplicationSetCondition, 0)
 	now := metav1.Now()
+	// Keep the existing conditions when they are not evaluated
+	for i := range status.Conditions {
+		currentCondition := status.Conditions[i]
+		if isEvaluated, ok := evaluatedTypes[currentCondition.Type]; !ok || !isEvaluated {
+			if currentCondition.LastTransitionTime == nil {
+				currentCondition.LastTransitionTime = &now
+			}
+			newConditions = append(newConditions, currentCondition)
+		}
+	}
+
+	// Update the evaluated conditions
 	for i := range conditions {
 		condition := conditions[i]
+		if isEvaluated, ok := evaluatedTypes[condition.Type]; !ok || !isEvaluated {
+			// ignore an new condition when it is not evaluated
+			continue
+		}
+
 		if condition.LastTransitionTime == nil {
 			condition.LastTransitionTime = &now
 		}
-		eci := findConditionIndex(status.Conditions, condition.Type)
+		eci := condition.Type.findConditionIndex(status.Conditions)
 		if eci >= 0 && status.Conditions[eci].Message == condition.Message && status.Conditions[eci].Reason == condition.Reason && status.Conditions[eci].Status == condition.Status {
-			// If we already have a condition of this type, status and reason, only update the timestamp if something
-			// has changed.
-			applicationSetConditions = append(applicationSetConditions, status.Conditions[eci])
+			// If we already have a condition of this type and nothing has changed, do not update it
+			newConditions = append(newConditions, status.Conditions[eci])
 		} else {
-			// Otherwise we use the new incoming condition with an updated timestamp:
-			applicationSetConditions = append(applicationSetConditions, condition)
+			// Otherwise we use the new incoming condition with updated information
+			newConditions = append(newConditions, condition)
 		}
 	}
-	sort.Slice(applicationSetConditions, func(i, j int) bool {
-		left := applicationSetConditions[i]
-		right := applicationSetConditions[j]
-		return fmt.Sprintf("%s/%s/%s/%s/%v", left.Type, left.Message, left.Status, left.Reason, left.LastTransitionTime) < fmt.Sprintf("%s/%s/%s/%s/%v", right.Type, right.Message, right.Status, right.Reason, right.LastTransitionTime)
+
+	sort.Slice(newConditions, func(i, j int) bool {
+		left := newConditions[i]
+		right := newConditions[j]
+
+		if left.Type != right.Type {
+			return left.Type < right.Type
+		}
+		if left.Status != right.Status {
+			return left.Status < right.Status
+		}
+		if left.Reason != right.Reason {
+			return left.Reason < right.Reason
+		}
+		if left.Message != right.Message {
+			return left.Message < right.Message
+		}
+		return left.LastTransitionTime.Before(right.LastTransitionTime)
 	})
-	status.Conditions = applicationSetConditions
+	status.Conditions = newConditions
 }
 
-func findConditionIndex(conditions []ApplicationSetCondition, t ApplicationSetConditionType) int {
+func (t ApplicationSetConditionType) findConditionIndex(conditions []ApplicationSetCondition) int {
 	for i := range conditions {
 		if conditions[i].Type == t {
 			return i
@@ -953,17 +982,6 @@ func findConditionIndex(conditions []ApplicationSetCondition, t ApplicationSetCo
 	return -1
 }
 
-func (status *ApplicationSetStatus) SetApplicationStatus(newStatus ApplicationSetApplicationStatus) {
-	for i := range status.ApplicationStatus {
-		appStatus := status.ApplicationStatus[i]
-		if appStatus.Application == newStatus.Application {
-			status.ApplicationStatus[i] = newStatus
-			return
-		}
-	}
-	status.ApplicationStatus = append(status.ApplicationStatus, newStatus)
-}
-
 // QualifiedName returns the full qualified name of the applicationset, including
 // the name of the namespace it is created in delimited by a forward slash,
 // i.e. <namespace>/<appname>
diff --git a/resource_customizations/argoproj.io/ApplicationSet/health.lua b/resource_customizations/argoproj.io/ApplicationSet/health.lua
index 7505d8024d95c..a6fc7fa4e0cb0 100644
--- a/resource_customizations/argoproj.io/ApplicationSet/health.lua
+++ b/resource_customizations/argoproj.io/ApplicationSet/health.lua
@@ -8,6 +8,22 @@ if obj.status ~= nil then
         hs.message = condition.message
         return hs
       end
+    end
+    for i, condition in pairs(obj.status.conditions) do
+      if condition.type == "ResourcesUpToDate" and condition.status == "False" then
+        hs.status = "Degraded"
+        hs.message = condition.message
+        return hs
+      end
+    end
+    for i, condition in pairs(obj.status.conditions) do
+      if condition.type == "RolloutProgressing" and condition.status == "True" then
+        hs.status = "Progressing"
+        hs.message = condition.message
+        return hs
+      end
+    end
+    for i, condition in pairs(obj.status.conditions) do
       if condition.type == "ResourcesUpToDate" and condition.status == "True" then
         hs.status = "Healthy"
         hs.message = condition.message
diff --git a/resource_customizations/argoproj.io/ApplicationSet/health_test.yaml b/resource_customizations/argoproj.io/ApplicationSet/health_test.yaml
index 86c7b14b07c10..ff0a13f1f71bf 100644
--- a/resource_customizations/argoproj.io/ApplicationSet/health_test.yaml
+++ b/resource_customizations/argoproj.io/ApplicationSet/health_test.yaml
@@ -1,13 +1,21 @@
 tests:
   - healthStatus:
       status: Healthy
-      message: "ApplicationSet up to date"
+      message: ApplicationSet up to date
     inputPath: testdata/healthyApplicationSet.yaml
   - healthStatus:
       status: Degraded
-      message: "found less than two generators, Merge requires two or more"
+      message: found less than two generators, Merge requires two or more
     inputPath: testdata/errorApplicationSetWithStatusMessage.yaml
   - healthStatus:
       status: Progressing
-      message: "Waiting for the status to be reported"
+      message: Waiting for the status to be reported
     inputPath: testdata/noStatusApplicationSet.yaml
+  - healthStatus:
+      status: Degraded
+      message: could not create application
+    inputPath: testdata/resourceNotUpdatedApplicationSet.yaml
+  - healthStatus:
+      status: Progressing
+      message: ApplicationSet is performing rollout of step 1
+    inputPath: testdata/progressiveSyncApplicationSet.yaml
diff --git a/resource_customizations/argoproj.io/ApplicationSet/testdata/progressiveSyncApplicationSet.yaml b/resource_customizations/argoproj.io/ApplicationSet/testdata/progressiveSyncApplicationSet.yaml
new file mode 100644
index 0000000000000..318d79dfb7a93
--- /dev/null
+++ b/resource_customizations/argoproj.io/ApplicationSet/testdata/progressiveSyncApplicationSet.yaml
@@ -0,0 +1,58 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: cluster-git
+  namespace: argocd
+spec:
+  generators:
+    - merge:
+        generators: []
+        mergeKeys:
+          - server
+  strategy:
+    rollingSync:
+      steps:
+        - matchExpressions:
+            - key: env
+              operator: In
+              values:
+                - dev
+        - matchExpressions:
+            - key: env
+              operator: In
+              values:
+                - prod
+  template:
+    metadata:
+      name: '{{name}}'
+    spec:
+      destination:
+        namespace: default
+        server: '{{server}}'
+      project: default
+      source:
+        path: helm-guestbook
+        repoURL: https://github.com/argoproj/argocd-example-apps/
+        targetRevision: HEAD
+status:
+  conditions:
+    - lastTransitionTime: '2025-05-30T15:41:02Z'
+      message: All applications have been generated successfully
+      reason: ApplicationSetUpToDate
+      status: 'False'
+      type: ErrorOccurred
+    - lastTransitionTime: '2025-05-27T18:45:48Z'
+      message: Successfully generated parameters for all Applications
+      reason: ParametersGenerated
+      status: 'True'
+      type: ParametersGenerated
+    - lastTransitionTime: '2025-05-30T15:41:02Z'
+      message: All applications have been generated successfully
+      reason: ApplicationSetUpToDate
+      status: 'True'
+      type: ResourcesUpToDate
+    - lastTransitionTime: '2025-05-30T15:44:06Z'
+      message: ApplicationSet is performing rollout of step 1
+      reason: ApplicationSetModified
+      status: 'True'
+      type: RolloutProgressing
diff --git a/resource_customizations/argoproj.io/ApplicationSet/testdata/resourceNotUpdatedApplicationSet.yaml b/resource_customizations/argoproj.io/ApplicationSet/testdata/resourceNotUpdatedApplicationSet.yaml
new file mode 100644
index 0000000000000..9357d8717bad3
--- /dev/null
+++ b/resource_customizations/argoproj.io/ApplicationSet/testdata/resourceNotUpdatedApplicationSet.yaml
@@ -0,0 +1,40 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: cluster-git
+  namespace: argocd
+spec:
+  generators:
+    - merge:
+        generators: []
+        mergeKeys:
+          - server
+  template:
+    metadata:
+      name: '{{name}}'
+    spec:
+      destination:
+        namespace: default
+        server: '{{server}}'
+      project: default
+      source:
+        path: helm-guestbook
+        repoURL: https://github.com/argoproj/argocd-example-apps/
+        targetRevision: HEAD
+status:
+  conditions:
+    - lastTransitionTime: '2025-05-30T15:41:02Z'
+      message: All applications have been generated successfully
+      reason: ApplicationSetUpToDate
+      status: 'False'
+      type: ErrorOccurred
+    - lastTransitionTime: '2025-05-27T18:45:48Z'
+      message: Successfully generated parameters for all Applications
+      reason: ParametersGenerated
+      status: 'True'
+      type: ParametersGenerated
+    - lastTransitionTime: '2025-05-30T15:41:02Z'
+      message: 'could not create application'
+      reason: CreateApplicationError
+      status: 'False'
+      type: ResourcesUpToDate
diff --git a/test/e2e/applicationset_git_generator_test.go b/test/e2e/applicationset_git_generator_test.go
index 7d9541a470e13..e80d0002ed84f 100644
--- a/test/e2e/applicationset_git_generator_test.go
+++ b/test/e2e/applicationset_git_generator_test.go
@@ -269,7 +269,7 @@ func TestSimpleGitDirectoryGeneratorGPGEnabledUnsignedCommits(t *testing.T) {
 			Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
 			Status:  v1alpha1.ApplicationSetConditionStatusFalse,
 			Message: expectedErrorMessage,
-			Reason:  v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
+			Reason:  v1alpha1.ApplicationSetReasonErrorOccurred,
 		},
 	}
 	generateExpectedApp := func(name string) v1alpha1.Application {
@@ -367,7 +367,7 @@ func TestSimpleGitDirectoryGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) {
 			Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
 			Status:  v1alpha1.ApplicationSetConditionStatusFalse,
 			Message: expectedErrorMessage,
-			Reason:  v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
+			Reason:  v1alpha1.ApplicationSetReasonErrorOccurred,
 		},
 	}
 	generateExpectedApp := func(name string) v1alpha1.Application {
@@ -582,7 +582,7 @@ func TestSimpleGitFilesGeneratorGPGEnabledUnsignedCommits(t *testing.T) {
 			Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
 			Status:  v1alpha1.ApplicationSetConditionStatusFalse,
 			Message: expectedErrorMessage,
-			Reason:  v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
+			Reason:  v1alpha1.ApplicationSetReasonErrorOccurred,
 		},
 	}
 	project := "gpg"
@@ -680,7 +680,7 @@ func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) {
 			Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
 			Status:  v1alpha1.ApplicationSetConditionStatusFalse,
 			Message: expectedErrorMessage,
-			Reason:  v1alpha1.ApplicationSetReasonApplicationParamsGenerationError,
+			Reason:  v1alpha1.ApplicationSetReasonErrorOccurred,
 		},
 	}
 	project := "gpg"
diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go
index e285656c315b7..bdc486ff22c73 100644
--- a/test/e2e/applicationset_test.go
+++ b/test/e2e/applicationset_test.go
@@ -32,7 +32,7 @@ var ExpectedConditions = []v1alpha1.ApplicationSetCondition{
 	{
 		Type:    v1alpha1.ApplicationSetConditionErrorOccurred,
 		Status:  v1alpha1.ApplicationSetConditionStatusFalse,
-		Message: "Successfully generated parameters for all Applications",
+		Message: "All applications have been generated successfully",
 		Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
 	},
 	{
@@ -44,7 +44,7 @@ var ExpectedConditions = []v1alpha1.ApplicationSetCondition{
 	{
 		Type:    v1alpha1.ApplicationSetConditionResourcesUpToDate,
 		Status:  v1alpha1.ApplicationSetConditionStatusTrue,
-		Message: "ApplicationSet up to date",
+		Message: "All applications have been generated successfully",
 		Reason:  v1alpha1.ApplicationSetReasonApplicationSetUpToDate,
 	},
 }

From df089878204b99ecc2c33f7c4b7c598d3e15cf17 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 1 Jul 2025 11:41:57 -0400
Subject: [PATCH 074/383] fix(hydrator): omit Argocd- trailers from
 hydrator.metadata (#23463)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 commitserver/commit/commit.go              |   1 +
 commitserver/commit/hydratorhelper.go      |   5 +-
 commitserver/commit/hydratorhelper_test.go |  18 ++--
 docs/user-guide/source-hydrator.md         |  10 ++
 util/git/client.go                         | 119 ++++++++++++---------
 util/git/client_test.go                    |  48 ++++++---
 6 files changed, 124 insertions(+), 77 deletions(-)

diff --git a/commitserver/commit/commit.go b/commitserver/commit/commit.go
index 41ef2b1299bab..c3cf08997eb60 100644
--- a/commitserver/commit/commit.go
+++ b/commitserver/commit/commit.go
@@ -220,6 +220,7 @@ type hydratorMetadataFile struct {
 	// Subject is the subject line of the DRY commit message, i.e. `git show --format=%s`.
 	Subject string `json:"subject,omitempty"`
 	// Body is the body of the DRY commit message, excluding the subject line, i.e. `git show --format=%b`.
+	// Known Argocd- trailers with valid values are removed, but all other trailers are kept.
 	Body       string                       `json:"body,omitempty"`
 	References []v1alpha1.RevisionReference `json:"references,omitempty"`
 }
diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go
index 054c9516db7f5..44dce9b2d3df1 100644
--- a/commitserver/commit/hydratorhelper.go
+++ b/commitserver/commit/hydratorhelper.go
@@ -18,6 +18,7 @@ import (
 
 	"github.com/argoproj/argo-cd/v3/commitserver/apiclient"
 	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/git"
 	"github.com/argoproj/argo-cd/v3/util/io"
 )
 
@@ -48,8 +49,10 @@ func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *app
 
 	subject, body, _ := strings.Cut(message, "\n\n")
 
+	_, bodyMinusTrailers := git.GetReferences(log.WithFields(log.Fields{"repo": repoUrl, "revision": drySha}), body)
+
 	// Write the top-level readme.
-	err := writeMetadata(root, "", hydratorMetadataFile{DrySHA: drySha, RepoURL: repoUrl, Author: author, Subject: subject, Body: body, Date: date, References: references})
+	err := writeMetadata(root, "", hydratorMetadataFile{DrySHA: drySha, RepoURL: repoUrl, Author: author, Subject: subject, Body: bodyMinusTrailers, Date: date, References: references})
 	if err != nil {
 		return fmt.Errorf("failed to write top-level hydrator metadata: %w", err)
 	}
diff --git a/commitserver/commit/hydratorhelper_test.go b/commitserver/commit/hydratorhelper_test.go
index f522ef335f7ea..05c0bd2f85f0a 100644
--- a/commitserver/commit/hydratorhelper_test.go
+++ b/commitserver/commit/hydratorhelper_test.go
@@ -9,7 +9,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
-	"strings"
 	"testing"
 	"time"
 
@@ -73,9 +72,13 @@ func TestWriteForPaths(t *testing.T) {
 
 	now := metav1.NewTime(time.Now())
 	metadata := &appsv1.RevisionMetadata{
-		Author:  "test-author",
-		Date:    &now,
-		Message: "test-message",
+		Author: "test-author",
+		Date:   &now,
+		Message: `test-message
+
+Signed-off-by: Test User <test@example.com>
+Argocd-reference-commit-sha: abc123
+`,
 		References: []appsv1.RevisionReference{
 			{
 				Commit: &appsv1.CommitMetadata{
@@ -97,16 +100,15 @@ func TestWriteForPaths(t *testing.T) {
 	topMetadataBytes, err := os.ReadFile(topMetadataPath)
 	require.NoError(t, err)
 
-	expectedSubject, expectedBody, _ := strings.Cut(metadata.Message, "\n\n")
-
 	var topMetadata hydratorMetadataFile
 	err = json.Unmarshal(topMetadataBytes, &topMetadata)
 	require.NoError(t, err)
 	assert.Equal(t, repoURL, topMetadata.RepoURL)
 	assert.Equal(t, drySha, topMetadata.DrySHA)
 	assert.Equal(t, metadata.Author, topMetadata.Author)
-	assert.Equal(t, expectedSubject, topMetadata.Subject)
-	assert.Equal(t, expectedBody, topMetadata.Body)
+	assert.Equal(t, "test-message", topMetadata.Subject)
+	// The body should exclude the Argocd- trailers.
+	assert.Equal(t, "Signed-off-by: Test User <test@example.com>\n", topMetadata.Body)
 	assert.Equal(t, metadata.Date.Format(time.RFC3339), topMetadata.Date)
 	assert.Equal(t, metadata.References, topMetadata.References)
 
diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md
index 0a13d7c93d776..fa79bdbaa103e 100644
--- a/docs/user-guide/source-hydrator.md
+++ b/docs/user-guide/source-hydrator.md
@@ -230,6 +230,12 @@ The commit metadata will appear in the hydrated commit's root hydrator.metadata
 
 ```json
 {
+  "author": "CI <ci@example.com>",
+  "subject": "chore: bump image to b82add2",
+  "date": "2025-06-09T13:50:08-04:00",
+  "body": "Signed-off-by: CI <ci@example.com>\n",
+  "drySha": "6cb951525937865dced818bbdd78c89b2d2b3045",
+  "repoURL": "https://git.example.com/owner/manifests-repo",
   "references": [
     {
       "commit": {
@@ -248,6 +254,10 @@ The commit metadata will appear in the hydrated commit's root hydrator.metadata
 }
 ```
 
+The top-level "body" field contains the commit message of the DRY commit minus the subject line and any 
+`Argocd-reference-commit-*` trailers that were used in `references`. Unrecognized or invalid trailers are preserved in
+the body.
+
 Although `references` is an array, the source hydrator currently only supports a single related commit. If a trailer is
 specified more than once, the last one will be used.
 
diff --git a/util/git/client.go b/util/git/client.go
index c941ec47d885b..557dc584488bd 100644
--- a/util/git/client.go
+++ b/util/git/client.go
@@ -790,7 +790,7 @@ func (m *nativeGitClient) RevisionMetadata(revision string) (*RevisionMetadata,
 	if err != nil {
 		return nil, fmt.Errorf("failed to interpret trailers for revision %q in repo %q: %w", revision, m.repoURL, err)
 	}
-	relatedCommits := getReferences(log.WithFields(log.Fields{"repo": m.repoURL, "revision": revision}), out)
+	relatedCommits, _ := GetReferences(log.WithFields(log.Fields{"repo": m.repoURL, "revision": revision}), out)
 
 	out, err = m.runCmd("tag", "--points-at", revision)
 	if err != nil {
@@ -816,65 +816,23 @@ func truncate(str string) string {
 
 var shaRegex = regexp.MustCompile(`^[0-9a-f]{5,40}$`)
 
-// getReferences extracts related commit metadata from the commit message trailers. If referenced commit
+// GetReferences extracts related commit metadata from the commit message trailers. If referenced commit
 // metadata is present, we return a slice containing a single metadata object. If no related commit metadata is found,
 // we return a nil slice.
 //
 // If a trailer fails validation, we log an error and skip that trailer. We truncate the trailer values to 100
 // characters to avoid excessively long log messages.
-func getReferences(logCtx *log.Entry, commitMessageBody string) []RevisionReference {
+//
+// We also return the commit message body with all valid Argocd-reference-commit-* trailers removed.
+func GetReferences(logCtx *log.Entry, commitMessageBody string) ([]RevisionReference, string) {
+	unrelatedLines := strings.Builder{}
 	var relatedCommit CommitMetadata
 	scanner := bufio.NewScanner(strings.NewReader(commitMessageBody))
 	for scanner.Scan() {
 		line := scanner.Text()
-		if !strings.HasPrefix(line, "Argocd-reference-commit-") {
-			continue
-		}
-		parts := strings.SplitN(line, ": ", 2)
-		if len(parts) != 2 {
-			continue
-		}
-		trailerKey := parts[0]
-		trailerValue := parts[1]
-		switch trailerKey {
-		case "Argocd-reference-commit-repourl":
-			_, err := url.Parse(trailerValue)
-			if err != nil {
-				logCtx.Errorf("failed to parse repo URL %q: %v", truncate(trailerValue), err)
-				continue
-			}
-			relatedCommit.RepoURL = trailerValue
-		case "Argocd-reference-commit-author":
-			address, err := mail.ParseAddress(trailerValue)
-			if err != nil || address == nil {
-				logCtx.Errorf("failed to parse author email %q: %v", truncate(trailerValue), err)
-				continue
-			}
-			relatedCommit.Author = *address
-		case "Argocd-reference-commit-date":
-			// Validate that it's the correct date format.
-			t, err := time.Parse(time.RFC3339, trailerValue)
-			if err != nil {
-				logCtx.Errorf("failed to parse date %q with RFC3339 format: %v", truncate(trailerValue), err)
-				continue
-			}
-			relatedCommit.Date = t.Format(time.RFC3339)
-		case "Argocd-reference-commit-subject":
-			relatedCommit.Subject = trailerValue
-		case "Argocd-reference-commit-body":
-			body := ""
-			err := json.Unmarshal([]byte(trailerValue), &body)
-			if err != nil {
-				logCtx.Errorf("failed to parse body %q as JSON: %v", truncate(trailerValue), err)
-				continue
-			}
-			relatedCommit.Body = body
-		case "Argocd-reference-commit-sha":
-			if !shaRegex.MatchString(trailerValue) {
-				logCtx.Errorf("invalid commit SHA %q in trailer %s: must be a lowercase hex string 5-40 characters long", truncate(trailerValue), trailerKey)
-				continue
-			}
-			relatedCommit.SHA = trailerValue
+		updated := updateCommitMetadata(logCtx, &relatedCommit, line)
+		if !updated {
+			unrelatedLines.WriteString(line + "\n")
 		}
 	}
 	var relatedCommits []RevisionReference
@@ -883,7 +841,64 @@ func getReferences(logCtx *log.Entry, commitMessageBody string) []RevisionRefere
 			Commit: &relatedCommit,
 		})
 	}
-	return relatedCommits
+	return relatedCommits, unrelatedLines.String()
+}
+
+// updateCommitMetadata checks if the line is a valid Argocd-reference-commit-* trailer. If so, it updates
+// the relatedCommit object and returns true. If the line is not a valid trailer, it returns false.
+func updateCommitMetadata(logCtx *log.Entry, relatedCommit *CommitMetadata, line string) bool {
+	if !strings.HasPrefix(line, "Argocd-reference-commit-") {
+		return false
+	}
+	parts := strings.SplitN(line, ": ", 2)
+	if len(parts) != 2 {
+		return false
+	}
+	trailerKey := parts[0]
+	trailerValue := parts[1]
+	switch trailerKey {
+	case "Argocd-reference-commit-repourl":
+		_, err := url.Parse(trailerValue)
+		if err != nil {
+			logCtx.Errorf("failed to parse repo URL %q: %v", truncate(trailerValue), err)
+			return false
+		}
+		relatedCommit.RepoURL = trailerValue
+	case "Argocd-reference-commit-author":
+		address, err := mail.ParseAddress(trailerValue)
+		if err != nil || address == nil {
+			logCtx.Errorf("failed to parse author email %q: %v", truncate(trailerValue), err)
+			return false
+		}
+		relatedCommit.Author = *address
+	case "Argocd-reference-commit-date":
+		// Validate that it's the correct date format.
+		t, err := time.Parse(time.RFC3339, trailerValue)
+		if err != nil {
+			logCtx.Errorf("failed to parse date %q with RFC3339 format: %v", truncate(trailerValue), err)
+			return false
+		}
+		relatedCommit.Date = t.Format(time.RFC3339)
+	case "Argocd-reference-commit-subject":
+		relatedCommit.Subject = trailerValue
+	case "Argocd-reference-commit-body":
+		body := ""
+		err := json.Unmarshal([]byte(trailerValue), &body)
+		if err != nil {
+			logCtx.Errorf("failed to parse body %q as JSON: %v", truncate(trailerValue), err)
+			return false
+		}
+		relatedCommit.Body = body
+	case "Argocd-reference-commit-sha":
+		if !shaRegex.MatchString(trailerValue) {
+			logCtx.Errorf("invalid commit SHA %q in trailer %s: must be a lowercase hex string 5-40 characters long", truncate(trailerValue), trailerKey)
+			return false
+		}
+		relatedCommit.SHA = trailerValue
+	default:
+		return false
+	}
+	return true
 }
 
 // VerifyCommitSignature Runs verify-commit on a given revision and returns the output
diff --git a/util/git/client_test.go b/util/git/client_test.go
index daf86f1934b37..14bb5df1486d7 100644
--- a/util/git/client_test.go
+++ b/util/git/client_test.go
@@ -1103,20 +1103,22 @@ func (m *mockCreds) GetUserInfo(_ context.Context) (string, string, error) {
 	return "", "", nil
 }
 
-func Test_getReferences(t *testing.T) {
+func Test_GetReferences(t *testing.T) {
 	t.Parallel()
 
 	now := time.Now()
 
 	tests := []struct {
-		name     string
-		input    string
-		expected []RevisionReference
+		name               string
+		input              string
+		expectedReferences []RevisionReference
+		expectedMessage    string
 	}{
 		{
-			name:     "No trailers",
-			input:    "This is a commit message without trailers.",
-			expected: nil,
+			name:               "No trailers",
+			input:              "This is a commit message without trailers.",
+			expectedReferences: nil,
+			expectedMessage:    "This is a commit message without trailers.\n",
 		},
 		{
 			name: "Invalid trailers",
@@ -1126,25 +1128,36 @@ Argocd-reference-commit-sha: xyz123
 Argocd-reference-commit-body: this isn't json
 Argocd-reference-commit-author: % not email %
 Argocd-reference-commit-bogus:`,
-			expected: nil,
+			expectedReferences: nil,
+			expectedMessage: `Argocd-reference-commit-repourl: % invalid %
+Argocd-reference-commit-date: invalid-date
+Argocd-reference-commit-sha: xyz123
+Argocd-reference-commit-body: this isn't json
+Argocd-reference-commit-author: % not email %
+Argocd-reference-commit-bogus:
+`,
 		},
 		{
-			name:     "Unknown trailers",
-			input:    "Argocd-reference-commit-unknown: foobar",
-			expected: nil,
+			name:               "Unknown trailers",
+			input:              "Argocd-reference-commit-unknown: foobar",
+			expectedReferences: nil,
+			expectedMessage:    "Argocd-reference-commit-unknown: foobar\n",
 		},
 		{
 			name: "Some valid and Invalid trailers",
 			input: `Argocd-reference-commit-sha: abc123
 Argocd-reference-commit-repourl: % invalid %
 Argocd-reference-commit-date: invalid-date`,
-			expected: []RevisionReference{
+			expectedReferences: []RevisionReference{
 				{
 					Commit: &CommitMetadata{
 						SHA: "abc123",
 					},
 				},
 			},
+			expectedMessage: `Argocd-reference-commit-repourl: % invalid %
+Argocd-reference-commit-date: invalid-date
+`,
 		},
 		{
 			name: "Valid trailers",
@@ -1154,7 +1167,7 @@ Argocd-reference-commit-date: %s
 Argocd-reference-commit-subject: Fix bug
 Argocd-reference-commit-body: "Fix bug\n\nSome: trailer"
 Argocd-reference-commit-sha: abc123`, now.Format(time.RFC3339)),
-			expected: []RevisionReference{
+			expectedReferences: []RevisionReference{
 				{
 					Commit: &CommitMetadata{
 						Author: mail.Address{
@@ -1169,18 +1182,20 @@ Argocd-reference-commit-sha: abc123`, now.Format(time.RFC3339)),
 					},
 				},
 			},
+			expectedMessage: "",
 		},
 		{
 			name: "Duplicate trailers",
 			input: `Argocd-reference-commit-repourl: https://github.com/org/repo.git
 Argocd-reference-commit-repourl: https://github.com/another/repo.git`,
-			expected: []RevisionReference{
+			expectedReferences: []RevisionReference{
 				{
 					Commit: &CommitMetadata{
 						RepoURL: "https://github.com/another/repo.git",
 					},
 				},
 			},
+			expectedMessage: "",
 		},
 	}
 
@@ -1189,8 +1204,9 @@ Argocd-reference-commit-repourl: https://github.com/another/repo.git`,
 			t.Parallel()
 
 			logCtx := log.WithFields(log.Fields{})
-			result := getReferences(logCtx, tt.input)
-			assert.Equal(t, tt.expected, result)
+			result, message := GetReferences(logCtx, tt.input)
+			assert.Equal(t, tt.expectedReferences, result)
+			assert.Equal(t, tt.expectedMessage, message)
 		})
 	}
 }

From 3f2439a25ced7bed4f1b6744a79bb5949a4371d7 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 1 Jul 2025 12:33:04 -0400
Subject: [PATCH 075/383] fix(hydrator): normalize repo URL when grouping
 (#23564) (#23565)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .mockery.yaml                             |   3 +
 controller/appcontroller.go               |   5 +-
 controller/hydrator/hydrator.go           |  67 +++-
 controller/hydrator/hydrator_test.go      |  66 +++
 controller/hydrator/mocks/Dependencies.go | 464 ++++++++++++++++++++++
 controller/hydrator/types/types.go        |  11 +
 controller/hydrator_dependencies.go       |   4 +-
 util/git/git.go                           |   2 +-
 8 files changed, 601 insertions(+), 21 deletions(-)
 create mode 100644 controller/hydrator/mocks/Dependencies.go
 create mode 100644 controller/hydrator/types/types.go

diff --git a/.mockery.yaml b/.mockery.yaml
index 5a25211e49be0..09aff4037c873 100644
--- a/.mockery.yaml
+++ b/.mockery.yaml
@@ -32,6 +32,9 @@ packages:
   github.com/argoproj/argo-cd/v3/controller/cache:
     interfaces:
       LiveStateCache: {}
+  github.com/argoproj/argo-cd/v3/controller/hydrator:
+    interfaces:
+      Dependencies: {}
   github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster:
     interfaces:
       ClusterServiceServer: {}
diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index b0f9c02618f3f..a53281861c28a 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -47,6 +47,7 @@ import (
 	"github.com/argoproj/argo-cd/v3/common"
 	statecache "github.com/argoproj/argo-cd/v3/controller/cache"
 	"github.com/argoproj/argo-cd/v3/controller/hydrator"
+	hydratortypes "github.com/argoproj/argo-cd/v3/controller/hydrator/types"
 	"github.com/argoproj/argo-cd/v3/controller/metrics"
 	"github.com/argoproj/argo-cd/v3/controller/sharding"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application"
@@ -115,7 +116,7 @@ type ApplicationController struct {
 	appOperationQueue             workqueue.TypedRateLimitingInterface[string]
 	projectRefreshQueue           workqueue.TypedRateLimitingInterface[string]
 	appHydrateQueue               workqueue.TypedRateLimitingInterface[string]
-	hydrationQueue                workqueue.TypedRateLimitingInterface[hydrator.HydrationQueueKey]
+	hydrationQueue                workqueue.TypedRateLimitingInterface[hydratortypes.HydrationQueueKey]
 	appInformer                   cache.SharedIndexInformer
 	appLister                     applisters.ApplicationLister
 	projInformer                  cache.SharedIndexInformer
@@ -198,7 +199,7 @@ func NewApplicationController(
 		projectRefreshQueue:               workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "project_reconciliation_queue"}),
 		appComparisonTypeRefreshQueue:     workqueue.NewTypedRateLimitingQueue(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig)),
 		appHydrateQueue:                   workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[string](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[string]{Name: "app_hydration_queue"}),
-		hydrationQueue:                    workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[hydrator.HydrationQueueKey](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[hydrator.HydrationQueueKey]{Name: "manifest_hydration_queue"}),
+		hydrationQueue:                    workqueue.NewTypedRateLimitingQueueWithConfig(ratelimiter.NewCustomAppControllerRateLimiter[hydratortypes.HydrationQueueKey](rateLimiterConfig), workqueue.TypedRateLimitingQueueConfig[hydratortypes.HydrationQueueKey]{Name: "manifest_hydration_queue"}),
 		db:                                db,
 		statusRefreshTimeout:              appResyncPeriod,
 		statusHardRefreshTimeout:          appHardResyncPeriod,
diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go
index 7bf1db289355a..8c64d6f915fd5 100644
--- a/controller/hydrator/hydrator.go
+++ b/controller/hydrator/hydrator.go
@@ -11,12 +11,16 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	commitclient "github.com/argoproj/argo-cd/v3/commitserver/apiclient"
+	"github.com/argoproj/argo-cd/v3/controller/hydrator/types"
 	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
 	applog "github.com/argoproj/argo-cd/v3/util/app/log"
+	"github.com/argoproj/argo-cd/v3/util/git"
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 )
 
+// RepoGetter is an interface that defines methods for getting repository objects. It's a subset of the DB interface to
+// avoid granting access to things we don't need.
 type RepoGetter interface {
 	// GetRepository returns a repository by its URL and project name.
 	GetRepository(ctx context.Context, repoURL, project string) (*appv1.Repository, error)
@@ -28,16 +32,37 @@ type RepoGetter interface {
 type Dependencies interface {
 	// TODO: determine if we actually need to get the app, or if all the stuff we need the app for is done already on
 	//       the app controller side.
+
+	// GetProcessableAppProj returns the AppProject for the given application. It should only return projects that are
+	// processable by the controller, meaning that the project is not deleted and the application is in a namespace
+	// permitted by the project.
 	GetProcessableAppProj(app *appv1.Application) (*appv1.AppProject, error)
+
+	// GetProcessableApps returns a list of applications that are processable by the controller.
 	GetProcessableApps() (*appv1.ApplicationList, error)
+
+	// GetRepoObjs returns the repository objects for the given application, source, and revision. It calls the repo-
+	// server and gets the manifests (objects).
 	GetRepoObjs(app *appv1.Application, source appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)
+
+	// GetWriteCredentials returns the repository credentials for the given repository URL and project. These are to be
+	// sent to the commit server to write the hydrated manifests.
 	GetWriteCredentials(ctx context.Context, repoURL string, project string) (*appv1.Repository, error)
+
+	// RequestAppRefresh requests a refresh of the application with the given name and namespace. This is used to
+	// trigger a refresh after the application has been hydrated and a new commit has been pushed.
 	RequestAppRefresh(appName string, appNamespace string) error
-	// TODO: only allow access to the hydrator status
+
+	// PersistAppHydratorStatus persists the application status for the source hydrator.
 	PersistAppHydratorStatus(orig *appv1.Application, newStatus *appv1.SourceHydratorStatus)
-	AddHydrationQueueItem(key HydrationQueueKey)
+
+	// AddHydrationQueueItem adds a hydration queue item to the queue. This is used to trigger the hydration process for
+	// a group of applications which are hydrating to the same repo and target branch.
+	AddHydrationQueueItem(key types.HydrationQueueKey)
 }
 
+// Hydrator is the main struct that implements the hydration logic. It uses the Dependencies interface to access the
+// app controller's functionality without directly depending on it.
 type Hydrator struct {
 	dependencies         Dependencies
 	statusRefreshTimeout time.Duration
@@ -46,6 +71,9 @@ type Hydrator struct {
 	repoGetter           RepoGetter
 }
 
+// NewHydrator creates a new Hydrator instance with the given dependencies, status refresh timeout, commit clientset,
+// repo clientset, and repo getter. The refresh timeout determines how often the hydrator checks if an application
+// needs to be hydrated.
 func NewHydrator(dependencies Dependencies, statusRefreshTimeout time.Duration, commitClientset commitclient.Clientset, repoClientset apiclient.Clientset, repoGetter RepoGetter) *Hydrator {
 	return &Hydrator{
 		dependencies:         dependencies,
@@ -56,6 +84,12 @@ func NewHydrator(dependencies Dependencies, statusRefreshTimeout time.Duration,
 	}
 }
 
+// ProcessAppHydrateQueueItem processes an application hydrate queue item. It checks if the application needs hydration
+// and if so, it updates the application's status to indicate that hydration is in progress. It then adds the
+// hydration queue item to the queue for further processing.
+//
+// It's likely that multiple applications will trigger hydration at the same time. The hydration queue key is meant to
+// dedupe these requests.
 func (h *Hydrator) ProcessAppHydrateQueueItem(origApp *appv1.Application) {
 	origApp = origApp.DeepCopy()
 	app := origApp.DeepCopy()
@@ -89,27 +123,24 @@ func (h *Hydrator) ProcessAppHydrateQueueItem(origApp *appv1.Application) {
 	logCtx.Debug("Successfully processed app hydrate queue item")
 }
 
-func getHydrationQueueKey(app *appv1.Application) HydrationQueueKey {
+func getHydrationQueueKey(app *appv1.Application) types.HydrationQueueKey {
 	destinationBranch := app.Spec.SourceHydrator.SyncSource.TargetBranch
 	if app.Spec.SourceHydrator.HydrateTo != nil {
 		destinationBranch = app.Spec.SourceHydrator.HydrateTo.TargetBranch
 	}
-	key := HydrationQueueKey{
-		SourceRepoURL:        app.Spec.SourceHydrator.DrySource.RepoURL,
+	key := types.HydrationQueueKey{
+		SourceRepoURL:        git.NormalizeGitURLAllowInvalid(app.Spec.SourceHydrator.DrySource.RepoURL),
 		SourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
 		DestinationBranch:    destinationBranch,
 	}
 	return key
 }
 
-type HydrationQueueKey struct {
-	SourceRepoURL        string
-	SourceTargetRevision string
-	DestinationBranch    string
-}
-
 // uniqueHydrationDestination is used to detect duplicate hydrate destinations.
 type uniqueHydrationDestination struct {
+	// sourceRepoURL must be normalized with git.NormalizeGitURL to ensure that two apps with different URL formats
+	// don't end up in two different hydration queue items. Failing to normalize would result in one hydrated commit for
+	// each unique URL.
 	//nolint:unused // used as part of a map key
 	sourceRepoURL string
 	//nolint:unused // used as part of a map key
@@ -120,7 +151,11 @@ type uniqueHydrationDestination struct {
 	destinationPath string
 }
 
-func (h *Hydrator) ProcessHydrationQueueItem(hydrationKey HydrationQueueKey) (processNext bool) {
+// ProcessHydrationQueueItem processes a hydration queue item. It retrieves the relevant applications for the given
+// hydration key, hydrates their latest commit, and updates their status accordingly. If the hydration fails, it marks
+// the operation as failed and logs the error. If successful, it updates the operation to indicate that hydration was
+// successful and requests a refresh of the applications to pick up the new hydrated commit.
+func (h *Hydrator) ProcessHydrationQueueItem(hydrationKey types.HydrationQueueKey) (processNext bool) {
 	logCtx := log.WithFields(log.Fields{
 		"sourceRepoURL":        hydrationKey.SourceRepoURL,
 		"sourceTargetRevision": hydrationKey.SourceTargetRevision,
@@ -177,7 +212,7 @@ func (h *Hydrator) ProcessHydrationQueueItem(hydrationKey HydrationQueueKey) (pr
 	return
 }
 
-func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey HydrationQueueKey) ([]*appv1.Application, string, string, error) {
+func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey types.HydrationQueueKey) ([]*appv1.Application, string, string, error) {
 	relevantApps, err := h.getRelevantAppsForHydration(logCtx, hydrationKey)
 	if err != nil {
 		return nil, "", "", fmt.Errorf("failed to get relevant apps for hydration: %w", err)
@@ -191,7 +226,7 @@ func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey Hydra
 	return relevantApps, dryRevision, hydratedRevision, nil
 }
 
-func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey HydrationQueueKey) ([]*appv1.Application, error) {
+func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey types.HydrationQueueKey) ([]*appv1.Application, error) {
 	// Get all apps
 	apps, err := h.dependencies.GetProcessableApps()
 	if err != nil {
@@ -205,7 +240,7 @@ func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey H
 			continue
 		}
 
-		if app.Spec.SourceHydrator.DrySource.RepoURL != hydrationKey.SourceRepoURL ||
+		if !git.SameURL(app.Spec.SourceHydrator.DrySource.RepoURL, hydrationKey.SourceRepoURL) ||
 			app.Spec.SourceHydrator.DrySource.TargetRevision != hydrationKey.SourceTargetRevision {
 			continue
 		}
@@ -230,7 +265,7 @@ func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey H
 		}
 
 		uniqueDestinationKey := uniqueHydrationDestination{
-			sourceRepoURL:        app.Spec.SourceHydrator.DrySource.RepoURL,
+			sourceRepoURL:        git.NormalizeGitURLAllowInvalid(app.Spec.SourceHydrator.DrySource.RepoURL),
 			sourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
 			destinationBranch:    destinationBranch,
 			destinationPath:      app.Spec.SourceHydrator.SyncSource.Path,
diff --git a/controller/hydrator/hydrator_test.go b/controller/hydrator/hydrator_test.go
index e0b7cfee79586..d826eb7196c2c 100644
--- a/controller/hydrator/hydrator_test.go
+++ b/controller/hydrator/hydrator_test.go
@@ -4,9 +4,14 @@ import (
 	"testing"
 	"time"
 
+	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/argoproj/argo-cd/v3/controller/hydrator/mocks"
+	"github.com/argoproj/argo-cd/v3/controller/hydrator/types"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )
 
@@ -101,3 +106,64 @@ func Test_appNeedsHydration(t *testing.T) {
 		})
 	}
 }
+
+func Test_getRelevantAppsForHydration_RepoURLNormalization(t *testing.T) {
+	t.Parallel()
+
+	d := mocks.NewDependencies(t)
+	d.On("GetProcessableApps").Return(&v1alpha1.ApplicationList{
+		Items: []v1alpha1.Application{
+			{
+				Spec: v1alpha1.ApplicationSpec{
+					Project: "project",
+					SourceHydrator: &v1alpha1.SourceHydrator{
+						DrySource: v1alpha1.DrySource{
+							RepoURL:        "https://example.com/repo.git",
+							TargetRevision: "main",
+							Path:           "app1",
+						},
+						SyncSource: v1alpha1.SyncSource{
+							TargetBranch: "main",
+							Path:         "app1",
+						},
+					},
+				},
+			},
+			{
+				Spec: v1alpha1.ApplicationSpec{
+					Project: "project",
+					SourceHydrator: &v1alpha1.SourceHydrator{
+						DrySource: v1alpha1.DrySource{
+							RepoURL:        "https://example.com/repo",
+							TargetRevision: "main",
+							Path:           "app2",
+						},
+						SyncSource: v1alpha1.SyncSource{
+							TargetBranch: "main",
+							Path:         "app2",
+						},
+					},
+				},
+			},
+		},
+	}, nil)
+	d.On("GetProcessableAppProj", mock.Anything).Return(&v1alpha1.AppProject{
+		Spec: v1alpha1.AppProjectSpec{
+			SourceRepos: []string{"https://example.com/*"},
+		},
+	}, nil)
+
+	hydrator := &Hydrator{dependencies: d}
+
+	hydrationKey := types.HydrationQueueKey{
+		SourceRepoURL:        "https://example.com/repo",
+		SourceTargetRevision: "main",
+		DestinationBranch:    "main",
+	}
+
+	logCtx := log.WithField("test", "RepoURLNormalization")
+	relevantApps, err := hydrator.getRelevantAppsForHydration(logCtx, hydrationKey)
+
+	require.NoError(t, err)
+	assert.Len(t, relevantApps, 2, "Expected both apps to be considered relevant despite URL differences")
+}
diff --git a/controller/hydrator/mocks/Dependencies.go b/controller/hydrator/mocks/Dependencies.go
new file mode 100644
index 0000000000000..1e6b0aab2dc79
--- /dev/null
+++ b/controller/hydrator/mocks/Dependencies.go
@@ -0,0 +1,464 @@
+// Code generated by mockery; DO NOT EDIT.
+// github.com/vektra/mockery
+// template: testify
+
+package mocks
+
+import (
+	"context"
+
+	"github.com/argoproj/argo-cd/v3/controller/hydrator/types"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
+	mock "github.com/stretchr/testify/mock"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+// NewDependencies creates a new instance of Dependencies. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewDependencies(t interface {
+	mock.TestingT
+	Cleanup(func())
+}) *Dependencies {
+	mock := &Dependencies{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
+
+// Dependencies is an autogenerated mock type for the Dependencies type
+type Dependencies struct {
+	mock.Mock
+}
+
+type Dependencies_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *Dependencies) EXPECT() *Dependencies_Expecter {
+	return &Dependencies_Expecter{mock: &_m.Mock}
+}
+
+// AddHydrationQueueItem provides a mock function for the type Dependencies
+func (_mock *Dependencies) AddHydrationQueueItem(key types.HydrationQueueKey) {
+	_mock.Called(key)
+	return
+}
+
+// Dependencies_AddHydrationQueueItem_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AddHydrationQueueItem'
+type Dependencies_AddHydrationQueueItem_Call struct {
+	*mock.Call
+}
+
+// AddHydrationQueueItem is a helper method to define mock.On call
+//   - key types.HydrationQueueKey
+func (_e *Dependencies_Expecter) AddHydrationQueueItem(key interface{}) *Dependencies_AddHydrationQueueItem_Call {
+	return &Dependencies_AddHydrationQueueItem_Call{Call: _e.mock.On("AddHydrationQueueItem", key)}
+}
+
+func (_c *Dependencies_AddHydrationQueueItem_Call) Run(run func(key types.HydrationQueueKey)) *Dependencies_AddHydrationQueueItem_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 types.HydrationQueueKey
+		if args[0] != nil {
+			arg0 = args[0].(types.HydrationQueueKey)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *Dependencies_AddHydrationQueueItem_Call) Return() *Dependencies_AddHydrationQueueItem_Call {
+	_c.Call.Return()
+	return _c
+}
+
+func (_c *Dependencies_AddHydrationQueueItem_Call) RunAndReturn(run func(key types.HydrationQueueKey)) *Dependencies_AddHydrationQueueItem_Call {
+	_c.Run(run)
+	return _c
+}
+
+// GetProcessableAppProj provides a mock function for the type Dependencies
+func (_mock *Dependencies) GetProcessableAppProj(app *v1alpha1.Application) (*v1alpha1.AppProject, error) {
+	ret := _mock.Called(app)
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetProcessableAppProj")
+	}
+
+	var r0 *v1alpha1.AppProject
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Application) (*v1alpha1.AppProject, error)); ok {
+		return returnFunc(app)
+	}
+	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Application) *v1alpha1.AppProject); ok {
+		r0 = returnFunc(app)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*v1alpha1.AppProject)
+		}
+	}
+	if returnFunc, ok := ret.Get(1).(func(*v1alpha1.Application) error); ok {
+		r1 = returnFunc(app)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Dependencies_GetProcessableAppProj_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetProcessableAppProj'
+type Dependencies_GetProcessableAppProj_Call struct {
+	*mock.Call
+}
+
+// GetProcessableAppProj is a helper method to define mock.On call
+//   - app *v1alpha1.Application
+func (_e *Dependencies_Expecter) GetProcessableAppProj(app interface{}) *Dependencies_GetProcessableAppProj_Call {
+	return &Dependencies_GetProcessableAppProj_Call{Call: _e.mock.On("GetProcessableAppProj", app)}
+}
+
+func (_c *Dependencies_GetProcessableAppProj_Call) Run(run func(app *v1alpha1.Application)) *Dependencies_GetProcessableAppProj_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 *v1alpha1.Application
+		if args[0] != nil {
+			arg0 = args[0].(*v1alpha1.Application)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *Dependencies_GetProcessableAppProj_Call) Return(appProject *v1alpha1.AppProject, err error) *Dependencies_GetProcessableAppProj_Call {
+	_c.Call.Return(appProject, err)
+	return _c
+}
+
+func (_c *Dependencies_GetProcessableAppProj_Call) RunAndReturn(run func(app *v1alpha1.Application) (*v1alpha1.AppProject, error)) *Dependencies_GetProcessableAppProj_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// GetProcessableApps provides a mock function for the type Dependencies
+func (_mock *Dependencies) GetProcessableApps() (*v1alpha1.ApplicationList, error) {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetProcessableApps")
+	}
+
+	var r0 *v1alpha1.ApplicationList
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func() (*v1alpha1.ApplicationList, error)); ok {
+		return returnFunc()
+	}
+	if returnFunc, ok := ret.Get(0).(func() *v1alpha1.ApplicationList); ok {
+		r0 = returnFunc()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*v1alpha1.ApplicationList)
+		}
+	}
+	if returnFunc, ok := ret.Get(1).(func() error); ok {
+		r1 = returnFunc()
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Dependencies_GetProcessableApps_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetProcessableApps'
+type Dependencies_GetProcessableApps_Call struct {
+	*mock.Call
+}
+
+// GetProcessableApps is a helper method to define mock.On call
+func (_e *Dependencies_Expecter) GetProcessableApps() *Dependencies_GetProcessableApps_Call {
+	return &Dependencies_GetProcessableApps_Call{Call: _e.mock.On("GetProcessableApps")}
+}
+
+func (_c *Dependencies_GetProcessableApps_Call) Run(run func()) *Dependencies_GetProcessableApps_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *Dependencies_GetProcessableApps_Call) Return(applicationList *v1alpha1.ApplicationList, err error) *Dependencies_GetProcessableApps_Call {
+	_c.Call.Return(applicationList, err)
+	return _c
+}
+
+func (_c *Dependencies_GetProcessableApps_Call) RunAndReturn(run func() (*v1alpha1.ApplicationList, error)) *Dependencies_GetProcessableApps_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// GetRepoObjs provides a mock function for the type Dependencies
+func (_mock *Dependencies) GetRepoObjs(app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) {
+	ret := _mock.Called(app, source, revision, project)
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetRepoObjs")
+	}
+
+	var r0 []*unstructured.Unstructured
+	var r1 *apiclient.ManifestResponse
+	var r2 error
+	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)); ok {
+		return returnFunc(app, source, revision, project)
+	}
+	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) []*unstructured.Unstructured); ok {
+		r0 = returnFunc(app, source, revision, project)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).([]*unstructured.Unstructured)
+		}
+	}
+	if returnFunc, ok := ret.Get(1).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) *apiclient.ManifestResponse); ok {
+		r1 = returnFunc(app, source, revision, project)
+	} else {
+		if ret.Get(1) != nil {
+			r1 = ret.Get(1).(*apiclient.ManifestResponse)
+		}
+	}
+	if returnFunc, ok := ret.Get(2).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) error); ok {
+		r2 = returnFunc(app, source, revision, project)
+	} else {
+		r2 = ret.Error(2)
+	}
+	return r0, r1, r2
+}
+
+// Dependencies_GetRepoObjs_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetRepoObjs'
+type Dependencies_GetRepoObjs_Call struct {
+	*mock.Call
+}
+
+// GetRepoObjs is a helper method to define mock.On call
+//   - app *v1alpha1.Application
+//   - source v1alpha1.ApplicationSource
+//   - revision string
+//   - project *v1alpha1.AppProject
+func (_e *Dependencies_Expecter) GetRepoObjs(app interface{}, source interface{}, revision interface{}, project interface{}) *Dependencies_GetRepoObjs_Call {
+	return &Dependencies_GetRepoObjs_Call{Call: _e.mock.On("GetRepoObjs", app, source, revision, project)}
+}
+
+func (_c *Dependencies_GetRepoObjs_Call) Run(run func(app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject)) *Dependencies_GetRepoObjs_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 *v1alpha1.Application
+		if args[0] != nil {
+			arg0 = args[0].(*v1alpha1.Application)
+		}
+		var arg1 v1alpha1.ApplicationSource
+		if args[1] != nil {
+			arg1 = args[1].(v1alpha1.ApplicationSource)
+		}
+		var arg2 string
+		if args[2] != nil {
+			arg2 = args[2].(string)
+		}
+		var arg3 *v1alpha1.AppProject
+		if args[3] != nil {
+			arg3 = args[3].(*v1alpha1.AppProject)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+			arg3,
+		)
+	})
+	return _c
+}
+
+func (_c *Dependencies_GetRepoObjs_Call) Return(unstructureds []*unstructured.Unstructured, manifestResponse *apiclient.ManifestResponse, err error) *Dependencies_GetRepoObjs_Call {
+	_c.Call.Return(unstructureds, manifestResponse, err)
+	return _c
+}
+
+func (_c *Dependencies_GetRepoObjs_Call) RunAndReturn(run func(app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)) *Dependencies_GetRepoObjs_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// GetWriteCredentials provides a mock function for the type Dependencies
+func (_mock *Dependencies) GetWriteCredentials(ctx context.Context, repoURL string, project string) (*v1alpha1.Repository, error) {
+	ret := _mock.Called(ctx, repoURL, project)
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetWriteCredentials")
+	}
+
+	var r0 *v1alpha1.Repository
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) (*v1alpha1.Repository, error)); ok {
+		return returnFunc(ctx, repoURL, project)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, string) *v1alpha1.Repository); ok {
+		r0 = returnFunc(ctx, repoURL, project)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*v1alpha1.Repository)
+		}
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context, string, string) error); ok {
+		r1 = returnFunc(ctx, repoURL, project)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Dependencies_GetWriteCredentials_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetWriteCredentials'
+type Dependencies_GetWriteCredentials_Call struct {
+	*mock.Call
+}
+
+// GetWriteCredentials is a helper method to define mock.On call
+//   - ctx context.Context
+//   - repoURL string
+//   - project string
+func (_e *Dependencies_Expecter) GetWriteCredentials(ctx interface{}, repoURL interface{}, project interface{}) *Dependencies_GetWriteCredentials_Call {
+	return &Dependencies_GetWriteCredentials_Call{Call: _e.mock.On("GetWriteCredentials", ctx, repoURL, project)}
+}
+
+func (_c *Dependencies_GetWriteCredentials_Call) Run(run func(ctx context.Context, repoURL string, project string)) *Dependencies_GetWriteCredentials_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 string
+		if args[2] != nil {
+			arg2 = args[2].(string)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+		)
+	})
+	return _c
+}
+
+func (_c *Dependencies_GetWriteCredentials_Call) Return(repository *v1alpha1.Repository, err error) *Dependencies_GetWriteCredentials_Call {
+	_c.Call.Return(repository, err)
+	return _c
+}
+
+func (_c *Dependencies_GetWriteCredentials_Call) RunAndReturn(run func(ctx context.Context, repoURL string, project string) (*v1alpha1.Repository, error)) *Dependencies_GetWriteCredentials_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// PersistAppHydratorStatus provides a mock function for the type Dependencies
+func (_mock *Dependencies) PersistAppHydratorStatus(orig *v1alpha1.Application, newStatus *v1alpha1.SourceHydratorStatus) {
+	_mock.Called(orig, newStatus)
+	return
+}
+
+// Dependencies_PersistAppHydratorStatus_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'PersistAppHydratorStatus'
+type Dependencies_PersistAppHydratorStatus_Call struct {
+	*mock.Call
+}
+
+// PersistAppHydratorStatus is a helper method to define mock.On call
+//   - orig *v1alpha1.Application
+//   - newStatus *v1alpha1.SourceHydratorStatus
+func (_e *Dependencies_Expecter) PersistAppHydratorStatus(orig interface{}, newStatus interface{}) *Dependencies_PersistAppHydratorStatus_Call {
+	return &Dependencies_PersistAppHydratorStatus_Call{Call: _e.mock.On("PersistAppHydratorStatus", orig, newStatus)}
+}
+
+func (_c *Dependencies_PersistAppHydratorStatus_Call) Run(run func(orig *v1alpha1.Application, newStatus *v1alpha1.SourceHydratorStatus)) *Dependencies_PersistAppHydratorStatus_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 *v1alpha1.Application
+		if args[0] != nil {
+			arg0 = args[0].(*v1alpha1.Application)
+		}
+		var arg1 *v1alpha1.SourceHydratorStatus
+		if args[1] != nil {
+			arg1 = args[1].(*v1alpha1.SourceHydratorStatus)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *Dependencies_PersistAppHydratorStatus_Call) Return() *Dependencies_PersistAppHydratorStatus_Call {
+	_c.Call.Return()
+	return _c
+}
+
+func (_c *Dependencies_PersistAppHydratorStatus_Call) RunAndReturn(run func(orig *v1alpha1.Application, newStatus *v1alpha1.SourceHydratorStatus)) *Dependencies_PersistAppHydratorStatus_Call {
+	_c.Run(run)
+	return _c
+}
+
+// RequestAppRefresh provides a mock function for the type Dependencies
+func (_mock *Dependencies) RequestAppRefresh(appName string, appNamespace string) error {
+	ret := _mock.Called(appName, appNamespace)
+
+	if len(ret) == 0 {
+		panic("no return value specified for RequestAppRefresh")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(string, string) error); ok {
+		r0 = returnFunc(appName, appNamespace)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// Dependencies_RequestAppRefresh_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RequestAppRefresh'
+type Dependencies_RequestAppRefresh_Call struct {
+	*mock.Call
+}
+
+// RequestAppRefresh is a helper method to define mock.On call
+//   - appName string
+//   - appNamespace string
+func (_e *Dependencies_Expecter) RequestAppRefresh(appName interface{}, appNamespace interface{}) *Dependencies_RequestAppRefresh_Call {
+	return &Dependencies_RequestAppRefresh_Call{Call: _e.mock.On("RequestAppRefresh", appName, appNamespace)}
+}
+
+func (_c *Dependencies_RequestAppRefresh_Call) Run(run func(appName string, appNamespace string)) *Dependencies_RequestAppRefresh_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *Dependencies_RequestAppRefresh_Call) Return(err error) *Dependencies_RequestAppRefresh_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *Dependencies_RequestAppRefresh_Call) RunAndReturn(run func(appName string, appNamespace string) error) *Dependencies_RequestAppRefresh_Call {
+	_c.Call.Return(run)
+	return _c
+}
diff --git a/controller/hydrator/types/types.go b/controller/hydrator/types/types.go
new file mode 100644
index 0000000000000..a0e9f5c0ac869
--- /dev/null
+++ b/controller/hydrator/types/types.go
@@ -0,0 +1,11 @@
+package types
+
+// HydrationQueueKey is used to uniquely identify a hydration operation in the queue. If several applications request
+// hydration, but they have the same queue key, only one hydration operation will be performed.
+type HydrationQueueKey struct {
+	// SourceRepoURL must be normalized with git.NormalizeGitURL to ensure that we don't double-queue a single hydration
+	// operation because two apps have different URL formats.
+	SourceRepoURL        string
+	SourceTargetRevision string
+	DestinationBranch    string
+}
diff --git a/controller/hydrator_dependencies.go b/controller/hydrator_dependencies.go
index e846499248daa..6028e0cf7355f 100644
--- a/controller/hydrator_dependencies.go
+++ b/controller/hydrator_dependencies.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/argoproj/argo-cd/v3/controller/hydrator"
+	"github.com/argoproj/argo-cd/v3/controller/hydrator/types"
 	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
 	argoutil "github.com/argoproj/argo-cd/v3/util/argo"
@@ -85,6 +85,6 @@ func (ctrl *ApplicationController) PersistAppHydratorStatus(orig *appv1.Applicat
 	ctrl.persistAppStatus(orig, status)
 }
 
-func (ctrl *ApplicationController) AddHydrationQueueItem(key hydrator.HydrationQueueKey) {
+func (ctrl *ApplicationController) AddHydrationQueueItem(key types.HydrationQueueKey) {
 	ctrl.hydrationQueue.AddRateLimited(key)
 }
diff --git a/util/git/git.go b/util/git/git.go
index ea2f310b0f7fb..65c6ea9b17137 100644
--- a/util/git/git.go
+++ b/util/git/git.go
@@ -41,7 +41,7 @@ func SameURL(leftRepo, rightRepo string) bool {
 	return normalLeft != "" && normalRight != "" && normalLeft == normalRight
 }
 
-// Similar to NormalizeGitURL, except returning an original url if the url is invalid.
+// NormalizeGitURLAllowInvalid is similar to NormalizeGitURL, except returning an original url if the url is invalid.
 // Needed to allow a deletion of repos with invalid urls. See https://github.com/argoproj/argo-cd/issues/20921.
 func NormalizeGitURLAllowInvalid(repo string) string {
 	normalized := NormalizeGitURL(repo)

From 3b83f55a600a73eb8060331d2c2e826d08f46572 Mon Sep 17 00:00:00 2001
From: Yusuke Abe <moonset20@gmail.com>
Date: Wed, 2 Jul 2025 10:29:12 +0900
Subject: [PATCH 076/383] chore: add renovate config to update mockery (#23388)
 (#23508)

Signed-off-by: chansuke <moonset20@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/installers/install-codegen-go-tools.sh |  5 +++--
 renovate-presets/devtool.json5              | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh
index 6cc499d16f5e0..f02fb9466edeb 100755
--- a/hack/installers/install-codegen-go-tools.sh
+++ b/hack/installers/install-codegen-go-tools.sh
@@ -53,5 +53,6 @@ go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0
 # goimports is used to auto-format generated code
 go install golang.org/x/tools/cmd/goimports@v0.1.8
 
-# mockery is used to generate mock
-go install github.com/vektra/mockery/v3@v3.3.6
\ No newline at end of file
+# renovate: datasource=go packageName=github.com/vektra/mockery/v3
+MOCKERY_VERSION=3.3.6
+go install github.com/vektra/mockery/v3@v${MOCKERY_VERSION}
diff --git a/renovate-presets/devtool.json5 b/renovate-presets/devtool.json5
index 1ac93539c1a0e..ed2fe194c890a 100644
--- a/renovate-presets/devtool.json5
+++ b/renovate-presets/devtool.json5
@@ -16,10 +16,25 @@
         "go"
       ],
       "matchPackageNames": [
-        "github.com/golangci/golangci-lint"
+        "github.com/golangci/golangci-lint",
+        "github.com/vektra/mockery/v3"
       ],
       "enabled": true
     },
+    {
+      "description": "Run make mockgen after updating mockery",
+      "matchDatasources": [
+        "go"
+      ],
+      "matchPackageNames": [
+        "github.com/vektra/mockery/v3"
+      ],
+      "postUpgradeTasks": {
+        "commands": ["make mockgen"],
+        "fileFilters": ["**/*.go"],
+        "executionMode": "branch"
+      }
+    },
     {
       "description": "Enable updates from specified github releases",
       "matchDatasources": [

From 2daa865340d614b23e741b7ca23e19bd035bfd8f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 2 Jul 2025 02:10:13 +0000
Subject: [PATCH 077/383] chore(deps): update module
 github.com/vektra/mockery/v3 to v3.5.0 (#23632)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/installers/install-codegen-go-tools.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh
index f02fb9466edeb..a2041b8fbeda5 100755
--- a/hack/installers/install-codegen-go-tools.sh
+++ b/hack/installers/install-codegen-go-tools.sh
@@ -54,5 +54,5 @@ go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0
 go install golang.org/x/tools/cmd/goimports@v0.1.8
 
 # renovate: datasource=go packageName=github.com/vektra/mockery/v3
-MOCKERY_VERSION=3.3.6
+MOCKERY_VERSION=3.5.0
 go install github.com/vektra/mockery/v3@v${MOCKERY_VERSION}

From e3448029059368549819fa2def90debb9fc47ecf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 1 Jul 2025 23:49:40 -0400
Subject: [PATCH 078/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.130.1 to 0.131.0 (#23634)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eb5d547e24a38..52abdd6370a21 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.130.1
+	gitlab.com/gitlab-org/api/client-go v0.131.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index 8a9e5b473194c..a22b135e52cf1 100644
--- a/go.sum
+++ b/go.sum
@@ -903,8 +903,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.130.1 h1:1xF5C5Zq3sFeNg3PzS2z63oqrxifne3n/OnbI7nptRc=
-gitlab.com/gitlab-org/api/client-go v0.130.1/go.mod h1:ZhSxLAWadqP6J9lMh40IAZOlOxBLPRh7yFOXR/bMJWM=
+gitlab.com/gitlab-org/api/client-go v0.131.0 h1:a431AKWkrSO5dgY5o5okFjxpANhkGpzxnZrjAHRyqp8=
+gitlab.com/gitlab-org/api/client-go v0.131.0/go.mod h1:U83AmpPrAir8NH31T/BstwZcJzS/nGZptOXtGjPZrbI=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From e9d128000ef3a4729c3098cefb88a6153ca2db0a Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 2 Jul 2025 09:22:44 -0400
Subject: [PATCH 079/383] chore(ci): allow make mockgen for renovate (#23633)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 renovate.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/renovate.json b/renovate.json
index f395a491f4a76..704064c33650f 100644
--- a/renovate.json
+++ b/renovate.json
@@ -7,5 +7,6 @@
     "github>argoproj/argo-cd//renovate-presets/fix/disable-all-updates.json5",
     "github>argoproj/argo-cd//renovate-presets/devtool.json5",
     "github>argoproj/argo-cd//renovate-presets/docs.json5"
-  ]
+  ],
+  "allowedCommands": ["make mockgen"]
 }

From a1bcde710bd7cd22459b1fb45f88bcb5e658b638 Mon Sep 17 00:00:00 2001
From: Regina Voloshin <regina.voloshin@codefresh.io>
Date: Wed, 2 Jul 2025 17:37:14 +0300
Subject: [PATCH 080/383] feat: AppSet PR generator return 0 results upon repo
 not found instead of failing (#23447)

Signed-off-by: reggie-k <regina.voloshin@codefresh.io>
Signed-off-by: Regina Voloshin <regina.voloshin@codefresh.io>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Co-authored-by: dudinea <dudinea@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/generators/pull_request.go     |   12 +-
 .../generators/pull_request_test.go           |   38 +-
 .../services/pull_request/azure_devops.go     |   18 +-
 .../pull_request/azure_devops_test.go         |   34 +
 .../services/pull_request/bitbucket_cloud.go  |   11 +-
 .../pull_request/bitbucket_cloud_test.go      |   26 +
 .../services/pull_request/bitbucket_server.go |    5 +
 .../pull_request/bitbucket_server_test.go     |   26 +
 .../services/pull_request/errors.go           |   23 +
 .../services/pull_request/errors_test.go      |   48 +
 applicationset/services/pull_request/gitea.go |   10 +-
 .../services/pull_request/gitea_test.go       |   32 +
 .../services/pull_request/github.go           |    5 +
 .../services/pull_request/github_test.go      |   29 +
 .../services/pull_request/gitlab.go           |    5 +
 .../services/pull_request/gitlab_test.go      |   26 +
 assets/swagger.json                           |    4 +
 docs/operator-manual/applicationset.yaml      |   11 +-
 manifests/core-install-with-hydrator.yaml     |    6 +
 manifests/core-install.yaml                   |    6 +
 manifests/crds/applicationset-crd.yaml        |    6 +
 manifests/ha/install-with-hydrator.yaml       |    6 +
 manifests/ha/install.yaml                     |    6 +
 manifests/install-with-hydrator.yaml          |    6 +
 manifests/install.yaml                        |    6 +
 .../v1alpha1/applicationset_types.go          |    2 +
 pkg/apis/application/v1alpha1/generated.pb.go | 1574 +++++++++--------
 pkg/apis/application/v1alpha1/generated.proto |    3 +
 28 files changed, 1199 insertions(+), 785 deletions(-)
 create mode 100644 applicationset/services/pull_request/errors.go
 create mode 100644 applicationset/services/pull_request/errors_test.go

diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go
index f3868215c91b2..bc4fe9d591e29 100644
--- a/applicationset/generators/pull_request.go
+++ b/applicationset/generators/pull_request.go
@@ -11,6 +11,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/gosimple/slug"
+	log "github.com/sirupsen/logrus"
 
 	"github.com/argoproj/argo-cd/v3/applicationset/services"
 	pullrequest "github.com/argoproj/argo-cd/v3/applicationset/services/pull_request"
@@ -47,6 +48,10 @@ func (g *PullRequestGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alph
 	return DefaultPullRequestRequeueAfter
 }
 
+func (g *PullRequestGenerator) GetContinueOnRepoNotFoundError(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) bool {
+	return appSetGenerator.PullRequest.ContinueOnRepoNotFoundError
+}
+
 func (g *PullRequestGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate {
 	return &appSetGenerator.PullRequest.Template
 }
@@ -67,10 +72,15 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
 	}
 
 	pulls, err := pullrequest.ListPullRequests(ctx, svc, appSetGenerator.PullRequest.Filters)
+	params := make([]map[string]any, 0, len(pulls))
 	if err != nil {
+		if pullrequest.IsRepositoryNotFoundError(err) && g.GetContinueOnRepoNotFoundError(appSetGenerator) {
+			log.WithError(err).WithField("generator", g).
+				Warn("Skipping params generation for this repository since it was not found.")
+			return params, nil
+		}
 		return nil, fmt.Errorf("error listing repos: %w", err)
 	}
-	params := make([]map[string]any, 0, len(pulls))
 
 	// In order to follow the DNS label standard as defined in RFC 1123,
 	// we need to limit the 'branch' to 50 to give room to append/suffix-ing it
diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go
index c383cab83f13b..27180cd687bbf 100644
--- a/applicationset/generators/pull_request_test.go
+++ b/applicationset/generators/pull_request_test.go
@@ -16,11 +16,12 @@ import (
 func TestPullRequestGithubGenerateParams(t *testing.T) {
 	ctx := t.Context()
 	cases := []struct {
-		selectFunc     func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error)
-		values         map[string]string
-		expected       []map[string]any
-		expectedErr    error
-		applicationSet argoprojiov1alpha1.ApplicationSet
+		selectFunc                  func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error)
+		values                      map[string]string
+		expected                    []map[string]any
+		expectedErr                 error
+		applicationSet              argoprojiov1alpha1.ApplicationSet
+		continueOnRepoNotFoundError bool
 	}{
 		{
 			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
@@ -171,6 +172,30 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 			expected:    nil,
 			expectedErr: errors.New("error listing repos: fake error"),
 		},
+		{
+			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
+				return pullrequest.NewFakeService(
+					ctx,
+					nil,
+					pullrequest.NewRepositoryNotFoundError(errors.New("repository not found")),
+				)
+			},
+			expected:                    []map[string]any{},
+			expectedErr:                 nil,
+			continueOnRepoNotFoundError: true,
+		},
+		{
+			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
+				return pullrequest.NewFakeService(
+					ctx,
+					nil,
+					pullrequest.NewRepositoryNotFoundError(errors.New("repository not found")),
+				)
+			},
+			expected:                    nil,
+			expectedErr:                 errors.New("error listing repos: repository not found"),
+			continueOnRepoNotFoundError: false,
+		},
 		{
 			selectFunc: func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) {
 				return pullrequest.NewFakeService(
@@ -260,7 +285,8 @@ func TestPullRequestGithubGenerateParams(t *testing.T) {
 		}
 		generatorConfig := argoprojiov1alpha1.ApplicationSetGenerator{
 			PullRequest: &argoprojiov1alpha1.PullRequestGenerator{
-				Values: c.values,
+				Values:                      c.values,
+				ContinueOnRepoNotFoundError: c.continueOnRepoNotFoundError,
 			},
 		}
 
diff --git a/applicationset/services/pull_request/azure_devops.go b/applicationset/services/pull_request/azure_devops.go
index f70d2eda13865..cd30903c48f2d 100644
--- a/applicationset/services/pull_request/azure_devops.go
+++ b/applicationset/services/pull_request/azure_devops.go
@@ -10,7 +10,10 @@ import (
 	"github.com/microsoft/azure-devops-go-api/azuredevops/v7/git"
 )
 
-const AZURE_DEVOPS_DEFAULT_URL = "https://dev.azure.com"
+const (
+	AZURE_DEVOPS_DEFAULT_URL             = "https://dev.azure.com"
+	AZURE_DEVOPS_PROJECT_NOT_FOUND_ERROR = "The following project does not exist"
+)
 
 type AzureDevOpsClientFactory interface {
 	// Returns an Azure Devops Client interface.
@@ -70,13 +73,22 @@ func (a *AzureDevOpsService) List(ctx context.Context) ([]*PullRequest, error) {
 		SearchCriteria: &git.GitPullRequestSearchCriteria{},
 	}
 
+	pullRequests := []*PullRequest{}
+
 	azurePullRequests, err := client.GetPullRequestsByProject(ctx, args)
 	if err != nil {
+		// A standard Http 404 error is not returned for Azure DevOps,
+		// so checking the error message for a specific pattern.
+		// NOTE: Since the repos are filtered later, only existence of the project
+		// is relevant for AzureDevOps
+		if strings.Contains(err.Error(), AZURE_DEVOPS_PROJECT_NOT_FOUND_ERROR) {
+			// return a custom error indicating that the repository is not found,
+			// but also return the empty result since the decision to continue or not in this case is made by the caller
+			return pullRequests, NewRepositoryNotFoundError(err)
+		}
 		return nil, fmt.Errorf("failed to get pull requests by project: %w", err)
 	}
 
-	pullRequests := []*PullRequest{}
-
 	for _, pr := range *azurePullRequests {
 		if pr.Repository == nil ||
 			pr.Repository.Name == nil ||
diff --git a/applicationset/services/pull_request/azure_devops_test.go b/applicationset/services/pull_request/azure_devops_test.go
index 29774ad08e76a..1cf2bfd299903 100644
--- a/applicationset/services/pull_request/azure_devops_test.go
+++ b/applicationset/services/pull_request/azure_devops_test.go
@@ -2,6 +2,7 @@ package pull_request
 
 import (
 	"context"
+	"errors"
 	"testing"
 
 	"github.com/microsoft/azure-devops-go-api/azuredevops/v7/core"
@@ -235,3 +236,36 @@ func TestBuildURL(t *testing.T) {
 		})
 	}
 }
+
+func TestAzureDevOpsListReturnsRepositoryNotFoundError(t *testing.T) {
+	args := git.GetPullRequestsByProjectArgs{
+		Project:        createStringPtr("nonexistent"),
+		SearchCriteria: &git.GitPullRequestSearchCriteria{},
+	}
+
+	pullRequestMock := []git.GitPullRequest{}
+
+	gitClientMock := azureMock.Client{}
+	clientFactoryMock := &AzureClientFactoryMock{mock: &mock.Mock{}}
+	clientFactoryMock.mock.On("GetClient", mock.Anything).Return(&gitClientMock, nil)
+
+	// Mock the GetPullRequestsByProject to return an error containing "404"
+	gitClientMock.On("GetPullRequestsByProject", t.Context(), args).Return(&pullRequestMock,
+		errors.New("The following project does not exist:"))
+
+	provider := AzureDevOpsService{
+		clientFactory: clientFactoryMock,
+		project:       "nonexistent",
+		repo:          "nonexistent",
+		labels:        nil,
+	}
+
+	prs, err := provider.List(t.Context())
+
+	// Should return empty pull requests list
+	assert.Empty(t, prs)
+
+	// Should return RepositoryNotFoundError
+	require.Error(t, err)
+	assert.True(t, IsRepositoryNotFoundError(err), "Expected RepositoryNotFoundError but got: %v", err)
+}
diff --git a/applicationset/services/pull_request/bitbucket_cloud.go b/applicationset/services/pull_request/bitbucket_cloud.go
index 1d03bb0249c6d..1e4b8dc30e8e7 100644
--- a/applicationset/services/pull_request/bitbucket_cloud.go
+++ b/applicationset/services/pull_request/bitbucket_cloud.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strings"
 
 	"github.com/ktrysmt/go-bitbucket"
 )
@@ -117,8 +118,17 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error)
 		RepoSlug: b.repositorySlug,
 	}
 
+	pullRequests := []*PullRequest{}
+
 	response, err := b.client.Repositories.PullRequests.Gets(opts)
 	if err != nil {
+		// A standard Http 404 error is not returned for Bitbucket Cloud,
+		// so checking the error message for a specific pattern
+		if strings.Contains(err.Error(), "404 Not Found") {
+			// return a custom error indicating that the repository is not found,
+			// but also return the empty result since the decision to continue or not in this case is made by the caller
+			return pullRequests, NewRepositoryNotFoundError(err)
+		}
 		return nil, fmt.Errorf("error listing pull requests for %s/%s: %w", b.owner, b.repositorySlug, err)
 	}
 
@@ -142,7 +152,6 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error)
 		return nil, fmt.Errorf("error unmarshalling json to type '[]BitbucketCloudPullRequest': %w", err)
 	}
 
-	pullRequests := []*PullRequest{}
 	for _, pull := range pulls {
 		pullRequests = append(pullRequests, &PullRequest{
 			Number:       pull.ID,
diff --git a/applicationset/services/pull_request/bitbucket_cloud_test.go b/applicationset/services/pull_request/bitbucket_cloud_test.go
index f406ae4e00e56..0e771048bcd8b 100644
--- a/applicationset/services/pull_request/bitbucket_cloud_test.go
+++ b/applicationset/services/pull_request/bitbucket_cloud_test.go
@@ -492,3 +492,29 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) {
 		TargetBranch: "branch-200",
 	}, *pullRequests[0])
 }
+
+func TestBitbucketCloudListReturnsRepositoryNotFoundError(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	path := "/repositories/nonexistent/nonexistent/pullrequests/"
+
+	mux.HandleFunc(path, func(w http.ResponseWriter, _ *http.Request) {
+		// Return 404 status to simulate repository not found
+		w.WriteHeader(http.StatusNotFound)
+		_, _ = w.Write([]byte(`{"message": "404 Project Not Found"}`))
+	})
+
+	svc, err := NewBitbucketCloudServiceNoAuth(server.URL, "nonexistent", "nonexistent")
+	require.NoError(t, err)
+
+	prs, err := svc.List(t.Context())
+
+	// Should return empty pull requests list
+	assert.Empty(t, prs)
+
+	// Should return RepositoryNotFoundError
+	require.Error(t, err)
+	assert.True(t, IsRepositoryNotFoundError(err), "Expected RepositoryNotFoundError but got: %v", err)
+}
diff --git a/applicationset/services/pull_request/bitbucket_server.go b/applicationset/services/pull_request/bitbucket_server.go
index f016bba877791..c48c6cb01ef1f 100644
--- a/applicationset/services/pull_request/bitbucket_server.go
+++ b/applicationset/services/pull_request/bitbucket_server.go
@@ -72,6 +72,11 @@ func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) {
 	for {
 		response, err := b.client.DefaultApi.GetPullRequestsPage(b.projectKey, b.repositorySlug, paged)
 		if err != nil {
+			if response != nil && response.Response != nil && response.StatusCode == http.StatusNotFound {
+				// return a custom error indicating that the repository is not found,
+				// but also return the empty result since the decision to continue or not in this case is made by the caller
+				return pullRequests, NewRepositoryNotFoundError(err)
+			}
 			return nil, fmt.Errorf("error listing pull requests for %s/%s: %w", b.projectKey, b.repositorySlug, err)
 		}
 		pulls, err := bitbucketv1.GetPullRequestsResponse(response)
diff --git a/applicationset/services/pull_request/bitbucket_server_test.go b/applicationset/services/pull_request/bitbucket_server_test.go
index 745ac9f7444db..2ce70d3fbaa61 100644
--- a/applicationset/services/pull_request/bitbucket_server_test.go
+++ b/applicationset/services/pull_request/bitbucket_server_test.go
@@ -510,3 +510,29 @@ func TestListPullRequestBranchMatch(t *testing.T) {
 	})
 	require.Error(t, err)
 }
+
+func TestBitbucketServerListReturnsRepositoryNotFoundError(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	path := "/rest/api/1.0/projects/nonexistent/repos/nonexistent/pull-requests?limit=100"
+
+	mux.HandleFunc(path, func(w http.ResponseWriter, _ *http.Request) {
+		// Return 404 status to simulate repository not found
+		w.WriteHeader(http.StatusNotFound)
+		_, _ = w.Write([]byte(`{"message": "404 Project Not Found"}`))
+	})
+
+	svc, err := NewBitbucketServiceNoAuth(t.Context(), server.URL, "nonexistent", "nonexistent", "", false, nil)
+	require.NoError(t, err)
+
+	prs, err := svc.List(t.Context())
+
+	// Should return empty pull requests list
+	assert.Empty(t, prs)
+
+	// Should return RepositoryNotFoundError
+	require.Error(t, err)
+	assert.True(t, IsRepositoryNotFoundError(err), "Expected RepositoryNotFoundError but got: %v", err)
+}
diff --git a/applicationset/services/pull_request/errors.go b/applicationset/services/pull_request/errors.go
new file mode 100644
index 0000000000000..69d3add0de77f
--- /dev/null
+++ b/applicationset/services/pull_request/errors.go
@@ -0,0 +1,23 @@
+package pull_request
+
+import "errors"
+
+// RepositoryNotFoundError represents an error when a repository is not found by a pull request provider
+type RepositoryNotFoundError struct {
+	causingError error
+}
+
+func (e *RepositoryNotFoundError) Error() string {
+	return e.causingError.Error()
+}
+
+// NewRepositoryNotFoundError creates a new repository not found error
+func NewRepositoryNotFoundError(err error) error {
+	return &RepositoryNotFoundError{causingError: err}
+}
+
+// IsRepositoryNotFoundError checks if the given error is a repository not found error
+func IsRepositoryNotFoundError(err error) bool {
+	var repoErr *RepositoryNotFoundError
+	return errors.As(err, &repoErr)
+}
diff --git a/applicationset/services/pull_request/errors_test.go b/applicationset/services/pull_request/errors_test.go
new file mode 100644
index 0000000000000..7563135aac7eb
--- /dev/null
+++ b/applicationset/services/pull_request/errors_test.go
@@ -0,0 +1,48 @@
+package pull_request
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestRepositoryNotFoundError(t *testing.T) {
+	t.Run("NewRepositoryNotFoundError creates correct error type", func(t *testing.T) {
+		originalErr := errors.New("repository does not exist")
+		repoNotFoundErr := NewRepositoryNotFoundError(originalErr)
+
+		require.Error(t, repoNotFoundErr)
+		assert.Equal(t, "repository does not exist", repoNotFoundErr.Error())
+	})
+
+	t.Run("IsRepositoryNotFoundError identifies RepositoryNotFoundError", func(t *testing.T) {
+		originalErr := errors.New("repository does not exist")
+		repoNotFoundErr := NewRepositoryNotFoundError(originalErr)
+
+		assert.True(t, IsRepositoryNotFoundError(repoNotFoundErr))
+	})
+
+	t.Run("IsRepositoryNotFoundError returns false for regular errors", func(t *testing.T) {
+		regularErr := errors.New("some other error")
+
+		assert.False(t, IsRepositoryNotFoundError(regularErr))
+	})
+
+	t.Run("IsRepositoryNotFoundError returns false for nil error", func(t *testing.T) {
+		assert.False(t, IsRepositoryNotFoundError(nil))
+	})
+
+	t.Run("IsRepositoryNotFoundError works with wrapped errors", func(t *testing.T) {
+		originalErr := errors.New("repository does not exist")
+		repoNotFoundErr := NewRepositoryNotFoundError(originalErr)
+		wrappedErr := errors.New("wrapped: " + repoNotFoundErr.Error())
+
+		// Direct RepositoryNotFoundError should be identified
+		assert.True(t, IsRepositoryNotFoundError(repoNotFoundErr))
+
+		// Wrapped string error should not be identified (this is expected behavior)
+		assert.False(t, IsRepositoryNotFoundError(wrappedErr))
+	})
+}
diff --git a/applicationset/services/pull_request/gitea.go b/applicationset/services/pull_request/gitea.go
index d0e51c23aa3d0..88022b17e584b 100644
--- a/applicationset/services/pull_request/gitea.go
+++ b/applicationset/services/pull_request/gitea.go
@@ -52,11 +52,17 @@ func (g *GiteaService) List(ctx context.Context) ([]*PullRequest, error) {
 		State: gitea.StateOpen,
 	}
 	g.client.SetContext(ctx)
-	prs, _, err := g.client.ListRepoPullRequests(g.owner, g.repo, opts)
+	list := []*PullRequest{}
+	prs, resp, err := g.client.ListRepoPullRequests(g.owner, g.repo, opts)
 	if err != nil {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
+			// return a custom error indicating that the repository is not found,
+			// but also returning the empty result since the decision to continue or not in this case is made by the caller
+			return list, NewRepositoryNotFoundError(err)
+		}
 		return nil, err
 	}
-	list := []*PullRequest{}
+
 	for _, pr := range prs {
 		if !giteaContainLabels(g.labels, pr.Labels) {
 			continue
diff --git a/applicationset/services/pull_request/gitea_test.go b/applicationset/services/pull_request/gitea_test.go
index c2b1ec22b1754..ae344244ebae6 100644
--- a/applicationset/services/pull_request/gitea_test.go
+++ b/applicationset/services/pull_request/gitea_test.go
@@ -339,3 +339,35 @@ func TestGetGiteaPRLabelNames(t *testing.T) {
 		})
 	}
 }
+
+func TestGiteaListReturnsRepositoryNotFoundError(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	// Handle version endpoint that Gitea client calls first
+	mux.HandleFunc("/api/v1/version", func(w http.ResponseWriter, _ *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte(`{"version":"1.17.0+dev-452-g1f0541780"}`))
+	})
+
+	path := "/api/v1/repos/nonexistent/nonexistent/pulls?limit=0&page=1&state=open"
+
+	mux.HandleFunc(path, func(w http.ResponseWriter, _ *http.Request) {
+		// Return 404 status to simulate repository not found
+		w.WriteHeader(http.StatusNotFound)
+		_, _ = w.Write([]byte(`{"message": "404 Project Not Found"}`))
+	})
+
+	svc, err := NewGiteaService("", server.URL, "nonexistent", "nonexistent", []string{}, false)
+	require.NoError(t, err)
+
+	prs, err := svc.List(t.Context())
+
+	// Should return empty pull requests list
+	assert.Empty(t, prs)
+
+	// Should return RepositoryNotFoundError
+	require.Error(t, err)
+	assert.True(t, IsRepositoryNotFoundError(err), "Expected RepositoryNotFoundError but got: %v", err)
+}
diff --git a/applicationset/services/pull_request/github.go b/applicationset/services/pull_request/github.go
index 79b128b3b1d1e..5cf2e40a337e6 100644
--- a/applicationset/services/pull_request/github.go
+++ b/applicationset/services/pull_request/github.go
@@ -64,6 +64,11 @@ func (g *GithubService) List(ctx context.Context) ([]*PullRequest, error) {
 	for {
 		pulls, resp, err := g.client.PullRequests.List(ctx, g.owner, g.repo, opts)
 		if err != nil {
+			if resp != nil && resp.StatusCode == http.StatusNotFound {
+				// return a custom error indicating that the repository is not found,
+				// but also returning the empty result since the decision to continue or not in this case is made by the caller
+				return pullRequests, NewRepositoryNotFoundError(err)
+			}
 			return nil, fmt.Errorf("error listing pull requests for %s/%s: %w", g.owner, g.repo, err)
 		}
 		for _, pull := range pulls {
diff --git a/applicationset/services/pull_request/github_test.go b/applicationset/services/pull_request/github_test.go
index 0380891d07988..e3d5e1efb8129 100644
--- a/applicationset/services/pull_request/github_test.go
+++ b/applicationset/services/pull_request/github_test.go
@@ -1,9 +1,12 @@
 package pull_request
 
 import (
+	"net/http"
+	"net/http/httptest"
 	"testing"
 
 	"github.com/google/go-github/v69/github"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -86,3 +89,29 @@ func TestGetGitHubPRLabelNames(t *testing.T) {
 		})
 	}
 }
+
+func TestGitHubListReturnsRepositoryNotFoundError(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	path := "/repos/nonexistent/nonexistent/pulls"
+
+	mux.HandleFunc(path, func(w http.ResponseWriter, _ *http.Request) {
+		// Return 404 status to simulate repository not found
+		w.WriteHeader(http.StatusNotFound)
+		_, _ = w.Write([]byte(`{"message": "404 Project Not Found"}`))
+	})
+
+	svc, err := NewGithubService("", server.URL, "nonexistent", "nonexistent", []string{}, nil)
+	require.NoError(t, err)
+
+	prs, err := svc.List(t.Context())
+
+	// Should return empty pull requests list
+	assert.Empty(t, prs)
+
+	// Should return RepositoryNotFoundError
+	require.Error(t, err)
+	assert.True(t, IsRepositoryNotFoundError(err), "Expected RepositoryNotFoundError but got: %v", err)
+}
diff --git a/applicationset/services/pull_request/gitlab.go b/applicationset/services/pull_request/gitlab.go
index d6d94cf05e2d4..139f3d3518ca7 100644
--- a/applicationset/services/pull_request/gitlab.go
+++ b/applicationset/services/pull_request/gitlab.go
@@ -76,6 +76,11 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) {
 	for {
 		mrs, resp, err := g.client.MergeRequests.ListProjectMergeRequests(g.project, opts, gitlab.WithContext(ctx))
 		if err != nil {
+			if resp != nil && resp.StatusCode == http.StatusNotFound {
+				// return a custom error indicating that the repository is not found,
+				// but also returning the empty result since the decision to continue or not in this case is made by the caller
+				return pullRequests, NewRepositoryNotFoundError(err)
+			}
 			return nil, fmt.Errorf("error listing merge requests for project '%s': %w", g.project, err)
 		}
 		for _, mr := range mrs {
diff --git a/applicationset/services/pull_request/gitlab_test.go b/applicationset/services/pull_request/gitlab_test.go
index ab8e99456af33..08c7d314393a0 100644
--- a/applicationset/services/pull_request/gitlab_test.go
+++ b/applicationset/services/pull_request/gitlab_test.go
@@ -191,3 +191,29 @@ func TestListWithStateTLS(t *testing.T) {
 		})
 	}
 }
+
+func TestGitLabListReturnsRepositoryNotFoundError(t *testing.T) {
+	mux := http.NewServeMux()
+	server := httptest.NewServer(mux)
+	defer server.Close()
+
+	path := "/api/v4/projects/nonexistent/merge_requests"
+
+	mux.HandleFunc(path, func(w http.ResponseWriter, _ *http.Request) {
+		// Return 404 status to simulate repository not found
+		w.WriteHeader(http.StatusNotFound)
+		_, _ = w.Write([]byte(`{"message": "404 Project Not Found"}`))
+	})
+
+	svc, err := NewGitLabService("", server.URL, "nonexistent", []string{}, "", "", false, nil)
+	require.NoError(t, err)
+
+	prs, err := svc.List(t.Context())
+
+	// Should return empty pull requests list
+	assert.Empty(t, prs)
+
+	// Should return RepositoryNotFoundError
+	require.Error(t, err)
+	assert.True(t, IsRepositoryNotFoundError(err), "Expected RepositoryNotFoundError but got: %v", err)
+}
diff --git a/assets/swagger.json b/assets/swagger.json
index efe9c036145d4..e63eaa24c3456 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -8950,6 +8950,10 @@
         "bitbucketServer": {
           "$ref": "#/definitions/v1alpha1PullRequestGeneratorBitbucketServer"
         },
+        "continueOnRepoNotFoundError": {
+          "description": "ContinueOnRepoNotFoundError is a flag to continue the ApplicationSet Pull Request generator parameters generation even if the repository is not found.",
+          "type": "boolean"
+        },
         "filters": {
           "description": "Filters for which pull requests should be considered.",
           "type": "array",
diff --git a/docs/operator-manual/applicationset.yaml b/docs/operator-manual/applicationset.yaml
index 14046713bb46b..dc1e6a69b295f 100644
--- a/docs/operator-manual/applicationset.yaml
+++ b/docs/operator-manual/applicationset.yaml
@@ -133,6 +133,15 @@ spec:
     - pullRequest:
         # When using a Pull Request generator, the ApplicationSet controller polls every `requeueAfterSeconds` interval (defaulting to every 30 minutes) to detect changes.
         requeueAfterSeconds: 1800
+        # When set to true, the ApplicationSet controller will continue to generate Applications even if the repository is not found, and will not enter a failed state.
+        # One example use case is when a pull request generator is combined with a Git generator in a matrix generator.
+        # NOTE, that if a repository exists but is inaccessible due to
+        # access rights, SCM providers usually return a "404 Not Found" error
+        # instead of a "403 Permission Denied" error. Consequently, using this
+        # option may lead to the deletion of Argo CD applications if the SCM
+        # user associated with the token loses access to the repository.
+
+        continueOnRepoNotFoundError: false
         # See below for provider specific options.
         # Specify the repository from which to fetch the GitHub Pull requests.
         github:
@@ -325,4 +334,4 @@ spec:
     jqPathExpressions:
     - .spec.source.helm.values
 
-  
\ No newline at end of file
+  
diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index 97845d4a18ce0..67c5d336d38f4 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -12154,6 +12154,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -17996,6 +17998,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -21127,6 +21131,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index be4b882d9385d..aa80744568cd5 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -12154,6 +12154,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -17996,6 +17998,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -21127,6 +21131,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml
index e2dbe67a26f20..d8bad34c79542 100644
--- a/manifests/crds/applicationset-crd.yaml
+++ b/manifests/crds/applicationset-crd.yaml
@@ -6262,6 +6262,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -12104,6 +12106,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -15235,6 +15239,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index c92eab9ea3995..1712909aa9bb4 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -12154,6 +12154,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -17996,6 +17998,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -21127,6 +21131,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index 02e9481e5bd19..ecca64ce53d12 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -12154,6 +12154,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -17996,6 +17998,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -21127,6 +21131,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index 22f53ffd3386d..671b66bf2d826 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -12154,6 +12154,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -17996,6 +17998,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -21127,6 +21131,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/manifests/install.yaml b/manifests/install.yaml
index 33463a55ef6a7..a309400a83996 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -12154,6 +12154,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -17996,6 +17998,8 @@ spec:
                                     - project
                                     - repo
                                     type: object
+                                  continueOnRepoNotFoundError:
+                                    type: boolean
                                   filters:
                                     items:
                                       properties:
@@ -21127,6 +21131,8 @@ spec:
                           - project
                           - repo
                           type: object
+                        continueOnRepoNotFoundError:
+                          type: boolean
                         filters:
                           items:
                             properties:
diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go
index 09fc1e1daf447..b628812562f4a 100644
--- a/pkg/apis/application/v1alpha1/applicationset_types.go
+++ b/pkg/apis/application/v1alpha1/applicationset_types.go
@@ -614,6 +614,8 @@ type PullRequestGenerator struct {
 	AzureDevOps *PullRequestGeneratorAzureDevOps `json:"azuredevops,omitempty" protobuf:"bytes,9,opt,name=azuredevops"`
 	// Values contains key/value pairs which are passed directly as parameters to the template
 	Values map[string]string `json:"values,omitempty" protobuf:"bytes,10,name=values"`
+	// ContinueOnRepoNotFoundError is a flag to continue the ApplicationSet Pull Request generator parameters generation even if the repository is not found.
+	ContinueOnRepoNotFoundError bool `json:"continueOnRepoNotFoundError,omitempty" protobuf:"varint,11,opt,name=continueOnRepoNotFoundError"`
 	// If you add a new SCM provider, update CustomApiUrl below.
 }
 
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index 1f874903ad91f..aa5cb17ba1825 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -4914,777 +4914,779 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12307 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xc9,
-	0x71, 0x18, 0xcc, 0x9e, 0xc1, 0x00, 0x33, 0x89, 0xd7, 0xa2, 0x76, 0xf7, 0x0e, 0xbb, 0xf7, 0xc0,
-	0xaa, 0x8f, 0x3a, 0x9e, 0x3e, 0xde, 0x01, 0xba, 0xbd, 0x3b, 0xea, 0x3e, 0x9d, 0x44, 0x09, 0x8f,
-	0x7d, 0x60, 0x17, 0x58, 0xe0, 0x6a, 0xb0, 0xbb, 0xe2, 0x51, 0xc7, 0x63, 0x63, 0xa6, 0x30, 0xe8,
-	0x45, 0x4f, 0xf7, 0x5c, 0x77, 0x0f, 0x16, 0x73, 0xa2, 0x28, 0x52, 0x24, 0x25, 0x4a, 0x7c, 0x9d,
-	0x45, 0x87, 0x79, 0xb4, 0x4d, 0x9a, 0xb2, 0xe4, 0x57, 0x38, 0x18, 0xa2, 0xad, 0x1f, 0x56, 0x84,
-	0xa4, 0x60, 0xe8, 0x11, 0x0c, 0xca, 0xb2, 0x43, 0x32, 0x83, 0x16, 0x65, 0x4b, 0x84, 0xc9, 0xb5,
-	0x1d, 0x54, 0x38, 0xc2, 0x8a, 0x90, 0xec, 0x1f, 0x8e, 0xb5, 0xc3, 0xe1, 0xa8, 0x77, 0x75, 0x4f,
-	0x0f, 0x30, 0x58, 0x34, 0x76, 0x97, 0xd4, 0xfd, 0x9b, 0xa9, 0xcc, 0xaa, 0xac, 0xae, 0x47, 0x66,
-	0x56, 0x56, 0x66, 0x16, 0x2c, 0x35, 0xdc, 0x78, 0xb3, 0xbd, 0x3e, 0x5d, 0x0b, 0x9a, 0x33, 0x4e,
-	0xd8, 0x08, 0x5a, 0x61, 0x70, 0x83, 0xfd, 0x78, 0xaa, 0x56, 0x9f, 0xd9, 0x7e, 0x66, 0xa6, 0xb5,
-	0xd5, 0x98, 0x71, 0x5a, 0x6e, 0x34, 0xe3, 0xb4, 0x5a, 0x9e, 0x5b, 0x73, 0x62, 0x37, 0xf0, 0x67,
-	0xb6, 0x9f, 0x76, 0xbc, 0xd6, 0xa6, 0xf3, 0xf4, 0x4c, 0x83, 0xf8, 0x24, 0x74, 0x62, 0x52, 0x9f,
-	0x6e, 0x85, 0x41, 0x1c, 0xa0, 0x1f, 0xd1, 0xad, 0x4d, 0xcb, 0xd6, 0xd8, 0x8f, 0x57, 0x6a, 0xf5,
-	0xe9, 0xed, 0x67, 0xa6, 0x5b, 0x5b, 0x8d, 0x69, 0xda, 0xda, 0xb4, 0xd1, 0xda, 0xb4, 0x6c, 0xed,
-	0xf4, 0x53, 0x46, 0x5f, 0x1a, 0x41, 0x23, 0x98, 0x61, 0x8d, 0xae, 0xb7, 0x37, 0xd8, 0x3f, 0xf6,
-	0x87, 0xfd, 0xe2, 0xc4, 0x4e, 0xdb, 0x5b, 0xcf, 0x47, 0xd3, 0x6e, 0x40, 0xbb, 0x37, 0x53, 0x0b,
-	0x42, 0x32, 0xb3, 0xdd, 0xd5, 0xa1, 0xd3, 0x17, 0x35, 0x0e, 0xd9, 0x89, 0x89, 0x1f, 0xb9, 0x81,
-	0x1f, 0x3d, 0x45, 0xbb, 0x40, 0xc2, 0x6d, 0x12, 0x9a, 0x9f, 0x67, 0x20, 0x64, 0xb5, 0xf4, 0xac,
-	0x6e, 0xa9, 0xe9, 0xd4, 0x36, 0x5d, 0x9f, 0x84, 0x1d, 0x5d, 0xbd, 0x49, 0x62, 0x27, 0xab, 0xd6,
-	0x4c, 0xaf, 0x5a, 0x61, 0xdb, 0x8f, 0xdd, 0x26, 0xe9, 0xaa, 0xf0, 0x8e, 0xfd, 0x2a, 0x44, 0xb5,
-	0x4d, 0xd2, 0x74, 0xba, 0xea, 0x3d, 0xd3, 0xab, 0x5e, 0x3b, 0x76, 0xbd, 0x19, 0xd7, 0x8f, 0xa3,
-	0x38, 0x4c, 0x57, 0xb2, 0xff, 0xbe, 0x05, 0xa3, 0xb3, 0xd7, 0xab, 0xb3, 0xed, 0x78, 0x73, 0x3e,
-	0xf0, 0x37, 0xdc, 0x06, 0x7a, 0x0e, 0x86, 0x6b, 0x5e, 0x3b, 0x8a, 0x49, 0x78, 0xc5, 0x69, 0x92,
-	0x49, 0xeb, 0x8c, 0xf5, 0x44, 0x65, 0xee, 0xf8, 0x57, 0x77, 0xa7, 0xde, 0x72, 0x6b, 0x77, 0x6a,
-	0x78, 0x5e, 0x83, 0xb0, 0x89, 0x87, 0x7e, 0x00, 0x86, 0xc2, 0xc0, 0x23, 0xb3, 0xf8, 0xca, 0x64,
-	0x81, 0x55, 0x19, 0x17, 0x55, 0x86, 0x30, 0x2f, 0xc6, 0x12, 0x4e, 0x51, 0x5b, 0x61, 0xb0, 0xe1,
-	0x7a, 0x64, 0xb2, 0x98, 0x44, 0x5d, 0xe5, 0xc5, 0x58, 0xc2, 0xed, 0xcf, 0x16, 0x60, 0x7c, 0xb6,
-	0xd5, 0xba, 0x48, 0x1c, 0x2f, 0xde, 0xac, 0xc6, 0x4e, 0xdc, 0x8e, 0x50, 0x03, 0x06, 0x23, 0xf6,
-	0x4b, 0xf4, 0x6d, 0x45, 0xd4, 0x1e, 0xe4, 0xf0, 0xdb, 0xbb, 0x53, 0x3f, 0x9a, 0xb5, 0xa2, 0x1b,
-	0x6e, 0x1c, 0xb4, 0xa2, 0xa7, 0x88, 0xdf, 0x70, 0x7d, 0xc2, 0xc6, 0x65, 0x93, 0xb5, 0x3a, 0x6d,
-	0x36, 0x3e, 0x1f, 0xd4, 0x09, 0x16, 0xcd, 0xd3, 0x7e, 0x36, 0x49, 0x14, 0x39, 0x0d, 0x92, 0xfe,
-	0xa4, 0x65, 0x5e, 0x8c, 0x25, 0x1c, 0x85, 0x80, 0x3c, 0x27, 0x8a, 0xd7, 0x42, 0xc7, 0x8f, 0x5c,
-	0xba, 0xa4, 0xd7, 0xdc, 0x26, 0xff, 0xba, 0xe1, 0xb3, 0xff, 0xdf, 0x34, 0x9f, 0x98, 0x69, 0x73,
-	0x62, 0xf4, 0x3e, 0xa0, 0xeb, 0x66, 0x7a, 0xfb, 0xe9, 0x69, 0x5a, 0x63, 0xee, 0x81, 0x5b, 0xbb,
-	0x53, 0x68, 0xa9, 0xab, 0x25, 0x9c, 0xd1, 0xba, 0xfd, 0x27, 0x05, 0x80, 0xd9, 0x56, 0x6b, 0x35,
-	0x0c, 0x6e, 0x90, 0x5a, 0x8c, 0xde, 0x0b, 0x65, 0xda, 0x54, 0xdd, 0x89, 0x1d, 0x36, 0x30, 0xc3,
-	0x67, 0x7f, 0xb0, 0x3f, 0xc2, 0x2b, 0xeb, 0xb4, 0xfe, 0x32, 0x89, 0x9d, 0x39, 0x24, 0x3e, 0x10,
-	0x74, 0x19, 0x56, 0xad, 0x22, 0x1f, 0x06, 0xa2, 0x16, 0xa9, 0xb1, 0xc1, 0x18, 0x3e, 0xbb, 0x34,
-	0x7d, 0x98, 0x9d, 0x3e, 0xad, 0x7b, 0x5e, 0x6d, 0x91, 0xda, 0xdc, 0x88, 0xa0, 0x3c, 0x40, 0xff,
-	0x61, 0x46, 0x07, 0x6d, 0xab, 0x89, 0xe6, 0x03, 0x79, 0x25, 0x37, 0x8a, 0xac, 0xd5, 0xb9, 0xb1,
-	0xe4, 0xc2, 0x91, 0xf3, 0x6e, 0x7f, 0xd3, 0x82, 0x31, 0x8d, 0xbc, 0xe4, 0x46, 0x31, 0xfa, 0xc9,
-	0xae, 0xc1, 0x9d, 0xee, 0x6f, 0x70, 0x69, 0x6d, 0x36, 0xb4, 0xc7, 0x04, 0xb1, 0xb2, 0x2c, 0x31,
-	0x06, 0xb6, 0x09, 0x25, 0x37, 0x26, 0xcd, 0x68, 0xb2, 0x70, 0xa6, 0xf8, 0xc4, 0xf0, 0xd9, 0x8b,
-	0x79, 0x7d, 0xe7, 0xdc, 0xa8, 0x20, 0x5a, 0x5a, 0xa4, 0xcd, 0x63, 0x4e, 0xc5, 0xfe, 0xeb, 0x51,
-	0xf3, 0xfb, 0xe8, 0x80, 0xa3, 0xa7, 0x61, 0x38, 0x0a, 0xda, 0x61, 0x8d, 0x60, 0xd2, 0x0a, 0xe8,
-	0xc6, 0x2a, 0xd2, 0xe5, 0x4e, 0x37, 0x7c, 0x55, 0x17, 0x63, 0x13, 0x07, 0x7d, 0xd2, 0x82, 0x91,
-	0x3a, 0x89, 0x62, 0xd7, 0x67, 0xf4, 0x65, 0xe7, 0xd7, 0x0e, 0xdd, 0x79, 0x59, 0xb8, 0xa0, 0x1b,
-	0x9f, 0x3b, 0x21, 0x3e, 0x64, 0xc4, 0x28, 0x8c, 0x70, 0x82, 0x3e, 0x65, 0x5c, 0x75, 0x12, 0xd5,
-	0x42, 0xb7, 0x45, 0xff, 0x0b, 0xd6, 0xa2, 0x18, 0xd7, 0x82, 0x06, 0x61, 0x13, 0x0f, 0xf9, 0x50,
-	0xa2, 0x8c, 0x29, 0x9a, 0x1c, 0x60, 0xfd, 0x5f, 0x3c, 0x5c, 0xff, 0xc5, 0xa0, 0x52, 0x9e, 0xa7,
-	0x47, 0x9f, 0xfe, 0x8b, 0x30, 0x27, 0x83, 0x3e, 0x61, 0xc1, 0xa4, 0x60, 0x9c, 0x98, 0xf0, 0x01,
-	0xbd, 0xbe, 0xe9, 0xc6, 0xc4, 0x73, 0xa3, 0x78, 0xb2, 0xc4, 0xfa, 0x30, 0xd3, 0xdf, 0xda, 0xba,
-	0x10, 0x06, 0xed, 0xd6, 0x65, 0xd7, 0xaf, 0xcf, 0x9d, 0x11, 0x94, 0x26, 0xe7, 0x7b, 0x34, 0x8c,
-	0x7b, 0x92, 0x44, 0x9f, 0xb6, 0xe0, 0xb4, 0xef, 0x34, 0x49, 0xd4, 0x72, 0xe8, 0xd4, 0x72, 0xf0,
-	0x9c, 0xe7, 0xd4, 0xb6, 0x58, 0x8f, 0x06, 0xef, 0xac, 0x47, 0xb6, 0xe8, 0xd1, 0xe9, 0x2b, 0x3d,
-	0x9b, 0xc6, 0x7b, 0x90, 0x45, 0xbf, 0x62, 0xc1, 0x44, 0x10, 0xb6, 0x36, 0x1d, 0x9f, 0xd4, 0x25,
-	0x34, 0x9a, 0x1c, 0x62, 0x5b, 0xef, 0x3d, 0x87, 0x9b, 0xa2, 0x95, 0x74, 0xb3, 0xcb, 0x81, 0xef,
-	0xc6, 0x41, 0x58, 0x25, 0x71, 0xec, 0xfa, 0x8d, 0x68, 0xee, 0xe4, 0xad, 0xdd, 0xa9, 0x89, 0x2e,
-	0x2c, 0xdc, 0xdd, 0x1f, 0xf4, 0x53, 0x30, 0x1c, 0x75, 0xfc, 0xda, 0x75, 0xd7, 0xaf, 0x07, 0x37,
-	0xa3, 0xc9, 0x72, 0x1e, 0xdb, 0xb7, 0xaa, 0x1a, 0x14, 0x1b, 0x50, 0x13, 0xc0, 0x26, 0xb5, 0xec,
-	0x89, 0xd3, 0x4b, 0xa9, 0x92, 0xf7, 0xc4, 0xe9, 0xc5, 0xb4, 0x07, 0x59, 0xf4, 0xf3, 0x16, 0x8c,
-	0x46, 0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x2e, 0x93, 0x4e, 0x34, 0x09, 0xac, 0x23, 0x97, 0x0e,
-	0x39, 0x2a, 0x46, 0x93, 0x73, 0x27, 0x45, 0x1f, 0x47, 0xcd, 0xd2, 0x08, 0x27, 0xe9, 0x66, 0x6d,
-	0x34, 0xbd, 0xac, 0x87, 0xf3, 0xdd, 0x68, 0x7a, 0x51, 0xf7, 0x24, 0x89, 0x7e, 0x1c, 0x8e, 0xf1,
-	0x22, 0x35, 0xb2, 0xd1, 0xe4, 0x08, 0x63, 0xb4, 0x27, 0x6e, 0xed, 0x4e, 0x1d, 0xab, 0xa6, 0x60,
-	0xb8, 0x0b, 0x1b, 0xbd, 0x0a, 0x53, 0x2d, 0x12, 0x36, 0xdd, 0x78, 0xc5, 0xf7, 0x3a, 0x92, 0x7d,
-	0xd7, 0x82, 0x16, 0xa9, 0x8b, 0xee, 0x44, 0x93, 0xa3, 0x67, 0xac, 0x27, 0xca, 0x73, 0x6f, 0x13,
-	0xdd, 0x9c, 0x5a, 0xdd, 0x1b, 0x1d, 0xef, 0xd7, 0x1e, 0xfa, 0x8a, 0x05, 0xa7, 0x0d, 0x2e, 0x5b,
-	0x25, 0xe1, 0xb6, 0x5b, 0x23, 0xb3, 0xb5, 0x5a, 0xd0, 0xf6, 0xe3, 0x68, 0x72, 0x8c, 0x0d, 0xe3,
-	0xfa, 0x51, 0xf0, 0xfc, 0x24, 0x29, 0xbd, 0x2e, 0x7b, 0xa2, 0x44, 0x78, 0x8f, 0x9e, 0xda, 0x7f,
-	0x50, 0x80, 0x63, 0x69, 0x0d, 0x00, 0xfd, 0x63, 0x0b, 0xc6, 0x6f, 0xdc, 0x8c, 0xd7, 0x82, 0x2d,
-	0xe2, 0x47, 0x73, 0x1d, 0xca, 0xa7, 0x99, 0xec, 0x1b, 0x3e, 0x5b, 0xcb, 0x57, 0xd7, 0x98, 0xbe,
-	0x94, 0xa4, 0x72, 0xce, 0x8f, 0xc3, 0xce, 0xdc, 0x83, 0xe2, 0x9b, 0xc6, 0x2f, 0x5d, 0x5f, 0x33,
-	0xa1, 0x38, 0xdd, 0xa9, 0xd3, 0x1f, 0xb3, 0xe0, 0x44, 0x56, 0x13, 0xe8, 0x18, 0x14, 0xb7, 0x48,
-	0x87, 0x6b, 0xc2, 0x98, 0xfe, 0x44, 0x2f, 0x43, 0x69, 0xdb, 0xf1, 0xda, 0x44, 0xa8, 0x69, 0x17,
-	0x0e, 0xf7, 0x21, 0xaa, 0x67, 0x98, 0xb7, 0xfa, 0xc3, 0x85, 0xe7, 0x2d, 0xfb, 0x8f, 0x8a, 0x30,
-	0x6c, 0x4c, 0xda, 0x5d, 0x50, 0x3d, 0x83, 0x84, 0xea, 0xb9, 0x9c, 0xdb, 0x7a, 0xeb, 0xa9, 0x7b,
-	0xde, 0x4c, 0xe9, 0x9e, 0x2b, 0xf9, 0x91, 0xdc, 0x53, 0xf9, 0x44, 0x31, 0x54, 0x82, 0x16, 0x3d,
-	0xa2, 0x51, 0x1d, 0x66, 0x20, 0x8f, 0x29, 0x5c, 0x91, 0xcd, 0xcd, 0x8d, 0xde, 0xda, 0x9d, 0xaa,
-	0xa8, 0xbf, 0x58, 0x13, 0xb2, 0xbf, 0x61, 0xc1, 0x09, 0xa3, 0x8f, 0xf3, 0x81, 0x5f, 0x67, 0x07,
-	0x0d, 0x74, 0x06, 0x06, 0xe2, 0x4e, 0x4b, 0x1e, 0x03, 0xd5, 0x48, 0xad, 0x75, 0x5a, 0x04, 0x33,
-	0xc8, 0xfd, 0x7e, 0x4a, 0xfa, 0xb4, 0x05, 0x0f, 0x64, 0x33, 0x18, 0xf4, 0x38, 0x0c, 0x72, 0x1b,
-	0x80, 0xf8, 0x3a, 0x3d, 0x25, 0xac, 0x14, 0x0b, 0x28, 0x9a, 0x81, 0x8a, 0x12, 0x78, 0xe2, 0x1b,
-	0x27, 0x04, 0x6a, 0x45, 0x4b, 0x49, 0x8d, 0x43, 0x07, 0x8d, 0xfe, 0x11, 0x2a, 0xa8, 0x1a, 0x34,
-	0x76, 0x68, 0x66, 0x10, 0xfb, 0xeb, 0x16, 0xbc, 0xb5, 0x1f, 0xb6, 0x77, 0x74, 0x7d, 0xac, 0xc2,
-	0xc9, 0x3a, 0xd9, 0x70, 0xda, 0x5e, 0x9c, 0xa4, 0x28, 0x3a, 0xfd, 0x88, 0xa8, 0x7c, 0x72, 0x21,
-	0x0b, 0x09, 0x67, 0xd7, 0xb5, 0xff, 0x93, 0xc5, 0x8e, 0xeb, 0xf2, 0xb3, 0xee, 0xc2, 0xd1, 0xc9,
-	0x4f, 0x1e, 0x9d, 0x16, 0x73, 0xdb, 0xa6, 0x3d, 0xce, 0x4e, 0x9f, 0xb0, 0xe0, 0xb4, 0x81, 0xb5,
-	0xec, 0xc4, 0xb5, 0xcd, 0x73, 0x3b, 0xad, 0x90, 0x44, 0x11, 0x5d, 0x52, 0x8f, 0x18, 0xec, 0x78,
-	0x6e, 0x58, 0xb4, 0x50, 0xbc, 0x4c, 0x3a, 0x9c, 0x37, 0x3f, 0x09, 0x65, 0xbe, 0xe7, 0x82, 0x50,
-	0x4c, 0x92, 0xfa, 0xb6, 0x15, 0x51, 0x8e, 0x15, 0x06, 0xb2, 0x61, 0x90, 0xf1, 0x5c, 0xca, 0x83,
-	0xa8, 0x9a, 0x00, 0x74, 0xde, 0xaf, 0xb1, 0x12, 0x2c, 0x20, 0x76, 0x94, 0xe8, 0xce, 0x6a, 0x48,
-	0xd8, 0x7a, 0xa8, 0x9f, 0x77, 0x89, 0x57, 0x8f, 0xe8, 0xb1, 0xce, 0xf1, 0xfd, 0x20, 0x16, 0x27,
-	0x34, 0xe3, 0x58, 0x37, 0xab, 0x8b, 0xb1, 0x89, 0x43, 0x89, 0x7a, 0xce, 0x3a, 0xf1, 0xf8, 0x88,
-	0x0a, 0xa2, 0x4b, 0xac, 0x04, 0x0b, 0x88, 0x7d, 0xab, 0xc0, 0x0e, 0x90, 0x8a, 0xa3, 0x91, 0xbb,
-	0x61, 0x7d, 0x08, 0x13, 0x22, 0x60, 0x35, 0x3f, 0x7e, 0x4c, 0x7a, 0x5b, 0x20, 0x5e, 0x4b, 0x49,
-	0x01, 0x9c, 0x2b, 0xd5, 0xbd, 0xad, 0x10, 0x1f, 0x28, 0xc2, 0x54, 0xb2, 0x42, 0x97, 0x10, 0xa1,
-	0x47, 0x5e, 0x83, 0x50, 0xda, 0x56, 0x67, 0xe0, 0x63, 0x13, 0xaf, 0x07, 0x1f, 0x2e, 0x1c, 0x25,
-	0x1f, 0x36, 0xc5, 0x44, 0x71, 0x1f, 0x31, 0xf1, 0xb8, 0x1a, 0xf5, 0x81, 0x14, 0xcf, 0x4b, 0x8a,
-	0xca, 0x33, 0x30, 0x10, 0xc5, 0xa4, 0x35, 0x59, 0x4a, 0xb2, 0xd9, 0x6a, 0x4c, 0x5a, 0x98, 0x41,
-	0xd0, 0x8f, 0xc2, 0x78, 0xec, 0x84, 0x0d, 0x12, 0x87, 0x64, 0xdb, 0x65, 0x76, 0x5d, 0x76, 0x9e,
-	0xad, 0xcc, 0x1d, 0xa7, 0x5a, 0xd7, 0x1a, 0x03, 0x61, 0x09, 0xc2, 0x69, 0x5c, 0xfb, 0xbf, 0x15,
-	0xe0, 0xc1, 0xe4, 0x14, 0x68, 0xc1, 0xf8, 0x63, 0x09, 0xc1, 0xf8, 0x76, 0x53, 0x30, 0xde, 0xde,
-	0x9d, 0x7a, 0xa8, 0x47, 0xb5, 0xef, 0x1a, 0xb9, 0x89, 0x2e, 0xa4, 0x26, 0x61, 0xa6, 0xcb, 0xca,
-	0xfa, 0x48, 0x8f, 0x6f, 0x4c, 0xcd, 0xd2, 0xe3, 0x30, 0x18, 0x12, 0x27, 0x0a, 0x7c, 0x31, 0x4f,
-	0x6a, 0x36, 0x31, 0x2b, 0xc5, 0x02, 0x6a, 0x7f, 0xad, 0x92, 0x1e, 0xec, 0x0b, 0xdc, 0x56, 0x1d,
-	0x84, 0xc8, 0x85, 0x01, 0x76, 0x6a, 0xe3, 0x9c, 0xe5, 0xf2, 0xe1, 0x76, 0x21, 0x95, 0x22, 0xaa,
-	0xe9, 0xb9, 0x32, 0x9d, 0x35, 0x5a, 0x84, 0x19, 0x09, 0xb4, 0x03, 0xe5, 0x9a, 0x3c, 0x4c, 0x15,
-	0xf2, 0x30, 0x3b, 0x8a, 0xa3, 0x94, 0xa6, 0x38, 0x42, 0xd9, 0xbd, 0x3a, 0x81, 0x29, 0x6a, 0x88,
-	0x40, 0xb1, 0xe1, 0xc6, 0x62, 0x5a, 0x0f, 0x79, 0x5c, 0xbe, 0xe0, 0x1a, 0x9f, 0x38, 0x44, 0x65,
-	0xd0, 0x05, 0x37, 0xc6, 0xb4, 0x7d, 0xf4, 0x11, 0x0b, 0x86, 0xa3, 0x5a, 0x73, 0x35, 0x0c, 0xb6,
-	0xdd, 0x3a, 0x09, 0x85, 0x8e, 0x79, 0x48, 0xce, 0x56, 0x9d, 0x5f, 0x96, 0x0d, 0x6a, 0xba, 0xdc,
-	0x7c, 0xa1, 0x21, 0xd8, 0xa4, 0x4b, 0xcf, 0x5e, 0x0f, 0x8a, 0x6f, 0x5f, 0x20, 0x35, 0xb6, 0xe3,
-	0xe4, 0x99, 0x99, 0xad, 0x94, 0x43, 0xeb, 0xdc, 0x0b, 0xed, 0xda, 0x16, 0xdd, 0x6f, 0xba, 0x43,
-	0x0f, 0xdd, 0xda, 0x9d, 0x7a, 0x70, 0x3e, 0x9b, 0x26, 0xee, 0xd5, 0x19, 0x36, 0x60, 0xad, 0xb6,
-	0xe7, 0x61, 0xf2, 0x6a, 0x9b, 0x30, 0x8b, 0x58, 0x0e, 0x03, 0xb6, 0xaa, 0x1b, 0x4c, 0x0d, 0x98,
-	0x01, 0xc1, 0x26, 0x5d, 0xf4, 0x2a, 0x0c, 0x36, 0x9d, 0x38, 0x74, 0x77, 0x84, 0x19, 0xec, 0x90,
-	0xa7, 0xa0, 0x65, 0xd6, 0x96, 0x26, 0xce, 0x04, 0x3d, 0x2f, 0xc4, 0x82, 0x10, 0x6a, 0x42, 0xa9,
-	0x49, 0xc2, 0x06, 0x99, 0x2c, 0xe7, 0x61, 0xf2, 0x5f, 0xa6, 0x4d, 0x69, 0x82, 0x15, 0xaa, 0x5c,
-	0xb1, 0x32, 0xcc, 0xa9, 0xa0, 0x97, 0xa1, 0x1c, 0x11, 0x8f, 0xd4, 0xa8, 0x7a, 0x54, 0x61, 0x14,
-	0x9f, 0xe9, 0x53, 0x55, 0xa4, 0x7a, 0x49, 0x55, 0x54, 0xe5, 0x1b, 0x4c, 0xfe, 0xc3, 0xaa, 0x49,
-	0x3a, 0x80, 0x2d, 0xaf, 0xdd, 0x70, 0xfd, 0x49, 0xc8, 0x63, 0x00, 0x57, 0x59, 0x5b, 0xa9, 0x01,
-	0xe4, 0x85, 0x58, 0x10, 0xb2, 0xff, 0xab, 0x05, 0x28, 0xc9, 0xd4, 0xee, 0x82, 0x4e, 0xfc, 0x6a,
-	0x52, 0x27, 0x5e, 0xca, 0x53, 0x69, 0xe9, 0xa1, 0x16, 0xff, 0x66, 0x05, 0x52, 0xe2, 0xe0, 0x0a,
-	0x89, 0x62, 0x52, 0x7f, 0x93, 0x85, 0xbf, 0xc9, 0xc2, 0xdf, 0x64, 0xe1, 0x8a, 0x85, 0xaf, 0xa7,
-	0x58, 0xf8, 0x3b, 0x8d, 0x5d, 0xaf, 0x7d, 0x0f, 0x5e, 0x51, 0xce, 0x09, 0x66, 0x0f, 0x0c, 0x04,
-	0xca, 0x09, 0x2e, 0x55, 0x57, 0xae, 0x64, 0xf2, 0xec, 0x57, 0x92, 0x3c, 0xfb, 0xb0, 0x24, 0xfe,
-	0x26, 0x70, 0xe9, 0xaf, 0x58, 0xf0, 0xb6, 0x24, 0xf7, 0x92, 0x2b, 0x67, 0xb1, 0xe1, 0x07, 0x21,
-	0x59, 0x70, 0x37, 0x36, 0x48, 0x48, 0xfc, 0x1a, 0x89, 0x94, 0x6d, 0xc7, 0xea, 0x65, 0xdb, 0x41,
-	0xcf, 0xc2, 0xc8, 0x8d, 0x28, 0xf0, 0x57, 0x03, 0xd7, 0x17, 0x2c, 0x88, 0x9e, 0x38, 0x8e, 0xdd,
-	0xda, 0x9d, 0x1a, 0xa1, 0x23, 0x2a, 0xcb, 0x71, 0x02, 0x0b, 0xcd, 0xc3, 0xc4, 0x8d, 0x57, 0x57,
-	0x9d, 0xd8, 0xb0, 0x26, 0xc8, 0x73, 0x3f, 0xbb, 0x8f, 0xba, 0xf4, 0x62, 0x0a, 0x88, 0xbb, 0xf1,
-	0xed, 0xbf, 0x57, 0x80, 0x53, 0xa9, 0x0f, 0x09, 0x3c, 0x2f, 0x68, 0xc7, 0xf4, 0x4c, 0x84, 0x3e,
-	0x6f, 0xc1, 0xb1, 0x66, 0xd2, 0x60, 0x11, 0x09, 0x73, 0xf7, 0x4f, 0xe4, 0x26, 0x23, 0x52, 0x16,
-	0x91, 0xb9, 0x49, 0x31, 0x42, 0xc7, 0x52, 0x80, 0x08, 0x77, 0xf5, 0x05, 0xbd, 0x0c, 0x95, 0xa6,
-	0xb3, 0x73, 0xb5, 0x55, 0x77, 0x62, 0x79, 0x1c, 0xed, 0x6d, 0x45, 0x68, 0xc7, 0xae, 0x37, 0xcd,
-	0xbd, 0x5a, 0xa6, 0x17, 0xfd, 0x78, 0x25, 0xac, 0xc6, 0xa1, 0xeb, 0x37, 0xb8, 0x91, 0x73, 0x59,
-	0x36, 0x83, 0x75, 0x8b, 0xf6, 0xe7, 0xac, 0xb4, 0x90, 0x52, 0xa3, 0x13, 0x3a, 0x31, 0x69, 0x74,
-	0xd0, 0xfb, 0xa0, 0x44, 0xcf, 0x8d, 0x72, 0x54, 0xae, 0xe7, 0x29, 0x39, 0x8d, 0x99, 0xd0, 0x42,
-	0x94, 0xfe, 0x8b, 0x30, 0x27, 0x6a, 0x7f, 0xbe, 0x92, 0x56, 0x16, 0xd8, 0xdd, 0xfc, 0x59, 0x80,
-	0x46, 0xb0, 0x46, 0x9a, 0x2d, 0x8f, 0x0e, 0x8b, 0xc5, 0x2e, 0x78, 0x94, 0xa9, 0xe4, 0x82, 0x82,
-	0x60, 0x03, 0x0b, 0xfd, 0x82, 0x05, 0xd0, 0x90, 0x6b, 0x5e, 0x2a, 0x02, 0x57, 0xf3, 0xfc, 0x1c,
-	0xbd, 0xa3, 0x74, 0x5f, 0x14, 0x41, 0x6c, 0x10, 0x47, 0x3f, 0x6b, 0x41, 0x39, 0x96, 0xdd, 0xe7,
-	0xa2, 0x71, 0x2d, 0xcf, 0x9e, 0xc8, 0x8f, 0xd6, 0x3a, 0x91, 0x1a, 0x12, 0x45, 0x17, 0xfd, 0x9c,
-	0x05, 0x10, 0x75, 0xfc, 0xda, 0x6a, 0xe0, 0xb9, 0xb5, 0x8e, 0x90, 0x98, 0xd7, 0x72, 0x35, 0xe7,
-	0xa8, 0xd6, 0xe7, 0xc6, 0xe8, 0x68, 0xe8, 0xff, 0xd8, 0xa0, 0x8c, 0xde, 0x0f, 0xe5, 0x48, 0x2c,
-	0x37, 0x21, 0x23, 0xd7, 0xf2, 0x35, 0x2a, 0xf1, 0xb6, 0x05, 0x7b, 0x15, 0xff, 0xb0, 0xa2, 0x89,
-	0x3e, 0x63, 0xc1, 0x78, 0x2b, 0x69, 0x26, 0x14, 0xe2, 0x30, 0x3f, 0x1e, 0x90, 0x32, 0x43, 0x72,
-	0x6b, 0x4b, 0xaa, 0x10, 0xa7, 0x7b, 0x41, 0x39, 0xa0, 0x5e, 0xc1, 0x2b, 0x2d, 0x6e, 0xb2, 0x1c,
-	0xd2, 0x1c, 0xf0, 0x42, 0x1a, 0x88, 0xbb, 0xf1, 0xd1, 0x2a, 0x9c, 0xa0, 0xbd, 0xeb, 0x70, 0xf5,
-	0x53, 0x8a, 0x97, 0x88, 0x09, 0xc3, 0xf2, 0xdc, 0xc3, 0x62, 0x85, 0xb0, 0xbb, 0x8e, 0x34, 0x0e,
-	0xce, 0xac, 0x89, 0xfe, 0xc8, 0x82, 0x87, 0x5d, 0x26, 0x06, 0x4c, 0x83, 0xbd, 0x96, 0x08, 0xe2,
-	0xa2, 0x9d, 0xe4, 0xca, 0x2b, 0x7a, 0x89, 0x9f, 0xb9, 0xb7, 0x8a, 0x2f, 0x78, 0x78, 0x71, 0x8f,
-	0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x08, 0x46, 0xe5, 0xbe, 0x58, 0xa5, 0x2c, 0x98, 0x09, 0xda,
-	0xca, 0xdc, 0xc4, 0xad, 0xdd, 0xa9, 0xd1, 0x35, 0x13, 0x80, 0x93, 0x78, 0xf6, 0xbf, 0x2e, 0x26,
-	0x6e, 0x89, 0x94, 0x0d, 0x93, 0xb1, 0x9b, 0x9a, 0xb4, 0xff, 0x48, 0xee, 0x99, 0x2b, 0xbb, 0x51,
-	0xd6, 0x25, 0xcd, 0x6e, 0x54, 0x51, 0x84, 0x0d, 0xe2, 0x54, 0x29, 0x9d, 0x70, 0xd2, 0x96, 0x52,
-	0xc1, 0x01, 0x5f, 0xce, 0xb3, 0x4b, 0xdd, 0x77, 0x7a, 0xa7, 0x44, 0xd7, 0x26, 0xba, 0x40, 0xb8,
-	0xbb, 0x4b, 0xe8, 0xa7, 0xa1, 0x12, 0x2a, 0xcf, 0x96, 0x62, 0x1e, 0x47, 0x35, 0xb9, 0x6c, 0x44,
-	0x77, 0xd4, 0x05, 0x90, 0xf6, 0x61, 0xd1, 0x14, 0xed, 0x3f, 0x4c, 0x5e, 0x8c, 0x19, 0xbc, 0xa3,
-	0x8f, 0x4b, 0xbf, 0x4f, 0x5a, 0x30, 0x1c, 0x06, 0x9e, 0xe7, 0xfa, 0x0d, 0xca, 0xe7, 0x84, 0xb0,
-	0x7e, 0xf7, 0x91, 0xc8, 0x4b, 0xc1, 0xd0, 0x98, 0x66, 0x8d, 0x35, 0x4d, 0x6c, 0x76, 0xc0, 0xfe,
-	0xa6, 0x05, 0x93, 0xbd, 0xf8, 0x31, 0x22, 0xf0, 0x90, 0x64, 0x36, 0x6a, 0x28, 0x56, 0xfc, 0x05,
-	0xe2, 0x11, 0x65, 0x36, 0x2f, 0xcf, 0x3d, 0x26, 0x3e, 0xf3, 0xa1, 0xd5, 0xde, 0xa8, 0x78, 0xaf,
-	0x76, 0xd0, 0x4b, 0x70, 0xcc, 0xf8, 0xae, 0x48, 0x0d, 0x4c, 0x65, 0x6e, 0x9a, 0x2a, 0x40, 0xb3,
-	0x29, 0xd8, 0xed, 0xdd, 0xa9, 0x07, 0xd2, 0x65, 0x42, 0x60, 0x74, 0xb5, 0x63, 0xff, 0x6a, 0x21,
-	0x3d, 0x5b, 0x4a, 0xd6, 0xbf, 0x61, 0x75, 0x59, 0x13, 0x7e, 0xe2, 0x28, 0xe4, 0x2b, 0xb3, 0x3b,
-	0x28, 0x37, 0x8c, 0xde, 0x38, 0xf7, 0xf0, 0xda, 0xde, 0xfe, 0x37, 0x03, 0xb0, 0x47, 0xcf, 0xfa,
-	0x50, 0xde, 0x0f, 0x7c, 0x8f, 0xfa, 0x71, 0x4b, 0x5d, 0x98, 0xf1, 0x3d, 0x5c, 0x3f, 0xaa, 0xb1,
-	0xe7, 0xe7, 0xa7, 0x88, 0xbb, 0x8e, 0x28, 0x2b, 0x7a, 0xf2, 0x6a, 0x0e, 0x7d, 0xc1, 0x4a, 0x5e,
-	0xf9, 0x71, 0xa7, 0x46, 0xf7, 0xc8, 0xfa, 0x64, 0xdc, 0x23, 0xf2, 0x8e, 0xe9, 0xdb, 0xa7, 0x5e,
-	0x37, 0x8c, 0xd3, 0x00, 0x1b, 0xae, 0xef, 0x78, 0xee, 0x6b, 0xf4, 0x74, 0x54, 0x62, 0x02, 0x9e,
-	0x69, 0x4c, 0xe7, 0x55, 0x29, 0x36, 0x30, 0x4e, 0xff, 0xff, 0x30, 0x6c, 0x7c, 0x79, 0x86, 0xc7,
-	0xcb, 0x09, 0xd3, 0xe3, 0xa5, 0x62, 0x38, 0xaa, 0x9c, 0x7e, 0x27, 0x1c, 0x4b, 0x77, 0xf0, 0x20,
-	0xf5, 0xed, 0xff, 0x35, 0x94, 0xbe, 0x83, 0x5b, 0x23, 0x61, 0x93, 0x76, 0xed, 0x4d, 0xc3, 0xd6,
-	0x9b, 0x86, 0xad, 0x37, 0x0d, 0x5b, 0xe6, 0xdd, 0x84, 0x30, 0xda, 0x0c, 0xdd, 0x25, 0xa3, 0x4d,
-	0xc2, 0x0c, 0x55, 0xce, 0xdd, 0x0c, 0x65, 0x7f, 0xa4, 0xcb, 0x72, 0xbf, 0x16, 0x12, 0x82, 0x02,
-	0x28, 0xf9, 0x41, 0x9d, 0x48, 0x1d, 0xf7, 0x52, 0x3e, 0x0a, 0xdb, 0x95, 0xa0, 0x6e, 0xb8, 0x8b,
-	0xd3, 0x7f, 0x11, 0xe6, 0x74, 0xec, 0x0f, 0x0f, 0x42, 0x42, 0x9d, 0xe4, 0xf3, 0xfe, 0x03, 0x30,
-	0x14, 0x92, 0x56, 0x70, 0x15, 0x2f, 0x09, 0x59, 0xa6, 0xa3, 0x6d, 0x78, 0x31, 0x96, 0x70, 0x2a,
-	0xf3, 0x5a, 0x4e, 0xbc, 0x29, 0x84, 0x99, 0x92, 0x79, 0xab, 0x4e, 0xbc, 0x89, 0x19, 0x04, 0xbd,
-	0x13, 0xc6, 0xe2, 0xc4, 0x55, 0xb8, 0xb8, 0xf2, 0x7d, 0x40, 0xe0, 0x8e, 0x25, 0x2f, 0xca, 0x71,
-	0x0a, 0x1b, 0xbd, 0x0a, 0x03, 0x9b, 0xc4, 0x6b, 0x8a, 0xa9, 0xaf, 0xe6, 0x27, 0x6b, 0xd8, 0xb7,
-	0x5e, 0x24, 0x5e, 0x93, 0x73, 0x42, 0xfa, 0x0b, 0x33, 0x52, 0x74, 0xdd, 0x57, 0xb6, 0xda, 0x51,
-	0x1c, 0x34, 0xdd, 0xd7, 0xa4, 0xa5, 0xf3, 0x27, 0x72, 0x26, 0x7c, 0x59, 0xb6, 0xcf, 0x4d, 0x4a,
-	0xea, 0x2f, 0xd6, 0x94, 0x59, 0x3f, 0xea, 0x6e, 0xc8, 0x96, 0x4c, 0x47, 0x18, 0x2c, 0xf3, 0xee,
-	0xc7, 0x82, 0x6c, 0x9f, 0xf7, 0x43, 0xfd, 0xc5, 0x9a, 0x32, 0xea, 0xa8, 0xfd, 0x37, 0xcc, 0xfa,
-	0x70, 0x35, 0xe7, 0x3e, 0xf0, 0xbd, 0x97, 0xb9, 0x0f, 0x1f, 0x83, 0x52, 0x6d, 0xd3, 0x09, 0xe3,
-	0xc9, 0x11, 0xb6, 0x68, 0xd4, 0x2a, 0x9e, 0xa7, 0x85, 0x98, 0xc3, 0xd0, 0x23, 0x50, 0x0c, 0xc9,
-	0x06, 0xf3, 0x4e, 0x36, 0xfc, 0xa2, 0x30, 0xd9, 0xc0, 0xb4, 0x5c, 0xe9, 0x65, 0x63, 0x3d, 0x1d,
-	0xe6, 0x7e, 0xb9, 0x90, 0x54, 0xec, 0x92, 0x23, 0xc3, 0xf7, 0x43, 0xad, 0x1d, 0x46, 0xd2, 0x40,
-	0x66, 0xec, 0x07, 0x56, 0x8c, 0x25, 0x1c, 0x7d, 0xd0, 0x82, 0xa1, 0x1b, 0x51, 0xe0, 0xfb, 0x24,
-	0x16, 0x42, 0xf4, 0x5a, 0xce, 0x83, 0x75, 0x89, 0xb7, 0xae, 0xfb, 0x20, 0x0a, 0xb0, 0xa4, 0x4b,
-	0xbb, 0x4b, 0x76, 0x6a, 0x5e, 0xbb, 0xde, 0xe5, 0x0c, 0x73, 0x8e, 0x17, 0x63, 0x09, 0xa7, 0xa8,
-	0xae, 0xcf, 0x51, 0x07, 0x92, 0xa8, 0x8b, 0xbe, 0x40, 0x15, 0x70, 0xfb, 0xd7, 0xcb, 0x70, 0x32,
-	0x73, 0xfb, 0x50, 0x95, 0x8b, 0x29, 0x35, 0xe7, 0x5d, 0x8f, 0x48, 0x37, 0x30, 0xa6, 0x72, 0x5d,
-	0x53, 0xa5, 0xd8, 0xc0, 0x40, 0x3f, 0x03, 0xd0, 0x72, 0x42, 0xa7, 0x49, 0x94, 0x01, 0xfb, 0xd0,
-	0x9a, 0x0d, 0xed, 0xc7, 0xaa, 0x6c, 0x53, 0x1f, 0xe2, 0x55, 0x51, 0x84, 0x0d, 0x92, 0xe8, 0x39,
-	0x18, 0x0e, 0x89, 0x47, 0x9c, 0x88, 0xb9, 0xbf, 0xa7, 0x63, 0x79, 0xb0, 0x06, 0x61, 0x13, 0x0f,
-	0x3d, 0xae, 0x3c, 0xe6, 0x52, 0x9e, 0x43, 0x49, 0xaf, 0x39, 0xf4, 0x29, 0x0b, 0xc6, 0x36, 0x5c,
-	0x8f, 0x68, 0xea, 0x22, 0xf2, 0x66, 0xe5, 0xf0, 0x1f, 0x79, 0xde, 0x6c, 0x57, 0xf3, 0xd0, 0x44,
-	0x71, 0x84, 0x53, 0xe4, 0xe9, 0x34, 0x6f, 0x93, 0x90, 0x31, 0xdf, 0xc1, 0xe4, 0x34, 0x5f, 0xe3,
-	0xc5, 0x58, 0xc2, 0xd1, 0x2c, 0x8c, 0xb7, 0x9c, 0x28, 0x9a, 0x0f, 0x49, 0x9d, 0xf8, 0xb1, 0xeb,
-	0x78, 0x3c, 0x2e, 0xa6, 0xac, 0xdd, 0xc9, 0x57, 0x93, 0x60, 0x9c, 0xc6, 0x47, 0xef, 0x82, 0x07,
-	0xb9, 0x85, 0x68, 0xd9, 0x8d, 0x22, 0xd7, 0x6f, 0xe8, 0x65, 0x20, 0x0c, 0x65, 0x53, 0xa2, 0xa9,
-	0x07, 0x17, 0xb3, 0xd1, 0x70, 0xaf, 0xfa, 0xe8, 0x49, 0x28, 0x47, 0x5b, 0x6e, 0x6b, 0x3e, 0xac,
-	0x47, 0xec, 0x76, 0xa8, 0xac, 0xcd, 0xb2, 0x55, 0x51, 0x8e, 0x15, 0x06, 0xaa, 0xc1, 0x08, 0x9f,
-	0x12, 0xee, 0xf2, 0x27, 0x38, 0xe8, 0x53, 0x3d, 0x05, 0xb9, 0x08, 0x81, 0x9d, 0xc6, 0xce, 0xcd,
-	0x73, 0xf2, 0xae, 0x8a, 0x5f, 0xad, 0x5c, 0x33, 0x9a, 0xc1, 0x89, 0x46, 0x93, 0x67, 0xba, 0xe1,
-	0x3e, 0xce, 0x74, 0xcf, 0xc1, 0xf0, 0x56, 0x7b, 0x9d, 0x88, 0x91, 0x17, 0x8c, 0x4d, 0xad, 0xbe,
-	0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xe6, 0x6d, 0xd9, 0x72, 0xc5, 0xbf, 0x68, 0x72, 0xd4, 0xf0, 0xb6,
-	0x5c, 0x5d, 0x94, 0xc5, 0xd8, 0xc4, 0xa1, 0x5d, 0xa3, 0x63, 0xb1, 0x46, 0x22, 0x16, 0x4c, 0x41,
-	0x87, 0x4b, 0x75, 0xad, 0x2a, 0x01, 0x58, 0xe3, 0xa0, 0x55, 0x38, 0x41, 0xff, 0x54, 0x59, 0x08,
-	0xf0, 0x35, 0xc7, 0x73, 0xeb, 0xdc, 0xf5, 0x6f, 0x3c, 0x69, 0xdf, 0xac, 0x66, 0xe0, 0xe0, 0xcc,
-	0x9a, 0xf6, 0x67, 0x0b, 0x49, 0xcb, 0x89, 0xc9, 0xc2, 0x50, 0x44, 0x19, 0x55, 0x7c, 0xcd, 0x09,
-	0xa5, 0xc2, 0x73, 0xc8, 0xe0, 0x26, 0xd1, 0xee, 0x35, 0x27, 0x34, 0x59, 0x1e, 0x23, 0x80, 0x25,
-	0x25, 0x74, 0x03, 0x06, 0x62, 0xcf, 0xc9, 0x29, 0x1a, 0xd2, 0xa0, 0xa8, 0x0d, 0x59, 0x4b, 0xb3,
-	0x11, 0x66, 0x34, 0xd0, 0xc3, 0xf4, 0xf4, 0xb6, 0x2e, 0x6f, 0xda, 0xc4, 0x81, 0x6b, 0x3d, 0xc2,
-	0xac, 0xd4, 0xfe, 0xdb, 0xa3, 0x19, 0x52, 0x47, 0x29, 0x02, 0xe8, 0x2c, 0x00, 0x5d, 0x34, 0xab,
-	0x21, 0xd9, 0x70, 0x77, 0x84, 0x22, 0xa6, 0x38, 0xdb, 0x15, 0x05, 0xc1, 0x06, 0x96, 0xac, 0x53,
-	0x6d, 0x6f, 0xd0, 0x3a, 0x85, 0xee, 0x3a, 0x1c, 0x82, 0x0d, 0x2c, 0xf4, 0x2c, 0x0c, 0xba, 0x4d,
-	0xa7, 0xa1, 0x1c, 0x81, 0x1f, 0xa6, 0x2c, 0x6d, 0x91, 0x95, 0xdc, 0xde, 0x9d, 0x1a, 0x53, 0x1d,
-	0x62, 0x45, 0x58, 0xe0, 0xa2, 0x5f, 0xb5, 0x60, 0xa4, 0x16, 0x34, 0x9b, 0x81, 0xcf, 0x8f, 0xcf,
-	0xc2, 0x16, 0x70, 0xe3, 0xa8, 0xd4, 0xa4, 0xe9, 0x79, 0x83, 0x18, 0x37, 0x06, 0xa8, 0xb0, 0x4d,
-	0x13, 0x84, 0x13, 0xbd, 0x32, 0x39, 0x5f, 0x69, 0x1f, 0xce, 0xf7, 0x1b, 0x16, 0x4c, 0xf0, 0xba,
-	0xc6, 0xa9, 0x5e, 0x44, 0x28, 0x06, 0x47, 0xfc, 0x59, 0x5d, 0x86, 0x0e, 0x65, 0xec, 0xed, 0x82,
-	0xe3, 0xee, 0x4e, 0xa2, 0x0b, 0x30, 0xb1, 0x11, 0x84, 0x35, 0x62, 0x0e, 0x84, 0x60, 0xdb, 0xaa,
-	0xa1, 0xf3, 0x69, 0x04, 0xdc, 0x5d, 0x07, 0x5d, 0x83, 0x07, 0x8c, 0x42, 0x73, 0x1c, 0x38, 0xe7,
-	0x7e, 0x54, 0xb4, 0xf6, 0xc0, 0xf9, 0x4c, 0x2c, 0xdc, 0xa3, 0x76, 0x92, 0x49, 0x56, 0xfa, 0x60,
-	0x92, 0xaf, 0xc0, 0xa9, 0x5a, 0xf7, 0xc8, 0x6c, 0x47, 0xed, 0xf5, 0x88, 0xf3, 0xf1, 0xf2, 0xdc,
-	0xf7, 0x89, 0x06, 0x4e, 0xcd, 0xf7, 0x42, 0xc4, 0xbd, 0xdb, 0x40, 0xef, 0x83, 0x72, 0x48, 0xd8,
-	0xac, 0x44, 0x22, 0x5c, 0xef, 0x90, 0xd6, 0x0e, 0xad, 0xc1, 0xf3, 0x66, 0xb5, 0x64, 0x12, 0x05,
-	0x11, 0x56, 0x14, 0xd1, 0x4d, 0x18, 0x6a, 0x39, 0x71, 0x6d, 0x53, 0x04, 0xe9, 0x1d, 0xda, 0x36,
-	0xaf, 0x88, 0xb3, 0xab, 0x14, 0x23, 0xe5, 0x01, 0x27, 0x82, 0x25, 0x35, 0xaa, 0xab, 0xd5, 0x82,
-	0x66, 0x2b, 0xf0, 0x89, 0x1f, 0x4b, 0x21, 0x32, 0xc6, 0xef, 0x3b, 0x64, 0x29, 0x36, 0x30, 0xba,
-	0x64, 0xb9, 0x46, 0x9b, 0x9c, 0xd8, 0x43, 0x96, 0x1b, 0xad, 0xf5, 0xaa, 0x4f, 0x85, 0x0d, 0x33,
-	0x2b, 0x5e, 0x77, 0xe3, 0xcd, 0xa0, 0x1d, 0xcb, 0x53, 0xb2, 0x10, 0x54, 0x4a, 0xd8, 0x2c, 0x65,
-	0xe0, 0xe0, 0xcc, 0x9a, 0x69, 0xc9, 0x3a, 0x7e, 0x67, 0x92, 0xf5, 0x58, 0x1f, 0x92, 0xb5, 0x0a,
-	0x27, 0x59, 0x0f, 0x84, 0x96, 0x2c, 0x8d, 0x96, 0xd1, 0x24, 0x62, 0x9d, 0x57, 0xf1, 0x2d, 0x4b,
-	0x59, 0x48, 0x38, 0xbb, 0xee, 0xe9, 0x1f, 0x83, 0x89, 0x2e, 0x26, 0x77, 0x20, 0x83, 0xe4, 0x02,
-	0x3c, 0x90, 0xcd, 0x4e, 0x0e, 0x64, 0x96, 0xfc, 0xf5, 0x94, 0x5f, 0xba, 0x71, 0x44, 0xeb, 0xc3,
-	0xc4, 0xed, 0x40, 0x91, 0xf8, 0xdb, 0x42, 0xba, 0x9e, 0x3f, 0xdc, 0xaa, 0x3e, 0xe7, 0x6f, 0x73,
-	0x6e, 0xc8, 0xec, 0x78, 0xe7, 0xfc, 0x6d, 0x4c, 0xdb, 0x46, 0xbf, 0x64, 0x25, 0x0e, 0x10, 0xdc,
-	0x30, 0xfe, 0x9e, 0x23, 0x39, 0x93, 0xf6, 0x7d, 0xa6, 0xb0, 0xff, 0x6d, 0x01, 0xce, 0xec, 0xd7,
-	0x48, 0x1f, 0xc3, 0xf7, 0x18, 0x0c, 0x46, 0xcc, 0xd3, 0x44, 0x88, 0xab, 0x61, 0xba, 0x8b, 0xb9,
-	0xef, 0xc9, 0x2b, 0x58, 0x80, 0x90, 0x07, 0xc5, 0xa6, 0xd3, 0x12, 0xf6, 0xd2, 0xc5, 0xc3, 0xc6,
-	0xef, 0xd1, 0xff, 0x8e, 0xb7, 0xec, 0xb4, 0xf8, 0x9a, 0x37, 0x0a, 0x30, 0x25, 0x83, 0x62, 0x28,
-	0x39, 0x61, 0xe8, 0x48, 0xb7, 0x86, 0xcb, 0xf9, 0xd0, 0x9b, 0xa5, 0x4d, 0xf2, 0x5b, 0xe1, 0x44,
-	0x11, 0xe6, 0xc4, 0xec, 0xcf, 0x94, 0x13, 0xc1, 0x5e, 0xcc, 0x57, 0x25, 0x82, 0x41, 0x61, 0x26,
-	0xb5, 0xf2, 0x0e, 0x9b, 0xe4, 0xd1, 0xd4, 0xcc, 0x02, 0x21, 0x72, 0x52, 0x08, 0x52, 0xe8, 0x63,
-	0x16, 0xcb, 0xfc, 0x20, 0x23, 0xe8, 0xc4, 0xa9, 0xfe, 0x68, 0x12, 0x51, 0x98, 0xf9, 0x24, 0x64,
-	0x21, 0x36, 0xa9, 0x8b, 0xec, 0x36, 0xec, 0x34, 0xd3, 0x9d, 0xdd, 0x86, 0x9d, 0x4e, 0x24, 0x1c,
-	0xed, 0x64, 0xf8, 0xa4, 0xe4, 0x90, 0x3d, 0xa0, 0x0f, 0x2f, 0x94, 0x2f, 0x58, 0x30, 0xe1, 0xa6,
-	0x9d, 0x0b, 0xc4, 0x19, 0xf8, 0x7a, 0x3e, 0x36, 0xcd, 0x6e, 0xdf, 0x05, 0xa5, 0xe8, 0x74, 0x81,
-	0x70, 0x77, 0x67, 0x50, 0x1d, 0x06, 0x5c, 0x7f, 0x23, 0x10, 0xea, 0xdd, 0xdc, 0xe1, 0x3a, 0xb5,
-	0xe8, 0x6f, 0x04, 0x7a, 0x37, 0xd3, 0x7f, 0x98, 0xb5, 0x8e, 0x96, 0xe0, 0x84, 0x8c, 0xf7, 0xb9,
-	0xe8, 0x46, 0x71, 0x10, 0x76, 0x96, 0xdc, 0xa6, 0x1b, 0x33, 0xd5, 0xac, 0x38, 0x37, 0x49, 0xc5,
-	0x1b, 0xce, 0x80, 0xe3, 0xcc, 0x5a, 0xe8, 0x35, 0x18, 0x92, 0x17, 0xfa, 0xe5, 0x3c, 0xec, 0x09,
-	0xdd, 0xeb, 0x5f, 0x2d, 0xa6, 0xaa, 0xb8, 0xd1, 0x97, 0x04, 0xd1, 0x47, 0x2d, 0x18, 0xe3, 0xbf,
-	0x2f, 0x76, 0xea, 0x3c, 0xc4, 0xb0, 0x92, 0x87, 0xd7, 0x7e, 0x35, 0xd1, 0xe6, 0x1c, 0xba, 0xb5,
-	0x3b, 0x35, 0x96, 0x2c, 0xc3, 0x29, 0xba, 0xf6, 0x3f, 0x19, 0x81, 0x6e, 0x17, 0x88, 0xa4, 0xbf,
-	0x83, 0x75, 0xb7, 0xfd, 0x1d, 0xe8, 0xa9, 0x32, 0xd2, 0xae, 0x0a, 0x39, 0x6c, 0x33, 0x41, 0x55,
-	0x5f, 0x43, 0x77, 0xfc, 0x1a, 0x66, 0x34, 0x50, 0x1b, 0x06, 0x79, 0x72, 0x29, 0x21, 0x01, 0x0e,
-	0x7f, 0xf3, 0x6d, 0x26, 0xa9, 0xd2, 0x66, 0x2d, 0x5e, 0x8a, 0x05, 0x31, 0xb4, 0x03, 0x43, 0x9b,
-	0x7c, 0x39, 0x8a, 0xb3, 0xde, 0xf2, 0x61, 0xc7, 0x37, 0xb1, 0xc6, 0xf5, 0xe2, 0x13, 0x05, 0x58,
-	0x92, 0x63, 0xee, 0x75, 0x86, 0x03, 0x10, 0x67, 0x24, 0xf9, 0x45, 0x4b, 0xf6, 0xef, 0xfd, 0xf3,
-	0x5e, 0x18, 0x09, 0x49, 0x2d, 0xf0, 0x6b, 0xae, 0x47, 0xea, 0xb3, 0xf2, 0x42, 0xec, 0x20, 0x41,
-	0x72, 0xcc, 0x9a, 0x84, 0x8d, 0x36, 0x70, 0xa2, 0x45, 0xb6, 0xcf, 0x54, 0xe0, 0x3c, 0x9d, 0x10,
-	0x22, 0x2e, 0x3e, 0x96, 0x72, 0x0a, 0xd3, 0x67, 0x6d, 0xf2, 0x7d, 0x96, 0x2c, 0xc3, 0x29, 0xba,
-	0xe8, 0x25, 0x80, 0x60, 0x9d, 0xfb, 0xd0, 0xcd, 0xc6, 0xe2, 0x16, 0xe4, 0x20, 0x9f, 0x3a, 0xc6,
-	0x83, 0x6d, 0x65, 0x0b, 0xd8, 0x68, 0x0d, 0x5d, 0x06, 0xe0, 0x3b, 0x67, 0xad, 0xd3, 0x92, 0x07,
-	0x42, 0x19, 0xe5, 0x08, 0x55, 0x05, 0xb9, 0xbd, 0x3b, 0xd5, 0x6d, 0x73, 0x66, 0x8e, 0x42, 0x46,
-	0x75, 0xf4, 0x53, 0x30, 0x14, 0xb5, 0x9b, 0x4d, 0x47, 0xdd, 0x91, 0xe4, 0x18, 0xbe, 0xcb, 0xdb,
-	0x35, 0x18, 0x23, 0x2f, 0xc0, 0x92, 0x22, 0xba, 0x41, 0x59, 0xbc, 0xe0, 0x50, 0x7c, 0x17, 0x71,
-	0x0d, 0x85, 0x5b, 0x02, 0xdf, 0x21, 0x4f, 0x31, 0x38, 0x03, 0xe7, 0xf6, 0xee, 0xd4, 0x03, 0xc9,
-	0xf2, 0xa5, 0x40, 0x04, 0xd4, 0x66, 0xb6, 0x89, 0x2e, 0xc9, 0x3c, 0x5a, 0xf4, 0xb3, 0x65, 0x7a,
-	0x97, 0x27, 0x74, 0x1e, 0x2d, 0x56, 0xdc, 0x7b, 0xcc, 0xcc, 0xca, 0x68, 0x19, 0x8e, 0xd7, 0x02,
-	0x3f, 0x0e, 0x03, 0xcf, 0xe3, 0x39, 0xf6, 0xf8, 0xd9, 0x9c, 0xdf, 0xa1, 0x3c, 0x24, 0xba, 0x7d,
-	0x7c, 0xbe, 0x1b, 0x05, 0x67, 0xd5, 0xa3, 0x3a, 0x79, 0x5a, 0x3e, 0x8c, 0xe5, 0x72, 0xbd, 0x9e,
-	0x68, 0x53, 0x70, 0x28, 0x65, 0xf6, 0xde, 0x47, 0x52, 0xf8, 0xc9, 0x4b, 0x56, 0x31, 0x63, 0xcf,
-	0xc2, 0x08, 0xd9, 0x89, 0x49, 0xe8, 0x3b, 0xde, 0x55, 0xbc, 0x24, 0x2f, 0x2c, 0xd8, 0xc6, 0x3c,
-	0x67, 0x94, 0xe3, 0x04, 0x16, 0xb2, 0x95, 0x95, 0xcc, 0x88, 0x5c, 0xe7, 0x56, 0x32, 0x69, 0x13,
-	0xb3, 0xbf, 0x54, 0x4c, 0xe8, 0xac, 0xf7, 0xe4, 0x4a, 0x97, 0xa5, 0x48, 0x92, 0xb9, 0xa4, 0x18,
-	0x40, 0x9c, 0xc5, 0xf2, 0xa4, 0xac, 0x52, 0x24, 0xad, 0x98, 0x84, 0x70, 0x92, 0x2e, 0xda, 0x82,
-	0xd2, 0x66, 0x10, 0xc5, 0xf2, 0x84, 0x76, 0xc8, 0xc3, 0xe0, 0xc5, 0x20, 0x8a, 0x99, 0xa2, 0xa5,
-	0x3e, 0x9b, 0x96, 0x44, 0x98, 0xd3, 0xa0, 0x67, 0xff, 0x68, 0xd3, 0x09, 0xeb, 0xd1, 0x3c, 0xcb,
-	0x33, 0x31, 0xc0, 0x34, 0x2c, 0xa5, 0x4f, 0x57, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x77, 0xac, 0xc4,
-	0xad, 0xd6, 0x75, 0x16, 0x34, 0xb0, 0x4d, 0x7c, 0xca, 0xa2, 0x4c, 0x37, 0xc5, 0x1f, 0x4a, 0x85,
-	0x60, 0xbf, 0xad, 0x57, 0x3a, 0xcc, 0x9b, 0xb4, 0x85, 0x69, 0xd6, 0x84, 0xe1, 0xd1, 0xf8, 0x01,
-	0x2b, 0x19, 0x4b, 0x5f, 0xc8, 0xe3, 0xe8, 0x66, 0xe6, 0x93, 0xd8, 0x37, 0x2c, 0xdf, 0xfe, 0x25,
-	0x0b, 0x86, 0xe6, 0x9c, 0xda, 0x56, 0xb0, 0xb1, 0x81, 0x9e, 0x84, 0x72, 0xbd, 0x1d, 0x9a, 0x61,
-	0xfd, 0xca, 0x58, 0xb5, 0x20, 0xca, 0xb1, 0xc2, 0xa0, 0x4b, 0x7f, 0xc3, 0xa9, 0xc9, 0xac, 0x12,
-	0x45, 0xbe, 0xf4, 0xcf, 0xb3, 0x12, 0x2c, 0x20, 0x74, 0xf8, 0x9b, 0xce, 0x8e, 0xac, 0x9c, 0xbe,
-	0x52, 0x5b, 0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0xbf, 0x6f, 0xc1, 0xe4, 0x9c, 0x13, 0xb9, 0xb5, 0xd9,
-	0x76, 0xbc, 0x39, 0xe7, 0xc6, 0xeb, 0xed, 0xda, 0x16, 0x89, 0x79, 0xf6, 0x11, 0xda, 0xcb, 0x76,
-	0x44, 0x77, 0xa0, 0x3a, 0x31, 0xab, 0x5e, 0x5e, 0x15, 0xe5, 0x58, 0x61, 0xa0, 0xd7, 0x60, 0xb8,
-	0xe5, 0x44, 0xd1, 0xcd, 0x20, 0xac, 0x63, 0xb2, 0x91, 0x4f, 0x7e, 0xa2, 0x2a, 0xa9, 0x85, 0x24,
-	0xc6, 0x64, 0x43, 0x38, 0xa8, 0xe8, 0xf6, 0xb1, 0x49, 0xcc, 0xfe, 0x05, 0x0b, 0x4e, 0xcc, 0x11,
-	0x27, 0x24, 0x21, 0x4b, 0x67, 0xa4, 0x3e, 0x04, 0xbd, 0x0a, 0xe5, 0x98, 0x96, 0xd0, 0x1e, 0x59,
-	0xf9, 0xf6, 0x88, 0xb9, 0x96, 0xac, 0x89, 0xc6, 0xb1, 0x22, 0x63, 0x7f, 0xd2, 0x82, 0x53, 0x59,
-	0x7d, 0x99, 0xf7, 0x82, 0x76, 0xfd, 0x5e, 0x74, 0xe8, 0xef, 0x5a, 0x30, 0xc2, 0xae, 0xeb, 0x17,
-	0x48, 0xec, 0xb8, 0x5e, 0x57, 0x2a, 0x45, 0xab, 0xcf, 0x54, 0x8a, 0x67, 0x60, 0x60, 0x33, 0x68,
-	0x92, 0xb4, 0xab, 0xc9, 0xc5, 0xa0, 0x49, 0x30, 0x83, 0xa0, 0xa7, 0xe9, 0x22, 0x74, 0xfd, 0xd8,
-	0xa1, 0xdb, 0x51, 0x5e, 0x67, 0x8c, 0xf3, 0x05, 0xa8, 0x8a, 0xb1, 0x89, 0x63, 0xff, 0x4e, 0x05,
-	0x86, 0x84, 0x5f, 0x54, 0xdf, 0xd9, 0x70, 0xa4, 0x15, 0xa7, 0xd0, 0xd3, 0x8a, 0x13, 0xc1, 0x60,
-	0x8d, 0xe5, 0xbb, 0x15, 0x1a, 0xfa, 0xe5, 0x5c, 0x1c, 0xe9, 0x78, 0x0a, 0x5d, 0xdd, 0x2d, 0xfe,
-	0x1f, 0x0b, 0x52, 0xe8, 0x75, 0x0b, 0xc6, 0x6b, 0x81, 0xef, 0x93, 0x9a, 0xd6, 0x1d, 0x07, 0xf2,
-	0x38, 0x20, 0xcc, 0x27, 0x1b, 0xd5, 0x37, 0xc1, 0x29, 0x00, 0x4e, 0x93, 0x47, 0x2f, 0xc0, 0x28,
-	0x1f, 0xb3, 0x6b, 0x89, 0x3b, 0x18, 0x9d, 0x61, 0xcf, 0x04, 0xe2, 0x24, 0x2e, 0x9a, 0xe6, 0x77,
-	0x59, 0x22, 0x97, 0xdd, 0xa0, 0x36, 0x55, 0x1b, 0x59, 0xec, 0x0c, 0x0c, 0x14, 0x02, 0x0a, 0xc9,
-	0x46, 0x48, 0xa2, 0x4d, 0xe1, 0x37, 0xc6, 0xf4, 0xd6, 0xa1, 0x3b, 0xcb, 0x63, 0x81, 0xbb, 0x5a,
-	0xc2, 0x19, 0xad, 0xa3, 0x2d, 0x61, 0x46, 0x28, 0xe7, 0xc1, 0xcf, 0xc5, 0x34, 0xf7, 0xb4, 0x26,
-	0x4c, 0x41, 0x89, 0x89, 0x2e, 0xa6, 0x2f, 0x17, 0x79, 0xec, 0x24, 0x13, 0x6c, 0x98, 0x97, 0xa3,
-	0x05, 0x38, 0x96, 0xca, 0x0f, 0x18, 0x89, 0xbb, 0x12, 0x15, 0x27, 0x97, 0xca, 0x2c, 0x18, 0xe1,
-	0xae, 0x1a, 0xa6, 0x89, 0x69, 0x78, 0x1f, 0x13, 0x53, 0x47, 0x79, 0x27, 0xf3, 0x5b, 0x8c, 0x17,
-	0x73, 0x19, 0x80, 0xbe, 0x5c, 0x91, 0x3f, 0x91, 0x72, 0x45, 0x1e, 0x65, 0x1d, 0xb8, 0x96, 0x4f,
-	0x07, 0x0e, 0xee, 0x77, 0x7c, 0x2f, 0xfd, 0x88, 0xff, 0xa7, 0x05, 0x72, 0x5e, 0xe7, 0x9d, 0xda,
-	0x26, 0xa1, 0x4b, 0x06, 0xbd, 0x13, 0xc6, 0x94, 0x75, 0x82, 0xab, 0x44, 0x16, 0x5b, 0x35, 0x4a,
-	0x77, 0xc6, 0x09, 0x28, 0x4e, 0x61, 0xa3, 0x19, 0xa8, 0xd0, 0x71, 0xe2, 0x55, 0xb9, 0xdc, 0x57,
-	0x16, 0x90, 0xd9, 0xd5, 0x45, 0x51, 0x4b, 0xe3, 0xa0, 0x00, 0x26, 0x3c, 0x27, 0x8a, 0x59, 0x0f,
-	0xaa, 0x1d, 0xbf, 0x76, 0x87, 0x59, 0x64, 0x58, 0x30, 0xd6, 0x52, 0xba, 0x21, 0xdc, 0xdd, 0xb6,
-	0xfd, 0xef, 0x4a, 0x30, 0x9a, 0xe0, 0x8c, 0x07, 0x54, 0x18, 0x9e, 0x84, 0xb2, 0x94, 0xe1, 0xe9,
-	0x74, 0x59, 0x4a, 0xd0, 0x2b, 0x0c, 0x2a, 0xb4, 0xd6, 0xb5, 0x54, 0x4d, 0x2b, 0x38, 0x86, 0xc0,
-	0xc5, 0x26, 0x1e, 0x63, 0xca, 0xb1, 0x17, 0xcd, 0x7b, 0x2e, 0xf1, 0x63, 0xde, 0xcd, 0x7c, 0x98,
-	0xf2, 0xda, 0x52, 0xd5, 0x6c, 0x54, 0x33, 0xe5, 0x14, 0x00, 0xa7, 0xc9, 0xa3, 0x0f, 0x5b, 0x30,
-	0xea, 0xdc, 0x8c, 0x74, 0x52, 0x76, 0xe1, 0x74, 0x7c, 0x48, 0x21, 0x95, 0xc8, 0xf3, 0xce, 0x0d,
-	0xfb, 0x89, 0x22, 0x9c, 0x24, 0x8a, 0xde, 0xb0, 0x00, 0x91, 0x1d, 0x52, 0x93, 0x6e, 0xd1, 0xa2,
-	0x2f, 0x83, 0x79, 0x9c, 0xe0, 0xcf, 0x75, 0xb5, 0xcb, 0xb9, 0x7a, 0x77, 0x39, 0xce, 0xe8, 0x03,
-	0xba, 0x04, 0xa8, 0xee, 0x46, 0xce, 0xba, 0x47, 0xe6, 0x83, 0xa6, 0x0c, 0x20, 0x16, 0xf7, 0xe9,
-	0xa7, 0xc5, 0x38, 0xa3, 0x85, 0x2e, 0x0c, 0x9c, 0x51, 0x8b, 0xad, 0xb2, 0x30, 0xd8, 0xe9, 0x5c,
-	0x0d, 0x3d, 0x26, 0x25, 0xcc, 0x55, 0x26, 0xca, 0xb1, 0xc2, 0xb0, 0xff, 0xa2, 0xa8, 0xb6, 0xb2,
-	0x8e, 0x01, 0x70, 0x0c, 0x5f, 0x64, 0xeb, 0xce, 0x7d, 0x91, 0xb5, 0xa7, 0x54, 0x77, 0x58, 0x7c,
-	0x22, 0x8a, 0xb6, 0x70, 0x8f, 0xa2, 0x68, 0x7f, 0xd6, 0x4a, 0xa4, 0xa4, 0x1b, 0x3e, 0xfb, 0x52,
-	0xbe, 0xf1, 0x07, 0xd3, 0xdc, 0x8b, 0x2b, 0x25, 0x57, 0x52, 0xce, 0x7b, 0x4f, 0x42, 0x79, 0xc3,
-	0x73, 0x58, 0x22, 0x15, 0xb6, 0x51, 0x0d, 0x0f, 0xb3, 0xf3, 0xa2, 0x1c, 0x2b, 0x0c, 0xca, 0xf5,
-	0x8d, 0x46, 0x0f, 0xc4, 0xb5, 0xff, 0x63, 0x11, 0x86, 0x0d, 0x89, 0x9f, 0xa9, 0xbe, 0x59, 0xf7,
-	0x99, 0xfa, 0x56, 0x38, 0x80, 0xfa, 0xf6, 0x33, 0x50, 0xa9, 0x49, 0x69, 0x94, 0x4f, 0x8a, 0xfd,
-	0xb4, 0x8c, 0xd3, 0x02, 0x49, 0x15, 0x61, 0x4d, 0x13, 0x5d, 0x48, 0x44, 0x6a, 0x26, 0xec, 0x02,
-	0x59, 0xa1, 0x94, 0x42, 0xa2, 0x75, 0xd7, 0x49, 0xfb, 0x07, 0x94, 0xf6, 0xf7, 0x0f, 0xb0, 0xbf,
-	0x61, 0xa9, 0xc9, 0xbd, 0x0b, 0x29, 0x79, 0x6e, 0x24, 0x53, 0xf2, 0x9c, 0xcb, 0x65, 0x98, 0x7b,
-	0xe4, 0xe2, 0xb9, 0x02, 0x43, 0xf3, 0x41, 0xb3, 0xe9, 0xf8, 0x75, 0xf4, 0xfd, 0x30, 0x54, 0xe3,
-	0x3f, 0x85, 0x0d, 0x8d, 0x5d, 0x56, 0x0b, 0x28, 0x96, 0x30, 0xf4, 0x30, 0x0c, 0x38, 0x61, 0x43,
-	0xda, 0xcd, 0x98, 0x13, 0xdc, 0x6c, 0xd8, 0x88, 0x30, 0x2b, 0xb5, 0xff, 0xca, 0x82, 0x31, 0x5a,
-	0xc5, 0x65, 0x1f, 0xc5, 0x3e, 0xe7, 0x71, 0x18, 0x74, 0xda, 0xf1, 0x66, 0xd0, 0x75, 0x0e, 0x9b,
-	0x65, 0xa5, 0x58, 0x40, 0xe9, 0x39, 0x4c, 0xe5, 0x72, 0x30, 0xce, 0x61, 0x0b, 0x74, 0x2d, 0x33,
-	0x08, 0x55, 0x65, 0xa3, 0xf6, 0x7a, 0xd6, 0x6d, 0x69, 0x95, 0x17, 0x63, 0x09, 0xa7, 0x8d, 0xad,
-	0x07, 0xf5, 0x8e, 0x70, 0xed, 0x55, 0x8d, 0xcd, 0x05, 0xf5, 0x0e, 0x66, 0x10, 0xf4, 0x08, 0x14,
-	0xa3, 0x4d, 0x47, 0xde, 0xcb, 0x4b, 0x2f, 0xf3, 0xea, 0xc5, 0x59, 0x4c, 0xcb, 0x55, 0xd0, 0x44,
-	0xe8, 0xa5, 0x7d, 0x6c, 0x93, 0x41, 0x13, 0xa1, 0x67, 0xff, 0xcb, 0x01, 0x60, 0xfe, 0x36, 0x4e,
-	0x48, 0xea, 0x6b, 0x01, 0xcb, 0x06, 0x7c, 0xa4, 0xd7, 0xda, 0xfa, 0x20, 0x7b, 0x3f, 0x5f, 0x6d,
-	0x1b, 0xd7, 0x9b, 0xc5, 0xbb, 0x7d, 0xbd, 0x99, 0x7d, 0x63, 0x3d, 0x70, 0x1f, 0xdd, 0x58, 0xdb,
-	0x1f, 0xb7, 0x00, 0x29, 0xef, 0x29, 0xed, 0x52, 0x32, 0x03, 0x15, 0xe5, 0xae, 0x25, 0xf6, 0x8b,
-	0x66, 0x8b, 0x12, 0x80, 0x35, 0x4e, 0x1f, 0xd6, 0x8b, 0xc7, 0xa4, 0xcc, 0x2a, 0x26, 0x63, 0x2e,
-	0x98, 0xa4, 0x13, 0x22, 0xcc, 0xfe, 0xdd, 0x02, 0x3c, 0xc0, 0xd5, 0xa5, 0x65, 0xc7, 0x77, 0x1a,
-	0xa4, 0x49, 0x7b, 0xd5, 0xaf, 0x93, 0x50, 0x8d, 0x1e, 0x9b, 0x5d, 0x19, 0x21, 0x71, 0x58, 0x7e,
-	0xc5, 0xf9, 0x0c, 0xe7, 0x2c, 0x8b, 0xbe, 0x1b, 0x63, 0xd6, 0x38, 0x8a, 0xa0, 0x2c, 0xdf, 0x23,
-	0x12, 0xf2, 0x27, 0x27, 0x42, 0x8a, 0x15, 0x0b, 0xcd, 0x82, 0x60, 0x45, 0x88, 0xaa, 0x0f, 0x5e,
-	0x50, 0xdb, 0xa2, 0x5b, 0x3e, 0xad, 0x3e, 0x2c, 0x89, 0x72, 0xac, 0x30, 0xec, 0x26, 0x8c, 0xcb,
-	0x31, 0x6c, 0x5d, 0x26, 0x1d, 0x4c, 0x36, 0xa8, 0xcc, 0xad, 0xc9, 0x22, 0xe3, 0x89, 0x24, 0x25,
-	0x73, 0xe7, 0x4d, 0x20, 0x4e, 0xe2, 0xca, 0x04, 0xc1, 0x85, 0xec, 0x04, 0xc1, 0xf6, 0xef, 0x5a,
-	0x90, 0x16, 0xfa, 0x46, 0x3a, 0x54, 0x6b, 0xcf, 0x74, 0xa8, 0x07, 0x48, 0x28, 0xfa, 0x93, 0x30,
-	0xec, 0xc4, 0x54, 0xab, 0xe3, 0x16, 0x98, 0xe2, 0x9d, 0xdd, 0x1c, 0x2e, 0x07, 0x75, 0x77, 0xc3,
-	0x65, 0x96, 0x17, 0xb3, 0x39, 0xfb, 0x0d, 0x0b, 0x2a, 0x0b, 0x61, 0xe7, 0xe0, 0xa1, 0x6a, 0xdd,
-	0x81, 0x68, 0x85, 0x03, 0x05, 0xa2, 0xc9, 0x50, 0xb7, 0x62, 0xaf, 0x50, 0x37, 0xfb, 0xaf, 0x07,
-	0x60, 0xa2, 0x2b, 0xf6, 0x12, 0x3d, 0x0f, 0x23, 0x6a, 0x96, 0xa4, 0xd9, 0xb5, 0x62, 0x3a, 0x2f,
-	0x6b, 0x18, 0x4e, 0x60, 0xf6, 0xb1, 0x55, 0x17, 0xe1, 0x78, 0x48, 0x5e, 0x6d, 0x93, 0x36, 0x99,
-	0xdd, 0x88, 0x49, 0x58, 0x25, 0xb5, 0xc0, 0xaf, 0xf3, 0x7c, 0xc2, 0xc5, 0xb9, 0x07, 0x6f, 0xed,
-	0x4e, 0x1d, 0xc7, 0xdd, 0x60, 0x9c, 0x55, 0x07, 0xb5, 0x60, 0xd4, 0x33, 0xcf, 0x0b, 0xe2, 0x98,
-	0x7a, 0x47, 0x47, 0x0d, 0xb5, 0x5a, 0x13, 0xc5, 0x38, 0x49, 0x20, 0x79, 0xe8, 0x28, 0xdd, 0xa3,
-	0x43, 0xc7, 0x87, 0xf4, 0xa1, 0x83, 0xfb, 0x02, 0xbd, 0x3b, 0xe7, 0xd8, 0xdb, 0x7e, 0x4e, 0x1d,
-	0x87, 0x39, 0x47, 0xbc, 0x08, 0x65, 0xe9, 0x27, 0xd9, 0x97, 0x7f, 0xa1, 0xd9, 0x4e, 0x0f, 0xde,
-	0xfe, 0x38, 0xbc, 0xf5, 0x5c, 0x18, 0x1a, 0x83, 0x79, 0x25, 0x88, 0x67, 0x3d, 0x2f, 0xb8, 0x49,
-	0xd5, 0x95, 0xab, 0x11, 0x11, 0x76, 0x40, 0xfb, 0x76, 0x01, 0x32, 0x8e, 0xd4, 0x74, 0x4f, 0x6a,
-	0xbd, 0x30, 0xb1, 0x27, 0x0f, 0xa6, 0x1b, 0xa2, 0x1d, 0xee, 0x4b, 0xca, 0xb5, 0x81, 0x77, 0xe5,
-	0x6d, 0x12, 0xd0, 0xee, 0xa5, 0x8a, 0x53, 0x2a, 0x17, 0xd3, 0xb3, 0x00, 0x5a, 0x9d, 0x17, 0x3a,
-	0xa1, 0x72, 0x0e, 0xd1, 0x5a, 0x3f, 0x36, 0xb0, 0xd0, 0x73, 0x30, 0xec, 0xfa, 0x51, 0xec, 0x78,
-	0xde, 0x45, 0xd7, 0x8f, 0x85, 0x9e, 0xa8, 0xd4, 0x9e, 0x45, 0x0d, 0xc2, 0x26, 0xde, 0xe9, 0x77,
-	0x18, 0xf3, 0x77, 0x90, 0x79, 0xdf, 0x84, 0x53, 0x17, 0xdc, 0x58, 0x05, 0x29, 0xaa, 0xf5, 0x46,
-	0xb5, 0x75, 0xc5, 0xab, 0xac, 0x9e, 0x61, 0xb9, 0x46, 0x90, 0x60, 0x21, 0x19, 0xd3, 0x98, 0x0e,
-	0x12, 0xb4, 0x6b, 0x70, 0xe2, 0x82, 0x1b, 0x9f, 0x77, 0x3d, 0x72, 0x84, 0x44, 0xbe, 0x3c, 0x08,
-	0x23, 0x66, 0xec, 0xfe, 0x41, 0x38, 0xfb, 0x27, 0xa9, 0x1e, 0x2b, 0x06, 0xc2, 0x55, 0x17, 0xde,
-	0xd7, 0x0f, 0x9d, 0x48, 0x20, 0x7b, 0x70, 0x0d, 0x55, 0x56, 0xd3, 0xc4, 0x66, 0x07, 0xd0, 0x4d,
-	0x28, 0x6d, 0xb0, 0x78, 0xb7, 0x62, 0x1e, 0xae, 0x4a, 0x59, 0x83, 0xaf, 0x77, 0x2e, 0x8f, 0x98,
-	0xe3, 0xf4, 0xa8, 0xfa, 0x11, 0x26, 0xc3, 0xac, 0x8d, 0x28, 0x04, 0x21, 0xd7, 0x14, 0x46, 0x2f,
-	0xe9, 0x51, 0xba, 0x03, 0xe9, 0x91, 0xe0, 0xe5, 0x83, 0xf7, 0x88, 0x97, 0xb3, 0xd8, 0xc5, 0x78,
-	0x93, 0x29, 0xc7, 0x22, 0x6c, 0x6a, 0x88, 0x0d, 0x82, 0x11, 0xbb, 0x98, 0x00, 0xe3, 0x34, 0x3e,
-	0x7a, 0xbf, 0x92, 0x06, 0xe5, 0x3c, 0x2e, 0x14, 0xcc, 0x15, 0x7d, 0xd4, 0x82, 0xe0, 0xe3, 0x05,
-	0x18, 0xbb, 0xe0, 0xb7, 0x57, 0x2f, 0xac, 0xb6, 0xd7, 0x3d, 0xb7, 0x76, 0x99, 0x74, 0x28, 0xb7,
-	0xdf, 0x22, 0x9d, 0xc5, 0x05, 0xb1, 0x83, 0xd4, 0x9a, 0xb9, 0x4c, 0x0b, 0x31, 0x87, 0x51, 0xbe,
-	0xb5, 0xe1, 0xfa, 0x0d, 0x12, 0xb6, 0x42, 0x57, 0xd8, 0xfa, 0x0d, 0xbe, 0x75, 0x5e, 0x83, 0xb0,
-	0x89, 0x47, 0xdb, 0x0e, 0x6e, 0xfa, 0x24, 0x4c, 0x9f, 0x12, 0x56, 0x68, 0x21, 0xe6, 0x30, 0x8a,
-	0x14, 0x87, 0x6d, 0x61, 0x4a, 0x33, 0x90, 0xd6, 0x68, 0x21, 0xe6, 0x30, 0x71, 0x4a, 0x67, 0x9e,
-	0x60, 0xa5, 0xae, 0x53, 0x3a, 0x73, 0xa2, 0x90, 0x70, 0x8a, 0xba, 0x45, 0x3a, 0x0b, 0x4e, 0xec,
-	0xa4, 0x0f, 0xd9, 0x97, 0x79, 0x31, 0x96, 0x70, 0x96, 0x1c, 0x39, 0x39, 0x1c, 0xdf, 0x75, 0xc9,
-	0x91, 0x93, 0xdd, 0xef, 0x61, 0x90, 0xf9, 0x3b, 0x05, 0x18, 0x79, 0xf3, 0x05, 0xd3, 0x8c, 0xb7,
-	0x79, 0xae, 0xc3, 0x44, 0x57, 0xc4, 0x74, 0x1f, 0x1a, 0xd2, 0xbe, 0x19, 0x2d, 0x6c, 0x0c, 0xc3,
-	0xb4, 0x61, 0x99, 0x14, 0x70, 0x1e, 0x26, 0xf8, 0xe6, 0xa5, 0x94, 0x58, 0x00, 0xac, 0x8a, 0x82,
-	0x67, 0x97, 0x59, 0xd7, 0xd2, 0x40, 0xdc, 0x8d, 0x6f, 0x7f, 0xc2, 0x82, 0xd1, 0x44, 0x10, 0x7b,
-	0x4e, 0xba, 0x1c, 0xdb, 0xdd, 0x01, 0xf3, 0x62, 0x66, 0x51, 0x25, 0x45, 0x26, 0x86, 0xf5, 0xee,
-	0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0x7f, 0x50, 0x84, 0xb2, 0xf4, 0xb8, 0xea, 0xa3, 0x2b, 0x1f, 0xb3,
-	0x60, 0x54, 0x5d, 0x20, 0x32, 0x8b, 0x6f, 0x21, 0x8f, 0x98, 0x3a, 0xda, 0x03, 0x65, 0x3f, 0xf1,
-	0x37, 0x02, 0x7d, 0xb0, 0xc0, 0x26, 0x31, 0x9c, 0xa4, 0x8d, 0xae, 0x01, 0x44, 0x9d, 0x28, 0x26,
-	0x4d, 0xc3, 0xf6, 0x6c, 0x1b, 0xab, 0x6c, 0xba, 0x16, 0x84, 0x84, 0xae, 0xa9, 0x2b, 0x41, 0x9d,
-	0x54, 0x15, 0xa6, 0xd6, 0xf0, 0x74, 0x19, 0x36, 0x5a, 0x42, 0xaf, 0xa9, 0xeb, 0xee, 0x81, 0x3c,
-	0xe4, 0xba, 0x1c, 0xdf, 0x7e, 0xee, 0xbb, 0x0f, 0x71, 0xbf, 0x6c, 0xff, 0x5a, 0x01, 0x8e, 0xa5,
-	0x47, 0x12, 0xbd, 0x1b, 0x46, 0xe4, 0xa0, 0x19, 0x66, 0x06, 0xe9, 0xe6, 0x36, 0x82, 0x0d, 0xd8,
-	0xed, 0xdd, 0xa9, 0xa9, 0xee, 0xa7, 0xb0, 0xa7, 0x4d, 0x14, 0x9c, 0x68, 0x8c, 0x5f, 0x3e, 0x0b,
-	0x2f, 0x89, 0xb9, 0xce, 0x6c, 0xab, 0x25, 0x6e, 0x90, 0x8d, 0xcb, 0x67, 0x13, 0x8a, 0x53, 0xd8,
-	0x68, 0x15, 0x4e, 0x18, 0x25, 0x57, 0x88, 0xdb, 0xd8, 0x5c, 0x0f, 0x42, 0x79, 0xae, 0x7d, 0x58,
-	0x3b, 0xd5, 0x76, 0xe3, 0xe0, 0xcc, 0x9a, 0x54, 0x31, 0xaa, 0x39, 0x2d, 0xa7, 0xe6, 0xc6, 0x1d,
-	0x71, 0x07, 0xa0, 0xd8, 0xf8, 0xbc, 0x28, 0xc7, 0x0a, 0xc3, 0xfe, 0x87, 0x03, 0x70, 0x8c, 0x7b,
-	0x91, 0x12, 0xe5, 0x24, 0x8d, 0xde, 0x0d, 0x95, 0x28, 0x76, 0x42, 0x6e, 0xd4, 0xb0, 0x0e, 0xcc,
-	0xba, 0x74, 0xe4, 0xbd, 0x6c, 0x04, 0xeb, 0xf6, 0xd0, 0x4b, 0x2c, 0x6d, 0x99, 0x1b, 0x6d, 0xb2,
-	0xd6, 0x0b, 0x77, 0x66, 0x32, 0x39, 0xaf, 0x5a, 0xc0, 0x46, 0x6b, 0xe8, 0x47, 0xa0, 0xd4, 0xda,
-	0x74, 0x22, 0x69, 0xcf, 0x7b, 0x5c, 0xf2, 0x89, 0x55, 0x5a, 0x78, 0x7b, 0x77, 0xea, 0x64, 0xfa,
-	0x53, 0x19, 0x00, 0xf3, 0x4a, 0x26, 0x97, 0x1f, 0xd8, 0xff, 0x69, 0x9d, 0x7a, 0xd8, 0xa9, 0x5e,
-	0x9c, 0x4d, 0x3f, 0xc6, 0xb2, 0xc0, 0x4a, 0xb1, 0x80, 0x52, 0x9e, 0xb4, 0xc9, 0x49, 0xd6, 0x29,
-	0xf2, 0x60, 0x52, 0xe3, 0xb8, 0xa8, 0x41, 0xd8, 0xc4, 0x43, 0x1f, 0xef, 0xf6, 0x31, 0x1e, 0x3a,
-	0x82, 0x18, 0x94, 0x7e, 0xbd, 0x8b, 0xcf, 0x41, 0x45, 0x74, 0x75, 0x2d, 0x40, 0xcf, 0xc3, 0x08,
-	0x37, 0x17, 0xcd, 0x85, 0x8e, 0x5f, 0xdb, 0x4c, 0x1b, 0x79, 0xd6, 0x0c, 0x18, 0x4e, 0x60, 0xda,
-	0xcb, 0x30, 0xd0, 0x27, 0x93, 0xed, 0xeb, 0xec, 0xfe, 0x22, 0x94, 0x69, 0x73, 0xf2, 0x80, 0x96,
-	0x47, 0x93, 0x01, 0x94, 0xe5, 0x43, 0x8d, 0xc8, 0x86, 0xa2, 0xeb, 0x48, 0x5f, 0x12, 0xb5, 0x85,
-	0x16, 0xa3, 0xa8, 0xcd, 0x96, 0x1d, 0x05, 0xa2, 0xc7, 0xa0, 0x48, 0x76, 0x5a, 0x69, 0xa7, 0x91,
-	0x73, 0x3b, 0x2d, 0x37, 0x24, 0x11, 0x45, 0x22, 0x3b, 0x2d, 0x74, 0x1a, 0x0a, 0x6e, 0x5d, 0xac,
-	0x48, 0x10, 0x38, 0x85, 0xc5, 0x05, 0x5c, 0x70, 0xeb, 0xf6, 0x0e, 0x54, 0xd4, 0xcb, 0x90, 0x68,
-	0x4b, 0xaa, 0x54, 0x56, 0x1e, 0x5e, 0xc4, 0xb2, 0xdd, 0x1e, 0xca, 0x54, 0x1b, 0x40, 0xa7, 0x74,
-	0xc8, 0x4b, 0x04, 0x9f, 0x81, 0x81, 0x5a, 0x20, 0x92, 0xf1, 0x94, 0x75, 0x33, 0x4c, 0x97, 0x62,
-	0x10, 0xfb, 0x3a, 0x8c, 0x5d, 0xf6, 0x83, 0x9b, 0xec, 0x01, 0x27, 0x96, 0xaf, 0x98, 0x36, 0xbc,
-	0x41, 0x7f, 0xa4, 0x35, 0x77, 0x06, 0xc5, 0x1c, 0xa6, 0x32, 0xa9, 0x16, 0x7a, 0x65, 0x52, 0xb5,
-	0x3f, 0x60, 0xc1, 0x88, 0x8a, 0x0d, 0xbf, 0xb0, 0xbd, 0x45, 0xdb, 0x6d, 0x84, 0x41, 0xbb, 0x95,
-	0x6e, 0x97, 0x3d, 0x42, 0x8b, 0x39, 0xcc, 0x4c, 0x9a, 0x50, 0xd8, 0x27, 0x69, 0xc2, 0x19, 0x18,
-	0xd8, 0x72, 0xfd, 0x7a, 0xda, 0x28, 0x7a, 0xd9, 0xf5, 0xeb, 0x98, 0x41, 0x68, 0x17, 0x8e, 0xa9,
-	0x2e, 0x48, 0x9d, 0xe9, 0x79, 0x18, 0x59, 0x6f, 0xbb, 0x5e, 0x5d, 0x26, 0x62, 0x4e, 0x6d, 0x97,
-	0x39, 0x03, 0x86, 0x13, 0x98, 0xe8, 0x2c, 0xc0, 0xba, 0xeb, 0x3b, 0x61, 0x67, 0x55, 0x2b, 0x69,
-	0x4a, 0x6e, 0xcf, 0x29, 0x08, 0x36, 0xb0, 0xec, 0x4f, 0x15, 0x61, 0x2c, 0x19, 0x21, 0xdf, 0x87,
-	0xed, 0xe2, 0x31, 0x28, 0xb1, 0xa0, 0xf9, 0xf4, 0xd4, 0xf2, 0xdc, 0xc5, 0x1c, 0x86, 0x22, 0x18,
-	0xe4, 0x9b, 0x39, 0x9f, 0x87, 0x3c, 0x55, 0x27, 0x95, 0x25, 0x95, 0xf9, 0x5a, 0x0b, 0xc3, 0xb4,
-	0x20, 0x85, 0x3e, 0x6c, 0xc1, 0x50, 0xd0, 0x32, 0x33, 0x70, 0xbe, 0x2b, 0xcf, 0xec, 0x01, 0x22,
-	0x44, 0x57, 0xe8, 0x23, 0x6a, 0xea, 0xe5, 0x74, 0x48, 0xd2, 0xa7, 0x7f, 0x18, 0x46, 0x4c, 0xcc,
-	0xfd, 0x54, 0x92, 0xb2, 0xa9, 0x92, 0x7c, 0xcc, 0x5c, 0x14, 0x22, 0x3f, 0x42, 0x1f, 0xdb, 0xed,
-	0x2a, 0x94, 0x6a, 0xca, 0x21, 0xed, 0x8e, 0xd2, 0xf7, 0xab, 0xfc, 0x61, 0xec, 0xb2, 0x9f, 0xb7,
-	0x66, 0x7f, 0xc3, 0x32, 0xd6, 0x07, 0x26, 0xd1, 0x62, 0x1d, 0x85, 0x50, 0x6c, 0x6c, 0x6f, 0x09,
-	0x31, 0x7f, 0x29, 0xa7, 0xe1, 0xbd, 0xb0, 0xbd, 0xa5, 0xd7, 0xb8, 0x59, 0x8a, 0x29, 0xb1, 0x3e,
-	0xcc, 0xfd, 0x89, 0x34, 0x1a, 0xc5, 0xfd, 0xd3, 0x68, 0xd8, 0x6f, 0x14, 0x60, 0xa2, 0x6b, 0x51,
-	0xa1, 0xd7, 0xa0, 0x14, 0xd2, 0xaf, 0x14, 0x9f, 0xb7, 0x94, 0x5b, 0xe2, 0x8b, 0x68, 0xb1, 0xae,
-	0xc5, 0x67, 0xb2, 0x1c, 0x73, 0x92, 0xe8, 0x12, 0x20, 0xed, 0x36, 0xa9, 0xee, 0x1a, 0xf8, 0x27,
-	0x2b, 0xdf, 0xaa, 0xd9, 0x2e, 0x0c, 0x9c, 0x51, 0x0b, 0xbd, 0x90, 0xbe, 0xb2, 0x28, 0x26, 0xef,
-	0xca, 0xf6, 0xba, 0x7d, 0xb0, 0x7f, 0xab, 0x00, 0xa3, 0x89, 0x84, 0xa8, 0xc8, 0x83, 0x32, 0xf1,
-	0xd8, 0x45, 0xa6, 0x14, 0x36, 0x87, 0x7d, 0xde, 0x44, 0x09, 0xc8, 0x73, 0xa2, 0x5d, 0xac, 0x28,
-	0xdc, 0x1f, 0x2e, 0x57, 0xcf, 0xc3, 0x88, 0xec, 0xd0, 0xbb, 0x9c, 0xa6, 0x27, 0x06, 0x50, 0xad,
-	0xd1, 0x73, 0x06, 0x0c, 0x27, 0x30, 0xed, 0xdf, 0x2b, 0xc2, 0x24, 0xbf, 0xf9, 0xad, 0xab, 0x95,
-	0xa7, 0x3c, 0x38, 0x7e, 0x51, 0xa7, 0x2d, 0xb6, 0xf2, 0x78, 0xc3, 0xbb, 0x17, 0xa1, 0xbe, 0x3c,
-	0x85, 0x3f, 0x9f, 0xf2, 0x14, 0xe6, 0x27, 0xd3, 0xc6, 0x11, 0xf5, 0xe8, 0xbb, 0xcb, 0x75, 0xf8,
-	0x9f, 0x16, 0x60, 0x3c, 0xf5, 0x54, 0x1b, 0xfa, 0x54, 0xf2, 0x75, 0x0f, 0x2b, 0x8f, 0x5b, 0xb1,
-	0x3d, 0x5f, 0xef, 0x3a, 0xd8, 0x1b, 0x1f, 0xf7, 0x68, 0xab, 0xd8, 0x5f, 0x2f, 0xc0, 0x58, 0xf2,
-	0x8d, 0xb9, 0xfb, 0x70, 0xa4, 0xde, 0x0e, 0x15, 0xf6, 0x8c, 0xd2, 0x65, 0xd2, 0x91, 0x97, 0x6a,
-	0xfc, 0xc5, 0x1a, 0x59, 0x88, 0x35, 0xfc, 0xbe, 0x78, 0x3a, 0xc5, 0xfe, 0xe7, 0x16, 0x9c, 0xe4,
-	0x5f, 0x99, 0x5e, 0x87, 0x7f, 0x2b, 0x6b, 0x74, 0x5f, 0xce, 0xb7, 0x83, 0xa9, 0x74, 0xdb, 0xfb,
-	0x8d, 0x2f, 0x7b, 0xc9, 0x5c, 0xf4, 0x36, 0xb9, 0x14, 0xee, 0xc3, 0xce, 0x1e, 0x68, 0x31, 0xd8,
-	0xff, 0xbe, 0x00, 0xc3, 0x2b, 0xf3, 0x8b, 0x8a, 0x85, 0xcf, 0x40, 0xa5, 0x16, 0x12, 0x47, 0x5b,
-	0x3b, 0x4c, 0xbf, 0x22, 0x09, 0xc0, 0x1a, 0x87, 0x1e, 0x1a, 0xb8, 0x5f, 0x5e, 0x94, 0x3e, 0x34,
-	0x70, 0xb7, 0xbd, 0x08, 0x4b, 0x38, 0x7a, 0x12, 0xca, 0x2c, 0x62, 0xf6, 0x6a, 0x28, 0x25, 0x8e,
-	0x3e, 0x49, 0xb2, 0x72, 0xbc, 0x84, 0x15, 0x06, 0x6d, 0xb8, 0x1e, 0xd4, 0x22, 0x8a, 0x9c, 0x32,
-	0x40, 0x2c, 0xd0, 0x62, 0xbc, 0x84, 0x25, 0x9c, 0x25, 0x3c, 0x64, 0x87, 0x74, 0x8a, 0x5c, 0x4a,
-	0x76, 0x9a, 0x9f, 0xe6, 0x29, 0xba, 0xc6, 0x39, 0x48, 0x62, 0xcc, 0x54, 0xd4, 0xda, 0x50, 0x7f,
-	0x51, 0x6b, 0xf6, 0xd7, 0x8b, 0xa0, 0x1f, 0xc5, 0x47, 0xae, 0x48, 0x13, 0x91, 0x4b, 0x3a, 0xf7,
-	0x6a, 0xc7, 0xaf, 0xe9, 0xe7, 0xf7, 0xcb, 0xa9, 0x2c, 0x11, 0x3f, 0x6f, 0xc1, 0xb0, 0xeb, 0xbb,
-	0xb1, 0xeb, 0x30, 0x53, 0x58, 0x3e, 0x2f, 0x5b, 0x2b, 0x72, 0x8b, 0xbc, 0xe5, 0x20, 0x34, 0x6f,
-	0xb8, 0x15, 0x31, 0x6c, 0x52, 0x46, 0xef, 0x15, 0x41, 0x52, 0xc5, 0xdc, 0x72, 0xad, 0x94, 0x53,
-	0x91, 0x51, 0x2d, 0xaa, 0xd0, 0xc6, 0x61, 0x4e, 0x29, 0x8a, 0x30, 0x6d, 0x4a, 0xbd, 0x0c, 0xa2,
-	0x8e, 0x0c, 0xac, 0x18, 0x73, 0x42, 0x76, 0x04, 0xa8, 0x7b, 0x2c, 0x0e, 0x18, 0x80, 0x32, 0x03,
-	0x15, 0xa7, 0x1d, 0x07, 0x4d, 0x3a, 0x4c, 0xe2, 0x7e, 0x5c, 0x87, 0xd8, 0x48, 0x00, 0xd6, 0x38,
-	0xf6, 0xa7, 0x4a, 0x90, 0x4a, 0xda, 0x80, 0x76, 0xa0, 0xa2, 0xd2, 0x36, 0xe4, 0x13, 0xd0, 0xa9,
-	0x57, 0x94, 0xea, 0x8c, 0x2a, 0xc2, 0x9a, 0x18, 0x6a, 0x48, 0xab, 0x22, 0xdf, 0xed, 0x2f, 0xa6,
-	0xad, 0x8a, 0x3f, 0xde, 0xdf, 0x25, 0x13, 0x5d, 0xab, 0x33, 0x3c, 0x4d, 0xdf, 0xf4, 0xbe, 0x06,
-	0xc8, 0xfd, 0xde, 0xf6, 0xfe, 0xa0, 0x78, 0x87, 0x0b, 0x93, 0xa8, 0xed, 0xc5, 0x62, 0x35, 0xbc,
-	0x98, 0xe3, 0x2e, 0xe3, 0x0d, 0xeb, 0xe4, 0x47, 0xfc, 0x3f, 0x36, 0x88, 0x26, 0xcd, 0xc4, 0x83,
-	0x47, 0x6a, 0x26, 0x1e, 0xca, 0xd5, 0x4c, 0x7c, 0x16, 0x80, 0xad, 0x6d, 0xee, 0x28, 0x5f, 0x66,
-	0xd6, 0x3b, 0x25, 0x62, 0xb0, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x41, 0x48, 0x66, 0xef, 0x42, 0x53,
-	0x32, 0x59, 0x18, 0xbf, 0x00, 0x63, 0x31, 0x8a, 0x89, 0xbc, 0x5e, 0xbf, 0x61, 0x81, 0x99, 0x62,
-	0x0c, 0xbd, 0xca, 0x73, 0x99, 0x59, 0x79, 0x5c, 0xa8, 0x18, 0xed, 0x4e, 0x2f, 0x3b, 0xad, 0x94,
-	0x73, 0x8f, 0x4c, 0x68, 0x76, 0xfa, 0x1d, 0x50, 0x96, 0xd0, 0x03, 0x29, 0xcb, 0xef, 0x87, 0xe3,
-	0x32, 0xdf, 0x81, 0xbc, 0xfb, 0x10, 0x97, 0xec, 0xfb, 0x9b, 0xd4, 0xa4, 0x9d, 0xac, 0xd0, 0xcb,
-	0x4e, 0xa6, 0x4e, 0xff, 0xc5, 0x9e, 0x59, 0xca, 0x7f, 0xd3, 0x82, 0x33, 0xe9, 0x0e, 0x44, 0xcb,
-	0x81, 0xef, 0xc6, 0x41, 0x58, 0x25, 0x71, 0xec, 0xfa, 0x0d, 0x96, 0x72, 0xf6, 0xa6, 0x13, 0xca,
-	0x67, 0x87, 0x18, 0xa3, 0xbc, 0xee, 0x84, 0x3e, 0x66, 0xa5, 0xa8, 0x03, 0x83, 0xdc, 0xb3, 0x58,
-	0x9c, 0x82, 0x0e, 0xb9, 0x37, 0x32, 0x86, 0x43, 0x1f, 0xc3, 0xb8, 0x57, 0x33, 0x16, 0x04, 0xed,
-	0x6f, 0x59, 0x80, 0x56, 0xb6, 0x49, 0x18, 0xba, 0x75, 0xc3, 0x17, 0x9a, 0xbd, 0x67, 0x69, 0xbc,
-	0x5b, 0x69, 0x66, 0xe3, 0x48, 0xbd, 0x67, 0x69, 0xfc, 0xcb, 0x7e, 0xcf, 0xb2, 0x70, 0xb0, 0xf7,
-	0x2c, 0xd1, 0x0a, 0x9c, 0x6c, 0xf2, 0x63, 0x1c, 0x7f, 0x23, 0x8e, 0x9f, 0xe9, 0x54, 0xe0, 0xf8,
-	0xa9, 0x5b, 0xbb, 0x53, 0x27, 0x97, 0xb3, 0x10, 0x70, 0x76, 0x3d, 0xfb, 0x1d, 0x80, 0xb8, 0x0b,
-	0xf4, 0x7c, 0x96, 0x17, 0x67, 0x4f, 0xb3, 0x96, 0xfd, 0xb9, 0x12, 0x8c, 0xa7, 0x1e, 0xa5, 0xa0,
-	0x47, 0xe8, 0x6e, 0xb7, 0xd1, 0x43, 0xcb, 0xef, 0xee, 0xee, 0xf5, 0xe5, 0x88, 0xea, 0x43, 0xc9,
-	0xf5, 0x5b, 0xed, 0x38, 0x9f, 0xbc, 0x15, 0xbc, 0x13, 0x8b, 0xb4, 0x41, 0xc3, 0x0c, 0x4f, 0xff,
-	0x62, 0x4e, 0x26, 0x4f, 0xb7, 0xd6, 0xc4, 0x21, 0x67, 0xe0, 0x1e, 0x99, 0x59, 0x3e, 0xa8, 0x9d,
-	0x4c, 0x4b, 0x79, 0x18, 0x6c, 0x53, 0x8b, 0xe5, 0xa8, 0x3d, 0x8b, 0xbe, 0x54, 0x80, 0x61, 0x63,
-	0xd2, 0xd0, 0x2f, 0x27, 0x13, 0x70, 0x5a, 0xf9, 0x7d, 0x12, 0x6b, 0x7f, 0x5a, 0xa7, 0xd8, 0xe4,
-	0x9f, 0xf4, 0x78, 0x77, 0xee, 0xcd, 0xdb, 0xbb, 0x53, 0xc7, 0x52, 0xd9, 0x35, 0x13, 0xf9, 0x38,
-	0x4f, 0xff, 0x34, 0x8c, 0xa7, 0x9a, 0xc9, 0xf8, 0xe4, 0x35, 0xf3, 0x93, 0x0f, 0x6d, 0xee, 0x33,
-	0x87, 0xec, 0x8b, 0x74, 0xc8, 0x44, 0xb8, 0x7c, 0xe0, 0x91, 0x3e, 0x6c, 0xdb, 0xa9, 0xf3, 0x45,
-	0xa1, 0xcf, 0xac, 0x18, 0x4f, 0x40, 0xb9, 0x15, 0x78, 0x6e, 0xcd, 0x55, 0xf9, 0xbb, 0x59, 0x1e,
-	0x8e, 0x55, 0x51, 0x86, 0x15, 0x14, 0xdd, 0x84, 0xca, 0x8d, 0x9b, 0x31, 0xbf, 0x55, 0x13, 0xf7,
-	0x06, 0x79, 0x5d, 0xa6, 0x29, 0xa5, 0x45, 0x5d, 0xdb, 0x61, 0x4d, 0x0b, 0xd9, 0x30, 0xc8, 0x84,
-	0xa0, 0x0c, 0x9d, 0x63, 0x77, 0x1a, 0x4c, 0x3a, 0x46, 0x58, 0x40, 0xec, 0xef, 0x00, 0x9c, 0xc8,
-	0x7a, 0x19, 0x08, 0xbd, 0x0f, 0x06, 0x79, 0x1f, 0xf3, 0x79, 0x7c, 0x2e, 0x8b, 0xc6, 0x05, 0xd6,
-	0xa0, 0xe8, 0x16, 0xfb, 0x8d, 0x05, 0x4d, 0x41, 0xdd, 0x73, 0xd6, 0xc5, 0x0a, 0x39, 0x1a, 0xea,
-	0x4b, 0x8e, 0xa6, 0xbe, 0xe4, 0x70, 0xea, 0x9e, 0xb3, 0x8e, 0x76, 0xa0, 0xd4, 0x70, 0x63, 0xe2,
-	0x08, 0xe3, 0xcc, 0xf5, 0x23, 0x21, 0x4e, 0x1c, 0xae, 0xa5, 0xb1, 0x9f, 0x98, 0x13, 0x44, 0x5f,
-	0xb0, 0x60, 0x7c, 0x3d, 0x99, 0x8e, 0x47, 0x30, 0x4f, 0xe7, 0x08, 0x5e, 0x7f, 0x4a, 0x12, 0xe2,
-	0x0f, 0xba, 0xa6, 0x0a, 0x71, 0xba, 0x3b, 0xe8, 0x43, 0x16, 0x0c, 0x6d, 0xb8, 0x9e, 0xf1, 0xbc,
-	0xc6, 0x11, 0x4c, 0xce, 0x79, 0x46, 0x40, 0x9f, 0x38, 0xf8, 0xff, 0x08, 0x4b, 0xca, 0xbd, 0x24,
-	0xd5, 0xe0, 0x61, 0x25, 0xd5, 0xd0, 0x3d, 0x92, 0x54, 0x1f, 0xb5, 0xa0, 0xa2, 0x46, 0x5a, 0xa4,
-	0x35, 0x79, 0xf7, 0x11, 0x4e, 0x39, 0xb7, 0x48, 0xa9, 0xbf, 0x58, 0x13, 0x47, 0xaf, 0x5b, 0x30,
-	0xec, 0xbc, 0xd6, 0x0e, 0x49, 0x9d, 0x6c, 0x07, 0xad, 0x48, 0xe4, 0x1b, 0x7d, 0x39, 0xff, 0xce,
-	0xcc, 0x52, 0x22, 0x0b, 0x64, 0x7b, 0xa5, 0x15, 0x89, 0xb0, 0x5e, 0x5d, 0x80, 0xcd, 0x2e, 0xa0,
-	0x9f, 0xd3, 0x72, 0x1c, 0xf2, 0xc8, 0x3a, 0x9d, 0xd5, 0x9b, 0xa3, 0x16, 0xe6, 0xbb, 0x05, 0x98,
-	0xda, 0x67, 0x14, 0xd0, 0xf3, 0x30, 0x12, 0x84, 0x0d, 0xc7, 0x77, 0x5f, 0x33, 0x73, 0x84, 0x29,
-	0x4d, 0x71, 0xc5, 0x80, 0xe1, 0x04, 0xa6, 0x99, 0x3c, 0xa6, 0xb0, 0x4f, 0xf2, 0x98, 0x33, 0x30,
-	0x10, 0x92, 0x56, 0x90, 0x3e, 0xf0, 0xb0, 0x10, 0x39, 0x06, 0x41, 0x8f, 0x40, 0xd1, 0x69, 0xb9,
-	0xc2, 0xea, 0xa7, 0xce, 0x71, 0xb3, 0xab, 0x8b, 0x98, 0x96, 0x27, 0x72, 0x59, 0x95, 0xee, 0x4a,
-	0x2e, 0x2b, 0x2a, 0xca, 0xc4, 0xbd, 0xd6, 0xa0, 0x16, 0x65, 0xc9, 0xfb, 0x26, 0xfb, 0x8d, 0x22,
-	0x3c, 0xb2, 0xe7, 0x9a, 0xd7, 0xae, 0xd3, 0xd6, 0x1e, 0xae, 0xd3, 0x72, 0x78, 0x0a, 0xfb, 0x0d,
-	0x4f, 0xb1, 0xc7, 0xf0, 0x7c, 0x88, 0x6e, 0x65, 0x99, 0x5b, 0x2d, 0x9f, 0x37, 0xc9, 0x7b, 0xa5,
-	0x6a, 0x13, 0xbb, 0x58, 0x42, 0xb1, 0xa6, 0x4b, 0xcf, 0x31, 0x89, 0xc4, 0x29, 0xa5, 0x3c, 0x44,
-	0x59, 0xcf, 0xfc, 0x66, 0x7c, 0xff, 0xf6, 0xca, 0xc6, 0x62, 0xff, 0xf6, 0x00, 0x3c, 0xd6, 0x87,
-	0x04, 0x32, 0x57, 0xb1, 0xd5, 0xe7, 0x2a, 0xfe, 0x2e, 0x9f, 0xa6, 0x8f, 0x64, 0x4e, 0x13, 0xce,
-	0x7f, 0x9a, 0xf6, 0x9e, 0x21, 0x76, 0x35, 0xe0, 0x47, 0xa4, 0xd6, 0x0e, 0x79, 0x18, 0x89, 0x11,
-	0x3f, 0xbb, 0x28, 0xca, 0xb1, 0xc2, 0xa0, 0xe7, 0xd2, 0x9a, 0x43, 0xb7, 0xff, 0x50, 0x4e, 0x89,
-	0x32, 0xcc, 0x50, 0x5c, 0xae, 0x16, 0xcd, 0xcf, 0x52, 0x0e, 0xc0, 0xc9, 0xd8, 0xbf, 0x6f, 0xc1,
-	0xe9, 0xde, 0x6a, 0x02, 0x7a, 0x1a, 0x86, 0xd7, 0x99, 0x53, 0xdf, 0x32, 0x73, 0x1c, 0x12, 0x4b,
-	0x87, 0x7d, 0xaf, 0x2e, 0xc6, 0x26, 0x0e, 0x9a, 0x87, 0x09, 0xd3, 0x1b, 0x70, 0xd9, 0xf0, 0x38,
-	0x62, 0x86, 0x8c, 0xb5, 0x34, 0x10, 0x77, 0xe3, 0xa3, 0x69, 0x80, 0xd8, 0x8d, 0x3d, 0xc2, 0x6b,
-	0xf3, 0x85, 0xc6, 0x2c, 0x7d, 0x6b, 0xaa, 0x14, 0x1b, 0x18, 0xf6, 0xb7, 0x8b, 0xd9, 0x9f, 0xc1,
-	0xd5, 0xcf, 0x83, 0xac, 0x7e, 0xb1, 0xb6, 0x0b, 0x7d, 0x70, 0xe8, 0xe2, 0xdd, 0xe6, 0xd0, 0x03,
-	0xbd, 0x38, 0x34, 0x5a, 0x80, 0x63, 0xc6, 0xf3, 0xa2, 0x3c, 0xd5, 0x0a, 0xbf, 0x2d, 0x52, 0x79,
-	0xd2, 0x56, 0x53, 0x70, 0xdc, 0x55, 0xe3, 0x3e, 0x5f, 0xaa, 0x5f, 0x29, 0xc0, 0xa9, 0x9e, 0x1a,
-	0xff, 0x5d, 0x92, 0x40, 0xe6, 0xf4, 0x0f, 0xdc, 0x9d, 0xe9, 0x37, 0x27, 0xa5, 0xb4, 0xef, 0xa4,
-	0xf4, 0x23, 0xce, 0xff, 0xa4, 0xd0, 0x73, 0xb3, 0xd0, 0x13, 0xe2, 0xf7, 0xec, 0x48, 0xbe, 0x00,
-	0xa3, 0x4e, 0xab, 0xc5, 0xf1, 0x58, 0x84, 0x40, 0x2a, 0x77, 0xe3, 0xac, 0x09, 0xc4, 0x49, 0xdc,
-	0xbe, 0x06, 0xf6, 0xcf, 0x2d, 0xa8, 0x60, 0xb2, 0xc1, 0x39, 0x1c, 0xba, 0x21, 0x86, 0xc8, 0xca,
-	0x23, 0x81, 0x3e, 0x1d, 0xd8, 0xc8, 0x65, 0x59, 0xe5, 0xb3, 0x06, 0xfb, 0xb0, 0x99, 0x00, 0xd4,
-	0xa3, 0xa4, 0xc5, 0xde, 0x8f, 0x92, 0xda, 0x5f, 0xae, 0xd0, 0xcf, 0x6b, 0x05, 0xf3, 0x21, 0xa9,
-	0x47, 0x74, 0x7e, 0xdb, 0xa1, 0x27, 0x16, 0x89, 0x9a, 0xdf, 0xab, 0x78, 0x09, 0xd3, 0xf2, 0xc4,
-	0xc5, 0x61, 0xe1, 0x40, 0x99, 0xeb, 0x8a, 0xfb, 0x66, 0xae, 0x7b, 0x01, 0x46, 0xa3, 0x68, 0x73,
-	0x35, 0x74, 0xb7, 0x9d, 0x98, 0x5c, 0x26, 0x32, 0xc5, 0x8d, 0xce, 0xe2, 0x54, 0xbd, 0xa8, 0x81,
-	0x38, 0x89, 0x8b, 0x2e, 0xc0, 0x84, 0xce, 0x1f, 0x47, 0xc2, 0x98, 0x85, 0xde, 0xf1, 0x95, 0xa0,
-	0xd2, 0x97, 0xe8, 0x8c, 0x73, 0x02, 0x01, 0x77, 0xd7, 0xa1, 0x3c, 0x37, 0x51, 0x48, 0x3b, 0x32,
-	0x98, 0xe4, 0xb9, 0x89, 0x76, 0x68, 0x5f, 0xba, 0x6a, 0xa0, 0x65, 0x38, 0xce, 0x17, 0xc6, 0x6c,
-	0xab, 0x65, 0x7c, 0xd1, 0x50, 0x32, 0x6b, 0xf9, 0x85, 0x6e, 0x14, 0x9c, 0x55, 0x0f, 0x3d, 0x07,
-	0xc3, 0xaa, 0x78, 0x71, 0x41, 0xdc, 0x79, 0x29, 0x9b, 0x9b, 0x6a, 0x66, 0xb1, 0x8e, 0x4d, 0x3c,
-	0xf4, 0x2e, 0x78, 0x50, 0xff, 0xe5, 0xa1, 0xdc, 0xfc, 0x22, 0x78, 0x41, 0xa4, 0xe6, 0x54, 0x8f,
-	0x62, 0x5d, 0xc8, 0x44, 0xab, 0xe3, 0x5e, 0xf5, 0xd1, 0x3a, 0x9c, 0x56, 0xa0, 0x73, 0x7e, 0xcc,
-	0x82, 0x2d, 0x23, 0x32, 0xe7, 0x44, 0xcc, 0xa5, 0x01, 0xd8, 0x77, 0xda, 0xa2, 0xf5, 0xd3, 0x17,
-	0xdc, 0xf8, 0x62, 0x16, 0x26, 0x5e, 0xc2, 0x7b, 0xb4, 0x82, 0x66, 0xa0, 0x42, 0x7c, 0x67, 0xdd,
-	0x23, 0x2b, 0xf3, 0x8b, 0x2c, 0xc5, 0xa7, 0x71, 0xef, 0x7c, 0x4e, 0x02, 0xb0, 0xc6, 0x51, 0x7e,
-	0xe6, 0x23, 0xbd, 0xfc, 0xcc, 0xd1, 0x2a, 0x9c, 0x68, 0xd4, 0x5a, 0x54, 0xcb, 0x74, 0x6b, 0x64,
-	0xb6, 0xc6, 0xdc, 0x6a, 0xe9, 0xc4, 0xf0, 0x74, 0xf2, 0x2a, 0x60, 0xe7, 0xc2, 0xfc, 0x6a, 0x17,
-	0x0e, 0xce, 0xac, 0xc9, 0xdc, 0xaf, 0xc3, 0x60, 0xa7, 0x33, 0x79, 0x3c, 0xe5, 0x7e, 0x4d, 0x0b,
-	0x31, 0x87, 0xa1, 0x4b, 0x80, 0x58, 0xd0, 0xda, 0xc5, 0x38, 0x6e, 0x29, 0xb5, 0x76, 0xf2, 0x44,
-	0x32, 0x51, 0xdf, 0xf9, 0x2e, 0x0c, 0x9c, 0x51, 0x8b, 0x6a, 0x3d, 0x7e, 0xc0, 0x5a, 0x9f, 0x7c,
-	0x30, 0xa9, 0xf5, 0x5c, 0xe1, 0xc5, 0x58, 0xc2, 0xd1, 0x4f, 0xc2, 0x64, 0x3b, 0x22, 0xec, 0xc0,
-	0x7c, 0x3d, 0x08, 0xb7, 0xbc, 0xc0, 0xa9, 0x2f, 0xb2, 0xd7, 0x4f, 0xe3, 0xce, 0xe4, 0x24, 0x23,
-	0x7e, 0x46, 0xd4, 0x9d, 0xbc, 0xda, 0x03, 0x0f, 0xf7, 0x6c, 0x21, 0x9d, 0x69, 0xf2, 0x54, 0x9f,
-	0x99, 0x26, 0x57, 0xe1, 0x84, 0x94, 0x6b, 0x2b, 0xf3, 0x8b, 0xea, 0xa3, 0x27, 0x4f, 0x27, 0x9f,
-	0x53, 0x5b, 0xcc, 0xc0, 0xc1, 0x99, 0x35, 0xed, 0x3f, 0xb3, 0x60, 0x54, 0x71, 0xb0, 0xbb, 0x10,
-	0x3c, 0xeb, 0x25, 0x83, 0x67, 0x2f, 0x1c, 0x5e, 0x06, 0xb0, 0x9e, 0xf7, 0x08, 0xf5, 0xf8, 0xcc,
-	0x28, 0x80, 0x96, 0x13, 0x4a, 0x44, 0x5b, 0x3d, 0x45, 0xf4, 0x7d, 0xcb, 0xa3, 0xb3, 0x32, 0x07,
-	0x96, 0xee, 0x6d, 0xe6, 0xc0, 0x2a, 0x9c, 0x94, 0x4b, 0x8a, 0xdf, 0xf5, 0x5e, 0x0c, 0x22, 0xc5,
-	0xf2, 0x8d, 0xf7, 0xf1, 0x16, 0xb3, 0x90, 0x70, 0x76, 0xdd, 0x84, 0x6e, 0x37, 0xb4, 0xaf, 0x6e,
-	0xa7, 0xb8, 0xdc, 0xd2, 0x86, 0x7c, 0xbd, 0x32, 0xc5, 0xe5, 0x96, 0xce, 0x57, 0xb1, 0xc6, 0xc9,
-	0x16, 0x75, 0x95, 0x9c, 0x44, 0x1d, 0x1c, 0x58, 0xd4, 0x49, 0xa6, 0x3b, 0xdc, 0x93, 0xe9, 0xca,
-	0x3b, 0xa5, 0x91, 0x9e, 0x77, 0x4a, 0xef, 0x84, 0x31, 0xd7, 0xdf, 0x24, 0xa1, 0x1b, 0x93, 0x3a,
-	0xdb, 0x0b, 0x8c, 0x21, 0x97, 0xb5, 0xa2, 0xb3, 0x98, 0x80, 0xe2, 0x14, 0x76, 0x52, 0x52, 0x8c,
-	0xf5, 0x21, 0x29, 0x7a, 0xc8, 0xe7, 0xf1, 0x7c, 0xe4, 0xf3, 0xb1, 0xc3, 0xcb, 0xe7, 0x89, 0x23,
-	0x95, 0xcf, 0x28, 0x17, 0xf9, 0xdc, 0x97, 0xe8, 0x33, 0x0e, 0xe9, 0x27, 0xf6, 0x39, 0xa4, 0xf7,
-	0x12, 0xce, 0x27, 0xef, 0x58, 0x38, 0x67, 0xcb, 0xdd, 0x07, 0xde, 0x94, 0xbb, 0xb9, 0xc8, 0xdd,
-	0x8f, 0x16, 0xe0, 0xa4, 0x96, 0x4c, 0x94, 0x1f, 0xb8, 0x1b, 0x94, 0x37, 0xb3, 0x27, 0xa1, 0xf9,
-	0x4d, 0xb4, 0x11, 0xb2, 0xad, 0x83, 0xd6, 0x15, 0x04, 0x1b, 0x58, 0x2c, 0xf2, 0x99, 0x84, 0xec,
-	0x31, 0x92, 0xb4, 0xd8, 0x9a, 0x17, 0xe5, 0x58, 0x61, 0xd0, 0x41, 0xa0, 0xbf, 0x45, 0xe2, 0x8d,
-	0x74, 0x9a, 0xeb, 0x79, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x82, 0x13, 0x61, 0x2c, 0x93, 0x8a, 0xae,
-	0x11, 0x7e, 0xac, 0x54, 0x5c, 0x52, 0x41, 0x65, 0x77, 0x58, 0x64, 0x7e, 0xa9, 0xbb, 0x3b, 0xcc,
-	0xa9, 0x53, 0x61, 0xd8, 0xff, 0xc3, 0x82, 0x53, 0x99, 0x43, 0x71, 0x17, 0xd4, 0x91, 0x9d, 0xa4,
-	0x3a, 0x52, 0xcd, 0xeb, 0x48, 0x6a, 0x7c, 0x45, 0x0f, 0xd5, 0xe4, 0x3f, 0x58, 0x30, 0xa6, 0xf1,
-	0xef, 0xc2, 0xa7, 0xba, 0xc9, 0x4f, 0xcd, 0xef, 0xf4, 0x5d, 0xe9, 0xfa, 0xb6, 0xdf, 0x2b, 0x80,
-	0x4a, 0x3d, 0x3f, 0x5b, 0x93, 0x0f, 0x7b, 0xec, 0xe3, 0x1b, 0xd1, 0x81, 0x41, 0xe6, 0xda, 0x11,
-	0xe5, 0xe3, 0xb6, 0x96, 0xa4, 0xcf, 0xdc, 0x44, 0xf4, 0x4d, 0x1b, 0xfb, 0x1b, 0x61, 0x41, 0x90,
-	0x3d, 0x95, 0xc3, 0xb3, 0x7a, 0xd7, 0x45, 0x00, 0xaf, 0x7e, 0x2a, 0x47, 0x94, 0x63, 0x85, 0x41,
-	0x05, 0xa6, 0x5b, 0x0b, 0xfc, 0x79, 0xcf, 0x89, 0x22, 0xa1, 0xc3, 0x29, 0x81, 0xb9, 0x28, 0x01,
-	0x58, 0xe3, 0x30, 0xaf, 0x0f, 0x37, 0x6a, 0x79, 0x4e, 0xc7, 0xb0, 0xb1, 0x18, 0x09, 0xa6, 0x14,
-	0x08, 0x9b, 0x78, 0x76, 0x13, 0x26, 0x93, 0x1f, 0xb1, 0x40, 0x36, 0x98, 0xcb, 0x75, 0x5f, 0xc3,
-	0x39, 0x03, 0x15, 0x87, 0xd5, 0x5a, 0x6a, 0x3b, 0x82, 0x27, 0x68, 0xc7, 0x63, 0x09, 0xc0, 0x1a,
-	0xc7, 0xfe, 0x67, 0x16, 0x1c, 0xcf, 0x18, 0xb4, 0x1c, 0x03, 0xa4, 0x63, 0xcd, 0x6d, 0xb2, 0x54,
-	0x9d, 0x1f, 0x80, 0xa1, 0x3a, 0xd9, 0x70, 0xa4, 0x53, 0xaf, 0x19, 0x03, 0xc0, 0x8b, 0xb1, 0x84,
-	0xdb, 0xbf, 0x55, 0x80, 0xf1, 0x64, 0x5f, 0x23, 0x16, 0x74, 0xc8, 0x87, 0xc9, 0x8d, 0x6a, 0xc1,
-	0x36, 0x09, 0x3b, 0xf4, 0xcb, 0xad, 0x54, 0xd0, 0x61, 0x17, 0x06, 0xce, 0xa8, 0xc5, 0x1e, 0x9e,
-	0xa8, 0xab, 0xd1, 0x96, 0x2b, 0xf2, 0x5a, 0x9e, 0x2b, 0x52, 0x4f, 0xa6, 0xe9, 0x00, 0xa4, 0x48,
-	0x62, 0x93, 0x3e, 0x55, 0xb9, 0x58, 0x14, 0xc7, 0x5c, 0xdb, 0xf5, 0x62, 0xd7, 0x17, 0x9f, 0x2c,
-	0xd6, 0xaa, 0x52, 0xb9, 0x96, 0xbb, 0x51, 0x70, 0x56, 0x3d, 0xfb, 0x5b, 0x03, 0xa0, 0x92, 0x7f,
-	0x30, 0x07, 0xcd, 0x9c, 0xdc, 0x5b, 0x0f, 0x1a, 0xba, 0xaa, 0xd6, 0xd6, 0xc0, 0x5e, 0x1e, 0x53,
-	0xdc, 0x30, 0x67, 0x5a, 0xf0, 0xd5, 0x80, 0xad, 0x69, 0x10, 0x36, 0xf1, 0x68, 0x4f, 0x3c, 0x77,
-	0x9b, 0xf0, 0x4a, 0x83, 0xc9, 0x9e, 0x2c, 0x49, 0x00, 0xd6, 0x38, 0x2c, 0xcf, 0xb4, 0xbb, 0xb1,
-	0x21, 0xac, 0x4c, 0x3a, 0xcf, 0xb4, 0xbb, 0xb1, 0x81, 0x19, 0x84, 0x3f, 0x4d, 0x14, 0x6c, 0x89,
-	0x63, 0x86, 0xf1, 0x34, 0x51, 0xb0, 0x85, 0x19, 0x84, 0xce, 0x92, 0x1f, 0x84, 0x4d, 0xc7, 0x73,
-	0x5f, 0x23, 0x75, 0x45, 0x45, 0x1c, 0x2f, 0xd4, 0x2c, 0x5d, 0xe9, 0x46, 0xc1, 0x59, 0xf5, 0xe8,
-	0x82, 0x6e, 0x85, 0xa4, 0xee, 0xd6, 0x62, 0xb3, 0x35, 0x48, 0x2e, 0xe8, 0xd5, 0x2e, 0x0c, 0x9c,
-	0x51, 0x0b, 0xcd, 0xc2, 0xb8, 0x4c, 0xde, 0x22, 0x13, 0x1e, 0x0e, 0x27, 0xb3, 0xa6, 0xe1, 0x24,
-	0x18, 0xa7, 0xf1, 0x29, 0x93, 0x6c, 0x8a, 0x74, 0xad, 0xec, 0x34, 0x62, 0x30, 0x49, 0x99, 0xc6,
-	0x15, 0x2b, 0x0c, 0xfb, 0x83, 0x45, 0x2a, 0xd4, 0x7b, 0x64, 0x45, 0xbe, 0x6b, 0xee, 0xd4, 0xc9,
-	0x15, 0x39, 0xd0, 0xc7, 0x8a, 0x7c, 0x16, 0x46, 0x6e, 0x44, 0x81, 0xaf, 0x5c, 0x95, 0x4b, 0x3d,
-	0x5d, 0x95, 0x0d, 0xac, 0x6c, 0x57, 0xe5, 0xc1, 0xbc, 0x5c, 0x95, 0x87, 0xee, 0xd0, 0x55, 0xf9,
-	0x0f, 0x4b, 0xa0, 0xde, 0x9e, 0xbc, 0x42, 0xe2, 0x9b, 0x41, 0xb8, 0xe5, 0xfa, 0x0d, 0x96, 0x88,
-	0xe4, 0x0b, 0x96, 0xcc, 0x65, 0xb2, 0x64, 0x86, 0xf0, 0x6e, 0xe4, 0xf4, 0x7e, 0x60, 0x82, 0xd8,
-	0xf4, 0x9a, 0x41, 0x88, 0xbb, 0xbc, 0xa4, 0x72, 0xa6, 0x88, 0x4b, 0x83, 0x44, 0x8f, 0xd0, 0x4f,
-	0x03, 0x48, 0x93, 0xfc, 0x86, 0xe4, 0xc0, 0x8b, 0xf9, 0xf4, 0x0f, 0x93, 0x0d, 0xad, 0x52, 0xaf,
-	0x29, 0x22, 0xd8, 0x20, 0x88, 0x3e, 0xaa, 0xc3, 0x9b, 0x79, 0x4c, 0xd3, 0x7b, 0x8f, 0x64, 0x6c,
-	0xfa, 0x09, 0x6e, 0xc6, 0x30, 0xe4, 0xfa, 0x0d, 0xba, 0x4e, 0x84, 0x4b, 0xe7, 0xdb, 0xb2, 0xf2,
-	0x5c, 0x2d, 0x05, 0x4e, 0x7d, 0xce, 0xf1, 0x1c, 0xbf, 0x46, 0xc2, 0x45, 0x8e, 0xae, 0x25, 0xa8,
-	0x28, 0xc0, 0xb2, 0xa1, 0xae, 0x07, 0x32, 0x4b, 0xfd, 0x3c, 0x90, 0x79, 0xfa, 0xc7, 0x60, 0xa2,
-	0x6b, 0x32, 0x0f, 0x14, 0xcb, 0x7c, 0x88, 0x0c, 0x57, 0xbf, 0x3d, 0xa8, 0x85, 0xd6, 0x95, 0xa0,
-	0xce, 0xdf, 0x5b, 0x0c, 0xf5, 0x8c, 0x0a, 0x95, 0x39, 0xc7, 0x25, 0xa2, 0xc4, 0x8c, 0x51, 0x88,
-	0x4d, 0x92, 0x74, 0x8d, 0xb6, 0x9c, 0x90, 0xf8, 0x47, 0xbd, 0x46, 0x57, 0x15, 0x11, 0x6c, 0x10,
-	0x44, 0x9b, 0x89, 0xa0, 0xbb, 0xf3, 0x87, 0x0f, 0xba, 0x63, 0x59, 0x47, 0xb3, 0x9e, 0x25, 0x7b,
-	0xdd, 0x82, 0x31, 0x3f, 0xb1, 0x72, 0xf3, 0xf1, 0xb3, 0xcf, 0xde, 0x15, 0xfc, 0xe9, 0xe2, 0x64,
-	0x19, 0x4e, 0xd1, 0xcf, 0x12, 0x69, 0xa5, 0x03, 0x8a, 0x34, 0xfd, 0xde, 0xeb, 0x60, 0xaf, 0xf7,
-	0x5e, 0x91, 0xaf, 0x1e, 0xe2, 0x1e, 0xca, 0x23, 0x4f, 0x48, 0xe2, 0x15, 0x6e, 0xc8, 0x78, 0x81,
-	0xfb, 0xba, 0x19, 0x93, 0x7b, 0xf0, 0x07, 0x99, 0x47, 0x7b, 0xc5, 0xee, 0xda, 0xff, 0x7b, 0x00,
-	0x8e, 0xc9, 0x11, 0x91, 0x31, 0x3a, 0x54, 0x3e, 0x72, 0xba, 0x5a, 0x57, 0x56, 0xf2, 0xf1, 0xa2,
-	0x04, 0x60, 0x8d, 0x43, 0xf5, 0xb1, 0x76, 0x44, 0x56, 0x5a, 0xc4, 0x5f, 0x72, 0xd7, 0x23, 0x71,
-	0xfd, 0xae, 0x36, 0xca, 0x55, 0x0d, 0xc2, 0x26, 0x1e, 0x0b, 0x1c, 0x36, 0x94, 0x56, 0x33, 0x70,
-	0x58, 0x28, 0xaa, 0x12, 0x8e, 0x3e, 0x9b, 0xf9, 0x4c, 0x43, 0x3e, 0x91, 0xad, 0x5d, 0xa1, 0x49,
-	0x07, 0x7b, 0x9f, 0x01, 0xfd, 0x23, 0x0b, 0x4e, 0xf2, 0x52, 0x39, 0x92, 0x57, 0x5b, 0x75, 0x27,
-	0x26, 0x51, 0x3e, 0x4f, 0x5a, 0x65, 0xf4, 0x4f, 0x5b, 0xd1, 0xb3, 0xc8, 0xe2, 0xec, 0xde, 0xa0,
-	0x4f, 0x59, 0x30, 0xbe, 0x95, 0x48, 0x36, 0x25, 0x45, 0xc7, 0x61, 0xf3, 0xc0, 0x24, 0x1a, 0xd5,
-	0x5b, 0x2d, 0x59, 0x1e, 0xe1, 0x34, 0x75, 0xfb, 0xaf, 0x2c, 0x30, 0xd9, 0xe8, 0xdd, 0xcf, 0x51,
-	0x75, 0x70, 0x55, 0x50, 0x6a, 0x97, 0xa5, 0x9e, 0xda, 0xe5, 0x23, 0x50, 0x6c, 0xbb, 0x75, 0x71,
-	0xbe, 0xd0, 0x17, 0xfe, 0x8b, 0x0b, 0x98, 0x96, 0xdb, 0xdf, 0x2c, 0x69, 0x33, 0x88, 0x08, 0x1c,
-	0xfd, 0x9e, 0xf8, 0xec, 0x0d, 0x95, 0x7c, 0x96, 0x7f, 0xf9, 0x95, 0xae, 0xe4, 0xb3, 0x3f, 0x72,
-	0xf0, 0xb8, 0x60, 0x3e, 0x40, 0xbd, 0x72, 0xcf, 0x0e, 0xed, 0x13, 0x14, 0x7c, 0x03, 0xca, 0xf4,
-	0x08, 0xc6, 0xec, 0x99, 0xe5, 0x44, 0xa7, 0xca, 0x17, 0x45, 0xf9, 0xed, 0xdd, 0xa9, 0x1f, 0x3e,
-	0x78, 0xb7, 0x64, 0x6d, 0xac, 0xda, 0x47, 0x11, 0x54, 0xe8, 0x6f, 0x16, 0xbf, 0x2c, 0x0e, 0x77,
-	0x57, 0x15, 0xcf, 0x94, 0x80, 0x5c, 0x82, 0xa3, 0x35, 0x1d, 0xe4, 0x43, 0x85, 0x22, 0x72, 0xa2,
-	0xfc, 0x0c, 0xb8, 0xaa, 0xa2, 0x88, 0x25, 0xe0, 0xf6, 0xee, 0xd4, 0x0b, 0x07, 0x27, 0xaa, 0xaa,
-	0x63, 0x4d, 0xc2, 0x10, 0x8d, 0xc3, 0x3d, 0x9f, 0x42, 0xff, 0x3f, 0x03, 0x7a, 0x7d, 0x8b, 0xbc,
-	0xc4, 0xdf, 0x13, 0xeb, 0xfb, 0xf9, 0xd4, 0xfa, 0x3e, 0xd3, 0xb5, 0xbe, 0xc7, 0xe8, 0x98, 0x65,
-	0x64, 0x4b, 0xbe, 0xdb, 0xca, 0xc2, 0xfe, 0x36, 0x09, 0xa6, 0x25, 0xbd, 0xda, 0x76, 0x43, 0x12,
-	0xad, 0x86, 0x6d, 0xdf, 0xf5, 0x1b, 0x6c, 0xc9, 0x96, 0x4d, 0x2d, 0x29, 0x01, 0xc6, 0x69, 0x7c,
-	0x7a, 0xf0, 0xa7, 0xeb, 0xe2, 0xba, 0xb3, 0xcd, 0x57, 0x9e, 0x91, 0x13, 0xb2, 0x2a, 0xca, 0xb1,
-	0xc2, 0x40, 0x9b, 0xf0, 0xb0, 0x6c, 0x60, 0x81, 0x78, 0x84, 0x7e, 0x10, 0x73, 0x64, 0x0c, 0x9b,
-	0x3c, 0xcc, 0x80, 0xfb, 0xa2, 0xbc, 0x55, 0xb4, 0xf0, 0x30, 0xde, 0x03, 0x17, 0xef, 0xd9, 0x92,
-	0xfd, 0x45, 0xe6, 0xba, 0x60, 0xa4, 0x71, 0xa0, 0xab, 0xcf, 0x73, 0x9b, 0xae, 0x4c, 0x5d, 0xa9,
-	0x56, 0xdf, 0x12, 0x2d, 0xc4, 0x1c, 0x86, 0x6e, 0xc2, 0xd0, 0x3a, 0x7f, 0x22, 0x3d, 0x9f, 0xa7,
-	0x89, 0xc4, 0x7b, 0xeb, 0x2c, 0x6d, 0xb5, 0x7c, 0x7c, 0xfd, 0xb6, 0xfe, 0x89, 0x25, 0x35, 0xfb,
-	0x6b, 0x25, 0x18, 0x97, 0xee, 0x65, 0x17, 0xdd, 0x88, 0x79, 0x24, 0x98, 0xb9, 0xfc, 0x0b, 0xfb,
-	0xe6, 0xf2, 0x7f, 0x0f, 0x40, 0x9d, 0xb4, 0xbc, 0xa0, 0xc3, 0x94, 0xc3, 0x81, 0x03, 0x2b, 0x87,
-	0xea, 0x3c, 0xb1, 0xa0, 0x5a, 0xc1, 0x46, 0x8b, 0x22, 0x5f, 0x27, 0x7f, 0x1a, 0x20, 0x95, 0xaf,
-	0xd3, 0x78, 0xc0, 0x6c, 0xf0, 0xee, 0x3e, 0x60, 0xe6, 0xc2, 0x38, 0xef, 0xa2, 0x4a, 0x96, 0x70,
-	0x07, 0x39, 0x11, 0x58, 0xb8, 0xd9, 0x42, 0xb2, 0x19, 0x9c, 0x6e, 0xd7, 0x7c, 0x9d, 0xac, 0x7c,
-	0xb7, 0x5f, 0x27, 0x7b, 0x3b, 0x54, 0xe4, 0x3c, 0x47, 0x93, 0x15, 0x9d, 0xc8, 0x47, 0x2e, 0x83,
-	0x08, 0x6b, 0x78, 0x57, 0xde, 0x17, 0xb8, 0x57, 0x79, 0x5f, 0xec, 0xd7, 0x8b, 0xf4, 0x54, 0xc1,
-	0xfb, 0x75, 0xe0, 0xc7, 0xfd, 0x2e, 0x1a, 0x8f, 0xfb, 0x1d, 0x6c, 0x3e, 0xcb, 0xa9, 0x47, 0x00,
-	0x1f, 0x86, 0x81, 0xd8, 0x69, 0xc8, 0xe8, 0x58, 0x06, 0x5d, 0x73, 0x1a, 0x11, 0x66, 0xa5, 0x07,
-	0x49, 0x6f, 0xfc, 0x02, 0x8c, 0x46, 0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x8c, 0xfb, 0x4b, 0xed,
-	0xa4, 0x63, 0x02, 0x71, 0x12, 0x17, 0x7d, 0xc8, 0x02, 0x08, 0x89, 0x3a, 0xb3, 0x0c, 0xe6, 0xb1,
-	0x86, 0x14, 0x1b, 0x90, 0xed, 0x9a, 0xf9, 0x3a, 0xd4, 0x59, 0xc5, 0x20, 0x6b, 0x7f, 0xc4, 0x82,
-	0x89, 0xae, 0x5a, 0xa8, 0x05, 0x83, 0x35, 0xf6, 0x04, 0x63, 0x3e, 0x09, 0x21, 0x93, 0xcf, 0x39,
-	0x72, 0xe1, 0xc4, 0xcb, 0xb0, 0xa0, 0x63, 0x7f, 0x79, 0x04, 0x4e, 0x54, 0xe7, 0x97, 0xe5, 0x83,
-	0x3c, 0x47, 0x16, 0xee, 0x9b, 0x45, 0xe3, 0xee, 0x85, 0xfb, 0xf6, 0xa0, 0xee, 0x19, 0xe1, 0xbe,
-	0x9e, 0x11, 0xee, 0x9b, 0x8c, 0xbd, 0x2c, 0xe6, 0x11, 0x7b, 0x99, 0xd5, 0x83, 0x7e, 0x62, 0x2f,
-	0x8f, 0x2c, 0xfe, 0x77, 0xcf, 0x0e, 0x1d, 0x28, 0xfe, 0x57, 0x05, 0x47, 0xe7, 0x12, 0x51, 0xd6,
-	0x63, 0xaa, 0x32, 0x83, 0xa3, 0x55, 0x60, 0x2a, 0x8f, 0x96, 0x14, 0x42, 0xef, 0xe5, 0xfc, 0x3b,
-	0xd0, 0x47, 0x60, 0xaa, 0x08, 0xd8, 0x34, 0x83, 0xa1, 0x87, 0xf2, 0x08, 0x86, 0xce, 0xea, 0xce,
-	0xbe, 0xc1, 0xd0, 0x2f, 0xc0, 0x68, 0xcd, 0x0b, 0x7c, 0xb2, 0x1a, 0x06, 0x71, 0x50, 0x0b, 0xe4,
-	0x83, 0xd7, 0xfa, 0xed, 0x42, 0x13, 0x88, 0x93, 0xb8, 0xbd, 0x22, 0xa9, 0x2b, 0x87, 0x8d, 0xa4,
-	0x86, 0x7b, 0x14, 0x49, 0x6d, 0xc4, 0x0a, 0x0f, 0xe7, 0x11, 0x2b, 0x9c, 0x35, 0x23, 0x7d, 0xbd,
-	0x68, 0xfd, 0x06, 0x7f, 0xef, 0x9d, 0x1e, 0x46, 0x38, 0x17, 0x66, 0x57, 0x74, 0xc3, 0x67, 0x5f,
-	0x39, 0x82, 0x05, 0x7b, 0xbd, 0xaa, 0xc9, 0xa8, 0x37, 0xe0, 0x75, 0x11, 0x4e, 0x76, 0xe4, 0x30,
-	0x61, 0xcc, 0x9f, 0x2b, 0xc0, 0xf7, 0xed, 0xdb, 0x05, 0x74, 0x13, 0x20, 0x76, 0x1a, 0x62, 0xa1,
-	0x8a, 0x8b, 0xac, 0x43, 0xfa, 0x15, 0xaf, 0xc9, 0xf6, 0x44, 0x88, 0x9d, 0x6a, 0x1e, 0x1b, 0xa4,
-	0x98, 0x3b, 0x71, 0xe0, 0x75, 0xe5, 0x72, 0xc6, 0x81, 0x47, 0x30, 0x83, 0x50, 0x45, 0x28, 0x24,
-	0x0d, 0xaa, 0xdc, 0x17, 0x93, 0x8a, 0x10, 0x66, 0xa5, 0x58, 0x40, 0xd1, 0x73, 0x30, 0xec, 0x78,
-	0x1e, 0x0f, 0xf7, 0x23, 0x91, 0x78, 0x54, 0x54, 0x27, 0x95, 0xd5, 0x20, 0x6c, 0xe2, 0xd9, 0x7f,
-	0x59, 0x80, 0xa9, 0x7d, 0x78, 0x4a, 0x57, 0x98, 0x77, 0xa9, 0xef, 0x30, 0x6f, 0x11, 0xae, 0x34,
-	0xd8, 0x23, 0x5c, 0xe9, 0x39, 0x18, 0x8e, 0x89, 0xd3, 0x14, 0x9e, 0x88, 0xe9, 0x5c, 0x89, 0x6b,
-	0x1a, 0x84, 0x4d, 0x3c, 0xca, 0xc5, 0xc6, 0x9c, 0x5a, 0x8d, 0x44, 0x91, 0x8c, 0x47, 0x12, 0x56,
-	0xee, 0xdc, 0x82, 0x9d, 0xd8, 0xe5, 0xc1, 0x6c, 0x82, 0x04, 0x4e, 0x91, 0x4c, 0x0f, 0x78, 0xa5,
-	0xcf, 0x01, 0xff, 0x95, 0x02, 0x3c, 0xb2, 0xa7, 0x74, 0xeb, 0x3b, 0x54, 0xac, 0x1d, 0x91, 0x30,
-	0xbd, 0x70, 0xae, 0x46, 0x24, 0xc4, 0x0c, 0xc2, 0x47, 0xa9, 0xd5, 0x52, 0x5e, 0xe4, 0xf9, 0xc7,
-	0x56, 0xf2, 0x51, 0x4a, 0x90, 0xc0, 0x29, 0x92, 0x77, 0xba, 0x2c, 0xbf, 0x36, 0x00, 0x8f, 0xf5,
-	0xa1, 0x03, 0xe4, 0x18, 0x83, 0x9a, 0x8c, 0xaf, 0x2e, 0xde, 0xa3, 0xf8, 0xea, 0x3b, 0x1b, 0xae,
-	0x37, 0xc3, 0xb2, 0xfb, 0x8a, 0x75, 0xfd, 0x62, 0x01, 0x4e, 0xf7, 0x56, 0x58, 0xd0, 0x8f, 0xc2,
-	0x78, 0xa8, 0x5c, 0x12, 0xcd, 0xd0, 0xec, 0xe3, 0xdc, 0xc6, 0x95, 0x00, 0xe1, 0x34, 0x2e, 0x9a,
-	0x06, 0x68, 0x39, 0xf1, 0x66, 0x74, 0x6e, 0xc7, 0x8d, 0x62, 0x91, 0x64, 0x6e, 0x8c, 0xdf, 0xbc,
-	0xca, 0x52, 0x6c, 0x60, 0x50, 0x72, 0xec, 0xdf, 0x42, 0x70, 0x25, 0x88, 0x79, 0x25, 0x7e, 0xf4,
-	0x3c, 0x2e, 0x5f, 0x20, 0x34, 0x40, 0x38, 0x8d, 0x4b, 0xc9, 0xb1, 0xbb, 0x7d, 0xde, 0xd1, 0x01,
-	0x1d, 0xcc, 0xbd, 0xa4, 0x4a, 0xb1, 0x81, 0x91, 0x0e, 0x3a, 0x2f, 0xed, 0x1f, 0x74, 0x6e, 0xff,
-	0xab, 0x02, 0x9c, 0xea, 0xa9, 0xf0, 0xf6, 0xc7, 0xa6, 0xee, 0xbf, 0xc0, 0xef, 0x3b, 0xdc, 0x61,
-	0x07, 0x0a, 0x18, 0xb6, 0xff, 0xbc, 0xc7, 0x4a, 0x13, 0xc1, 0xc0, 0x77, 0x9e, 0x37, 0xe5, 0xfe,
-	0x1b, 0xcf, 0xae, 0xf8, 0xdf, 0x81, 0x03, 0xc4, 0xff, 0xa6, 0x26, 0xa3, 0xd4, 0xa7, 0x74, 0xf8,
-	0x2f, 0x03, 0x3d, 0x87, 0x97, 0x1e, 0x90, 0xfb, 0xba, 0x41, 0x58, 0x80, 0x63, 0xae, 0xcf, 0xde,
-	0x94, 0xad, 0xb6, 0xd7, 0x45, 0xde, 0x31, 0x9e, 0x5c, 0x57, 0x45, 0xdf, 0x2c, 0xa6, 0xe0, 0xb8,
-	0xab, 0xc6, 0x7d, 0x18, 0x8f, 0x7d, 0x67, 0x43, 0x7a, 0x40, 0xce, 0xbd, 0x02, 0x27, 0xe5, 0x50,
-	0x6c, 0x3a, 0x21, 0xa9, 0x0b, 0x61, 0x1b, 0x89, 0x78, 0xab, 0x53, 0x3c, 0x66, 0x2b, 0x03, 0x01,
-	0x67, 0xd7, 0x63, 0x0f, 0x80, 0x06, 0x2d, 0xb7, 0x26, 0x8e, 0x82, 0xfa, 0x01, 0x50, 0x5a, 0x88,
-	0x39, 0x4c, 0xcb, 0x8b, 0xca, 0xdd, 0x91, 0x17, 0xef, 0x81, 0x8a, 0x1a, 0x6f, 0x1e, 0x53, 0xa1,
-	0x16, 0x79, 0x57, 0x4c, 0x85, 0x5a, 0xe1, 0x06, 0xd6, 0x7e, 0xef, 0xec, 0x3f, 0x03, 0x23, 0xca,
-	0x16, 0xd8, 0xef, 0x33, 0xac, 0xf6, 0xff, 0x2d, 0x40, 0xea, 0xc5, 0x31, 0xb4, 0x03, 0x95, 0xba,
-	0x7c, 0xe9, 0x3e, 0x9f, 0xe4, 0xce, 0xea, 0xe1, 0x7c, 0x7d, 0x11, 0xa6, 0x8a, 0xb0, 0x26, 0x86,
-	0xde, 0xc7, 0xf3, 0x28, 0x0b, 0xd2, 0x85, 0x3c, 0x62, 0xf2, 0xab, 0xaa, 0x3d, 0xf3, 0x9d, 0x45,
-	0x59, 0x86, 0x0d, 0x7a, 0x28, 0x86, 0xca, 0xa6, 0x7c, 0x59, 0x2d, 0x1f, 0x76, 0xa7, 0x1e, 0x6a,
-	0xe3, 0x2a, 0x9a, 0xfa, 0x8b, 0x35, 0x21, 0xfb, 0xcf, 0x0a, 0x70, 0x22, 0x39, 0x01, 0xe2, 0xe2,
-	0xf2, 0xd7, 0x2c, 0x78, 0xd0, 0x73, 0xa2, 0xb8, 0xda, 0x66, 0x07, 0x85, 0x8d, 0xb6, 0xb7, 0x92,
-	0x4a, 0xb9, 0x7d, 0x58, 0x63, 0x8b, 0x6a, 0x38, 0xfd, 0x12, 0xdf, 0xdc, 0x43, 0xb7, 0x76, 0xa7,
-	0x1e, 0x5c, 0xca, 0x26, 0x8e, 0x7b, 0xf5, 0x0a, 0xbd, 0x6e, 0xc1, 0xb1, 0x5a, 0x3b, 0x0c, 0x89,
-	0x1f, 0xeb, 0xae, 0xf2, 0x59, 0xbc, 0x92, 0xcb, 0x40, 0xea, 0x0e, 0x9e, 0xa0, 0x0c, 0x75, 0x3e,
-	0x45, 0x0b, 0x77, 0x51, 0xb7, 0x7f, 0x91, 0x4a, 0xce, 0x9e, 0xdf, 0xf9, 0x37, 0xec, 0xe9, 0xc0,
-	0xef, 0x0c, 0xc2, 0x68, 0x22, 0xaf, 0x78, 0xe2, 0xb2, 0xcf, 0xda, 0xf7, 0xb2, 0x8f, 0x45, 0x08,
-	0xb6, 0x7d, 0xf9, 0xaa, 0xba, 0x11, 0x21, 0xd8, 0xf6, 0x09, 0xe6, 0x30, 0x31, 0xa4, 0xb8, 0xed,
-	0x8b, 0x58, 0x00, 0x73, 0x48, 0x71, 0xdb, 0xc7, 0x02, 0x8a, 0x3e, 0x60, 0xc1, 0x08, 0xdb, 0x7c,
-	0xe2, 0xaa, 0x54, 0x08, 0xb4, 0x4b, 0x39, 0x6c, 0x77, 0x99, 0x43, 0x9f, 0xf9, 0x8e, 0x9a, 0x25,
-	0x38, 0x41, 0x11, 0x7d, 0xd8, 0x82, 0x8a, 0x7a, 0xc2, 0x55, 0xdc, 0x8d, 0x54, 0xf3, 0x4d, 0xdb,
-	0x9e, 0xe2, 0x7a, 0x2a, 0x7f, 0x36, 0xd6, 0x84, 0x51, 0xa4, 0xee, 0x31, 0x87, 0x8e, 0xe6, 0x1e,
-	0x13, 0x32, 0xee, 0x30, 0xdf, 0x0e, 0x95, 0xa6, 0xe3, 0xbb, 0x1b, 0x24, 0x8a, 0xf9, 0xd5, 0xa2,
-	0x7c, 0xa5, 0x43, 0x16, 0x62, 0x0d, 0xa7, 0xca, 0x7e, 0xc4, 0x3e, 0x2c, 0x36, 0xee, 0x02, 0x99,
-	0xb2, 0x5f, 0xd5, 0xc5, 0xd8, 0xc4, 0x31, 0x2f, 0x2e, 0xe1, 0x9e, 0x5e, 0x5c, 0x0e, 0xef, 0x73,
-	0x71, 0x59, 0x85, 0x93, 0x4e, 0x3b, 0x0e, 0x2e, 0x12, 0xc7, 0x9b, 0x8d, 0x63, 0xd2, 0x6c, 0xc5,
-	0x11, 0x4f, 0x45, 0x3f, 0xc2, 0x4c, 0xc0, 0xca, 0xdb, 0xad, 0x4a, 0xbc, 0x8d, 0x2e, 0x24, 0x9c,
-	0x5d, 0xd7, 0xfe, 0x17, 0x16, 0x9c, 0xcc, 0x5c, 0x0a, 0xf7, 0x6f, 0x9c, 0x81, 0xfd, 0xe9, 0x12,
-	0x1c, 0xcf, 0x78, 0x75, 0x00, 0x75, 0xcc, 0x4d, 0x62, 0xe5, 0xe1, 0xb2, 0x97, 0xf4, 0x40, 0x93,
-	0x73, 0x93, 0xb1, 0x33, 0x0e, 0xe6, 0x8b, 0xa0, 0xfd, 0x01, 0x8a, 0x77, 0xd7, 0x1f, 0xc0, 0x58,
-	0xeb, 0x03, 0xf7, 0x74, 0xad, 0x97, 0xf6, 0x59, 0xeb, 0x5f, 0xb2, 0x60, 0xb2, 0xd9, 0xe3, 0x09,
-	0x31, 0x71, 0x9f, 0x74, 0xed, 0x68, 0x1e, 0x28, 0x9b, 0x7b, 0xf8, 0xd6, 0xee, 0x54, 0xcf, 0x97,
-	0xdb, 0x70, 0xcf, 0x5e, 0xd9, 0xdf, 0x2a, 0x02, 0xd3, 0xd7, 0x58, 0x66, 0xe9, 0x0e, 0x7a, 0xbf,
-	0xf9, 0x78, 0x89, 0x95, 0xd7, 0x43, 0x1b, 0xbc, 0x71, 0xf5, 0xf8, 0x09, 0x1f, 0xc1, 0xac, 0xb7,
-	0x50, 0xd2, 0x9c, 0xb0, 0xd0, 0x07, 0x27, 0xf4, 0xe4, 0x2b, 0x31, 0xc5, 0xfc, 0x5f, 0x89, 0xa9,
-	0xa4, 0x5f, 0x88, 0xd9, 0x7b, 0x8a, 0x07, 0xee, 0xcb, 0x29, 0xfe, 0x1d, 0x8b, 0x33, 0x9e, 0xd4,
-	0x2c, 0x68, 0x75, 0xc3, 0xda, 0x43, 0xdd, 0x78, 0x12, 0xca, 0x91, 0xe0, 0xcc, 0x42, 0x2d, 0xd1,
-	0xae, 0x60, 0xa2, 0x1c, 0x2b, 0x0c, 0x7a, 0xea, 0x72, 0x3c, 0x2f, 0xb8, 0x79, 0xae, 0xd9, 0x8a,
-	0x3b, 0x42, 0x41, 0x51, 0xc7, 0x82, 0x59, 0x05, 0xc1, 0x06, 0x16, 0x7a, 0x0c, 0x06, 0x79, 0xa6,
-	0x09, 0x61, 0xdc, 0x19, 0xa6, 0xfb, 0x90, 0xa7, 0xa1, 0xa8, 0x63, 0x01, 0xb2, 0x37, 0xc1, 0x38,
-	0x55, 0xdc, 0xf9, 0xb3, 0xcc, 0xea, 0x81, 0xd8, 0x42, 0xaf, 0x07, 0x62, 0xed, 0x7f, 0x50, 0x10,
-	0xa4, 0xf8, 0x29, 0x41, 0x7b, 0x06, 0x5a, 0x07, 0xf4, 0x0c, 0x7c, 0x1f, 0x40, 0x2d, 0x68, 0xb6,
-	0xe8, 0xb9, 0x79, 0x2d, 0xc8, 0xe7, 0xb0, 0x35, 0xaf, 0xda, 0xd3, 0xa3, 0xaa, 0xcb, 0xb0, 0x41,
-	0x2f, 0xc1, 0xda, 0x8b, 0xfb, 0xb2, 0xf6, 0x04, 0x97, 0x1b, 0xd8, 0x9b, 0xcb, 0xd9, 0x7f, 0x69,
-	0x41, 0x42, 0xeb, 0x43, 0x2d, 0x28, 0xd1, 0xee, 0x76, 0x04, 0xc3, 0x58, 0xc9, 0x4f, 0xc5, 0xa4,
-	0x9c, 0x5a, 0xec, 0x42, 0xf6, 0x13, 0x73, 0x42, 0xc8, 0x13, 0x5e, 0x90, 0xb9, 0x1c, 0x7e, 0x4c,
-	0x82, 0x17, 0x83, 0x60, 0x8b, 0x3b, 0x13, 0x69, 0x8f, 0x4a, 0xfb, 0x79, 0x98, 0xe8, 0xea, 0x14,
-	0x7b, 0xca, 0x39, 0x90, 0x27, 0x78, 0x63, 0xf7, 0xb0, 0x84, 0x0f, 0x98, 0xc3, 0xec, 0x2f, 0x5a,
-	0x70, 0x2c, 0xdd, 0x3c, 0x7a, 0xc3, 0x82, 0x89, 0x28, 0xdd, 0xde, 0x51, 0x8d, 0x9d, 0x8a, 0x76,
-	0xe8, 0x02, 0xe1, 0xee, 0x4e, 0xd8, 0xff, 0x5d, 0x48, 0x83, 0xeb, 0xae, 0x5f, 0x0f, 0x6e, 0x2a,
-	0x3d, 0xc9, 0xea, 0xa9, 0x27, 0x51, 0xf6, 0x50, 0xdb, 0x24, 0xf5, 0xb6, 0xd7, 0x95, 0x86, 0xa2,
-	0x2a, 0xca, 0xb1, 0xc2, 0x60, 0x51, 0xf7, 0x6d, 0x71, 0x6e, 0x4d, 0x2d, 0xca, 0x05, 0x51, 0x8e,
-	0x15, 0x06, 0x7a, 0x16, 0x46, 0x8c, 0x8f, 0x94, 0xeb, 0x92, 0x1d, 0x3a, 0x0c, 0x09, 0x1e, 0xe1,
-	0x04, 0x16, 0x9a, 0x06, 0x50, 0x3a, 0x97, 0x94, 0xd8, 0xcc, 0xd0, 0xae, 0x18, 0x63, 0x84, 0x0d,
-	0x0c, 0x96, 0xe3, 0xc2, 0x6b, 0x47, 0xec, 0x26, 0x79, 0x50, 0xbf, 0xb4, 0x30, 0x2f, 0xca, 0xb0,
-	0x82, 0x52, 0xe6, 0xd6, 0x74, 0xfc, 0xb6, 0xe3, 0xd1, 0x11, 0x12, 0xa6, 0x33, 0xb5, 0x0d, 0x97,
-	0x15, 0x04, 0x1b, 0x58, 0xf4, 0x8b, 0x63, 0xb7, 0x49, 0x5e, 0x0a, 0x7c, 0xe9, 0xa5, 0xae, 0x9d,
-	0x0b, 0x44, 0x39, 0x56, 0x18, 0xe8, 0x79, 0x18, 0x76, 0xfc, 0x3a, 0x57, 0x10, 0x83, 0x50, 0xdc,
-	0x51, 0xaa, 0xd3, 0xe7, 0xd5, 0x88, 0xcc, 0x6a, 0x28, 0x36, 0x51, 0xd3, 0xcf, 0x4c, 0x40, 0x9f,
-	0xcf, 0xd8, 0xfd, 0x85, 0x05, 0xe3, 0x3a, 0x69, 0x11, 0xb3, 0xb0, 0x25, 0x4c, 0x8b, 0xd6, 0xbe,
-	0xa6, 0xc5, 0x64, 0xee, 0x92, 0x42, 0x5f, 0xb9, 0x4b, 0xcc, 0xb4, 0x22, 0xc5, 0x3d, 0xd3, 0x8a,
-	0x7c, 0x3f, 0x0c, 0x6d, 0x91, 0x8e, 0x91, 0x7f, 0x84, 0x09, 0x87, 0xcb, 0xbc, 0x08, 0x4b, 0x18,
-	0xb2, 0x61, 0xb0, 0xe6, 0xa8, 0x1c, 0x86, 0x23, 0xc2, 0x37, 0x6d, 0x96, 0x21, 0x09, 0x88, 0xbd,
-	0x02, 0x15, 0x75, 0xa9, 0x2f, 0x2d, 0x7d, 0x56, 0xb6, 0xa5, 0xaf, 0xaf, 0xf4, 0x06, 0x73, 0xeb,
-	0x5f, 0xfd, 0xf6, 0xa3, 0x6f, 0xf9, 0xe3, 0x6f, 0x3f, 0xfa, 0x96, 0x3f, 0xfd, 0xf6, 0xa3, 0x6f,
-	0xf9, 0xc0, 0xad, 0x47, 0xad, 0xaf, 0xde, 0x7a, 0xd4, 0xfa, 0xe3, 0x5b, 0x8f, 0x5a, 0x7f, 0x7a,
-	0xeb, 0x51, 0xeb, 0x5b, 0xb7, 0x1e, 0xb5, 0x5e, 0xff, 0xcf, 0x8f, 0xbe, 0xe5, 0xa5, 0xcc, 0xb8,
-	0x08, 0xfa, 0xe3, 0xa9, 0x5a, 0x7d, 0x66, 0xfb, 0x19, 0xe6, 0x9a, 0x4f, 0xf7, 0xf3, 0x8c, 0xb1,
-	0x88, 0x67, 0xe4, 0x7e, 0xfe, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x3f, 0x2c, 0x1c, 0xba, 0x67,
-	0xff, 0x00, 0x00,
+	// 12344 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7,
+	0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0x1d, 0xfa, 0xee, 0x48, 0xdc, 0xf1, 0x03, 0xe7,
+	0xa1, 0x4c, 0xd1, 0x11, 0x09, 0x98, 0x47, 0x52, 0x66, 0x4c, 0x5b, 0x36, 0x3e, 0xee, 0x03, 0x77,
+	0xc0, 0x01, 0xec, 0xc5, 0xdd, 0x59, 0x94, 0x29, 0x6a, 0xb0, 0xdb, 0x58, 0xcc, 0x61, 0x76, 0x66,
+	0x39, 0x33, 0x8b, 0xc3, 0xd2, 0xb2, 0x2c, 0x59, 0x92, 0x2d, 0x5b, 0x5f, 0x8c, 0x95, 0x8a, 0xa8,
+	0x24, 0x52, 0xe4, 0xd8, 0xf9, 0xaa, 0x94, 0xca, 0x4a, 0xfc, 0x23, 0xae, 0xb2, 0x5d, 0x2a, 0x7f,
+	0x94, 0x4a, 0x8e, 0x93, 0xd8, 0x51, 0x29, 0x96, 0x13, 0x5b, 0x88, 0x74, 0x49, 0xca, 0xae, 0x54,
+	0xc5, 0x55, 0x76, 0xf2, 0x23, 0x75, 0x49, 0xa5, 0x52, 0xfd, 0xdd, 0x33, 0x3b, 0x0b, 0x2c, 0x0e,
+	0x83, 0xbb, 0x93, 0xcc, 0x7f, 0xbb, 0xfd, 0xde, 0xbc, 0xd7, 0xd3, 0xd3, 0xfd, 0xde, 0xeb, 0xd7,
+	0xef, 0xbd, 0x86, 0xa5, 0x86, 0x1b, 0x6f, 0xb6, 0xd7, 0xa7, 0x6b, 0x41, 0x73, 0xc6, 0x09, 0x1b,
+	0x41, 0x2b, 0x0c, 0x6e, 0xb0, 0x1f, 0x4f, 0xd5, 0xea, 0x33, 0xdb, 0xcf, 0xcc, 0xb4, 0xb6, 0x1a,
+	0x33, 0x4e, 0xcb, 0x8d, 0x66, 0x9c, 0x56, 0xcb, 0x73, 0x6b, 0x4e, 0xec, 0x06, 0xfe, 0xcc, 0xf6,
+	0xd3, 0x8e, 0xd7, 0xda, 0x74, 0x9e, 0x9e, 0x69, 0x10, 0x9f, 0x84, 0x4e, 0x4c, 0xea, 0xd3, 0xad,
+	0x30, 0x88, 0x03, 0xf4, 0x43, 0x9a, 0xda, 0xb4, 0xa4, 0xc6, 0x7e, 0xbc, 0x52, 0xab, 0x4f, 0x6f,
+	0x3f, 0x33, 0xdd, 0xda, 0x6a, 0x4c, 0x53, 0x6a, 0xd3, 0x06, 0xb5, 0x69, 0x49, 0xed, 0xf4, 0x53,
+	0x46, 0x5f, 0x1a, 0x41, 0x23, 0x98, 0x61, 0x44, 0xd7, 0xdb, 0x1b, 0xec, 0x1f, 0xfb, 0xc3, 0x7e,
+	0x71, 0x66, 0xa7, 0xed, 0xad, 0xe7, 0xa3, 0x69, 0x37, 0xa0, 0xdd, 0x9b, 0xa9, 0x05, 0x21, 0x99,
+	0xd9, 0xee, 0xea, 0xd0, 0xe9, 0x8b, 0x1a, 0x87, 0xec, 0xc4, 0xc4, 0x8f, 0xdc, 0xc0, 0x8f, 0x9e,
+	0xa2, 0x5d, 0x20, 0xe1, 0x36, 0x09, 0xcd, 0xd7, 0x33, 0x10, 0xb2, 0x28, 0x3d, 0xab, 0x29, 0x35,
+	0x9d, 0xda, 0xa6, 0xeb, 0x93, 0xb0, 0xa3, 0x1f, 0x6f, 0x92, 0xd8, 0xc9, 0x7a, 0x6a, 0xa6, 0xd7,
+	0x53, 0x61, 0xdb, 0x8f, 0xdd, 0x26, 0xe9, 0x7a, 0xe0, 0x1d, 0xfb, 0x3d, 0x10, 0xd5, 0x36, 0x49,
+	0xd3, 0xe9, 0x7a, 0xee, 0x99, 0x5e, 0xcf, 0xb5, 0x63, 0xd7, 0x9b, 0x71, 0xfd, 0x38, 0x8a, 0xc3,
+	0xf4, 0x43, 0xf6, 0xdf, 0xb7, 0x60, 0x74, 0xf6, 0x7a, 0x75, 0xb6, 0x1d, 0x6f, 0xce, 0x07, 0xfe,
+	0x86, 0xdb, 0x40, 0xcf, 0xc1, 0x70, 0xcd, 0x6b, 0x47, 0x31, 0x09, 0xaf, 0x38, 0x4d, 0x32, 0x69,
+	0x9d, 0xb1, 0x9e, 0xa8, 0xcc, 0x1d, 0xff, 0xea, 0xee, 0xd4, 0x5b, 0x6e, 0xed, 0x4e, 0x0d, 0xcf,
+	0x6b, 0x10, 0x36, 0xf1, 0xd0, 0xf7, 0xc1, 0x50, 0x18, 0x78, 0x64, 0x16, 0x5f, 0x99, 0x2c, 0xb0,
+	0x47, 0xc6, 0xc5, 0x23, 0x43, 0x98, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0xad, 0x30, 0xd8, 0x70, 0x3d,
+	0x32, 0x59, 0x4c, 0xa2, 0xae, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x67, 0x0b, 0x30, 0x3e, 0xdb, 0x6a,
+	0x5d, 0x24, 0x8e, 0x17, 0x6f, 0x56, 0x63, 0x27, 0x6e, 0x47, 0xa8, 0x01, 0x83, 0x11, 0xfb, 0x25,
+	0xfa, 0xb6, 0x22, 0x9e, 0x1e, 0xe4, 0xf0, 0xdb, 0xbb, 0x53, 0x3f, 0x9c, 0x35, 0xa3, 0x1b, 0x6e,
+	0x1c, 0xb4, 0xa2, 0xa7, 0x88, 0xdf, 0x70, 0x7d, 0xc2, 0xc6, 0x65, 0x93, 0x51, 0x9d, 0x36, 0x89,
+	0xcf, 0x07, 0x75, 0x82, 0x05, 0x79, 0xda, 0xcf, 0x26, 0x89, 0x22, 0xa7, 0x41, 0xd2, 0xaf, 0xb4,
+	0xcc, 0x9b, 0xb1, 0x84, 0xa3, 0x10, 0x90, 0xe7, 0x44, 0xf1, 0x5a, 0xe8, 0xf8, 0x91, 0x4b, 0xa7,
+	0xf4, 0x9a, 0xdb, 0xe4, 0x6f, 0x37, 0x7c, 0xf6, 0x6f, 0x4c, 0xf3, 0x0f, 0x33, 0x6d, 0x7e, 0x18,
+	0xbd, 0x0e, 0xe8, 0xbc, 0x99, 0xde, 0x7e, 0x7a, 0x9a, 0x3e, 0x31, 0xf7, 0xc0, 0xad, 0xdd, 0x29,
+	0xb4, 0xd4, 0x45, 0x09, 0x67, 0x50, 0xb7, 0xff, 0xa8, 0x00, 0x30, 0xdb, 0x6a, 0xad, 0x86, 0xc1,
+	0x0d, 0x52, 0x8b, 0xd1, 0x7b, 0xa1, 0x4c, 0x49, 0xd5, 0x9d, 0xd8, 0x61, 0x03, 0x33, 0x7c, 0xf6,
+	0xfb, 0xfb, 0x63, 0xbc, 0xb2, 0x4e, 0x9f, 0x5f, 0x26, 0xb1, 0x33, 0x87, 0xc4, 0x0b, 0x82, 0x6e,
+	0xc3, 0x8a, 0x2a, 0xf2, 0x61, 0x20, 0x6a, 0x91, 0x1a, 0x1b, 0x8c, 0xe1, 0xb3, 0x4b, 0xd3, 0x87,
+	0x59, 0xe9, 0xd3, 0xba, 0xe7, 0xd5, 0x16, 0xa9, 0xcd, 0x8d, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66,
+	0x7c, 0xd0, 0xb6, 0xfa, 0xd0, 0x7c, 0x20, 0xaf, 0xe4, 0xc6, 0x91, 0x51, 0x9d, 0x1b, 0x4b, 0x4e,
+	0x1c, 0xf9, 0xdd, 0xed, 0x6f, 0x5a, 0x30, 0xa6, 0x91, 0x97, 0xdc, 0x28, 0x46, 0x3f, 0xde, 0x35,
+	0xb8, 0xd3, 0xfd, 0x0d, 0x2e, 0x7d, 0x9a, 0x0d, 0xed, 0x31, 0xc1, 0xac, 0x2c, 0x5b, 0x8c, 0x81,
+	0x6d, 0x42, 0xc9, 0x8d, 0x49, 0x33, 0x9a, 0x2c, 0x9c, 0x29, 0x3e, 0x31, 0x7c, 0xf6, 0x62, 0x5e,
+	0xef, 0x39, 0x37, 0x2a, 0x98, 0x96, 0x16, 0x29, 0x79, 0xcc, 0xb9, 0xd8, 0x7f, 0x35, 0x6a, 0xbe,
+	0x1f, 0x1d, 0x70, 0xf4, 0x34, 0x0c, 0x47, 0x41, 0x3b, 0xac, 0x11, 0x4c, 0x5a, 0x01, 0x5d, 0x58,
+	0x45, 0x3a, 0xdd, 0xe9, 0x82, 0xaf, 0xea, 0x66, 0x6c, 0xe2, 0xa0, 0x4f, 0x5a, 0x30, 0x52, 0x27,
+	0x51, 0xec, 0xfa, 0x8c, 0xbf, 0xec, 0xfc, 0xda, 0xa1, 0x3b, 0x2f, 0x1b, 0x17, 0x34, 0xf1, 0xb9,
+	0x13, 0xe2, 0x45, 0x46, 0x8c, 0xc6, 0x08, 0x27, 0xf8, 0x53, 0xc1, 0x55, 0x27, 0x51, 0x2d, 0x74,
+	0x5b, 0xf4, 0xbf, 0x10, 0x2d, 0x4a, 0x70, 0x2d, 0x68, 0x10, 0x36, 0xf1, 0x90, 0x0f, 0x25, 0x2a,
+	0x98, 0xa2, 0xc9, 0x01, 0xd6, 0xff, 0xc5, 0xc3, 0xf5, 0x5f, 0x0c, 0x2a, 0x95, 0x79, 0x7a, 0xf4,
+	0xe9, 0xbf, 0x08, 0x73, 0x36, 0xe8, 0x13, 0x16, 0x4c, 0x0a, 0xc1, 0x89, 0x09, 0x1f, 0xd0, 0xeb,
+	0x9b, 0x6e, 0x4c, 0x3c, 0x37, 0x8a, 0x27, 0x4b, 0xac, 0x0f, 0x33, 0xfd, 0xcd, 0xad, 0x0b, 0x61,
+	0xd0, 0x6e, 0x5d, 0x76, 0xfd, 0xfa, 0xdc, 0x19, 0xc1, 0x69, 0x72, 0xbe, 0x07, 0x61, 0xdc, 0x93,
+	0x25, 0xfa, 0xb4, 0x05, 0xa7, 0x7d, 0xa7, 0x49, 0xa2, 0x96, 0x43, 0x3f, 0x2d, 0x07, 0xcf, 0x79,
+	0x4e, 0x6d, 0x8b, 0xf5, 0x68, 0xf0, 0xce, 0x7a, 0x64, 0x8b, 0x1e, 0x9d, 0xbe, 0xd2, 0x93, 0x34,
+	0xde, 0x83, 0x2d, 0xfa, 0x25, 0x0b, 0x26, 0x82, 0xb0, 0xb5, 0xe9, 0xf8, 0xa4, 0x2e, 0xa1, 0xd1,
+	0xe4, 0x10, 0x5b, 0x7a, 0xef, 0x39, 0xdc, 0x27, 0x5a, 0x49, 0x93, 0x5d, 0x0e, 0x7c, 0x37, 0x0e,
+	0xc2, 0x2a, 0x89, 0x63, 0xd7, 0x6f, 0x44, 0x73, 0x27, 0x6f, 0xed, 0x4e, 0x4d, 0x74, 0x61, 0xe1,
+	0xee, 0xfe, 0xa0, 0x9f, 0x80, 0xe1, 0xa8, 0xe3, 0xd7, 0xae, 0xbb, 0x7e, 0x3d, 0xb8, 0x19, 0x4d,
+	0x96, 0xf3, 0x58, 0xbe, 0x55, 0x45, 0x50, 0x2c, 0x40, 0xcd, 0x00, 0x9b, 0xdc, 0xb2, 0x3f, 0x9c,
+	0x9e, 0x4a, 0x95, 0xbc, 0x3f, 0x9c, 0x9e, 0x4c, 0x7b, 0xb0, 0x45, 0x3f, 0x6b, 0xc1, 0x68, 0xe4,
+	0x36, 0x7c, 0x27, 0x6e, 0x87, 0xe4, 0x32, 0xe9, 0x44, 0x93, 0xc0, 0x3a, 0x72, 0xe9, 0x90, 0xa3,
+	0x62, 0x90, 0x9c, 0x3b, 0x29, 0xfa, 0x38, 0x6a, 0xb6, 0x46, 0x38, 0xc9, 0x37, 0x6b, 0xa1, 0xe9,
+	0x69, 0x3d, 0x9c, 0xef, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, 0xa3, 0x70, 0x8c, 0x37, 0xa9,
+	0x91, 0x8d, 0x26, 0x47, 0x98, 0xa0, 0x3d, 0x71, 0x6b, 0x77, 0xea, 0x58, 0x35, 0x05, 0xc3, 0x5d,
+	0xd8, 0xe8, 0x55, 0x98, 0x6a, 0x91, 0xb0, 0xe9, 0xc6, 0x2b, 0xbe, 0xd7, 0x91, 0xe2, 0xbb, 0x16,
+	0xb4, 0x48, 0x5d, 0x74, 0x27, 0x9a, 0x1c, 0x3d, 0x63, 0x3d, 0x51, 0x9e, 0x7b, 0x9b, 0xe8, 0xe6,
+	0xd4, 0xea, 0xde, 0xe8, 0x78, 0x3f, 0x7a, 0xe8, 0x2b, 0x16, 0x9c, 0x36, 0xa4, 0x6c, 0x95, 0x84,
+	0xdb, 0x6e, 0x8d, 0xcc, 0xd6, 0x6a, 0x41, 0xdb, 0x8f, 0xa3, 0xc9, 0x31, 0x36, 0x8c, 0xeb, 0x47,
+	0x21, 0xf3, 0x93, 0xac, 0xf4, 0xbc, 0xec, 0x89, 0x12, 0xe1, 0x3d, 0x7a, 0x6a, 0xff, 0x5e, 0x01,
+	0x8e, 0xa5, 0x2d, 0x00, 0xf4, 0x8f, 0x2d, 0x18, 0xbf, 0x71, 0x33, 0x5e, 0x0b, 0xb6, 0x88, 0x1f,
+	0xcd, 0x75, 0xa8, 0x9c, 0x66, 0xba, 0x6f, 0xf8, 0x6c, 0x2d, 0x5f, 0x5b, 0x63, 0xfa, 0x52, 0x92,
+	0xcb, 0x39, 0x3f, 0x0e, 0x3b, 0x73, 0x0f, 0x8a, 0x77, 0x1a, 0xbf, 0x74, 0x7d, 0xcd, 0x84, 0xe2,
+	0x74, 0xa7, 0x4e, 0x7f, 0xcc, 0x82, 0x13, 0x59, 0x24, 0xd0, 0x31, 0x28, 0x6e, 0x91, 0x0e, 0xb7,
+	0x84, 0x31, 0xfd, 0x89, 0x5e, 0x86, 0xd2, 0xb6, 0xe3, 0xb5, 0x89, 0x30, 0xd3, 0x2e, 0x1c, 0xee,
+	0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x83, 0x85, 0xe7, 0x2d, 0xfb, 0x0f, 0x8a, 0x30, 0x6c, 0x7c,
+	0xb4, 0xbb, 0x60, 0x7a, 0x06, 0x09, 0xd3, 0x73, 0x39, 0xb7, 0xf9, 0xd6, 0xd3, 0xf6, 0xbc, 0x99,
+	0xb2, 0x3d, 0x57, 0xf2, 0x63, 0xb9, 0xa7, 0xf1, 0x89, 0x62, 0xa8, 0x04, 0x2d, 0xba, 0x45, 0xa3,
+	0x36, 0xcc, 0x40, 0x1e, 0x9f, 0x70, 0x45, 0x92, 0x9b, 0x1b, 0xbd, 0xb5, 0x3b, 0x55, 0x51, 0x7f,
+	0xb1, 0x66, 0x64, 0x7f, 0xc3, 0x82, 0x13, 0x46, 0x1f, 0xe7, 0x03, 0xbf, 0xce, 0x36, 0x1a, 0xe8,
+	0x0c, 0x0c, 0xc4, 0x9d, 0x96, 0xdc, 0x06, 0xaa, 0x91, 0x5a, 0xeb, 0xb4, 0x08, 0x66, 0x90, 0xfb,
+	0x7d, 0x97, 0xf4, 0x69, 0x0b, 0x1e, 0xc8, 0x16, 0x30, 0xe8, 0x71, 0x18, 0xe4, 0x3e, 0x00, 0xf1,
+	0x76, 0xfa, 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x06, 0x2a, 0x4a, 0xe1, 0x89, 0x77, 0x9c, 0x10,
+	0xa8, 0x15, 0xad, 0x25, 0x35, 0x0e, 0x1d, 0x34, 0xfa, 0x47, 0x98, 0xa0, 0x6a, 0xd0, 0xd8, 0xa6,
+	0x99, 0x41, 0xec, 0xaf, 0x5b, 0xf0, 0xd6, 0x7e, 0xc4, 0xde, 0xd1, 0xf5, 0xb1, 0x0a, 0x27, 0xeb,
+	0x64, 0xc3, 0x69, 0x7b, 0x71, 0x92, 0xa3, 0xe8, 0xf4, 0x23, 0xe2, 0xe1, 0x93, 0x0b, 0x59, 0x48,
+	0x38, 0xfb, 0x59, 0xfb, 0x3f, 0x5b, 0x6c, 0xbb, 0x2e, 0x5f, 0xeb, 0x2e, 0x6c, 0x9d, 0xfc, 0xe4,
+	0xd6, 0x69, 0x31, 0xb7, 0x65, 0xda, 0x63, 0xef, 0xf4, 0x09, 0x0b, 0x4e, 0x1b, 0x58, 0xcb, 0x4e,
+	0x5c, 0xdb, 0x3c, 0xb7, 0xd3, 0x0a, 0x49, 0x14, 0xd1, 0x29, 0xf5, 0x88, 0x21, 0x8e, 0xe7, 0x86,
+	0x05, 0x85, 0xe2, 0x65, 0xd2, 0xe1, 0xb2, 0xf9, 0x49, 0x28, 0xf3, 0x35, 0x17, 0x84, 0xe2, 0x23,
+	0xa9, 0x77, 0x5b, 0x11, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0xcc, 0xa5, 0x32, 0x88, 0x9a,
+	0x09, 0x40, 0xbf, 0xfb, 0x35, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x12, 0xdd, 0x59, 0x0d, 0x09, 0x9b,
+	0x0f, 0xf5, 0xf3, 0x2e, 0xf1, 0xea, 0x11, 0xdd, 0xd6, 0x39, 0xbe, 0x1f, 0xc4, 0x62, 0x87, 0x66,
+	0x6c, 0xeb, 0x66, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xcf, 0x59, 0x27, 0x1e, 0x1f, 0x51, 0xc1,
+	0x74, 0x89, 0xb5, 0x60, 0x01, 0xb1, 0x6f, 0x15, 0xd8, 0x06, 0x52, 0x49, 0x34, 0x72, 0x37, 0xbc,
+	0x0f, 0x61, 0x42, 0x05, 0xac, 0xe6, 0x27, 0x8f, 0x49, 0x6f, 0x0f, 0xc4, 0x6b, 0x29, 0x2d, 0x80,
+	0x73, 0xe5, 0xba, 0xb7, 0x17, 0xe2, 0x03, 0x45, 0x98, 0x4a, 0x3e, 0xd0, 0xa5, 0x44, 0xe8, 0x96,
+	0xd7, 0x60, 0x94, 0xf6, 0xd5, 0x19, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0x87, 0x0b, 0x47, 0x29, 0x87,
+	0x4d, 0x35, 0x51, 0xdc, 0x47, 0x4d, 0x3c, 0xae, 0x46, 0x7d, 0x20, 0x25, 0xf3, 0x92, 0xaa, 0xf2,
+	0x0c, 0x0c, 0x44, 0x31, 0x69, 0x4d, 0x96, 0x92, 0x62, 0xb6, 0x1a, 0x93, 0x16, 0x66, 0x10, 0xf4,
+	0xc3, 0x30, 0x1e, 0x3b, 0x61, 0x83, 0xc4, 0x21, 0xd9, 0x76, 0x99, 0x5f, 0x97, 0xed, 0x67, 0x2b,
+	0x73, 0xc7, 0xa9, 0xd5, 0xb5, 0xc6, 0x40, 0x58, 0x82, 0x70, 0x1a, 0xd7, 0xfe, 0xef, 0x05, 0x78,
+	0x30, 0xf9, 0x09, 0xb4, 0x62, 0xfc, 0x91, 0x84, 0x62, 0x7c, 0xbb, 0xa9, 0x18, 0x6f, 0xef, 0x4e,
+	0x3d, 0xd4, 0xe3, 0xb1, 0xef, 0x18, 0xbd, 0x89, 0x2e, 0xa4, 0x3e, 0xc2, 0x4c, 0x97, 0x97, 0xf5,
+	0x91, 0x1e, 0xef, 0x98, 0xfa, 0x4a, 0x8f, 0xc3, 0x60, 0x48, 0x9c, 0x28, 0xf0, 0xc5, 0x77, 0x52,
+	0x5f, 0x13, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xd7, 0x2a, 0xe9, 0xc1, 0xbe, 0xc0, 0x7d, 0xd5, 0x41,
+	0x88, 0x5c, 0x18, 0x60, 0xbb, 0x36, 0x2e, 0x59, 0x2e, 0x1f, 0x6e, 0x15, 0x52, 0x2d, 0xa2, 0x48,
+	0xcf, 0x95, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0x3b, 0x50, 0xae, 0xc9, 0xcd, 0x54, 0x21,
+	0x0f, 0xb7, 0xa3, 0xd8, 0x4a, 0x69, 0x8e, 0x23, 0x54, 0xdc, 0xab, 0x1d, 0x98, 0xe2, 0x86, 0x08,
+	0x14, 0x1b, 0x6e, 0x2c, 0x3e, 0xeb, 0x21, 0xb7, 0xcb, 0x17, 0x5c, 0xe3, 0x15, 0x87, 0xa8, 0x0e,
+	0xba, 0xe0, 0xc6, 0x98, 0xd2, 0x47, 0x1f, 0xb1, 0x60, 0x38, 0xaa, 0x35, 0x57, 0xc3, 0x60, 0xdb,
+	0xad, 0x93, 0x50, 0xd8, 0x98, 0x87, 0x94, 0x6c, 0xd5, 0xf9, 0x65, 0x49, 0x50, 0xf3, 0xe5, 0xee,
+	0x0b, 0x0d, 0xc1, 0x26, 0x5f, 0xba, 0xf7, 0x7a, 0x50, 0xbc, 0xfb, 0x02, 0xa9, 0xb1, 0x15, 0x27,
+	0xf7, 0xcc, 0x6c, 0xa6, 0x1c, 0xda, 0xe6, 0x5e, 0x68, 0xd7, 0xb6, 0xe8, 0x7a, 0xd3, 0x1d, 0x7a,
+	0xe8, 0xd6, 0xee, 0xd4, 0x83, 0xf3, 0xd9, 0x3c, 0x71, 0xaf, 0xce, 0xb0, 0x01, 0x6b, 0xb5, 0x3d,
+	0x0f, 0x93, 0x57, 0xdb, 0x84, 0x79, 0xc4, 0x72, 0x18, 0xb0, 0x55, 0x4d, 0x30, 0x35, 0x60, 0x06,
+	0x04, 0x9b, 0x7c, 0xd1, 0xab, 0x30, 0xd8, 0x74, 0xe2, 0xd0, 0xdd, 0x11, 0x6e, 0xb0, 0x43, 0xee,
+	0x82, 0x96, 0x19, 0x2d, 0xcd, 0x9c, 0x29, 0x7a, 0xde, 0x88, 0x05, 0x23, 0xd4, 0x84, 0x52, 0x93,
+	0x84, 0x0d, 0x32, 0x59, 0xce, 0xc3, 0xe5, 0xbf, 0x4c, 0x49, 0x69, 0x86, 0x15, 0x6a, 0x5c, 0xb1,
+	0x36, 0xcc, 0xb9, 0xa0, 0x97, 0xa1, 0x1c, 0x11, 0x8f, 0xd4, 0xa8, 0x79, 0x54, 0x61, 0x1c, 0x9f,
+	0xe9, 0xd3, 0x54, 0xa4, 0x76, 0x49, 0x55, 0x3c, 0xca, 0x17, 0x98, 0xfc, 0x87, 0x15, 0x49, 0x3a,
+	0x80, 0x2d, 0xaf, 0xdd, 0x70, 0xfd, 0x49, 0xc8, 0x63, 0x00, 0x57, 0x19, 0xad, 0xd4, 0x00, 0xf2,
+	0x46, 0x2c, 0x18, 0xd9, 0xff, 0xcd, 0x02, 0x94, 0x14, 0x6a, 0x77, 0xc1, 0x26, 0x7e, 0x35, 0x69,
+	0x13, 0x2f, 0xe5, 0x69, 0xb4, 0xf4, 0x30, 0x8b, 0x7f, 0xbd, 0x02, 0x29, 0x75, 0x70, 0x85, 0x44,
+	0x31, 0xa9, 0xbf, 0x29, 0xc2, 0xdf, 0x14, 0xe1, 0x6f, 0x8a, 0x70, 0x25, 0xc2, 0xd7, 0x53, 0x22,
+	0xfc, 0x9d, 0xc6, 0xaa, 0xd7, 0xb1, 0x07, 0xaf, 0xa8, 0xe0, 0x04, 0xb3, 0x07, 0x06, 0x02, 0x95,
+	0x04, 0x97, 0xaa, 0x2b, 0x57, 0x32, 0x65, 0xf6, 0x2b, 0x49, 0x99, 0x7d, 0x58, 0x16, 0x7f, 0x1d,
+	0xa4, 0xf4, 0x57, 0x2c, 0x78, 0x5b, 0x52, 0x7a, 0xc9, 0x99, 0xb3, 0xd8, 0xf0, 0x83, 0x90, 0x2c,
+	0xb8, 0x1b, 0x1b, 0x24, 0x24, 0x7e, 0x8d, 0x44, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0, 0x67,
+	0x61, 0xe4, 0x46, 0x14, 0xf8, 0xab, 0x81, 0xeb, 0x0b, 0x11, 0x44, 0x77, 0x1c, 0xc7, 0x6e, 0xed,
+	0x4e, 0x8d, 0xd0, 0x11, 0x95, 0xed, 0x38, 0x81, 0x85, 0xe6, 0x61, 0xe2, 0xc6, 0xab, 0xab, 0x4e,
+	0x6c, 0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x7a, 0x31, 0x05, 0xc4, 0xdd, 0xf8, 0xf6,
+	0xdf, 0x2b, 0xc0, 0xa9, 0xd4, 0x8b, 0x04, 0x9e, 0x17, 0xb4, 0x63, 0xba, 0x27, 0x42, 0x9f, 0xb7,
+	0xe0, 0x58, 0x33, 0xe9, 0xb0, 0x88, 0x84, 0xbb, 0xfb, 0xc7, 0x72, 0xd3, 0x11, 0x29, 0x8f, 0xc8,
+	0xdc, 0xa4, 0x18, 0xa1, 0x63, 0x29, 0x40, 0x84, 0xbb, 0xfa, 0x82, 0x5e, 0x86, 0x4a, 0xd3, 0xd9,
+	0xb9, 0xda, 0xaa, 0x3b, 0xb1, 0xdc, 0x8e, 0xf6, 0xf6, 0x22, 0xb4, 0x63, 0xd7, 0x9b, 0xe6, 0x51,
+	0x2d, 0xd3, 0x8b, 0x7e, 0xbc, 0x12, 0x56, 0xe3, 0xd0, 0xf5, 0x1b, 0xdc, 0xc9, 0xb9, 0x2c, 0xc9,
+	0x60, 0x4d, 0xd1, 0xfe, 0x9c, 0x95, 0x56, 0x52, 0x6a, 0x74, 0x42, 0x27, 0x26, 0x8d, 0x0e, 0x7a,
+	0x1f, 0x94, 0xe8, 0xbe, 0x51, 0x8e, 0xca, 0xf5, 0x3c, 0x35, 0xa7, 0xf1, 0x25, 0xb4, 0x12, 0xa5,
+	0xff, 0x22, 0xcc, 0x99, 0xda, 0x9f, 0xaf, 0xa4, 0x8d, 0x05, 0x76, 0x36, 0x7f, 0x16, 0xa0, 0x11,
+	0xac, 0x91, 0x66, 0xcb, 0xa3, 0xc3, 0x62, 0xb1, 0x03, 0x1e, 0xe5, 0x2a, 0xb9, 0xa0, 0x20, 0xd8,
+	0xc0, 0x42, 0x3f, 0x67, 0x01, 0x34, 0xe4, 0x9c, 0x97, 0x86, 0xc0, 0xd5, 0x3c, 0x5f, 0x47, 0xaf,
+	0x28, 0xdd, 0x17, 0xc5, 0x10, 0x1b, 0xcc, 0xd1, 0x4f, 0x5b, 0x50, 0x8e, 0x65, 0xf7, 0xb9, 0x6a,
+	0x5c, 0xcb, 0xb3, 0x27, 0xf2, 0xa5, 0xb5, 0x4d, 0xa4, 0x86, 0x44, 0xf1, 0x45, 0x3f, 0x63, 0x01,
+	0x44, 0x1d, 0xbf, 0xb6, 0x1a, 0x78, 0x6e, 0xad, 0x23, 0x34, 0xe6, 0xb5, 0x5c, 0xdd, 0x39, 0x8a,
+	0xfa, 0xdc, 0x18, 0x1d, 0x0d, 0xfd, 0x1f, 0x1b, 0x9c, 0xd1, 0xfb, 0xa1, 0x1c, 0x89, 0xe9, 0x26,
+	0x74, 0xe4, 0x5a, 0xbe, 0x4e, 0x25, 0x4e, 0x5b, 0x88, 0x57, 0xf1, 0x0f, 0x2b, 0x9e, 0xe8, 0x33,
+	0x16, 0x8c, 0xb7, 0x92, 0x6e, 0x42, 0xa1, 0x0e, 0xf3, 0x93, 0x01, 0x29, 0x37, 0x24, 0xf7, 0xb6,
+	0xa4, 0x1a, 0x71, 0xba, 0x17, 0x54, 0x02, 0xea, 0x19, 0xbc, 0xd2, 0xe2, 0x2e, 0xcb, 0x21, 0x2d,
+	0x01, 0x2f, 0xa4, 0x81, 0xb8, 0x1b, 0x1f, 0xad, 0xc2, 0x09, 0xda, 0xbb, 0x0e, 0x37, 0x3f, 0xa5,
+	0x7a, 0x89, 0x98, 0x32, 0x2c, 0xcf, 0x3d, 0x2c, 0x66, 0x08, 0x3b, 0xeb, 0x48, 0xe3, 0xe0, 0xcc,
+	0x27, 0xd1, 0x1f, 0x58, 0xf0, 0xb0, 0xcb, 0xd4, 0x80, 0xe9, 0xb0, 0xd7, 0x1a, 0x41, 0x1c, 0xb4,
+	0x93, 0x5c, 0x65, 0x45, 0x2f, 0xf5, 0x33, 0xf7, 0x56, 0xf1, 0x06, 0x0f, 0x2f, 0xee, 0xd1, 0x25,
+	0xbc, 0x67, 0x87, 0xd1, 0x0f, 0xc0, 0xa8, 0x5c, 0x17, 0xab, 0x54, 0x04, 0x33, 0x45, 0x5b, 0x99,
+	0x9b, 0xb8, 0xb5, 0x3b, 0x35, 0xba, 0x66, 0x02, 0x70, 0x12, 0xcf, 0xfe, 0xd7, 0xc5, 0xc4, 0x29,
+	0x91, 0xf2, 0x61, 0x32, 0x71, 0x53, 0x93, 0xfe, 0x1f, 0x29, 0x3d, 0x73, 0x15, 0x37, 0xca, 0xbb,
+	0xa4, 0xc5, 0x8d, 0x6a, 0x8a, 0xb0, 0xc1, 0x9c, 0x1a, 0xa5, 0x13, 0x4e, 0xda, 0x53, 0x2a, 0x24,
+	0xe0, 0xcb, 0x79, 0x76, 0xa9, 0xfb, 0x4c, 0xef, 0x94, 0xe8, 0xda, 0x44, 0x17, 0x08, 0x77, 0x77,
+	0x09, 0xfd, 0x24, 0x54, 0x42, 0x15, 0xd9, 0x52, 0xcc, 0x63, 0xab, 0x26, 0xa7, 0x8d, 0xe8, 0x8e,
+	0x3a, 0x00, 0xd2, 0x31, 0x2c, 0x9a, 0xa3, 0xfd, 0xfb, 0xc9, 0x83, 0x31, 0x43, 0x76, 0xf4, 0x71,
+	0xe8, 0xf7, 0x49, 0x0b, 0x86, 0xc3, 0xc0, 0xf3, 0x5c, 0xbf, 0x41, 0xe5, 0x9c, 0x50, 0xd6, 0xef,
+	0x3e, 0x12, 0x7d, 0x29, 0x04, 0x1a, 0xb3, 0xac, 0xb1, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0xdf, 0xb4,
+	0x60, 0xb2, 0x97, 0x3c, 0x46, 0x04, 0x1e, 0x92, 0xc2, 0x46, 0x0d, 0xc5, 0x8a, 0xbf, 0x40, 0x3c,
+	0xa2, 0xdc, 0xe6, 0xe5, 0xb9, 0xc7, 0xc4, 0x6b, 0x3e, 0xb4, 0xda, 0x1b, 0x15, 0xef, 0x45, 0x07,
+	0xbd, 0x04, 0xc7, 0x8c, 0xf7, 0x8a, 0xd4, 0xc0, 0x54, 0xe6, 0xa6, 0xa9, 0x01, 0x34, 0x9b, 0x82,
+	0xdd, 0xde, 0x9d, 0x7a, 0x20, 0xdd, 0x26, 0x14, 0x46, 0x17, 0x1d, 0xfb, 0x97, 0x0b, 0xe9, 0xaf,
+	0xa5, 0x74, 0xfd, 0x1b, 0x56, 0x97, 0x37, 0xe1, 0xc7, 0x8e, 0x42, 0xbf, 0x32, 0xbf, 0x83, 0x0a,
+	0xc3, 0xe8, 0x8d, 0x73, 0x0f, 0x8f, 0xed, 0xed, 0x7f, 0x33, 0x00, 0x7b, 0xf4, 0xac, 0x0f, 0xe3,
+	0xfd, 0xc0, 0xe7, 0xa8, 0x1f, 0xb7, 0xd4, 0x81, 0x19, 0x5f, 0xc3, 0xf5, 0xa3, 0x1a, 0x7b, 0xbe,
+	0x7f, 0x8a, 0x78, 0xe8, 0x88, 0xf2, 0xa2, 0x27, 0x8f, 0xe6, 0xd0, 0x17, 0xac, 0xe4, 0x91, 0x1f,
+	0x0f, 0x6a, 0x74, 0x8f, 0xac, 0x4f, 0xc6, 0x39, 0x22, 0xef, 0x98, 0x3e, 0x7d, 0xea, 0x75, 0xc2,
+	0x38, 0x0d, 0xb0, 0xe1, 0xfa, 0x8e, 0xe7, 0xbe, 0x46, 0x77, 0x47, 0x25, 0xa6, 0xe0, 0x99, 0xc5,
+	0x74, 0x5e, 0xb5, 0x62, 0x03, 0xe3, 0xf4, 0xdf, 0x84, 0x61, 0xe3, 0xcd, 0x33, 0x22, 0x5e, 0x4e,
+	0x98, 0x11, 0x2f, 0x15, 0x23, 0x50, 0xe5, 0xf4, 0x3b, 0xe1, 0x58, 0xba, 0x83, 0x07, 0x79, 0xde,
+	0xfe, 0xdf, 0x43, 0xe9, 0x33, 0xb8, 0x35, 0x12, 0x36, 0x69, 0xd7, 0xde, 0x74, 0x6c, 0xbd, 0xe9,
+	0xd8, 0x7a, 0xd3, 0xb1, 0x65, 0x9e, 0x4d, 0x08, 0xa7, 0xcd, 0xd0, 0x5d, 0x72, 0xda, 0x24, 0xdc,
+	0x50, 0xe5, 0xdc, 0xdd, 0x50, 0xf6, 0x47, 0xba, 0x3c, 0xf7, 0x6b, 0x21, 0x21, 0x28, 0x80, 0x92,
+	0x1f, 0xd4, 0x89, 0xb4, 0x71, 0x2f, 0xe5, 0x63, 0xb0, 0x5d, 0x09, 0xea, 0x46, 0xb8, 0x38, 0xfd,
+	0x17, 0x61, 0xce, 0xc7, 0xfe, 0xf0, 0x20, 0x24, 0xcc, 0x49, 0xfe, 0xdd, 0xbf, 0x0f, 0x86, 0x42,
+	0xd2, 0x0a, 0xae, 0xe2, 0x25, 0xa1, 0xcb, 0x74, 0xb6, 0x0d, 0x6f, 0xc6, 0x12, 0x4e, 0x75, 0x5e,
+	0xcb, 0x89, 0x37, 0x85, 0x32, 0x53, 0x3a, 0x6f, 0xd5, 0x89, 0x37, 0x31, 0x83, 0xa0, 0x77, 0xc2,
+	0x58, 0x9c, 0x38, 0x0a, 0x17, 0x47, 0xbe, 0x0f, 0x08, 0xdc, 0xb1, 0xe4, 0x41, 0x39, 0x4e, 0x61,
+	0xa3, 0x57, 0x61, 0x60, 0x93, 0x78, 0x4d, 0xf1, 0xe9, 0xab, 0xf9, 0xe9, 0x1a, 0xf6, 0xae, 0x17,
+	0x89, 0xd7, 0xe4, 0x92, 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0xf7, 0x95, 0xad, 0x76, 0x14, 0x07,
+	0x4d, 0xf7, 0x35, 0xe9, 0xe9, 0xfc, 0xb1, 0x9c, 0x19, 0x5f, 0x96, 0xf4, 0xb9, 0x4b, 0x49, 0xfd,
+	0xc5, 0x9a, 0x33, 0xeb, 0x47, 0xdd, 0x0d, 0xd9, 0x94, 0xe9, 0x08, 0x87, 0x65, 0xde, 0xfd, 0x58,
+	0x90, 0xf4, 0x79, 0x3f, 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x8e, 0x5a, 0x7f, 0xc3, 0xac, 0x0f, 0x57,
+	0x73, 0xee, 0x03, 0x5f, 0x7b, 0x99, 0xeb, 0xf0, 0x31, 0x28, 0xd5, 0x36, 0x9d, 0x30, 0x9e, 0x1c,
+	0x61, 0x93, 0x46, 0xcd, 0xe2, 0x79, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x02, 0xc5, 0x90, 0x6c, 0xb0,
+	0xe8, 0x64, 0x23, 0x2e, 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d, 0x36, 0xd6, 0x33, 0x60, 0xee,
+	0x17, 0x0b, 0x49, 0xc3, 0x2e, 0x39, 0x32, 0x7c, 0x3d, 0xd4, 0xda, 0x61, 0x24, 0x1d, 0x64, 0xc6,
+	0x7a, 0x60, 0xcd, 0x58, 0xc2, 0xd1, 0x07, 0x2d, 0x18, 0xba, 0x11, 0x05, 0xbe, 0x4f, 0x62, 0xa1,
+	0x44, 0xaf, 0xe5, 0x3c, 0x58, 0x97, 0x38, 0x75, 0xdd, 0x07, 0xd1, 0x80, 0x25, 0x5f, 0xda, 0x5d,
+	0xb2, 0x53, 0xf3, 0xda, 0xf5, 0xae, 0x60, 0x98, 0x73, 0xbc, 0x19, 0x4b, 0x38, 0x45, 0x75, 0x7d,
+	0x8e, 0x3a, 0x90, 0x44, 0x5d, 0xf4, 0x05, 0xaa, 0x80, 0xdb, 0xbf, 0x5a, 0x86, 0x93, 0x99, 0xcb,
+	0x87, 0x9a, 0x5c, 0xcc, 0xa8, 0x39, 0xef, 0x7a, 0x44, 0x86, 0x81, 0x31, 0x93, 0xeb, 0x9a, 0x6a,
+	0xc5, 0x06, 0x06, 0xfa, 0x29, 0x80, 0x96, 0x13, 0x3a, 0x4d, 0xa2, 0x1c, 0xd8, 0x87, 0xb6, 0x6c,
+	0x68, 0x3f, 0x56, 0x25, 0x4d, 0xbd, 0x89, 0x57, 0x4d, 0x11, 0x36, 0x58, 0xa2, 0xe7, 0x60, 0x38,
+	0x24, 0x1e, 0x71, 0x22, 0x16, 0xfe, 0x9e, 0xce, 0xe5, 0xc1, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0xb8,
+	0x8a, 0x98, 0x4b, 0x45, 0x0e, 0x25, 0xa3, 0xe6, 0xd0, 0xa7, 0x2c, 0x18, 0xdb, 0x70, 0x3d, 0xa2,
+	0xb9, 0x8b, 0xcc, 0x9b, 0x95, 0xc3, 0xbf, 0xe4, 0x79, 0x93, 0xae, 0x96, 0xa1, 0x89, 0xe6, 0x08,
+	0xa7, 0xd8, 0xd3, 0xcf, 0xbc, 0x4d, 0x42, 0x26, 0x7c, 0x07, 0x93, 0x9f, 0xf9, 0x1a, 0x6f, 0xc6,
+	0x12, 0x8e, 0x66, 0x61, 0xbc, 0xe5, 0x44, 0xd1, 0x7c, 0x48, 0xea, 0xc4, 0x8f, 0x5d, 0xc7, 0xe3,
+	0x79, 0x31, 0x65, 0x1d, 0x4e, 0xbe, 0x9a, 0x04, 0xe3, 0x34, 0x3e, 0x7a, 0x17, 0x3c, 0xc8, 0x3d,
+	0x44, 0xcb, 0x6e, 0x14, 0xb9, 0x7e, 0x43, 0x4f, 0x03, 0xe1, 0x28, 0x9b, 0x12, 0xa4, 0x1e, 0x5c,
+	0xcc, 0x46, 0xc3, 0xbd, 0x9e, 0x47, 0x4f, 0x42, 0x39, 0xda, 0x72, 0x5b, 0xf3, 0x61, 0x3d, 0x62,
+	0xa7, 0x43, 0x65, 0xed, 0x96, 0xad, 0x8a, 0x76, 0xac, 0x30, 0x50, 0x0d, 0x46, 0xf8, 0x27, 0xe1,
+	0x21, 0x7f, 0x42, 0x82, 0x3e, 0xd5, 0x53, 0x91, 0x8b, 0x14, 0xd8, 0x69, 0xec, 0xdc, 0x3c, 0x27,
+	0xcf, 0xaa, 0xf8, 0xd1, 0xca, 0x35, 0x83, 0x0c, 0x4e, 0x10, 0x4d, 0xee, 0xe9, 0x86, 0xfb, 0xd8,
+	0xd3, 0x3d, 0x07, 0xc3, 0x5b, 0xed, 0x75, 0x22, 0x46, 0x5e, 0x08, 0x36, 0x35, 0xfb, 0x2e, 0x6b,
+	0x10, 0x36, 0xf1, 0x58, 0xb4, 0x65, 0xcb, 0x15, 0xff, 0xa2, 0xc9, 0x51, 0x23, 0xda, 0x72, 0x75,
+	0x51, 0x36, 0x63, 0x13, 0x87, 0x76, 0x8d, 0x8e, 0xc5, 0x1a, 0x89, 0x58, 0x32, 0x05, 0x1d, 0x2e,
+	0xd5, 0xb5, 0xaa, 0x04, 0x60, 0x8d, 0x83, 0x56, 0xe1, 0x04, 0xfd, 0x53, 0x65, 0x29, 0xc0, 0xd7,
+	0x1c, 0xcf, 0xad, 0xf3, 0xd0, 0xbf, 0xf1, 0xa4, 0x7f, 0xb3, 0x9a, 0x81, 0x83, 0x33, 0x9f, 0xb4,
+	0x3f, 0x5b, 0x48, 0x7a, 0x4e, 0x4c, 0x11, 0x86, 0x22, 0x2a, 0xa8, 0xe2, 0x6b, 0x4e, 0x28, 0x0d,
+	0x9e, 0x43, 0x26, 0x37, 0x09, 0xba, 0xd7, 0x9c, 0xd0, 0x14, 0x79, 0x8c, 0x01, 0x96, 0x9c, 0xd0,
+	0x0d, 0x18, 0x88, 0x3d, 0x27, 0xa7, 0x6c, 0x48, 0x83, 0xa3, 0x76, 0x64, 0x2d, 0xcd, 0x46, 0x98,
+	0xf1, 0x40, 0x0f, 0xd3, 0xdd, 0xdb, 0xba, 0x3c, 0x69, 0x13, 0x1b, 0xae, 0xf5, 0x08, 0xb3, 0x56,
+	0xfb, 0x6f, 0x8f, 0x66, 0x68, 0x1d, 0x65, 0x08, 0xa0, 0xb3, 0x00, 0x74, 0xd2, 0xac, 0x86, 0x64,
+	0xc3, 0xdd, 0x11, 0x86, 0x98, 0x92, 0x6c, 0x57, 0x14, 0x04, 0x1b, 0x58, 0xf2, 0x99, 0x6a, 0x7b,
+	0x83, 0x3e, 0x53, 0xe8, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x85, 0x41, 0xb7, 0xe9, 0x34,
+	0x54, 0x20, 0xf0, 0xc3, 0x54, 0xa4, 0x2d, 0xb2, 0x96, 0xdb, 0xbb, 0x53, 0x63, 0xaa, 0x43, 0xac,
+	0x09, 0x0b, 0x5c, 0xf4, 0xcb, 0x16, 0x8c, 0xd4, 0x82, 0x66, 0x33, 0xf0, 0xf9, 0xf6, 0x59, 0xf8,
+	0x02, 0x6e, 0x1c, 0x95, 0x99, 0x34, 0x3d, 0x6f, 0x30, 0xe3, 0xce, 0x00, 0x95, 0xb6, 0x69, 0x82,
+	0x70, 0xa2, 0x57, 0xa6, 0xe4, 0x2b, 0xed, 0x23, 0xf9, 0x7e, 0xcd, 0x82, 0x09, 0xfe, 0xac, 0xb1,
+	0xab, 0x17, 0x19, 0x8a, 0xc1, 0x11, 0xbf, 0x56, 0x97, 0xa3, 0x43, 0x39, 0x7b, 0xbb, 0xe0, 0xb8,
+	0xbb, 0x93, 0xe8, 0x02, 0x4c, 0x6c, 0x04, 0x61, 0x8d, 0x98, 0x03, 0x21, 0xc4, 0xb6, 0x22, 0x74,
+	0x3e, 0x8d, 0x80, 0xbb, 0x9f, 0x41, 0xd7, 0xe0, 0x01, 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0xb9, 0x1f,
+	0x15, 0xd4, 0x1e, 0x38, 0x9f, 0x89, 0x85, 0x7b, 0x3c, 0x9d, 0x14, 0x92, 0x95, 0x3e, 0x84, 0xe4,
+	0x2b, 0x70, 0xaa, 0xd6, 0x3d, 0x32, 0xdb, 0x51, 0x7b, 0x3d, 0xe2, 0x72, 0xbc, 0x3c, 0xf7, 0x3d,
+	0x82, 0xc0, 0xa9, 0xf9, 0x5e, 0x88, 0xb8, 0x37, 0x0d, 0xf4, 0x3e, 0x28, 0x87, 0x84, 0x7d, 0x95,
+	0x48, 0xa4, 0xeb, 0x1d, 0xd2, 0xdb, 0xa1, 0x2d, 0x78, 0x4e, 0x56, 0x6b, 0x26, 0xd1, 0x10, 0x61,
+	0xc5, 0x11, 0xdd, 0x84, 0xa1, 0x96, 0x13, 0xd7, 0x36, 0x45, 0x92, 0xde, 0xa1, 0x7d, 0xf3, 0x8a,
+	0x39, 0x3b, 0x4a, 0x31, 0x4a, 0x1e, 0x70, 0x26, 0x58, 0x72, 0xa3, 0xb6, 0x5a, 0x2d, 0x68, 0xb6,
+	0x02, 0x9f, 0xf8, 0xb1, 0x54, 0x22, 0x63, 0xfc, 0xbc, 0x43, 0xb6, 0x62, 0x03, 0xa3, 0x4b, 0x97,
+	0x6b, 0xb4, 0xc9, 0x89, 0x3d, 0x74, 0xb9, 0x41, 0xad, 0xd7, 0xf3, 0x54, 0xd9, 0x30, 0xb7, 0xe2,
+	0x75, 0x37, 0xde, 0x0c, 0xda, 0xb1, 0xdc, 0x25, 0x0b, 0x45, 0xa5, 0x94, 0xcd, 0x52, 0x06, 0x0e,
+	0xce, 0x7c, 0x32, 0xad, 0x59, 0xc7, 0xef, 0x4c, 0xb3, 0x1e, 0xeb, 0x43, 0xb3, 0x56, 0xe1, 0x24,
+	0xeb, 0x81, 0xb0, 0x92, 0xa5, 0xd3, 0x32, 0x9a, 0x44, 0xac, 0xf3, 0x2a, 0xbf, 0x65, 0x29, 0x0b,
+	0x09, 0x67, 0x3f, 0x7b, 0xfa, 0x47, 0x60, 0xa2, 0x4b, 0xc8, 0x1d, 0xc8, 0x21, 0xb9, 0x00, 0x0f,
+	0x64, 0x8b, 0x93, 0x03, 0xb9, 0x25, 0x7f, 0x35, 0x15, 0x97, 0x6e, 0x6c, 0xd1, 0xfa, 0x70, 0x71,
+	0x3b, 0x50, 0x24, 0xfe, 0xb6, 0xd0, 0xae, 0xe7, 0x0f, 0x37, 0xab, 0xcf, 0xf9, 0xdb, 0x5c, 0x1a,
+	0x32, 0x3f, 0xde, 0x39, 0x7f, 0x1b, 0x53, 0xda, 0xe8, 0x17, 0xac, 0xc4, 0x06, 0x82, 0x3b, 0xc6,
+	0xdf, 0x73, 0x24, 0x7b, 0xd2, 0xbe, 0xf7, 0x14, 0xf6, 0xbf, 0x2d, 0xc0, 0x99, 0xfd, 0x88, 0xf4,
+	0x31, 0x7c, 0x8f, 0xc1, 0x60, 0xc4, 0x22, 0x4d, 0x84, 0xba, 0x1a, 0xa6, 0xab, 0x98, 0xc7, 0x9e,
+	0xbc, 0x82, 0x05, 0x08, 0x79, 0x50, 0x6c, 0x3a, 0x2d, 0xe1, 0x2f, 0x5d, 0x3c, 0x6c, 0xfe, 0x1e,
+	0xfd, 0xef, 0x78, 0xcb, 0x4e, 0x8b, 0xcf, 0x79, 0xa3, 0x01, 0x53, 0x36, 0x28, 0x86, 0x92, 0x13,
+	0x86, 0x8e, 0x0c, 0x6b, 0xb8, 0x9c, 0x0f, 0xbf, 0x59, 0x4a, 0x92, 0x9f, 0x0a, 0x27, 0x9a, 0x30,
+	0x67, 0x66, 0x7f, 0xa6, 0x9c, 0x48, 0xf6, 0x62, 0xb1, 0x2a, 0x11, 0x0c, 0x0a, 0x37, 0xa9, 0x95,
+	0x77, 0xda, 0x24, 0xcf, 0xa6, 0x66, 0x1e, 0x08, 0x51, 0x93, 0x42, 0xb0, 0x42, 0x1f, 0xb3, 0x58,
+	0xe5, 0x07, 0x99, 0x41, 0x27, 0x76, 0xf5, 0x47, 0x53, 0x88, 0xc2, 0xac, 0x27, 0x21, 0x1b, 0xb1,
+	0xc9, 0x5d, 0x54, 0xb7, 0x61, 0xbb, 0x99, 0xee, 0xea, 0x36, 0x6c, 0x77, 0x22, 0xe1, 0x68, 0x27,
+	0x23, 0x26, 0x25, 0x87, 0xea, 0x01, 0x7d, 0x44, 0xa1, 0x7c, 0xc1, 0x82, 0x09, 0x37, 0x1d, 0x5c,
+	0x20, 0xf6, 0xc0, 0xd7, 0xf3, 0xf1, 0x69, 0x76, 0xc7, 0x2e, 0x28, 0x43, 0xa7, 0x0b, 0x84, 0xbb,
+	0x3b, 0x83, 0xea, 0x30, 0xe0, 0xfa, 0x1b, 0x81, 0x30, 0xef, 0xe6, 0x0e, 0xd7, 0xa9, 0x45, 0x7f,
+	0x23, 0xd0, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x82, 0x13, 0x32, 0xdf, 0xe7, 0xa2, 0x1b,
+	0xc5, 0x41, 0xd8, 0x59, 0x72, 0x9b, 0x6e, 0xcc, 0x4c, 0xb3, 0xe2, 0xdc, 0x24, 0x55, 0x6f, 0x38,
+	0x03, 0x8e, 0x33, 0x9f, 0x42, 0xaf, 0xc1, 0x90, 0x3c, 0xd0, 0x2f, 0xe7, 0xe1, 0x4f, 0xe8, 0x9e,
+	0xff, 0x6a, 0x32, 0x55, 0xc5, 0x89, 0xbe, 0x64, 0x88, 0x3e, 0x6a, 0xc1, 0x18, 0xff, 0x7d, 0xb1,
+	0x53, 0xe7, 0x29, 0x86, 0x95, 0x3c, 0xa2, 0xf6, 0xab, 0x09, 0x9a, 0x73, 0xe8, 0xd6, 0xee, 0xd4,
+	0x58, 0xb2, 0x0d, 0xa7, 0xf8, 0xda, 0xff, 0x64, 0x04, 0xba, 0x43, 0x20, 0x92, 0xf1, 0x0e, 0xd6,
+	0xdd, 0x8e, 0x77, 0xa0, 0xbb, 0xca, 0x48, 0x87, 0x2a, 0xe4, 0xb0, 0xcc, 0x04, 0x57, 0x7d, 0x0c,
+	0xdd, 0xf1, 0x6b, 0x98, 0xf1, 0x40, 0x6d, 0x18, 0xe4, 0xc5, 0xa5, 0x84, 0x06, 0x38, 0xfc, 0xc9,
+	0xb7, 0x59, 0xa4, 0x4a, 0xbb, 0xb5, 0x78, 0x2b, 0x16, 0xcc, 0xd0, 0x0e, 0x0c, 0x6d, 0xf2, 0xe9,
+	0x28, 0xf6, 0x7a, 0xcb, 0x87, 0x1d, 0xdf, 0xc4, 0x1c, 0xd7, 0x93, 0x4f, 0x34, 0x60, 0xc9, 0x8e,
+	0x85, 0xd7, 0x19, 0x01, 0x40, 0x5c, 0x90, 0xe4, 0x97, 0x2d, 0xd9, 0x7f, 0xf4, 0xcf, 0x7b, 0x61,
+	0x24, 0x24, 0xb5, 0xc0, 0xaf, 0xb9, 0x1e, 0xa9, 0xcf, 0xca, 0x03, 0xb1, 0x83, 0x24, 0xc9, 0x31,
+	0x6f, 0x12, 0x36, 0x68, 0xe0, 0x04, 0x45, 0xb6, 0xce, 0x54, 0xe2, 0x3c, 0xfd, 0x20, 0x44, 0x1c,
+	0x7c, 0x2c, 0xe5, 0x94, 0xa6, 0xcf, 0x68, 0xf2, 0x75, 0x96, 0x6c, 0xc3, 0x29, 0xbe, 0xe8, 0x25,
+	0x80, 0x60, 0x9d, 0xc7, 0xd0, 0xcd, 0xc6, 0xe2, 0x14, 0xe4, 0x20, 0xaf, 0x3a, 0xc6, 0x93, 0x6d,
+	0x25, 0x05, 0x6c, 0x50, 0x43, 0x97, 0x01, 0xf8, 0xca, 0x59, 0xeb, 0xb4, 0xe4, 0x86, 0x50, 0x66,
+	0x39, 0x42, 0x55, 0x41, 0x6e, 0xef, 0x4e, 0x75, 0xfb, 0x9c, 0x59, 0xa0, 0x90, 0xf1, 0x38, 0xfa,
+	0x09, 0x18, 0x8a, 0xda, 0xcd, 0xa6, 0xa3, 0xce, 0x48, 0x72, 0x4c, 0xdf, 0xe5, 0x74, 0x0d, 0xc1,
+	0xc8, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x50, 0x11, 0x2f, 0x24, 0x14, 0x5f, 0x45, 0xdc, 0x42, 0xe1,
+	0x9e, 0xc0, 0x77, 0xc8, 0x5d, 0x0c, 0xce, 0xc0, 0xb9, 0xbd, 0x3b, 0xf5, 0x40, 0xb2, 0x7d, 0x29,
+	0x10, 0x09, 0xb5, 0x99, 0x34, 0xd1, 0x25, 0x59, 0x47, 0x8b, 0xbe, 0xb6, 0x2c, 0xef, 0xf2, 0x84,
+	0xae, 0xa3, 0xc5, 0x9a, 0x7b, 0x8f, 0x99, 0xf9, 0x30, 0x5a, 0x86, 0xe3, 0xb5, 0xc0, 0x8f, 0xc3,
+	0xc0, 0xf3, 0x78, 0x8d, 0x3d, 0xbe, 0x37, 0xe7, 0x67, 0x28, 0x0f, 0x89, 0x6e, 0x1f, 0x9f, 0xef,
+	0x46, 0xc1, 0x59, 0xcf, 0x51, 0x9b, 0x3c, 0xad, 0x1f, 0xc6, 0x72, 0x39, 0x5e, 0x4f, 0xd0, 0x14,
+	0x12, 0x4a, 0xb9, 0xbd, 0xf7, 0xd1, 0x14, 0x7e, 0xf2, 0x90, 0x55, 0x7c, 0xb1, 0x67, 0x61, 0x84,
+	0xec, 0xc4, 0x24, 0xf4, 0x1d, 0xef, 0x2a, 0x5e, 0x92, 0x07, 0x16, 0x6c, 0x61, 0x9e, 0x33, 0xda,
+	0x71, 0x02, 0x0b, 0xd9, 0xca, 0x4b, 0x66, 0x64, 0xae, 0x73, 0x2f, 0x99, 0xf4, 0x89, 0xd9, 0x5f,
+	0x2a, 0x26, 0x6c, 0xd6, 0x7b, 0x72, 0xa4, 0xcb, 0x4a, 0x24, 0xc9, 0x5a, 0x52, 0x0c, 0x20, 0xf6,
+	0x62, 0x79, 0x72, 0x56, 0x25, 0x92, 0x56, 0x4c, 0x46, 0x38, 0xc9, 0x17, 0x6d, 0x41, 0x69, 0x33,
+	0x88, 0x62, 0xb9, 0x43, 0x3b, 0xe4, 0x66, 0xf0, 0x62, 0x10, 0xc5, 0xcc, 0xd0, 0x52, 0xaf, 0x4d,
+	0x5b, 0x22, 0xcc, 0x79, 0xd0, 0xbd, 0x7f, 0xb4, 0xe9, 0x84, 0xf5, 0x68, 0x9e, 0xd5, 0x99, 0x18,
+	0x60, 0x16, 0x96, 0xb2, 0xa7, 0xab, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcf, 0xac, 0xc4, 0xa9, 0xd6,
+	0x75, 0x96, 0x34, 0xb0, 0x4d, 0x7c, 0x2a, 0xa2, 0xcc, 0x30, 0xc5, 0x1f, 0x48, 0xa5, 0x60, 0xbf,
+	0xad, 0x57, 0x39, 0xcc, 0x9b, 0x94, 0xc2, 0x34, 0x23, 0x61, 0x44, 0x34, 0x7e, 0xc0, 0x4a, 0xe6,
+	0xd2, 0x17, 0xf2, 0xd8, 0xba, 0x99, 0xf5, 0x24, 0xf6, 0x4d, 0xcb, 0xb7, 0x7f, 0xc1, 0x82, 0xa1,
+	0x39, 0xa7, 0xb6, 0x15, 0x6c, 0x6c, 0xa0, 0x27, 0xa1, 0x5c, 0x6f, 0x87, 0x66, 0x5a, 0xbf, 0x72,
+	0x56, 0x2d, 0x88, 0x76, 0xac, 0x30, 0xe8, 0xd4, 0xdf, 0x70, 0x6a, 0xb2, 0xaa, 0x44, 0x91, 0x4f,
+	0xfd, 0xf3, 0xac, 0x05, 0x0b, 0x08, 0x1d, 0xfe, 0xa6, 0xb3, 0x23, 0x1f, 0x4e, 0x1f, 0xa9, 0x2d,
+	0x6b, 0x10, 0x36, 0xf1, 0xec, 0xdf, 0xb5, 0x60, 0x72, 0xce, 0x89, 0xdc, 0xda, 0x6c, 0x3b, 0xde,
+	0x9c, 0x73, 0xe3, 0xf5, 0x76, 0x6d, 0x8b, 0xc4, 0xbc, 0xfa, 0x08, 0xed, 0x65, 0x3b, 0xa2, 0x2b,
+	0x50, 0xed, 0x98, 0x55, 0x2f, 0xaf, 0x8a, 0x76, 0xac, 0x30, 0xd0, 0x6b, 0x30, 0xdc, 0x72, 0xa2,
+	0xe8, 0x66, 0x10, 0xd6, 0x31, 0xd9, 0xc8, 0xa7, 0x3e, 0x51, 0x95, 0xd4, 0x42, 0x12, 0x63, 0xb2,
+	0x21, 0x02, 0x54, 0x34, 0x7d, 0x6c, 0x32, 0xb3, 0x7f, 0xce, 0x82, 0x13, 0x73, 0xc4, 0x09, 0x49,
+	0xc8, 0xca, 0x19, 0xa9, 0x17, 0x41, 0xaf, 0x42, 0x39, 0xa6, 0x2d, 0xb4, 0x47, 0x56, 0xbe, 0x3d,
+	0x62, 0xa1, 0x25, 0x6b, 0x82, 0x38, 0x56, 0x6c, 0xec, 0x4f, 0x5a, 0x70, 0x2a, 0xab, 0x2f, 0xf3,
+	0x5e, 0xd0, 0xae, 0xdf, 0x8b, 0x0e, 0xfd, 0x5d, 0x0b, 0x46, 0xd8, 0x71, 0xfd, 0x02, 0x89, 0x1d,
+	0xd7, 0xeb, 0x2a, 0xa5, 0x68, 0xf5, 0x59, 0x4a, 0xf1, 0x0c, 0x0c, 0x6c, 0x06, 0x4d, 0x92, 0x0e,
+	0x35, 0xb9, 0x18, 0x34, 0x09, 0x66, 0x10, 0xf4, 0x34, 0x9d, 0x84, 0xae, 0x1f, 0x3b, 0x74, 0x39,
+	0xca, 0xe3, 0x8c, 0x71, 0x3e, 0x01, 0x55, 0x33, 0x36, 0x71, 0xec, 0xdf, 0xaa, 0xc0, 0x90, 0x88,
+	0x8b, 0xea, 0xbb, 0x1a, 0x8e, 0xf4, 0xe2, 0x14, 0x7a, 0x7a, 0x71, 0x22, 0x18, 0xac, 0xb1, 0x7a,
+	0xb7, 0xc2, 0x42, 0xbf, 0x9c, 0x4b, 0x20, 0x1d, 0x2f, 0xa1, 0xab, 0xbb, 0xc5, 0xff, 0x63, 0xc1,
+	0x0a, 0xbd, 0x6e, 0xc1, 0x78, 0x2d, 0xf0, 0x7d, 0x52, 0xd3, 0xb6, 0xe3, 0x40, 0x1e, 0x1b, 0x84,
+	0xf9, 0x24, 0x51, 0x7d, 0x12, 0x9c, 0x02, 0xe0, 0x34, 0x7b, 0xf4, 0x02, 0x8c, 0xf2, 0x31, 0xbb,
+	0x96, 0x38, 0x83, 0xd1, 0x15, 0xf6, 0x4c, 0x20, 0x4e, 0xe2, 0xa2, 0x69, 0x7e, 0x96, 0x25, 0x6a,
+	0xd9, 0x0d, 0x6a, 0x57, 0xb5, 0x51, 0xc5, 0xce, 0xc0, 0x40, 0x21, 0xa0, 0x90, 0x6c, 0x84, 0x24,
+	0xda, 0x14, 0x71, 0x63, 0xcc, 0x6e, 0x1d, 0xba, 0xb3, 0x3a, 0x16, 0xb8, 0x8b, 0x12, 0xce, 0xa0,
+	0x8e, 0xb6, 0x84, 0x1b, 0xa1, 0x9c, 0x87, 0x3c, 0x17, 0x9f, 0xb9, 0xa7, 0x37, 0x61, 0x0a, 0x4a,
+	0x4c, 0x75, 0x31, 0x7b, 0xb9, 0xc8, 0x73, 0x27, 0x99, 0x62, 0xc3, 0xbc, 0x1d, 0x2d, 0xc0, 0xb1,
+	0x54, 0x7d, 0xc0, 0x48, 0x9c, 0x95, 0xa8, 0x3c, 0xb9, 0x54, 0x65, 0xc1, 0x08, 0x77, 0x3d, 0x61,
+	0xba, 0x98, 0x86, 0xf7, 0x71, 0x31, 0x75, 0x54, 0x74, 0x32, 0x3f, 0xc5, 0x78, 0x31, 0x97, 0x01,
+	0xe8, 0x2b, 0x14, 0xf9, 0x13, 0xa9, 0x50, 0xe4, 0x51, 0xd6, 0x81, 0x6b, 0xf9, 0x74, 0xe0, 0xe0,
+	0x71, 0xc7, 0xf7, 0x32, 0x8e, 0xf8, 0x7f, 0x59, 0x20, 0xbf, 0xeb, 0xbc, 0x53, 0xdb, 0x24, 0x74,
+	0xca, 0xa0, 0x77, 0xc2, 0x98, 0xf2, 0x4e, 0x70, 0x93, 0xc8, 0x62, 0xb3, 0x46, 0xd9, 0xce, 0x38,
+	0x01, 0xc5, 0x29, 0x6c, 0x34, 0x03, 0x15, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0xf7, 0x95, 0x07, 0x64,
+	0x76, 0x75, 0x51, 0x3c, 0xa5, 0x71, 0x50, 0x00, 0x13, 0x9e, 0x13, 0xc5, 0xac, 0x07, 0xd5, 0x8e,
+	0x5f, 0xbb, 0xc3, 0x2a, 0x32, 0x2c, 0x19, 0x6b, 0x29, 0x4d, 0x08, 0x77, 0xd3, 0xb6, 0xff, 0x7d,
+	0x09, 0x46, 0x13, 0x92, 0xf1, 0x80, 0x06, 0xc3, 0x93, 0x50, 0x96, 0x3a, 0x3c, 0x5d, 0x2e, 0x4b,
+	0x29, 0x7a, 0x85, 0x41, 0x95, 0xd6, 0xba, 0xd6, 0xaa, 0x69, 0x03, 0xc7, 0x50, 0xb8, 0xd8, 0xc4,
+	0x63, 0x42, 0x39, 0xf6, 0xa2, 0x79, 0xcf, 0x25, 0x7e, 0xcc, 0xbb, 0x99, 0x8f, 0x50, 0x5e, 0x5b,
+	0xaa, 0x9a, 0x44, 0xb5, 0x50, 0x4e, 0x01, 0x70, 0x9a, 0x3d, 0xfa, 0xb0, 0x05, 0xa3, 0xce, 0xcd,
+	0x48, 0x17, 0x65, 0x17, 0x41, 0xc7, 0x87, 0x54, 0x52, 0x89, 0x3a, 0xef, 0xdc, 0xb1, 0x9f, 0x68,
+	0xc2, 0x49, 0xa6, 0xe8, 0x0d, 0x0b, 0x10, 0xd9, 0x21, 0x35, 0x19, 0x16, 0x2d, 0xfa, 0x32, 0x98,
+	0xc7, 0x0e, 0xfe, 0x5c, 0x17, 0x5d, 0x2e, 0xd5, 0xbb, 0xdb, 0x71, 0x46, 0x1f, 0xd0, 0x25, 0x40,
+	0x75, 0x37, 0x72, 0xd6, 0x3d, 0x32, 0x1f, 0x34, 0x65, 0x02, 0xb1, 0x38, 0x4f, 0x3f, 0x2d, 0xc6,
+	0x19, 0x2d, 0x74, 0x61, 0xe0, 0x8c, 0xa7, 0xd8, 0x2c, 0x0b, 0x83, 0x9d, 0xce, 0xd5, 0xd0, 0x63,
+	0x5a, 0xc2, 0x9c, 0x65, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0xcf, 0x8b, 0x6a, 0x29, 0xeb, 0x1c, 0x00,
+	0xc7, 0x88, 0x45, 0xb6, 0xee, 0x3c, 0x16, 0x59, 0x47, 0x4a, 0x75, 0xa7, 0xc5, 0x27, 0xb2, 0x68,
+	0x0b, 0xf7, 0x28, 0x8b, 0xf6, 0xa7, 0xad, 0x44, 0x49, 0xba, 0xe1, 0xb3, 0x2f, 0xe5, 0x9b, 0x7f,
+	0x30, 0xcd, 0xa3, 0xb8, 0x52, 0x7a, 0x25, 0x15, 0xbc, 0xf7, 0x24, 0x94, 0x37, 0x3c, 0x87, 0x15,
+	0x52, 0x61, 0x0b, 0xd5, 0x88, 0x30, 0x3b, 0x2f, 0xda, 0xb1, 0xc2, 0xa0, 0x52, 0xdf, 0x20, 0x7a,
+	0x20, 0xa9, 0xfd, 0x9f, 0x8a, 0x30, 0x6c, 0x68, 0xfc, 0x4c, 0xf3, 0xcd, 0xba, 0xcf, 0xcc, 0xb7,
+	0xc2, 0x01, 0xcc, 0xb7, 0x9f, 0x82, 0x4a, 0x4d, 0x6a, 0xa3, 0x7c, 0x4a, 0xec, 0xa7, 0x75, 0x9c,
+	0x56, 0x48, 0xaa, 0x09, 0x6b, 0x9e, 0xe8, 0x42, 0x22, 0x53, 0x33, 0xe1, 0x17, 0xc8, 0x4a, 0xa5,
+	0x14, 0x1a, 0xad, 0xfb, 0x99, 0x74, 0x7c, 0x40, 0x69, 0xff, 0xf8, 0x00, 0xfb, 0x1b, 0x96, 0xfa,
+	0xb8, 0x77, 0xa1, 0x24, 0xcf, 0x8d, 0x64, 0x49, 0x9e, 0x73, 0xb9, 0x0c, 0x73, 0x8f, 0x5a, 0x3c,
+	0x57, 0x60, 0x68, 0x3e, 0x68, 0x36, 0x1d, 0xbf, 0x8e, 0xbe, 0x17, 0x86, 0x6a, 0xfc, 0xa7, 0xf0,
+	0xa1, 0xb1, 0xc3, 0x6a, 0x01, 0xc5, 0x12, 0x86, 0x1e, 0x86, 0x01, 0x27, 0x6c, 0x48, 0xbf, 0x19,
+	0x0b, 0x82, 0x9b, 0x0d, 0x1b, 0x11, 0x66, 0xad, 0xf6, 0x5f, 0x5a, 0x30, 0x46, 0x1f, 0x71, 0xd9,
+	0x4b, 0xb1, 0xd7, 0x79, 0x1c, 0x06, 0x9d, 0x76, 0xbc, 0x19, 0x74, 0xed, 0xc3, 0x66, 0x59, 0x2b,
+	0x16, 0x50, 0xba, 0x0f, 0x53, 0xb5, 0x1c, 0x8c, 0x7d, 0xd8, 0x02, 0x9d, 0xcb, 0x0c, 0x42, 0x4d,
+	0xd9, 0xa8, 0xbd, 0x9e, 0x75, 0x5a, 0x5a, 0xe5, 0xcd, 0x58, 0xc2, 0x29, 0xb1, 0xf5, 0xa0, 0xde,
+	0x11, 0xa1, 0xbd, 0x8a, 0xd8, 0x5c, 0x50, 0xef, 0x60, 0x06, 0x41, 0x8f, 0x40, 0x31, 0xda, 0x74,
+	0xe4, 0xb9, 0xbc, 0x8c, 0x32, 0xaf, 0x5e, 0x9c, 0xc5, 0xb4, 0x5d, 0x25, 0x4d, 0x84, 0x5e, 0x3a,
+	0xc6, 0x36, 0x99, 0x34, 0x11, 0x7a, 0xf6, 0xbf, 0x1c, 0x00, 0x16, 0x6f, 0xe3, 0x84, 0xa4, 0xbe,
+	0x16, 0xb0, 0x6a, 0xc0, 0x47, 0x7a, 0xac, 0xad, 0x37, 0xb2, 0xf7, 0xf3, 0xd1, 0xb6, 0x71, 0xbc,
+	0x59, 0xbc, 0xdb, 0xc7, 0x9b, 0xd9, 0x27, 0xd6, 0x03, 0xf7, 0xd1, 0x89, 0xb5, 0xfd, 0x71, 0x0b,
+	0x90, 0x8a, 0x9e, 0xd2, 0x21, 0x25, 0x33, 0x50, 0x51, 0xe1, 0x5a, 0x62, 0xbd, 0x68, 0xb1, 0x28,
+	0x01, 0x58, 0xe3, 0xf4, 0xe1, 0xbd, 0x78, 0x4c, 0xea, 0xac, 0x62, 0x32, 0xe7, 0x82, 0x69, 0x3a,
+	0xa1, 0xc2, 0xec, 0xdf, 0x2e, 0xc0, 0x03, 0xdc, 0x5c, 0x5a, 0x76, 0x7c, 0xa7, 0x41, 0x9a, 0xb4,
+	0x57, 0xfd, 0x06, 0x09, 0xd5, 0xe8, 0xb6, 0xd9, 0x95, 0x19, 0x12, 0x87, 0x95, 0x57, 0x5c, 0xce,
+	0x70, 0xc9, 0xb2, 0xe8, 0xbb, 0x31, 0x66, 0xc4, 0x51, 0x04, 0x65, 0x79, 0x1f, 0x91, 0xd0, 0x3f,
+	0x39, 0x31, 0x52, 0xa2, 0x58, 0x58, 0x16, 0x04, 0x2b, 0x46, 0xd4, 0x7c, 0xf0, 0x82, 0xda, 0x16,
+	0x5d, 0xf2, 0x69, 0xf3, 0x61, 0x49, 0xb4, 0x63, 0x85, 0x61, 0x37, 0x61, 0x5c, 0x8e, 0x61, 0xeb,
+	0x32, 0xe9, 0x60, 0xb2, 0x41, 0x75, 0x6e, 0x4d, 0x36, 0x19, 0x57, 0x24, 0x29, 0x9d, 0x3b, 0x6f,
+	0x02, 0x71, 0x12, 0x57, 0x16, 0x08, 0x2e, 0x64, 0x17, 0x08, 0xb6, 0x7f, 0xdb, 0x82, 0xb4, 0xd2,
+	0x37, 0xca, 0xa1, 0x5a, 0x7b, 0x96, 0x43, 0x3d, 0x40, 0x41, 0xd1, 0x1f, 0x87, 0x61, 0x27, 0xa6,
+	0x56, 0x1d, 0xf7, 0xc0, 0x14, 0xef, 0xec, 0xe4, 0x70, 0x39, 0xa8, 0xbb, 0x1b, 0x2e, 0xf3, 0xbc,
+	0x98, 0xe4, 0xec, 0x37, 0x2c, 0xa8, 0x2c, 0x84, 0x9d, 0x83, 0xa7, 0xaa, 0x75, 0x27, 0xa2, 0x15,
+	0x0e, 0x94, 0x88, 0x26, 0x53, 0xdd, 0x8a, 0xbd, 0x52, 0xdd, 0xec, 0xbf, 0x1a, 0x80, 0x89, 0xae,
+	0xdc, 0x4b, 0xf4, 0x3c, 0x8c, 0xa8, 0xaf, 0x24, 0xdd, 0xae, 0x15, 0x33, 0x78, 0x59, 0xc3, 0x70,
+	0x02, 0xb3, 0x8f, 0xa5, 0xba, 0x08, 0xc7, 0x43, 0xf2, 0x6a, 0x9b, 0xb4, 0xc9, 0xec, 0x46, 0x4c,
+	0xc2, 0x2a, 0xa9, 0x05, 0x7e, 0x9d, 0xd7, 0x13, 0x2e, 0xce, 0x3d, 0x78, 0x6b, 0x77, 0xea, 0x38,
+	0xee, 0x06, 0xe3, 0xac, 0x67, 0x50, 0x0b, 0x46, 0x3d, 0x73, 0xbf, 0x20, 0xb6, 0xa9, 0x77, 0xb4,
+	0xd5, 0x50, 0xb3, 0x35, 0xd1, 0x8c, 0x93, 0x0c, 0x92, 0x9b, 0x8e, 0xd2, 0x3d, 0xda, 0x74, 0x7c,
+	0x48, 0x6f, 0x3a, 0x78, 0x2c, 0xd0, 0xbb, 0x73, 0xce, 0xbd, 0xed, 0x67, 0xd7, 0x71, 0x98, 0x7d,
+	0xc4, 0x8b, 0x50, 0x96, 0x71, 0x92, 0x7d, 0xc5, 0x17, 0x9a, 0x74, 0x7a, 0xc8, 0xf6, 0xc7, 0xe1,
+	0xad, 0xe7, 0xc2, 0xd0, 0x18, 0xcc, 0x2b, 0x41, 0x3c, 0xeb, 0x79, 0xc1, 0x4d, 0x6a, 0xae, 0x5c,
+	0x8d, 0x88, 0xf0, 0x03, 0xda, 0xb7, 0x0b, 0x90, 0xb1, 0xa5, 0xa6, 0x6b, 0x52, 0xdb, 0x85, 0x89,
+	0x35, 0x79, 0x30, 0xdb, 0x10, 0xed, 0xf0, 0x58, 0x52, 0x6e, 0x0d, 0xbc, 0x2b, 0x6f, 0x97, 0x80,
+	0x0e, 0x2f, 0x55, 0x92, 0x52, 0x85, 0x98, 0x9e, 0x05, 0xd0, 0xe6, 0xbc, 0xb0, 0x09, 0x55, 0x70,
+	0x88, 0xb6, 0xfa, 0xb1, 0x81, 0x85, 0x9e, 0x83, 0x61, 0xd7, 0x8f, 0x62, 0xc7, 0xf3, 0x2e, 0xba,
+	0x7e, 0x2c, 0xec, 0x44, 0x65, 0xf6, 0x2c, 0x6a, 0x10, 0x36, 0xf1, 0x4e, 0xbf, 0xc3, 0xf8, 0x7e,
+	0x07, 0xf9, 0xee, 0x9b, 0x70, 0xea, 0x82, 0x1b, 0xab, 0x24, 0x45, 0x35, 0xdf, 0xa8, 0xb5, 0xae,
+	0x64, 0x95, 0xd5, 0x33, 0x2d, 0xd7, 0x48, 0x12, 0x2c, 0x24, 0x73, 0x1a, 0xd3, 0x49, 0x82, 0x76,
+	0x0d, 0x4e, 0x5c, 0x70, 0xe3, 0xf3, 0xae, 0x47, 0x8e, 0x90, 0xc9, 0x97, 0x07, 0x61, 0xc4, 0xcc,
+	0xdd, 0x3f, 0x88, 0x64, 0xff, 0x24, 0xb5, 0x63, 0xc5, 0x40, 0xb8, 0xea, 0xc0, 0xfb, 0xfa, 0xa1,
+	0x0b, 0x09, 0x64, 0x0f, 0xae, 0x61, 0xca, 0x6a, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x09, 0xa5, 0x0d,
+	0x96, 0xef, 0x56, 0xcc, 0x23, 0x54, 0x29, 0x6b, 0xf0, 0xf5, 0xca, 0xe5, 0x19, 0x73, 0x9c, 0x1f,
+	0x35, 0x3f, 0xc2, 0x64, 0x9a, 0xb5, 0x91, 0x85, 0x20, 0xf4, 0x9a, 0xc2, 0xe8, 0xa5, 0x3d, 0x4a,
+	0x77, 0xa0, 0x3d, 0x12, 0xb2, 0x7c, 0xf0, 0x1e, 0xc9, 0x72, 0x96, 0xbb, 0x18, 0x6f, 0x32, 0xe3,
+	0x58, 0xa4, 0x4d, 0x0d, 0xb1, 0x41, 0x30, 0x72, 0x17, 0x13, 0x60, 0x9c, 0xc6, 0x47, 0xef, 0x57,
+	0xda, 0xa0, 0x9c, 0xc7, 0x81, 0x82, 0x39, 0xa3, 0x8f, 0x5a, 0x11, 0x7c, 0xbc, 0x00, 0x63, 0x17,
+	0xfc, 0xf6, 0xea, 0x85, 0xd5, 0xf6, 0xba, 0xe7, 0xd6, 0x2e, 0x93, 0x0e, 0x95, 0xf6, 0x5b, 0xa4,
+	0xb3, 0xb8, 0x20, 0x56, 0x90, 0x9a, 0x33, 0x97, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0xb7, 0x36, 0x5c,
+	0xbf, 0x41, 0xc2, 0x56, 0xe8, 0x0a, 0x5f, 0xbf, 0x21, 0xb7, 0xce, 0x6b, 0x10, 0x36, 0xf1, 0x28,
+	0xed, 0xe0, 0xa6, 0x4f, 0xc2, 0xf4, 0x2e, 0x61, 0x85, 0x36, 0x62, 0x0e, 0xa3, 0x48, 0x71, 0xd8,
+	0x16, 0xae, 0x34, 0x03, 0x69, 0x8d, 0x36, 0x62, 0x0e, 0x13, 0xbb, 0x74, 0x16, 0x09, 0x56, 0xea,
+	0xda, 0xa5, 0xb3, 0x20, 0x0a, 0x09, 0xa7, 0xa8, 0x5b, 0xa4, 0xb3, 0xe0, 0xc4, 0x4e, 0x7a, 0x93,
+	0x7d, 0x99, 0x37, 0x63, 0x09, 0x67, 0xc5, 0x91, 0x93, 0xc3, 0xf1, 0x1d, 0x57, 0x1c, 0x39, 0xd9,
+	0xfd, 0x1e, 0x0e, 0x99, 0xbf, 0x53, 0x80, 0x91, 0x37, 0x6f, 0x30, 0xcd, 0xb8, 0x9b, 0xe7, 0x3a,
+	0x4c, 0x74, 0x65, 0x4c, 0xf7, 0x61, 0x21, 0xed, 0x5b, 0xd1, 0xc2, 0xc6, 0x30, 0x4c, 0x09, 0xcb,
+	0xa2, 0x80, 0xf3, 0x30, 0xc1, 0x17, 0x2f, 0xe5, 0xc4, 0x12, 0x60, 0x55, 0x16, 0x3c, 0x3b, 0xcc,
+	0xba, 0x96, 0x06, 0xe2, 0x6e, 0x7c, 0xfb, 0x13, 0x16, 0x8c, 0x26, 0x92, 0xd8, 0x73, 0xb2, 0xe5,
+	0xd8, 0xea, 0x0e, 0x58, 0x14, 0x33, 0xcb, 0x2a, 0x29, 0x32, 0x35, 0xac, 0x57, 0xb7, 0x06, 0x61,
+	0x13, 0xcf, 0xfe, 0xbd, 0x22, 0x94, 0x65, 0xc4, 0x55, 0x1f, 0x5d, 0xf9, 0x98, 0x05, 0xa3, 0xea,
+	0x00, 0x91, 0x79, 0x7c, 0x0b, 0x79, 0xe4, 0xd4, 0xd1, 0x1e, 0x28, 0xff, 0x89, 0xbf, 0x11, 0xe8,
+	0x8d, 0x05, 0x36, 0x99, 0xe1, 0x24, 0x6f, 0x74, 0x0d, 0x20, 0xea, 0x44, 0x31, 0x69, 0x1a, 0xbe,
+	0x67, 0xdb, 0x98, 0x65, 0xd3, 0xb5, 0x20, 0x24, 0x74, 0x4e, 0x5d, 0x09, 0xea, 0xa4, 0xaa, 0x30,
+	0xb5, 0x85, 0xa7, 0xdb, 0xb0, 0x41, 0x09, 0xbd, 0xa6, 0x8e, 0xbb, 0x07, 0xf2, 0xd0, 0xeb, 0x72,
+	0x7c, 0xfb, 0x39, 0xef, 0x3e, 0xc4, 0xf9, 0xb2, 0xfd, 0x2b, 0x05, 0x38, 0x96, 0x1e, 0x49, 0xf4,
+	0x6e, 0x18, 0x91, 0x83, 0x66, 0xb8, 0x19, 0x64, 0x98, 0xdb, 0x08, 0x36, 0x60, 0xb7, 0x77, 0xa7,
+	0xa6, 0xba, 0xaf, 0xc2, 0x9e, 0x36, 0x51, 0x70, 0x82, 0x18, 0x3f, 0x7c, 0x16, 0x51, 0x12, 0x73,
+	0x9d, 0xd9, 0x56, 0x4b, 0x9c, 0x20, 0x1b, 0x87, 0xcf, 0x26, 0x14, 0xa7, 0xb0, 0xd1, 0x2a, 0x9c,
+	0x30, 0x5a, 0xae, 0x10, 0xb7, 0xb1, 0xb9, 0x1e, 0x84, 0x72, 0x5f, 0xfb, 0xb0, 0x0e, 0xaa, 0xed,
+	0xc6, 0xc1, 0x99, 0x4f, 0x52, 0xc3, 0xa8, 0xe6, 0xb4, 0x9c, 0x9a, 0x1b, 0x77, 0xc4, 0x19, 0x80,
+	0x12, 0xe3, 0xf3, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x1f, 0x0e, 0xc0, 0x31, 0x1e, 0x45, 0x4a, 0x54,
+	0x90, 0x34, 0x7a, 0x37, 0x54, 0xa2, 0xd8, 0x09, 0xb9, 0x53, 0xc3, 0x3a, 0xb0, 0xe8, 0xd2, 0x99,
+	0xf7, 0x92, 0x08, 0xd6, 0xf4, 0xd0, 0x4b, 0xac, 0x6c, 0x99, 0x1b, 0x6d, 0x32, 0xea, 0x85, 0x3b,
+	0x73, 0x99, 0x9c, 0x57, 0x14, 0xb0, 0x41, 0x0d, 0xfd, 0x10, 0x94, 0x5a, 0x9b, 0x4e, 0x24, 0xfd,
+	0x79, 0x8f, 0x4b, 0x39, 0xb1, 0x4a, 0x1b, 0x6f, 0xef, 0x4e, 0x9d, 0x4c, 0xbf, 0x2a, 0x03, 0x60,
+	0xfe, 0x90, 0x29, 0xe5, 0x07, 0xf6, 0xbf, 0x5a, 0xa7, 0x1e, 0x76, 0xaa, 0x17, 0x67, 0xd3, 0x97,
+	0xb1, 0x2c, 0xb0, 0x56, 0x2c, 0xa0, 0x54, 0x26, 0x6d, 0x72, 0x96, 0x75, 0x8a, 0x3c, 0x98, 0xb4,
+	0x38, 0x2e, 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0xc7, 0xbb, 0x63, 0x8c, 0x87, 0x8e, 0x20, 0x07, 0xa5,
+	0xdf, 0xe8, 0xe2, 0x73, 0x50, 0x11, 0x5d, 0x5d, 0x0b, 0xd0, 0xf3, 0x30, 0xc2, 0xdd, 0x45, 0x73,
+	0xa1, 0xe3, 0xd7, 0x36, 0xd3, 0x4e, 0x9e, 0x35, 0x03, 0x86, 0x13, 0x98, 0xf6, 0x32, 0x0c, 0xf4,
+	0x29, 0x64, 0xfb, 0xda, 0xbb, 0xbf, 0x08, 0x65, 0x4a, 0x4e, 0x6e, 0xd0, 0xf2, 0x20, 0x19, 0x40,
+	0x59, 0x5e, 0xd4, 0x88, 0x6c, 0x28, 0xba, 0x8e, 0x8c, 0x25, 0x51, 0x4b, 0x68, 0x31, 0x8a, 0xda,
+	0x6c, 0xda, 0x51, 0x20, 0x7a, 0x0c, 0x8a, 0x64, 0xa7, 0x95, 0x0e, 0x1a, 0x39, 0xb7, 0xd3, 0x72,
+	0x43, 0x12, 0x51, 0x24, 0xb2, 0xd3, 0x42, 0xa7, 0xa1, 0xe0, 0xd6, 0xc5, 0x8c, 0x04, 0x81, 0x53,
+	0x58, 0x5c, 0xc0, 0x05, 0xb7, 0x6e, 0xef, 0x40, 0x45, 0xdd, 0x0c, 0x89, 0xb6, 0xa4, 0x49, 0x65,
+	0xe5, 0x11, 0x45, 0x2c, 0xe9, 0xf6, 0x30, 0xa6, 0xda, 0x00, 0xba, 0xa4, 0x43, 0x5e, 0x2a, 0xf8,
+	0x0c, 0x0c, 0xd4, 0x02, 0x51, 0x8c, 0xa7, 0xac, 0xc9, 0x30, 0x5b, 0x8a, 0x41, 0xec, 0xeb, 0x30,
+	0x76, 0xd9, 0x0f, 0x6e, 0xb2, 0x0b, 0x9c, 0x58, 0xbd, 0x62, 0x4a, 0x78, 0x83, 0xfe, 0x48, 0x5b,
+	0xee, 0x0c, 0x8a, 0x39, 0x4c, 0x55, 0x52, 0x2d, 0xf4, 0xaa, 0xa4, 0x6a, 0x7f, 0xc0, 0x82, 0x11,
+	0x95, 0x1b, 0x7e, 0x61, 0x7b, 0x8b, 0xd2, 0x6d, 0x84, 0x41, 0xbb, 0x95, 0xa6, 0xcb, 0x2e, 0xa1,
+	0xc5, 0x1c, 0x66, 0x16, 0x4d, 0x28, 0xec, 0x53, 0x34, 0xe1, 0x0c, 0x0c, 0x6c, 0xb9, 0x7e, 0x3d,
+	0xed, 0x14, 0xbd, 0xec, 0xfa, 0x75, 0xcc, 0x20, 0xb4, 0x0b, 0xc7, 0x54, 0x17, 0xa4, 0xcd, 0xf4,
+	0x3c, 0x8c, 0xac, 0xb7, 0x5d, 0xaf, 0x2e, 0x0b, 0x31, 0xa7, 0x96, 0xcb, 0x9c, 0x01, 0xc3, 0x09,
+	0x4c, 0x74, 0x16, 0x60, 0xdd, 0xf5, 0x9d, 0xb0, 0xb3, 0xaa, 0x8d, 0x34, 0xa5, 0xb7, 0xe7, 0x14,
+	0x04, 0x1b, 0x58, 0xf6, 0xa7, 0x8a, 0x30, 0x96, 0xcc, 0x90, 0xef, 0xc3, 0x77, 0xf1, 0x18, 0x94,
+	0x58, 0xd2, 0x7c, 0xfa, 0xd3, 0xf2, 0xda, 0xc5, 0x1c, 0x86, 0x22, 0x18, 0xe4, 0x8b, 0x39, 0x9f,
+	0x8b, 0x3c, 0x55, 0x27, 0x95, 0x27, 0x95, 0xc5, 0x5a, 0x0b, 0xc7, 0xb4, 0x60, 0x85, 0x3e, 0x6c,
+	0xc1, 0x50, 0xd0, 0x32, 0x2b, 0x70, 0xbe, 0x2b, 0xcf, 0xea, 0x01, 0x22, 0x45, 0x57, 0xd8, 0x23,
+	0xea, 0xd3, 0xcb, 0xcf, 0x21, 0x59, 0x9f, 0xfe, 0x41, 0x18, 0x31, 0x31, 0xf7, 0x33, 0x49, 0xca,
+	0xa6, 0x49, 0xf2, 0x31, 0x73, 0x52, 0x88, 0xfa, 0x08, 0x7d, 0x2c, 0xb7, 0xab, 0x50, 0xaa, 0xa9,
+	0x80, 0xb4, 0x3b, 0x2a, 0xdf, 0xaf, 0xea, 0x87, 0xb1, 0xc3, 0x7e, 0x4e, 0xcd, 0xfe, 0x86, 0x65,
+	0xcc, 0x0f, 0x4c, 0xa2, 0xc5, 0x3a, 0x0a, 0xa1, 0xd8, 0xd8, 0xde, 0x12, 0x6a, 0xfe, 0x52, 0x4e,
+	0xc3, 0x7b, 0x61, 0x7b, 0x4b, 0xcf, 0x71, 0xb3, 0x15, 0x53, 0x66, 0x7d, 0xb8, 0xfb, 0x13, 0x65,
+	0x34, 0x8a, 0xfb, 0x97, 0xd1, 0xb0, 0xdf, 0x28, 0xc0, 0x44, 0xd7, 0xa4, 0x42, 0xaf, 0x41, 0x29,
+	0xa4, 0x6f, 0x29, 0x5e, 0x6f, 0x29, 0xb7, 0xc2, 0x17, 0xd1, 0x62, 0x5d, 0xab, 0xcf, 0x64, 0x3b,
+	0xe6, 0x2c, 0xd1, 0x25, 0x40, 0x3a, 0x6c, 0x52, 0x9d, 0x35, 0xf0, 0x57, 0x56, 0xb1, 0x55, 0xb3,
+	0x5d, 0x18, 0x38, 0xe3, 0x29, 0xf4, 0x42, 0xfa, 0xc8, 0xa2, 0x98, 0x3c, 0x2b, 0xdb, 0xeb, 0xf4,
+	0xc1, 0xfe, 0x8d, 0x02, 0x8c, 0x26, 0x0a, 0xa2, 0x22, 0x0f, 0xca, 0xc4, 0x63, 0x07, 0x99, 0x52,
+	0xd9, 0x1c, 0xf6, 0x7a, 0x13, 0xa5, 0x20, 0xcf, 0x09, 0xba, 0x58, 0x71, 0xb8, 0x3f, 0x42, 0xae,
+	0x9e, 0x87, 0x11, 0xd9, 0xa1, 0x77, 0x39, 0x4d, 0x4f, 0x0c, 0xa0, 0x9a, 0xa3, 0xe7, 0x0c, 0x18,
+	0x4e, 0x60, 0xda, 0xbf, 0x53, 0x84, 0x49, 0x7e, 0xf2, 0x5b, 0x57, 0x33, 0x4f, 0x45, 0x70, 0xfc,
+	0xbc, 0x2e, 0x5b, 0x6c, 0xe5, 0x71, 0x87, 0x77, 0x2f, 0x46, 0x7d, 0x45, 0x0a, 0x7f, 0x3e, 0x15,
+	0x29, 0xcc, 0x77, 0xa6, 0x8d, 0x23, 0xea, 0xd1, 0x77, 0x56, 0xe8, 0xf0, 0x3f, 0x2d, 0xc0, 0x78,
+	0xea, 0xaa, 0x36, 0xf4, 0xa9, 0xe4, 0xed, 0x1e, 0x56, 0x1e, 0xa7, 0x62, 0x7b, 0xde, 0xde, 0x75,
+	0xb0, 0x3b, 0x3e, 0xee, 0xd1, 0x52, 0xb1, 0xbf, 0x5e, 0x80, 0xb1, 0xe4, 0x1d, 0x73, 0xf7, 0xe1,
+	0x48, 0xbd, 0x1d, 0x2a, 0xec, 0x1a, 0xa5, 0xcb, 0xa4, 0x23, 0x0f, 0xd5, 0xf8, 0x8d, 0x35, 0xb2,
+	0x11, 0x6b, 0xf8, 0x7d, 0x71, 0x75, 0x8a, 0xfd, 0xcf, 0x2d, 0x38, 0xc9, 0xdf, 0x32, 0x3d, 0x0f,
+	0xff, 0x56, 0xd6, 0xe8, 0xbe, 0x9c, 0x6f, 0x07, 0x53, 0xe5, 0xb6, 0xf7, 0x1b, 0x5f, 0x76, 0x93,
+	0xb9, 0xe8, 0x6d, 0x72, 0x2a, 0xdc, 0x87, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0x43, 0x01, 0x86,
+	0x57, 0xe6, 0x17, 0x95, 0x08, 0x9f, 0x81, 0x4a, 0x2d, 0x24, 0x8e, 0xf6, 0x76, 0x98, 0x71, 0x45,
+	0x12, 0x80, 0x35, 0x0e, 0xdd, 0x34, 0xf0, 0xb8, 0xbc, 0x28, 0xbd, 0x69, 0xe0, 0x61, 0x7b, 0x11,
+	0x96, 0x70, 0xf4, 0x24, 0x94, 0x59, 0xc6, 0xec, 0xd5, 0x50, 0x6a, 0x1c, 0xbd, 0x93, 0x64, 0xed,
+	0x78, 0x09, 0x2b, 0x0c, 0x4a, 0xb8, 0x1e, 0xd4, 0x22, 0x8a, 0x9c, 0x72, 0x40, 0x2c, 0xd0, 0x66,
+	0xbc, 0x84, 0x25, 0x9c, 0x15, 0x3c, 0x64, 0x9b, 0x74, 0x8a, 0x5c, 0x4a, 0x76, 0x9a, 0xef, 0xe6,
+	0x29, 0xba, 0xc6, 0x39, 0x48, 0x61, 0xcc, 0x54, 0xd6, 0xda, 0x50, 0x7f, 0x59, 0x6b, 0xf6, 0xd7,
+	0x8b, 0xa0, 0x2f, 0xc5, 0x47, 0xae, 0x28, 0x13, 0x91, 0x4b, 0x39, 0xf7, 0x6a, 0xc7, 0xaf, 0xe9,
+	0xeb, 0xf7, 0xcb, 0xa9, 0x2a, 0x11, 0x3f, 0x6b, 0xc1, 0xb0, 0xeb, 0xbb, 0xb1, 0xeb, 0x30, 0x57,
+	0x58, 0x3e, 0x37, 0x5b, 0x2b, 0x76, 0x8b, 0x9c, 0x72, 0x10, 0x9a, 0x27, 0xdc, 0x8a, 0x19, 0x36,
+	0x39, 0xa3, 0xf7, 0x8a, 0x24, 0xa9, 0x62, 0x6e, 0xb5, 0x56, 0xca, 0xa9, 0xcc, 0xa8, 0x16, 0x35,
+	0x68, 0xe3, 0x30, 0xa7, 0x12, 0x45, 0x98, 0x92, 0x52, 0x37, 0x83, 0xa8, 0x2d, 0x03, 0x6b, 0xc6,
+	0x9c, 0x91, 0x1d, 0x01, 0xea, 0x1e, 0x8b, 0x03, 0x26, 0xa0, 0xcc, 0x40, 0xc5, 0x69, 0xc7, 0x41,
+	0x93, 0x0e, 0x93, 0x38, 0x1f, 0xd7, 0x29, 0x36, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xa9, 0x12, 0xa4,
+	0x8a, 0x36, 0xa0, 0x1d, 0xa8, 0xa8, 0xb2, 0x0d, 0xf9, 0x24, 0x74, 0xea, 0x19, 0xa5, 0x3a, 0xa3,
+	0x9a, 0xb0, 0x66, 0x86, 0x1a, 0xd2, 0xab, 0xc8, 0x57, 0xfb, 0x8b, 0x69, 0xaf, 0xe2, 0x8f, 0xf6,
+	0x77, 0xc8, 0x44, 0xe7, 0xea, 0x0c, 0x2f, 0xd3, 0x37, 0xbd, 0xaf, 0x03, 0x72, 0xbf, 0xbb, 0xbd,
+	0x3f, 0x28, 0xee, 0xe1, 0xc2, 0x24, 0x6a, 0x7b, 0xb1, 0x98, 0x0d, 0x2f, 0xe6, 0xb8, 0xca, 0x38,
+	0x61, 0x5d, 0xfc, 0x88, 0xff, 0xc7, 0x06, 0xd3, 0xa4, 0x9b, 0x78, 0xf0, 0x48, 0xdd, 0xc4, 0x43,
+	0xb9, 0xba, 0x89, 0xcf, 0x02, 0xb0, 0xb9, 0xcd, 0x03, 0xe5, 0xcb, 0xcc, 0x7b, 0xa7, 0x54, 0x0c,
+	0x56, 0x10, 0x6c, 0x60, 0xd9, 0xdf, 0x0f, 0xc9, 0xea, 0x5d, 0x68, 0x4a, 0x16, 0x0b, 0xe3, 0x07,
+	0x60, 0x2c, 0x47, 0x31, 0x51, 0xd7, 0xeb, 0xd7, 0x2c, 0x30, 0x4b, 0x8c, 0xa1, 0x57, 0x79, 0x2d,
+	0x33, 0x2b, 0x8f, 0x03, 0x15, 0x83, 0xee, 0xf4, 0xb2, 0xd3, 0x4a, 0x05, 0xf7, 0xc8, 0x82, 0x66,
+	0xa7, 0xdf, 0x01, 0x65, 0x09, 0x3d, 0x90, 0xb1, 0xfc, 0x7e, 0x38, 0x2e, 0xeb, 0x1d, 0xc8, 0xb3,
+	0x0f, 0x71, 0xc8, 0xbe, 0xbf, 0x4b, 0x4d, 0xfa, 0xc9, 0x0a, 0xbd, 0xfc, 0x64, 0x6a, 0xf7, 0x5f,
+	0xec, 0x59, 0xa5, 0xfc, 0xd7, 0x2d, 0x38, 0x93, 0xee, 0x40, 0xb4, 0x1c, 0xf8, 0x6e, 0x1c, 0x84,
+	0x55, 0x12, 0xc7, 0xae, 0xdf, 0x60, 0x25, 0x67, 0x6f, 0x3a, 0xa1, 0xbc, 0x76, 0x88, 0x09, 0xca,
+	0xeb, 0x4e, 0xe8, 0x63, 0xd6, 0x8a, 0x3a, 0x30, 0xc8, 0x23, 0x8b, 0xc5, 0x2e, 0xe8, 0x90, 0x6b,
+	0x23, 0x63, 0x38, 0xf4, 0x36, 0x8c, 0x47, 0x35, 0x63, 0xc1, 0xd0, 0xfe, 0x96, 0x05, 0x68, 0x65,
+	0x9b, 0x84, 0xa1, 0x5b, 0x37, 0x62, 0xa1, 0xd9, 0x7d, 0x96, 0xc6, 0xbd, 0x95, 0x66, 0x35, 0x8e,
+	0xd4, 0x7d, 0x96, 0xc6, 0xbf, 0xec, 0xfb, 0x2c, 0x0b, 0x07, 0xbb, 0xcf, 0x12, 0xad, 0xc0, 0xc9,
+	0x26, 0xdf, 0xc6, 0xf1, 0x3b, 0xe2, 0xf8, 0x9e, 0x4e, 0x25, 0x8e, 0x9f, 0xba, 0xb5, 0x3b, 0x75,
+	0x72, 0x39, 0x0b, 0x01, 0x67, 0x3f, 0x67, 0xbf, 0x03, 0x10, 0x0f, 0x81, 0x9e, 0xcf, 0x8a, 0xe2,
+	0xec, 0xe9, 0xd6, 0xb2, 0x3f, 0x57, 0x82, 0xf1, 0xd4, 0xa5, 0x14, 0x74, 0x0b, 0xdd, 0x1d, 0x36,
+	0x7a, 0x68, 0xfd, 0xdd, 0xdd, 0xbd, 0xbe, 0x02, 0x51, 0x7d, 0x28, 0xb9, 0x7e, 0xab, 0x1d, 0xe7,
+	0x53, 0xb7, 0x82, 0x77, 0x62, 0x91, 0x12, 0x34, 0xdc, 0xf0, 0xf4, 0x2f, 0xe6, 0x6c, 0xf2, 0x0c,
+	0x6b, 0x4d, 0x6c, 0x72, 0x06, 0xee, 0x91, 0x9b, 0xe5, 0x83, 0x3a, 0xc8, 0xb4, 0x94, 0x87, 0xc3,
+	0x36, 0x35, 0x59, 0x8e, 0x3a, 0xb2, 0xe8, 0x4b, 0x05, 0x18, 0x36, 0x3e, 0x1a, 0xfa, 0xc5, 0x64,
+	0x01, 0x4e, 0x2b, 0xbf, 0x57, 0x62, 0xf4, 0xa7, 0x75, 0x89, 0x4d, 0xfe, 0x4a, 0x8f, 0x77, 0xd7,
+	0xde, 0xbc, 0xbd, 0x3b, 0x75, 0x2c, 0x55, 0x5d, 0x33, 0x51, 0x8f, 0xf3, 0xf4, 0x4f, 0xc2, 0x78,
+	0x8a, 0x4c, 0xc6, 0x2b, 0xaf, 0x99, 0xaf, 0x7c, 0x68, 0x77, 0x9f, 0x39, 0x64, 0x5f, 0xa4, 0x43,
+	0x26, 0xd2, 0xe5, 0x03, 0x8f, 0xf4, 0xe1, 0xdb, 0x4e, 0xed, 0x2f, 0x0a, 0x7d, 0x56, 0xc5, 0x78,
+	0x02, 0xca, 0xad, 0xc0, 0x73, 0x6b, 0xae, 0xaa, 0xdf, 0xcd, 0xea, 0x70, 0xac, 0x8a, 0x36, 0xac,
+	0xa0, 0xe8, 0x26, 0x54, 0x6e, 0xdc, 0x8c, 0xf9, 0xa9, 0x9a, 0x38, 0x37, 0xc8, 0xeb, 0x30, 0x4d,
+	0x19, 0x2d, 0xea, 0xd8, 0x0e, 0x6b, 0x5e, 0xc8, 0x86, 0x41, 0xa6, 0x04, 0x65, 0xea, 0x1c, 0x3b,
+	0xd3, 0x60, 0xda, 0x31, 0xc2, 0x02, 0x62, 0xff, 0xbb, 0x61, 0x38, 0x91, 0x75, 0x33, 0x10, 0x7a,
+	0x1f, 0x0c, 0xf2, 0x3e, 0xe6, 0x73, 0xf9, 0x5c, 0x16, 0x8f, 0x0b, 0x8c, 0xa0, 0xe8, 0x16, 0xfb,
+	0x8d, 0x05, 0x4f, 0xc1, 0xdd, 0x73, 0xd6, 0xc5, 0x0c, 0x39, 0x1a, 0xee, 0x4b, 0x8e, 0xe6, 0xbe,
+	0xe4, 0x70, 0xee, 0x9e, 0xb3, 0x8e, 0x76, 0xa0, 0xd4, 0x70, 0x63, 0xe2, 0x08, 0xe7, 0xcc, 0xf5,
+	0x23, 0x61, 0x4e, 0x1c, 0x6e, 0xa5, 0xb1, 0x9f, 0x98, 0x33, 0x44, 0x5f, 0xb0, 0x60, 0x7c, 0x3d,
+	0x59, 0x8e, 0x47, 0x08, 0x4f, 0xe7, 0x08, 0x6e, 0x7f, 0x4a, 0x32, 0xe2, 0x17, 0xba, 0xa6, 0x1a,
+	0x71, 0xba, 0x3b, 0xe8, 0x43, 0x16, 0x0c, 0x6d, 0xb8, 0x9e, 0x71, 0xbd, 0xc6, 0x11, 0x7c, 0x9c,
+	0xf3, 0x8c, 0x81, 0xde, 0x71, 0xf0, 0xff, 0x11, 0x96, 0x9c, 0x7b, 0x69, 0xaa, 0xc1, 0xc3, 0x6a,
+	0xaa, 0xa1, 0x7b, 0xa4, 0xa9, 0x3e, 0x6a, 0x41, 0x45, 0x8d, 0xb4, 0x28, 0x6b, 0xf2, 0xee, 0x23,
+	0xfc, 0xe4, 0xdc, 0x23, 0xa5, 0xfe, 0x62, 0xcd, 0x1c, 0xbd, 0x6e, 0xc1, 0xb0, 0xf3, 0x5a, 0x3b,
+	0x24, 0x75, 0xb2, 0x1d, 0xb4, 0x22, 0x51, 0x6f, 0xf4, 0xe5, 0xfc, 0x3b, 0x33, 0x4b, 0x99, 0x2c,
+	0x90, 0xed, 0x95, 0x56, 0x24, 0xd2, 0x7a, 0x75, 0x03, 0x36, 0xbb, 0x80, 0x7e, 0x46, 0xeb, 0x71,
+	0xc8, 0xa3, 0xea, 0x74, 0x56, 0x6f, 0xfa, 0xca, 0x52, 0x27, 0xf0, 0x50, 0x2d, 0xf0, 0x63, 0xd7,
+	0x6f, 0x93, 0x15, 0x1f, 0x93, 0x56, 0x70, 0x25, 0x88, 0xcf, 0x07, 0x6d, 0xbf, 0x7e, 0x2e, 0x0c,
+	0x83, 0x90, 0xd5, 0x6d, 0x31, 0xee, 0x1c, 0x9d, 0xef, 0x8d, 0x8a, 0xf7, 0xa2, 0x73, 0x18, 0x9b,
+	0x61, 0xb7, 0x00, 0x53, 0xfb, 0x0c, 0x36, 0x7a, 0x1e, 0x46, 0x82, 0xb0, 0xe1, 0xf8, 0xee, 0x6b,
+	0x66, 0x29, 0x32, 0x65, 0x90, 0xae, 0x18, 0x30, 0x9c, 0xc0, 0x34, 0x6b, 0xd4, 0x14, 0xf6, 0xa9,
+	0x51, 0x73, 0x06, 0x06, 0x42, 0xd2, 0x0a, 0xd2, 0xfb, 0x2a, 0x96, 0x89, 0xc7, 0x20, 0xe8, 0x11,
+	0x28, 0x3a, 0x2d, 0x57, 0x38, 0x17, 0xd5, 0x76, 0x71, 0x76, 0x75, 0x11, 0xd3, 0xf6, 0x44, 0xc9,
+	0xac, 0xd2, 0x5d, 0x29, 0x99, 0x45, 0x35, 0xa6, 0x38, 0x3e, 0x1b, 0xd4, 0x1a, 0x33, 0x79, 0xac,
+	0x65, 0xbf, 0x51, 0x84, 0x47, 0xf6, 0x5c, 0x5a, 0x3a, 0x42, 0xdb, 0xda, 0x23, 0x42, 0x5b, 0x0e,
+	0x4f, 0x61, 0xbf, 0xe1, 0x29, 0xf6, 0x18, 0x9e, 0x0f, 0x51, 0x89, 0x21, 0x4b, 0xb8, 0xe5, 0x73,
+	0xf5, 0x79, 0xaf, 0x8a, 0x70, 0x42, 0x58, 0x48, 0x28, 0xd6, 0x7c, 0xe9, 0x76, 0x29, 0x51, 0x9f,
+	0xa5, 0x94, 0x87, 0xc6, 0xec, 0x59, 0x46, 0x8d, 0x8b, 0x89, 0x5e, 0x45, 0x5f, 0xec, 0xdf, 0x1c,
+	0x80, 0xc7, 0xfa, 0x50, 0x74, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c, 0xc5, 0xdf, 0xe1, 0x9f, 0xe9, 0x23,
+	0x99, 0x9f, 0x09, 0xe7, 0xff, 0x99, 0xf6, 0xfe, 0x42, 0xec, 0x04, 0xc2, 0x8f, 0x48, 0xad, 0x1d,
+	0xf2, 0x6c, 0x15, 0x23, 0x4d, 0x77, 0x51, 0xb4, 0x63, 0x85, 0x41, 0xb7, 0xbf, 0x35, 0x87, 0x2e,
+	0xff, 0xa1, 0x9c, 0xea, 0x71, 0x98, 0x19, 0xbf, 0xdc, 0xfa, 0x9a, 0x9f, 0xa5, 0x12, 0x80, 0xb3,
+	0xb1, 0x7f, 0xd7, 0x82, 0xd3, 0xbd, 0xad, 0x11, 0xf4, 0x34, 0x0c, 0xaf, 0xb3, 0xd8, 0xc1, 0x65,
+	0x16, 0x9f, 0x24, 0xa6, 0x0e, 0x7b, 0x5f, 0xdd, 0x8c, 0x4d, 0x1c, 0x34, 0x0f, 0x13, 0x66, 0xd0,
+	0xe1, 0xb2, 0x11, 0xd8, 0xc4, 0xfc, 0x25, 0x6b, 0x69, 0x20, 0xee, 0xc6, 0x47, 0xd3, 0x00, 0xb1,
+	0x1b, 0x7b, 0x84, 0x3f, 0xcd, 0x27, 0x1a, 0x73, 0x28, 0xae, 0xa9, 0x56, 0x6c, 0x60, 0xd8, 0xdf,
+	0x2e, 0x66, 0xbf, 0x06, 0xb7, 0x72, 0x0f, 0x32, 0xfb, 0xc5, 0xdc, 0x2e, 0xf4, 0x21, 0xa1, 0x8b,
+	0x77, 0x5b, 0x42, 0x0f, 0xf4, 0x92, 0xd0, 0x68, 0x01, 0x8e, 0x19, 0xb7, 0x98, 0xf2, 0x8a, 0x2e,
+	0xfc, 0x50, 0x4a, 0x95, 0x63, 0x5b, 0x4d, 0xc1, 0x71, 0xd7, 0x13, 0xf7, 0xf9, 0x54, 0xfd, 0x4a,
+	0x01, 0x4e, 0xf5, 0xdc, 0x58, 0xdc, 0x25, 0x0d, 0x64, 0x7e, 0xfe, 0x81, 0xbb, 0xf3, 0xf9, 0xcd,
+	0x8f, 0x52, 0xda, 0xf7, 0xa3, 0xf4, 0xa3, 0xce, 0xff, 0xa8, 0xd0, 0x73, 0xb1, 0xd0, 0x8d, 0xe8,
+	0x77, 0xed, 0x48, 0xbe, 0x00, 0xa3, 0x4e, 0xab, 0xc5, 0xf1, 0x58, 0x22, 0x42, 0xaa, 0x44, 0xe4,
+	0xac, 0x09, 0xc4, 0x49, 0xdc, 0xbe, 0x06, 0xf6, 0x4f, 0x2d, 0xa8, 0x60, 0xb2, 0xc1, 0x25, 0x1c,
+	0xba, 0x21, 0x86, 0xc8, 0xca, 0xa3, 0x4e, 0x3f, 0x1d, 0xd8, 0xc8, 0x65, 0xc5, 0xeb, 0xb3, 0x06,
+	0xfb, 0xb0, 0x05, 0x07, 0xd4, 0xdd, 0xa7, 0xc5, 0xde, 0x77, 0x9f, 0xda, 0x5f, 0xae, 0xd0, 0xd7,
+	0x6b, 0x05, 0xf3, 0x21, 0xa9, 0x47, 0xf4, 0xfb, 0xb6, 0x43, 0x4f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf,
+	0xe2, 0x25, 0x4c, 0xdb, 0x13, 0xe7, 0x93, 0x85, 0x03, 0x15, 0xc8, 0x2b, 0xee, 0x5b, 0x20, 0xef,
+	0x05, 0x18, 0x8d, 0xa2, 0xcd, 0xd5, 0xd0, 0xdd, 0x76, 0x62, 0x72, 0x99, 0xc8, 0x4a, 0x3a, 0xba,
+	0x58, 0x54, 0xf5, 0xa2, 0x06, 0xe2, 0x24, 0x2e, 0xba, 0x00, 0x13, 0xba, 0x4c, 0x1d, 0x09, 0x63,
+	0x96, 0xe1, 0xc7, 0x67, 0x82, 0xaa, 0x92, 0xa2, 0x0b, 0xdb, 0x09, 0x04, 0xdc, 0xfd, 0x0c, 0x95,
+	0xb9, 0x89, 0x46, 0xda, 0x91, 0xc1, 0xa4, 0xcc, 0x4d, 0xd0, 0xa1, 0x7d, 0xe9, 0x7a, 0x02, 0x2d,
+	0xc3, 0x71, 0x3e, 0x31, 0x66, 0x5b, 0x2d, 0xe3, 0x8d, 0x86, 0x92, 0xc5, 0xd1, 0x2f, 0x74, 0xa3,
+	0xe0, 0xac, 0xe7, 0xd0, 0x73, 0x30, 0xac, 0x9a, 0x17, 0x17, 0xc4, 0xd1, 0x9a, 0x72, 0xed, 0x29,
+	0x32, 0x8b, 0x75, 0x6c, 0xe2, 0xa1, 0x77, 0xc1, 0x83, 0xfa, 0x2f, 0xcf, 0x18, 0xe7, 0xe7, 0xcd,
+	0x0b, 0xa2, 0x02, 0xa8, 0xba, 0x7b, 0xeb, 0x42, 0x26, 0x5a, 0x1d, 0xf7, 0x7a, 0x1e, 0xad, 0xc3,
+	0x69, 0x05, 0x3a, 0xe7, 0xc7, 0x2c, 0xa7, 0x33, 0x22, 0x73, 0x4e, 0xc4, 0x22, 0x27, 0x80, 0xbd,
+	0xa7, 0x2d, 0xa8, 0x9f, 0xbe, 0xe0, 0xc6, 0x17, 0xb3, 0x30, 0xf1, 0x12, 0xde, 0x83, 0x0a, 0x9a,
+	0x81, 0x0a, 0xf1, 0x9d, 0x75, 0x8f, 0xac, 0xcc, 0x2f, 0x8a, 0x1d, 0xa9, 0x4e, 0x06, 0x90, 0x00,
+	0xac, 0x71, 0x54, 0x38, 0xfb, 0x48, 0xaf, 0x70, 0x76, 0xb4, 0x0a, 0x27, 0x1a, 0xb5, 0x16, 0xb5,
+	0x32, 0xdd, 0x1a, 0x99, 0xad, 0xb1, 0xe8, 0x5d, 0xfa, 0x61, 0x78, 0xd5, 0x7a, 0x95, 0x17, 0x74,
+	0x61, 0x7e, 0xb5, 0x0b, 0x07, 0x67, 0x3e, 0xc9, 0xa2, 0xbc, 0xc3, 0x60, 0xa7, 0x33, 0x79, 0x3c,
+	0x15, 0xe5, 0x4d, 0x1b, 0x31, 0x87, 0xa1, 0x4b, 0x80, 0x58, 0x6e, 0xdc, 0xc5, 0x38, 0x6e, 0x29,
+	0xb3, 0x76, 0xf2, 0x44, 0xb2, 0x1e, 0xe0, 0xf9, 0x2e, 0x0c, 0x9c, 0xf1, 0x14, 0xb5, 0x7a, 0xfc,
+	0x80, 0x51, 0x9f, 0x7c, 0x30, 0x69, 0xf5, 0x5c, 0xe1, 0xcd, 0x58, 0xc2, 0xd1, 0x8f, 0xc3, 0x64,
+	0x3b, 0x22, 0x6c, 0xc3, 0x7c, 0x3d, 0x08, 0xb7, 0xbc, 0xc0, 0xa9, 0x2f, 0xb2, 0x4b, 0x56, 0xe3,
+	0xce, 0xe4, 0x24, 0x63, 0x7e, 0x46, 0x3c, 0x3b, 0x79, 0xb5, 0x07, 0x1e, 0xee, 0x49, 0x21, 0x5d,
+	0xd0, 0xf2, 0x54, 0x9f, 0x05, 0x2d, 0x57, 0xe1, 0x84, 0xd4, 0x6b, 0x2b, 0xf3, 0x8b, 0xea, 0xa5,
+	0x27, 0x4f, 0x27, 0x6f, 0x6d, 0x5b, 0xcc, 0xc0, 0xc1, 0x99, 0x4f, 0xda, 0x7f, 0x62, 0xc1, 0xa8,
+	0x92, 0x60, 0x77, 0x21, 0x47, 0xd7, 0x4b, 0xe6, 0xe8, 0x5e, 0x38, 0xbc, 0x0e, 0x60, 0x3d, 0xef,
+	0x91, 0x51, 0xf2, 0x99, 0x51, 0x00, 0xad, 0x27, 0x94, 0x8a, 0xb6, 0x7a, 0xaa, 0xe8, 0xfb, 0x56,
+	0x46, 0x67, 0x15, 0x28, 0x2c, 0xdd, 0xdb, 0x02, 0x85, 0x55, 0x38, 0x29, 0xa7, 0x14, 0x3f, 0x52,
+	0xbe, 0x18, 0x44, 0x4a, 0xe4, 0x1b, 0xd7, 0xf0, 0x2d, 0x66, 0x21, 0xe1, 0xec, 0x67, 0x13, 0xb6,
+	0xdd, 0xd0, 0xbe, 0xb6, 0x9d, 0x92, 0x72, 0x4b, 0x1b, 0xf2, 0x92, 0xcc, 0x94, 0x94, 0x5b, 0x3a,
+	0x5f, 0xc5, 0x1a, 0x27, 0x5b, 0xd5, 0x55, 0x72, 0x52, 0x75, 0x70, 0x60, 0x55, 0x27, 0x85, 0xee,
+	0x70, 0x4f, 0xa1, 0x2b, 0x8f, 0xae, 0x46, 0x7a, 0x1e, 0x5d, 0xbd, 0x13, 0xc6, 0x5c, 0x7f, 0x93,
+	0x84, 0x6e, 0x4c, 0xea, 0x6c, 0x2d, 0x30, 0x81, 0x5c, 0xd6, 0x86, 0xce, 0x62, 0x02, 0x8a, 0x53,
+	0xd8, 0x49, 0x4d, 0x31, 0xd6, 0x87, 0xa6, 0xe8, 0xa1, 0x9f, 0xc7, 0xf3, 0xd1, 0xcf, 0xc7, 0x0e,
+	0xaf, 0x9f, 0x27, 0x8e, 0x54, 0x3f, 0xa3, 0x5c, 0xf4, 0x73, 0x5f, 0xaa, 0xcf, 0xd8, 0xa4, 0x9f,
+	0xd8, 0x67, 0x93, 0xde, 0x4b, 0x39, 0x9f, 0xbc, 0x63, 0xe5, 0x9c, 0xad, 0x77, 0x1f, 0x78, 0x53,
+	0xef, 0xe6, 0xa2, 0x77, 0x3f, 0x5a, 0x80, 0x93, 0x5a, 0x33, 0x51, 0x79, 0xe0, 0x6e, 0x50, 0xd9,
+	0xcc, 0x6e, 0x9e, 0xe6, 0x07, 0xde, 0x46, 0x66, 0xb8, 0xce, 0x8d, 0x57, 0x10, 0x6c, 0x60, 0xb1,
+	0x04, 0x6b, 0x12, 0xb2, 0x3b, 0x4f, 0xd2, 0x6a, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x41, 0x07, 0x81,
+	0xfe, 0x16, 0xf5, 0x3d, 0xd2, 0xd5, 0xb4, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x09, 0xce, 0x84,
+	0x89, 0x4c, 0xaa, 0xba, 0x46, 0xf8, 0xb6, 0x52, 0x49, 0x49, 0x05, 0x95, 0xdd, 0x61, 0x05, 0x00,
+	0x4a, 0xdd, 0xdd, 0x61, 0xb1, 0xa3, 0x0a, 0xc3, 0xfe, 0x9f, 0x16, 0x9c, 0xca, 0x1c, 0x8a, 0xbb,
+	0x60, 0x8e, 0xec, 0x24, 0xcd, 0x91, 0x6a, 0x5e, 0x5b, 0x52, 0xe3, 0x2d, 0x7a, 0x98, 0x26, 0xff,
+	0xd1, 0x82, 0x31, 0x8d, 0x7f, 0x17, 0x5e, 0xd5, 0x4d, 0xbe, 0x6a, 0x7e, 0xbb, 0xef, 0x4a, 0xd7,
+	0xbb, 0xfd, 0x4e, 0x01, 0x54, 0x85, 0xfb, 0xd9, 0x9a, 0xbc, 0x3f, 0x64, 0x9f, 0x10, 0x8c, 0x0e,
+	0x0c, 0xb2, 0x08, 0x92, 0x28, 0x9f, 0xe8, 0xb8, 0x24, 0x7f, 0x16, 0x8d, 0xa2, 0x0f, 0xf4, 0xd8,
+	0xdf, 0x08, 0x0b, 0x86, 0xec, 0x46, 0x1e, 0x5e, 0x3c, 0xbc, 0x2e, 0xf2, 0x84, 0xf5, 0x8d, 0x3c,
+	0xa2, 0x1d, 0x2b, 0x0c, 0xaa, 0x30, 0xdd, 0x5a, 0xe0, 0xcf, 0x7b, 0x4e, 0x14, 0x09, 0x1b, 0x4e,
+	0x29, 0xcc, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x05, 0x97, 0xb8, 0x51, 0xcb, 0x73, 0x3a, 0x86, 0x8f,
+	0xc5, 0xa8, 0x63, 0xa5, 0x40, 0xd8, 0xc4, 0xb3, 0x9b, 0x30, 0x99, 0x7c, 0x89, 0x05, 0xb2, 0xc1,
+	0x22, 0xbb, 0xfb, 0x1a, 0xce, 0x19, 0xa8, 0x38, 0xec, 0xa9, 0xa5, 0xb6, 0x23, 0x64, 0x82, 0x8e,
+	0x6f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x7f, 0x66, 0xc1, 0xf1, 0x8c, 0x41, 0xcb, 0x31, 0x0f, 0x3b,
+	0xd6, 0xd2, 0x26, 0xcb, 0xd4, 0xf9, 0x3e, 0x18, 0xaa, 0x93, 0x0d, 0x47, 0xc6, 0x0e, 0x9b, 0xa9,
+	0x06, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x1b, 0x05, 0x18, 0x4f, 0xf6, 0x35, 0x62, 0xb9, 0x8d, 0x7c,
+	0x98, 0xdc, 0xa8, 0x16, 0x6c, 0x93, 0xb0, 0x43, 0xdf, 0xdc, 0x4a, 0xe5, 0x36, 0x76, 0x61, 0xe0,
+	0x8c, 0xa7, 0xd8, 0xfd, 0x16, 0x75, 0x35, 0xda, 0x72, 0x46, 0x5e, 0xcb, 0x73, 0x46, 0xea, 0x8f,
+	0x69, 0xc6, 0x19, 0x29, 0x96, 0xd8, 0xe4, 0x4f, 0x4d, 0x2e, 0x96, 0x2c, 0x32, 0xd7, 0x76, 0xbd,
+	0xd8, 0xf5, 0xc5, 0x2b, 0x8b, 0xb9, 0xaa, 0x4c, 0xae, 0xe5, 0x6e, 0x14, 0x9c, 0xf5, 0x9c, 0xfd,
+	0xad, 0x01, 0x50, 0x35, 0x46, 0x58, 0x1c, 0x68, 0x4e, 0x51, 0xb4, 0x07, 0xcd, 0x90, 0x55, 0x73,
+	0x6b, 0x60, 0xaf, 0xc0, 0x2c, 0xee, 0x98, 0x33, 0x3d, 0xf8, 0x6a, 0xc0, 0xd6, 0x34, 0x08, 0x9b,
+	0x78, 0xb4, 0x27, 0x9e, 0xbb, 0x4d, 0xf8, 0x43, 0x83, 0xc9, 0x9e, 0x2c, 0x49, 0x00, 0xd6, 0x38,
+	0xac, 0x9c, 0xb5, 0xbb, 0xb1, 0x21, 0xbc, 0x4c, 0xba, 0x9c, 0xb5, 0xbb, 0xb1, 0x81, 0x19, 0x84,
+	0xdf, 0x80, 0x14, 0x6c, 0x89, 0x6d, 0x86, 0x71, 0x03, 0x52, 0xb0, 0x85, 0x19, 0x84, 0x7e, 0x25,
+	0x3f, 0x08, 0x9b, 0x8e, 0xe7, 0xbe, 0x46, 0xea, 0x8a, 0x8b, 0xd8, 0x5e, 0xa8, 0xaf, 0x74, 0xa5,
+	0x1b, 0x05, 0x67, 0x3d, 0x47, 0x27, 0x74, 0x2b, 0x24, 0x75, 0xb7, 0x16, 0x9b, 0xd4, 0x20, 0x39,
+	0xa1, 0x57, 0xbb, 0x30, 0x70, 0xc6, 0x53, 0x68, 0x16, 0xc6, 0x65, 0x8d, 0x18, 0x59, 0x57, 0x71,
+	0x38, 0x59, 0x9c, 0x0d, 0x27, 0xc1, 0x38, 0x8d, 0x4f, 0x85, 0x64, 0x53, 0x54, 0x85, 0x65, 0xbb,
+	0x11, 0x43, 0x48, 0xca, 0x6a, 0xb1, 0x58, 0x61, 0xd8, 0x1f, 0x2c, 0x52, 0xa5, 0xde, 0xa3, 0xf8,
+	0xf2, 0x5d, 0x8b, 0xda, 0x4e, 0xce, 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0xb3, 0x30, 0x72, 0x23, 0x0a,
+	0x7c, 0x15, 0x11, 0x5d, 0xea, 0x19, 0x11, 0x6d, 0x60, 0x65, 0x47, 0x44, 0x0f, 0xe6, 0x15, 0x11,
+	0x3d, 0x74, 0x87, 0x11, 0xd1, 0xbf, 0x5f, 0x02, 0x75, 0xc5, 0xe5, 0x15, 0x12, 0xdf, 0x0c, 0xc2,
+	0x2d, 0xd7, 0x6f, 0xb0, 0x7a, 0x27, 0x5f, 0xb0, 0x64, 0xc9, 0x94, 0x25, 0x33, 0x53, 0x78, 0x23,
+	0xa7, 0x6b, 0x0a, 0x13, 0xcc, 0xa6, 0xd7, 0x0c, 0x46, 0x3c, 0xb2, 0x26, 0x55, 0x9a, 0x45, 0x1c,
+	0x1a, 0x24, 0x7a, 0x84, 0x7e, 0x12, 0x40, 0xba, 0xe4, 0x37, 0xa4, 0x04, 0x5e, 0xcc, 0xa7, 0x7f,
+	0x98, 0x6c, 0x68, 0x93, 0x7a, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0x51, 0x9d, 0x45, 0xcd, 0x53,
+	0xa7, 0xde, 0x7b, 0x24, 0x63, 0xd3, 0x4f, 0x0e, 0x35, 0x86, 0x21, 0xd7, 0x6f, 0xd0, 0x79, 0x22,
+	0x22, 0x47, 0xdf, 0x96, 0x55, 0x4e, 0x6b, 0x29, 0x70, 0xea, 0x73, 0x8e, 0xe7, 0xf8, 0x35, 0x12,
+	0x2e, 0x72, 0x74, 0xad, 0x41, 0x45, 0x03, 0x96, 0x84, 0xba, 0xee, 0xe1, 0x2c, 0xf5, 0x73, 0x0f,
+	0xe7, 0xe9, 0x1f, 0x81, 0x89, 0xae, 0x8f, 0x79, 0xa0, 0x94, 0xe9, 0x43, 0x14, 0xd2, 0xfa, 0xcd,
+	0x41, 0xad, 0xb4, 0xae, 0x04, 0x75, 0x7e, 0xad, 0x63, 0xa8, 0xbf, 0xa8, 0x30, 0x99, 0x73, 0x9c,
+	0x22, 0x4a, 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xe7, 0x68, 0xcb, 0x09, 0x89, 0x7f, 0xd4, 0x73,
+	0x74, 0x55, 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x99, 0xc8, 0xed, 0x3b, 0x7f, 0xf8, 0xdc, 0x3e, 0x56,
+	0xdc, 0x34, 0xeb, 0xf6, 0xb3, 0xd7, 0x2d, 0x18, 0xf3, 0x13, 0x33, 0x37, 0x9f, 0x70, 0xfe, 0xec,
+	0x55, 0xc1, 0x6f, 0x48, 0x4e, 0xb6, 0xe1, 0x14, 0xff, 0x2c, 0x95, 0x56, 0x3a, 0xa0, 0x4a, 0xd3,
+	0xd7, 0xca, 0x0e, 0xf6, 0xba, 0x56, 0x16, 0xf9, 0xea, 0xbe, 0xef, 0xa1, 0x3c, 0xca, 0x91, 0x24,
+	0x2e, 0xfb, 0x86, 0x8c, 0x8b, 0xbe, 0xaf, 0x9b, 0xa9, 0xbf, 0x07, 0xbf, 0xf7, 0x79, 0xb4, 0x57,
+	0x8a, 0xb0, 0xfd, 0x7f, 0x06, 0xe0, 0x98, 0x1c, 0x11, 0x99, 0x0a, 0x44, 0xf5, 0x23, 0xe7, 0xab,
+	0x6d, 0x65, 0xa5, 0x1f, 0x2f, 0x4a, 0x00, 0xd6, 0x38, 0xd4, 0x1e, 0x6b, 0x47, 0x64, 0xa5, 0x45,
+	0xfc, 0x25, 0x77, 0x3d, 0x12, 0xc7, 0xef, 0x6a, 0xa1, 0x5c, 0xd5, 0x20, 0x6c, 0xe2, 0xb1, 0xfc,
+	0x64, 0xc3, 0x68, 0x35, 0xf3, 0x93, 0x85, 0xa1, 0x2a, 0xe1, 0xe8, 0xb3, 0x99, 0xb7, 0x41, 0xe4,
+	0x93, 0x40, 0xdb, 0x95, 0x01, 0x75, 0xb0, 0x6b, 0x20, 0xd0, 0x3f, 0xb2, 0xe0, 0x24, 0x6f, 0x95,
+	0x23, 0x79, 0xb5, 0x55, 0x77, 0x62, 0x12, 0xe5, 0x73, 0x73, 0x56, 0x46, 0xff, 0xb4, 0x17, 0x3d,
+	0x8b, 0x2d, 0xce, 0xee, 0x0d, 0xfa, 0x94, 0x05, 0xe3, 0x5b, 0x89, 0x9a, 0x56, 0x52, 0x75, 0x1c,
+	0xb6, 0xdc, 0x4c, 0x82, 0xa8, 0x5e, 0x6a, 0xc9, 0xf6, 0x08, 0xa7, 0xb9, 0xdb, 0x7f, 0x69, 0x81,
+	0x29, 0x46, 0xef, 0x7e, 0x29, 0xac, 0x83, 0x9b, 0x82, 0xd2, 0xba, 0x2c, 0xf5, 0xb4, 0x2e, 0x1f,
+	0x81, 0x62, 0xdb, 0xad, 0x8b, 0xfd, 0x85, 0x3e, 0xf0, 0x5f, 0x5c, 0xc0, 0xb4, 0xdd, 0xfe, 0x66,
+	0x49, 0xbb, 0x41, 0x44, 0x7e, 0xea, 0x77, 0xc5, 0x6b, 0x6f, 0xa8, 0x1a, 0xb7, 0xfc, 0xcd, 0xaf,
+	0x74, 0xd5, 0xb8, 0xfd, 0xa1, 0x83, 0xa7, 0x1f, 0xf3, 0x01, 0xea, 0x55, 0xe2, 0x76, 0x68, 0x9f,
+	0xdc, 0xe3, 0x1b, 0x50, 0xa6, 0x5b, 0x30, 0xe6, 0xcf, 0x2c, 0x27, 0x3a, 0x55, 0xbe, 0x28, 0xda,
+	0x6f, 0xef, 0x4e, 0xfd, 0xe0, 0xc1, 0xbb, 0x25, 0x9f, 0xc6, 0x8a, 0x3e, 0x8a, 0xa0, 0x42, 0x7f,
+	0xb3, 0x34, 0x69, 0xb1, 0xb9, 0xbb, 0xaa, 0x64, 0xa6, 0x04, 0xe4, 0x92, 0x83, 0xad, 0xf9, 0x20,
+	0x1f, 0x2a, 0x14, 0x91, 0x33, 0xe5, 0x7b, 0xc0, 0x55, 0x95, 0xac, 0x2c, 0x01, 0xb7, 0x77, 0xa7,
+	0x5e, 0x38, 0x38, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0x0c, 0xd5, 0x38, 0xdc, 0xf3, 0xc6, 0xf5, 0xff,
+	0x3b, 0xa0, 0xe7, 0xb7, 0x28, 0x7f, 0xfc, 0x5d, 0x31, 0xbf, 0x9f, 0x4f, 0xcd, 0xef, 0x33, 0x5d,
+	0xf3, 0x7b, 0x8c, 0x8e, 0x59, 0x46, 0x51, 0xe6, 0xbb, 0x6d, 0x2c, 0xec, 0xef, 0x93, 0x60, 0x56,
+	0xd2, 0xab, 0x6d, 0x37, 0x24, 0xd1, 0x6a, 0xd8, 0xf6, 0x5d, 0xbf, 0xc1, 0xa6, 0x6c, 0xd9, 0xb4,
+	0x92, 0x12, 0x60, 0x9c, 0xc6, 0xa7, 0x1b, 0x7f, 0x3a, 0x2f, 0xae, 0x3b, 0xdb, 0x7c, 0xe6, 0x19,
+	0xa5, 0x27, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xb4, 0x09, 0x0f, 0x4b, 0x02, 0x0b, 0xc4, 0x23, 0xf4,
+	0x85, 0x58, 0x20, 0x63, 0xd8, 0xe4, 0x69, 0x06, 0x3c, 0x16, 0xe5, 0xad, 0x82, 0xc2, 0xc3, 0x78,
+	0x0f, 0x5c, 0xbc, 0x27, 0x25, 0xfb, 0x8b, 0x2c, 0x74, 0xc1, 0xa8, 0x16, 0x41, 0x67, 0x9f, 0xe7,
+	0x36, 0x5d, 0x59, 0x21, 0x53, 0xcd, 0xbe, 0x25, 0xda, 0x88, 0x39, 0x0c, 0xdd, 0x84, 0xa1, 0x75,
+	0x7e, 0x13, 0x7b, 0x3e, 0x37, 0x20, 0x89, 0x6b, 0xdd, 0x59, 0x75, 0x6c, 0x79, 0xc7, 0xfb, 0x6d,
+	0xfd, 0x13, 0x4b, 0x6e, 0xf6, 0xd7, 0x4a, 0x30, 0x2e, 0xc3, 0xcb, 0x2e, 0xba, 0x11, 0x8b, 0x48,
+	0x30, 0xaf, 0x0c, 0x28, 0xec, 0x7b, 0x65, 0xc0, 0x7b, 0x00, 0xea, 0xa4, 0xe5, 0x05, 0x1d, 0x66,
+	0x1c, 0x0e, 0x1c, 0xd8, 0x38, 0x54, 0xfb, 0x89, 0x05, 0x45, 0x05, 0x1b, 0x14, 0x45, 0x59, 0x50,
+	0x7e, 0x03, 0x41, 0xaa, 0x2c, 0xa8, 0x71, 0x4f, 0xda, 0xe0, 0xdd, 0xbd, 0x27, 0xcd, 0x85, 0x71,
+	0xde, 0x45, 0x55, 0x93, 0xe1, 0x0e, 0x4a, 0x2f, 0xb0, 0xac, 0xb6, 0x85, 0x24, 0x19, 0x9c, 0xa6,
+	0x6b, 0x5e, 0x82, 0x56, 0xbe, 0xdb, 0x97, 0xa0, 0xbd, 0x1d, 0x2a, 0xf2, 0x3b, 0x47, 0x93, 0x15,
+	0x5d, 0x2f, 0x48, 0x4e, 0x83, 0x08, 0x6b, 0x78, 0x57, 0x79, 0x19, 0xb8, 0x57, 0xe5, 0x65, 0xec,
+	0xd7, 0x8b, 0x74, 0x57, 0xc1, 0xfb, 0x75, 0xe0, 0x3b, 0x04, 0x2f, 0x1a, 0x77, 0x08, 0x1e, 0xec,
+	0x7b, 0x96, 0x53, 0x77, 0x0d, 0x3e, 0x0c, 0x03, 0xb1, 0xd3, 0x90, 0x49, 0xb8, 0x0c, 0xba, 0xe6,
+	0x34, 0x22, 0xcc, 0x5a, 0x0f, 0x52, 0x45, 0xf9, 0x05, 0x18, 0x8d, 0xdc, 0x86, 0xef, 0xc4, 0xed,
+	0x90, 0x18, 0xe7, 0x97, 0x3a, 0x48, 0xc7, 0x04, 0xe2, 0x24, 0x2e, 0xfa, 0x90, 0x05, 0x10, 0x12,
+	0xb5, 0x67, 0x19, 0xcc, 0x63, 0x0e, 0x29, 0x31, 0x20, 0xe9, 0x9a, 0x65, 0x41, 0xd4, 0x5e, 0xc5,
+	0x60, 0x6b, 0x7f, 0xc4, 0x82, 0x89, 0xae, 0xa7, 0x50, 0x0b, 0x06, 0x6b, 0xec, 0xa6, 0xc7, 0x7c,
+	0xea, 0x4e, 0x26, 0x6f, 0x8d, 0xe4, 0xca, 0x89, 0xb7, 0x61, 0xc1, 0xc7, 0xfe, 0xf2, 0x08, 0x9c,
+	0xa8, 0xce, 0x2f, 0xcb, 0x7b, 0x7f, 0x8e, 0x2c, 0xab, 0x38, 0x8b, 0xc7, 0xdd, 0xcb, 0x2a, 0xee,
+	0xc1, 0xdd, 0x33, 0xb2, 0x8a, 0x3d, 0x23, 0xab, 0x38, 0x99, 0xe2, 0x59, 0xcc, 0x23, 0xc5, 0x33,
+	0xab, 0x07, 0xfd, 0xa4, 0x78, 0x1e, 0x59, 0x9a, 0xf1, 0x9e, 0x1d, 0x3a, 0x50, 0x9a, 0xb1, 0xca,
+	0xc1, 0xce, 0x25, 0xa3, 0xac, 0xc7, 0xa7, 0xca, 0xcc, 0xc1, 0x56, 0xf9, 0xaf, 0x3c, 0x5b, 0x52,
+	0x28, 0xbd, 0x97, 0xf3, 0xef, 0x40, 0x1f, 0xf9, 0xaf, 0x22, 0x61, 0xd3, 0xcc, 0xb9, 0x1e, 0xca,
+	0x23, 0xe7, 0x3a, 0xab, 0x3b, 0xfb, 0xe6, 0x5c, 0xbf, 0x00, 0xa3, 0x35, 0x2f, 0xf0, 0xc9, 0x6a,
+	0x18, 0xc4, 0x41, 0x2d, 0x90, 0xf7, 0x6a, 0xeb, 0x2b, 0x12, 0x4d, 0x20, 0x4e, 0xe2, 0xf6, 0x4a,
+	0xd8, 0xae, 0x1c, 0x36, 0x61, 0x1b, 0xee, 0x51, 0xc2, 0xb6, 0x91, 0x92, 0x3c, 0x9c, 0x47, 0x4a,
+	0x72, 0xd6, 0x17, 0xe9, 0x2b, 0x25, 0xf9, 0x0d, 0x7e, 0xad, 0x3c, 0xdd, 0x8c, 0x70, 0x29, 0xcc,
+	0x8e, 0xe8, 0x86, 0xcf, 0xbe, 0x72, 0x04, 0x13, 0xf6, 0x7a, 0x55, 0xb3, 0x51, 0x57, 0xcd, 0xeb,
+	0x26, 0x9c, 0xec, 0xc8, 0x61, 0xd2, 0x98, 0x3f, 0x57, 0x80, 0xef, 0xd9, 0xb7, 0x0b, 0xe8, 0x26,
+	0x40, 0xec, 0x34, 0xc4, 0x44, 0x15, 0x07, 0x59, 0x87, 0x8c, 0x2b, 0x5e, 0x93, 0xf4, 0x44, 0x8a,
+	0x9d, 0x22, 0x8f, 0x0d, 0x56, 0x2c, 0x9c, 0x38, 0xf0, 0xba, 0x4a, 0x46, 0xe3, 0xc0, 0x23, 0x98,
+	0x41, 0xa8, 0x21, 0x14, 0x92, 0x06, 0x35, 0xee, 0x8b, 0x49, 0x43, 0x08, 0xb3, 0x56, 0x2c, 0xa0,
+	0xe8, 0x39, 0x18, 0x76, 0x3c, 0x8f, 0xa7, 0xfb, 0x91, 0x48, 0xdc, 0x5d, 0xaa, 0x6b, 0xd7, 0x6a,
+	0x10, 0x36, 0xf1, 0xec, 0xbf, 0x28, 0xc0, 0xd4, 0x3e, 0x32, 0xa5, 0x2b, 0xcd, 0xbb, 0xd4, 0x77,
+	0x9a, 0xb7, 0x48, 0x57, 0x1a, 0xec, 0x91, 0xae, 0xf4, 0x1c, 0x0c, 0xc7, 0xc4, 0x69, 0x8a, 0x48,
+	0xc4, 0x74, 0x49, 0xc6, 0x35, 0x0d, 0xc2, 0x26, 0x1e, 0x95, 0x62, 0x63, 0x4e, 0xad, 0x46, 0xa2,
+	0x48, 0xe6, 0x23, 0x09, 0x2f, 0x77, 0x6e, 0xc9, 0x4e, 0xec, 0xf0, 0x60, 0x36, 0xc1, 0x02, 0xa7,
+	0x58, 0xa6, 0x07, 0xbc, 0xd2, 0xe7, 0x80, 0xff, 0x52, 0x01, 0x1e, 0xd9, 0x53, 0xbb, 0xf5, 0x9d,
+	0x2a, 0xd6, 0x8e, 0x48, 0x98, 0x9e, 0x38, 0x57, 0x23, 0x12, 0x62, 0x06, 0xe1, 0xa3, 0xd4, 0x6a,
+	0xa9, 0x28, 0xf2, 0xfc, 0x73, 0x2b, 0xf9, 0x28, 0x25, 0x58, 0xe0, 0x14, 0xcb, 0x3b, 0x9d, 0x96,
+	0x5f, 0x1b, 0x80, 0xc7, 0xfa, 0xb0, 0x01, 0x72, 0xcc, 0x41, 0x4d, 0xe6, 0x57, 0x17, 0xef, 0x51,
+	0x7e, 0xf5, 0x9d, 0x0d, 0xd7, 0x9b, 0x69, 0xd9, 0x7d, 0xe5, 0xba, 0x7e, 0xb1, 0x00, 0xa7, 0x7b,
+	0x1b, 0x2c, 0xe8, 0x87, 0x61, 0x3c, 0x54, 0x21, 0x89, 0x66, 0x6a, 0xf6, 0x71, 0xee, 0xe3, 0x4a,
+	0x80, 0x70, 0x1a, 0x17, 0x4d, 0x03, 0xb4, 0x9c, 0x78, 0x33, 0x3a, 0xb7, 0xe3, 0x46, 0xb1, 0xa8,
+	0x65, 0x37, 0xc6, 0x4f, 0x5e, 0x65, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x21, 0xb8, 0x12,
+	0xc4, 0xfc, 0x21, 0xbe, 0xf5, 0x3c, 0x2e, 0x2f, 0x3a, 0x34, 0x40, 0x38, 0x8d, 0x4b, 0xd9, 0xb1,
+	0xb3, 0x7d, 0xde, 0xd1, 0x01, 0x9d, 0xcc, 0xbd, 0xa4, 0x5a, 0xb1, 0x81, 0x91, 0x4e, 0x3a, 0x2f,
+	0xed, 0x9f, 0x74, 0x6e, 0xff, 0xab, 0x02, 0x9c, 0xea, 0x69, 0xf0, 0xf6, 0x27, 0xa6, 0xee, 0xbf,
+	0xc4, 0xef, 0x3b, 0x5c, 0x61, 0x07, 0x4a, 0x18, 0xb6, 0xff, 0xb4, 0xc7, 0x4c, 0x13, 0xc9, 0xc0,
+	0x77, 0x5e, 0x37, 0xe5, 0xfe, 0x1b, 0xcf, 0xae, 0xfc, 0xdf, 0x81, 0x03, 0xe4, 0xff, 0xa6, 0x3e,
+	0x46, 0xa9, 0x4f, 0xed, 0xf0, 0x5f, 0x07, 0x7a, 0x0e, 0x2f, 0xdd, 0x20, 0xf7, 0x75, 0x82, 0xb0,
+	0x00, 0xc7, 0x5c, 0x9f, 0x5d, 0x5d, 0x5b, 0x6d, 0xaf, 0x8b, 0xf2, 0x66, 0xbc, 0x86, 0xaf, 0xca,
+	0xbe, 0x59, 0x4c, 0xc1, 0x71, 0xd7, 0x13, 0xf7, 0x61, 0x3e, 0xf6, 0x9d, 0x0d, 0xe9, 0x01, 0x25,
+	0xf7, 0x0a, 0x9c, 0x94, 0x43, 0xb1, 0xe9, 0x84, 0xa4, 0x2e, 0x94, 0x6d, 0x24, 0xf2, 0xad, 0x4e,
+	0xf1, 0x9c, 0xad, 0x0c, 0x04, 0x9c, 0xfd, 0x1c, 0xbb, 0x67, 0x34, 0x68, 0xb9, 0x35, 0xb1, 0x15,
+	0xd4, 0xf7, 0x8c, 0xd2, 0x46, 0xcc, 0x61, 0x5a, 0x5f, 0x54, 0xee, 0x8e, 0xbe, 0x78, 0x0f, 0x54,
+	0xd4, 0x78, 0xf3, 0x9c, 0x0a, 0x35, 0xc9, 0xbb, 0x72, 0x2a, 0xd4, 0x0c, 0x37, 0xb0, 0xf6, 0xbb,
+	0xce, 0xff, 0x19, 0x18, 0x51, 0xbe, 0xc0, 0x7e, 0x6f, 0x7b, 0xb5, 0xff, 0x5f, 0x01, 0x52, 0x17,
+	0x9b, 0xa1, 0x1d, 0xa8, 0xd4, 0xe5, 0x85, 0xfa, 0xf9, 0xd4, 0x90, 0x56, 0xf7, 0xf3, 0xeb, 0x83,
+	0x30, 0xd5, 0x84, 0x35, 0x33, 0xf4, 0x3e, 0x5e, 0xae, 0x59, 0xb0, 0x2e, 0xe4, 0x91, 0x93, 0x5f,
+	0x55, 0xf4, 0xcc, 0xeb, 0x1c, 0x65, 0x1b, 0x36, 0xf8, 0xa1, 0x18, 0x2a, 0x9b, 0xf2, 0x02, 0xb7,
+	0x7c, 0xc4, 0x9d, 0xba, 0x0f, 0x8e, 0x9b, 0x68, 0xea, 0x2f, 0xd6, 0x8c, 0xec, 0x3f, 0x29, 0xc0,
+	0x89, 0xe4, 0x07, 0x10, 0x07, 0x97, 0xbf, 0x62, 0xc1, 0x83, 0x9e, 0x13, 0xc5, 0xd5, 0x36, 0xdb,
+	0x28, 0x6c, 0xb4, 0xbd, 0x95, 0x54, 0x65, 0xef, 0xc3, 0x3a, 0x5b, 0x14, 0xe1, 0xf4, 0x85, 0x7f,
+	0x73, 0x0f, 0xdd, 0xda, 0x9d, 0x7a, 0x70, 0x29, 0x9b, 0x39, 0xee, 0xd5, 0x2b, 0xf4, 0xba, 0x05,
+	0xc7, 0x6a, 0xed, 0x30, 0x24, 0x7e, 0xac, 0xbb, 0xca, 0xbf, 0xe2, 0x95, 0x5c, 0x06, 0x52, 0x77,
+	0xf0, 0x04, 0x15, 0xa8, 0xf3, 0x29, 0x5e, 0xb8, 0x8b, 0xbb, 0xfd, 0xf3, 0x54, 0x73, 0xf6, 0x7c,
+	0xcf, 0xbf, 0x66, 0x37, 0x14, 0xfe, 0xd9, 0x20, 0x8c, 0x26, 0xca, 0x97, 0x27, 0x0e, 0xfb, 0xac,
+	0x7d, 0x0f, 0xfb, 0x58, 0x86, 0x60, 0xdb, 0x97, 0x97, 0xb7, 0x1b, 0x19, 0x82, 0x6d, 0x9f, 0x60,
+	0x0e, 0x13, 0x43, 0x8a, 0xdb, 0xbe, 0xc8, 0x05, 0x30, 0x87, 0x14, 0xb7, 0x7d, 0x2c, 0xa0, 0xe8,
+	0x03, 0x16, 0x8c, 0xb0, 0xc5, 0x27, 0x8e, 0x4a, 0x85, 0x42, 0xbb, 0x94, 0xc3, 0x72, 0x97, 0xa5,
+	0xfa, 0x59, 0xec, 0xa8, 0xd9, 0x82, 0x13, 0x1c, 0xd1, 0x87, 0x2d, 0xa8, 0xa8, 0x9b, 0x62, 0xc5,
+	0xd9, 0x48, 0x35, 0xdf, 0xea, 0xf0, 0x29, 0xa9, 0xa7, 0xca, 0x74, 0x63, 0xcd, 0x18, 0x45, 0xea,
+	0x1c, 0x73, 0xe8, 0x68, 0xce, 0x31, 0x21, 0xe3, 0x0c, 0xf3, 0xed, 0x50, 0x69, 0x3a, 0xbe, 0xbb,
+	0x41, 0xa2, 0x98, 0x1f, 0x2d, 0xca, 0xcb, 0x40, 0x64, 0x23, 0xd6, 0x70, 0x6a, 0xec, 0x47, 0xec,
+	0xc5, 0x62, 0xe3, 0x2c, 0x90, 0x19, 0xfb, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xf3, 0xe0, 0x12, 0xee,
+	0xe9, 0xc1, 0xe5, 0xf0, 0x3e, 0x07, 0x97, 0x55, 0x38, 0xe9, 0xb4, 0xe3, 0xe0, 0x22, 0x71, 0xbc,
+	0xd9, 0x38, 0x26, 0xcd, 0x56, 0x1c, 0xf1, 0x8a, 0xf7, 0x23, 0xcc, 0x05, 0xac, 0xa2, 0xdd, 0xaa,
+	0xc4, 0xdb, 0xe8, 0x42, 0xc2, 0xd9, 0xcf, 0xda, 0xff, 0xc2, 0x82, 0x93, 0x99, 0x53, 0xe1, 0xfe,
+	0xcd, 0x33, 0xb0, 0x3f, 0x5d, 0x82, 0xe3, 0x19, 0x97, 0x1b, 0xa0, 0x8e, 0xb9, 0x48, 0xac, 0x3c,
+	0x42, 0xf6, 0x92, 0x11, 0x68, 0xf2, 0xdb, 0x64, 0xac, 0x8c, 0x83, 0xc5, 0x22, 0xe8, 0x78, 0x80,
+	0xe2, 0xdd, 0x8d, 0x07, 0x30, 0xe6, 0xfa, 0xc0, 0x3d, 0x9d, 0xeb, 0xa5, 0x7d, 0xe6, 0xfa, 0x97,
+	0x2c, 0x98, 0x6c, 0xf6, 0xb8, 0xa9, 0x4c, 0x9c, 0x27, 0x5d, 0x3b, 0x9a, 0x7b, 0xd0, 0xe6, 0x1e,
+	0xbe, 0xb5, 0x3b, 0xd5, 0xf3, 0x82, 0x38, 0xdc, 0xb3, 0x57, 0xf6, 0xb7, 0x8a, 0xc0, 0xec, 0x35,
+	0x56, 0xc0, 0xba, 0x83, 0xde, 0x6f, 0xde, 0x91, 0x62, 0xe5, 0x75, 0x9f, 0x07, 0x27, 0xae, 0xee,
+	0x58, 0xe1, 0x23, 0x98, 0x75, 0xe5, 0x4a, 0x5a, 0x12, 0x16, 0xfa, 0x90, 0x84, 0x9e, 0xbc, 0x8c,
+	0xa6, 0x98, 0xff, 0x65, 0x34, 0x95, 0xf4, 0x45, 0x34, 0x7b, 0x7f, 0xe2, 0x81, 0xfb, 0xf2, 0x13,
+	0xff, 0x96, 0xc5, 0x05, 0x4f, 0xea, 0x2b, 0x68, 0x73, 0xc3, 0xda, 0xc3, 0xdc, 0x78, 0x12, 0xca,
+	0x91, 0x90, 0xcc, 0xc2, 0x2c, 0xd1, 0xa1, 0x60, 0xa2, 0x1d, 0x2b, 0x0c, 0xba, 0xeb, 0x72, 0x3c,
+	0x2f, 0xb8, 0x79, 0xae, 0xd9, 0x8a, 0x3b, 0xc2, 0x40, 0x51, 0xdb, 0x82, 0x59, 0x05, 0xc1, 0x06,
+	0x16, 0x7a, 0x0c, 0x06, 0x79, 0xa5, 0x09, 0xe1, 0xdc, 0x19, 0xa6, 0xeb, 0x90, 0x97, 0xa1, 0xa8,
+	0x63, 0x01, 0xb2, 0x37, 0xc1, 0xd8, 0x55, 0xdc, 0xf9, 0xed, 0xcf, 0xea, 0x1e, 0xda, 0x42, 0xaf,
+	0x7b, 0x68, 0xed, 0x7f, 0x50, 0x10, 0xac, 0xf8, 0x2e, 0x41, 0x47, 0x06, 0x5a, 0x07, 0x8c, 0x0c,
+	0x7c, 0x1f, 0x40, 0x2d, 0x68, 0xb6, 0xe8, 0xbe, 0x79, 0x2d, 0xc8, 0x67, 0xb3, 0x35, 0xaf, 0xe8,
+	0xe9, 0x51, 0xd5, 0x6d, 0xd8, 0xe0, 0x97, 0x10, 0xed, 0xc5, 0x7d, 0x45, 0x7b, 0x42, 0xca, 0x0d,
+	0xec, 0x2d, 0xe5, 0xec, 0xbf, 0xb0, 0x20, 0x61, 0xf5, 0xa1, 0x16, 0x94, 0x68, 0x77, 0x3b, 0x42,
+	0x60, 0xac, 0xe4, 0x67, 0x62, 0x52, 0x49, 0x2d, 0x56, 0x21, 0xfb, 0x89, 0x39, 0x23, 0xe4, 0x89,
+	0x28, 0xc8, 0x5c, 0x36, 0x3f, 0x26, 0xc3, 0x8b, 0x41, 0xb0, 0xc5, 0x83, 0x89, 0x74, 0x44, 0xa5,
+	0xfd, 0x3c, 0x4c, 0x74, 0x75, 0x8a, 0xdd, 0x18, 0x1d, 0xc8, 0x1d, 0xbc, 0xb1, 0x7a, 0x58, 0xc1,
+	0x07, 0xcc, 0x61, 0xf6, 0x17, 0x2d, 0x38, 0x96, 0x26, 0x8f, 0xde, 0xb0, 0x60, 0x22, 0x4a, 0xd3,
+	0x3b, 0xaa, 0xb1, 0x53, 0xd9, 0x0e, 0x5d, 0x20, 0xdc, 0xdd, 0x09, 0xfb, 0x7f, 0x08, 0x6d, 0x70,
+	0xdd, 0xf5, 0xeb, 0xc1, 0x4d, 0x65, 0x27, 0x59, 0x3d, 0xed, 0x24, 0x2a, 0x1e, 0x6a, 0x9b, 0xa4,
+	0xde, 0xf6, 0xba, 0xca, 0x50, 0x54, 0x45, 0x3b, 0x56, 0x18, 0x2c, 0xeb, 0xbe, 0x2d, 0xf6, 0xad,
+	0xa9, 0x49, 0xb9, 0x20, 0xda, 0xb1, 0xc2, 0x40, 0xcf, 0xc2, 0x88, 0xf1, 0x92, 0x72, 0x5e, 0xb2,
+	0x4d, 0x87, 0xa1, 0xc1, 0x23, 0x9c, 0xc0, 0x42, 0xd3, 0x00, 0xca, 0xe6, 0x92, 0x1a, 0x9b, 0x39,
+	0xda, 0x95, 0x60, 0x8c, 0xb0, 0x81, 0xc1, 0x6a, 0x5c, 0x78, 0xed, 0x88, 0x9d, 0x24, 0x0f, 0xea,
+	0x0b, 0x1d, 0xe6, 0x45, 0x1b, 0x56, 0x50, 0x2a, 0xdc, 0x9a, 0x8e, 0xdf, 0x76, 0x3c, 0x3a, 0x42,
+	0xc2, 0x75, 0xa6, 0x96, 0xe1, 0xb2, 0x82, 0x60, 0x03, 0x8b, 0xbe, 0x71, 0xec, 0x36, 0xc9, 0x4b,
+	0x81, 0x2f, 0xa3, 0xd4, 0x75, 0x70, 0x81, 0x68, 0xc7, 0x0a, 0x03, 0x3d, 0x0f, 0xc3, 0x8e, 0x5f,
+	0xe7, 0x06, 0x62, 0x10, 0x8a, 0x33, 0x4a, 0xb5, 0xfb, 0xbc, 0x1a, 0x91, 0x59, 0x0d, 0xc5, 0x26,
+	0x6a, 0xfa, 0x36, 0x0b, 0xe8, 0xf3, 0xb6, 0xbc, 0x3f, 0xb7, 0x60, 0x5c, 0x17, 0x2d, 0x62, 0x1e,
+	0xb6, 0x84, 0x6b, 0xd1, 0xda, 0xd7, 0xb5, 0x98, 0xac, 0x5d, 0x52, 0xe8, 0xab, 0x76, 0x89, 0x59,
+	0x56, 0xa4, 0xb8, 0x67, 0x59, 0x91, 0xef, 0x85, 0xa1, 0x2d, 0xd2, 0x31, 0xea, 0x8f, 0x30, 0xe5,
+	0x70, 0x99, 0x37, 0x61, 0x09, 0x43, 0x36, 0x0c, 0xd6, 0x1c, 0x55, 0xc3, 0x70, 0x44, 0xc4, 0xa6,
+	0xcd, 0x32, 0x24, 0x01, 0xb1, 0x57, 0xa0, 0xa2, 0x0e, 0xf5, 0xa5, 0xa7, 0xcf, 0xca, 0xf6, 0xf4,
+	0xf5, 0x55, 0xde, 0x60, 0x6e, 0xfd, 0xab, 0xdf, 0x7e, 0xf4, 0x2d, 0x7f, 0xf8, 0xed, 0x47, 0xdf,
+	0xf2, 0xc7, 0xdf, 0x7e, 0xf4, 0x2d, 0x1f, 0xb8, 0xf5, 0xa8, 0xf5, 0xd5, 0x5b, 0x8f, 0x5a, 0x7f,
+	0x78, 0xeb, 0x51, 0xeb, 0x8f, 0x6f, 0x3d, 0x6a, 0x7d, 0xeb, 0xd6, 0xa3, 0xd6, 0xeb, 0xff, 0xe5,
+	0xd1, 0xb7, 0xbc, 0x94, 0x99, 0x17, 0x41, 0x7f, 0x3c, 0x55, 0xab, 0xcf, 0x6c, 0x3f, 0xc3, 0x42,
+	0xf3, 0xe9, 0x7a, 0x9e, 0x31, 0x26, 0xf1, 0x8c, 0x5c, 0xcf, 0xff, 0x3f, 0x00, 0x00, 0xff, 0xff,
+	0xae, 0x1f, 0x8f, 0xcd, 0xce, 0xff, 0x00, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
@@ -12113,6 +12115,14 @@ func (m *PullRequestGenerator) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	i--
+	if m.ContinueOnRepoNotFoundError {
+		dAtA[i] = 1
+	} else {
+		dAtA[i] = 0
+	}
+	i--
+	dAtA[i] = 0x58
 	if len(m.Values) > 0 {
 		keysForValues := make([]string, 0, len(m.Values))
 		for k := range m.Values {
@@ -18499,6 +18509,7 @@ func (m *PullRequestGenerator) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
+	n += 2
 	return n
 }
 
@@ -21783,6 +21794,7 @@ func (this *PullRequestGenerator) String() string {
 		`Bitbucket:` + strings.Replace(this.Bitbucket.String(), "PullRequestGeneratorBitbucket", "PullRequestGeneratorBitbucket", 1) + `,`,
 		`AzureDevOps:` + strings.Replace(this.AzureDevOps.String(), "PullRequestGeneratorAzureDevOps", "PullRequestGeneratorAzureDevOps", 1) + `,`,
 		`Values:` + mapStringForValues + `,`,
+		`ContinueOnRepoNotFoundError:` + fmt.Sprintf("%v", this.ContinueOnRepoNotFoundError) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -43844,6 +43856,26 @@ func (m *PullRequestGenerator) Unmarshal(dAtA []byte) error {
 			}
 			m.Values[mapkey] = mapvalue
 			iNdEx = postIndex
+		case 11:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ContinueOnRepoNotFoundError", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			m.ContinueOnRepoNotFoundError = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index b916c1c04e7c9..9f02185b69772 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -1591,6 +1591,9 @@ message PullRequestGenerator {
 
   // Values contains key/value pairs which are passed directly as parameters to the template
   map<string, string> values = 10;
+
+  // ContinueOnRepoNotFoundError is a flag to continue the ApplicationSet Pull Request generator parameters generation even if the repository is not found.
+  optional bool continueOnRepoNotFoundError = 11;
 }
 
 // PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps.

From 9cae3e88a3705e437e412eff59230923a1673422 Mon Sep 17 00:00:00 2001
From: Aaron Hoffman <31711338+Aaron-9900@users.noreply.github.com>
Date: Wed, 2 Jul 2025 19:17:21 +0200
Subject: [PATCH 081/383] feat: show operation state UI (#23589)

Signed-off-by: Aaron Hoffman <31711338+Aaron-9900@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-operation-state.scss          | 16 ++++++++++++
 .../application-operation-state.tsx           | 26 +++++++++++++++++--
 ui/src/app/shared/models.ts                   |  1 +
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/ui/src/app/applications/components/application-operation-state/application-operation-state.scss b/ui/src/app/applications/components/application-operation-state/application-operation-state.scss
index 444f6a211dc04..658d9b9d6fbd2 100644
--- a/ui/src/app/applications/components/application-operation-state/application-operation-state.scss
+++ b/ui/src/app/applications/components/application-operation-state/application-operation-state.scss
@@ -1,3 +1,5 @@
+@import 'node_modules/argo-ui/src/styles/config';
+
 .application-operation-state {
     &__icons_container {
         position: absolute;
@@ -16,4 +18,18 @@
         vertical-align: middle;
     }
 
+    &__images-count {
+        color: $argo-running-color;
+        font-size: 0.9em;
+        
+        &:hover {
+            color: $argo-running-color-dark;
+        }
+    }
+
+    &__images-list {
+        padding: 0;
+        margin: 10px;
+    }
+
 }
diff --git a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx
index bedb91b8b70a8..8fb603acb8018 100644
--- a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx
+++ b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx
@@ -258,7 +258,8 @@ export const ApplicationOperationState: React.StatelessComponent<Props> = ({appl
                                 <div className='columns large-1 small-2'>STATUS</div>
                                 <div className='columns large-1 small-2'>HEALTH</div>
                                 <div className='columns large-1 show-for-large'>HOOK</div>
-                                <div className='columns large-4 small-8'>MESSAGE</div>
+                                <div className='columns large-3 small-4'>MESSAGE</div>
+                                <div className='columns large-1 small-2'>IMAGES</div>
                             </div>
                         </div>
                         {filtered.length > 0 ? (
@@ -296,9 +297,30 @@ export const ApplicationOperationState: React.StatelessComponent<Props> = ({appl
                                         <div className='columns large-1 show-for-large' title={resource.hookType}>
                                             {resource.hookType}
                                         </div>
-                                        <div className='columns large-4 small-8' title={resource.message}>
+                                        <div className='columns large-3 small-4' title={resource.message}>
                                             <div className='application-operation-state__message'>{resource.message}</div>
                                         </div>
+                                        <div className='columns large-1  small-2'>
+                                            {resource.images && resource.images.length > 0 ? (
+                                                <Tooltip
+                                                    placement='top'
+                                                    content={
+                                                        <div>
+                                                            <ul className='application-operation-state__images-list' style={{margin: '10px'}}>
+                                                                {resource.images.map((image, idx) => (
+                                                                    <li key={idx}>{image}</li>
+                                                                ))}
+                                                            </ul>
+                                                        </div>
+                                                    }>
+                                                    <span className='application-operation-state__images-count'>
+                                                        {resource.images.length} image{resource.images.length !== 1 ? 's' : ''}
+                                                    </span>
+                                                </Tooltip>
+                                            ) : (
+                                                '-'
+                                            )}
+                                        </div>
                                     </div>
                                 </div>
                             ))
diff --git a/ui/src/app/shared/models.ts b/ui/src/app/shared/models.ts
index 89f0522f1f764..e028509b3e64b 100644
--- a/ui/src/app/shared/models.ts
+++ b/ui/src/app/shared/models.ts
@@ -137,6 +137,7 @@ export interface ResourceResult {
     message: string;
     hookType: HookType;
     hookPhase: OperationPhase;
+    images?: string[];
 }
 
 export type SyncResourceResult = ResourceResult & {

From a0ab7520d26b70ebda7d5b984a8ccb0b0d47914e Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 2 Jul 2025 15:00:57 -0400
Subject: [PATCH 082/383] fix(sync): auto-sync loop when FailOnSharedResource
 (#23357) (#23641)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/sync.go      | 18 +++++-----
 controller/sync_test.go | 75 ++++++++++++++++++++++++++---------------
 2 files changed, 57 insertions(+), 36 deletions(-)

diff --git a/controller/sync.go b/controller/sync.go
index f20c395c20863..71adad866a5d2 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -115,15 +115,6 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 	syncOp = *state.Operation.Sync
 
-	// validates if it should fail the sync if it finds shared resources
-	hasSharedResource, sharedResourceMessage := hasSharedResourceCondition(app)
-	if syncOp.SyncOptions.HasOption("FailOnSharedResource=true") &&
-		hasSharedResource {
-		state.Phase = common.OperationFailed
-		state.Message = "Shared resource found: " + sharedResourceMessage
-		return
-	}
-
 	isMultiSourceRevision := app.Spec.HasMultipleSources()
 	rollback := len(syncOp.Sources) > 0 || syncOp.Source != nil
 	if rollback {
@@ -214,6 +205,15 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	syncRes.Revision = compareResult.syncStatus.Revision
 	syncRes.Revisions = compareResult.syncStatus.Revisions
 
+	// validates if it should fail the sync if it finds shared resources
+	hasSharedResource, sharedResourceMessage := hasSharedResourceCondition(app)
+	if syncOp.SyncOptions.HasOption("FailOnSharedResource=true") &&
+		hasSharedResource {
+		state.Phase = common.OperationFailed
+		state.Message = "Shared resource found: %s" + sharedResourceMessage
+		return
+	}
+
 	// If there are any comparison or spec errors error conditions do not perform the operation
 	if errConditions := app.Status.GetConditions(map[v1alpha1.ApplicationConditionType]bool{
 		v1alpha1.ApplicationConditionComparisonError:  true,
diff --git a/controller/sync_test.go b/controller/sync_test.go
index ccde3c06af67a..815babaea395a 100644
--- a/controller/sync_test.go
+++ b/controller/sync_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	"github.com/argoproj/gitops-engine/pkg/sync"
-	"github.com/argoproj/gitops-engine/pkg/sync/common"
+	synccommon "github.com/argoproj/gitops-engine/pkg/sync/common"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -14,6 +14,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 
+	"github.com/argoproj/argo-cd/v3/common"
 	"github.com/argoproj/argo-cd/v3/controller/testdata"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
@@ -196,11 +197,15 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 		controller  *ApplicationController
 	}
 
-	setup := func() *fixture {
+	setup := func(liveObjects map[kube.ResourceKey]*unstructured.Unstructured) *fixture {
 		app := newFakeApp()
 		app.Status.OperationState = nil
 		app.Status.History = nil
 
+		if liveObjects == nil {
+			liveObjects = make(map[kube.ResourceKey]*unstructured.Unstructured)
+		}
+
 		project := &v1alpha1.AppProject{
 			ObjectMeta: metav1.ObjectMeta{
 				Namespace: test.FakeArgoCDNamespace,
@@ -208,6 +213,12 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 			},
 			Spec: v1alpha1.AppProjectSpec{
 				SignatureKeys: []v1alpha1.SignatureKey{{KeyID: "test"}},
+				Destinations: []v1alpha1.ApplicationDestination{
+					{
+						Namespace: "*",
+						Server:    "*",
+					},
+				},
 			},
 		}
 		data := fakeData{
@@ -218,7 +229,7 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 				Server:    test.FakeClusterURL,
 				Revision:  "abc123",
 			},
-			managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
+			managedLiveObjs: liveObjects,
 		}
 		ctrl := newFakeController(&data, nil)
 
@@ -231,13 +242,23 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 	t.Run("will fail the sync if finds shared resources", func(t *testing.T) {
 		// given
 		t.Parallel()
-		f := setup()
-		syncErrorMsg := "deployment already applied by another application"
-		condition := v1alpha1.ApplicationCondition{
-			Type:    v1alpha1.ApplicationConditionSharedResourceWarning,
-			Message: syncErrorMsg,
-		}
-		f.application.Status.Conditions = append(f.application.Status.Conditions, condition)
+
+		sharedObject := kube.MustToUnstructured(&corev1.ConfigMap{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: "v1",
+				Kind:       "ConfigMap",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "configmap1",
+				Namespace: "default",
+				Annotations: map[string]string{
+					common.AnnotationKeyAppInstance: "guestbook:/ConfigMap:default/configmap1",
+				},
+			},
+		})
+		liveObjects := make(map[kube.ResourceKey]*unstructured.Unstructured)
+		liveObjects[kube.GetResourceKey(sharedObject)] = sharedObject
+		f := setup(liveObjects)
 
 		// Sync with source unspecified
 		opState := &v1alpha1.OperationState{Operation: v1alpha1.Operation{
@@ -251,8 +272,8 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then
-		assert.Equal(t, common.OperationFailed, opState.Phase)
-		assert.Contains(t, opState.Message, syncErrorMsg)
+		assert.Equal(t, synccommon.OperationFailed, opState.Phase)
+		assert.Contains(t, opState.Message, "ConfigMap/configmap1 is part of applications fake-argocd-ns/my-app and guestbook")
 	})
 }
 
@@ -315,13 +336,13 @@ func TestSyncWindowDeniesSync(t *testing.T) {
 					Source: &v1alpha1.ApplicationSource{},
 				},
 			},
-			Phase: common.OperationRunning,
+			Phase: synccommon.OperationRunning,
 		}
 		// when
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then
-		assert.Equal(t, common.OperationRunning, opState.Phase)
+		assert.Equal(t, synccommon.OperationRunning, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
 }
@@ -1405,13 +1426,13 @@ func TestSyncWithImpersonate(t *testing.T) {
 					Source: &v1alpha1.ApplicationSource{},
 				},
 			},
-			Phase: common.OperationRunning,
+			Phase: synccommon.OperationRunning,
 		}
 		// when
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then, app sync should fail with expected error message in operation state
-		assert.Equal(t, common.OperationError, opState.Phase)
+		assert.Equal(t, synccommon.OperationError, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
 
@@ -1426,13 +1447,13 @@ func TestSyncWithImpersonate(t *testing.T) {
 					Source: &v1alpha1.ApplicationSource{},
 				},
 			},
-			Phase: common.OperationRunning,
+			Phase: synccommon.OperationRunning,
 		}
 		// when
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then app sync should fail with expected error message in operation state
-		assert.Equal(t, common.OperationError, opState.Phase)
+		assert.Equal(t, synccommon.OperationError, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
 
@@ -1447,13 +1468,13 @@ func TestSyncWithImpersonate(t *testing.T) {
 					Source: &v1alpha1.ApplicationSource{},
 				},
 			},
-			Phase: common.OperationRunning,
+			Phase: synccommon.OperationRunning,
 		}
 		// when
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then app sync should not fail
-		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
 
@@ -1468,13 +1489,13 @@ func TestSyncWithImpersonate(t *testing.T) {
 					Source: &v1alpha1.ApplicationSource{},
 				},
 			},
-			Phase: common.OperationRunning,
+			Phase: synccommon.OperationRunning,
 		}
 		// when
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then application sync should pass using the control plane service account
-		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
 
@@ -1489,7 +1510,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 					Source: &v1alpha1.ApplicationSource{},
 				},
 			},
-			Phase: common.OperationRunning,
+			Phase: synccommon.OperationRunning,
 		}
 
 		f.application.Spec.Destination.Server = ""
@@ -1499,7 +1520,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then app sync should not fail
-		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, opMessage)
 	})
 }
@@ -1567,7 +1588,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then
-		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, "successfully synced")
 	})
 
@@ -1585,7 +1606,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then
-		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, "successfully synced")
 	})
 
@@ -1603,7 +1624,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 		f.controller.appStateManager.SyncAppState(f.application, opState)
 
 		// then
-		assert.Equal(t, common.OperationSucceeded, opState.Phase)
+		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
 		assert.Contains(t, opState.Message, "successfully synced")
 	})
 }

From f3d144dc9ee9026692eba55254f3426270d3dcb0 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 2 Jul 2025 18:32:31 -0400
Subject: [PATCH 083/383] chore(refactor): remove redundant rollback argument
 (#23627)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/admin/app.go         |  2 +-
 controller/appcontroller.go              |  2 +-
 controller/hook.go                       |  2 +-
 controller/hydrator_dependencies.go      |  2 +-
 controller/state.go                      | 12 ++--
 controller/state_test.go                 | 72 ++++++++++++------------
 controller/sync.go                       |  2 +-
 reposerver/repository/repository_test.go | 10 ++--
 server/application/application.go        |  2 +-
 server/repository/repository.go          |  2 +-
 util/argo/argo.go                        |  7 ++-
 util/argo/argo_test.go                   |  8 +--
 util/webhook/webhook.go                  |  2 +-
 13 files changed, 63 insertions(+), 62 deletions(-)

diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go
index 535112e3634ca..e3bde2f5c14e7 100644
--- a/cmd/argocd/commands/admin/app.go
+++ b/cmd/argocd/commands/admin/app.go
@@ -464,7 +464,7 @@ func reconcileApplications(
 		sources = append(sources, app.Spec.GetSource())
 		revisions = append(revisions, app.Spec.GetSource().TargetRevision)
 
-		res, err := appStateManager.CompareAppState(&app, proj, revisions, sources, false, false, nil, false, false)
+		res, err := appStateManager.CompareAppState(&app, proj, revisions, sources, false, false, nil, false)
 		if err != nil {
 			return nil, fmt.Errorf("error comparing app states: %w", err)
 		}
diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index a53281861c28a..f88083ba237f0 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1761,7 +1761,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 		sources = append(sources, app.Spec.GetSource())
 	}
 
-	compareResult, err := ctrl.appStateManager.CompareAppState(app, project, revisions, sources, refreshType == appv1.RefreshTypeHard, comparisonLevel == CompareWithLatestForceResolve, localManifests, hasMultipleSources, false)
+	compareResult, err := ctrl.appStateManager.CompareAppState(app, project, revisions, sources, refreshType == appv1.RefreshTypeHard, comparisonLevel == CompareWithLatestForceResolve, localManifests, hasMultipleSources)
 
 	ts.AddCheckpoint("compare_app_state_ms")
 
diff --git a/controller/hook.go b/controller/hook.go
index 0ca6ffb866514..27e1b85e8106b 100644
--- a/controller/hook.go
+++ b/controller/hook.go
@@ -51,7 +51,7 @@ func (ctrl *ApplicationController) executePostDeleteHooks(app *v1alpha1.Applicat
 		revisions = append(revisions, src.TargetRevision)
 	}
 
-	targets, _, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, false, true)
+	targets, _, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, true)
 	if err != nil {
 		return false, err
 	}
diff --git a/controller/hydrator_dependencies.go b/controller/hydrator_dependencies.go
index 6028e0cf7355f..dfd0d21bcf613 100644
--- a/controller/hydrator_dependencies.go
+++ b/controller/hydrator_dependencies.go
@@ -50,7 +50,7 @@ func (ctrl *ApplicationController) GetRepoObjs(origApp *appv1.Application, drySo
 	delete(app.Annotations, appv1.AnnotationKeyManifestGeneratePaths)
 
 	// FIXME: use cache and revision cache
-	objs, resp, _, err := ctrl.appStateManager.GetRepoObjs(app, drySources, appLabelKey, dryRevisions, true, true, false, project, false, false)
+	objs, resp, _, err := ctrl.appStateManager.GetRepoObjs(app, drySources, appLabelKey, dryRevisions, true, true, false, project, false)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to get repo objects: %w", err)
 	}
diff --git a/controller/state.go b/controller/state.go
index a24856eeb498d..b1618743032dd 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -71,9 +71,9 @@ type managedResource struct {
 
 // AppStateManager defines methods which allow to compare application spec and actual application state.
 type AppStateManager interface {
-	CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error)
+	CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) (*comparisonResult, error)
 	SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState)
-	GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error)
+	GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error)
 }
 
 // comparisonResult holds the state of an application after the reconciliation
@@ -128,7 +128,7 @@ type appStateManager struct {
 // task to the repo-server. It returns the list of generated manifests as unstructured
 // objects. It also returns the full response from all calls to the repo server as the
 // second argument.
-func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) {
+func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) {
 	ts := stats.NewTimingStats()
 	helmRepos, err := m.db.ListHelmRepositories(context.Background())
 	if err != nil {
@@ -219,7 +219,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 	// Store the map of all sources having ref field into a map for applications with sources field
 	// If it's for a rollback process, the refSources[*].targetRevision fields are the desired
 	// revisions for the rollback
-	refSources, err := argo.GetRefSources(context.Background(), sources, app.Spec.Project, m.db.GetRepository, revisions, rollback)
+	refSources, err := argo.GetRefSources(context.Background(), sources, app.Spec.Project, m.db.GetRepository, revisions)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to get ref sources: %w", err)
 	}
@@ -542,7 +542,7 @@ func isManagedNamespace(ns *unstructured.Unstructured, app *v1alpha1.Application
 // CompareAppState compares application git state to the live app state, using the specified
 // revision and supplied source. If revision or overrides are empty, then compares against
 // revision and overrides in the app spec.
-func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error) {
+func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) (*comparisonResult, error) {
 	ts := stats.NewTimingStats()
 	appLabelKey, resourceOverrides, resFilter, installationID, trackingMethod, err := m.getComparisonSettings()
 
@@ -603,7 +603,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 			}
 		}
 
-		targetObjs, manifestInfos, revisionUpdated, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, rollback, true)
+		targetObjs, manifestInfos, revisionUpdated, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, true)
 		if err != nil {
 			targetObjs = make([]*unstructured.Unstructured, 0)
 			msg := "Failed to load target state: " + err.Error()
diff --git a/controller/state_test.go b/controller/state_test.go
index e6636b95f1e41..98bdc4db51795 100644
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -52,7 +52,7 @@ func TestCompareAppStateEmpty(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -70,18 +70,18 @@ func TestCompareAppStateRepoError(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	assert.Nil(t, compRes)
 	require.EqualError(t, err, ErrCompareStateRepo.Error())
 
 	// expect to still get compare state error to as inside grace period
-	compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	assert.Nil(t, compRes)
 	require.EqualError(t, err, ErrCompareStateRepo.Error())
 
 	time.Sleep(10 * time.Second)
 	// expect to not get error as outside of grace period, but status should be unknown
-	compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	assert.NotNil(t, compRes)
 	require.NoError(t, err)
 	assert.Equal(t, v1alpha1.SyncStatusCodeUnknown, compRes.syncStatus.Status)
@@ -116,7 +116,7 @@ func TestCompareAppStateNamespaceMetadataDiffers(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -165,7 +165,7 @@ func TestCompareAppStateNamespaceMetadataDiffersToManifest(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -223,7 +223,7 @@ func TestCompareAppStateNamespaceMetadata(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -282,7 +282,7 @@ func TestCompareAppStateNamespaceMetadataIsTheSame(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -310,7 +310,7 @@ func TestCompareAppStateMissing(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -342,7 +342,7 @@ func TestCompareAppStateExtra(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.Equal(t, v1alpha1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status)
@@ -373,7 +373,7 @@ func TestCompareAppStateHook(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.Equal(t, v1alpha1.SyncStatusCodeSynced, compRes.syncStatus.Status)
@@ -405,7 +405,7 @@ func TestCompareAppStateSkipHook(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.Equal(t, v1alpha1.SyncStatusCodeSynced, compRes.syncStatus.Status)
@@ -436,7 +436,7 @@ func TestCompareAppStateCompareOptionIgnoreExtraneous(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.NotNil(t, compRes)
@@ -469,7 +469,7 @@ func TestCompareAppStateExtraHook(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.NotNil(t, compRes)
@@ -498,7 +498,7 @@ func TestAppRevisionsSingleSource(t *testing.T) {
 	app := newFakeApp()
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources(), false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources())
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -538,7 +538,7 @@ func TestAppRevisionsMultiSource(t *testing.T) {
 	app := newFakeMultiSourceApp()
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources(), false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources())
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -587,7 +587,7 @@ func TestCompareAppStateDuplicatedNamespacedResources(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.NotNil(t, compRes)
@@ -624,7 +624,7 @@ func TestCompareAppStateManagedNamespaceMetadataWithLiveNsDoesNotGetPruned(t *te
 		},
 	}
 	ctrl := newFakeController(&data, nil)
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, []string{}, app.Spec.Sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, []string{}, app.Spec.Sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.NotNil(t, compRes)
@@ -678,7 +678,7 @@ func TestCompareAppStateWithManifestGeneratePath(t *testing.T) {
 	ctrl := newFakeController(&data, nil)
 	revisions := make([]string, 0)
 	revisions = append(revisions, "abc123")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.Equal(t, v1alpha1.SyncStatusCodeSynced, compRes.syncStatus.Status)
@@ -714,7 +714,7 @@ func TestSetHealth(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus)
@@ -750,7 +750,7 @@ func TestPreserveStatusTimestamp(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus)
@@ -787,7 +787,7 @@ func TestSetHealthSelfReferencedApp(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus)
@@ -862,7 +862,7 @@ func TestReturnUnknownComparisonStateOnSettingLoadError(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 
 	assert.Equal(t, health.HealthStatusUnknown, compRes.healthStatus)
@@ -1011,7 +1011,7 @@ func TestSignedResponseNoSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1038,7 +1038,7 @@ func TestSignedResponseNoSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1070,7 +1070,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1097,7 +1097,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1124,7 +1124,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1151,7 +1151,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1181,7 +1181,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &testProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &testProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1211,7 +1211,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1241,7 +1241,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1271,7 +1271,7 @@ func TestSignedResponseSignatureRequired(t *testing.T) {
 		sources = append(sources, app.Spec.GetSource())
 		revisions := make([]string, 0)
 		revisions = append(revisions, "abc123")
-		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false, false)
+		compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false)
 		require.NoError(t, err)
 		assert.NotNil(t, compRes)
 		assert.NotNil(t, compRes.syncStatus)
@@ -1775,7 +1775,7 @@ func TestCompareAppStateDefaultRevisionUpdated(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -1798,7 +1798,7 @@ func TestCompareAppStateRevisionUpdatedWithHelmSource(t *testing.T) {
 	sources = append(sources, app.Spec.GetSource())
 	revisions := make([]string, 0)
 	revisions = append(revisions, "")
-	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false)
+	compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false)
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
@@ -1850,6 +1850,6 @@ func TestCompareAppState_DoesNotCallUpdateRevisionForPaths_ForOCI(t *testing.T)
 	sources := make([]v1alpha1.ApplicationSource, 0)
 	sources = append(sources, source)
 
-	_, _, _, err := ctrl.appStateManager.GetRepoObjs(app, sources, "abc123", []string{"123456"}, false, false, false, &defaultProj, false, false)
+	_, _, _, err := ctrl.appStateManager.GetRepoObjs(app, sources, "abc123", []string{"123456"}, false, false, false, &defaultProj, false)
 	require.NoError(t, err)
 }
diff --git a/controller/sync.go b/controller/sync.go
index 71adad866a5d2..a384a1cf1a3ac 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -193,7 +193,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 
 	// ignore error if CompareStateRepoError, this shouldn't happen as noRevisionCache is true
-	compareResult, err := m.CompareAppState(app, proj, revisions, sources, false, true, syncOp.Manifests, isMultiSourceRevision, rollback)
+	compareResult, err := m.CompareAppState(app, proj, revisions, sources, false, true, syncOp.Manifests, isMultiSourceRevision)
 	if err != nil && !stderrors.Is(err, ErrCompareStateRepo) {
 		state.Phase = common.OperationError
 		state.Message = err.Error()
diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go
index af5bb0dc72ef3..674e125d56a16 100644
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -535,7 +535,7 @@ func TestHelmChartReferencingExternalValues(t *testing.T) {
 		return &v1alpha1.Repository{
 			Repo: "https://git.example.com/test/repo",
 		}, nil
-	}, []string{}, false)
+	}, []string{})
 	require.NoError(t, err)
 	request := &apiclient.ManifestRequest{
 		Repo: &v1alpha1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something",
@@ -573,7 +573,7 @@ func TestHelmChartReferencingExternalValues_InvalidRefs(t *testing.T) {
 		}, nil
 	}
 
-	refSources, err := argo.GetRefSources(t.Context(), spec.Sources, spec.Project, getRepository, []string{}, false)
+	refSources, err := argo.GetRefSources(t.Context(), spec.Sources, spec.Project, getRepository, []string{})
 	require.NoError(t, err)
 
 	request := &apiclient.ManifestRequest{
@@ -588,7 +588,7 @@ func TestHelmChartReferencingExternalValues_InvalidRefs(t *testing.T) {
 	service = newService(t, ".")
 
 	spec.Sources[1].Ref = "Invalid"
-	refSources, err = argo.GetRefSources(t.Context(), spec.Sources, spec.Project, getRepository, []string{}, false)
+	refSources, err = argo.GetRefSources(t.Context(), spec.Sources, spec.Project, getRepository, []string{})
 	require.NoError(t, err)
 
 	request = &apiclient.ManifestRequest{
@@ -604,7 +604,7 @@ func TestHelmChartReferencingExternalValues_InvalidRefs(t *testing.T) {
 
 	spec.Sources[1].Ref = "ref"
 	spec.Sources[1].Chart = "helm-chart"
-	refSources, err = argo.GetRefSources(t.Context(), spec.Sources, spec.Project, getRepository, []string{}, false)
+	refSources, err = argo.GetRefSources(t.Context(), spec.Sources, spec.Project, getRepository, []string{})
 	require.NoError(t, err)
 
 	request = &apiclient.ManifestRequest{
@@ -644,7 +644,7 @@ func TestHelmChartReferencingExternalValues_OutOfBounds_Symlink(t *testing.T) {
 		return &v1alpha1.Repository{
 			Repo: "https://git.example.com/test/repo",
 		}, nil
-	}, []string{}, false)
+	}, []string{})
 	require.NoError(t, err)
 	request := &apiclient.ManifestRequest{Repo: &v1alpha1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true}
 	_, err = service.GenerateManifest(t.Context(), request)
diff --git a/server/application/application.go b/server/application/application.go
index abfb718a6108d..29944e644a1f1 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -525,7 +525,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan
 		}
 
 		// Store the map of all sources having ref field into a map for applications with sources field
-		refSources, err := argo.GetRefSources(context.Background(), sources, appSpec.Project, s.db.GetRepository, []string{}, false)
+		refSources, err := argo.GetRefSources(context.Background(), sources, appSpec.Project, s.db.GetRepository, []string{})
 		if err != nil {
 			return fmt.Errorf("failed to get ref sources: %w", err)
 		}
diff --git a/server/repository/repository.go b/server/repository/repository.go
index 6d1a60e6dafde..edecd5fe26e76 100644
--- a/server/repository/repository.go
+++ b/server/repository/repository.go
@@ -394,7 +394,7 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta
 	refSources := make(v1alpha1.RefTargetRevisionMapping)
 	if app != nil && app.Spec.HasMultipleSources() {
 		// Store the map of all sources having ref field into a map for applications with sources field
-		refSources, err = argo.GetRefSources(ctx, app.Spec.Sources, q.AppProject, s.db.GetRepository, []string{}, false)
+		refSources, err = argo.GetRefSources(ctx, app.Spec.Sources, q.AppProject, s.db.GetRepository, []string{})
 		if err != nil {
 			return nil, fmt.Errorf("failed to get ref sources: %w", err)
 		}
diff --git a/util/argo/argo.go b/util/argo/argo.go
index 9bcc931ac0c2f..f6d699f92fde8 100644
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -449,7 +449,7 @@ func validateRepo(ctx context.Context,
 		sources = []argoappv1.ApplicationSource{app.Spec.SourceHydrator.GetDrySource()}
 	}
 
-	refSources, err := GetRefSources(ctx, sources, app.Spec.Project, db.GetRepository, []string{}, false)
+	refSources, err := GetRefSources(ctx, sources, app.Spec.Project, db.GetRepository, []string{})
 	if err != nil {
 		return nil, fmt.Errorf("error getting ref sources: %w", err)
 	}
@@ -478,7 +478,7 @@ func validateRepo(ctx context.Context,
 // GetRefSources creates a map of ref keys (from the sources' 'ref' fields) to information about the referenced source.
 // This function also validates the references use allowed characters and does not define the same ref key more than
 // once (which would lead to ambiguous references).
-func GetRefSources(ctx context.Context, sources argoappv1.ApplicationSources, project string, getRepository func(ctx context.Context, url string, project string) (*argoappv1.Repository, error), revisions []string, isRollback bool) (argoappv1.RefTargetRevisionMapping, error) {
+func GetRefSources(ctx context.Context, sources argoappv1.ApplicationSources, project string, getRepository func(ctx context.Context, url string, project string) (*argoappv1.Repository, error), revisions []string) (argoappv1.RefTargetRevisionMapping, error) {
 	refSources := make(argoappv1.RefTargetRevisionMapping)
 	if len(sources) > 1 {
 		// Validate first to avoid unnecessary DB calls.
@@ -502,13 +502,14 @@ func GetRefSources(ctx context.Context, sources argoappv1.ApplicationSources, pr
 			if source.Ref == "" {
 				continue
 			}
+
 			repo, err := getRepository(ctx, source.RepoURL, project)
 			if err != nil {
 				return nil, fmt.Errorf("failed to get repository %s: %w", source.RepoURL, err)
 			}
 			refKey := "$" + source.Ref
 			revision := source.TargetRevision
-			if isRollback {
+			if len(revisions) > i && revisions[i] != "" {
 				revision = revisions[i]
 			}
 			refSources[refKey] = &argoappv1.RefTarget{
diff --git a/util/argo/argo_test.go b/util/argo/argo_test.go
index 2f5c27c03dc24..0eb3b5db62e07 100644
--- a/util/argo/argo_test.go
+++ b/util/argo/argo_test.go
@@ -1301,7 +1301,7 @@ func Test_GetRefSources(t *testing.T) {
 
 		refSources, err := GetRefSources(t.Context(), argoSpec.Sources, argoSpec.Project, func(_ context.Context, _ string, _ string) (*argoappv1.Repository, error) {
 			return repo, nil
-		}, []string{}, false)
+		}, []string{})
 
 		expectedRefSource := argoappv1.RefTargetRevisionMapping{
 			"$source-1_2": &argoappv1.RefTarget{
@@ -1321,7 +1321,7 @@ func Test_GetRefSources(t *testing.T) {
 
 		refSources, err := GetRefSources(t.Context(), argoSpec.Sources, argoSpec.Project, func(_ context.Context, _ string, _ string) (*argoappv1.Repository, error) {
 			return nil, errors.New("repo does not exist")
-		}, []string{}, false)
+		}, []string{})
 
 		require.Error(t, err)
 		assert.Empty(t, refSources)
@@ -1335,7 +1335,7 @@ func Test_GetRefSources(t *testing.T) {
 
 		refSources, err := GetRefSources(t.Context(), argoSpec.Sources, argoSpec.Project, func(_ context.Context, _ string, _ string) (*argoappv1.Repository, error) {
 			return nil, err
-		}, []string{}, false)
+		}, []string{})
 
 		require.Error(t, err)
 		assert.Empty(t, refSources)
@@ -1349,7 +1349,7 @@ func Test_GetRefSources(t *testing.T) {
 
 		refSources, err := GetRefSources(t.Context(), argoSpec.Sources, argoSpec.Project, func(_ context.Context, _ string, _ string) (*argoappv1.Repository, error) {
 			return nil, err
-		}, []string{}, false)
+		}, []string{})
 
 		require.Error(t, err)
 		assert.Empty(t, refSources)
diff --git a/util/webhook/webhook.go b/util/webhook/webhook.go
index 11de059918c58..93ff42be7f42f 100644
--- a/util/webhook/webhook.go
+++ b/util/webhook/webhook.go
@@ -454,7 +454,7 @@ func (a *ArgoCDWebhookHandler) storePreviouslyCachedManifests(app *v1alpha1.Appl
 		sources = append(sources, app.Spec.GetSource())
 	}
 
-	refSources, err := argo.GetRefSources(context.Background(), sources, app.Spec.Project, a.db.GetRepository, []string{}, false)
+	refSources, err := argo.GetRefSources(context.Background(), sources, app.Spec.Project, a.db.GetRepository, []string{})
 	if err != nil {
 		return fmt.Errorf("error getting ref sources: %w", err)
 	}

From 3cd12233bceba4d34fd0b7c1e6a057d9ab752f64 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 2 Jul 2025 22:31:19 -0400
Subject: [PATCH 084/383] fix: incorrect source used in CompareAppState
 (#23630)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/state.go                    | 12 +++----
 controller/state_test.go               | 47 ++++++++++++--------------
 pkg/apis/application/v1alpha1/types.go |  6 ++--
 3 files changed, 30 insertions(+), 35 deletions(-)

diff --git a/controller/state.go b/controller/state.go
index b1618743032dd..b4d519d3d2642 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -553,7 +553,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 		if hasMultipleSources {
 			return &comparisonResult{
 				syncStatus: &v1alpha1.SyncStatus{
-					ComparedTo: app.Spec.BuildComparedToStatus(),
+					ComparedTo: app.Spec.BuildComparedToStatus(sources),
 					Status:     v1alpha1.SyncStatusCodeUnknown,
 					Revisions:  revisions,
 				},
@@ -562,7 +562,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 		}
 		return &comparisonResult{
 			syncStatus: &v1alpha1.SyncStatus{
-				ComparedTo: app.Spec.BuildComparedToStatus(),
+				ComparedTo: app.Spec.BuildComparedToStatus(sources),
 				Status:     v1alpha1.SyncStatusCodeUnknown,
 				Revision:   revisions[0],
 			},
@@ -1062,7 +1062,7 @@ func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sou
 		return false
 	}
 
-	if !specEqualsCompareTo(app.Spec, app.Status.Sync.ComparedTo) {
+	if !specEqualsCompareTo(app.Spec, sources, app.Status.Sync.ComparedTo) {
 		log.WithField("useDiffCache", "false").Debug("specChanged")
 		return false
 	}
@@ -1073,11 +1073,11 @@ func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sou
 
 // specEqualsCompareTo compares the application spec to the comparedTo status. It normalizes the destination to match
 // the comparedTo destination before comparing. It does not mutate the original spec or comparedTo.
-func specEqualsCompareTo(spec v1alpha1.ApplicationSpec, comparedTo v1alpha1.ComparedTo) bool {
+func specEqualsCompareTo(spec v1alpha1.ApplicationSpec, sources []v1alpha1.ApplicationSource, comparedTo v1alpha1.ComparedTo) bool {
 	// Make a copy to be sure we don't mutate the original.
 	specCopy := spec.DeepCopy()
-	currentSpec := specCopy.BuildComparedToStatus()
-	return reflect.DeepEqual(comparedTo, currentSpec)
+	compareToSpec := specCopy.BuildComparedToStatus(sources)
+	return reflect.DeepEqual(comparedTo, compareToSpec)
 }
 
 func (m *appStateManager) persistRevisionHistory(
diff --git a/controller/state_test.go b/controller/state_test.go
index 98bdc4db51795..7fe2b48cfbc22 100644
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -25,6 +25,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/utils/ptr"
 
 	"github.com/argoproj/argo-cd/v3/common"
 	"github.com/argoproj/argo-cd/v3/controller/testdata"
@@ -1481,7 +1482,6 @@ func TestIsLiveResourceManaged(t *testing.T) {
 
 func TestUseDiffCache(t *testing.T) {
 	t.Parallel()
-
 	type fixture struct {
 		testName             string
 		noCache              bool
@@ -1493,7 +1493,6 @@ func TestUseDiffCache(t *testing.T) {
 		expectedUseCache     bool
 		serverSideDiff       bool
 	}
-
 	manifestInfos := func(revision string) []*apiclient.ManifestResponse {
 		return []*apiclient.ManifestResponse{
 			{
@@ -1509,15 +1508,16 @@ func TestUseDiffCache(t *testing.T) {
 			},
 		}
 	}
-	sources := func() []v1alpha1.ApplicationSource {
-		return []v1alpha1.ApplicationSource{
-			{
-				RepoURL:        "https://some-repo.com",
-				Path:           "argocd/httpbin",
-				TargetRevision: "HEAD",
-			},
+	source := func() v1alpha1.ApplicationSource {
+		return v1alpha1.ApplicationSource{
+			RepoURL:        "https://some-repo.com",
+			Path:           "argocd/httpbin",
+			TargetRevision: "HEAD",
 		}
 	}
+	sources := func() []v1alpha1.ApplicationSource {
+		return []v1alpha1.ApplicationSource{source()}
+	}
 
 	app := func(namespace string, revision string, refresh bool, a *v1alpha1.Application) *v1alpha1.Application {
 		app := &v1alpha1.Application{
@@ -1526,11 +1526,7 @@ func TestUseDiffCache(t *testing.T) {
 				Namespace: namespace,
 			},
 			Spec: v1alpha1.ApplicationSpec{
-				Source: &v1alpha1.ApplicationSource{
-					RepoURL:        "https://some-repo.com",
-					Path:           "argocd/httpbin",
-					TargetRevision: "HEAD",
-				},
+				Source: ptr.To(source()),
 				Destination: v1alpha1.ApplicationDestination{
 					Server:    "https://kubernetes.default.svc",
 					Namespace: "httpbin",
@@ -1548,11 +1544,7 @@ func TestUseDiffCache(t *testing.T) {
 				Sync: v1alpha1.SyncStatus{
 					Status: v1alpha1.SyncStatusCodeSynced,
 					ComparedTo: v1alpha1.ComparedTo{
-						Source: v1alpha1.ApplicationSource{
-							RepoURL:        "https://some-repo.com",
-							Path:           "argocd/httpbin",
-							TargetRevision: "HEAD",
-						},
+						Source: source(),
 						Destination: v1alpha1.ApplicationDestination{
 							Server:    "https://kubernetes.default.svc",
 							Namespace: "httpbin",
@@ -1577,7 +1569,6 @@ func TestUseDiffCache(t *testing.T) {
 		}
 		return app
 	}
-
 	cases := []fixture{
 		{
 			testName:             "will use diff cache",
@@ -1594,7 +1585,7 @@ func TestUseDiffCache(t *testing.T) {
 			testName:             "will use diff cache with sync policy",
 			noCache:              false,
 			manifestInfos:        manifestInfos("rev1"),
-			sources:              sources(),
+			sources:              []v1alpha1.ApplicationSource{test.YamlToApplication(testdata.DiffCacheYaml).Status.Sync.ComparedTo.Source},
 			app:                  test.YamlToApplication(testdata.DiffCacheYaml),
 			manifestRevisions:    []string{"rev1"},
 			statusRefreshTimeout: time.Hour * 24,
@@ -1604,8 +1595,15 @@ func TestUseDiffCache(t *testing.T) {
 		{
 			testName:      "will use diff cache for multisource",
 			noCache:       false,
-			manifestInfos: manifestInfos("rev1"),
-			sources:       sources(),
+			manifestInfos: append(manifestInfos("rev1"), manifestInfos("rev2")...),
+			sources: v1alpha1.ApplicationSources{
+				{
+					RepoURL: "multisource repo1",
+				},
+				{
+					RepoURL: "multisource repo2",
+				},
+			},
 			app: app("httpbin", "", false, &v1alpha1.Application{
 				Spec: v1alpha1.ApplicationSpec{
 					Source: nil,
@@ -1743,16 +1741,13 @@ func TestUseDiffCache(t *testing.T) {
 	}
 
 	for _, tc := range cases {
-		tc := tc
 		t.Run(tc.testName, func(t *testing.T) {
 			// Given
 			t.Parallel()
 			logger, _ := logrustest.NewNullLogger()
 			log := logrus.NewEntry(logger)
-
 			// When
 			useDiffCache := useDiffCache(tc.noCache, tc.manifestInfos, tc.sources, tc.app, tc.manifestRevisions, tc.statusRefreshTimeout, tc.serverSideDiff, log)
-
 			// Then
 			assert.Equal(t, tc.expectedUseCache, useDiffCache)
 		})
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index 5f1f4ee6a2ac4..fbc79f9104837 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -1241,15 +1241,15 @@ func (status *ApplicationStatus) GetRevisions() []string {
 
 // BuildComparedToStatus will build a ComparedTo object based on the current
 // Application state.
-func (spec *ApplicationSpec) BuildComparedToStatus() ComparedTo {
+func (spec *ApplicationSpec) BuildComparedToStatus(sources []ApplicationSource) ComparedTo {
 	ct := ComparedTo{
 		Destination:       spec.Destination,
 		IgnoreDifferences: spec.IgnoreDifferences,
 	}
 	if spec.HasMultipleSources() {
-		ct.Sources = spec.Sources
+		ct.Sources = sources
 	} else {
-		ct.Source = spec.GetSource()
+		ct.Source = sources[0]
 	}
 	return ct
 }

From ae04e224ff49c569e5808888d9631f5a4f3e7536 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Thu, 3 Jul 2025 08:05:52 +0530
Subject: [PATCH 085/383] test: add tests for loading cache settings (#23605)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/cache/cache_test.go | 100 +++++++++++++++++++++++++++++++++
 util/settings/settings.go      |   2 +-
 util/settings/settings_test.go |   9 +++
 3 files changed, 110 insertions(+), 1 deletion(-)

diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go
index a3c9031fae9ac..7142b9c16052c 100644
--- a/controller/cache/cache_test.go
+++ b/controller/cache/cache_test.go
@@ -1,6 +1,7 @@
 package cache
 
 import (
+	"context"
 	"errors"
 	"net"
 	"net/url"
@@ -39,6 +40,36 @@ func (n netError) Error() string   { return string(n) }
 func (n netError) Timeout() bool   { return false }
 func (n netError) Temporary() bool { return false }
 
+func fixtures(data map[string]string, opts ...func(secret *corev1.Secret)) (*fake.Clientset, *argosettings.SettingsManager) {
+	cm := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      common.ArgoCDConfigMapName,
+			Namespace: "default",
+			Labels: map[string]string{
+				"app.kubernetes.io/part-of": "argocd",
+			},
+		},
+		Data: data,
+	}
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      common.ArgoCDSecretName,
+			Namespace: "default",
+			Labels: map[string]string{
+				"app.kubernetes.io/part-of": "argocd",
+			},
+		},
+		Data: map[string][]byte{},
+	}
+	for i := range opts {
+		opts[i](secret)
+	}
+	kubeClient := fake.NewClientset(cm, secret)
+	settingsManager := argosettings.NewSettingsManager(context.Background(), kubeClient, "default")
+
+	return kubeClient, settingsManager
+}
+
 func TestHandleModEvent_HasChanges(_ *testing.T) {
 	clusterCache := &mocks.ClusterCache{}
 	clusterCache.On("Invalidate", mock.Anything, mock.Anything).Return(nil).Once()
@@ -745,3 +776,72 @@ func Test_GetVersionsInfo_error_redacted(t *testing.T) {
 	require.Error(t, err)
 	assert.NotContains(t, err.Error(), "password")
 }
+
+func TestLoadCacheSettings(t *testing.T) {
+	_, settingsManager := fixtures(map[string]string{
+		"application.instanceLabelKey":       "testLabel",
+		"application.resourceTrackingMethod": string(appv1.TrackingMethodLabel),
+		"installationID":                     "123456789",
+	})
+	ch := liveStateCache{
+		settingsMgr: settingsManager,
+	}
+	label, err := settingsManager.GetAppInstanceLabelKey()
+	require.NoError(t, err)
+	trackingMethod, err := settingsManager.GetTrackingMethod()
+	require.NoError(t, err)
+	res, err := ch.loadCacheSettings()
+	require.NoError(t, err)
+
+	assert.Equal(t, label, res.appInstanceLabelKey)
+	assert.Equal(t, string(appv1.TrackingMethodLabel), trackingMethod)
+	assert.Equal(t, "123456789", res.installationID)
+
+	// By default the values won't be nil
+	assert.NotNil(t, res.resourceOverrides)
+	assert.NotNil(t, res.clusterSettings)
+	assert.True(t, res.ignoreResourceUpdatesEnabled)
+}
+
+func Test_ownerRefGV(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    metav1.OwnerReference
+		expected schema.GroupVersion
+	}{
+		{
+			name: "valid API Version",
+			input: metav1.OwnerReference{
+				APIVersion: "apps/v1",
+			},
+			expected: schema.GroupVersion{
+				Group:   "apps",
+				Version: "v1",
+			},
+		},
+		{
+			name: "custom defined version",
+			input: metav1.OwnerReference{
+				APIVersion: "custom-version",
+			},
+			expected: schema.GroupVersion{
+				Version: "custom-version",
+				Group:   "",
+			},
+		},
+		{
+			name: "empty APIVersion",
+			input: metav1.OwnerReference{
+				APIVersion: "",
+			},
+			expected: schema.GroupVersion{},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			res := ownerRefGV(tt.input)
+			assert.Equal(t, tt.expected, res)
+		})
+	}
+}
diff --git a/util/settings/settings.go b/util/settings/settings.go
index 14c509334dc42..e5dc5b0030a59 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -745,7 +745,7 @@ func (mgr *SettingsManager) getSecret() (*corev1.Secret, error) {
 	return mgr.GetSecretByName(common.ArgoCDSecretName)
 }
 
-// Returns the Secret with the given name from the cluster.
+// GetSecretByName returns the Secret with the given name from the cluster.
 func (mgr *SettingsManager) GetSecretByName(secretName string) (*corev1.Secret, error) {
 	err := mgr.ensureSynced(false)
 	if err != nil {
diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go
index 9b6e3fe2324cd..4e362df8ad803 100644
--- a/util/settings/settings_test.go
+++ b/util/settings/settings_test.go
@@ -245,6 +245,15 @@ func TestGetTrackingMethod(t *testing.T) {
 	})
 }
 
+func TestGetInstallationID(t *testing.T) {
+	_, settingsManager := fixtures(map[string]string{
+		"installationID": "123456789",
+	})
+	id, err := settingsManager.GetInstallationID()
+	require.NoError(t, err)
+	assert.Equal(t, "123456789", id)
+}
+
 func TestApplicationFineGrainedRBACInheritanceDisabledDefault(t *testing.T) {
 	_, settingsManager := fixtures(nil)
 	flag, err := settingsManager.ApplicationFineGrainedRBACInheritanceDisabled()

From 2cae6b23a0f322b16fa08d390a6e63678bc8b856 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 2 Jul 2025 23:48:58 -0400
Subject: [PATCH 086/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.131.0 to 0.132.0 (#23647)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 52abdd6370a21..de3d6de834de1 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.131.0
+	gitlab.com/gitlab-org/api/client-go v0.132.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index a22b135e52cf1..be11f53f518ed 100644
--- a/go.sum
+++ b/go.sum
@@ -903,8 +903,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.131.0 h1:a431AKWkrSO5dgY5o5okFjxpANhkGpzxnZrjAHRyqp8=
-gitlab.com/gitlab-org/api/client-go v0.131.0/go.mod h1:U83AmpPrAir8NH31T/BstwZcJzS/nGZptOXtGjPZrbI=
+gitlab.com/gitlab-org/api/client-go v0.132.0 h1:6W4VAmbWVbjUEoQiybPAn6bMP5v0Ga9jeTJaRtc7zfI=
+gitlab.com/gitlab-org/api/client-go v0.132.0/go.mod h1:U83AmpPrAir8NH31T/BstwZcJzS/nGZptOXtGjPZrbI=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 927d51ae4fa18828828fb4b805e2afe1b0a5f7ff Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Thu, 3 Jul 2025 13:16:58 -0400
Subject: [PATCH 087/383] chore(refactor): project as SyncAppState parameter 
 (#23629)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/admin/app.go |  1 -
 controller/appcontroller.go      | 29 +++++++-----------------
 controller/appcontroller_test.go |  4 ++--
 controller/state.go              |  6 +----
 controller/sync.go               | 38 +++++++++++++-------------------
 controller/sync_test.go          | 36 ++++++++++++++++++------------
 6 files changed, 48 insertions(+), 66 deletions(-)

diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go
index e3bde2f5c14e7..efab8d7165e75 100644
--- a/cmd/argocd/commands/admin/app.go
+++ b/cmd/argocd/commands/admin/app.go
@@ -415,7 +415,6 @@ func reconcileApplications(
 		},
 		settingsMgr,
 		stateCache,
-		projInformer,
 		server,
 		cache,
 		time.Second,
diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index f88083ba237f0..c3be8216fe6c8 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -329,7 +329,7 @@ func NewApplicationController(
 		}
 	}
 	stateCache := statecache.NewLiveStateCache(db, appInformer, ctrl.settingsMgr, ctrl.metricsServer, ctrl.handleObjectUpdated, clusterSharding, argo.NewResourceTracking())
-	appStateManager := NewAppStateManager(db, applicationClientset, repoClientset, namespace, kubectl, ctrl.onKubectlRun, ctrl.settingsMgr, stateCache, projInformer, ctrl.metricsServer, argoCache, ctrl.statusRefreshTimeout, argo.NewResourceTracking(), persistResourceHealth, repoErrorGracePeriod, serverSideDiff, ignoreNormalizerOpts)
+	appStateManager := NewAppStateManager(db, applicationClientset, repoClientset, namespace, kubectl, ctrl.onKubectlRun, ctrl.settingsMgr, stateCache, ctrl.metricsServer, argoCache, ctrl.statusRefreshTimeout, argo.NewResourceTracking(), persistResourceHealth, repoErrorGracePeriod, serverSideDiff, ignoreNormalizerOpts)
 	ctrl.appInformer = appInformer
 	ctrl.appLister = appLister
 	ctrl.projInformer = projInformer
@@ -1437,22 +1437,15 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 	}
 	ts.AddCheckpoint("initial_operation_stage_ms")
 
-	// Call GetDestinationCluster to validate the destination cluster.
-	if _, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, ctrl.db); err != nil {
-		state.Phase = synccommon.OperationFailed
-		state.Message = err.Error()
-	} else {
-		ctrl.appStateManager.SyncAppState(app, state)
-	}
-	ts.AddCheckpoint("validate_and_sync_app_state_ms")
-
-	// Check whether application is allowed to use project
-	_, err := ctrl.getAppProj(app)
-	ts.AddCheckpoint("get_app_proj_ms")
+	project, err := ctrl.getAppProj(app)
 	if err != nil {
 		state.Phase = synccommon.OperationError
-		state.Message = err.Error()
+		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
+	} else {
+		// Start or resume the sync
+		ctrl.appStateManager.SyncAppState(app, project, state)
 	}
+	ts.AddCheckpoint("sync_app_state_ms")
 
 	switch state.Phase {
 	case synccommon.OperationRunning:
@@ -1460,12 +1453,6 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 		// to clobber the Terminated state with Running. Get the latest app state to check for this.
 		freshApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Get(context.Background(), app.Name, metav1.GetOptions{})
 		if err == nil {
-			// App may have lost permissions to use the project meanwhile.
-			_, err = ctrl.getAppProj(freshApp)
-			if err != nil {
-				state.Phase = synccommon.OperationFailed
-				state.Message = fmt.Sprintf("operation not allowed: %v", err)
-			}
 			if freshApp.Status.OperationState != nil && freshApp.Status.OperationState.Phase == synccommon.OperationTerminating {
 				state.Phase = synccommon.OperationTerminating
 				state.Message = "operation is terminating"
@@ -1479,7 +1466,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 			now := metav1.Now()
 			state.FinishedAt = &now
 			if retryAt, err := state.Operation.Retry.NextRetryAt(now.Time, state.RetryCount); err != nil {
-				state.Phase = synccommon.OperationFailed
+				state.Phase = synccommon.OperationError
 				state.Message = fmt.Sprintf("%s (failed to retry: %v)", state.Message, err)
 			} else {
 				state.Phase = synccommon.OperationRunning
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index 2061815242a7f..d05eca6c3ff0c 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -1866,7 +1866,7 @@ apps/Deployment:
     hs = {}
     hs.status = ""
     hs.message = ""
-    
+
     if obj.metadata ~= nil then
       if obj.metadata.labels ~= nil then
         current_status = obj.metadata.labels["status"]
@@ -2063,7 +2063,7 @@ func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
-	assert.Equal(t, string(synccommon.OperationFailed), phase)
+	assert.Equal(t, string(synccommon.OperationError), phase)
 	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
 	assert.Contains(t, message, "application destination can't have both name and server defined: another-cluster https://localhost:6443")
 }
diff --git a/controller/state.go b/controller/state.go
index b4d519d3d2642..7c896fc1c02d2 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -27,7 +27,6 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/tools/cache"
 
 	"github.com/argoproj/argo-cd/v3/common"
 	statecache "github.com/argoproj/argo-cd/v3/controller/cache"
@@ -72,7 +71,7 @@ type managedResource struct {
 // AppStateManager defines methods which allow to compare application spec and actual application state.
 type AppStateManager interface {
 	CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) (*comparisonResult, error)
-	SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState)
+	SyncAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, state *v1alpha1.OperationState)
 	GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error)
 }
 
@@ -108,7 +107,6 @@ type appStateManager struct {
 	db                    db.ArgoDB
 	settingsMgr           *settings.SettingsManager
 	appclientset          appclientset.Interface
-	projInformer          cache.SharedIndexInformer
 	kubectl               kubeutil.Kubectl
 	onKubectlRun          kubeutil.OnKubectlRunFunc
 	repoClientset         apiclient.Clientset
@@ -1139,7 +1137,6 @@ func NewAppStateManager(
 	onKubectlRun kubeutil.OnKubectlRunFunc,
 	settingsMgr *settings.SettingsManager,
 	liveStateCache statecache.LiveStateCache,
-	projInformer cache.SharedIndexInformer,
 	metricsServer *metrics.MetricsServer,
 	cache *appstatecache.Cache,
 	statusRefreshTimeout time.Duration,
@@ -1159,7 +1156,6 @@ func NewAppStateManager(
 		repoClientset:         repoClientset,
 		namespace:             namespace,
 		settingsMgr:           settingsMgr,
-		projInformer:          projInformer,
 		metricsServer:         metricsServer,
 		statusRefreshTimeout:  statusRefreshTimeout,
 		resourceTracking:      resourceTracking,
diff --git a/controller/sync.go b/controller/sync.go
index a384a1cf1a3ac..6c39cd4ce7441 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -30,7 +30,6 @@ import (
 	"github.com/argoproj/argo-cd/v3/controller/metrics"
 	"github.com/argoproj/argo-cd/v3/controller/syncid"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-	listersv1alpha1 "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1"
 	applog "github.com/argoproj/argo-cd/v3/util/app/log"
 	"github.com/argoproj/argo-cd/v3/util/argo"
 	"github.com/argoproj/argo-cd/v3/util/argo/diff"
@@ -87,7 +86,7 @@ func (m *appStateManager) getServerSideDiffDryRunApplier(cluster *v1alpha1.Clust
 	return ops, cleanup, nil
 }
 
-func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState) {
+func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, state *v1alpha1.OperationState) {
 	// Sync requests might be requested with ambiguous revisions (e.g. master, HEAD, v1.2.3).
 	// This can change meaning when resuming operations (e.g a hook sync). After calculating a
 	// concrete git commit SHA, the SHA is remembered in the status.operationState.syncResult field.
@@ -168,23 +167,16 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		}
 	}
 
-	proj, err := argo.GetAppProject(context.TODO(), app, listersv1alpha1.NewAppProjectLister(m.projInformer.GetIndexer()), m.namespace, m.settingsMgr, m.db)
-	if err != nil {
-		state.Phase = common.OperationError
-		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
-		return
-	} else {
-		isBlocked, err := syncWindowPreventsSync(app, proj)
-		if isBlocked {
-			// If the operation is currently running, simply let the user know the sync is blocked by a current sync window
-			if state.Phase == common.OperationRunning {
-				state.Message = "Sync operation blocked by sync window"
-				if err != nil {
-					state.Message = fmt.Sprintf("%s: %v", state.Message, err)
-				}
+	isBlocked, err := syncWindowPreventsSync(app, project)
+	if isBlocked {
+		// If the operation is currently running, simply let the user know the sync is blocked by a current sync window
+		if state.Phase == common.OperationRunning {
+			state.Message = "Sync operation blocked by sync window"
+			if err != nil {
+				state.Message = fmt.Sprintf("%s: %v", state.Message, err)
 			}
-			return
 		}
+		return
 	}
 
 	if !isMultiSourceRevision {
@@ -193,7 +185,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 
 	// ignore error if CompareStateRepoError, this shouldn't happen as noRevisionCache is true
-	compareResult, err := m.CompareAppState(app, proj, revisions, sources, false, true, syncOp.Manifests, isMultiSourceRevision)
+	compareResult, err := m.CompareAppState(app, project, revisions, sources, false, true, syncOp.Manifests, isMultiSourceRevision)
 	if err != nil && !stderrors.Is(err, ErrCompareStateRepo) {
 		state.Phase = common.OperationError
 		state.Message = err.Error()
@@ -324,7 +316,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		return
 	}
 	if impersonationEnabled {
-		serviceAccountToImpersonate, err := deriveServiceAccountToImpersonate(proj, app, destCluster)
+		serviceAccountToImpersonate, err := deriveServiceAccountToImpersonate(project, app, destCluster)
 		if err != nil {
 			state.Phase = common.OperationError
 			state.Message = fmt.Sprintf("failed to find a matching service account to impersonate: %v", err)
@@ -344,11 +336,11 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		sync.WithLogr(logutils.NewLogrusLogger(logEntry)),
 		sync.WithHealthOverride(lua.ResourceHealthOverrides(resourceOverrides)),
 		sync.WithPermissionValidator(func(un *unstructured.Unstructured, res *metav1.APIResource) error {
-			if !proj.IsGroupKindPermitted(un.GroupVersionKind().GroupKind(), res.Namespaced) {
-				return fmt.Errorf("resource %s:%s is not permitted in project %s", un.GroupVersionKind().Group, un.GroupVersionKind().Kind, proj.Name)
+			if !project.IsGroupKindPermitted(un.GroupVersionKind().GroupKind(), res.Namespaced) {
+				return fmt.Errorf("resource %s:%s is not permitted in project %s", un.GroupVersionKind().Group, un.GroupVersionKind().Kind, project.Name)
 			}
 			if res.Namespaced {
-				permitted, err := proj.IsDestinationPermitted(destCluster, un.GetNamespace(), func(project string) ([]*v1alpha1.Cluster, error) {
+				permitted, err := project.IsDestinationPermitted(destCluster, un.GetNamespace(), func(project string) ([]*v1alpha1.Cluster, error) {
 					return m.db.GetProjectClusters(context.TODO(), project)
 				})
 				if err != nil {
@@ -356,7 +348,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 				}
 
 				if !permitted {
-					return fmt.Errorf("namespace %v is not permitted in project '%s'", un.GetNamespace(), proj.Name)
+					return fmt.Errorf("namespace %v is not permitted in project '%s'", un.GetNamespace(), project.Name)
 				}
 			}
 			return nil
diff --git a/controller/sync_test.go b/controller/sync_test.go
index 815babaea395a..f32f5a5f7abf9 100644
--- a/controller/sync_test.go
+++ b/controller/sync_test.go
@@ -50,7 +50,7 @@ func TestPersistRevisionHistory(t *testing.T) {
 	opState := &v1alpha1.OperationState{Operation: v1alpha1.Operation{
 		Sync: &v1alpha1.SyncOperation{},
 	}}
-	ctrl.appStateManager.SyncAppState(app, opState)
+	ctrl.appStateManager.SyncAppState(app, defaultProject, opState)
 	// Ensure we record spec.source into sync result
 	assert.Equal(t, app.Spec.GetSource(), opState.SyncResult.Source)
 
@@ -96,7 +96,7 @@ func TestPersistManagedNamespaceMetadataState(t *testing.T) {
 	opState := &v1alpha1.OperationState{Operation: v1alpha1.Operation{
 		Sync: &v1alpha1.SyncOperation{},
 	}}
-	ctrl.appStateManager.SyncAppState(app, opState)
+	ctrl.appStateManager.SyncAppState(app, defaultProject, opState)
 	// Ensure we record spec.syncPolicy.managedNamespaceMetadata into sync result
 	assert.Equal(t, app.Spec.SyncPolicy.ManagedNamespaceMetadata, opState.SyncResult.ManagedNamespaceMetadata)
 }
@@ -139,7 +139,7 @@ func TestPersistRevisionHistoryRollback(t *testing.T) {
 			Source: &source,
 		},
 	}}
-	ctrl.appStateManager.SyncAppState(app, opState)
+	ctrl.appStateManager.SyncAppState(app, defaultProject, opState)
 	// Ensure we record opState's source into sync result
 	assert.Equal(t, source, opState.SyncResult.Source)
 
@@ -182,7 +182,7 @@ func TestSyncComparisonError(t *testing.T) {
 		Sync: &v1alpha1.SyncOperation{},
 	}}
 	t.Setenv("ARGOCD_GPG_ENABLED", "true")
-	ctrl.appStateManager.SyncAppState(app, opState)
+	ctrl.appStateManager.SyncAppState(app, defaultProject, opState)
 
 	conditions := app.Status.GetConditions(map[v1alpha1.ApplicationConditionType]bool{v1alpha1.ApplicationConditionComparisonError: true})
 	assert.NotEmpty(t, conditions)
@@ -194,6 +194,7 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 
 	type fixture struct {
 		application *v1alpha1.Application
+		project     *v1alpha1.AppProject
 		controller  *ApplicationController
 	}
 
@@ -235,6 +236,7 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 
 		return &fixture{
 			application: app,
+			project:     project,
 			controller:  ctrl,
 		}
 	}
@@ -269,7 +271,7 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 		}}
 
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then
 		assert.Equal(t, synccommon.OperationFailed, opState.Phase)
@@ -282,6 +284,7 @@ func TestSyncWindowDeniesSync(t *testing.T) {
 
 	type fixture struct {
 		application *v1alpha1.Application
+		project     *v1alpha1.AppProject
 		controller  *ApplicationController
 	}
 
@@ -320,6 +323,7 @@ func TestSyncWindowDeniesSync(t *testing.T) {
 
 		return &fixture{
 			application: app,
+			project:     project,
 			controller:  ctrl,
 		}
 	}
@@ -339,7 +343,7 @@ func TestSyncWindowDeniesSync(t *testing.T) {
 			Phase: synccommon.OperationRunning,
 		}
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then
 		assert.Equal(t, synccommon.OperationRunning, opState.Phase)
@@ -1362,6 +1366,7 @@ func TestDeriveServiceAccountMatchingServers(t *testing.T) {
 func TestSyncWithImpersonate(t *testing.T) {
 	type fixture struct {
 		application *v1alpha1.Application
+		project     *v1alpha1.AppProject
 		controller  *ApplicationController
 	}
 
@@ -1411,6 +1416,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 		ctrl := newFakeController(&data, nil)
 		return &fixture{
 			application: app,
+			project:     project,
 			controller:  ctrl,
 		}
 	}
@@ -1429,7 +1435,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 			Phase: synccommon.OperationRunning,
 		}
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then, app sync should fail with expected error message in operation state
 		assert.Equal(t, synccommon.OperationError, opState.Phase)
@@ -1450,7 +1456,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 			Phase: synccommon.OperationRunning,
 		}
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then app sync should fail with expected error message in operation state
 		assert.Equal(t, synccommon.OperationError, opState.Phase)
@@ -1471,7 +1477,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 			Phase: synccommon.OperationRunning,
 		}
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then app sync should not fail
 		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
@@ -1492,7 +1498,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 			Phase: synccommon.OperationRunning,
 		}
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then application sync should pass using the control plane service account
 		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
@@ -1517,7 +1523,7 @@ func TestSyncWithImpersonate(t *testing.T) {
 		f.application.Spec.Destination.Name = "minikube"
 
 		// when
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then app sync should not fail
 		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
@@ -1530,6 +1536,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 
 	type fixture struct {
 		application *v1alpha1.Application
+		project     *v1alpha1.AppProject
 		controller  *ApplicationController
 	}
 
@@ -1570,6 +1577,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 
 		return &fixture{
 			application: app,
+			project:     project,
 			controller:  ctrl,
 		}
 	}
@@ -1585,7 +1593,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 				Source: &v1alpha1.ApplicationSource{},
 			},
 		}}
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then
 		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
@@ -1603,7 +1611,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 				Source: &v1alpha1.ApplicationSource{},
 			},
 		}}
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then
 		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)
@@ -1621,7 +1629,7 @@ func TestClientSideApplyMigration(t *testing.T) {
 				Source: &v1alpha1.ApplicationSource{},
 			},
 		}}
-		f.controller.appStateManager.SyncAppState(f.application, opState)
+		f.controller.appStateManager.SyncAppState(f.application, f.project, opState)
 
 		// then
 		assert.Equal(t, synccommon.OperationSucceeded, opState.Phase)

From 6d0da4da5b3c3f7f1efae4146b0541f201f07495 Mon Sep 17 00:00:00 2001
From: Papapetrou Patroklos <1743100+ppapapetrou76@users.noreply.github.com>
Date: Fri, 4 Jul 2025 16:27:45 +0300
Subject: [PATCH 088/383] fix: improves the ui message when an operation is
 terminated due to controller sync timeout (#23657)

Signed-off-by: Patroklos Papapetrou <ppapapetrou76@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go      | 2 +-
 controller/appcontroller_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index c3be8216fe6c8..ad0dfe0379880 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1471,7 +1471,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 			} else {
 				state.Phase = synccommon.OperationRunning
 				state.RetryCount++
-				state.Message = fmt.Sprintf("%s. Retrying attempt #%d at %s.", state.Message, state.RetryCount, retryAt.Format(time.Kitchen))
+				state.Message = fmt.Sprintf("%s due to application controller sync timeout. Retrying attempt #%d at %s.", state.Message, state.RetryCount, retryAt.Format(time.Kitchen))
 			}
 		} else if state.RetryCount > 0 {
 			state.Message = fmt.Sprintf("%s (retried %d times).", state.Message, state.RetryCount)
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index d05eca6c3ff0c..8375e78ce83ea 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -2090,7 +2090,7 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) {
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
 	assert.Equal(t, string(synccommon.OperationRunning), phase)
 	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
-	assert.Contains(t, message, "Retrying attempt #1")
+	assert.Contains(t, message, "due to application controller sync timeout. Retrying attempt #1")
 	retryCount, _, _ := unstructured.NestedFloat64(receivedPatch, "status", "operationState", "retryCount")
 	assert.InEpsilon(t, float64(1), retryCount, 0.0001)
 }

From 48cd0e9f0b90ece118218b3e794da4a464fa13e1 Mon Sep 17 00:00:00 2001
From: solomon-kibret <solomon.kibret@reddit.com>
Date: Fri, 4 Jul 2025 10:47:24 -0400
Subject: [PATCH 089/383] fix: HTTPProxy health-check update (#23575)

Signed-off-by: Solomon Kibret <solomon.kibret@gmail.com>
Co-authored-by: Solomon Kibret <solomon.kibret@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../projectcontour.io/HTTPProxy/health.lua    | 23 +++++++++++-----
 .../HTTPProxy/health_test.yaml                |  4 +++
 .../HTTPProxy/testdata/degraded.yaml          |  1 +
 .../HTTPProxy/testdata/generation.yaml        | 27 +++++++++++++++++++
 .../HTTPProxy/testdata/healthy.yaml           |  1 +
 .../HTTPProxy/testdata/not_reconciled.yaml    |  1 +
 .../HTTPProxy/testdata/progressing.yaml       |  1 +
 7 files changed, 52 insertions(+), 6 deletions(-)
 create mode 100644 resource_customizations/projectcontour.io/HTTPProxy/testdata/generation.yaml

diff --git a/resource_customizations/projectcontour.io/HTTPProxy/health.lua b/resource_customizations/projectcontour.io/HTTPProxy/health.lua
index edc74d6da02bb..0fd1a15115fed 100644
--- a/resource_customizations/projectcontour.io/HTTPProxy/health.lua
+++ b/resource_customizations/projectcontour.io/HTTPProxy/health.lua
@@ -1,17 +1,28 @@
 -- Status reporting information detailed here
 -- https://projectcontour.io/docs/main/config/fundamentals/#status-reporting
+-- More HTTPProxy status conditions api information here: https://projectcontour.io/docs/v1.9.0/api/#projectcontour.io/v1.HTTPProxyStatus
+
 hs = {
   status = "Progressing",
   message = "Waiting for status",
 }
 
-if obj.status ~= nil then
-  if obj.status.currentStatus ~= nil then
-    if obj.status.currentStatus == "valid" then
-      hs.status = "Healthy"
-    elseif obj.status.currentStatus == "invalid" then
-      hs.status = "Degraded"
+if obj.status then
+  if obj.status.conditions then
+    for _, cond in ipairs(obj.status.conditions) do
+      if obj.metadata.generation == cond.observedGeneration then -- This must match so that we don't report a resource as healthy even though its status is stale
+        if cond.type == "Valid" and cond.status == "True" then -- Contour will update a single condition, Valid, that is in normal-true polarity. That is, when currentStatus is valid, the Valid condition will be status: true, and vice versa.
+          hs.status = "Healthy"
+          hs.message = obj.status.description
+          return hs
+        elseif cond.type == "Valid" and cond.status == "False" then
+          hs.status = "Degraded"
+          hs.message = obj.status.description
+          return hs
+        end
+      end
     end
+  elseif obj.status.currentStatus then -- Covers any state where conditions are absent (thus no observedGeneration) but currentStatus is present such as NotReconciled or future similar cases.
     hs.message = obj.status.description
   end
 end
diff --git a/resource_customizations/projectcontour.io/HTTPProxy/health_test.yaml b/resource_customizations/projectcontour.io/HTTPProxy/health_test.yaml
index 2732b145e87c0..7930f9437c1fb 100644
--- a/resource_customizations/projectcontour.io/HTTPProxy/health_test.yaml
+++ b/resource_customizations/projectcontour.io/HTTPProxy/health_test.yaml
@@ -15,3 +15,7 @@ tests:
     status: Degraded
     message: 'At least one error present, see Errors for details'
   inputPath: testdata/degraded.yaml
+- healthStatus:
+    status: Progressing
+    message: 'Waiting for status'
+  inputPath: testdata/generation.yaml
\ No newline at end of file
diff --git a/resource_customizations/projectcontour.io/HTTPProxy/testdata/degraded.yaml b/resource_customizations/projectcontour.io/HTTPProxy/testdata/degraded.yaml
index 85d1c3eb52019..3ae473c13ab74 100644
--- a/resource_customizations/projectcontour.io/HTTPProxy/testdata/degraded.yaml
+++ b/resource_customizations/projectcontour.io/HTTPProxy/testdata/degraded.yaml
@@ -1,6 +1,7 @@
 apiVersion: projectcontour.io/v1
 kind: HTTPProxy
 metadata:
+  generation: 1
   name: basic
 spec:
   virtualhost:
diff --git a/resource_customizations/projectcontour.io/HTTPProxy/testdata/generation.yaml b/resource_customizations/projectcontour.io/HTTPProxy/testdata/generation.yaml
new file mode 100644
index 0000000000000..17f40db0ce9da
--- /dev/null
+++ b/resource_customizations/projectcontour.io/HTTPProxy/testdata/generation.yaml
@@ -0,0 +1,27 @@
+apiVersion: projectcontour.io/v1
+kind: HTTPProxy
+metadata:
+  generation: 2
+  name: basic
+spec:
+  virtualhost:
+    fqdn: foo-basic.bar.com
+  routes:
+    - conditions:
+        - prefix: /
+      services:
+        - name: s1
+          port: 80
+status:
+  conditions:
+  - type: Valid
+    status: "True"
+    observedGeneration: 1
+    lastTransitionTime: "2025-04-07T10:00:00Z"
+    reason: Valid
+    message: Valid HTTPProxy
+  currentStatus: valid
+  description: Valid HTTPProxy
+  loadBalancer:
+    ingress:
+      - hostname: www.example.com
diff --git a/resource_customizations/projectcontour.io/HTTPProxy/testdata/healthy.yaml b/resource_customizations/projectcontour.io/HTTPProxy/testdata/healthy.yaml
index 944cb1f519063..ee1a8b1560b64 100644
--- a/resource_customizations/projectcontour.io/HTTPProxy/testdata/healthy.yaml
+++ b/resource_customizations/projectcontour.io/HTTPProxy/testdata/healthy.yaml
@@ -1,6 +1,7 @@
 apiVersion: projectcontour.io/v1
 kind: HTTPProxy
 metadata:
+  generation: 1
   name: basic
 spec:
   virtualhost:
diff --git a/resource_customizations/projectcontour.io/HTTPProxy/testdata/not_reconciled.yaml b/resource_customizations/projectcontour.io/HTTPProxy/testdata/not_reconciled.yaml
index 7cc01878524f3..4589613c23704 100644
--- a/resource_customizations/projectcontour.io/HTTPProxy/testdata/not_reconciled.yaml
+++ b/resource_customizations/projectcontour.io/HTTPProxy/testdata/not_reconciled.yaml
@@ -1,6 +1,7 @@
 apiVersion: projectcontour.io/v1
 kind: HTTPProxy
 metadata:
+  generation: 1
   name: basic
 spec:
   virtualhost:
diff --git a/resource_customizations/projectcontour.io/HTTPProxy/testdata/progressing.yaml b/resource_customizations/projectcontour.io/HTTPProxy/testdata/progressing.yaml
index 86bece89d2102..a91bb5ef47dd3 100644
--- a/resource_customizations/projectcontour.io/HTTPProxy/testdata/progressing.yaml
+++ b/resource_customizations/projectcontour.io/HTTPProxy/testdata/progressing.yaml
@@ -1,6 +1,7 @@
 apiVersion: projectcontour.io/v1
 kind: HTTPProxy
 metadata:
+  generation: 1
   name: basic
 spec:
   virtualhost:

From 35edc70731e1d5f36ae8eeb79e49984e45b3f9fd Mon Sep 17 00:00:00 2001
From: ruby <ruichao.hu@daocloud.io>
Date: Sat, 5 Jul 2025 01:19:47 +0800
Subject: [PATCH 090/383] fix(applications): update application navigation URLs
 (#22671) (#23285)

Signed-off-by: ruichao.hu <ruichao.hu@daocloud.io>
Signed-off-by: ruby <ruichao.hu@daocloud.io>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Co-authored-by: Linghao Su <slh001@live.cn>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../components/applications-list/applications-list.tsx    | 8 +++++++-
 .../components/applications-list/applications-table.tsx   | 4 ++--
 .../components/applications-list/applications-tiles.tsx   | 4 ++--
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/ui/src/app/applications/components/applications-list/applications-list.tsx b/ui/src/app/applications/components/applications-list/applications-list.tsx
index 2412af50978a3..77071e33570bd 100644
--- a/ui/src/app/applications/components/applications-list/applications-list.tsx
+++ b/ui/src/app/applications/components/applications-list/applications-list.tsx
@@ -263,7 +263,13 @@ const SearchBar = (props: {content: string; ctx: ContextApis; apps: models.Appli
                 </React.Fragment>
             )}
             onSelect={val => {
-                ctx.navigation.goto(`./${val}`);
+                const selectedApp = apps?.find(app => {
+                    const qualifiedName = AppUtils.appQualifiedName(app, useAuthSettingsCtx?.appsInAnyNamespaceEnabled);
+                    return qualifiedName === val;
+                });
+                if (selectedApp) {
+                    ctx.navigation.goto(`/${AppUtils.getAppUrl(selectedApp)}`);
+                }
             }}
             onChange={e => ctx.navigation.goto('.', {search: e.target.value}, {replace: true})}
             value={content || ''}
diff --git a/ui/src/app/applications/components/applications-list/applications-table.tsx b/ui/src/app/applications/components/applications-list/applications-table.tsx
index b90f940a79480..a9ef2b9b83aca 100644
--- a/ui/src/app/applications/components/applications-list/applications-table.tsx
+++ b/ui/src/app/applications/components/applications-list/applications-table.tsx
@@ -37,7 +37,7 @@ export const ApplicationsTable = (props: {
         keys: Key.ENTER,
         action: () => {
             if (selectedApp > -1) {
-                ctxh.navigation.goto(AppUtils.getAppUrl(props.applications[selectedApp]));
+                ctxh.navigation.goto(`/${AppUtils.getAppUrl(props.applications[selectedApp])}`);
                 return true;
             }
             return false;
@@ -57,7 +57,7 @@ export const ApplicationsTable = (props: {
                                         key={AppUtils.appInstanceName(app)}
                                         className={`argo-table-list__row
                 applications-list__entry applications-list__entry--health-${app.status.health.status} ${selectedApp === i ? 'applications-tiles__selected' : ''}`}>
-                                        <div className={`row applications-list__table-row`} onClick={e => ctx.navigation.goto(AppUtils.getAppUrl(app), {}, {event: e})}>
+                                        <div className={`row applications-list__table-row`} onClick={e => ctx.navigation.goto(`/${AppUtils.getAppUrl(app)}`, {}, {event: e})}>
                                             <div className='columns small-4'>
                                                 <div className='row'>
                                                     <div className=' columns small-2'>
diff --git a/ui/src/app/applications/components/applications-list/applications-tiles.tsx b/ui/src/app/applications/components/applications-list/applications-tiles.tsx
index b693380d6200e..67eed7bf76f2f 100644
--- a/ui/src/app/applications/components/applications-list/applications-tiles.tsx
+++ b/ui/src/app/applications/components/applications-list/applications-tiles.tsx
@@ -66,7 +66,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat
         keys: Key.ENTER,
         action: () => {
             if (selectedApp > -1) {
-                ctxh.navigation.goto(AppUtils.getAppUrl(applications[selectedApp]));
+                ctxh.navigation.goto(`/${AppUtils.getAppUrl(applications[selectedApp])}`);
                 return true;
             }
             return false;
@@ -119,7 +119,7 @@ export const ApplicationTiles = ({applications, syncApplication, refreshApplicat
                                             }`}>
                                             <div
                                                 className='row applications-tiles__wrapper'
-                                                onClick={e => ctx.navigation.goto(AppUtils.getAppUrl(app), {view: pref.appDetails.view}, {event: e})}>
+                                                onClick={e => ctx.navigation.goto(`/${AppUtils.getAppUrl(app)}`, {view: pref.appDetails.view}, {event: e})}>
                                                 <div
                                                     className={`columns small-12 applications-list__info qe-applications-list-${AppUtils.appInstanceName(
                                                         app

From 8e830dd9779e1a9d6a0a47764d1493ba90e7c1c8 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Sat, 5 Jul 2025 23:25:12 +0530
Subject: [PATCH 091/383] feat: read argocd password from stdin (#23520)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/login.go |  3 +--
 util/cli/cli.go              | 13 +++++++++++--
 util/cli/cli_test.go         | 31 +++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 util/cli/cli_test.go

diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go
index d695064654753..f4fc7b4328f1b 100644
--- a/cmd/argocd/commands/login.go
+++ b/cmd/argocd/commands/login.go
@@ -185,8 +185,7 @@ argocd login cd.argoproj.io --core`,
 	command.Flags().StringVar(&password, "password", "", "The password of an account to authenticate")
 	command.Flags().BoolVar(&sso, "sso", false, "Perform SSO login")
 	command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application")
-	command.Flags().
-		BoolVar(&skipTestTLS, "skip-test-tls", false, "Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason)")
+	command.Flags().BoolVar(&skipTestTLS, "skip-test-tls", false, "Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason)")
 	command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the system default browser when performing SSO login")
 	return command
 }
diff --git a/util/cli/cli.go b/util/cli/cli.go
index 25360676455ec..91d48de06c32a 100644
--- a/util/cli/cli.go
+++ b/util/cli/cli.go
@@ -102,12 +102,21 @@ func PromptMessage(message, value string) string {
 	return value
 }
 
-// PromptPassword prompts the user for a password, without local echo. (unless already supplied)
+// PromptPassword prompts the user for a password, without local echo (unless already supplied).
+// If terminal.ReadPassword fails — often due to stdin not being a terminal (e.g., when input is piped),
+// we fall back to reading from standard input using bufio.Reader.
 func PromptPassword(password string) string {
 	for password == "" {
 		fmt.Print("Password: ")
 		passwordRaw, err := terminal.ReadPassword(int(os.Stdin.Fd()))
-		errors.CheckError(err)
+		if err != nil {
+			// Fallback: handle cases where stdin is not a terminal (e.g., piped input)
+			reader := bufio.NewReader(os.Stdin)
+			input, err := reader.ReadString('\n')
+			errors.CheckError(err)
+			password = strings.TrimSpace(input)
+			return password
+		}
 		password = string(passwordRaw)
 		fmt.Print("\n")
 	}
diff --git a/util/cli/cli_test.go b/util/cli/cli_test.go
new file mode 100644
index 0000000000000..284f7036337fb
--- /dev/null
+++ b/util/cli/cli_test.go
@@ -0,0 +1,31 @@
+package cli
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+const pwd = "test-password"
+
+func TestPromptPassword_Fallback(t *testing.T) {
+	oldStdin := os.Stdin
+	defer func() {
+		os.Stdin = oldStdin
+	}()
+
+	r, w, err := os.Pipe()
+	if err != nil {
+		t.Fatalf("Failed to create pipe: %v", err)
+	}
+	_, err = w.WriteString(pwd + "\n")
+	if err != nil {
+		t.Fatalf("Failed to write to pipe: %v", err)
+	}
+	w.Close()
+
+	os.Stdin = r
+	password := PromptPassword("")
+	require.Equal(t, pwd, password)
+}

From 1bab883a86d0db858a451d7644343cd9642ed620 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 5 Jul 2025 17:41:24 -0400
Subject: [PATCH 092/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.132.0 to 0.133.0 (#23656)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index de3d6de834de1..769d928b3748b 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.132.0
+	gitlab.com/gitlab-org/api/client-go v0.133.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index be11f53f518ed..73333e4d83b30 100644
--- a/go.sum
+++ b/go.sum
@@ -903,8 +903,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.132.0 h1:6W4VAmbWVbjUEoQiybPAn6bMP5v0Ga9jeTJaRtc7zfI=
-gitlab.com/gitlab-org/api/client-go v0.132.0/go.mod h1:U83AmpPrAir8NH31T/BstwZcJzS/nGZptOXtGjPZrbI=
+gitlab.com/gitlab-org/api/client-go v0.133.0 h1:Y+t86XrCUY24A1yLMU1mYgC1/kvUTohLPG7bUJs692M=
+gitlab.com/gitlab-org/api/client-go v0.133.0/go.mod h1:crkp9sCwMQ8gDwuMLgk11sDT336t6U3kESBT0BGsOBo=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From bb7ee3a914c09185b32b64c87ac5b9337902c5f9 Mon Sep 17 00:00:00 2001
From: Linghao Su <linghao.su@daocloud.io>
Date: Mon, 7 Jul 2025 02:45:39 +0800
Subject: [PATCH 093/383] chore(ui): add jsx-no-useless-fragment lint rule
 (#23666)

Signed-off-by: linghaoSu <linghao.su@daocloud.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/eslint.config.mjs                          |   3 +-
 .../application-create-panel.tsx              | 734 +++++++++---------
 .../set-finalizer-on-application.tsx          |  38 +-
 ...application-deployment-history-details.tsx |  20 +-
 .../application-node-info.tsx                 |   9 +-
 .../application-parameters-source.tsx         |  84 +-
 .../application-parameters.tsx                |  18 +-
 .../application-parameters/source-panel.tsx   | 560 +++++++------
 .../application-pod-view/pod-view.tsx         |   2 +-
 .../application-status-panel.tsx              | 144 ++--
 .../revision-metadata-panel.tsx               |   2 +-
 .../application-summary.tsx                   |  26 +-
 .../applications-refresh-panel.tsx            |  42 +-
 .../applications-sync-panel.tsx               |  42 +-
 .../applications/components/filter/filter.tsx |   2 +-
 .../pod-logs-viewer/container-selector.tsx    |   4 +-
 .../resource-details/resource-details.tsx     |   8 +-
 .../revision-form-field.tsx                   |  70 +-
 ui/src/app/applications/components/utils.tsx  |  28 +-
 .../clusters-list/clusters-list.tsx           | 210 +++--
 .../project-role-jwt-tokens.tsx               |  46 +-
 .../components/repos-list/repos-list.tsx      |  18 +-
 .../app/shared/components/clipboard-text.tsx  |   2 +-
 .../editable-panel/editable-panel.tsx         |  18 +-
 ui/src/app/sidebar/sidebar.tsx                |  10 +-
 ui/src/app/ui-banner/ui-banner.tsx            |   4 +-
 26 files changed, 1044 insertions(+), 1100 deletions(-)

diff --git a/ui/eslint.config.mjs b/ui/eslint.config.mjs
index 45cca74acdcf7..541a754af7315 100644
--- a/ui/eslint.config.mjs
+++ b/ui/eslint.config.mjs
@@ -24,7 +24,8 @@ export default [
         ...pluginReactConfig,
         rules: {
             'react/display-name': 'off',
-            'react/no-string-refs': 'off'
+            'react/no-string-refs': 'off',
+            'react/jsx-no-useless-fragment': ['error', {allowExpressions: true}]
         }
     },
     eslintPluginPrettierRecommended,
diff --git a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
index 4c9d6124482af..f9a5d20ecdb68 100644
--- a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
+++ b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
@@ -185,65 +185,60 @@ export const ApplicationCreatePanel = (props: {
     };
 
     return (
-        <React.Fragment>
-            <DataLoader
-                key='creation-deps'
-                load={() =>
-                    Promise.all([
-                        services.projects.list('items.metadata.name').then(projects => projects.map(proj => proj.metadata.name).sort()),
-                        services.clusters.list().then(clusters => clusters.sort()),
-                        services.repos.list()
-                    ]).then(([projects, clusters, reposInfo]) => ({projects, clusters, reposInfo}))
-                }>
-                {({projects, clusters, reposInfo}) => {
-                    const repos = reposInfo.map(info => info.repo).sort();
-                    const repoInfo = reposInfo.find(info => info.repo === app.spec.source.repoURL);
-                    if (repoInfo) {
-                        normalizeAppSource(app, repoInfo.type || 'git');
-                    }
-                    return (
-                        <div className='application-create-panel'>
-                            {(yamlMode && (
-                                <YamlEditor
-                                    minHeight={800}
-                                    initialEditMode={true}
-                                    input={app}
-                                    onCancel={() => setYamlMode(false)}
-                                    onSave={async patch => {
-                                        props.onAppChanged(jsonMergePatch.apply(app, JSON.parse(patch)));
-                                        setYamlMode(false);
-                                        return true;
-                                    }}
-                                />
-                            )) || (
-                                <Form
-                                    validateError={(a: models.Application) => ({
-                                        'metadata.name': !a.metadata.name && 'Application Name is required',
-                                        'spec.project': !a.spec.project && 'Project Name is required',
-                                        'spec.source.repoURL': !a.spec.source.repoURL && 'Repository URL is required',
-                                        'spec.source.targetRevision': !a.spec.source.targetRevision && a.spec.source.hasOwnProperty('chart') && 'Version is required',
-                                        'spec.source.path': !a.spec.source.path && !a.spec.source.chart && 'Path is required',
-                                        'spec.source.chart': !a.spec.source.path && !a.spec.source.chart && 'Chart is required',
-                                        // Verify cluster URL when there is no cluster name field or the name value is empty
-                                        'spec.destination.server':
-                                            !a.spec.destination.server &&
-                                            (!a.spec.destination.hasOwnProperty('name') || a.spec.destination.name === '') &&
-                                            'Cluster URL is required',
-                                        // Verify cluster name when there is no cluster URL field or the URL value is empty
-                                        'spec.destination.name':
-                                            !a.spec.destination.name &&
-                                            (!a.spec.destination.hasOwnProperty('server') || a.spec.destination.server === '') &&
-                                            'Cluster name is required'
-                                    })}
-                                    defaultValues={app}
-                                    formDidUpdate={state => debouncedOnAppChanged(state.values as any)}
-                                    onSubmit={onCreateApp}
-                                    getApi={props.getFormApi}>
-                                    {api => {
-                                        const generalPanel = () => (
-                                            <div className='white-box'>
-                                                <p>GENERAL</p>
-                                                {/*
+        <DataLoader
+            key='creation-deps'
+            load={() =>
+                Promise.all([
+                    services.projects.list('items.metadata.name').then(projects => projects.map(proj => proj.metadata.name).sort()),
+                    services.clusters.list().then(clusters => clusters.sort()),
+                    services.repos.list()
+                ]).then(([projects, clusters, reposInfo]) => ({projects, clusters, reposInfo}))
+            }>
+            {({projects, clusters, reposInfo}) => {
+                const repos = reposInfo.map(info => info.repo).sort();
+                const repoInfo = reposInfo.find(info => info.repo === app.spec.source.repoURL);
+                if (repoInfo) {
+                    normalizeAppSource(app, repoInfo.type || 'git');
+                }
+                return (
+                    <div className='application-create-panel'>
+                        {(yamlMode && (
+                            <YamlEditor
+                                minHeight={800}
+                                initialEditMode={true}
+                                input={app}
+                                onCancel={() => setYamlMode(false)}
+                                onSave={async patch => {
+                                    props.onAppChanged(jsonMergePatch.apply(app, JSON.parse(patch)));
+                                    setYamlMode(false);
+                                    return true;
+                                }}
+                            />
+                        )) || (
+                            <Form
+                                validateError={(a: models.Application) => ({
+                                    'metadata.name': !a.metadata.name && 'Application Name is required',
+                                    'spec.project': !a.spec.project && 'Project Name is required',
+                                    'spec.source.repoURL': !a.spec.source.repoURL && 'Repository URL is required',
+                                    'spec.source.targetRevision': !a.spec.source.targetRevision && a.spec.source.hasOwnProperty('chart') && 'Version is required',
+                                    'spec.source.path': !a.spec.source.path && !a.spec.source.chart && 'Path is required',
+                                    'spec.source.chart': !a.spec.source.path && !a.spec.source.chart && 'Chart is required',
+                                    // Verify cluster URL when there is no cluster name field or the name value is empty
+                                    'spec.destination.server':
+                                        !a.spec.destination.server && (!a.spec.destination.hasOwnProperty('name') || a.spec.destination.name === '') && 'Cluster URL is required',
+                                    // Verify cluster name when there is no cluster URL field or the URL value is empty
+                                    'spec.destination.name':
+                                        !a.spec.destination.name && (!a.spec.destination.hasOwnProperty('server') || a.spec.destination.server === '') && 'Cluster name is required'
+                                })}
+                                defaultValues={app}
+                                formDidUpdate={state => debouncedOnAppChanged(state.values as any)}
+                                onSubmit={onCreateApp}
+                                getApi={props.getFormApi}>
+                                {api => {
+                                    const generalPanel = () => (
+                                        <div className='white-box'>
+                                            <p>GENERAL</p>
+                                            {/*
                                                     Need to specify "type='button'" because the default type 'submit'
                                                     will activate yaml mode whenever enter is pressed while in the panel.
                                                     This causes problems with some entry fields that require enter to be
@@ -251,123 +246,148 @@ export const ApplicationCreatePanel = (props: {
 
                                                     See https://github.com/argoproj/argo-cd/issues/4576
                                                 */}
-                                                {!yamlMode && (
-                                                    <button
-                                                        type='button'
-                                                        className='argo-button argo-button--base application-create-panel__yaml-button'
-                                                        onClick={() => setYamlMode(true)}>
-                                                        Edit as YAML
-                                                    </button>
-                                                )}
-                                                <div className='argo-form-row'>
-                                                    <FormField
-                                                        formApi={api}
-                                                        label='Application Name'
-                                                        qeId='application-create-field-app-name'
-                                                        field='metadata.name'
-                                                        component={Text}
-                                                    />
-                                                </div>
-                                                <div className='argo-form-row'>
+                                            {!yamlMode && (
+                                                <button
+                                                    type='button'
+                                                    className='argo-button argo-button--base application-create-panel__yaml-button'
+                                                    onClick={() => setYamlMode(true)}>
+                                                    Edit as YAML
+                                                </button>
+                                            )}
+                                            <div className='argo-form-row'>
+                                                <FormField formApi={api} label='Application Name' qeId='application-create-field-app-name' field='metadata.name' component={Text} />
+                                            </div>
+                                            <div className='argo-form-row'>
+                                                <FormField
+                                                    formApi={api}
+                                                    label='Project Name'
+                                                    qeId='application-create-field-project'
+                                                    field='spec.project'
+                                                    component={AutocompleteField}
+                                                    componentProps={{
+                                                        items: projects,
+                                                        filterSuggestions: true
+                                                    }}
+                                                />
+                                            </div>
+                                            <div className='argo-form-row'>
+                                                <FormField
+                                                    formApi={api}
+                                                    field='spec.syncPolicy.automated'
+                                                    qeId='application-create-field-sync-policy'
+                                                    component={AutoSyncFormField}
+                                                />
+                                            </div>
+                                            <div className='argo-form-row'>
+                                                <FormField formApi={api} field='metadata.finalizers' component={SetFinalizerOnApplication} />
+                                            </div>
+                                            <div className='argo-form-row'>
+                                                <label>Sync Options</label>
+                                                <FormField formApi={api} field='spec.syncPolicy.syncOptions' component={ApplicationSyncOptionsField} />
+                                                <ApplicationRetryOptions
+                                                    formApi={api}
+                                                    field='spec.syncPolicy.retry'
+                                                    retry={retry || (api.getFormState().values.spec.syncPolicy && api.getFormState().values.spec.syncPolicy.retry)}
+                                                    setRetry={setRetry}
+                                                    initValues={api.getFormState().values.spec.syncPolicy ? api.getFormState().values.spec.syncPolicy.retry : null}
+                                                />
+                                            </div>
+                                        </div>
+                                    );
+
+                                    const repoType = api.getFormState().values.spec.source.repoURL.startsWith('oci://')
+                                        ? 'oci'
+                                        : (api.getFormState().values.spec.source.hasOwnProperty('chart') && 'helm') || 'git';
+                                    const sourcePanel = () => (
+                                        <div className='white-box'>
+                                            <p>SOURCE</p>
+                                            <div className='row argo-form-row'>
+                                                <div className='columns small-10'>
                                                     <FormField
                                                         formApi={api}
-                                                        label='Project Name'
-                                                        qeId='application-create-field-project'
-                                                        field='spec.project'
+                                                        label='Repository URL'
+                                                        qeId='application-create-field-repository-url'
+                                                        field='spec.source.repoURL'
                                                         component={AutocompleteField}
                                                         componentProps={{
-                                                            items: projects,
+                                                            items: repos,
                                                             filterSuggestions: true
                                                         }}
                                                     />
                                                 </div>
-                                                <div className='argo-form-row'>
-                                                    <FormField
-                                                        formApi={api}
-                                                        field='spec.syncPolicy.automated'
-                                                        qeId='application-create-field-sync-policy'
-                                                        component={AutoSyncFormField}
-                                                    />
-                                                </div>
-                                                <div className='argo-form-row'>
-                                                    <FormField formApi={api} field='metadata.finalizers' component={SetFinalizerOnApplication} />
-                                                </div>
-                                                <div className='argo-form-row'>
-                                                    <label>Sync Options</label>
-                                                    <FormField formApi={api} field='spec.syncPolicy.syncOptions' component={ApplicationSyncOptionsField} />
-                                                    <ApplicationRetryOptions
-                                                        formApi={api}
-                                                        field='spec.syncPolicy.retry'
-                                                        retry={retry || (api.getFormState().values.spec.syncPolicy && api.getFormState().values.spec.syncPolicy.retry)}
-                                                        setRetry={setRetry}
-                                                        initValues={api.getFormState().values.spec.syncPolicy ? api.getFormState().values.spec.syncPolicy.retry : null}
-                                                    />
-                                                </div>
-                                            </div>
-                                        );
-
-                                        const repoType = api.getFormState().values.spec.source.repoURL.startsWith('oci://')
-                                            ? 'oci'
-                                            : (api.getFormState().values.spec.source.hasOwnProperty('chart') && 'helm') || 'git';
-                                        const sourcePanel = () => (
-                                            <div className='white-box'>
-                                                <p>SOURCE</p>
-                                                <div className='row argo-form-row'>
-                                                    <div className='columns small-10'>
-                                                        <FormField
-                                                            formApi={api}
-                                                            label='Repository URL'
-                                                            qeId='application-create-field-repository-url'
-                                                            field='spec.source.repoURL'
-                                                            component={AutocompleteField}
-                                                            componentProps={{
-                                                                items: repos,
-                                                                filterSuggestions: true
-                                                            }}
-                                                        />
-                                                    </div>
-                                                    <div className='columns small-2'>
-                                                        <div style={{paddingTop: '1.5em'}}>
-                                                            {(repoInfo && (
-                                                                <React.Fragment>
-                                                                    <span>{(repoInfo.type || 'git').toUpperCase()}</span> <i className='fa fa-check' />
-                                                                </React.Fragment>
-                                                            )) || (
-                                                                <DropDownMenu
-                                                                    anchor={() => (
-                                                                        <p>
-                                                                            {repoType.toUpperCase()} <i className='fa fa-caret-down' />
-                                                                        </p>
-                                                                    )}
-                                                                    qeId='application-create-dropdown-source-repository'
-                                                                    items={['git', 'helm', 'oci'].map((type: 'git' | 'helm' | 'oci') => ({
-                                                                        title: type.toUpperCase(),
-                                                                        action: () => {
-                                                                            if (repoType !== type) {
-                                                                                const updatedApp = api.getFormState().values as models.Application;
-                                                                                if (normalizeAppSource(updatedApp, type)) {
-                                                                                    api.setAllValues(updatedApp);
-                                                                                }
+                                                <div className='columns small-2'>
+                                                    <div style={{paddingTop: '1.5em'}}>
+                                                        {(repoInfo && (
+                                                            <React.Fragment>
+                                                                <span>{(repoInfo.type || 'git').toUpperCase()}</span> <i className='fa fa-check' />
+                                                            </React.Fragment>
+                                                        )) || (
+                                                            <DropDownMenu
+                                                                anchor={() => (
+                                                                    <p>
+                                                                        {repoType.toUpperCase()} <i className='fa fa-caret-down' />
+                                                                    </p>
+                                                                )}
+                                                                qeId='application-create-dropdown-source-repository'
+                                                                items={['git', 'helm', 'oci'].map((type: 'git' | 'helm' | 'oci') => ({
+                                                                    title: type.toUpperCase(),
+                                                                    action: () => {
+                                                                        if (repoType !== type) {
+                                                                            const updatedApp = api.getFormState().values as models.Application;
+                                                                            if (normalizeAppSource(updatedApp, type)) {
+                                                                                api.setAllValues(updatedApp);
                                                                             }
                                                                         }
-                                                                    }))}
+                                                                    }
+                                                                }))}
+                                                            />
+                                                        )}
+                                                    </div>
+                                                </div>
+                                            </div>
+                                            {(repoType === 'oci' && (
+                                                <React.Fragment>
+                                                    <RevisionFormField formApi={api} helpIconTop={'2.5em'} repoURL={app.spec.source.repoURL} repoType={repoType} />
+                                                    <div className='argo-form-row'>
+                                                        <DataLoader
+                                                            input={{repoURL: app.spec.source.repoURL, revision: app.spec.source.targetRevision}}
+                                                            load={async src =>
+                                                                src.repoURL &&
+                                                                // TODO: for autocomplete we need to fetch paths that are used by other apps within the same project making use of the same OCI repo
+                                                                new Array<string>()
+                                                            }>
+                                                            {(paths: string[]) => (
+                                                                <FormField
+                                                                    formApi={api}
+                                                                    label='Path'
+                                                                    qeId='application-create-field-path'
+                                                                    field='spec.source.path'
+                                                                    component={AutocompleteField}
+                                                                    componentProps={{
+                                                                        items: paths,
+                                                                        filterSuggestions: true
+                                                                    }}
                                                                 />
                                                             )}
-                                                        </div>
+                                                        </DataLoader>
                                                     </div>
-                                                </div>
-                                                {(repoType === 'oci' && (
+                                                </React.Fragment>
+                                            )) ||
+                                                (repoType === 'git' && (
                                                     <React.Fragment>
                                                         <RevisionFormField formApi={api} helpIconTop={'2.5em'} repoURL={app.spec.source.repoURL} repoType={repoType} />
                                                         <div className='argo-form-row'>
                                                             <DataLoader
                                                                 input={{repoURL: app.spec.source.repoURL, revision: app.spec.source.targetRevision}}
                                                                 load={async src =>
-                                                                    src.repoURL &&
-                                                                    // TODO: for autocomplete we need to fetch paths that are used by other apps within the same project making use of the same OCI repo
+                                                                    (src.repoURL &&
+                                                                        services.repos
+                                                                            .apps(src.repoURL, src.revision, app.metadata.name, app.spec.project)
+                                                                            .then(apps => Array.from(new Set(apps.map(item => item.path))).sort())
+                                                                            .catch(() => new Array<string>())) ||
                                                                     new Array<string>()
                                                                 }>
-                                                                {(paths: string[]) => (
+                                                                {(apps: string[]) => (
                                                                     <FormField
                                                                         formApi={api}
                                                                         label='Path'
@@ -375,7 +395,7 @@ export const ApplicationCreatePanel = (props: {
                                                                         field='spec.source.path'
                                                                         component={AutocompleteField}
                                                                         componentProps={{
-                                                                            items: paths,
+                                                                            items: apps,
                                                                             filterSuggestions: true
                                                                         }}
                                                                     />
@@ -383,241 +403,209 @@ export const ApplicationCreatePanel = (props: {
                                                             </DataLoader>
                                                         </div>
                                                     </React.Fragment>
-                                                )) ||
-                                                    (repoType === 'git' && (
-                                                        <React.Fragment>
-                                                            <RevisionFormField formApi={api} helpIconTop={'2.5em'} repoURL={app.spec.source.repoURL} repoType={repoType} />
-                                                            <div className='argo-form-row'>
-                                                                <DataLoader
-                                                                    input={{repoURL: app.spec.source.repoURL, revision: app.spec.source.targetRevision}}
-                                                                    load={async src =>
-                                                                        (src.repoURL &&
-                                                                            services.repos
-                                                                                .apps(src.repoURL, src.revision, app.metadata.name, app.spec.project)
-                                                                                .then(apps => Array.from(new Set(apps.map(item => item.path))).sort())
-                                                                                .catch(() => new Array<string>())) ||
-                                                                        new Array<string>()
-                                                                    }>
-                                                                    {(apps: string[]) => (
+                                                )) || (
+                                                    <DataLoader
+                                                        input={{repoURL: app.spec.source.repoURL}}
+                                                        load={async src =>
+                                                            (src.repoURL && services.repos.charts(src.repoURL).catch(() => new Array<models.HelmChart>())) ||
+                                                            new Array<models.HelmChart>()
+                                                        }>
+                                                        {(charts: models.HelmChart[]) => {
+                                                            const selectedChart = charts.find(chart => chart.name === api.getFormState().values.spec.source.chart);
+                                                            return (
+                                                                <div className='row argo-form-row'>
+                                                                    <div className='columns small-10'>
                                                                         <FormField
                                                                             formApi={api}
-                                                                            label='Path'
-                                                                            qeId='application-create-field-path'
-                                                                            field='spec.source.path'
+                                                                            label='Chart'
+                                                                            field='spec.source.chart'
                                                                             component={AutocompleteField}
                                                                             componentProps={{
-                                                                                items: apps,
+                                                                                items: charts.map(chart => chart.name),
                                                                                 filterSuggestions: true
                                                                             }}
                                                                         />
-                                                                    )}
-                                                                </DataLoader>
-                                                            </div>
-                                                        </React.Fragment>
-                                                    )) || (
-                                                        <DataLoader
-                                                            input={{repoURL: app.spec.source.repoURL}}
-                                                            load={async src =>
-                                                                (src.repoURL && services.repos.charts(src.repoURL).catch(() => new Array<models.HelmChart>())) ||
-                                                                new Array<models.HelmChart>()
-                                                            }>
-                                                            {(charts: models.HelmChart[]) => {
-                                                                const selectedChart = charts.find(chart => chart.name === api.getFormState().values.spec.source.chart);
-                                                                return (
-                                                                    <div className='row argo-form-row'>
-                                                                        <div className='columns small-10'>
-                                                                            <FormField
-                                                                                formApi={api}
-                                                                                label='Chart'
-                                                                                field='spec.source.chart'
-                                                                                component={AutocompleteField}
-                                                                                componentProps={{
-                                                                                    items: charts.map(chart => chart.name),
-                                                                                    filterSuggestions: true
-                                                                                }}
-                                                                            />
-                                                                        </div>
-                                                                        <div className='columns small-2'>
-                                                                            <FormField
-                                                                                formApi={api}
-                                                                                field='spec.source.targetRevision'
-                                                                                component={AutocompleteField}
-                                                                                componentProps={{
-                                                                                    items: (selectedChart && selectedChart.versions) || [],
-                                                                                    filterSuggestions: true
-                                                                                }}
-                                                                            />
-                                                                            <RevisionHelpIcon type='helm' />
-                                                                        </div>
                                                                     </div>
-                                                                );
+                                                                    <div className='columns small-2'>
+                                                                        <FormField
+                                                                            formApi={api}
+                                                                            field='spec.source.targetRevision'
+                                                                            component={AutocompleteField}
+                                                                            componentProps={{
+                                                                                items: (selectedChart && selectedChart.versions) || [],
+                                                                                filterSuggestions: true
+                                                                            }}
+                                                                        />
+                                                                        <RevisionHelpIcon type='helm' />
+                                                                    </div>
+                                                                </div>
+                                                            );
+                                                        }}
+                                                    </DataLoader>
+                                                )}
+                                        </div>
+                                    );
+                                    const destinationPanel = () => (
+                                        <div className='white-box'>
+                                            <p>DESTINATION</p>
+                                            <div className='row argo-form-row'>
+                                                {(destinationComboValue.toUpperCase() === 'URL' && (
+                                                    <div className='columns small-10'>
+                                                        <FormField
+                                                            formApi={api}
+                                                            label='Cluster URL'
+                                                            qeId='application-create-field-cluster-url'
+                                                            field='spec.destination.server'
+                                                            componentProps={{
+                                                                items: clusters.map(cluster => cluster.server),
+                                                                filterSuggestions: true
                                                             }}
-                                                        </DataLoader>
-                                                    )}
-                                            </div>
-                                        );
-                                        const destinationPanel = () => (
-                                            <div className='white-box'>
-                                                <p>DESTINATION</p>
-                                                <div className='row argo-form-row'>
-                                                    {(destinationComboValue.toUpperCase() === 'URL' && (
-                                                        <div className='columns small-10'>
-                                                            <FormField
-                                                                formApi={api}
-                                                                label='Cluster URL'
-                                                                qeId='application-create-field-cluster-url'
-                                                                field='spec.destination.server'
-                                                                componentProps={{
-                                                                    items: clusters.map(cluster => cluster.server),
-                                                                    filterSuggestions: true
-                                                                }}
-                                                                component={AutocompleteField}
-                                                            />
-                                                        </div>
-                                                    )) || (
-                                                        <div className='columns small-10'>
-                                                            <FormField
-                                                                formApi={api}
-                                                                label='Cluster Name'
-                                                                qeId='application-create-field-cluster-name'
-                                                                field='spec.destination.name'
-                                                                componentProps={{
-                                                                    items: clusters.map(cluster => cluster.name),
-                                                                    filterSuggestions: true
-                                                                }}
-                                                                component={AutocompleteField}
-                                                            />
-                                                        </div>
-                                                    )}
-                                                    <div className='columns small-2'>
-                                                        <div style={{paddingTop: '1.5em'}}>
-                                                            <DropDownMenu
-                                                                anchor={() => (
-                                                                    <p>
-                                                                        {destinationComboValue} <i className='fa fa-caret-down' />
-                                                                    </p>
-                                                                )}
-                                                                qeId='application-create-dropdown-destination'
-                                                                items={['URL', 'NAME'].map((type: 'URL' | 'NAME') => ({
-                                                                    title: type,
-                                                                    action: () => {
-                                                                        if (destinationComboValue !== type) {
-                                                                            destinationComboValue = type;
-                                                                            comboSwitchedFromPanel.current = true;
-                                                                            setDestinationFieldChanges({destFormat: type, destFormatChanged: 'changed'});
-                                                                        }
+                                                            component={AutocompleteField}
+                                                        />
+                                                    </div>
+                                                )) || (
+                                                    <div className='columns small-10'>
+                                                        <FormField
+                                                            formApi={api}
+                                                            label='Cluster Name'
+                                                            qeId='application-create-field-cluster-name'
+                                                            field='spec.destination.name'
+                                                            componentProps={{
+                                                                items: clusters.map(cluster => cluster.name),
+                                                                filterSuggestions: true
+                                                            }}
+                                                            component={AutocompleteField}
+                                                        />
+                                                    </div>
+                                                )}
+                                                <div className='columns small-2'>
+                                                    <div style={{paddingTop: '1.5em'}}>
+                                                        <DropDownMenu
+                                                            anchor={() => (
+                                                                <p>
+                                                                    {destinationComboValue} <i className='fa fa-caret-down' />
+                                                                </p>
+                                                            )}
+                                                            qeId='application-create-dropdown-destination'
+                                                            items={['URL', 'NAME'].map((type: 'URL' | 'NAME') => ({
+                                                                title: type,
+                                                                action: () => {
+                                                                    if (destinationComboValue !== type) {
+                                                                        destinationComboValue = type;
+                                                                        comboSwitchedFromPanel.current = true;
+                                                                        setDestinationFieldChanges({destFormat: type, destFormatChanged: 'changed'});
                                                                     }
-                                                                }))}
-                                                            />
-                                                        </div>
+                                                                }
+                                                            }))}
+                                                        />
                                                     </div>
                                                 </div>
-                                                <div className='argo-form-row'>
-                                                    <FormField
-                                                        qeId='application-create-field-namespace'
-                                                        formApi={api}
-                                                        label='Namespace'
-                                                        field='spec.destination.namespace'
-                                                        component={Text}
-                                                    />
-                                                </div>
                                             </div>
-                                        );
+                                            <div className='argo-form-row'>
+                                                <FormField
+                                                    qeId='application-create-field-namespace'
+                                                    formApi={api}
+                                                    label='Namespace'
+                                                    field='spec.destination.namespace'
+                                                    component={Text}
+                                                />
+                                            </div>
+                                        </div>
+                                    );
 
-                                        const typePanel = () => (
-                                            <DataLoader
-                                                input={{
-                                                    repoURL: app.spec.source.repoURL,
-                                                    path: app.spec.source.path,
-                                                    chart: app.spec.source.chart,
-                                                    targetRevision: app.spec.source.targetRevision,
-                                                    appName: app.metadata.name
-                                                }}
-                                                load={async src => {
-                                                    if (src.repoURL && src.targetRevision && (src.path || src.chart)) {
-                                                        return services.repos.appDetails(src, src.appName, app.spec.project, 0, 0).catch(() => ({
-                                                            type: 'Directory',
-                                                            details: {}
-                                                        }));
-                                                    } else {
-                                                        return {
-                                                            type: 'Directory',
-                                                            details: {}
-                                                        };
-                                                    }
-                                                }}>
-                                                {(details: models.RepoAppDetails) => {
-                                                    const type = (explicitPathType && explicitPathType.path === app.spec.source.path && explicitPathType.type) || details.type;
-                                                    if (details.type !== type) {
-                                                        switch (type) {
-                                                            case 'Helm':
-                                                                details = {
-                                                                    type,
-                                                                    path: details.path,
-                                                                    helm: {name: '', valueFiles: [], path: '', parameters: [], fileParameters: []}
-                                                                };
-                                                                break;
-                                                            case 'Kustomize':
-                                                                details = {type, path: details.path, kustomize: {path: ''}};
-                                                                break;
-                                                            case 'Plugin':
-                                                                details = {type, path: details.path, plugin: {name: '', env: []}};
-                                                                break;
-                                                            // Directory
-                                                            default:
-                                                                details = {type, path: details.path, directory: {}};
-                                                                break;
-                                                        }
+                                    const typePanel = () => (
+                                        <DataLoader
+                                            input={{
+                                                repoURL: app.spec.source.repoURL,
+                                                path: app.spec.source.path,
+                                                chart: app.spec.source.chart,
+                                                targetRevision: app.spec.source.targetRevision,
+                                                appName: app.metadata.name
+                                            }}
+                                            load={async src => {
+                                                if (src.repoURL && src.targetRevision && (src.path || src.chart)) {
+                                                    return services.repos.appDetails(src, src.appName, app.spec.project, 0, 0).catch(() => ({
+                                                        type: 'Directory',
+                                                        details: {}
+                                                    }));
+                                                } else {
+                                                    return {
+                                                        type: 'Directory',
+                                                        details: {}
+                                                    };
+                                                }
+                                            }}>
+                                            {(details: models.RepoAppDetails) => {
+                                                const type = (explicitPathType && explicitPathType.path === app.spec.source.path && explicitPathType.type) || details.type;
+                                                if (details.type !== type) {
+                                                    switch (type) {
+                                                        case 'Helm':
+                                                            details = {
+                                                                type,
+                                                                path: details.path,
+                                                                helm: {name: '', valueFiles: [], path: '', parameters: [], fileParameters: []}
+                                                            };
+                                                            break;
+                                                        case 'Kustomize':
+                                                            details = {type, path: details.path, kustomize: {path: ''}};
+                                                            break;
+                                                        case 'Plugin':
+                                                            details = {type, path: details.path, plugin: {name: '', env: []}};
+                                                            break;
+                                                        // Directory
+                                                        default:
+                                                            details = {type, path: details.path, directory: {}};
+                                                            break;
                                                     }
-                                                    return (
-                                                        <React.Fragment>
-                                                            <DropDownMenu
-                                                                anchor={() => (
-                                                                    <p>
-                                                                        {type} <i className='fa fa-caret-down' />
-                                                                    </p>
-                                                                )}
-                                                                qeId='application-create-dropdown-source'
-                                                                items={appTypes.map(item => ({
-                                                                    title: item.type,
-                                                                    action: () => {
-                                                                        setExplicitPathType({type: item.type, path: app.spec.source.path});
-                                                                        normalizeTypeFields(api, item.type);
-                                                                    }
-                                                                }))}
-                                                            />
-                                                            <ApplicationParameters
-                                                                noReadonlyMode={true}
-                                                                application={app}
-                                                                details={details}
-                                                                save={async updatedApp => {
-                                                                    api.setAllValues(updatedApp);
-                                                                }}
-                                                            />
-                                                        </React.Fragment>
-                                                    );
-                                                }}
-                                            </DataLoader>
-                                        );
+                                                }
+                                                return (
+                                                    <React.Fragment>
+                                                        <DropDownMenu
+                                                            anchor={() => (
+                                                                <p>
+                                                                    {type} <i className='fa fa-caret-down' />
+                                                                </p>
+                                                            )}
+                                                            qeId='application-create-dropdown-source'
+                                                            items={appTypes.map(item => ({
+                                                                title: item.type,
+                                                                action: () => {
+                                                                    setExplicitPathType({type: item.type, path: app.spec.source.path});
+                                                                    normalizeTypeFields(api, item.type);
+                                                                }
+                                                            }))}
+                                                        />
+                                                        <ApplicationParameters
+                                                            noReadonlyMode={true}
+                                                            application={app}
+                                                            details={details}
+                                                            save={async updatedApp => {
+                                                                api.setAllValues(updatedApp);
+                                                            }}
+                                                        />
+                                                    </React.Fragment>
+                                                );
+                                            }}
+                                        </DataLoader>
+                                    );
 
-                                        return (
-                                            <form onSubmit={api.submitForm} role='form' className='width-control'>
-                                                {generalPanel()}
+                                    return (
+                                        <form onSubmit={api.submitForm} role='form' className='width-control'>
+                                            {generalPanel()}
 
-                                                {sourcePanel()}
+                                            {sourcePanel()}
 
-                                                {destinationPanel()}
+                                            {destinationPanel()}
 
-                                                {typePanel()}
-                                            </form>
-                                        );
-                                    }}
-                                </Form>
-                            )}
-                        </div>
-                    );
-                }}
-            </DataLoader>
-        </React.Fragment>
+                                            {typePanel()}
+                                        </form>
+                                    );
+                                }}
+                            </Form>
+                        )}
+                    </div>
+                );
+            }}
+        </DataLoader>
     );
 };
diff --git a/ui/src/app/applications/components/application-create-panel/set-finalizer-on-application.tsx b/ui/src/app/applications/components/application-create-panel/set-finalizer-on-application.tsx
index ced113d0040fe..d1e512cf9c637 100644
--- a/ui/src/app/applications/components/application-create-panel/set-finalizer-on-application.tsx
+++ b/ui/src/app/applications/components/application-create-panel/set-finalizer-on-application.tsx
@@ -12,29 +12,27 @@ export const SetFinalizerOnApplication = ReactForm.FormField((props: {fieldApi:
     const isChecked = index < 0 ? false : true;
     return (
         <div className='small-12 large-6' style={{borderBottom: '0'}}>
-            <React.Fragment>
-                <Checkbox
-                    id='set-finalizer'
-                    checked={isChecked}
-                    onChange={(state: boolean) => {
-                        const value = getValue() || [];
-                        if (!state) {
-                            const i = value.findIndex((item: string) => item === finalizerVal);
-                            if (i >= 0) {
-                                const tmp = value.slice();
-                                tmp.splice(i, 1);
-                                setValue(tmp);
-                            }
-                        } else {
+            <Checkbox
+                id='set-finalizer'
+                checked={isChecked}
+                onChange={(state: boolean) => {
+                    const value = getValue() || [];
+                    if (!state) {
+                        const i = value.findIndex((item: string) => item === finalizerVal);
+                        if (i >= 0) {
                             const tmp = value.slice();
-                            tmp.push(finalizerVal);
+                            tmp.splice(i, 1);
                             setValue(tmp);
                         }
-                    }}
-                />
-                <label htmlFor={`set-finalizer`}>Set Deletion Finalizer</label>
-                <HelpIcon title='If checked, the resources deletion finalizer will be set on the application. Potentially destructive, refer to the documentation for more information on the effects of the finalizer.' />
-            </React.Fragment>
+                    } else {
+                        const tmp = value.slice();
+                        tmp.push(finalizerVal);
+                        setValue(tmp);
+                    }
+                }}
+            />
+            <label htmlFor={`set-finalizer`}>Set Deletion Finalizer</label>
+            <HelpIcon title='If checked, the resources deletion finalizer will be set on the application. Potentially destructive, refer to the documentation for more information on the effects of the finalizer.' />
         </div>
     );
 });
diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx b/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx
index 41fe11fe63ca8..95c0f18630f7b 100644
--- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx
+++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history-details.tsx
@@ -61,17 +61,15 @@ export const ApplicationDeploymentHistoryDetails = ({app, info, index}: props) =
 
     const getExpandedSection = (index?: number): React.ReactFragment => {
         return (
-            <React.Fragment>
-                <div id={index ? `'show-parameters-'${index}` : 'show-parameters'} className='editable-panel__collapsible-button' style={{zIndex: 1001}}>
-                    <i
-                        className={`fa fa-angle-up filter__collapse editable-panel__collapsible-button__override`}
-                        onClick={() => {
-                            setShowParameterDetails(!showParameterDetails);
-                            updateMap(index);
-                        }}
-                    />
-                </div>
-            </React.Fragment>
+            <div id={index ? `'show-parameters-'${index}` : 'show-parameters'} className='editable-panel__collapsible-button' style={{zIndex: 1001}}>
+                <i
+                    className={`fa fa-angle-up filter__collapse editable-panel__collapsible-button__override`}
+                    onClick={() => {
+                        setShowParameterDetails(!showParameterDetails);
+                        updateMap(index);
+                    }}
+                />
+            </div>
         );
     };
 
diff --git a/ui/src/app/applications/components/application-node-info/application-node-info.tsx b/ui/src/app/applications/components/application-node-info/application-node-info.tsx
index e98a56aaf14b0..62789de8ceb54 100644
--- a/ui/src/app/applications/components/application-node-info/application-node-info.tsx
+++ b/ui/src/app/applications/components/application-node-info/application-node-info.tsx
@@ -60,12 +60,9 @@ const RenderContainerState = (props: {container: any}) => {
                         {' '}
                         It exited with <span className='application-node-info__container--highlight'>exit code {props.container.state.terminated.exitCode}.</span>
                     </>
-                )}
-                <>
-                    {' '}
-                    It is <span className='application-node-info__container--highlight'>{props.container?.started ? 'started' : 'not started'}</span>
-                    <span className='application-node-info__container--highlight'>{status === 'Completed' ? '.' : props.container?.ready ? ' and ready.' : ' and not ready.'}</span>
-                </>
+                )}{' '}
+                It is <span className='application-node-info__container--highlight'>{props.container?.started ? 'started' : 'not started'}</span>
+                <span className='application-node-info__container--highlight'>{status === 'Completed' ? '.' : props.container?.ready ? ' and ready.' : ' and not ready.'}</span>
                 <br />
                 {lastState && (
                     <>
diff --git a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx
index 2d494af941d3d..856e0d2c57161 100644
--- a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx
+++ b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx
@@ -50,29 +50,27 @@ export class ApplicationParametersSource<T = {}> extends React.Component<Applica
                 {ctx => (
                     <div className={classNames({'editable-panel--disabled': this.state.savingTop})}>
                         {this.props.floatingTitle && <div className='white-box--additional-top-space editable-panel__sticky-title'>{this.props.floatingTitle}</div>}
-                        <React.Fragment>
-                            <EditableSection
-                                uniqueId={'top_' + this.props.index}
-                                title={this.props.titleTop}
-                                view={this.props.viewTop}
-                                values={this.props.valuesTop}
-                                items={this.props.itemsTop}
-                                validate={this.props.validateTop}
-                                save={this.props.saveTop}
-                                onModeSwitch={() => this.onModeSwitch()}
-                                noReadonlyMode={this.props.noReadonlyMode}
-                                edit={this.props.editTop}
-                                collapsible={this.props.collapsible}
-                                ctx={ctx}
-                                isTopSection={true}
-                                disabledState={this.state.editTop || this.state.editTop === null}
-                                disabledDelete={this.props.numberOfSources <= 1}
-                                updateButtons={editClicked => {
-                                    this.setState({editBottom: editClicked});
-                                }}
-                                deleteSource={this.props.deleteSource}
-                            />
-                        </React.Fragment>
+                        <EditableSection
+                            uniqueId={'top_' + this.props.index}
+                            title={this.props.titleTop}
+                            view={this.props.viewTop}
+                            values={this.props.valuesTop}
+                            items={this.props.itemsTop}
+                            validate={this.props.validateTop}
+                            save={this.props.saveTop}
+                            onModeSwitch={() => this.onModeSwitch()}
+                            noReadonlyMode={this.props.noReadonlyMode}
+                            edit={this.props.editTop}
+                            collapsible={this.props.collapsible}
+                            ctx={ctx}
+                            isTopSection={true}
+                            disabledState={this.state.editTop || this.state.editTop === null}
+                            disabledDelete={this.props.numberOfSources <= 1}
+                            updateButtons={editClicked => {
+                                this.setState({editBottom: editClicked});
+                            }}
+                            deleteSource={this.props.deleteSource}
+                        />
                         {this.props.itemsTop && (
                             <React.Fragment>
                                 <div className='row white-box__details-row'>
@@ -81,27 +79,25 @@ export class ApplicationParametersSource<T = {}> extends React.Component<Applica
                                 <div className='white-box--no-padding editable-panel__divider' />
                             </React.Fragment>
                         )}
-                        <React.Fragment>
-                            <EditableSection
-                                uniqueId={'bottom_' + this.props.index}
-                                title={this.props.titleBottom}
-                                view={this.props.viewBottom}
-                                values={this.props.valuesBottom}
-                                items={this.props.itemsBottom}
-                                validate={this.props.validateBottom}
-                                save={this.props.saveBottom}
-                                onModeSwitch={() => this.onModeSwitch()}
-                                noReadonlyMode={this.props.noReadonlyMode}
-                                edit={this.props.editBottom}
-                                collapsible={this.props.collapsible}
-                                ctx={ctx}
-                                isTopSection={false}
-                                disabledState={this.state.editBottom || this.state.editBottom === null}
-                                updateButtons={editClicked => {
-                                    this.setState({editTop: editClicked});
-                                }}
-                            />
-                        </React.Fragment>
+                        <EditableSection
+                            uniqueId={'bottom_' + this.props.index}
+                            title={this.props.titleBottom}
+                            view={this.props.viewBottom}
+                            values={this.props.valuesBottom}
+                            items={this.props.itemsBottom}
+                            validate={this.props.validateBottom}
+                            save={this.props.saveBottom}
+                            onModeSwitch={() => this.onModeSwitch()}
+                            noReadonlyMode={this.props.noReadonlyMode}
+                            edit={this.props.editBottom}
+                            collapsible={this.props.collapsible}
+                            ctx={ctx}
+                            isTopSection={false}
+                            disabledState={this.state.editBottom || this.state.editBottom === null}
+                            updateButtons={editClicked => {
+                                this.setState({editTop: editClicked});
+                            }}
+                        />
                     </div>
                 )}
             </Consumer>
diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx
index a47e295c02dc3..dac7335b99939 100644
--- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx
+++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx
@@ -318,16 +318,14 @@ export const ApplicationParameters = (props: {
             <div key={'app_params_expanded_' + index} className={classNames('white-box', 'editable-panel')} style={{marginBottom: '18px', paddingBottom: '20px'}}>
                 <div key={'app_params_panel_' + index} className='white-box__details'>
                     {collapsible && (
-                        <React.Fragment>
-                            <div className='editable-panel__collapsible-button'>
-                                <i
-                                    className={`fa fa-angle-up filter__collapse editable-panel__collapsible-button__override`}
-                                    onClick={() => {
-                                        props.handleCollapse(index, !props.collapsedSources[index]);
-                                    }}
-                                />
-                            </div>
-                        </React.Fragment>
+                        <div className='editable-panel__collapsible-button'>
+                            <i
+                                className={`fa fa-angle-up filter__collapse editable-panel__collapsible-button__override`}
+                                onClick={() => {
+                                    props.handleCollapse(index, !props.collapsedSources[index]);
+                                }}
+                            />
+                        </div>
                     )}
                     <DataLoader
                         key={'app_params_source_' + index}
diff --git a/ui/src/app/applications/components/application-parameters/source-panel.tsx b/ui/src/app/applications/components/application-parameters/source-panel.tsx
index 130510f4b76dd..c3877b0c5dea8 100644
--- a/ui/src/app/applications/components/application-parameters/source-panel.tsx
+++ b/ui/src/app/applications/components/application-parameters/source-panel.tsx
@@ -86,133 +86,170 @@ export const SourcePanel = (props: {
     }
 
     return (
-        <React.Fragment>
-            <DataLoader key='add-new-source' load={() => Promise.all([services.repos.list()]).then(([reposInfo]) => ({reposInfo}))}>
-                {({reposInfo}) => {
-                    const repos = reposInfo.map(info => info.repo).sort();
-                    return (
-                        <div className='new-source-panel'>
-                            <Form
-                                validateError={(a: models.Application) => {
-                                    let samePath = false;
-                                    let sameChartVersion = false;
-                                    let pathError = null;
-                                    let chartError = null;
-                                    if (a.spec.source.repoURL && a.spec.source.path) {
-                                        props.appCurrent.spec.sources.forEach(source => {
-                                            if (source.repoURL === a.spec.source.repoURL && source.path === a.spec.source.path) {
-                                                samePath = true;
-                                                pathError = 'Provided path in the selected repository URL was already added to this multi-source application';
-                                            }
-                                        });
-                                    }
-                                    if (a.spec?.source?.repoURL && a.spec?.source?.chart) {
-                                        props.appCurrent.spec.sources.forEach(source => {
-                                            if (
-                                                source?.repoURL === a.spec?.source?.repoURL &&
-                                                source?.chart === a.spec?.source?.chart &&
-                                                source?.targetRevision === a.spec?.source?.targetRevision
-                                            ) {
-                                                sameChartVersion = true;
-                                                chartError =
-                                                    'Version ' +
-                                                    source?.targetRevision +
-                                                    ' of chart ' +
-                                                    source?.chart +
-                                                    ' from the selected repository was already added to this multi-source application';
-                                            }
-                                        });
-                                    }
-                                    if (!samePath) {
-                                        if (!a.spec?.source?.path && !a.spec?.source?.chart && !a.spec?.source?.ref) {
-                                            pathError = 'Path or Ref is required';
+        <DataLoader key='add-new-source' load={() => Promise.all([services.repos.list()]).then(([reposInfo]) => ({reposInfo}))}>
+            {({reposInfo}) => {
+                const repos = reposInfo.map(info => info.repo).sort();
+                return (
+                    <div className='new-source-panel'>
+                        <Form
+                            validateError={(a: models.Application) => {
+                                let samePath = false;
+                                let sameChartVersion = false;
+                                let pathError = null;
+                                let chartError = null;
+                                if (a.spec.source.repoURL && a.spec.source.path) {
+                                    props.appCurrent.spec.sources.forEach(source => {
+                                        if (source.repoURL === a.spec.source.repoURL && source.path === a.spec.source.path) {
+                                            samePath = true;
+                                            pathError = 'Provided path in the selected repository URL was already added to this multi-source application';
                                         }
-                                    }
-                                    if (!sameChartVersion) {
-                                        if (!a.spec?.source?.chart && !a.spec?.source?.path && !a.spec?.source?.ref) {
-                                            chartError = 'Chart is required';
+                                    });
+                                }
+                                if (a.spec?.source?.repoURL && a.spec?.source?.chart) {
+                                    props.appCurrent.spec.sources.forEach(source => {
+                                        if (
+                                            source?.repoURL === a.spec?.source?.repoURL &&
+                                            source?.chart === a.spec?.source?.chart &&
+                                            source?.targetRevision === a.spec?.source?.targetRevision
+                                        ) {
+                                            sameChartVersion = true;
+                                            chartError =
+                                                'Version ' +
+                                                source?.targetRevision +
+                                                ' of chart ' +
+                                                source?.chart +
+                                                ' from the selected repository was already added to this multi-source application';
                                         }
+                                    });
+                                }
+                                if (!samePath) {
+                                    if (!a.spec?.source?.path && !a.spec?.source?.chart && !a.spec?.source?.ref) {
+                                        pathError = 'Path or Ref is required';
                                     }
-                                    return {
-                                        'spec.source.repoURL': !a.spec?.source?.repoURL && 'Repository URL is required',
-                                        // eslint-disable-next-line no-prototype-builtins
-                                        'spec.source.targetRevision': !a.spec?.source?.targetRevision && a.spec?.source?.hasOwnProperty('chart') && 'Version is required',
-                                        'spec.source.path': pathError,
-                                        'spec.source.chart': chartError
-                                    };
-                                }}
-                                defaultValues={appInEdit}
-                                onSubmitFailure={(errors: FormErrors) => {
-                                    let errorString: string = '';
-                                    let i = 0;
-                                    for (const key in errors) {
-                                        if (errors[key]) {
-                                            i++;
-                                            errorString = errorString.concat(i + '. ' + errors[key] + ' ');
-                                        }
+                                }
+                                if (!sameChartVersion) {
+                                    if (!a.spec?.source?.chart && !a.spec?.source?.path && !a.spec?.source?.ref) {
+                                        chartError = 'Chart is required';
                                     }
-                                    props.onSubmitFailure(errorString);
-                                }}
-                                onSubmit={values => {
-                                    props.updateApp(values as models.Application);
-                                }}
-                                getApi={props.getFormApi}>
-                                {api => {
-                                    const repoType = api.getFormState().values.spec?.source?.repoURL.startsWith('oci://')
-                                        ? 'oci'
-                                        : (api.getFormState().values.spec?.source?.chart && 'helm') || 'git';
-                                    const repoInfo = reposInfo.find(info => info.repo === api.getFormState().values.spec?.source?.repoURL);
-                                    if (repoInfo) {
-                                        normalizeAppSource(appInEdit, repoInfo.type || 'git');
+                                }
+                                return {
+                                    'spec.source.repoURL': !a.spec?.source?.repoURL && 'Repository URL is required',
+                                    // eslint-disable-next-line no-prototype-builtins
+                                    'spec.source.targetRevision': !a.spec?.source?.targetRevision && a.spec?.source?.hasOwnProperty('chart') && 'Version is required',
+                                    'spec.source.path': pathError,
+                                    'spec.source.chart': chartError
+                                };
+                            }}
+                            defaultValues={appInEdit}
+                            onSubmitFailure={(errors: FormErrors) => {
+                                let errorString: string = '';
+                                let i = 0;
+                                for (const key in errors) {
+                                    if (errors[key]) {
+                                        i++;
+                                        errorString = errorString.concat(i + '. ' + errors[key] + ' ');
                                     }
-                                    const sourcePanel = () => (
-                                        <div className='white-box'>
-                                            <p>SOURCE</p>
-                                            <div className='row argo-form-row'>
-                                                <div className='columns small-10'>
-                                                    <FormField
-                                                        formApi={api}
-                                                        label='Repository URL'
-                                                        field='spec.source.repoURL'
-                                                        component={AutocompleteField}
-                                                        componentProps={{items: repos}}
-                                                    />
-                                                </div>
-                                                <div className='columns small-2'>
-                                                    <div style={{paddingTop: '1.5em'}}>
-                                                        {(repoInfo && (
-                                                            <React.Fragment>
-                                                                <span>{(repoInfo.type || 'git').toUpperCase()}</span> <i className='fa fa-check' />
-                                                            </React.Fragment>
-                                                        )) || (
-                                                            <DropDownMenu
-                                                                anchor={() => (
-                                                                    <p>
-                                                                        {repoType.toUpperCase()} <i className='fa fa-caret-down' />
-                                                                    </p>
-                                                                )}
-                                                                items={['git', 'helm', 'oci'].map((type: 'git' | 'helm' | 'oci') => ({
-                                                                    title: type.toUpperCase(),
-                                                                    action: () => {
-                                                                        if (repoType !== type) {
-                                                                            const updatedApp = api.getFormState().values as models.Application;
-                                                                            if (normalizeAppSource(updatedApp, type)) {
-                                                                                api.setAllValues(updatedApp);
-                                                                            }
+                                }
+                                props.onSubmitFailure(errorString);
+                            }}
+                            onSubmit={values => {
+                                props.updateApp(values as models.Application);
+                            }}
+                            getApi={props.getFormApi}>
+                            {api => {
+                                const repoType = api.getFormState().values.spec?.source?.repoURL.startsWith('oci://')
+                                    ? 'oci'
+                                    : (api.getFormState().values.spec?.source?.chart && 'helm') || 'git';
+                                const repoInfo = reposInfo.find(info => info.repo === api.getFormState().values.spec?.source?.repoURL);
+                                if (repoInfo) {
+                                    normalizeAppSource(appInEdit, repoInfo.type || 'git');
+                                }
+                                const sourcePanel = () => (
+                                    <div className='white-box'>
+                                        <p>SOURCE</p>
+                                        <div className='row argo-form-row'>
+                                            <div className='columns small-10'>
+                                                <FormField
+                                                    formApi={api}
+                                                    label='Repository URL'
+                                                    field='spec.source.repoURL'
+                                                    component={AutocompleteField}
+                                                    componentProps={{items: repos}}
+                                                />
+                                            </div>
+                                            <div className='columns small-2'>
+                                                <div style={{paddingTop: '1.5em'}}>
+                                                    {(repoInfo && (
+                                                        <React.Fragment>
+                                                            <span>{(repoInfo.type || 'git').toUpperCase()}</span> <i className='fa fa-check' />
+                                                        </React.Fragment>
+                                                    )) || (
+                                                        <DropDownMenu
+                                                            anchor={() => (
+                                                                <p>
+                                                                    {repoType.toUpperCase()} <i className='fa fa-caret-down' />
+                                                                </p>
+                                                            )}
+                                                            items={['git', 'helm', 'oci'].map((type: 'git' | 'helm' | 'oci') => ({
+                                                                title: type.toUpperCase(),
+                                                                action: () => {
+                                                                    if (repoType !== type) {
+                                                                        const updatedApp = api.getFormState().values as models.Application;
+                                                                        if (normalizeAppSource(updatedApp, type)) {
+                                                                            api.setAllValues(updatedApp);
                                                                         }
                                                                     }
-                                                                }))}
+                                                                }
+                                                            }))}
+                                                        />
+                                                    )}
+                                                </div>
+                                            </div>
+                                        </div>
+                                        <div className='row argo-form-row'>
+                                            <div className='columns small-10'>
+                                                <FormField formApi={api} label='Name' field={'spec.source.name'} component={Text}></FormField>
+                                            </div>
+                                        </div>
+                                        {(repoType === 'oci' && (
+                                            <React.Fragment>
+                                                <RevisionFormField
+                                                    formApi={api}
+                                                    helpIconTop={'2.5em'}
+                                                    repoURL={api.getFormState().values.spec?.source?.repoURL}
+                                                    repoType={repoType}
+                                                />
+                                                <div className='argo-form-row'>
+                                                    <DataLoader
+                                                        input={{
+                                                            repoURL: api.getFormState().values.spec?.source?.repoURL,
+                                                            revision: api.getFormState().values.spec?.source?.targetRevision
+                                                        }}
+                                                        load={async src =>
+                                                            src.repoURL &&
+                                                            // TODO: for autocomplete we need to fetch paths that are used by other apps within the same project making use of the same OCI repo
+                                                            new Array<string>()
+                                                        }>
+                                                        {(paths: string[]) => (
+                                                            <FormField
+                                                                formApi={api}
+                                                                label='Path'
+                                                                field='spec.source.path'
+                                                                component={AutocompleteField}
+                                                                componentProps={{
+                                                                    items: paths,
+                                                                    filterSuggestions: true
+                                                                }}
                                                             />
                                                         )}
-                                                    </div>
+                                                    </DataLoader>
                                                 </div>
-                                            </div>
-                                            <div className='row argo-form-row'>
-                                                <div className='columns small-10'>
-                                                    <FormField formApi={api} label='Name' field={'spec.source.name'} component={Text}></FormField>
+                                                <div className='argo-form-row'>
+                                                    <FormField formApi={api} label='Ref' field={'spec.source.ref'} component={Text}></FormField>
                                                 </div>
-                                            </div>
-                                            {(repoType === 'oci' && (
+                                            </React.Fragment>
+                                        )) ||
+                                            (repoType === 'git' && (
                                                 <React.Fragment>
                                                     <RevisionFormField
                                                         formApi={api}
@@ -227,18 +264,21 @@ export const SourcePanel = (props: {
                                                                 revision: api.getFormState().values.spec?.source?.targetRevision
                                                             }}
                                                             load={async src =>
-                                                                src.repoURL &&
-                                                                // TODO: for autocomplete we need to fetch paths that are used by other apps within the same project making use of the same OCI repo
+                                                                (src.repoURL &&
+                                                                    (await services.repos
+                                                                        .apps(src.repoURL, src.revision, appInEdit.metadata.name, props.appCurrent.spec.project)
+                                                                        .then(apps => Array.from(new Set(apps.map(item => item.path))).sort())
+                                                                        .catch(() => new Array<string>()))) ||
                                                                 new Array<string>()
                                                             }>
-                                                            {(paths: string[]) => (
+                                                            {(apps: string[]) => (
                                                                 <FormField
                                                                     formApi={api}
                                                                     label='Path'
                                                                     field='spec.source.path'
                                                                     component={AutocompleteField}
                                                                     componentProps={{
-                                                                        items: paths,
+                                                                        items: apps,
                                                                         filterSuggestions: true
                                                                     }}
                                                                 />
@@ -249,178 +289,136 @@ export const SourcePanel = (props: {
                                                         <FormField formApi={api} label='Ref' field={'spec.source.ref'} component={Text}></FormField>
                                                     </div>
                                                 </React.Fragment>
-                                            )) ||
-                                                (repoType === 'git' && (
-                                                    <React.Fragment>
-                                                        <RevisionFormField
-                                                            formApi={api}
-                                                            helpIconTop={'2.5em'}
-                                                            repoURL={api.getFormState().values.spec?.source?.repoURL}
-                                                            repoType={repoType}
-                                                        />
-                                                        <div className='argo-form-row'>
-                                                            <DataLoader
-                                                                input={{
-                                                                    repoURL: api.getFormState().values.spec?.source?.repoURL,
-                                                                    revision: api.getFormState().values.spec?.source?.targetRevision
-                                                                }}
-                                                                load={async src =>
-                                                                    (src.repoURL &&
-                                                                        (await services.repos
-                                                                            .apps(src.repoURL, src.revision, appInEdit.metadata.name, props.appCurrent.spec.project)
-                                                                            .then(apps => Array.from(new Set(apps.map(item => item.path))).sort())
-                                                                            .catch(() => new Array<string>()))) ||
-                                                                    new Array<string>()
-                                                                }>
-                                                                {(apps: string[]) => (
+                                            )) || (
+                                                <DataLoader
+                                                    input={{repoURL: api.getFormState().values.spec.source.repoURL}}
+                                                    load={async src =>
+                                                        (src.repoURL && services.repos.charts(src.repoURL).catch(() => new Array<models.HelmChart>())) ||
+                                                        new Array<models.HelmChart>()
+                                                    }>
+                                                    {(charts: models.HelmChart[]) => {
+                                                        const selectedChart = charts.find(chart => chart.name === api.getFormState().values.spec?.source?.chart);
+                                                        return (
+                                                            <div className='row argo-form-row'>
+                                                                <div className='columns small-10'>
                                                                     <FormField
                                                                         formApi={api}
-                                                                        label='Path'
-                                                                        field='spec.source.path'
+                                                                        label='Chart'
+                                                                        field='spec.source.chart'
                                                                         component={AutocompleteField}
                                                                         componentProps={{
-                                                                            items: apps,
+                                                                            items: charts.map(chart => chart.name),
                                                                             filterSuggestions: true
                                                                         }}
                                                                     />
-                                                                )}
-                                                            </DataLoader>
-                                                        </div>
-                                                        <div className='argo-form-row'>
-                                                            <FormField formApi={api} label='Ref' field={'spec.source.ref'} component={Text}></FormField>
-                                                        </div>
-                                                    </React.Fragment>
-                                                )) || (
-                                                    <DataLoader
-                                                        input={{repoURL: api.getFormState().values.spec.source.repoURL}}
-                                                        load={async src =>
-                                                            (src.repoURL && services.repos.charts(src.repoURL).catch(() => new Array<models.HelmChart>())) ||
-                                                            new Array<models.HelmChart>()
-                                                        }>
-                                                        {(charts: models.HelmChart[]) => {
-                                                            const selectedChart = charts.find(chart => chart.name === api.getFormState().values.spec?.source?.chart);
-                                                            return (
-                                                                <div className='row argo-form-row'>
-                                                                    <div className='columns small-10'>
-                                                                        <FormField
-                                                                            formApi={api}
-                                                                            label='Chart'
-                                                                            field='spec.source.chart'
-                                                                            component={AutocompleteField}
-                                                                            componentProps={{
-                                                                                items: charts.map(chart => chart.name),
-                                                                                filterSuggestions: true
-                                                                            }}
-                                                                        />
-                                                                    </div>
-                                                                    <div className='columns small-2'>
-                                                                        <FormField
-                                                                            formApi={api}
-                                                                            field='spec.source.targetRevision'
-                                                                            component={AutocompleteField}
-                                                                            componentProps={{
-                                                                                items: (selectedChart && selectedChart.versions) || []
-                                                                            }}
-                                                                        />
-                                                                        <RevisionHelpIcon type='helm' />
-                                                                    </div>
                                                                 </div>
-                                                            );
-                                                        }}
-                                                    </DataLoader>
-                                                )}
-                                        </div>
-                                    );
+                                                                <div className='columns small-2'>
+                                                                    <FormField
+                                                                        formApi={api}
+                                                                        field='spec.source.targetRevision'
+                                                                        component={AutocompleteField}
+                                                                        componentProps={{
+                                                                            items: (selectedChart && selectedChart.versions) || []
+                                                                        }}
+                                                                    />
+                                                                    <RevisionHelpIcon type='helm' />
+                                                                </div>
+                                                            </div>
+                                                        );
+                                                    }}
+                                                </DataLoader>
+                                            )}
+                                    </div>
+                                );
 
-                                    const typePanel = () => (
-                                        <DataLoader
-                                            input={{
-                                                repoURL: appInEdit.spec?.source?.repoURL,
-                                                path: appInEdit.spec?.source?.path,
-                                                chart: appInEdit.spec?.source?.chart,
-                                                targetRevision: appInEdit.spec?.source?.targetRevision,
-                                                appName: appInEdit.metadata.name
-                                            }}
-                                            load={async src => {
-                                                if (src?.repoURL && src?.targetRevision && (src?.path || src?.chart)) {
-                                                    return services.repos.appDetails(src, src?.appName, props.appCurrent.spec?.project, 0, 0).catch(() => ({
-                                                        type: 'Directory',
-                                                        details: {}
-                                                    }));
-                                                } else {
-                                                    return {
-                                                        type: 'Directory',
-                                                        details: {}
-                                                    };
-                                                }
-                                            }}>
-                                            {(details: models.RepoAppDetails) => {
-                                                const type = (explicitPathType && explicitPathType.path === appInEdit.spec?.source?.path && explicitPathType.type) || details.type;
-                                                if (details.type !== type) {
-                                                    switch (type) {
-                                                        case 'Helm':
-                                                            details = {
-                                                                type,
-                                                                path: details.path,
-                                                                helm: {name: '', valueFiles: [], path: '', parameters: [], fileParameters: []}
-                                                            };
-                                                            break;
-                                                        case 'Kustomize':
-                                                            details = {type, path: details.path, kustomize: {path: ''}};
-                                                            break;
-                                                        case 'Plugin':
-                                                            details = {type, path: details.path, plugin: {name: '', env: []}};
-                                                            break;
-                                                        // Directory
-                                                        default:
-                                                            details = {type, path: details.path, directory: {}};
-                                                            break;
-                                                    }
+                                const typePanel = () => (
+                                    <DataLoader
+                                        input={{
+                                            repoURL: appInEdit.spec?.source?.repoURL,
+                                            path: appInEdit.spec?.source?.path,
+                                            chart: appInEdit.spec?.source?.chart,
+                                            targetRevision: appInEdit.spec?.source?.targetRevision,
+                                            appName: appInEdit.metadata.name
+                                        }}
+                                        load={async src => {
+                                            if (src?.repoURL && src?.targetRevision && (src?.path || src?.chart)) {
+                                                return services.repos.appDetails(src, src?.appName, props.appCurrent.spec?.project, 0, 0).catch(() => ({
+                                                    type: 'Directory',
+                                                    details: {}
+                                                }));
+                                            } else {
+                                                return {
+                                                    type: 'Directory',
+                                                    details: {}
+                                                };
+                                            }
+                                        }}>
+                                        {(details: models.RepoAppDetails) => {
+                                            const type = (explicitPathType && explicitPathType.path === appInEdit.spec?.source?.path && explicitPathType.type) || details.type;
+                                            if (details.type !== type) {
+                                                switch (type) {
+                                                    case 'Helm':
+                                                        details = {
+                                                            type,
+                                                            path: details.path,
+                                                            helm: {name: '', valueFiles: [], path: '', parameters: [], fileParameters: []}
+                                                        };
+                                                        break;
+                                                    case 'Kustomize':
+                                                        details = {type, path: details.path, kustomize: {path: ''}};
+                                                        break;
+                                                    case 'Plugin':
+                                                        details = {type, path: details.path, plugin: {name: '', env: []}};
+                                                        break;
+                                                    // Directory
+                                                    default:
+                                                        details = {type, path: details.path, directory: {}};
+                                                        break;
                                                 }
-                                                return (
-                                                    <React.Fragment>
-                                                        <DropDownMenu
-                                                            anchor={() => (
-                                                                <p>
-                                                                    {type} <i className='fa fa-caret-down' />
-                                                                </p>
-                                                            )}
-                                                            items={appTypes.map(item => ({
-                                                                title: item.type,
-                                                                action: () => {
-                                                                    setExplicitPathType({type: item.type, path: appInEdit.spec?.source?.path});
-                                                                    normalizeTypeFields(api, item.type);
-                                                                }
-                                                            }))}
-                                                        />
-                                                        <ApplicationParameters
-                                                            noReadonlyMode={true}
-                                                            application={api.getFormState().values as models.Application}
-                                                            details={details}
-                                                            tempSource={appInEdit.spec.source}
-                                                            save={async updatedApp => {
-                                                                api.setAllValues(updatedApp);
-                                                            }}
-                                                        />
-                                                    </React.Fragment>
-                                                );
-                                            }}
-                                        </DataLoader>
-                                    );
+                                            }
+                                            return (
+                                                <React.Fragment>
+                                                    <DropDownMenu
+                                                        anchor={() => (
+                                                            <p>
+                                                                {type} <i className='fa fa-caret-down' />
+                                                            </p>
+                                                        )}
+                                                        items={appTypes.map(item => ({
+                                                            title: item.type,
+                                                            action: () => {
+                                                                setExplicitPathType({type: item.type, path: appInEdit.spec?.source?.path});
+                                                                normalizeTypeFields(api, item.type);
+                                                            }
+                                                        }))}
+                                                    />
+                                                    <ApplicationParameters
+                                                        noReadonlyMode={true}
+                                                        application={api.getFormState().values as models.Application}
+                                                        details={details}
+                                                        tempSource={appInEdit.spec.source}
+                                                        save={async updatedApp => {
+                                                            api.setAllValues(updatedApp);
+                                                        }}
+                                                    />
+                                                </React.Fragment>
+                                            );
+                                        }}
+                                    </DataLoader>
+                                );
 
-                                    return (
-                                        <form onSubmit={api.submitForm} role='form' className='width-control'>
-                                            {sourcePanel()}
+                                return (
+                                    <form onSubmit={api.submitForm} role='form' className='width-control'>
+                                        {sourcePanel()}
 
-                                            {typePanel()}
-                                        </form>
-                                    );
-                                }}
-                            </Form>
-                        </div>
-                    );
-                }}
-            </DataLoader>
-        </React.Fragment>
+                                        {typePanel()}
+                                    </form>
+                                );
+                            }}
+                        </Form>
+                    </div>
+                );
+            }}
+        </DataLoader>
     );
 };
diff --git a/ui/src/app/applications/components/application-pod-view/pod-view.tsx b/ui/src/app/applications/components/application-pod-view/pod-view.tsx
index 8784da60b8bd6..b7ce3ad959697 100644
--- a/ui/src/app/applications/components/application-pod-view/pod-view.tsx
+++ b/ui/src/app/applications/components/application-pod-view/pod-view.tsx
@@ -122,7 +122,7 @@ export class PodView extends React.Component<PodViewProps> {
                                 <div className='pod-view__nodes-container'>
                                     {groups.map(group => {
                                         if (group.type === 'node' && group.name === 'Unschedulable' && podPrefs.hideUnschedulable) {
-                                            return <React.Fragment />;
+                                            return null;
                                         }
                                         return (
                                             <div className={`pod-view__node white-box ${group.kind === 'node' && 'pod-view__node--large'}`} key={group.fullName || group.name}>
diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx
index af65bb6caa056..10ccb032a3aae 100644
--- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx
+++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx
@@ -201,87 +201,83 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
                 </div>
             )}
             <div className='application-status-panel__item'>
-                <React.Fragment>
-                    {sectionHeader(
-                        {
-                            title: 'SYNC STATUS',
-                            helpContent: 'Whether or not the version of your app is up to date with your repo. You may wish to sync your app if it is out-of-sync.'
-                        },
-                        () => showMetadataInfo(application.status.sync ? 'SYNC_STATUS_REVISION' : null)
-                    )}
-                    <div className={`application-status-panel__item-value${appOperationState?.phase ? ` application-status-panel__item-value--${appOperationState.phase}` : ''}`}>
-                        <div>
-                            {application.status.sync.status === models.SyncStatuses.OutOfSync ? (
-                                <a onClick={() => showDiff && showDiff()}>
-                                    <ComparisonStatusIcon status={application.status.sync.status} label={true} isButton={true} />
-                                </a>
-                            ) : (
-                                <ComparisonStatusIcon status={application.status.sync.status} label={true} />
-                            )}
-                        </div>
-                        <div className='application-status-panel__item-value__revision show-for-large'>{syncStatusMessage(application)}</div>
-                    </div>
-                    <div className='application-status-panel__item-name' style={{marginBottom: '0.5em'}}>
-                        {application.spec.syncPolicy?.automated ? 'Auto sync is enabled.' : 'Auto sync is not enabled.'}
-                    </div>
-                    {application.status &&
-                        application.status.sync &&
-                        (hasMultipleSources
-                            ? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart
-                            : application.status.sync.revision && !application.spec?.source?.chart) && (
-                            <div className='application-status-panel__item-name'>
-                                <RevisionMetadataPanel
-                                    appName={application.metadata.name}
-                                    appNamespace={application.metadata.namespace}
-                                    type={revisionType}
-                                    revision={revision}
-                                    versionId={utils.getAppCurrentVersion(application)}
-                                />
-                            </div>
-                        )}
-                </React.Fragment>
-            </div>
-            {appOperationState && (
-                <div className='application-status-panel__item'>
-                    <React.Fragment>
-                        {sectionHeader(
-                            {
-                                title: 'LAST SYNC',
-                                helpContent:
-                                    'Whether or not your last app sync was successful. It has been ' +
-                                    daysSinceLastSynchronized +
-                                    ' days since last sync. Click for the status of that sync.'
-                            },
-                            () =>
-                                showMetadataInfo(
-                                    appOperationState.syncResult && (appOperationState.syncResult.revisions || appOperationState.syncResult.revision)
-                                        ? 'OPERATION_STATE_REVISION'
-                                        : null
-                                )
-                        )}
-                        <div className={`application-status-panel__item-value application-status-panel__item-value--${appOperationState.phase}`}>
-                            <a onClick={() => showOperation && showOperation()}>
-                                <OperationState app={application} isButton={true} />{' '}
+                {sectionHeader(
+                    {
+                        title: 'SYNC STATUS',
+                        helpContent: 'Whether or not the version of your app is up to date with your repo. You may wish to sync your app if it is out-of-sync.'
+                    },
+                    () => showMetadataInfo(application.status.sync ? 'SYNC_STATUS_REVISION' : null)
+                )}
+                <div className={`application-status-panel__item-value${appOperationState?.phase ? ` application-status-panel__item-value--${appOperationState.phase}` : ''}`}>
+                    <div>
+                        {application.status.sync.status === models.SyncStatuses.OutOfSync ? (
+                            <a onClick={() => showDiff && showDiff()}>
+                                <ComparisonStatusIcon status={application.status.sync.status} label={true} isButton={true} />
                             </a>
-                            {appOperationState.syncResult && (appOperationState.syncResult.revision || appOperationState.syncResult.revisions) && (
-                                <div className='application-status-panel__item-value__revision show-for-large'>
-                                    to <Revision repoUrl={source.repoURL} revision={operationStateRevision} /> {getAppDefaultSyncRevisionExtra(application)}
-                                </div>
-                            )}
-                        </div>
-                        <div className='application-status-panel__item-name' style={{marginBottom: '0.5em'}}>
-                            {appOperationState.phase} <Timestamp date={appOperationState.finishedAt || appOperationState.startedAt} />
-                        </div>
-                        {(appOperationState.syncResult && operationStateRevision && (
+                        ) : (
+                            <ComparisonStatusIcon status={application.status.sync.status} label={true} />
+                        )}
+                    </div>
+                    <div className='application-status-panel__item-value__revision show-for-large'>{syncStatusMessage(application)}</div>
+                </div>
+                <div className='application-status-panel__item-name' style={{marginBottom: '0.5em'}}>
+                    {application.spec.syncPolicy?.automated ? 'Auto sync is enabled.' : 'Auto sync is not enabled.'}
+                </div>
+                {application.status &&
+                    application.status.sync &&
+                    (hasMultipleSources
+                        ? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart
+                        : application.status.sync.revision && !application.spec?.source?.chart) && (
+                        <div className='application-status-panel__item-name'>
                             <RevisionMetadataPanel
                                 appName={application.metadata.name}
                                 appNamespace={application.metadata.namespace}
                                 type={revisionType}
-                                revision={operationStateRevision}
+                                revision={revision}
                                 versionId={utils.getAppCurrentVersion(application)}
                             />
-                        )) || <div className='application-status-panel__item-name'>{appOperationState.message}</div>}
-                    </React.Fragment>
+                        </div>
+                    )}
+            </div>
+            {appOperationState && (
+                <div className='application-status-panel__item'>
+                    {sectionHeader(
+                        {
+                            title: 'LAST SYNC',
+                            helpContent:
+                                'Whether or not your last app sync was successful. It has been ' +
+                                daysSinceLastSynchronized +
+                                ' days since last sync. Click for the status of that sync.'
+                        },
+                        () =>
+                            showMetadataInfo(
+                                appOperationState.syncResult && (appOperationState.syncResult.revisions || appOperationState.syncResult.revision)
+                                    ? 'OPERATION_STATE_REVISION'
+                                    : null
+                            )
+                    )}
+                    <div className={`application-status-panel__item-value application-status-panel__item-value--${appOperationState.phase}`}>
+                        <a onClick={() => showOperation && showOperation()}>
+                            <OperationState app={application} isButton={true} />{' '}
+                        </a>
+                        {appOperationState.syncResult && (appOperationState.syncResult.revision || appOperationState.syncResult.revisions) && (
+                            <div className='application-status-panel__item-value__revision show-for-large'>
+                                to <Revision repoUrl={source.repoURL} revision={operationStateRevision} /> {getAppDefaultSyncRevisionExtra(application)}
+                            </div>
+                        )}
+                    </div>
+                    <div className='application-status-panel__item-name' style={{marginBottom: '0.5em'}}>
+                        {appOperationState.phase} <Timestamp date={appOperationState.finishedAt || appOperationState.startedAt} />
+                    </div>
+                    {(appOperationState.syncResult && operationStateRevision && (
+                        <RevisionMetadataPanel
+                            appName={application.metadata.name}
+                            appNamespace={application.metadata.namespace}
+                            type={revisionType}
+                            revision={operationStateRevision}
+                            versionId={utils.getAppCurrentVersion(application)}
+                        />
+                    )) || <div className='application-status-panel__item-name'>{appOperationState.message}</div>}
                 </div>
             )}
             {application.status.conditions && (
diff --git a/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx b/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx
index b38a89ef0c4b8..4f81214e1cca4 100644
--- a/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx
+++ b/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx
@@ -5,7 +5,7 @@ import {services} from '../../../shared/services';
 
 export const RevisionMetadataPanel = (props: {appName: string; appNamespace: string; type: string; revision: string; versionId: number}) => {
     if (props.type === 'helm' || props.type === 'oci') {
-        return <React.Fragment />;
+        return null;
     }
     if (props.type === 'oci') {
         return (
diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx
index 995f2c0a27d24..f2dd942296ef1 100644
--- a/ui/src/app/applications/components/application-summary/application-summary.tsx
+++ b/ui/src/app/applications/components/application-summary/application-summary.tsx
@@ -342,19 +342,17 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
         attributes.push({
             title: 'URLs',
             view: (
-                <React.Fragment>
-                    <div className='application-summary__links-rows'>
-                        {urls
-                            .map(item => item.split('|'))
-                            .map((parts, i) => (
-                                <div className='application-summary__links-row'>
-                                    <a key={i} href={parts.length > 1 ? parts[1] : parts[0]} target='_blank'>
-                                        {parts[0]} &nbsp;
-                                    </a>
-                                </div>
-                            ))}
-                    </div>
-                </React.Fragment>
+                <div className='application-summary__links-rows'>
+                    {urls
+                        .map(item => item.split('|'))
+                        .map((parts, i) => (
+                            <div className='application-summary__links-row'>
+                                <a key={i} href={parts.length > 1 ? parts[1] : parts[0]} target='_blank'>
+                                    {parts[0]} &nbsp;
+                                </a>
+                            </div>
+                        ))}
+                </div>
             )
         });
     }
@@ -493,7 +491,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
         <div className='application-summary'>
             <EditablePanel
                 save={updateApp}
-                view={hasMultipleSources ? <>This is a multi-source app, see the Sources tab for repository URLs and source-related information.</> : <></>}
+                view={hasMultipleSources ? <>This is a multi-source app, see the Sources tab for repository URLs and source-related information.</> : null}
                 validate={input => ({
                     'spec.project': !input.spec.project && 'Project name is required',
                     'spec.destination.server': !input.spec.destination.server && input.spec.destination.hasOwnProperty('server') && 'Cluster server is required',
diff --git a/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx b/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx
index 56cab7a39e982..cfdab46c618c0 100644
--- a/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx
+++ b/ui/src/app/applications/components/applications-refresh-panel/applications-refresh-panel.tsx
@@ -74,30 +74,28 @@ export const ApplicationsRefreshPanel = ({show, apps, hide}: {show: boolean; app
                         }}
                         getApi={setForm}>
                         {formApi => (
-                            <React.Fragment>
-                                <div className='argo-form-row' style={{marginTop: 0}}>
-                                    <h4>Refresh app(s)</h4>
-                                    {progress !== null && <ProgressPopup onClose={() => setProgress(null)} percentage={progress.percentage} title={progress.title} />}
-                                    <div style={{marginBottom: '1em'}}>
-                                        <label>Refresh Type</label>
-                                        <div className='row application-sync-options'>
-                                            {RefreshTypes.map(refreshType => (
-                                                <label key={refreshType} style={{paddingRight: '1.5em', marginTop: '0.4em'}}>
-                                                    <input
-                                                        type='radio'
-                                                        value={refreshType}
-                                                        checked={formApi.values.refreshType === refreshType}
-                                                        onChange={() => formApi.setValue('refreshType', refreshType)}
-                                                        style={{marginRight: '5px', transform: 'translateY(2px)'}}
-                                                    />
-                                                    {refreshType}
-                                                </label>
-                                            ))}
-                                        </div>
+                            <div className='argo-form-row' style={{marginTop: 0}}>
+                                <h4>Refresh app(s)</h4>
+                                {progress !== null && <ProgressPopup onClose={() => setProgress(null)} percentage={progress.percentage} title={progress.title} />}
+                                <div style={{marginBottom: '1em'}}>
+                                    <label>Refresh Type</label>
+                                    <div className='row application-sync-options'>
+                                        {RefreshTypes.map(refreshType => (
+                                            <label key={refreshType} style={{paddingRight: '1.5em', marginTop: '0.4em'}}>
+                                                <input
+                                                    type='radio'
+                                                    value={refreshType}
+                                                    checked={formApi.values.refreshType === refreshType}
+                                                    onChange={() => formApi.setValue('refreshType', refreshType)}
+                                                    style={{marginRight: '5px', transform: 'translateY(2px)'}}
+                                                />
+                                                {refreshType}
+                                            </label>
+                                        ))}
                                     </div>
-                                    <ApplicationSelector apps={apps} formApi={formApi} />
                                 </div>
-                            </React.Fragment>
+                                <ApplicationSelector apps={apps} formApi={formApi} />
+                            </div>
                         )}
                     </Form>
                 </SlidingPanel>
diff --git a/ui/src/app/applications/components/applications-sync-panel/applications-sync-panel.tsx b/ui/src/app/applications/components/applications-sync-panel/applications-sync-panel.tsx
index 0c97b75eb0b70..83aa01b9be9ab 100644
--- a/ui/src/app/applications/components/applications-sync-panel/applications-sync-panel.tsx
+++ b/ui/src/app/applications/components/applications-sync-panel/applications-sync-panel.tsx
@@ -126,30 +126,28 @@ export const ApplicationsSyncPanel = ({show, apps, hide}: {show: boolean; apps:
                         }}
                         getApi={setForm}>
                         {formApi => (
-                            <React.Fragment>
-                                <div className='argo-form-row' style={{marginTop: 0}}>
-                                    <h4>Sync app(s)</h4>
-                                    {progress !== null && <ProgressPopup onClose={() => setProgress(null)} percentage={progress.percentage} title={progress.title} />}
-                                    <div style={{marginBottom: '1em'}}>
-                                        <FormField formApi={formApi} field='syncFlags' component={ApplicationManualSyncFlags} />
-                                    </div>
-                                    <div style={{marginBottom: '1em'}}>
-                                        <label>Sync Options</label>
-                                        <ApplicationSyncOptions
-                                            options={formApi.values.syncOptions}
-                                            onChanged={opts => {
-                                                formApi.setTouched('syncOptions', true);
-                                                formApi.setValue('syncOptions', opts);
-                                            }}
-                                            id='applications-sync-panel'
-                                        />
-                                    </div>
+                            <div className='argo-form-row' style={{marginTop: 0}}>
+                                <h4>Sync app(s)</h4>
+                                {progress !== null && <ProgressPopup onClose={() => setProgress(null)} percentage={progress.percentage} title={progress.title} />}
+                                <div style={{marginBottom: '1em'}}>
+                                    <FormField formApi={formApi} field='syncFlags' component={ApplicationManualSyncFlags} />
+                                </div>
+                                <div style={{marginBottom: '1em'}}>
+                                    <label>Sync Options</label>
+                                    <ApplicationSyncOptions
+                                        options={formApi.values.syncOptions}
+                                        onChanged={opts => {
+                                            formApi.setTouched('syncOptions', true);
+                                            formApi.setValue('syncOptions', opts);
+                                        }}
+                                        id='applications-sync-panel'
+                                    />
+                                </div>
 
-                                    <ApplicationRetryOptions id='applications-sync-panel' formApi={formApi} />
+                                <ApplicationRetryOptions id='applications-sync-panel' formApi={formApi} />
 
-                                    <ApplicationSelector apps={apps} formApi={formApi} />
-                                </div>
-                            </React.Fragment>
+                                <ApplicationSelector apps={apps} formApi={formApi} />
+                            </div>
                         )}
                     </Form>
                 </SlidingPanel>
diff --git a/ui/src/app/applications/components/filter/filter.tsx b/ui/src/app/applications/components/filter/filter.tsx
index 67e34e2c9951f..cf3b2be9e0d12 100644
--- a/ui/src/app/applications/components/filter/filter.tsx
+++ b/ui/src/app/applications/components/filter/filter.tsx
@@ -71,7 +71,7 @@ export const FiltersGroup = (props: {
                         </button>
                     </div>
                 )}
-                <>{props.children}</>
+                {props.children}
                 <div className='filters-group__content'>{props.content}</div>
             </div>
         )
diff --git a/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx b/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx
index bcd67ead7e9ab..070e3e89ac7ee 100644
--- a/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx
+++ b/ui/src/app/applications/components/pod-logs-viewer/container-selector.tsx
@@ -14,7 +14,7 @@ export const ContainerSelector = ({
     onClickContainer: (group: ContainerGroup, index: number, logs: string) => void;
 }) => {
     if (!containerGroups) {
-        return <></>;
+        return null;
     }
 
     const containers = containerGroups?.reduce((acc, group) => acc.concat(group.containers), []);
@@ -25,7 +25,7 @@ export const ContainerSelector = ({
     const containerIndex = (n: string) => {
         return containerGroup(n)?.containers.findIndex(container => container.name === n);
     };
-    if (containerNames.length <= 1) return <></>;
+    if (containerNames.length <= 1) return null;
     return (
         <Tooltip content='Select a container to view logs' interactive={false}>
             <select className='argo-field' value={containerName} onChange={e => onClickContainer(containerGroup(e.target.value), containerIndex(e.target.value), 'logs')}>
diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx
index 79bbce2c133ae..223d6225a4e42 100644
--- a/ui/src/app/applications/components/resource-details/resource-details.tsx
+++ b/ui/src/app/applications/components/resource-details/resource-details.tsx
@@ -296,11 +296,9 @@ export const ResourceDetails = (props: ResourceDetailsProps) => {
                                 </div>
                                 <h1>{selectedNode.name}</h1>
                                 {data.controlledState && (
-                                    <React.Fragment>
-                                        <span style={{marginRight: '5px'}}>
-                                            <AppUtils.ComparisonStatusIcon status={data.controlledState.summary.status} resource={data.controlledState.summary} />
-                                        </span>
-                                    </React.Fragment>
+                                    <span style={{marginRight: '5px'}}>
+                                        <AppUtils.ComparisonStatusIcon status={data.controlledState.summary.status} resource={data.controlledState.summary} />
+                                    </span>
                                 )}
                                 {(selectedNode as ResourceTreeNode).health && <AppUtils.HealthStatusIcon state={(selectedNode as ResourceTreeNode).health} />}
                                 <button
diff --git a/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx b/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx
index 592d55b67638c..f54dccb8ae80b 100644
--- a/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx
+++ b/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx
@@ -31,42 +31,40 @@ export class RevisionFormField extends React.PureComponent<RevisionFormFieldProp
         return (
             <div className={'row' + rowClass}>
                 <div className='columns small-10'>
-                    <React.Fragment>
-                        <DataLoader
-                            input={{repoURL: this.props.repoURL, filterType: selectedFilter}}
-                            load={async (src: any): Promise<string[]> => {
-                                if (this.props.repoType === 'oci' && src.repoURL) {
-                                    return services.repos
-                                        .ociTags(src.repoURL)
-                                        .then(revisionsRes => ['HEAD'].concat(revisionsRes.tags || []))
-                                        .catch(() => []);
-                                } else if (src.repoURL) {
-                                    return services.repos
-                                        .revisions(src.repoURL)
-                                        .then(revisionsRes =>
-                                            ['HEAD']
-                                                .concat(selectedFilter === 'Branches' ? revisionsRes.branches || [] : [])
-                                                .concat(selectedFilter === 'Tags' ? revisionsRes.tags || [] : [])
-                                        )
-                                        .catch(() => []);
-                                }
-                                return [];
-                            }}>
-                            {(revisions: string[]) => (
-                                <FormField
-                                    formApi={this.props.formApi}
-                                    label={this.props.hideLabel ? undefined : 'Revision'}
-                                    field={this.props.fieldValue ? this.props.fieldValue : 'spec.source.targetRevision'}
-                                    component={AutocompleteField}
-                                    componentProps={{
-                                        items: revisions,
-                                        filterSuggestions: true
-                                    }}
-                                />
-                            )}
-                        </DataLoader>
-                        <RevisionHelpIcon type='git' top={this.props.helpIconTop} right='0em' />
-                    </React.Fragment>
+                    <DataLoader
+                        input={{repoURL: this.props.repoURL, filterType: selectedFilter}}
+                        load={async (src: any): Promise<string[]> => {
+                            if (this.props.repoType === 'oci' && src.repoURL) {
+                                return services.repos
+                                    .ociTags(src.repoURL)
+                                    .then(revisionsRes => ['HEAD'].concat(revisionsRes.tags || []))
+                                    .catch(() => []);
+                            } else if (src.repoURL) {
+                                return services.repos
+                                    .revisions(src.repoURL)
+                                    .then(revisionsRes =>
+                                        ['HEAD']
+                                            .concat(selectedFilter === 'Branches' ? revisionsRes.branches || [] : [])
+                                            .concat(selectedFilter === 'Tags' ? revisionsRes.tags || [] : [])
+                                    )
+                                    .catch(() => []);
+                            }
+                            return [];
+                        }}>
+                        {(revisions: string[]) => (
+                            <FormField
+                                formApi={this.props.formApi}
+                                label={this.props.hideLabel ? undefined : 'Revision'}
+                                field={this.props.fieldValue ? this.props.fieldValue : 'spec.source.targetRevision'}
+                                component={AutocompleteField}
+                                componentProps={{
+                                    items: revisions,
+                                    filterSuggestions: true
+                                }}
+                            />
+                        )}
+                    </DataLoader>
+                    <RevisionHelpIcon type='git' top={this.props.helpIconTop} right='0em' />
                 </div>
                 <div style={{paddingTop: extraPadding}} className='columns small-2'>
                     {this.props.repoType !== 'oci' && (
diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx
index 306d3324e4cb8..adf3ecbb401ee 100644
--- a/ui/src/app/applications/components/utils.tsx
+++ b/ui/src/app/applications/components/utils.tsx
@@ -215,7 +215,7 @@ const PropagationPolicyOption = ReactForm.FormField((props: {fieldApi: ReactForm
 export const OperationPhaseIcon = ({app, isButton}: {app: appModels.Application; isButton?: boolean}) => {
     const operationState = getAppOperationState(app);
     if (operationState === undefined) {
-        return <React.Fragment />;
+        return null;
     }
     let className = '';
     let color = '';
@@ -246,7 +246,7 @@ export const OperationPhaseIcon = ({app, isButton}: {app: appModels.Application;
 
 export const HydrateOperationPhaseIcon = ({operationState, isButton}: {operationState?: appModels.HydrateOperation; isButton?: boolean}) => {
     if (operationState === undefined) {
-        return <React.Fragment />;
+        return null;
     }
     let className = '';
     let color = '';
@@ -403,17 +403,15 @@ export const deleteSourceAction = (app: appModels.Application, source: appModels
         () => (
             <div>
                 <p>
-                    <>
-                        Are you sure you want to delete the source with URL: <kbd>{source.repoURL}</kbd>
-                        {source.path ? (
-                            <>
-                                {' '}
-                                and path: <kbd>{source.path}</kbd>?
-                            </>
-                        ) : (
-                            <>?</>
-                        )}
-                    </>
+                    Are you sure you want to delete the source with URL: <kbd>{source.repoURL}</kbd>
+                    {source.path ? (
+                        <>
+                            {' '}
+                            and path: <kbd>{source.path}</kbd>?
+                        </>
+                    ) : (
+                        <>?</>
+                    )}
                 </p>
             </div>
         ),
@@ -1145,10 +1143,10 @@ const getOperationStateTitle = (app: appModels.Application) => {
 export const OperationState = ({app, quiet, isButton}: {app: appModels.Application; quiet?: boolean; isButton?: boolean}) => {
     const appOperationState = getAppOperationState(app);
     if (appOperationState === undefined) {
-        return <React.Fragment />;
+        return null;
     }
     if (quiet && [appModels.OperationPhases.Running, appModels.OperationPhases.Failed, appModels.OperationPhases.Error].indexOf(appOperationState.phase) === -1) {
-        return <React.Fragment />;
+        return null;
     }
 
     return (
diff --git a/ui/src/app/settings/components/clusters-list/clusters-list.tsx b/ui/src/app/settings/components/clusters-list/clusters-list.tsx
index 008504774bb52..8a091df96853e 100644
--- a/ui/src/app/settings/components/clusters-list/clusters-list.tsx
+++ b/ui/src/app/settings/components/clusters-list/clusters-list.tsx
@@ -15,33 +15,31 @@ const CustomTopBar = (props: {toolbar?: Toolbar | Observable<Toolbar>}) => {
     const ctx = React.useContext(Context);
     const loadToolbar = AddAuthToToolbar(props.toolbar, ctx);
     return (
-        <React.Fragment>
-            <div className='top-bar row top-bar' key='tool-bar'>
-                <DataLoader load={() => loadToolbar}>
-                    {toolbar => (
-                        <React.Fragment>
-                            <div className='column small-11 flex-top-bar_center'>
-                                <div className='top-bar'>
-                                    <div className='text-center'>
-                                        <span className='help-text'>
-                                            Refer to CLI{' '}
-                                            <a
-                                                href='https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-management/#adding-a-cluster'
-                                                target='_blank'
-                                                rel='noopener noreferrer'>
-                                                <i className='fa fa-external-link-alt' /> Documentation{' '}
-                                            </a>{' '}
-                                            for adding clusters.
-                                        </span>
-                                    </div>
+        <div className='top-bar row top-bar' key='tool-bar'>
+            <DataLoader load={() => loadToolbar}>
+                {toolbar => (
+                    <React.Fragment>
+                        <div className='column small-11 flex-top-bar_center'>
+                            <div className='top-bar'>
+                                <div className='text-center'>
+                                    <span className='help-text'>
+                                        Refer to CLI{' '}
+                                        <a
+                                            href='https://argo-cd.readthedocs.io/en/stable/operator-manual/cluster-management/#adding-a-cluster'
+                                            target='_blank'
+                                            rel='noopener noreferrer'>
+                                            <i className='fa fa-external-link-alt' /> Documentation{' '}
+                                        </a>{' '}
+                                        for adding clusters.
+                                    </span>
                                 </div>
                             </div>
-                            <div className='columns small-1 top-bar__right-side'>{toolbar.tools}</div>
-                        </React.Fragment>
-                    )}
-                </DataLoader>
-            </div>
-        </React.Fragment>
+                        </div>
+                        <div className='columns small-1 top-bar__right-side'>{toolbar.tools}</div>
+                    </React.Fragment>
+                )}
+            </DataLoader>
+        </div>
     );
 };
 
@@ -50,95 +48,93 @@ export const ClustersList = () => {
     return (
         <Consumer>
             {ctx => (
-                <React.Fragment>
-                    <Page title='Clusters' toolbar={{breadcrumbs: [{title: 'Settings', path: '/settings'}, {title: 'Clusters'}]}} hideAuth={true}>
-                        <CustomTopBar />
-                        <div className='repos-list'>
-                            <div className='argo-container'>
-                                <DataLoader
-                                    ref={clustersLoaderRef}
-                                    load={() => services.clusters.list().then(clusters => clusters.sort((first, second) => first.name.localeCompare(second.name)))}>
-                                    {(clusters: models.Cluster[]) =>
-                                        (clusters.length > 0 && (
-                                            <div className='argo-table-list argo-table-list--clickable'>
-                                                <div className='argo-table-list__head'>
-                                                    <div className='row'>
-                                                        <div className='columns small-3'>NAME</div>
-                                                        <div className='columns small-5'>URL</div>
-                                                        <div className='columns small-2'>VERSION</div>
-                                                        <div className='columns small-2'>CONNECTION STATUS</div>
-                                                    </div>
+                <Page title='Clusters' toolbar={{breadcrumbs: [{title: 'Settings', path: '/settings'}, {title: 'Clusters'}]}} hideAuth={true}>
+                    <CustomTopBar />
+                    <div className='repos-list'>
+                        <div className='argo-container'>
+                            <DataLoader
+                                ref={clustersLoaderRef}
+                                load={() => services.clusters.list().then(clusters => clusters.sort((first, second) => first.name.localeCompare(second.name)))}>
+                                {(clusters: models.Cluster[]) =>
+                                    (clusters.length > 0 && (
+                                        <div className='argo-table-list argo-table-list--clickable'>
+                                            <div className='argo-table-list__head'>
+                                                <div className='row'>
+                                                    <div className='columns small-3'>NAME</div>
+                                                    <div className='columns small-5'>URL</div>
+                                                    <div className='columns small-2'>VERSION</div>
+                                                    <div className='columns small-2'>CONNECTION STATUS</div>
                                                 </div>
-                                                {clusters.map(cluster => (
-                                                    <div
-                                                        className='argo-table-list__row'
-                                                        key={cluster.server}
-                                                        onClick={() => ctx.navigation.goto(`./${encodeURIComponent(cluster.server)}`)}>
-                                                        <div className='row'>
-                                                            <div className='columns small-3'>
-                                                                <i className='icon argo-icon-hosts' />
-                                                                <Tooltip content={clusterName(cluster.name)}>
-                                                                    <span>{clusterName(cluster.name)}</span>
-                                                                </Tooltip>
-                                                            </div>
-                                                            <div className='columns small-5'>
-                                                                <Tooltip content={cluster.server}>
-                                                                    <span>{cluster.server}</span>
-                                                                </Tooltip>
-                                                            </div>
-                                                            <div className='columns small-2'>{cluster.info.serverVersion}</div>
-                                                            <div className='columns small-2'>
-                                                                <ConnectionStateIcon state={cluster.info.connectionState} /> {cluster.info.connectionState.status}
-                                                                <DropDownMenu
-                                                                    anchor={() => (
-                                                                        <button className='argo-button argo-button--light argo-button--lg argo-button--short'>
-                                                                            <i className='fa fa-ellipsis-v' />
-                                                                        </button>
-                                                                    )}
-                                                                    items={[
-                                                                        {
-                                                                            title: 'Delete',
-                                                                            action: async () => {
-                                                                                const confirmed = await ctx.popup.confirm(
-                                                                                    'Delete cluster?',
-                                                                                    `Are you sure you want to delete cluster: ${cluster.name}`
-                                                                                );
-                                                                                if (confirmed) {
-                                                                                    try {
-                                                                                        await services.clusters.delete(cluster.server).finally(() => {
-                                                                                            ctx.navigation.goto('.', {new: null}, {replace: true});
-                                                                                            if (clustersLoaderRef.current) {
-                                                                                                clustersLoaderRef.current.reload();
-                                                                                            }
-                                                                                        });
-                                                                                    } catch (e) {
-                                                                                        ctx.notifications.show({
-                                                                                            content: <ErrorNotification title='Unable to delete cluster' e={e} />,
-                                                                                            type: NotificationType.Error
-                                                                                        });
-                                                                                    }
+                                            </div>
+                                            {clusters.map(cluster => (
+                                                <div
+                                                    className='argo-table-list__row'
+                                                    key={cluster.server}
+                                                    onClick={() => ctx.navigation.goto(`./${encodeURIComponent(cluster.server)}`)}>
+                                                    <div className='row'>
+                                                        <div className='columns small-3'>
+                                                            <i className='icon argo-icon-hosts' />
+                                                            <Tooltip content={clusterName(cluster.name)}>
+                                                                <span>{clusterName(cluster.name)}</span>
+                                                            </Tooltip>
+                                                        </div>
+                                                        <div className='columns small-5'>
+                                                            <Tooltip content={cluster.server}>
+                                                                <span>{cluster.server}</span>
+                                                            </Tooltip>
+                                                        </div>
+                                                        <div className='columns small-2'>{cluster.info.serverVersion}</div>
+                                                        <div className='columns small-2'>
+                                                            <ConnectionStateIcon state={cluster.info.connectionState} /> {cluster.info.connectionState.status}
+                                                            <DropDownMenu
+                                                                anchor={() => (
+                                                                    <button className='argo-button argo-button--light argo-button--lg argo-button--short'>
+                                                                        <i className='fa fa-ellipsis-v' />
+                                                                    </button>
+                                                                )}
+                                                                items={[
+                                                                    {
+                                                                        title: 'Delete',
+                                                                        action: async () => {
+                                                                            const confirmed = await ctx.popup.confirm(
+                                                                                'Delete cluster?',
+                                                                                `Are you sure you want to delete cluster: ${cluster.name}`
+                                                                            );
+                                                                            if (confirmed) {
+                                                                                try {
+                                                                                    await services.clusters.delete(cluster.server).finally(() => {
+                                                                                        ctx.navigation.goto('.', {new: null}, {replace: true});
+                                                                                        if (clustersLoaderRef.current) {
+                                                                                            clustersLoaderRef.current.reload();
+                                                                                        }
+                                                                                    });
+                                                                                } catch (e) {
+                                                                                    ctx.notifications.show({
+                                                                                        content: <ErrorNotification title='Unable to delete cluster' e={e} />,
+                                                                                        type: NotificationType.Error
+                                                                                    });
                                                                                 }
                                                                             }
                                                                         }
-                                                                    ]}
-                                                                />
-                                                            </div>
+                                                                    }
+                                                                ]}
+                                                            />
                                                         </div>
                                                     </div>
-                                                ))}
-                                            </div>
-                                        )) || (
-                                            <EmptyState icon='argo-icon-hosts'>
-                                                <h4>No clusters connected</h4>
-                                                <h5>Connect more clusters using argocd CLI</h5>
-                                            </EmptyState>
-                                        )
-                                    }
-                                </DataLoader>
-                            </div>
+                                                </div>
+                                            ))}
+                                        </div>
+                                    )) || (
+                                        <EmptyState icon='argo-icon-hosts'>
+                                            <h4>No clusters connected</h4>
+                                            <h5>Connect more clusters using argocd CLI</h5>
+                                        </EmptyState>
+                                    )
+                                }
+                            </DataLoader>
                         </div>
-                    </Page>
-                </React.Fragment>
+                    </div>
+                </Page>
             )}
         </Consumer>
     );
diff --git a/ui/src/app/settings/components/project-role-jwt-tokens/project-role-jwt-tokens.tsx b/ui/src/app/settings/components/project-role-jwt-tokens/project-role-jwt-tokens.tsx
index c7aa6897633f8..06c4d7adf9163 100644
--- a/ui/src/app/settings/components/project-role-jwt-tokens/project-role-jwt-tokens.tsx
+++ b/ui/src/app/settings/components/project-role-jwt-tokens/project-role-jwt-tokens.tsx
@@ -170,32 +170,30 @@ function renderJWTRow(props: ProjectRoleJWTTokensProps, ctx: ContextApis, jwToke
     const isExpired = jwToken.exp && jwToken.exp < Date.now() / 1000;
 
     return (
-        <React.Fragment>
-            <div className='argo-table-list__row' key={`${jwToken.iat}`}>
-                <div className='row'>
-                    <div className='columns small-3 project-role-jwt-tokens__id'>
-                        <Tooltip content={jwToken.id}>
-                            <span className='project-role-jwt-tokens__id-tooltip'>{jwToken.id}</span>
-                        </Tooltip>
-                        {isExpired && (
-                            <span title='Expired' className='project-role-jwt-tokens__expired-token'>
-                                Expired
-                            </span>
-                        )}
-                    </div>
-                    <Tooltip content={issuedAt}>
-                        <div className='columns small-4'>{issuedAt}</div>
-                    </Tooltip>
-                    <Tooltip content={expiresAt}>
-                        <div className='columns small-4'>{expiresAt}</div>
-                    </Tooltip>
-                    <Tooltip content='Delete Token'>
-                        <div className='columns small-1'>
-                            <i className='fa fa-times' onClick={() => deleteJWTToken(props, jwToken.iat, ctx, jwToken.id)} style={{cursor: 'pointer'}} />
-                        </div>
+        <div className='argo-table-list__row' key={`${jwToken.iat}`}>
+            <div className='row'>
+                <div className='columns small-3 project-role-jwt-tokens__id'>
+                    <Tooltip content={jwToken.id}>
+                        <span className='project-role-jwt-tokens__id-tooltip'>{jwToken.id}</span>
                     </Tooltip>
+                    {isExpired && (
+                        <span title='Expired' className='project-role-jwt-tokens__expired-token'>
+                            Expired
+                        </span>
+                    )}
                 </div>
+                <Tooltip content={issuedAt}>
+                    <div className='columns small-4'>{issuedAt}</div>
+                </Tooltip>
+                <Tooltip content={expiresAt}>
+                    <div className='columns small-4'>{expiresAt}</div>
+                </Tooltip>
+                <Tooltip content='Delete Token'>
+                    <div className='columns small-1'>
+                        <i className='fa fa-times' onClick={() => deleteJWTToken(props, jwToken.iat, ctx, jwToken.id)} style={{cursor: 'pointer'}} />
+                    </div>
+                </Tooltip>
             </div>
-        </React.Fragment>
+        </div>
     );
 }
diff --git a/ui/src/app/settings/components/repos-list/repos-list.tsx b/ui/src/app/settings/components/repos-list/repos-list.tsx
index 731964f996349..85bcab322f9cb 100644
--- a/ui/src/app/settings/components/repos-list/repos-list.tsx
+++ b/ui/src/app/settings/components/repos-list/repos-list.tsx
@@ -872,16 +872,14 @@ export class ReposList extends React.Component<
                                                         />
                                                     </div>
                                                     {formApi.getFormState().values.ghType === 'GitHub Enterprise' && (
-                                                        <React.Fragment>
-                                                            <div className='argo-form-row'>
-                                                                <FormField
-                                                                    formApi={formApi}
-                                                                    label='GitHub Enterprise Base URL (e.g. https://ghe.example.com/api/v3)'
-                                                                    field='githubAppEnterpriseBaseURL'
-                                                                    component={Text}
-                                                                />
-                                                            </div>
-                                                        </React.Fragment>
+                                                        <div className='argo-form-row'>
+                                                            <FormField
+                                                                formApi={formApi}
+                                                                label='GitHub Enterprise Base URL (e.g. https://ghe.example.com/api/v3)'
+                                                                field='githubAppEnterpriseBaseURL'
+                                                                component={Text}
+                                                            />
+                                                        </div>
                                                     )}
                                                     <div className='argo-form-row'>
                                                         <FormField
diff --git a/ui/src/app/shared/components/clipboard-text.tsx b/ui/src/app/shared/components/clipboard-text.tsx
index 47f3650ad8f50..4568f5f8dac70 100644
--- a/ui/src/app/shared/components/clipboard-text.tsx
+++ b/ui/src/app/shared/components/clipboard-text.tsx
@@ -6,7 +6,7 @@ export const ClipboardText = ({text}: {text: string}) => {
     const [justClicked, setJustClicked] = useState<boolean>(false);
 
     if (!text) {
-        return <></>;
+        return null;
     }
 
     return (
diff --git a/ui/src/app/shared/components/editable-panel/editable-panel.tsx b/ui/src/app/shared/components/editable-panel/editable-panel.tsx
index 01de2ff26b0ac..27d9c0bbd426f 100644
--- a/ui/src/app/shared/components/editable-panel/editable-panel.tsx
+++ b/ui/src/app/shared/components/editable-panel/editable-panel.tsx
@@ -113,16 +113,14 @@ export class EditablePanel<T = {}> extends React.Component<EditablePanelProps<T>
                                     </div>
                                 )}
                                 {this.props.collapsible && (
-                                    <React.Fragment>
-                                        <div className='editable-panel__collapsible-button'>
-                                            <i
-                                                className={`fa fa-angle-${this.state.collapsed ? 'down' : 'up'} filter__collapse`}
-                                                onClick={() => {
-                                                    this.setState({collapsed: !this.state.collapsed});
-                                                }}
-                                            />
-                                        </div>
-                                    </React.Fragment>
+                                    <div className='editable-panel__collapsible-button'>
+                                        <i
+                                            className={`fa fa-angle-${this.state.collapsed ? 'down' : 'up'} filter__collapse`}
+                                            onClick={() => {
+                                                this.setState({collapsed: !this.state.collapsed});
+                                            }}
+                                        />
+                                    </div>
                                 )}
                                 {this.props.title && <p>{this.props.title}</p>}
                                 {(!this.state.edit && (
diff --git a/ui/src/app/sidebar/sidebar.tsx b/ui/src/app/sidebar/sidebar.tsx
index 2e82b3f509fc5..93e0c2bebe627 100644
--- a/ui/src/app/sidebar/sidebar.tsx
+++ b/ui/src/app/sidebar/sidebar.tsx
@@ -75,12 +75,10 @@ export const Sidebar = (props: SidebarProps) => {
                             key={item.title}
                             className={`sidebar__nav-item ${locationPath === item.path || locationPath.startsWith(`${item.path}/`) ? 'sidebar__nav-item--active' : ''}`}
                             onClick={() => context.history.push(item.path)}>
-                            <React.Fragment>
-                                <div>
-                                    <i className={item?.iconClassName || ''} />
-                                    {!props.pref.hideSidebar && item.title}
-                                </div>
-                            </React.Fragment>
+                            <div>
+                                <i className={item?.iconClassName || ''} />
+                                {!props.pref.hideSidebar && item.title}
+                            </div>
                         </div>
                     </Tooltip>
                 ))}
diff --git a/ui/src/app/ui-banner/ui-banner.tsx b/ui/src/app/ui-banner/ui-banner.tsx
index ac097bca55163..a6b6db929d2bc 100644
--- a/ui/src/app/ui-banner/ui-banner.tsx
+++ b/ui/src/app/ui-banner/ui-banner.tsx
@@ -41,9 +41,7 @@ const CustomBanner = (props: {
                         Don't show again
                     </button>
                 </>
-            ) : (
-                <></>
-            )}
+            ) : null}
         </div>
     );
 };

From 7b5a7eb4918c04f09e855a7f575dfb596a446803 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 6 Jul 2025 14:59:30 -0400
Subject: [PATCH 094/383] [Bot] docs: Update Snyk report (#23664)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   8 +-
 docs/snyk/master/argocd-iac-install.html      |  90 +--
 .../master/argocd-iac-namespace-install.html  |   2 +-
 docs/snyk/master/argocd-test.html             |   8 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    |  79 ++-
 ...s_docker_library_haproxy_3.0.8-alpine.html |   2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_latest.html       | 515 +-----------------
 docs/snyk/v2.13.8/argocd-iac-install.html     |   2 +-
 .../v2.13.8/argocd-iac-namespace-install.html |   2 +-
 docs/snyk/v2.13.8/argocd-test.html            |   2 +-
 .../v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html   |   2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |   2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v2.13.8.html      |  11 +-
 docs/snyk/v2.13.8/redis_7.0.15-alpine.html    |   2 +-
 docs/snyk/v2.14.15/argocd-iac-install.html    |   2 +-
 .../argocd-iac-namespace-install.html         |   2 +-
 docs/snyk/v2.14.15/argocd-test.html           |   2 +-
 .../v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html  |   2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |   2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v2.14.15.html     | 378 +------------
 docs/snyk/v2.14.15/redis_7.0.15-alpine.html   |   2 +-
 docs/snyk/v3.0.9/argocd-iac-install.html      |   2 +-
 .../v3.0.9/argocd-iac-namespace-install.html  |   2 +-
 docs/snyk/v3.0.9/argocd-test.html             |   2 +-
 .../v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html    |   2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |   2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v3.0.9.html       | 378 +------------
 docs/snyk/v3.0.9/redis_7.2.7-alpine.html      |   2 +-
 docs/snyk/v3.1.0-rc1/argocd-iac-install.html  |   2 +-
 .../argocd-iac-namespace-install.html         |   2 +-
 docs/snyk/v3.1.0-rc1/argocd-test.html         |   2 +-
 .../ghcr.io_dexidp_dex_v2.43.0.html           |  79 ++-
 ...s_docker_library_haproxy_3.0.8-alpine.html |   2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v3.1.0-rc1.html   | 375 +------------
 39 files changed, 262 insertions(+), 1717 deletions(-)

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index a175ab8582d25..e88afa27bd7e8 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -18,7 +18,7 @@ recent minor releases.
 | [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
 | [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 8 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 8 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
@@ -31,7 +31,7 @@ recent minor releases.
 | [dex:v2.43.0](v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
 | [haproxy:3.0.8-alpine](v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.1.0-rc1](v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html) | 0 | 0 | 4 | 9 |
+| [argocd:v3.1.0-rc1](v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html) | 0 | 0 | 3 | 9 |
 | [install.yaml](v3.1.0-rc1/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v3.1.0-rc1/argocd-iac-namespace-install.html) | - | - | - | - |
 
@@ -44,7 +44,7 @@ recent minor releases.
 | [dex:v2.41.1](v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:3.0.8-alpine](v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.0.9](v3.0.9/quay.io_argoproj_argocd_v3.0.9.html) | 0 | 0 | 5 | 9 |
+| [argocd:v3.0.9](v3.0.9/quay.io_argoproj_argocd_v3.0.9.html) | 0 | 0 | 4 | 9 |
 | [redis:7.2.7-alpine](v3.0.9/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](v3.0.9/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v3.0.9/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -58,7 +58,7 @@ recent minor releases.
 | [dex:v2.41.1](v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 5 | 9 |
+| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 4 | 9 |
 | [redis:7.0.15-alpine](v2.14.15/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.14.15/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.14.15/argocd-iac-namespace-install.html) | - | - | - | - |
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index 7f312f753164f..ee7c722b088de 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:26:19 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:26:09 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -507,7 +507,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24380
+                              Line number: 24392
                           </li>
                       </ul>
               
@@ -553,7 +553,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24060
+                              Line number: 24072
                           </li>
                       </ul>
               
@@ -599,7 +599,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24148
+                              Line number: 24160
                           </li>
                       </ul>
               
@@ -645,7 +645,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24176
+                              Line number: 24188
                           </li>
                       </ul>
               
@@ -691,7 +691,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24206
+                              Line number: 24218
                           </li>
                       </ul>
               
@@ -737,7 +737,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24224
+                              Line number: 24236
                           </li>
                       </ul>
               
@@ -783,7 +783,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24242
+                              Line number: 24254
                           </li>
                       </ul>
               
@@ -829,7 +829,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24264
+                              Line number: 24276
                           </li>
                       </ul>
               
@@ -881,7 +881,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25472
+                              Line number: 25484
                           </li>
                       </ul>
               
@@ -933,7 +933,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25791
+                              Line number: 25803
                           </li>
                       </ul>
               
@@ -991,7 +991,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24967
+                              Line number: 24979
                           </li>
                       </ul>
               
@@ -1049,7 +1049,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25268
+                              Line number: 25280
                           </li>
                       </ul>
               
@@ -1107,7 +1107,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25216
+                              Line number: 25228
                           </li>
                       </ul>
               
@@ -1165,7 +1165,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25330
+                              Line number: 25342
                           </li>
                       </ul>
               
@@ -1223,7 +1223,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25443
+                              Line number: 25455
                           </li>
                       </ul>
               
@@ -1281,7 +1281,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25467
+                              Line number: 25479
                           </li>
                       </ul>
               
@@ -1339,7 +1339,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25791
+                              Line number: 25803
                           </li>
                       </ul>
               
@@ -1397,7 +1397,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25526
+                              Line number: 25538
                           </li>
                       </ul>
               
@@ -1455,7 +1455,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25878
+                              Line number: 25890
                           </li>
                       </ul>
               
@@ -1513,7 +1513,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26288
+                              Line number: 26300
                           </li>
                       </ul>
               
@@ -1565,7 +1565,7 @@ <h2 class="card__title">Container is running with multiple open ports</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25248
+                              Line number: 25260
                           </li>
                       </ul>
               
@@ -1617,7 +1617,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24967
+                              Line number: 24979
                           </li>
                       </ul>
               
@@ -1669,7 +1669,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25216
+                              Line number: 25228
                           </li>
                       </ul>
               
@@ -1721,7 +1721,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25443
+                              Line number: 25455
                           </li>
                       </ul>
               
@@ -1779,7 +1779,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24967
+                              Line number: 24979
                           </li>
                       </ul>
               
@@ -1837,7 +1837,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25216
+                              Line number: 25228
                           </li>
                       </ul>
               
@@ -1895,7 +1895,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25268
+                              Line number: 25280
                           </li>
                       </ul>
               
@@ -1953,7 +1953,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25330
+                              Line number: 25342
                           </li>
                       </ul>
               
@@ -2011,7 +2011,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25443
+                              Line number: 25455
                           </li>
                       </ul>
               
@@ -2069,7 +2069,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25467
+                              Line number: 25479
                           </li>
                       </ul>
               
@@ -2127,7 +2127,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25791
+                              Line number: 25803
                           </li>
                       </ul>
               
@@ -2185,7 +2185,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25526
+                              Line number: 25538
                           </li>
                       </ul>
               
@@ -2243,7 +2243,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25878
+                              Line number: 25890
                           </li>
                       </ul>
               
@@ -2301,7 +2301,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26288
+                              Line number: 26300
                           </li>
                       </ul>
               
@@ -2357,7 +2357,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25138
+                              Line number: 25150
                           </li>
                       </ul>
               
@@ -2413,7 +2413,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25276
+                              Line number: 25288
                           </li>
                       </ul>
               
@@ -2469,7 +2469,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25251
+                              Line number: 25263
                           </li>
                       </ul>
               
@@ -2525,7 +2525,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25375
+                              Line number: 25387
                           </li>
                       </ul>
               
@@ -2581,7 +2581,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25460
+                              Line number: 25472
                           </li>
                       </ul>
               
@@ -2637,7 +2637,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25474
+                              Line number: 25486
                           </li>
                       </ul>
               
@@ -2693,7 +2693,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25798
+                              Line number: 25810
                           </li>
                       </ul>
               
@@ -2749,7 +2749,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25764
+                              Line number: 25776
                           </li>
                       </ul>
               
@@ -2805,7 +2805,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26187
+                              Line number: 26199
                           </li>
                       </ul>
               
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26557
+                              Line number: 26569
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index cc5d1ed242184..5f8555e0350d9 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:26:31 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:26:22 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index d85f98950d7f2..96726d805ef5e 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:24:00 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:23:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -697,7 +697,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.130.1
+                                        gitlab.com/gitlab-org/api/client-go@0.133.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -905,7 +905,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.130.1
+                                        gitlab.com/gitlab-org/api/client-go@0.133.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -916,7 +916,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.130.1
+                                        gitlab.com/gitlab-org/api/client-go@0.133.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index 592a374f7b049..a4e04c60b60d0 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="24 known vulnerabilities found in 33 vulnerable dependency paths.">
+  <meta name="description" content="25 known vulnerabilities found in 34 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:24:10 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:23:59 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -500,8 +500,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>33 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>34 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>1131</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -2130,6 +2130,77 @@ <h2 id="references">References</h2>
             </div>
         
         </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Synchronous Access of Remote Resource without Timeout</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/hashicorp/vault/api
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/vault/api@v1.15.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/vault/api@v1.15.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout via the <code>rekey</code> and <code>recovery key</code> operations. An attacker can disrupt service availability by triggering uncontrolled cancellation actions during these processes, which can lead to denial of service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/hashicorp/vault/api</code> to version 1.20.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/hashicorp/vault/commit/318f8582134a4a79a45ee2a6edad3072d865739b">GitHub Commit</a></li>
+        <li><a href="https://github.com/hashicorp/vault/pull/30794">GitHub PR</a></li>
+        <li><a href="https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570">HashiCorp Discuss</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPVAULTAPI-10562144">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
       </div><!-- cards -->
     </div>
   </main><!-- .layout-stacked__content -->
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 454d39d4ed8fb..a2f172dd1f67d 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:24:15 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:24:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 232589218ba4c..afae67011709a 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:24:21 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:24:12 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index 759c4fa5e1ac1..1bf6430d63e01 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="21 known vulnerabilities found in 84 vulnerable dependency paths.">
+  <meta name="description" content="17 known vulnerabilities found in 67 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:24:41 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:24:32 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,9 +501,9 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>21</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>84 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2372</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>67 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2322</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -511,242 +511,6 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Race Condition</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            systemd/libsystemd0
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@257.4-1ubuntu3.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.5-1ubuntu1.25.04.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps/libproc2-0@2:4.0.4-7ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps@2:4.0.4-7ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/bsdutils@1:2.40.2-14ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg7.0@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.16.0-7ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-7ubuntu4.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.16.0-7ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-7ubuntu4.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-7ubuntu4.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.15.0-1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg7.0@3.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@257.4-1ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
-        <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>systemd</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4598">https://access.redhat.com/security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369242">https://bugzilla.redhat.com/show_bug.cgi?id=2369242</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">https://www.openwall.com/lists/oss-security/2025/05/29/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/1">http://www.openwall.com/lists/oss-security/2025/06/05/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/3">http://www.openwall.com/lists/oss-security/2025/06/05/3</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-SYSTEMD-10285339">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
@@ -1275,133 +1039,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795712">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
@@ -1774,148 +1411,6 @@ <h3 class="card__section__title">Detailed paths</h3>
                 <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/utils/kube
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
diff --git a/docs/snyk/v2.13.8/argocd-iac-install.html b/docs/snyk/v2.13.8/argocd-iac-install.html
index 819cd12c93c8c..209860e132a8e 100644
--- a/docs/snyk/v2.13.8/argocd-iac-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:37:32 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:37:25 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
index c5bead97c77a9..6c88b7e45c521 100644
--- a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:37:44 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:37:37 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-test.html b/docs/snyk/v2.13.8/argocd-test.html
index d87ed07819bef..b488e262d9974 100644
--- a/docs/snyk/v2.13.8/argocd-test.html
+++ b/docs/snyk/v2.13.8/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:35:15 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:35:14 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
index cf18f75374d8a..af208f4cee4fc 100644
--- a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:35:21 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:35:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index 4a7adbacfc10d..5b8c6600b9f66 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:35:26 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:35:26 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index c744941b23020..da9f27b995722 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:35:30 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:35:31 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
index 6f22996cb27bb..286dba0c8afc3 100644
--- a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
+++ b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:36:01 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:35:53 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -1021,7 +1021,7 @@ <h2 id="nvd-description">NVD Description</h2>
         <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
         <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>systemd</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>systemd</code> to version 255.4-1ubuntu8.8 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
@@ -1270,6 +1270,9 @@ <h2 id="references">References</h2>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
         </ul>
         
               <hr/>
@@ -2676,7 +2679,7 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="overview">Overview</h2>
         <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
+        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/utils/kube</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
@@ -2747,7 +2750,7 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="overview">Overview</h2>
         <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
+        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/diff</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
diff --git a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
index 52868c26b56e9..4c47664c6cc79 100644
--- a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:36:05 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:35:58 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-install.html b/docs/snyk/v2.14.15/argocd-iac-install.html
index 8532fe3058ec5..4390be6b24fb4 100644
--- a/docs/snyk/v2.14.15/argocd-iac-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:34:49 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:34:45 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
index 03db73ef6d65d..8ecda3d3b1f26 100644
--- a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:35:00 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:34:56 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-test.html b/docs/snyk/v2.14.15/argocd-test.html
index 5051565dd117b..2b94f71c9d4db 100644
--- a/docs/snyk/v2.14.15/argocd-test.html
+++ b/docs/snyk/v2.14.15/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:32:28 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:32:21 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
index 07385f9947884..3a4513a703150 100644
--- a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:32:35 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:32:27 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index 5c8948c85a331..ff266eabc9469 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:32:42 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:32:33 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index 9082adde683fb..dadf930a50937 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:32:48 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:32:41 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
index b9d928ece21f3..7f861e2812b14 100644
--- a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
+++ b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="27 known vulnerabilities found in 108 vulnerable dependency paths.">
+  <meta name="description" content="24 known vulnerabilities found in 93 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:33:11 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:33:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>108 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>93 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -668,231 +668,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Race Condition</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            systemd/libsystemd0
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and systemd/libsystemd0@255.4-1ubuntu8.8
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps/libproc2-0@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/bsdutils@1:2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
-        <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>systemd</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4598">https://access.redhat.com/security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369242">https://bugzilla.redhat.com/show_bug.cgi?id=2369242</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">https://www.openwall.com/lists/oss-security/2025/05/29/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/1">http://www.openwall.com/lists/oss-security/2025/06/05/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/3">http://www.openwall.com/lists/oss-security/2025/06/05/3</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
@@ -1125,6 +900,9 @@ <h2 id="references">References</h2>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
         </ul>
         
               <hr/>
@@ -2251,148 +2029,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/utils/kube
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250521000818-c08b0a72c1f1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250521000818-c08b0a72c1f1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250521000818-c08b0a72c1f1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250521000818-c08b0a72c1f1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
diff --git a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
index 7992369b22f32..f78c3e24bb3d0 100644
--- a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:33:16 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:33:10 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/argocd-iac-install.html b/docs/snyk/v3.0.9/argocd-iac-install.html
index c63536c34189f..e32199ebeacf9 100644
--- a/docs/snyk/v3.0.9/argocd-iac-install.html
+++ b/docs/snyk/v3.0.9/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:31:55 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:31:44 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/argocd-iac-namespace-install.html b/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
index e0fc972f90ef3..7218fe383d28d 100644
--- a/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:32:06 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:31:56 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/argocd-test.html b/docs/snyk/v3.0.9/argocd-test.html
index a31eeb7a9350b..25f157404dc31 100644
--- a/docs/snyk/v3.0.9/argocd-test.html
+++ b/docs/snyk/v3.0.9/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:29:37 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:29:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
index b5cedae0f62bf..00feaeebb7acc 100644
--- a/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:29:47 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:29:33 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 59acad4d6acff..71b7ddadd054a 100644
--- a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:29:51 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:29:37 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 533a064cf8142..9e01df7e88fdb 100644
--- a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:29:55 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:29:42 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html b/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
index 0bc7bc7b85566..3a3c5028117d0 100644
--- a/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
+++ b/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="26 known vulnerabilities found in 107 vulnerable dependency paths.">
+  <meta name="description" content="23 known vulnerabilities found in 92 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:30:15 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:30:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>26</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>107 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>23</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>92 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -726,231 +726,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Race Condition</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            systemd/libsystemd0
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and systemd/libsystemd0@255.4-1ubuntu8.8
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps/libproc2-0@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/bsdutils@1:2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
-        <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>systemd</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4598">https://access.redhat.com/security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369242">https://bugzilla.redhat.com/show_bug.cgi?id=2369242</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">https://www.openwall.com/lists/oss-security/2025/05/29/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/1">http://www.openwall.com/lists/oss-security/2025/06/05/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/3">http://www.openwall.com/lists/oss-security/2025/06/05/3</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
@@ -1183,6 +958,9 @@ <h2 id="references">References</h2>
         <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
         </ul>
         
               <hr/>
@@ -2175,148 +1953,6 @@ <h3 class="card__section__title">Detailed paths</h3>
                 <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/utils/kube
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250520182409-89c110b5952e
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250520182409-89c110b5952e
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250520182409-89c110b5952e
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250520182409-89c110b5952e
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
diff --git a/docs/snyk/v3.0.9/redis_7.2.7-alpine.html b/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
index 6281249286391..97a693342e46c 100644
--- a/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:30:20 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:30:10 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html b/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
index fbde912cce0c9..578c9088d9a45 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
+++ b/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:29:05 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:28:48 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html b/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
index bde4126a304f8..0f69bbb774dca 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:29:16 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:29:00 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-test.html b/docs/snyk/v3.1.0-rc1/argocd-test.html
index e145718b1c4da..35f410fc75917 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-test.html
+++ b/docs/snyk/v3.1.0-rc1/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:26:42 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:26:35 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
index f14b1b3bbc604..e532495baf6c2 100644
--- a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="24 known vulnerabilities found in 33 vulnerable dependency paths.">
+  <meta name="description" content="25 known vulnerabilities found in 34 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:26:48 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:26:42 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -500,8 +500,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>33 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>34 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>1131</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -2130,6 +2130,77 @@ <h2 id="references">References</h2>
             </div>
         
         </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Synchronous Access of Remote Resource without Timeout</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: ghcr.io/dexidp/dex:v2.43.0/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/hashicorp/vault/api
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/vault/api@v1.15.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/hairyhenderson/gomplate/v4@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/vault/api@v1.15.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout via the <code>rekey</code> and <code>recovery key</code> operations. An attacker can disrupt service availability by triggering uncontrolled cancellation actions during these processes, which can lead to denial of service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/hashicorp/vault/api</code> to version 1.20.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/hashicorp/vault/commit/318f8582134a4a79a45ee2a6edad3072d865739b">GitHub Commit</a></li>
+        <li><a href="https://github.com/hashicorp/vault/pull/30794">GitHub PR</a></li>
+        <li><a href="https://discuss.hashicorp.com/t/hcsec-2025-11-vault-vulnerable-to-recovery-key-cancellation-denial-of-service/75570">HashiCorp Discuss</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHASHICORPVAULTAPI-10562144">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
       </div><!-- cards -->
     </div>
   </main><!-- .layout-stacked__content -->
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 5c84b5e752254..57ce972e55986 100644
--- a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:26:52 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:26:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index c1fe6bbed58f2..af7100758e35b 100644
--- a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:26:56 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:26:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html b/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
index 487d29dc89a95..40df079176028 100644
--- a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
+++ b/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="22 known vulnerabilities found in 90 vulnerable dependency paths.">
+  <meta name="description" content="19 known vulnerabilities found in 75 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">June 29th 2025, 12:27:31 am (UTC+00:00)</p>
+                <p class="timestamp">July 6th 2025, 12:27:14 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>22</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>90 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>19</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>75 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2369</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -511,231 +511,6 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Race Condition</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            systemd/libsystemd0
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and systemd/libsystemd0@255.4-1ubuntu8.8
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps/libproc2-0@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/bsdutils@1:2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.8
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
-        <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>systemd</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4598">https://access.redhat.com/security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369242">https://bugzilla.redhat.com/show_bug.cgi?id=2369242</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">https://www.openwall.com/lists/oss-security/2025/05/29/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/1">http://www.openwall.com/lists/oss-security/2025/06/05/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/3">http://www.openwall.com/lists/oss-security/2025/06/05/3</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
@@ -1719,148 +1494,6 @@ <h3 class="card__section__title">Detailed paths</h3>
                 <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/utils/kube
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250617174952-093aef0dad58
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250617174952-093aef0dad58
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Encoding or Escaping of Output</h2>

From 9ae4d23fd8f9fe17464728144b3080801c687b13 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Mon, 7 Jul 2025 14:48:51 +0530
Subject: [PATCH 095/383] change fallback log from info to warn

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/cache/cache.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/cache/cache.go b/util/cache/cache.go
index 30b9d66f38ea1..a00755fe31df8 100644
--- a/util/cache/cache.go
+++ b/util/cache/cache.go
@@ -147,7 +147,7 @@ func loadRedisCredsFromSecret(mountPath string, opt Options) *redisCreds {
 		readAuthDetailsFromFile := func(filename string) string {
 			data, err := os.ReadFile(filepath.Join(mountPath, filename))
 			if err != nil {
-				log.Infof("Could not read Redis credential file %s: %v. Falling back to environment variable if available.", filepath.Join(mountPath, filename), err)
+				log.Warnf("Could not read Redis credential file %s: %v. Falling back to environment variable if available.", filepath.Join(mountPath, filename), err)
 				return ""
 			}
 			return strings.TrimSpace(string(data))

From 01bdb199502f4237e2ce393724b88e38aadafefe Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Thu, 10 Jul 2025 15:54:04 +0530
Subject: [PATCH 096/383] standard patch yaml for using password from file
 mount

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../file-mounted-secrets/standard/README.md   | 225 ++++++++++++++++++
 ...lication-controller-statefulset-patch.yaml |  24 ++
 .../standard/config/argocd-redis-cm.yaml      |  45 ++++
 .../standard/kustomization.yaml               |  39 +++
 .../standard/redis-deployment-patch.yaml      |  54 +++++
 .../remove-redis-arg-redis-deployment.yaml    |  20 ++
 ...redis-password-application-controller.yaml |  12 +
 .../remove-redis-password-repo-server.yaml    |  12 +
 .../remove-redis-password-server.yaml         |  12 +
 .../repo-server-deployment-patch.yaml         |  23 ++
 .../standard/server-deployment-patch.yaml     |  24 ++
 11 files changed, 490 insertions(+)
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/README.md
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/kustomization.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml
 create mode 100644 manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml

diff --git a/manifests/overlays/file-mounted-secrets/standard/README.md b/manifests/overlays/file-mounted-secrets/standard/README.md
new file mode 100644
index 0000000000000..b1aa7f05b5acf
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/README.md
@@ -0,0 +1,225 @@
+# Redis Password Configuration Options
+
+ArgoCD supports two methods for configuring Redis password authentication. Choose the option that best fits your deployment needs.
+
+## Option 1: Environment Variable (Default)
+
+**Location**: `manifests/base/`  
+**Use case**: Standard deployments, existing installations  
+**Setup effort**: None (default behavior)  
+
+### Description
+Uses the traditional `REDIS_PASSWORD` environment variable approach where the password is read from the `argocd-redis` Kubernetes secret.
+
+### Usage
+```bash
+# Apply base manifests (default behavior)
+kubectl apply -k manifests/base/
+
+# Verify Redis secret exists
+kubectl get secret argocd-redis -o jsonpath='{.data.auth}' | base64 -d
+```
+
+**✅ This is the recommended approach for most users**
+
+## Option 2: File Mount (Advanced)
+
+**Location**: `manifests/overlays/file-mount/`  
+**Use case**: External secret management, advanced security requirements  
+**Setup effort**: Moderate (requires credential files)  
+
+### Description
+Uses file-based credentials mounted into the Redis container. Supports external secret management systems like Vault, AWS Secrets Manager, etc.
+
+### Usage
+
+#### Step 1: Apply the file-mount overlay
+```bash
+# Apply the file-mount variant
+kubectl apply -k manifests/overlays/file-mount/
+```
+
+#### Step 2: Create your credential secret
+```bash
+# Create secret with credential files
+kubectl create secret generic my-redis-creds \
+  --from-literal=auth=mypassword \
+  --from-literal=auth_username=myuser
+```
+
+#### Step 3: Update Redis to use your secret
+```bash
+# Patch the Redis deployment to use your secret
+kubectl patch deployment argocd-redis -p '{
+  "spec": {
+    "template": {
+      "spec": {
+        "volumes": [{
+          "name": "redis-creds",
+          "secret": {
+            "secretName": "my-redis-creds",
+            "optional": false
+          }
+        }]
+      }
+    }
+  }
+}'
+```
+
+## What's Included in File-Mount Overlay
+
+### New Components
+- **Redis ConfigMap**: Contains Redis configuration template and setup script
+- **Init Container**: Processes credential files and generates Redis configuration
+
+### Patches Applied
+- **Redis Deployment**: Adds init container, volumes, and file-mount support
+- **Server Deployment**: Adds `REDIS_CREDS_FILE_PATH` environment variable
+- **Repo Server Deployment**: Adds `REDIS_CREDS_FILE_PATH` environment variable  
+- **Application Controller**: Adds `REDIS_CREDS_FILE_PATH` environment variable
+- **Application Controller StatefulSet**: Adds `REDIS_CREDS_FILE_PATH` environment variable
+
+## Credential File Structure
+
+When using file-mount, the following files can be provided:
+
+| File Name | Description | Required |
+|-----------|-------------|----------|
+| `auth` | Redis password | Yes |
+| `auth_username` | Redis username | No |
+| `sentinel_username` | Sentinel username | No |
+| `sentinel_auth` | Sentinel password | No |
+
+## Configuration Priority
+
+The file-mount overlay follows this priority order:
+1. **File-based credentials** (if files exist and are readable)
+2. **Environment variables** (fallback if files not found)
+3. **No authentication** (if neither source is available)
+
+## Switching Between Options
+
+### From Environment Variable to File Mount
+```bash
+# Apply the file-mount overlay
+kubectl apply -k manifests/overlays/file-mount/
+
+# Create your credential secret (see Step 2 above)
+kubectl create secret generic my-redis-creds --from-literal=auth=mypassword
+
+# Update Redis deployment (see Step 3 above)
+```
+
+### From File Mount to Environment Variable  
+```bash
+# Apply base manifests
+kubectl apply -k manifests/base/
+
+# Ensure the argocd-redis secret exists
+kubectl get secret argocd-redis
+```
+
+## Verification
+
+### Check which method is active
+```bash
+# Check init container logs
+kubectl logs deployment/argocd-redis -c redis-config-init
+
+# Expected output for file-mount:
+# "Using password from file: /redis-creds/auth"
+
+# Expected output for environment variable:
+# "Using password from environment variable"
+```
+
+### Verify Redis configuration
+```bash
+# Check generated Redis config
+kubectl exec deployment/argocd-redis -- cat /data/redis.conf | grep requirepass
+
+# Test Redis connection
+kubectl exec deployment/argocd-redis -- redis-cli ping
+```
+
+## Integration with External Secret Management
+
+### Example: Using External Secrets Operator
+```yaml
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: vault-backend
+spec:
+  provider:
+    vault:
+      server: "https://vault.example.com"
+      path: "secret"
+      version: "v2"
+      auth:
+        kubernetes:
+          mountPath: "kubernetes"
+          role: "argocd"
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: redis-credentials
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault-backend
+    kind: SecretStore
+  target:
+    name: my-redis-creds
+    creationPolicy: Owner
+  data:
+  - secretKey: auth
+    remoteRef:
+      key: redis
+      property: password
+```
+
+## Troubleshooting
+
+### File mount not working
+```bash
+# Check if files are mounted correctly
+kubectl exec deployment/argocd-redis -- ls -la /redis-creds/
+
+# Check init container logs
+kubectl logs deployment/argocd-redis -c redis-config-init
+
+# Verify secret contents
+kubectl get secret my-redis-creds -o yaml
+```
+
+### Environment variable not working
+```bash
+# Check if argocd-redis secret exists
+kubectl get secret argocd-redis
+
+# Check environment variables in container
+kubectl exec deployment/argocd-redis -- env | grep REDIS_PASSWORD
+```
+
+### Connection issues
+```bash
+# Test Redis connectivity
+kubectl exec deployment/argocd-redis -- redis-cli ping
+
+# Check Redis logs
+kubectl logs deployment/argocd-redis -c redis
+
+# Verify ArgoCD components can connect
+kubectl logs deployment/argocd-server | grep -i redis
+```
+
+## Best Practices
+
+1. **Start with Environment Variable**: Use the default approach unless you have specific requirements
+2. **Secure File Permissions**: Ensure credential files have appropriate permissions (600/400)
+3. **Regular Rotation**: Implement credential rotation for enhanced security
+4. **Monitor Access**: Log and monitor access to credential files
+5. **Backup Strategies**: Include credential management in your backup/recovery procedures 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml
new file mode 100644
index 0000000000000..8a002cd0b4a14
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: argocd-application-controller
+spec:
+  template:
+    spec:
+      containers:
+      - name: argocd-application-controller
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/redis-creds"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: /redis-creds
+            readOnly: true
+      volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: false
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml b/manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml
new file mode 100644
index 0000000000000..7e519bee4633d
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-redis-configmap
+  labels:
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: redis
+data:
+  init.sh: |
+    #!/bin/sh
+
+    set -eu
+
+    REDIS_CONF=/data/conf/redis.conf
+    REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    echo "Reading Redis password from file.."
+    if [ -f "$REDIS_PASSWORD_FILE" ]; then
+      REDIS_PASSWORD=$(cat "$REDIS_PASSWORD_FILE")
+    else
+      echo "Error: Redis password file not found!"
+      exit 1
+    fi
+
+    # Escape special chars for sed - handle more special characters
+    ESCAPED_AUTH=$(printf '%s\n' "$REDIS_PASSWORD" | sed 's/[[\.*^$()+?{|]/\\&/g')
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "Redis config updated at ${REDIS_CONF}"
+
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
diff --git a/manifests/overlays/file-mounted-secrets/standard/kustomization.yaml b/manifests/overlays/file-mounted-secrets/standard/kustomization.yaml
new file mode 100644
index 0000000000000..db2c8192e2883
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/kustomization.yaml
@@ -0,0 +1,39 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Base configuration to build upon
+resources:
+- ../../../base
+- config/argocd-redis-cm.yaml
+
+
+# Patches to modify base resources
+patches:
+- path: redis-deployment-patch.yaml
+  target:
+    kind: Deployment
+    name: argocd-redis
+- path: server-deployment-patch.yaml
+  target:
+    kind: Deployment
+    name: argocd-server
+- path: repo-server-deployment-patch.yaml
+  target:
+    kind: Deployment
+    name: argocd-repo-server
+- path: application-controller-statefulset-patch.yaml
+  target:
+    kind: StatefulSet
+    name: argocd-application-controller
+- path: remove-redis-password-server.yaml
+  target:
+    kind: Deployment
+    name: argocd-server
+- path: remove-redis-password-repo-server.yaml
+  target:
+    kind: Deployment
+    name: argocd-repo-server
+- path: remove-redis-password-application-controller.yaml
+  target:
+    kind: StatefulSet
+    name: argocd-application-controller
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml
new file mode 100644
index 0000000000000..cc37224ef0156
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-redis
+spec:
+  template:
+    spec:
+      initContainers:
+        - name: config-init
+          image: redis:7.2.7-alpine
+          command: 
+          - "sh"
+          - "/readonly-config/init.sh"
+          env:
+            - name: REDIS_CREDS_FILE_PATH
+              value: "/redis-creds"
+          volumeMounts:
+            - name: config
+              mountPath: /readonly-config
+            - name: data
+              mountPath: /data
+            - name: redis-creds
+              mountPath: /run/secrets/argocd/redis-auth
+              readOnly: true
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: false
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+      containers:
+      - name: redis
+        args:
+        - "redis-server"
+        - "/data/conf/redis.conf"
+        volumeMounts:
+          - name: data
+            mountPath: /data
+      volumes:
+        - name: config
+          configMap:
+            name: argocd-redis-configmap
+        - name: data
+          emptyDir: {}
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: false
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml
new file mode 100644
index 0000000000000..8694e4ead9a03
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-redis
+spec:
+  template:
+    spec:
+      containers:
+      - name: redis
+        args:
+        - "--save"
+          $patch: delete
+        - ""
+          $patch: delete
+        - "--appendonly"
+          $patch: delete
+        - "no"
+          $patch: delete
+        - "--requirepass $(REDIS_PASSWORD)"
+          $patch: delete
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml
new file mode 100644
index 0000000000000..6f2d4e7c134d8
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: argocd-application-controller
+spec:
+  template:
+    spec:
+      containers:
+      - name: argocd-application-controller
+        env:
+        - name: REDIS_PASSWORD
+          $patch: delete 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml
new file mode 100644
index 0000000000000..8d8028f18db7d
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      containers:
+      - name: argocd-repo-server
+        env:
+        - name: REDIS_PASSWORD
+          $patch: delete 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml
new file mode 100644
index 0000000000000..7f2fbf4e77680
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-server
+spec:
+  template:
+    spec:
+      containers:
+      - name: argocd-server
+        env:
+        - name: REDIS_PASSWORD
+          $patch: delete 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml
new file mode 100644
index 0000000000000..bade219ff5a25
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-repo-server
+spec:
+  template:
+    spec:
+      containers:
+      - name: argocd-repo-server
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: "/run/secrets/argocd/redis-auth"
+            readOnly: true
+      volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml
new file mode 100644
index 0000000000000..c4bb1ebb1a35a
--- /dev/null
+++ b/manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-server
+spec:
+  template:
+    spec:
+      containers:
+      - name: argocd-server
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/redis-creds"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: /redis-creds
+            readOnly: true
+      volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: false
\ No newline at end of file

From 8aa326fda3ac8d5209f9276d55a483a194723c94 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Tue, 15 Jul 2025 15:59:26 +0530
Subject: [PATCH 097/383] update standalone redis to use redis.conf file

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 manifests/base/redis/argocd-redis-cm.yaml     | 51 ++++++++++++++++
 .../base/redis/argocd-redis-deployment.yaml   | 59 +++++++++++++++----
 manifests/base/redis/kustomization.yaml       |  1 +
 3 files changed, 100 insertions(+), 11 deletions(-)
 create mode 100644 manifests/base/redis/argocd-redis-cm.yaml

diff --git a/manifests/base/redis/argocd-redis-cm.yaml b/manifests/base/redis/argocd-redis-cm.yaml
new file mode 100644
index 0000000000000..18d1e77b57442
--- /dev/null
+++ b/manifests/base/redis/argocd-redis-cm.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-redis-configmap
+  labels:
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+    app.kubernetes.io/component: redis
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+  
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            REDIS_PASSWORD="$file_auth"
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment"
+    else
+        echo "WARNING: Redis password not set via file or environment."
+    fi
+    }
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml
index 9dd65610d7280..331a92dabc5d3 100644
--- a/manifests/base/redis/argocd-redis-deployment.yaml
+++ b/manifests/base/redis/argocd-redis-deployment.yaml
@@ -32,6 +32,36 @@ spec:
             runAsNonRoot: true
             seccompProfile:
               type: RuntimeDefault
+        - name: config-init
+          image: redis:7.2.7-alpine
+          command: 
+          - "sh"
+          - "/readonly-config/init.sh"
+          env:
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: auth
+                  name: argocd-redis
+            - name: REDIS_CREDS_FILE_PATH
+              value: "/run/secrets/argocd/redis-auth"
+          volumeMounts:
+            - name: config
+              mountPath: /readonly-config
+            - name: data
+              mountPath: /data
+            - name: redis-creds
+              mountPath: "/run/secrets/argocd/redis-auth"
+              readOnly: true
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: false
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault      
       securityContext:
         runAsNonRoot: true
         runAsUser: 999
@@ -43,17 +73,8 @@ spec:
         image: redis:7.2.7-alpine
         imagePullPolicy: Always
         args:
-        - "--save"
-        - ""
-        - "--appendonly"
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-          - name: REDIS_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                key: auth
-                name: argocd-redis
+        - "redis-server"
+        - "/data/conf/redis.conf"
         ports:
         - containerPort: 6379
         securityContext:
@@ -62,6 +83,22 @@ spec:
           capabilities:
             drop:
             - ALL
+        volumeMounts:
+          - name: data
+            mountPath: /data   
+      volumes:
+        - name: config
+          configMap:
+            name: argocd-redis-configmap
+        - name: data
+          emptyDir: {}
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: true  
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
diff --git a/manifests/base/redis/kustomization.yaml b/manifests/base/redis/kustomization.yaml
index 249b9b104ef80..7edaf025d8da4 100644
--- a/manifests/base/redis/kustomization.yaml
+++ b/manifests/base/redis/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
   - argocd-redis-network-policy.yaml
   - argocd-redis-role.yaml
   - argocd-redis-rolebinding.yaml
+  - argocd-redis-cm.yaml
 
 images:
   - name: redis

From 6f58117d36a8b1252a25fb4162c85b1dcd6c6c5d Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Tue, 15 Jul 2025 16:40:23 +0530
Subject: [PATCH 098/383] provide option forha redis to retrive redis password
 from file mount

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../ha/base/redis-ha/chart/upstream.yaml      | 208 +++++++++++++++++-
 1 file changed, 201 insertions(+), 7 deletions(-)

diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml
index ba87e074d794e..89aa7568e1179 100644
--- a/manifests/ha/base/redis-ha/chart/upstream.yaml
+++ b/manifests/ha/base/redis-ha/chart/upstream.yaml
@@ -83,6 +83,47 @@ data:
     SENTINEL_TLS_REPLICATION_ENABLED=false
     REDIS_TLS_REPLICATION_ENABLED=false
 
+    load_auth_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+    }
+
+    load_sentinel_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
+        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
+        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis sentinel credentials from file"
+            SENTINELAUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis sentinel credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${SENTINELAUTH:-}" ]; then
+        echo "Retrieved Redis sentinel credentials from environment"
+    else
+        echo "WARNING: Redis sentinel credentials not set via file or environment."
+    fi
+    }
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -303,6 +344,11 @@ data:
 
     identify_announce_ip
 
+    # Load Redis credentials from file or env
+    echo "Loading redis credentials"
+    load_auth_password
+    load_sentinel_password
+
     if [ -z "${ANNOUNCE_IP}" ]; then
         "Error: Could not resolve the announce ip for this pod"
         exit 1
@@ -346,6 +392,27 @@ data:
     ROLE=''
     REDIS_MASTER=''
 
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -708,6 +775,32 @@ data:
   haproxy_init.sh: |
     HAPROXY_CONF=/data/haproxy.cfg
     cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+
+    # Inject AUTH into haproxy config
+    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
+    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
+
     for loop in $(seq 1 10); do
       getent hosts argocd-redis-ha-announce-0 && break
       echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
@@ -739,6 +832,27 @@ data:
     fi
     sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
   trigger-failover-if-master.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+
     get_redis_role() {
       is_master=$(
         redis-cli \
@@ -783,6 +897,27 @@ metadata:
     app: argocd-redis-ha
 data:
   redis_liveness.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -797,6 +932,27 @@ data:
     esac
     exit 0
   redis_readiness.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -1122,6 +1278,14 @@ spec:
       - name: config-init
         image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine
         imagePullPolicy: IfNotPresent
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
+          - name: AUTH
+            valueFrom:
+              secretKeyRef:
+                name: argocd-redis
+                key: auth  
         resources:
           {}
         command:
@@ -1137,6 +1301,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true
         - name: config-volume
           mountPath: /readonly
           readOnly: true
@@ -1154,12 +1321,6 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
-        env:
-        - name: AUTH
-          valueFrom:
-            secretKeyRef:
-              name: argocd-redis
-              key: auth
         livenessProbe:
           httpGet:
             path: /healthz
@@ -1189,6 +1350,13 @@ spec:
         lifecycle:
           {}
       volumes:
+      - name: redis-creds
+        secret:
+          secretName: argocd-redis
+          items:
+            - key: auth
+              path: auth
+          optional: true
       - name: config-volume
         configMap:
           name: argocd-redis-ha-configmap
@@ -1274,6 +1442,8 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
+        - name: REDIS_CREDS_FILE_PATH
+          value: "/run/secrets/argocd/redis-auth"  
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1285,7 +1455,9 @@ spec:
           readOnly: true
         - name: data
           mountPath: /data
-
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true  
 
 
       containers:
@@ -1306,6 +1478,8 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: "/run/secrets/argocd/redis-auth"
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1350,6 +1524,9 @@ spec:
         - name: redis
           containerPort: 6379
         volumeMounts:
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true
         - name: config
           mountPath: /readonly-config
           readOnly: true
@@ -1380,6 +1557,8 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: "/run/secrets/argocd/redis-auth"
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1424,6 +1603,9 @@ spec:
           - name: sentinel
             containerPort: 26379
         volumeMounts:
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true
         - mountPath: /data
           name: data
         - mountPath: /health
@@ -1459,6 +1641,8 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
+        - name: REDIS_CREDS_FILE_PATH
+          value: "/run/secrets/argocd/redis-auth"  
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1467,6 +1651,9 @@ spec:
         resources:
           {}
         volumeMounts:
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true
         - name: config
           mountPath: /readonly-config
           readOnly: true
@@ -1483,3 +1670,10 @@ spec:
       - name: data
         emptyDir:
           {}
+      - name: redis-creds
+        secret:
+          secretName: argocd-redis
+          items:
+            - key: auth
+              path: test
+          optional: true

From 3f2e7e850bc079f84827ff6d5a861ac6a683f722 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Tue, 15 Jul 2025 16:41:18 +0530
Subject: [PATCH 099/383] provide option for argocd comopnent to retrive redis
 password from file mount

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ...ocd-application-controller-deployment.yaml |  12 +
 ...cd-application-controller-statefulset.yaml |  12 +
 .../argocd-repo-server-deployment.yaml        |  12 +
 .../base/server/argocd-server-deployment.yaml |  12 +
 .../file-mounted-secrets/standard/README.md   | 225 ------------------
 ...lication-controller-statefulset-patch.yaml |  24 --
 .../standard/config/argocd-redis-cm.yaml      |  45 ----
 .../standard/kustomization.yaml               |  39 ---
 .../standard/redis-deployment-patch.yaml      |  54 -----
 .../remove-redis-arg-redis-deployment.yaml    |  20 --
 ...redis-password-application-controller.yaml |  12 -
 .../remove-redis-password-repo-server.yaml    |  12 -
 .../remove-redis-password-server.yaml         |  12 -
 .../repo-server-deployment-patch.yaml         |  23 --
 .../standard/server-deployment-patch.yaml     |  24 --
 15 files changed, 48 insertions(+), 490 deletions(-)
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/README.md
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/kustomization.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml
 delete mode 100644 manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml

diff --git a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml
index bfc1ff7d38d89..894b2a5b82136 100644
--- a/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml
+++ b/manifests/base/application-controller-deployment/argocd-application-controller-deployment.yaml
@@ -20,6 +20,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: "/run/secrets/argocd/redis-auth"
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -287,6 +289,9 @@ spec:
           mountPath: /home/argocd
         - name: argocd-cmd-params-cm
           mountPath: /home/argocd/params
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true    
       serviceAccountName: argocd-application-controller
       affinity:
         podAntiAffinity:
@@ -324,5 +329,12 @@ spec:
           items:
           - key: controller.profile.enabled
             path: profiler.enabled
+      - name: redis-creds
+        secret:
+          secretName: argocd-redis
+          items:
+            - key: auth
+              path: auth
+          optional: true      
       nodeSelector:
         kubernetes.io/os: linux
\ No newline at end of file
diff --git a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
index 52696f097fa45..64f74f2c352bf 100644
--- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
+++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
@@ -21,6 +21,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: "/run/secrets/argocd/redis-auth"
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -306,6 +308,9 @@ spec:
           mountPath: /home/argocd/params
         - name: argocd-application-controller-tmp
           mountPath: /tmp
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true  
       serviceAccountName: argocd-application-controller
       affinity:
         podAntiAffinity:
@@ -345,5 +350,12 @@ spec:
           items:
             - key: controller.profile.enabled
               path: profiler.enabled
+      - name: redis-creds
+        secret:
+          secretName: argocd-redis
+          items:
+            - key: auth
+              path: auth
+          optional: true            
       nodeSelector:
         kubernetes.io/os: linux
\ No newline at end of file
diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml
index 1b582f91ee4cb..f5237c41f0d85 100644
--- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml
+++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml
@@ -24,6 +24,8 @@ spec:
         args:
           - /usr/local/bin/argocd-repo-server
         env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
           - name: REDIS_PASSWORD
             valueFrom:
               secretKeyRef:
@@ -266,6 +268,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - name: redis-creds
+          mountPath: "/run/secrets/argocd/redis-auth"
+          readOnly: true
         - name: ssh-known-hosts
           mountPath: /app/config/ssh
         - name: tls-certs
@@ -303,6 +308,13 @@ spec:
         - mountPath: /var/run/argocd
           name: var-files
       volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: true      
         - name: ssh-known-hosts
           configMap:
             name: argocd-ssh-known-hosts-cm
diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml
index acfbbc2361f6f..cf3027eea9d5e 100644
--- a/manifests/base/server/argocd-server-deployment.yaml
+++ b/manifests/base/server/argocd-server-deployment.yaml
@@ -23,6 +23,8 @@ spec:
           args:
             - /usr/local/bin/argocd-server
           env:
+            - name: REDIS_CREDS_FILE_PATH
+              value: "/run/secrets/argocd/redis-auth"
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:
@@ -311,6 +313,9 @@ spec:
                   key: server.sync.replace.allowed
                   optional: true
           volumeMounts:
+            - name: redis-creds
+              mountPath: "/run/secrets/argocd/redis-auth"
+              readOnly: true
             - name: ssh-known-hosts
               mountPath: /app/config/ssh
             - name: tls-certs
@@ -351,6 +356,13 @@ spec:
             seccompProfile:
               type: RuntimeDefault
       volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: true
         - emptyDir: {}
           name: plugins-home
         - emptyDir: {}
diff --git a/manifests/overlays/file-mounted-secrets/standard/README.md b/manifests/overlays/file-mounted-secrets/standard/README.md
deleted file mode 100644
index b1aa7f05b5acf..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/README.md
+++ /dev/null
@@ -1,225 +0,0 @@
-# Redis Password Configuration Options
-
-ArgoCD supports two methods for configuring Redis password authentication. Choose the option that best fits your deployment needs.
-
-## Option 1: Environment Variable (Default)
-
-**Location**: `manifests/base/`  
-**Use case**: Standard deployments, existing installations  
-**Setup effort**: None (default behavior)  
-
-### Description
-Uses the traditional `REDIS_PASSWORD` environment variable approach where the password is read from the `argocd-redis` Kubernetes secret.
-
-### Usage
-```bash
-# Apply base manifests (default behavior)
-kubectl apply -k manifests/base/
-
-# Verify Redis secret exists
-kubectl get secret argocd-redis -o jsonpath='{.data.auth}' | base64 -d
-```
-
-**✅ This is the recommended approach for most users**
-
-## Option 2: File Mount (Advanced)
-
-**Location**: `manifests/overlays/file-mount/`  
-**Use case**: External secret management, advanced security requirements  
-**Setup effort**: Moderate (requires credential files)  
-
-### Description
-Uses file-based credentials mounted into the Redis container. Supports external secret management systems like Vault, AWS Secrets Manager, etc.
-
-### Usage
-
-#### Step 1: Apply the file-mount overlay
-```bash
-# Apply the file-mount variant
-kubectl apply -k manifests/overlays/file-mount/
-```
-
-#### Step 2: Create your credential secret
-```bash
-# Create secret with credential files
-kubectl create secret generic my-redis-creds \
-  --from-literal=auth=mypassword \
-  --from-literal=auth_username=myuser
-```
-
-#### Step 3: Update Redis to use your secret
-```bash
-# Patch the Redis deployment to use your secret
-kubectl patch deployment argocd-redis -p '{
-  "spec": {
-    "template": {
-      "spec": {
-        "volumes": [{
-          "name": "redis-creds",
-          "secret": {
-            "secretName": "my-redis-creds",
-            "optional": false
-          }
-        }]
-      }
-    }
-  }
-}'
-```
-
-## What's Included in File-Mount Overlay
-
-### New Components
-- **Redis ConfigMap**: Contains Redis configuration template and setup script
-- **Init Container**: Processes credential files and generates Redis configuration
-
-### Patches Applied
-- **Redis Deployment**: Adds init container, volumes, and file-mount support
-- **Server Deployment**: Adds `REDIS_CREDS_FILE_PATH` environment variable
-- **Repo Server Deployment**: Adds `REDIS_CREDS_FILE_PATH` environment variable  
-- **Application Controller**: Adds `REDIS_CREDS_FILE_PATH` environment variable
-- **Application Controller StatefulSet**: Adds `REDIS_CREDS_FILE_PATH` environment variable
-
-## Credential File Structure
-
-When using file-mount, the following files can be provided:
-
-| File Name | Description | Required |
-|-----------|-------------|----------|
-| `auth` | Redis password | Yes |
-| `auth_username` | Redis username | No |
-| `sentinel_username` | Sentinel username | No |
-| `sentinel_auth` | Sentinel password | No |
-
-## Configuration Priority
-
-The file-mount overlay follows this priority order:
-1. **File-based credentials** (if files exist and are readable)
-2. **Environment variables** (fallback if files not found)
-3. **No authentication** (if neither source is available)
-
-## Switching Between Options
-
-### From Environment Variable to File Mount
-```bash
-# Apply the file-mount overlay
-kubectl apply -k manifests/overlays/file-mount/
-
-# Create your credential secret (see Step 2 above)
-kubectl create secret generic my-redis-creds --from-literal=auth=mypassword
-
-# Update Redis deployment (see Step 3 above)
-```
-
-### From File Mount to Environment Variable  
-```bash
-# Apply base manifests
-kubectl apply -k manifests/base/
-
-# Ensure the argocd-redis secret exists
-kubectl get secret argocd-redis
-```
-
-## Verification
-
-### Check which method is active
-```bash
-# Check init container logs
-kubectl logs deployment/argocd-redis -c redis-config-init
-
-# Expected output for file-mount:
-# "Using password from file: /redis-creds/auth"
-
-# Expected output for environment variable:
-# "Using password from environment variable"
-```
-
-### Verify Redis configuration
-```bash
-# Check generated Redis config
-kubectl exec deployment/argocd-redis -- cat /data/redis.conf | grep requirepass
-
-# Test Redis connection
-kubectl exec deployment/argocd-redis -- redis-cli ping
-```
-
-## Integration with External Secret Management
-
-### Example: Using External Secrets Operator
-```yaml
-apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
-metadata:
-  name: vault-backend
-spec:
-  provider:
-    vault:
-      server: "https://vault.example.com"
-      path: "secret"
-      version: "v2"
-      auth:
-        kubernetes:
-          mountPath: "kubernetes"
-          role: "argocd"
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: redis-credentials
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: vault-backend
-    kind: SecretStore
-  target:
-    name: my-redis-creds
-    creationPolicy: Owner
-  data:
-  - secretKey: auth
-    remoteRef:
-      key: redis
-      property: password
-```
-
-## Troubleshooting
-
-### File mount not working
-```bash
-# Check if files are mounted correctly
-kubectl exec deployment/argocd-redis -- ls -la /redis-creds/
-
-# Check init container logs
-kubectl logs deployment/argocd-redis -c redis-config-init
-
-# Verify secret contents
-kubectl get secret my-redis-creds -o yaml
-```
-
-### Environment variable not working
-```bash
-# Check if argocd-redis secret exists
-kubectl get secret argocd-redis
-
-# Check environment variables in container
-kubectl exec deployment/argocd-redis -- env | grep REDIS_PASSWORD
-```
-
-### Connection issues
-```bash
-# Test Redis connectivity
-kubectl exec deployment/argocd-redis -- redis-cli ping
-
-# Check Redis logs
-kubectl logs deployment/argocd-redis -c redis
-
-# Verify ArgoCD components can connect
-kubectl logs deployment/argocd-server | grep -i redis
-```
-
-## Best Practices
-
-1. **Start with Environment Variable**: Use the default approach unless you have specific requirements
-2. **Secure File Permissions**: Ensure credential files have appropriate permissions (600/400)
-3. **Regular Rotation**: Implement credential rotation for enhanced security
-4. **Monitor Access**: Log and monitor access to credential files
-5. **Backup Strategies**: Include credential management in your backup/recovery procedures 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml
deleted file mode 100644
index 8a002cd0b4a14..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/application-controller-statefulset-patch.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: argocd-application-controller
-spec:
-  template:
-    spec:
-      containers:
-      - name: argocd-application-controller
-        env:
-          - name: REDIS_CREDS_FILE_PATH
-            value: "/redis-creds"
-        volumeMounts:
-          - name: redis-creds
-            mountPath: /redis-creds
-            readOnly: true
-      volumes:
-        - name: redis-creds
-          secret:
-            secretName: argocd-redis
-            items:
-              - key: auth
-                path: auth
-            optional: false
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml b/manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml
deleted file mode 100644
index 7e519bee4633d..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/config/argocd-redis-cm.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-redis-configmap
-  labels:
-    app.kubernetes.io/name: argocd-redis
-    app.kubernetes.io/part-of: argocd
-    app.kubernetes.io/component: redis
-data:
-  init.sh: |
-    #!/bin/sh
-
-    set -eu
-
-    REDIS_CONF=/data/conf/redis.conf
-    REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-
-    mkdir -p /data/conf
-
-    echo "Copying default redis config.."
-    cp /readonly-config/redis.conf "${REDIS_CONF}"
-
-    echo "Reading Redis password from file.."
-    if [ -f "$REDIS_PASSWORD_FILE" ]; then
-      REDIS_PASSWORD=$(cat "$REDIS_PASSWORD_FILE")
-    else
-      echo "Error: Redis password file not found!"
-      exit 1
-    fi
-
-    # Escape special chars for sed - handle more special characters
-    ESCAPED_AUTH=$(printf '%s\n' "$REDIS_PASSWORD" | sed 's/[[\.*^$()+?{|]/\\&/g')
-    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
-
-    echo "Redis config updated at ${REDIS_CONF}"
-
-  redis.conf: |
-    # Redis configuration file template
-
-    dir "/data"
-    port 6379
-    bind 0.0.0.0
-    appendonly no
-    save ""
-    requirepass replace-default-auth
diff --git a/manifests/overlays/file-mounted-secrets/standard/kustomization.yaml b/manifests/overlays/file-mounted-secrets/standard/kustomization.yaml
deleted file mode 100644
index db2c8192e2883..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/kustomization.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-# Base configuration to build upon
-resources:
-- ../../../base
-- config/argocd-redis-cm.yaml
-
-
-# Patches to modify base resources
-patches:
-- path: redis-deployment-patch.yaml
-  target:
-    kind: Deployment
-    name: argocd-redis
-- path: server-deployment-patch.yaml
-  target:
-    kind: Deployment
-    name: argocd-server
-- path: repo-server-deployment-patch.yaml
-  target:
-    kind: Deployment
-    name: argocd-repo-server
-- path: application-controller-statefulset-patch.yaml
-  target:
-    kind: StatefulSet
-    name: argocd-application-controller
-- path: remove-redis-password-server.yaml
-  target:
-    kind: Deployment
-    name: argocd-server
-- path: remove-redis-password-repo-server.yaml
-  target:
-    kind: Deployment
-    name: argocd-repo-server
-- path: remove-redis-password-application-controller.yaml
-  target:
-    kind: StatefulSet
-    name: argocd-application-controller
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml
deleted file mode 100644
index cc37224ef0156..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/redis-deployment-patch.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-redis
-spec:
-  template:
-    spec:
-      initContainers:
-        - name: config-init
-          image: redis:7.2.7-alpine
-          command: 
-          - "sh"
-          - "/readonly-config/init.sh"
-          env:
-            - name: REDIS_CREDS_FILE_PATH
-              value: "/redis-creds"
-          volumeMounts:
-            - name: config
-              mountPath: /readonly-config
-            - name: data
-              mountPath: /data
-            - name: redis-creds
-              mountPath: /run/secrets/argocd/redis-auth
-              readOnly: true
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            readOnlyRootFilesystem: false
-            runAsNonRoot: true
-            seccompProfile:
-              type: RuntimeDefault
-      containers:
-      - name: redis
-        args:
-        - "redis-server"
-        - "/data/conf/redis.conf"
-        volumeMounts:
-          - name: data
-            mountPath: /data
-      volumes:
-        - name: config
-          configMap:
-            name: argocd-redis-configmap
-        - name: data
-          emptyDir: {}
-        - name: redis-creds
-          secret:
-            secretName: argocd-redis
-            items:
-              - key: auth
-                path: auth
-            optional: false
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml
deleted file mode 100644
index 8694e4ead9a03..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/remove-redis-arg-redis-deployment.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-redis
-spec:
-  template:
-    spec:
-      containers:
-      - name: redis
-        args:
-        - "--save"
-          $patch: delete
-        - ""
-          $patch: delete
-        - "--appendonly"
-          $patch: delete
-        - "no"
-          $patch: delete
-        - "--requirepass $(REDIS_PASSWORD)"
-          $patch: delete
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml
deleted file mode 100644
index 6f2d4e7c134d8..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-application-controller.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: argocd-application-controller
-spec:
-  template:
-    spec:
-      containers:
-      - name: argocd-application-controller
-        env:
-        - name: REDIS_PASSWORD
-          $patch: delete 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml
deleted file mode 100644
index 8d8028f18db7d..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-repo-server.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-repo-server
-spec:
-  template:
-    spec:
-      containers:
-      - name: argocd-repo-server
-        env:
-        - name: REDIS_PASSWORD
-          $patch: delete 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml b/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml
deleted file mode 100644
index 7f2fbf4e77680..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/remove-redis-password-server.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-server
-spec:
-  template:
-    spec:
-      containers:
-      - name: argocd-server
-        env:
-        - name: REDIS_PASSWORD
-          $patch: delete 
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml
deleted file mode 100644
index bade219ff5a25..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/repo-server-deployment-patch.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-repo-server
-spec:
-  template:
-    spec:
-      containers:
-      - name: argocd-repo-server
-        env:
-          - name: REDIS_CREDS_FILE_PATH
-            value: "/run/secrets/argocd/redis-auth"
-        volumeMounts:
-          - name: redis-creds
-            mountPath: "/run/secrets/argocd/redis-auth"
-            readOnly: true
-      volumes:
-        - name: redis-creds
-          secret:
-            secretName: argocd-redis
-            items:
-              - key: auth
-                path: auth
\ No newline at end of file
diff --git a/manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml b/manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml
deleted file mode 100644
index c4bb1ebb1a35a..0000000000000
--- a/manifests/overlays/file-mounted-secrets/standard/server-deployment-patch.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-server
-spec:
-  template:
-    spec:
-      containers:
-      - name: argocd-server
-        env:
-          - name: REDIS_CREDS_FILE_PATH
-            value: "/redis-creds"
-        volumeMounts:
-          - name: redis-creds
-            mountPath: /redis-creds
-            readOnly: true
-      volumes:
-        - name: redis-creds
-          secret:
-            secretName: argocd-redis
-            items:
-              - key: auth
-                path: auth
-            optional: false
\ No newline at end of file

From e4c240e1b8648608d265fdb6680bfd9ce197f5a2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Jul 2025 14:16:51 +0000
Subject: [PATCH 100/383] chore(deps): bump github.com/olekukonko/tablewriter
 from 1.0.7 to 1.0.8 (#23670)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 769d928b3748b..10b12234a41f4 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/mattn/go-zglob v0.0.6
 	github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.1-0.20241014080628-3045bdf43455
 	github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1
-	github.com/olekukonko/tablewriter v1.0.7
+	github.com/olekukonko/tablewriter v1.0.8
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible
diff --git a/go.sum b/go.sum
index 73333e4d83b30..0d577192c6412 100644
--- a/go.sum
+++ b/go.sum
@@ -680,8 +680,8 @@ github.com/olekukonko/errors v0.0.0-20250405072817-4e6d85265da6/go.mod h1:ppzxA5
 github.com/olekukonko/ll v0.0.8 h1:sbGZ1Fx4QxJXEqL/6IG8GEFnYojUSQ45dJVwN2FH2fc=
 github.com/olekukonko/ll v0.0.8/go.mod h1:En+sEW0JNETl26+K8eZ6/W4UQ7CYSrrgg/EdIYT2H8g=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/olekukonko/tablewriter v1.0.7 h1:HCC2e3MM+2g72M81ZcJU11uciw6z/p82aEnm4/ySDGw=
-github.com/olekukonko/tablewriter v1.0.7/go.mod h1:H428M+HzoUXC6JU2Abj9IT9ooRmdq9CxuDmKMtrOCMs=
+github.com/olekukonko/tablewriter v1.0.8 h1:f6wJzHg4QUtJdvrVPKco4QTrAylgaU0+b9br/lJxEiQ=
+github.com/olekukonko/tablewriter v1.0.8/go.mod h1:H428M+HzoUXC6JU2Abj9IT9ooRmdq9CxuDmKMtrOCMs=
 github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852/go.mod h1:eqOVx5Vwu4gd2mmMZvVZsgIqNSaW3xxRThUJ0k/TPk4=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=

From 50fa799d0c3e3c811db44b8405e2bfcb3d268360 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Mon, 7 Jul 2025 13:38:37 -0400
Subject: [PATCH 101/383] chore(refactor): simplify selfHeal logic (#23626)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go      |  85 +++++++++++---------
 controller/appcontroller_test.go | 128 +++++++++++++++++++------------
 2 files changed, 127 insertions(+), 86 deletions(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index ad0dfe0379880..cb3d3b8e4bc5c 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -126,7 +126,7 @@ type ApplicationController struct {
 	statusHardRefreshTimeout      time.Duration
 	statusRefreshJitter           time.Duration
 	selfHealTimeout               time.Duration
-	selfHealBackOff               *wait.Backoff
+	selfHealBackoff               *wait.Backoff
 	selfHealBackoffCooldown       time.Duration
 	syncTimeout                   time.Duration
 	db                            db.ArgoDB
@@ -209,7 +209,7 @@ func NewApplicationController(
 		auditLogger:                       argo.NewAuditLogger(kubeClientset, common.ApplicationController, enableK8sEvent),
 		settingsMgr:                       settingsMgr,
 		selfHealTimeout:                   selfHealTimeout,
-		selfHealBackOff:                   selfHealBackoff,
+		selfHealBackoff:                   selfHealBackoff,
 		selfHealBackoffCooldown:           selfHealBackoffCooldown,
 		syncTimeout:                       syncTimeout,
 		clusterSharding:                   clusterSharding,
@@ -2139,39 +2139,47 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 	if app.Spec.SyncPolicy.Retry != nil {
 		op.Retry = *app.Spec.SyncPolicy.Retry
 	}
+
 	// It is possible for manifests to remain OutOfSync even after a sync/kubectl apply (e.g.
 	// auto-sync with pruning disabled). We need to ensure that we do not keep Syncing an
 	// application in an infinite loop. To detect this, we only attempt the Sync if the revision
 	// and parameter overrides are different from our most recent sync operation.
-	if alreadyAttempted && (!selfHeal || !attemptPhase.Successful()) {
+	if alreadyAttempted {
 		if !attemptPhase.Successful() {
 			logCtx.Warnf("Skipping auto-sync: failed previous sync attempt to %s", desiredCommitSHA)
 			message := fmt.Sprintf("Failed sync attempt to %s: %s", desiredCommitSHA, app.Status.OperationState.Message)
 			return &appv1.ApplicationCondition{Type: appv1.ApplicationConditionSyncError, Message: message}, 0
 		}
-		logCtx.Infof("Skipping auto-sync: most recent sync already to %s", desiredCommitSHA)
-		return nil, 0
-	} else if selfHeal {
-		shouldSelfHeal, retryAfter := ctrl.shouldSelfHeal(app, alreadyAttempted)
-		if app.Status.OperationState != nil && app.Status.OperationState.Operation.Sync != nil {
-			op.Sync.SelfHealAttemptsCount = app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount
+		if !selfHeal {
+			logCtx.Infof("Skipping auto-sync: most recent sync already to %s", desiredCommitSHA)
+			return nil, 0
 		}
+		// Self heal will trigger a new sync operation when the desired state changes and cause the application to
+		// be OutOfSync when it was previously synced Successfully. This means SelfHeal should only ever be attempted
+		// when the revisions have not changed, and where the previous sync to these revision was successful
 
-		if alreadyAttempted {
-			if !shouldSelfHeal {
-				logCtx.Infof("Skipping auto-sync: already attempted sync to %s with timeout %v (retrying in %v)", desiredCommitSHA, ctrl.selfHealTimeout, retryAfter)
-				ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), &retryAfter)
-				return nil, 0
+		// Only carry SelfHealAttemptsCount to be increased when the selfHealBackoffCooldown has not elapsed yet
+		if !ctrl.selfHealBackoffCooldownElapsed(app) {
+			if app.Status.OperationState != nil && app.Status.OperationState.Operation.Sync != nil {
+				op.Sync.SelfHealAttemptsCount = app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount
 			}
-			op.Sync.SelfHealAttemptsCount++
-			for _, resource := range resources {
-				if resource.Status != appv1.SyncStatusCodeSynced {
-					op.Sync.Resources = append(op.Sync.Resources, appv1.SyncOperationResource{
-						Kind:  resource.Kind,
-						Group: resource.Group,
-						Name:  resource.Name,
-					})
-				}
+		}
+
+		remainingTime := ctrl.selfHealRemainingBackoff(app, int(op.Sync.SelfHealAttemptsCount))
+		if remainingTime > 0 {
+			logCtx.Infof("Skipping auto-sync: already attempted sync to %s with timeout %v (retrying in %v)", desiredCommitSHA, ctrl.selfHealTimeout, remainingTime)
+			ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), &remainingTime)
+			return nil, 0
+		}
+
+		op.Sync.SelfHealAttemptsCount++
+		for _, resource := range resources {
+			if resource.Status != appv1.SyncStatusCodeSynced {
+				op.Sync.Resources = append(op.Sync.Resources, appv1.SyncOperationResource{
+					Kind:  resource.Kind,
+					Group: resource.Group,
+					Name:  resource.Name,
+				})
 			}
 		}
 	}
@@ -2254,9 +2262,9 @@ func alreadyAttemptedSync(app *appv1.Application, commitSHA string, commitSHAsMS
 	return reflect.DeepEqual(app.Spec.GetSource(), app.Status.OperationState.SyncResult.Source), app.Status.OperationState.Phase
 }
 
-func (ctrl *ApplicationController) shouldSelfHeal(app *appv1.Application, alreadyAttempted bool) (bool, time.Duration) {
+func (ctrl *ApplicationController) selfHealRemainingBackoff(app *appv1.Application, selfHealAttemptsCount int) time.Duration {
 	if app.Status.OperationState == nil {
-		return true, time.Duration(0)
+		return time.Duration(0)
 	}
 
 	var timeSinceOperation *time.Duration
@@ -2264,34 +2272,41 @@ func (ctrl *ApplicationController) shouldSelfHeal(app *appv1.Application, alread
 		timeSinceOperation = ptr.To(time.Since(app.Status.OperationState.FinishedAt.Time))
 	}
 
-	// Reset counter if the prior sync was successful and the cooldown period is over OR if the revision has changed
-	if !alreadyAttempted || (timeSinceOperation != nil && *timeSinceOperation >= ctrl.selfHealBackoffCooldown && app.Status.Sync.Status == appv1.SyncStatusCodeSynced) {
-		app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount = 0
-	}
-
 	var retryAfter time.Duration
-	if ctrl.selfHealBackOff == nil {
+	if ctrl.selfHealBackoff == nil {
 		if timeSinceOperation == nil {
 			retryAfter = ctrl.selfHealTimeout
 		} else {
 			retryAfter = ctrl.selfHealTimeout - *timeSinceOperation
 		}
 	} else {
-		backOff := *ctrl.selfHealBackOff
-		backOff.Steps = int(app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount)
+		backOff := *ctrl.selfHealBackoff
+		backOff.Steps = selfHealAttemptsCount
 		var delay time.Duration
 		steps := backOff.Steps
 		for i := 0; i < steps; i++ {
 			delay = backOff.Step()
 		}
-
 		if timeSinceOperation == nil {
 			retryAfter = delay
 		} else {
 			retryAfter = delay - *timeSinceOperation
 		}
 	}
-	return retryAfter <= 0, retryAfter
+	return retryAfter
+}
+
+// selfHealBackoffCooldownElapsed returns true when the last successful sync has occurred since longer
+// than then self heal cooldown. This means that the application has been in sync for long enough to
+// reset the self healing backoff to its initial state
+func (ctrl *ApplicationController) selfHealBackoffCooldownElapsed(app *appv1.Application) bool {
+	if app.Status.OperationState == nil || app.Status.OperationState.FinishedAt == nil {
+		// Something is in progress, or about to be. In that case, selfHeal attempt should be zero anyway
+		return true
+	}
+
+	timeSinceLastOperation := time.Since(app.Status.OperationState.FinishedAt.Time)
+	return timeSinceLastOperation >= ctrl.selfHealBackoffCooldown && app.Status.OperationState.Phase.Successful()
 }
 
 // isAppNamespaceAllowed returns whether the application is allowed in the
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index 8375e78ce83ea..35bb2e11368e5 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -794,6 +794,30 @@ func TestSkipAutoSync(t *testing.T) {
 		assert.Nil(t, app.Operation)
 	})
 
+	t.Run("PreviousSyncAttemptError", func(t *testing.T) {
+		app := newFakeApp()
+		app.Status.OperationState = &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{},
+			},
+			Phase: synccommon.OperationError,
+			SyncResult: &v1alpha1.SyncOperationResult{
+				Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
+				Source:   *app.Spec.Source.DeepCopy(),
+			},
+		}
+		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
+		syncStatus := v1alpha1.SyncStatus{
+			Status:   v1alpha1.SyncStatusCodeOutOfSync,
+			Revision: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
+		}
+		cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true)
+		assert.NotNil(t, cond)
+		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(t.Context(), "my-app", metav1.GetOptions{})
+		require.NoError(t, err)
+		assert.Nil(t, app.Operation)
+	})
+
 	t.Run("NeedsToPruneResourcesOnlyButAutomatedPruneDisabled", func(t *testing.T) {
 		app := newFakeApp()
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
@@ -2559,14 +2583,13 @@ func assertDurationAround(t *testing.T, expected time.Duration, actual time.Dura
 	assert.LessOrEqual(t, expected, actual+delta)
 }
 
-func TestSelfHealExponentialBackoff(t *testing.T) {
+func TestSelfHealRemainingBackoff(t *testing.T) {
 	ctrl := newFakeController(&fakeData{}, nil)
-	ctrl.selfHealBackOff = &wait.Backoff{
+	ctrl.selfHealBackoff = &wait.Backoff{
 		Factor:   3,
 		Duration: 2 * time.Second,
 		Cap:      2 * time.Minute,
 	}
-
 	app := &v1alpha1.Application{
 		Status: v1alpha1.ApplicationStatus{
 			OperationState: &v1alpha1.OperationState{
@@ -2578,109 +2601,112 @@ func TestSelfHealExponentialBackoff(t *testing.T) {
 	}
 
 	testCases := []struct {
-		attempts         int64
-		expectedAttempts int64
+		attempts         int
 		finishedAt       *metav1.Time
 		expectedDuration time.Duration
 		shouldSelfHeal   bool
-		alreadyAttempted bool
-		syncStatus       v1alpha1.SyncStatusCode
 	}{{
 		attempts:         0,
 		finishedAt:       ptr.To(metav1.Now()),
 		expectedDuration: 0,
 		shouldSelfHeal:   true,
-		alreadyAttempted: true,
-		expectedAttempts: 0,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
 		attempts:         1,
 		finishedAt:       ptr.To(metav1.Now()),
 		expectedDuration: 2 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 1,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
 		attempts:         2,
 		finishedAt:       ptr.To(metav1.Now()),
 		expectedDuration: 6 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 2,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
 		attempts:         3,
 		finishedAt:       nil,
 		expectedDuration: 18 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 3,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
 		attempts:         4,
 		finishedAt:       nil,
 		expectedDuration: 54 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 4,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
 		attempts:         5,
 		finishedAt:       nil,
 		expectedDuration: 120 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 5,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
 		attempts:         6,
 		finishedAt:       nil,
 		expectedDuration: 120 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 6,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
 	}, {
-		attempts:         6,
-		finishedAt:       nil,
-		expectedDuration: 0,
-		shouldSelfHeal:   true,
-		alreadyAttempted: false,
-		expectedAttempts: 0,
-		syncStatus:       v1alpha1.SyncStatusCodeOutOfSync,
-	}, { // backoff will not reset as finished tme isn't >= cooldown
 		attempts:         6,
 		finishedAt:       ptr.To(metav1.Now()),
 		expectedDuration: 120 * time.Second,
 		shouldSelfHeal:   false,
-		alreadyAttempted: true,
-		expectedAttempts: 6,
-		syncStatus:       v1alpha1.SyncStatusCodeSynced,
-	}, { // backoff will reset as finished time is >= cooldown
+	}, {
 		attempts:         40,
-		finishedAt:       &metav1.Time{Time: time.Now().Add(-(1 * time.Minute))},
-		expectedDuration: -60 * time.Second,
-		shouldSelfHeal:   true,
-		alreadyAttempted: true,
-		expectedAttempts: 0,
-		syncStatus:       v1alpha1.SyncStatusCodeSynced,
+		finishedAt:       &metav1.Time{Time: time.Now().Add(-1 * time.Minute)},
+		expectedDuration: 60 * time.Second,
+		shouldSelfHeal:   false,
 	}}
 
 	for i := range testCases {
 		tc := testCases[i]
 		t.Run(fmt.Sprintf("test case %d", i), func(t *testing.T) {
-			app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount = tc.attempts
 			app.Status.OperationState.FinishedAt = tc.finishedAt
-			app.Status.Sync.Status = tc.syncStatus
-			ok, duration := ctrl.shouldSelfHeal(app, tc.alreadyAttempted)
-			require.Equal(t, ok, tc.shouldSelfHeal)
-			require.Equal(t, tc.expectedAttempts, app.Status.OperationState.Operation.Sync.SelfHealAttemptsCount)
+			duration := ctrl.selfHealRemainingBackoff(app, tc.attempts)
+			shouldSelfHeal := duration <= 0
+			require.Equal(t, tc.shouldSelfHeal, shouldSelfHeal)
 			assertDurationAround(t, tc.expectedDuration, duration)
 		})
 	}
 }
 
+func TestSelfHealBackoffCooldownElapsed(t *testing.T) {
+	cooldown := time.Second * 30
+	ctrl := newFakeController(&fakeData{}, nil)
+	ctrl.selfHealBackoffCooldown = cooldown
+
+	app := &v1alpha1.Application{
+		Status: v1alpha1.ApplicationStatus{
+			OperationState: &v1alpha1.OperationState{
+				Phase: synccommon.OperationSucceeded,
+			},
+		},
+	}
+
+	t.Run("operation not completed", func(t *testing.T) {
+		app := app.DeepCopy()
+		app.Status.OperationState.FinishedAt = nil
+		elapsed := ctrl.selfHealBackoffCooldownElapsed(app)
+		assert.True(t, elapsed)
+	})
+
+	t.Run("successful operation finised after cooldown", func(t *testing.T) {
+		app := app.DeepCopy()
+		app.Status.OperationState.FinishedAt = &metav1.Time{Time: time.Now().Add(-cooldown)}
+		elapsed := ctrl.selfHealBackoffCooldownElapsed(app)
+		assert.True(t, elapsed)
+	})
+
+	t.Run("unsuccessful operation finised after cooldown", func(t *testing.T) {
+		app := app.DeepCopy()
+		app.Status.OperationState.Phase = synccommon.OperationFailed
+		app.Status.OperationState.FinishedAt = &metav1.Time{Time: time.Now().Add(-cooldown)}
+		elapsed := ctrl.selfHealBackoffCooldownElapsed(app)
+		assert.False(t, elapsed)
+	})
+
+	t.Run("successful operation finised before cooldown", func(t *testing.T) {
+		app := app.DeepCopy()
+		app.Status.OperationState.FinishedAt = &metav1.Time{Time: time.Now()}
+		elapsed := ctrl.selfHealBackoffCooldownElapsed(app)
+		assert.False(t, elapsed)
+	})
+}
+
 func TestSyncTimeout(t *testing.T) {
 	testCases := []struct {
 		delta           time.Duration

From 6a63bf4ee16fdbe743c94ef7da33c6ea916e7d59 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Tue, 8 Jul 2025 18:43:55 +0530
Subject: [PATCH 102/383] test: add tests for retrieving the version (#23572)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 common/version_test.go | 82 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100644 common/version_test.go

diff --git a/common/version_test.go b/common/version_test.go
new file mode 100644
index 0000000000000..baa2c085df720
--- /dev/null
+++ b/common/version_test.go
@@ -0,0 +1,82 @@
+package common
+
+import (
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetVersion(t *testing.T) {
+	tests := []struct {
+		name           string
+		inputGitCommit string
+		inputGitTag    string
+		inputTreeState string
+		inputVersion   string
+		expected       string
+	}{
+		{
+			name:           "Official release with tag and clean state",
+			inputGitCommit: "abcdef123456",
+			inputGitTag:    "v1.2.3",
+			inputTreeState: "clean",
+			inputVersion:   "1.2.3",
+			expected:       "v1.2.3",
+		},
+		{
+			name:           "Dirty state with commit",
+			inputGitCommit: "deadbeefcafebabe",
+			inputGitTag:    "",
+			inputTreeState: "dirty",
+			inputVersion:   "2.0.1",
+			expected:       "v2.0.1+deadbee.dirty",
+		},
+		{
+			name:           "Clean state with commit, no tag",
+			inputGitCommit: "cafebabedeadbeef",
+			inputGitTag:    "",
+			inputTreeState: "clean",
+			inputVersion:   "2.1.0",
+			expected:       "v2.1.0+cafebab",
+		},
+		{
+			name:           "Missing commit and tag",
+			inputGitCommit: "",
+			inputGitTag:    "",
+			inputTreeState: "clean",
+			inputVersion:   "3.1.0",
+			expected:       "v3.1.0+unknown",
+		},
+		{
+			name:           "Short commit",
+			inputGitCommit: "abc",
+			inputGitTag:    "",
+			inputTreeState: "clean",
+			inputVersion:   "4.0.0",
+			expected:       "v4.0.0+unknown",
+		},
+	}
+	for _, tt := range tests {
+		gitCommit = tt.inputGitCommit
+		gitTag = tt.inputGitTag
+		gitTreeState = tt.inputTreeState
+		version = tt.inputVersion
+
+		buildDate = "2025-06-26"
+		kubectlVersion = "v1.30.0"
+		extraBuildInfo = "test-build"
+
+		got := GetVersion()
+		assert.Equal(t, tt.expected, got.Version)
+		assert.Equal(t, buildDate, got.BuildDate)
+		assert.Equal(t, tt.inputGitCommit, got.GitCommit)
+		assert.Equal(t, tt.inputGitTag, got.GitTag)
+		assert.Equal(t, tt.inputTreeState, got.GitTreeState)
+		assert.Equal(t, runtime.Version(), got.GoVersion)
+		assert.Equal(t, runtime.Compiler, got.Compiler)
+		assert.Equal(t, runtime.GOOS+"/"+runtime.GOARCH, got.Platform)
+		assert.Equal(t, kubectlVersion, got.KubectlVersion)
+		assert.Equal(t, extraBuildInfo, got.ExtraBuildInfo)
+	}
+}

From fe8e893f6d3a27d972bd73ca091092af013e9e3b Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 8 Jul 2025 16:00:32 -0400
Subject: [PATCH 103/383] fix: autosync would not trigger for different sources
 (#23615) (#23655)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go      |   6 --
 controller/appcontroller_test.go | 111 ++++++++++++++++++++-----------
 2 files changed, 73 insertions(+), 44 deletions(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index cb3d3b8e4bc5c..456982bbfb823 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -2114,12 +2114,6 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 	}
 
 	selfHeal := app.Spec.SyncPolicy.Automated.SelfHeal
-	// Multi-Source Apps with selfHeal disabled should not trigger an autosync if
-	// the last sync revision and the new sync revision is the same.
-	if app.Spec.HasMultipleSources() && !selfHeal && reflect.DeepEqual(app.Status.Sync.Revisions, syncStatus.Revisions) {
-		logCtx.Infof("Skipping auto-sync: selfHeal disabled and sync caused by object update")
-		return nil, 0
-	}
 
 	desiredCommitSHA := syncStatus.Revision
 	desiredCommitSHAsMS := syncStatus.Revisions
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index 35bb2e11368e5..cb03d3198b035 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -348,10 +348,13 @@ status:
       - cccccccccccccccccccccccccccccccccccccccc
       sources:
       - path: some/path
+        helm:
+          valueFiles:
+          - $values_test/values.yaml
         repoURL: https://github.com/argoproj/argocd-example-apps.git
       - path: some/other/path
         repoURL: https://github.com/argoproj/argocd-example-apps-fake.git
-      - path: some/other/path
+      - ref: values_test
         repoURL: https://github.com/argoproj/argocd-example-apps-fake-ref.git
 `
 
@@ -625,13 +628,13 @@ func TestAutoSyncEnabledSetToTrue(t *testing.T) {
 	assert.False(t, app.Operation.Sync.Prune)
 }
 
-func TestMultiSourceSelfHeal(t *testing.T) {
+func TestAutoSyncMultiSourceWithoutSelfHeal(t *testing.T) {
 	// Simulate OutOfSync caused by object change in cluster
 	// So our Sync Revisions and SyncStatus Revisions should deep equal
 	t.Run("ClusterObjectChangeShouldNotTriggerAutoSync", func(t *testing.T) {
 		app := newFakeMultiSourceApp()
 		app.Spec.SyncPolicy.Automated.SelfHeal = false
-		app.Status.Sync.Revisions = []string{"z", "x", "v"}
+		app.Status.OperationState.SyncResult.Revisions = []string{"z", "x", "v"}
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
 		syncStatus := v1alpha1.SyncStatus{
 			Status:    v1alpha1.SyncStatusCodeOutOfSync,
@@ -643,15 +646,14 @@ func TestMultiSourceSelfHeal(t *testing.T) {
 		require.NoError(t, err)
 		assert.Nil(t, app.Operation)
 	})
-
 	t.Run("NewRevisionChangeShouldTriggerAutoSync", func(t *testing.T) {
 		app := newFakeMultiSourceApp()
 		app.Spec.SyncPolicy.Automated.SelfHeal = false
-		app.Status.Sync.Revisions = []string{"a", "b", "c"}
+		app.Status.OperationState.SyncResult.Revisions = []string{"z", "x", "v"}
 		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
 		syncStatus := v1alpha1.SyncStatus{
 			Status:    v1alpha1.SyncStatusCodeOutOfSync,
-			Revisions: []string{"z", "x", "v"},
+			Revisions: []string{"a", "b", "c"},
 		}
 		cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook-1", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true)
 		assert.Nil(t, cond)
@@ -872,45 +874,78 @@ func TestAutoSyncIndicateError(t *testing.T) {
 
 // TestAutoSyncParameterOverrides verifies we auto-sync if revision is same but parameter overrides are different
 func TestAutoSyncParameterOverrides(t *testing.T) {
-	app := newFakeApp()
-	app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{
-		Parameters: []v1alpha1.HelmParameter{
-			{
-				Name:  "a",
-				Value: "1",
+	t.Run("Single source", func(t *testing.T) {
+		app := newFakeApp()
+		app.Spec.Source.Helm = &v1alpha1.ApplicationSourceHelm{
+			Parameters: []v1alpha1.HelmParameter{
+				{
+					Name:  "a",
+					Value: "1",
+				},
 			},
-		},
-	}
-	ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
-	syncStatus := v1alpha1.SyncStatus{
-		Status:   v1alpha1.SyncStatusCodeOutOfSync,
-		Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-	}
-	app.Status.OperationState = &v1alpha1.OperationState{
-		Operation: v1alpha1.Operation{
-			Sync: &v1alpha1.SyncOperation{
-				Source: &v1alpha1.ApplicationSource{
-					Helm: &v1alpha1.ApplicationSourceHelm{
-						Parameters: []v1alpha1.HelmParameter{
-							{
-								Name:  "a",
-								Value: "2", // this value changed
+		}
+		app.Status.OperationState = &v1alpha1.OperationState{
+			Operation: v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Source: &v1alpha1.ApplicationSource{
+						Helm: &v1alpha1.ApplicationSourceHelm{
+							Parameters: []v1alpha1.HelmParameter{
+								{
+									Name:  "a",
+									Value: "2", // this value changed
+								},
 							},
 						},
 					},
 				},
 			},
-		},
-		Phase: synccommon.OperationFailed,
-		SyncResult: &v1alpha1.SyncOperationResult{
+			Phase: synccommon.OperationFailed,
+			SyncResult: &v1alpha1.SyncOperationResult{
+				Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+			},
+		}
+		syncStatus := v1alpha1.SyncStatus{
+			Status:   v1alpha1.SyncStatusCodeOutOfSync,
 			Revision: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-		},
-	}
-	cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true)
-	assert.Nil(t, cond)
-	app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(t.Context(), "my-app", metav1.GetOptions{})
-	require.NoError(t, err)
-	assert.NotNil(t, app.Operation)
+		}
+		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
+		cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true)
+		assert.Nil(t, cond)
+		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(t.Context(), "my-app", metav1.GetOptions{})
+		require.NoError(t, err)
+		assert.NotNil(t, app.Operation)
+	})
+
+	t.Run("Multi sources", func(t *testing.T) {
+		app := newFakeMultiSourceApp()
+		app.Spec.Sources[0].Helm = &v1alpha1.ApplicationSourceHelm{
+			Parameters: []v1alpha1.HelmParameter{
+				{
+					Name:  "a",
+					Value: "1",
+				},
+			},
+		}
+		ctrl := newFakeController(&fakeData{apps: []runtime.Object{app}}, nil)
+		app.Status.OperationState.SyncResult.Revisions = []string{"z", "x", "v"}
+		app.Status.OperationState.SyncResult.Sources[0].Helm = &v1alpha1.ApplicationSourceHelm{
+			Parameters: []v1alpha1.HelmParameter{
+				{
+					Name:  "a",
+					Value: "2", // this value changed
+				},
+			},
+		}
+		syncStatus := v1alpha1.SyncStatus{
+			Status:    v1alpha1.SyncStatusCodeOutOfSync,
+			Revisions: []string{"z", "x", "v"},
+		}
+		cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}, true)
+		assert.Nil(t, cond)
+		app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(t.Context(), "my-app", metav1.GetOptions{})
+		require.NoError(t, err)
+		assert.NotNil(t, app.Operation)
+	})
 }
 
 // TestFinalizeAppDeletion verifies application deletion

From 21a214fa3aac38d3a7a86e656401212f57999d8d Mon Sep 17 00:00:00 2001
From: Atif Ali <56743004+aali309@users.noreply.github.com>
Date: Tue, 8 Jul 2025 23:34:17 -0400
Subject: [PATCH 104/383] fix(e2e-tests): ArgoCD E2E test logs print auth-token
 (#23696)

Signed-off-by: Atif Ali <atali@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/e2e/fixture/cmd.go     | 11 +++++++++++
 test/e2e/fixture/fixture.go | 13 ++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/test/e2e/fixture/cmd.go b/test/e2e/fixture/cmd.go
index 1d2e62d45ae41..579691b1f2d0b 100644
--- a/test/e2e/fixture/cmd.go
+++ b/test/e2e/fixture/cmd.go
@@ -22,3 +22,14 @@ func RunWithStdin(stdin, workDir, name string, args ...string) (string, error) {
 
 	return argoexec.RunCommandExt(cmd, argoexec.CmdOpts{})
 }
+
+func RunWithStdinWithRedactor(stdin, workDir, name string, redactor func(string) string, args ...string) (string, error) {
+	cmd := exec.Command(name, args...)
+	if stdin != "" {
+		cmd.Stdin = strings.NewReader(stdin)
+	}
+	cmd.Env = os.Environ()
+	cmd.Dir = workDir
+
+	return argoexec.RunCommandExt(cmd, argoexec.CmdOpts{Redactor: redactor})
+}
diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go
index 296b45ca646e7..e9bfd86945de3 100644
--- a/test/e2e/fixture/fixture.go
+++ b/test/e2e/fixture/fixture.go
@@ -1045,7 +1045,18 @@ func RunCliWithStdin(stdin string, isKubeConextOnlyCli bool, args ...string) (st
 
 	args = append(args, "--insecure")
 
-	return RunWithStdin(stdin, "", "../../dist/argocd", args...)
+	// Create a redactor that only redacts the auth token value
+	redactor := func(text string) string {
+		if token == "" {
+			return text
+		}
+		// Use a more precise approach to only redact the exact auth token
+		// Look for --auth-token followed by the exact token value
+		authTokenPattern := "--auth-token " + token
+		return strings.ReplaceAll(text, authTokenPattern, "--auth-token ******")
+	}
+
+	return RunWithStdinWithRedactor(stdin, "", "../../dist/argocd", redactor, args...)
 }
 
 // RunPluginCli executes an Argo CD CLI plugin with optional stdin input.

From cd6e854dc54ae7ae0f6dba6b767a86feaa85bfc7 Mon Sep 17 00:00:00 2001
From: olegt-codefresh <oleg.turbovsky@codefresh.io>
Date: Wed, 9 Jul 2025 15:30:06 +0300
Subject: [PATCH 105/383] chore: Convert ProjectsList and VersionPanel
 components to functional components (#23606)

Signed-off-by: olegt-codefresh <oleg.turbovsky@codefresh.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../projects-list/projects-list.tsx           | 195 +++++++++---------
 .../version-info/version-info-panel.tsx       | 116 +++++------
 2 files changed, 146 insertions(+), 165 deletions(-)

diff --git a/ui/src/app/settings/components/projects-list/projects-list.tsx b/ui/src/app/settings/components/projects-list/projects-list.tsx
index 761a942202f58..69b85189a1dac 100644
--- a/ui/src/app/settings/components/projects-list/projects-list.tsx
+++ b/ui/src/app/settings/components/projects-list/projects-list.tsx
@@ -1,115 +1,110 @@
 import {FormField, NotificationType, SlidingPanel} from 'argo-ui';
-import * as React from 'react';
+import React, {useRef, useContext} from 'react';
 import {Form, FormApi, Text} from 'react-form';
 
 import {DataLoader, EmptyState, ErrorNotification, Page, Query} from '../../../shared/components';
-import {Consumer} from '../../../shared/context';
+import {Context} from '../../../shared/context';
 import {Project} from '../../../shared/models';
 import {services} from '../../../shared/services';
 
-export class ProjectsList extends React.Component {
-    private formApi: FormApi;
+export function ProjectsList() {
+    const formApiRef = useRef<FormApi | null>(null);
+    const ctx = useContext(Context);
 
-    public render() {
-        return (
-            <Consumer>
-                {ctx => (
-                    <Page
-                        title='Projects'
-                        toolbar={{
-                            breadcrumbs: [{title: 'Settings', path: '/settings'}, {title: 'Projects'}],
-                            actionMenu: {
-                                className: 'fa fa-plus',
-                                items: [{title: 'New Project', iconClassName: 'fa fa-plus', action: () => ctx.navigation.goto('.', {add: true}, {replace: true})}]
-                            }
-                        }}>
-                        <div className='projects argo-container'>
-                            <DataLoader load={() => services.projects.list()}>
-                                {projects =>
-                                    (projects.length > 0 && (
-                                        <div className='argo-table-list argo-table-list--clickable'>
-                                            <div className='argo-table-list__head'>
-                                                <div className='row'>
-                                                    <div className='columns small-3'>NAME</div>
-                                                    <div className='columns small-6'>DESCRIPTION</div>
-                                                </div>
+    return (
+        <Page
+            title='Projects'
+            toolbar={{
+                breadcrumbs: [{title: 'Settings', path: '/settings'}, {title: 'Projects'}],
+                actionMenu: {
+                    className: 'fa fa-plus',
+                    items: [{title: 'New Project', iconClassName: 'fa fa-plus', action: () => ctx.navigation.goto('.', {add: true}, {replace: true})}]
+                }
+            }}>
+            <div className='projects argo-container'>
+                <DataLoader load={() => services.projects.list()}>
+                    {projects =>
+                        (projects.length > 0 && (
+                            <div className='argo-table-list argo-table-list--clickable'>
+                                <div className='argo-table-list__head'>
+                                    <div className='row'>
+                                        <div className='columns small-3'>NAME</div>
+                                        <div className='columns small-6'>DESCRIPTION</div>
+                                    </div>
+                                </div>
+                                {projects.map(proj => (
+                                    <div className='argo-table-list__row' key={proj.metadata.name} onClick={() => ctx.navigation.goto(`./${proj.metadata.name}`)}>
+                                        <div className='row'>
+                                            <div className='columns small-3'>
+                                                <i className='fa fa-object-group' /> {proj.metadata.name}
                                             </div>
-                                            {projects.map(proj => (
-                                                <div className='argo-table-list__row' key={proj.metadata.name} onClick={() => ctx.navigation.goto(`./${proj.metadata.name}`)}>
-                                                    <div className='row'>
-                                                        <div className='columns small-3'>
-                                                            <i className='fa fa-object-group' /> {proj.metadata.name}
-                                                        </div>
-                                                        <div className='columns small-6'>{proj.spec.description}</div>
-                                                    </div>
-                                                </div>
-                                            ))}
+                                            <div className='columns small-6'>{proj.spec.description}</div>
                                         </div>
-                                    )) || (
-                                        <EmptyState icon='fa fa-object-group'>
-                                            <h4>No projects yet</h4>
-                                            <h5>Create new projects to group your applications</h5>
-                                            <button className='argo-button argo-button--base' onClick={() => ctx.navigation.goto('.', {add: true}, {replace: true})}>
-                                                New project
-                                            </button>
-                                        </EmptyState>
-                                    )
+                                    </div>
+                                ))}
+                            </div>
+                        )) || (
+                            <EmptyState icon='fa fa-object-group'>
+                                <h4>No projects yet</h4>
+                                <h5>Create new projects to group your applications</h5>
+                                <button className='argo-button argo-button--base' onClick={() => ctx.navigation.goto('.', {add: true}, {replace: true})}>
+                                    New project
+                                </button>
+                            </EmptyState>
+                        )
+                    }
+                </DataLoader>
+            </div>
+            <Query>
+                {params => (
+                    <SlidingPanel
+                        isShown={params.get('add') === 'true'}
+                        onClose={() => ctx.navigation.goto('.', {add: null}, {replace: true})}
+                        isMiddle={true}
+                        header={
+                            <div>
+                                <button onClick={() => formApiRef.current && formApiRef.current.submitForm(null)} className='argo-button argo-button--base'>
+                                    Create
+                                </button>{' '}
+                                <button onClick={() => ctx.navigation.goto('.', {add: null}, {replace: true})} className='argo-button argo-button--base-o'>
+                                    Cancel
+                                </button>
+                            </div>
+                        }>
+                        <Form
+                            defaultValues={{metadata: {}, spec: {}}}
+                            getApi={api => (formApiRef.current = api)}
+                            validateError={(p: Project) => ({
+                                'metadata.name': !p.metadata.name && 'Project Name is required'
+                            })}
+                            onSubmit={async (proj: Project) => {
+                                try {
+                                    await services.projects.create(proj);
+                                    ctx.navigation.goto(`./${proj.metadata.name}`, {add: null}, {replace: true});
+                                } catch (e) {
+                                    ctx.notifications.show({
+                                        content: <ErrorNotification title='Unable to create project' e={e} />,
+                                        type: NotificationType.Error
+                                    });
                                 }
-                            </DataLoader>
-                        </div>
-                        <Query>
-                            {params => (
-                                <SlidingPanel
-                                    isShown={params.get('add') === 'true'}
-                                    onClose={() => ctx.navigation.goto('.', {add: null}, {replace: true})}
-                                    isMiddle={true}
-                                    header={
-                                        <div>
-                                            <button onClick={() => this.formApi.submitForm(null)} className='argo-button argo-button--base'>
-                                                Create
-                                            </button>{' '}
-                                            <button onClick={() => ctx.navigation.goto('.', {add: null}, {replace: true})} className='argo-button argo-button--base-o'>
-                                                Cancel
-                                            </button>
+                            }}>
+                            {api => (
+                                <form onSubmit={api.submitForm} role='form' className='width-control'>
+                                    <div className='white-box'>
+                                        <p>GENERAL</p>
+                                        <div className='argo-form-row'>
+                                            <FormField formApi={api} label='Project Name' field='metadata.name' component={Text} />
                                         </div>
-                                    }>
-                                    <Form
-                                        defaultValues={{metadata: {}, spec: {}}}
-                                        getApi={api => (this.formApi = api)}
-                                        validateError={(p: Project) => ({
-                                            'metadata.name': !p.metadata.name && 'Project Name is required'
-                                        })}
-                                        onSubmit={async (proj: Project) => {
-                                            try {
-                                                await services.projects.create(proj);
-                                                ctx.navigation.goto(`./${proj.metadata.name}`, {add: null}, {replace: true});
-                                            } catch (e) {
-                                                ctx.notifications.show({
-                                                    content: <ErrorNotification title='Unable to create project' e={e} />,
-                                                    type: NotificationType.Error
-                                                });
-                                            }
-                                        }}>
-                                        {api => (
-                                            <form onSubmit={api.submitForm} role='form' className='width-control'>
-                                                <div className='white-box'>
-                                                    <p>GENERAL</p>
-                                                    <div className='argo-form-row'>
-                                                        <FormField formApi={api} label='Project Name' field='metadata.name' component={Text} />
-                                                    </div>
-                                                    <div className='argo-form-row'>
-                                                        <FormField formApi={api} label='Description' field='spec.description' component={Text} />
-                                                    </div>
-                                                </div>
-                                            </form>
-                                        )}
-                                    </Form>
-                                </SlidingPanel>
+                                        <div className='argo-form-row'>
+                                            <FormField formApi={api} label='Description' field='spec.description' component={Text} />
+                                        </div>
+                                    </div>
+                                </form>
                             )}
-                        </Query>
-                    </Page>
+                        </Form>
+                    </SlidingPanel>
                 )}
-            </Consumer>
-        );
-    }
+            </Query>
+        </Page>
+    );
 }
diff --git a/ui/src/app/shared/components/version-info/version-info-panel.tsx b/ui/src/app/shared/components/version-info/version-info-panel.tsx
index 15edf463aae73..3309d0a7e3b32 100644
--- a/ui/src/app/shared/components/version-info/version-info-panel.tsx
+++ b/ui/src/app/shared/components/version-info/version-info-panel.tsx
@@ -1,5 +1,5 @@
 import {DataLoader, SlidingPanel, Tooltip} from 'argo-ui';
-import * as React from 'react';
+import React, {useState} from 'react';
 import {VersionMessage} from '../../models';
 import {services} from '../../services';
 import {ThemeWrapper} from '../layout/layout';
@@ -12,41 +12,11 @@ interface VersionPanelProps {
 
 type CopyState = 'success' | 'failed' | undefined;
 
-export class VersionPanel extends React.Component<VersionPanelProps, {copyState: CopyState}> {
-    private readonly header = 'Argo CD Server Version';
+export function VersionPanel({isShown, onClose, version}: VersionPanelProps) {
+    const [copyState, setCopyState] = useState<CopyState>(undefined);
+    const header = 'Argo CD Server Version';
 
-    constructor(props: VersionPanelProps) {
-        super(props);
-        this.state = {copyState: undefined};
-    }
-
-    public render() {
-        return (
-            <DataLoader load={() => services.viewPreferences.getPreferences()}>
-                {pref => (
-                    <DataLoader load={() => this.props.version}>
-                        {version => {
-                            return (
-                                <ThemeWrapper theme={pref.theme}>
-                                    <SlidingPanel header={this.header} isShown={this.props.isShown} onClose={() => this.props.onClose()} hasCloseButton={true} isNarrow={true}>
-                                        <div className='argo-table-list'>{this.buildVersionTable(version)}</div>
-                                        <div>
-                                            <Tooltip content='Copy all version info as JSON'>{this.getCopyButton(version)}</Tooltip>
-                                        </div>
-                                    </SlidingPanel>
-                                </ThemeWrapper>
-                            );
-                        }}
-                    </DataLoader>
-                )}
-            </DataLoader>
-        );
-    }
-
-    /**
-     * Formats the version data and renders the table rows.
-     */
-    private buildVersionTable(version: VersionMessage): JSX.Element {
+    const buildVersionTable = (version: VersionMessage): JSX.Element => {
         const formattedVersion = {
             'Argo CD': version.Version,
             'Build Date': version.BuildDate,
@@ -60,36 +30,34 @@ export class VersionPanel extends React.Component<VersionPanelProps, {copyState:
         };
 
         return (
-            <React.Fragment>
-                {Object.entries(formattedVersion).map(([key, value]) => {
-                    return (
-                        <div className='argo-table-list__row' key={key}>
-                            <div className='row'>
-                                <div className='columns small-4' title={key}>
-                                    <strong>{key}</strong>
-                                </div>
-                                <div className='columns'>
-                                    {value && (
-                                        <Tooltip content={value}>
-                                            <span>{value}</span>
-                                        </Tooltip>
-                                    )}
-                                </div>
+            <>
+                {Object.entries(formattedVersion).map(([key, value]) => (
+                    <div className='argo-table-list__row' key={key}>
+                        <div className='row'>
+                            <div className='columns small-4' title={key}>
+                                <strong>{key}</strong>
+                            </div>
+                            <div className='columns'>
+                                {value && (
+                                    <Tooltip content={value}>
+                                        <span>{value}</span>
+                                    </Tooltip>
+                                )}
                             </div>
                         </div>
-                    );
-                })}
-            </React.Fragment>
+                    </div>
+                ))}
+            </>
         );
-    }
+    };
 
-    private getCopyButton(version: VersionMessage): JSX.Element {
+    const getCopyButton = (version: VersionMessage): JSX.Element => {
         let img: string;
         let text: string;
-        if (this.state.copyState === 'success') {
+        if (copyState === 'success') {
             img = 'fa-check';
             text = 'Copied';
-        } else if (this.state.copyState === 'failed') {
+        } else if (copyState === 'failed') {
             img = 'fa-times';
             text = 'Copy Failed';
         } else {
@@ -98,24 +66,42 @@ export class VersionPanel extends React.Component<VersionPanelProps, {copyState:
         }
 
         return (
-            <button className='argo-button argo-button--base' style={{marginTop: '1em', minWidth: '18ch'}} onClick={() => this.onCopy(version)}>
+            <button className='argo-button argo-button--base' style={{marginTop: '1em', minWidth: '18ch'}} onClick={() => onCopy(version)}>
                 <i className={'fa ' + img} />
                 &nbsp;&nbsp;{text}
             </button>
         );
-    }
+    };
 
-    private async onCopy(version: VersionMessage): Promise<void> {
+    const onCopy = async (version: VersionMessage): Promise<void> => {
         const stringifiedVersion = JSON.stringify(version, undefined, 4) + '\n';
         try {
             await navigator.clipboard.writeText(stringifiedVersion);
-            this.setState({copyState: 'success'});
+            setCopyState('success');
         } catch (err) {
-            this.setState({copyState: 'failed'});
+            setCopyState('failed');
         }
-
         setTimeout(() => {
-            this.setState({copyState: undefined});
+            setCopyState(undefined);
         }, 750);
-    }
+    };
+
+    return (
+        <DataLoader load={() => services.viewPreferences.getPreferences()}>
+            {pref => (
+                <DataLoader load={() => version}>
+                    {version => (
+                        <ThemeWrapper theme={pref.theme}>
+                            <SlidingPanel header={header} isShown={isShown} onClose={onClose} hasCloseButton={true} isNarrow={true}>
+                                <div className='argo-table-list'>{buildVersionTable(version)}</div>
+                                <div>
+                                    <Tooltip content='Copy all version info as JSON'>{getCopyButton(version)}</Tooltip>
+                                </div>
+                            </SlidingPanel>
+                        </ThemeWrapper>
+                    )}
+                </DataLoader>
+            )}
+        </DataLoader>
+    );
 }

From d32093fd967d1233946fd502d41c7ffe7944db73 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 9 Jul 2025 10:41:28 -0400
Subject: [PATCH 106/383] fix(server): make parameterized resource actions
 backwards-compatible (#23695)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 assets/swagger.json                           |   81 +-
 cmd/argocd/commands/app_actions.go            |   29 +-
 cmd/argocd/commands/app_test.go               |    5 +
 docs/operator-manual/upgrading/3.0-3.1.md     |   22 +
 pkg/apiclient/application/application.pb.go   | 1227 +++++++++++++----
 .../application/application.pb.gw.go          |  139 +-
 server/application/application.go             |   25 +
 server/application/application.proto          |   29 +-
 server/application/application_test.go        |   16 +-
 test/e2e/app_management_ns_test.go            |    4 +-
 test/e2e/app_management_test.go               |    8 +-
 .../shared/services/applications-service.ts   |    2 +-
 12 files changed, 1288 insertions(+), 299 deletions(-)

diff --git a/assets/swagger.json b/assets/swagger.json
index e63eaa24c3456..0f5bdcd069434 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -1473,10 +1473,11 @@
         }
       },
       "post": {
+        "description": "Deprecated: use RunResourceActionV2 instead. This version does not support resource action parameters but is\nmaintained for backward compatibility. It will be removed in a future release.",
         "tags": [
           "ApplicationService"
         ],
-        "summary": "RunResourceAction run resource action",
+        "summary": "RunResourceAction runs a resource action",
         "operationId": "ApplicationService_RunResourceAction",
         "parameters": [
           {
@@ -1490,7 +1491,81 @@
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/applicationResourceActionRunRequest"
+              "type": "string"
+            }
+          },
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "resourceName",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "version",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "group",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "kind",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "appNamespace",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "project",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/applicationApplicationResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/runtimeError"
+            }
+          }
+        }
+      }
+    },
+    "/api/v1/applications/{name}/resource/actions/v2": {
+      "post": {
+        "tags": [
+          "ApplicationService"
+        ],
+        "summary": "RunResourceActionV2 runs a resource action with parameters",
+        "operationId": "ApplicationService_RunResourceActionV2",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "name",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/applicationResourceActionRunRequestV2"
             }
           }
         ],
@@ -5127,7 +5202,7 @@
         }
       }
     },
-    "applicationResourceActionRunRequest": {
+    "applicationResourceActionRunRequestV2": {
       "type": "object",
       "properties": {
         "action": {
diff --git a/cmd/argocd/commands/app_actions.go b/cmd/argocd/commands/app_actions.go
index b863c1fd73042..7551d2f783916 100644
--- a/cmd/argocd/commands/app_actions.go
+++ b/cmd/argocd/commands/app_actions.go
@@ -8,23 +8,23 @@ import (
 	"strconv"
 	"text/tabwriter"
 
-	"github.com/argoproj/argo-cd/v3/util/templates"
-
-	"github.com/argoproj/argo-cd/v3/cmd/util"
-
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"google.golang.org/grpc/codes"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/yaml"
 
 	"github.com/argoproj/argo-cd/v3/cmd/argocd/commands/headless"
+	"github.com/argoproj/argo-cd/v3/cmd/util"
 	argocdclient "github.com/argoproj/argo-cd/v3/pkg/apiclient"
 	applicationpkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/application"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/util/argo"
 	"github.com/argoproj/argo-cd/v3/util/errors"
+	"github.com/argoproj/argo-cd/v3/util/grpc"
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
+	"github.com/argoproj/argo-cd/v3/util/templates"
 )
 
 type DisplayedAction struct {
@@ -192,7 +192,26 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti
 			obj := filteredObjects[i]
 			gvk := obj.GroupVersionKind()
 			objResourceName := obj.GetName()
-			_, err := appIf.RunResourceAction(ctx, &applicationpkg.ResourceActionRunRequest{
+			_, err := appIf.RunResourceActionV2(ctx, &applicationpkg.ResourceActionRunRequestV2{
+				Name:         &appName,
+				AppNamespace: &appNs,
+				Namespace:    ptr.To(obj.GetNamespace()),
+				ResourceName: ptr.To(objResourceName),
+				Group:        ptr.To(gvk.Group),
+				Kind:         ptr.To(gvk.Kind),
+				Version:      ptr.To(gvk.GroupVersion().Version),
+				Action:       ptr.To(actionName),
+				// TODO: add support for parameters
+			})
+			if err == nil {
+				continue
+			}
+			if grpc.UnwrapGRPCStatus(err).Code() != codes.Unimplemented {
+				errors.CheckError(err)
+			}
+			fmt.Println("RunResourceActionV2 is not supported by the server, falling back to RunResourceAction.")
+			//nolint:staticcheck // RunResourceAction is deprecated, but we still need to support it for backward compatibility.
+			_, err = appIf.RunResourceAction(ctx, &applicationpkg.ResourceActionRunRequest{
 				Name:         &appName,
 				AppNamespace: &appNs,
 				Namespace:    ptr.To(obj.GetNamespace()),
diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go
index b8ba312fba90c..459e2a6cdaab0 100644
--- a/cmd/argocd/commands/app_test.go
+++ b/cmd/argocd/commands/app_test.go
@@ -2228,10 +2228,15 @@ func (c *fakeAppServiceClient) ListResourceActions(_ context.Context, _ *applica
 	return nil, nil
 }
 
+// nolint:staticcheck // ResourceActionRunRequest is deprecated, but we still need to implement it to satisfy the server interface.
 func (c *fakeAppServiceClient) RunResourceAction(_ context.Context, _ *applicationpkg.ResourceActionRunRequest, _ ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) {
 	return nil, nil
 }
 
+func (c *fakeAppServiceClient) RunResourceActionV2(_ context.Context, _ *applicationpkg.ResourceActionRunRequestV2, _ ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) {
+	return nil, nil
+}
+
 func (c *fakeAppServiceClient) DeleteResource(_ context.Context, _ *applicationpkg.ApplicationResourceDeleteRequest, _ ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) {
 	return nil, nil
 }
diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index 34b85a430969b..f53c3ae22e646 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -20,6 +20,28 @@ The `--staticassets` directory in the API server (`/app/shared` by default) is n
 symlinks. This is to help protect against symlink attacks. If you have any symlinks in your `--staticassets` directory
 to a location outside the directory, they will return a 500 error starting with 3.1.
 
+## v1 Actions API Deprecated
+
+The `/api/v1/applications/{name}/resource/actions` endpoint is deprecated in favor of `/api/v1/applications/{name}/resource/actions/v2`.
+
+This endpoint allows API users to run a custom resource action on a specific resource in an application.
+
+The old endpoint accepted various parameters as query parameters. The POST body was the action name.
+
+The new endpoint accepts all parameters as part of the POST body as a JSON object. The new endpoint also supports a new
+`resourceActionParameters` field to parameterize action runs.
+
+The old endpoint will be removed in a future release, so users should migrate to the new endpoint as soon as possible.
+API clients will just need to change the endpoint URL and switch query string parameters to a JSON body.
+
+If the old endpoint is used, the API will log a warning message:
+
+> RunResourceAction was called. RunResourceAction is deprecated and will be removed in a future release. Use RunResourceActionV2 instead.
+
+The CLI will fall back to the old endpoint if the new one is not available. If it falls back, it will log a warning message:
+
+> RunResourceActionV2 is not supported by the server, falling back to RunResourceAction.
+
 ## OpenID Connect authorization code flow with PKCE is now handled by the server instead of the UI
 
 Previously, when PKCE was enabled, the authorization code flow (the process which happens when you log in to Argo CD using OpenID Connect) was handled by the UI, whereas this flow was handled by the server if PKCE was not enabled. The server now always handles this flow, PKCE being enabled or not.
diff --git a/pkg/apiclient/application/application.pb.go b/pkg/apiclient/application/application.pb.go
index 61bceaedcbea1..76b7859f2f0b0 100644
--- a/pkg/apiclient/application/application.pb.go
+++ b/pkg/apiclient/application/application.pb.go
@@ -1772,20 +1772,23 @@ func (m *ResourceActionParameters) GetValue() string {
 	return ""
 }
 
+// ResourceActionRunRequest is a request to run a resource action.
+// This message is deprecated and replaced by ResourceActionRunRequestV2.
+//
+// Deprecated: Do not use.
 type ResourceActionRunRequest struct {
-	Name                     *string                     `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
-	Namespace                *string                     `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"`
-	ResourceName             *string                     `protobuf:"bytes,3,req,name=resourceName" json:"resourceName,omitempty"`
-	Version                  *string                     `protobuf:"bytes,4,req,name=version" json:"version,omitempty"`
-	Group                    *string                     `protobuf:"bytes,5,opt,name=group" json:"group,omitempty"`
-	Kind                     *string                     `protobuf:"bytes,6,req,name=kind" json:"kind,omitempty"`
-	Action                   *string                     `protobuf:"bytes,7,req,name=action" json:"action,omitempty"`
-	AppNamespace             *string                     `protobuf:"bytes,8,opt,name=appNamespace" json:"appNamespace,omitempty"`
-	Project                  *string                     `protobuf:"bytes,9,opt,name=project" json:"project,omitempty"`
-	ResourceActionParameters []*ResourceActionParameters `protobuf:"bytes,10,rep,name=resourceActionParameters" json:"resourceActionParameters,omitempty"`
-	XXX_NoUnkeyedLiteral     struct{}                    `json:"-"`
-	XXX_unrecognized         []byte                      `json:"-"`
-	XXX_sizecache            int32                       `json:"-"`
+	Name                 *string  `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
+	Namespace            *string  `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"`
+	ResourceName         *string  `protobuf:"bytes,3,req,name=resourceName" json:"resourceName,omitempty"`
+	Version              *string  `protobuf:"bytes,4,req,name=version" json:"version,omitempty"`
+	Group                *string  `protobuf:"bytes,5,opt,name=group" json:"group,omitempty"`
+	Kind                 *string  `protobuf:"bytes,6,req,name=kind" json:"kind,omitempty"`
+	Action               *string  `protobuf:"bytes,7,req,name=action" json:"action,omitempty"`
+	AppNamespace         *string  `protobuf:"bytes,8,opt,name=appNamespace" json:"appNamespace,omitempty"`
+	Project              *string  `protobuf:"bytes,9,opt,name=project" json:"project,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }
 
 func (m *ResourceActionRunRequest) Reset()         { *m = ResourceActionRunRequest{} }
@@ -1884,7 +1887,119 @@ func (m *ResourceActionRunRequest) GetProject() string {
 	return ""
 }
 
-func (m *ResourceActionRunRequest) GetResourceActionParameters() []*ResourceActionParameters {
+type ResourceActionRunRequestV2 struct {
+	Name                     *string                     `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
+	Namespace                *string                     `protobuf:"bytes,2,opt,name=namespace" json:"namespace,omitempty"`
+	ResourceName             *string                     `protobuf:"bytes,3,req,name=resourceName" json:"resourceName,omitempty"`
+	Version                  *string                     `protobuf:"bytes,4,req,name=version" json:"version,omitempty"`
+	Group                    *string                     `protobuf:"bytes,5,opt,name=group" json:"group,omitempty"`
+	Kind                     *string                     `protobuf:"bytes,6,req,name=kind" json:"kind,omitempty"`
+	Action                   *string                     `protobuf:"bytes,7,req,name=action" json:"action,omitempty"`
+	AppNamespace             *string                     `protobuf:"bytes,8,opt,name=appNamespace" json:"appNamespace,omitempty"`
+	Project                  *string                     `protobuf:"bytes,9,opt,name=project" json:"project,omitempty"`
+	ResourceActionParameters []*ResourceActionParameters `protobuf:"bytes,10,rep,name=resourceActionParameters" json:"resourceActionParameters,omitempty"`
+	XXX_NoUnkeyedLiteral     struct{}                    `json:"-"`
+	XXX_unrecognized         []byte                      `json:"-"`
+	XXX_sizecache            int32                       `json:"-"`
+}
+
+func (m *ResourceActionRunRequestV2) Reset()         { *m = ResourceActionRunRequestV2{} }
+func (m *ResourceActionRunRequestV2) String() string { return proto.CompactTextString(m) }
+func (*ResourceActionRunRequestV2) ProtoMessage()    {}
+func (*ResourceActionRunRequestV2) Descriptor() ([]byte, []int) {
+	return fileDescriptor_df6e82b174b5eaec, []int{22}
+}
+func (m *ResourceActionRunRequestV2) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ResourceActionRunRequestV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ResourceActionRunRequestV2.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ResourceActionRunRequestV2) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ResourceActionRunRequestV2.Merge(m, src)
+}
+func (m *ResourceActionRunRequestV2) XXX_Size() int {
+	return m.Size()
+}
+func (m *ResourceActionRunRequestV2) XXX_DiscardUnknown() {
+	xxx_messageInfo_ResourceActionRunRequestV2.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ResourceActionRunRequestV2 proto.InternalMessageInfo
+
+func (m *ResourceActionRunRequestV2) GetName() string {
+	if m != nil && m.Name != nil {
+		return *m.Name
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetNamespace() string {
+	if m != nil && m.Namespace != nil {
+		return *m.Namespace
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetResourceName() string {
+	if m != nil && m.ResourceName != nil {
+		return *m.ResourceName
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetVersion() string {
+	if m != nil && m.Version != nil {
+		return *m.Version
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetGroup() string {
+	if m != nil && m.Group != nil {
+		return *m.Group
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetKind() string {
+	if m != nil && m.Kind != nil {
+		return *m.Kind
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetAction() string {
+	if m != nil && m.Action != nil {
+		return *m.Action
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetAppNamespace() string {
+	if m != nil && m.AppNamespace != nil {
+		return *m.AppNamespace
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetProject() string {
+	if m != nil && m.Project != nil {
+		return *m.Project
+	}
+	return ""
+}
+
+func (m *ResourceActionRunRequestV2) GetResourceActionParameters() []*ResourceActionParameters {
 	if m != nil {
 		return m.ResourceActionParameters
 	}
@@ -1902,7 +2017,7 @@ func (m *ResourceActionsListResponse) Reset()         { *m = ResourceActionsList
 func (m *ResourceActionsListResponse) String() string { return proto.CompactTextString(m) }
 func (*ResourceActionsListResponse) ProtoMessage()    {}
 func (*ResourceActionsListResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{22}
+	return fileDescriptor_df6e82b174b5eaec, []int{23}
 }
 func (m *ResourceActionsListResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1949,7 +2064,7 @@ func (m *ApplicationResourceResponse) Reset()         { *m = ApplicationResource
 func (m *ApplicationResourceResponse) String() string { return proto.CompactTextString(m) }
 func (*ApplicationResourceResponse) ProtoMessage()    {}
 func (*ApplicationResourceResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{23}
+	return fileDescriptor_df6e82b174b5eaec, []int{24}
 }
 func (m *ApplicationResourceResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2012,7 +2127,7 @@ func (m *ApplicationPodLogsQuery) Reset()         { *m = ApplicationPodLogsQuery
 func (m *ApplicationPodLogsQuery) String() string { return proto.CompactTextString(m) }
 func (*ApplicationPodLogsQuery) ProtoMessage()    {}
 func (*ApplicationPodLogsQuery) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{24}
+	return fileDescriptor_df6e82b174b5eaec, []int{25}
 }
 func (m *ApplicationPodLogsQuery) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2176,7 +2291,7 @@ func (m *LogEntry) Reset()         { *m = LogEntry{} }
 func (m *LogEntry) String() string { return proto.CompactTextString(m) }
 func (*LogEntry) ProtoMessage()    {}
 func (*LogEntry) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{25}
+	return fileDescriptor_df6e82b174b5eaec, []int{26}
 }
 func (m *LogEntry) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2253,7 +2368,7 @@ func (m *OperationTerminateRequest) Reset()         { *m = OperationTerminateReq
 func (m *OperationTerminateRequest) String() string { return proto.CompactTextString(m) }
 func (*OperationTerminateRequest) ProtoMessage()    {}
 func (*OperationTerminateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{26}
+	return fileDescriptor_df6e82b174b5eaec, []int{27}
 }
 func (m *OperationTerminateRequest) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2316,7 +2431,7 @@ func (m *ApplicationSyncWindowsQuery) Reset()         { *m = ApplicationSyncWind
 func (m *ApplicationSyncWindowsQuery) String() string { return proto.CompactTextString(m) }
 func (*ApplicationSyncWindowsQuery) ProtoMessage()    {}
 func (*ApplicationSyncWindowsQuery) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{27}
+	return fileDescriptor_df6e82b174b5eaec, []int{28}
 }
 func (m *ApplicationSyncWindowsQuery) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2379,7 +2494,7 @@ func (m *ApplicationSyncWindowsResponse) Reset()         { *m = ApplicationSyncW
 func (m *ApplicationSyncWindowsResponse) String() string { return proto.CompactTextString(m) }
 func (*ApplicationSyncWindowsResponse) ProtoMessage()    {}
 func (*ApplicationSyncWindowsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{28}
+	return fileDescriptor_df6e82b174b5eaec, []int{29}
 }
 func (m *ApplicationSyncWindowsResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2443,7 +2558,7 @@ func (m *ApplicationSyncWindow) Reset()         { *m = ApplicationSyncWindow{} }
 func (m *ApplicationSyncWindow) String() string { return proto.CompactTextString(m) }
 func (*ApplicationSyncWindow) ProtoMessage()    {}
 func (*ApplicationSyncWindow) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{29}
+	return fileDescriptor_df6e82b174b5eaec, []int{30}
 }
 func (m *ApplicationSyncWindow) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2510,7 +2625,7 @@ func (m *OperationTerminateResponse) Reset()         { *m = OperationTerminateRe
 func (m *OperationTerminateResponse) String() string { return proto.CompactTextString(m) }
 func (*OperationTerminateResponse) ProtoMessage()    {}
 func (*OperationTerminateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{30}
+	return fileDescriptor_df6e82b174b5eaec, []int{31}
 }
 func (m *OperationTerminateResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2557,7 +2672,7 @@ func (m *ResourcesQuery) Reset()         { *m = ResourcesQuery{} }
 func (m *ResourcesQuery) String() string { return proto.CompactTextString(m) }
 func (*ResourcesQuery) ProtoMessage()    {}
 func (*ResourcesQuery) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{31}
+	return fileDescriptor_df6e82b174b5eaec, []int{32}
 }
 func (m *ResourcesQuery) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2653,7 +2768,7 @@ func (m *ManagedResourcesResponse) Reset()         { *m = ManagedResourcesRespon
 func (m *ManagedResourcesResponse) String() string { return proto.CompactTextString(m) }
 func (*ManagedResourcesResponse) ProtoMessage()    {}
 func (*ManagedResourcesResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{32}
+	return fileDescriptor_df6e82b174b5eaec, []int{33}
 }
 func (m *ManagedResourcesResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2703,7 +2818,7 @@ func (m *LinkInfo) Reset()         { *m = LinkInfo{} }
 func (m *LinkInfo) String() string { return proto.CompactTextString(m) }
 func (*LinkInfo) ProtoMessage()    {}
 func (*LinkInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{33}
+	return fileDescriptor_df6e82b174b5eaec, []int{34}
 }
 func (m *LinkInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2771,7 +2886,7 @@ func (m *LinksResponse) Reset()         { *m = LinksResponse{} }
 func (m *LinksResponse) String() string { return proto.CompactTextString(m) }
 func (*LinksResponse) ProtoMessage()    {}
 func (*LinksResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{34}
+	return fileDescriptor_df6e82b174b5eaec, []int{35}
 }
 func (m *LinksResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2820,7 +2935,7 @@ func (m *ListAppLinksRequest) Reset()         { *m = ListAppLinksRequest{} }
 func (m *ListAppLinksRequest) String() string { return proto.CompactTextString(m) }
 func (*ListAppLinksRequest) ProtoMessage()    {}
 func (*ListAppLinksRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{35}
+	return fileDescriptor_df6e82b174b5eaec, []int{36}
 }
 func (m *ListAppLinksRequest) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2893,6 +3008,7 @@ func init() {
 	proto.RegisterType((*ApplicationResourceDeleteRequest)(nil), "application.ApplicationResourceDeleteRequest")
 	proto.RegisterType((*ResourceActionParameters)(nil), "application.ResourceActionParameters")
 	proto.RegisterType((*ResourceActionRunRequest)(nil), "application.ResourceActionRunRequest")
+	proto.RegisterType((*ResourceActionRunRequestV2)(nil), "application.ResourceActionRunRequestV2")
 	proto.RegisterType((*ResourceActionsListResponse)(nil), "application.ResourceActionsListResponse")
 	proto.RegisterType((*ApplicationResourceResponse)(nil), "application.ApplicationResourceResponse")
 	proto.RegisterType((*ApplicationPodLogsQuery)(nil), "application.ApplicationPodLogsQuery")
@@ -2914,185 +3030,188 @@ func init() {
 }
 
 var fileDescriptor_df6e82b174b5eaec = []byte{
-	// 2833 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0x4f, 0x8f, 0x1c, 0x47,
-	0x15, 0xa7, 0x66, 0x76, 0x76, 0x67, 0xdf, 0x78, 0xbd, 0x76, 0xc5, 0x5e, 0x3a, 0xe3, 0x8d, 0x99,
-	0xb4, 0xbd, 0xf1, 0x64, 0xed, 0x9d, 0xb1, 0x37, 0x01, 0x92, 0x4d, 0x02, 0x38, 0x6b, 0xc7, 0x59,
-	0x58, 0x3b, 0xa6, 0xd7, 0xc1, 0x28, 0x1c, 0xa0, 0xd2, 0x5d, 0x3b, 0xd3, 0x6c, 0x4f, 0x77, 0xbb,
-	0xbb, 0x67, 0xc2, 0x2a, 0xe4, 0x12, 0xc4, 0x2d, 0x02, 0x01, 0x41, 0xe2, 0x80, 0x02, 0x4a, 0x14,
-	0x09, 0x21, 0x10, 0x17, 0x84, 0x90, 0x10, 0x12, 0x1c, 0x82, 0xe0, 0x80, 0x14, 0xc1, 0x17, 0x40,
-	0x11, 0xe2, 0x06, 0x5c, 0x72, 0x46, 0xa8, 0xaa, 0xab, 0xba, 0xab, 0xe7, 0x4f, 0xcf, 0x2c, 0x33,
-	0x28, 0xb9, 0xf5, 0xab, 0xa9, 0x7a, 0xef, 0xf7, 0x5e, 0xbd, 0x7a, 0xef, 0xd5, 0xab, 0x81, 0xf3,
-	0x21, 0x0d, 0x7a, 0x34, 0x68, 0x12, 0xdf, 0x77, 0x6c, 0x93, 0x44, 0xb6, 0xe7, 0xaa, 0xdf, 0x0d,
-	0x3f, 0xf0, 0x22, 0x0f, 0x57, 0x94, 0xa1, 0xea, 0x6a, 0xcb, 0xf3, 0x5a, 0x0e, 0x6d, 0x12, 0xdf,
-	0x6e, 0x12, 0xd7, 0xf5, 0x22, 0x3e, 0x1c, 0xc6, 0x53, 0xab, 0xfa, 0xc1, 0x63, 0x61, 0xc3, 0xf6,
-	0xf8, 0xaf, 0xa6, 0x17, 0xd0, 0x66, 0xef, 0x4a, 0xb3, 0x45, 0x5d, 0x1a, 0x90, 0x88, 0x5a, 0x62,
-	0xce, 0xa3, 0xe9, 0x9c, 0x0e, 0x31, 0xdb, 0xb6, 0x4b, 0x83, 0xc3, 0xa6, 0x7f, 0xd0, 0x62, 0x03,
-	0x61, 0xb3, 0x43, 0x23, 0x32, 0x6c, 0xd5, 0x6e, 0xcb, 0x8e, 0xda, 0xdd, 0x17, 0x1b, 0xa6, 0xd7,
-	0x69, 0x92, 0xa0, 0xe5, 0xf9, 0x81, 0xf7, 0x55, 0xfe, 0xb1, 0x61, 0x5a, 0xcd, 0xde, 0x23, 0x29,
-	0x03, 0x55, 0x97, 0xde, 0x15, 0xe2, 0xf8, 0x6d, 0x32, 0xc8, 0xed, 0xfa, 0x18, 0x6e, 0x01, 0xf5,
-	0x3d, 0x61, 0x1b, 0xfe, 0x69, 0x47, 0x5e, 0x70, 0xa8, 0x7c, 0xc6, 0x6c, 0xf4, 0xf7, 0x11, 0x9c,
-	0xb8, 0x9a, 0xca, 0xfb, 0x7c, 0x97, 0x06, 0x87, 0x18, 0xc3, 0x9c, 0x4b, 0x3a, 0x54, 0x43, 0x35,
-	0x54, 0x5f, 0x34, 0xf8, 0x37, 0xd6, 0x60, 0x21, 0xa0, 0xfb, 0x01, 0x0d, 0xdb, 0x5a, 0x81, 0x0f,
-	0x4b, 0x12, 0x57, 0xa1, 0xcc, 0x84, 0x53, 0x33, 0x0a, 0xb5, 0x62, 0xad, 0x58, 0x5f, 0x34, 0x12,
-	0x1a, 0xd7, 0x61, 0x39, 0xa0, 0xa1, 0xd7, 0x0d, 0x4c, 0xfa, 0x05, 0x1a, 0x84, 0xb6, 0xe7, 0x6a,
-	0x73, 0x7c, 0x75, 0xff, 0x30, 0xe3, 0x12, 0x52, 0x87, 0x9a, 0x91, 0x17, 0x68, 0x25, 0x3e, 0x25,
-	0xa1, 0x19, 0x1e, 0x06, 0x5c, 0x9b, 0x8f, 0xf1, 0xb0, 0x6f, 0xac, 0xc3, 0x31, 0xe2, 0xfb, 0xb7,
-	0x48, 0x87, 0x86, 0x3e, 0x31, 0xa9, 0xb6, 0xc0, 0x7f, 0xcb, 0x8c, 0x31, 0xcc, 0x02, 0x89, 0x56,
-	0xe6, 0xc0, 0x24, 0xa9, 0x6f, 0xc3, 0xe2, 0x2d, 0xcf, 0xa2, 0xa3, 0xd5, 0xed, 0x67, 0x5f, 0x18,
-	0x64, 0xaf, 0xbf, 0x83, 0xe0, 0xb4, 0x41, 0x7b, 0x36, 0xc3, 0x7f, 0x93, 0x46, 0xc4, 0x22, 0x11,
-	0xe9, 0xe7, 0x58, 0x48, 0x38, 0x56, 0xa1, 0x1c, 0x88, 0xc9, 0x5a, 0x81, 0x8f, 0x27, 0xf4, 0x80,
-	0xb4, 0x62, 0xbe, 0x32, 0xb1, 0x09, 0x25, 0x89, 0x6b, 0x50, 0x89, 0x6d, 0xb9, 0xe3, 0x5a, 0xf4,
-	0x6b, 0xdc, 0x7a, 0x25, 0x43, 0x1d, 0xc2, 0xab, 0xb0, 0xd8, 0x8b, 0xed, 0xbc, 0x63, 0x71, 0x2b,
-	0x96, 0x8c, 0x74, 0x40, 0xff, 0x07, 0x82, 0xb3, 0x8a, 0x0f, 0x18, 0x62, 0x67, 0xae, 0xf7, 0xa8,
-	0x1b, 0x85, 0xa3, 0x15, 0xba, 0x04, 0x27, 0xe5, 0x26, 0xf6, 0xdb, 0x69, 0xf0, 0x07, 0xa6, 0xa2,
-	0x3a, 0x28, 0x55, 0x54, 0xc7, 0x98, 0x22, 0x92, 0x7e, 0x7e, 0xe7, 0x9a, 0x50, 0x53, 0x1d, 0x1a,
-	0x30, 0x54, 0x29, 0xdf, 0x50, 0xf3, 0x19, 0x43, 0xe9, 0xef, 0x22, 0xd0, 0x14, 0x45, 0x6f, 0x12,
-	0xd7, 0xde, 0xa7, 0x61, 0x34, 0xe9, 0x9e, 0xa1, 0x19, 0xee, 0x59, 0x1d, 0x96, 0x63, 0xad, 0x6e,
-	0xb3, 0xf3, 0xc8, 0xe2, 0x8f, 0x56, 0xaa, 0x15, 0xeb, 0x45, 0xa3, 0x7f, 0x98, 0xed, 0x9d, 0x94,
-	0x19, 0x6a, 0xf3, 0xdc, 0x8d, 0xd3, 0x01, 0xfd, 0x41, 0x58, 0x7c, 0xc6, 0x76, 0xe8, 0x76, 0xbb,
-	0xeb, 0x1e, 0xe0, 0x53, 0x50, 0x32, 0xd9, 0x07, 0xd7, 0xe1, 0x98, 0x11, 0x13, 0xfa, 0x77, 0x10,
-	0x3c, 0x38, 0x4a, 0xeb, 0xbb, 0x76, 0xd4, 0x66, 0xeb, 0xc3, 0x51, 0xea, 0x9b, 0x6d, 0x6a, 0x1e,
-	0x84, 0xdd, 0x8e, 0x74, 0x59, 0x49, 0x4f, 0xa7, 0xbe, 0xfe, 0x53, 0x04, 0xf5, 0xb1, 0x98, 0xee,
-	0x06, 0xc4, 0xf7, 0x69, 0x80, 0x9f, 0x81, 0xd2, 0x3d, 0xf6, 0x03, 0x3f, 0xa0, 0x95, 0xcd, 0x46,
-	0x43, 0x0d, 0xf0, 0x63, 0xb9, 0x3c, 0xfb, 0x11, 0x23, 0x5e, 0x8e, 0x1b, 0xd2, 0x3c, 0x05, 0xce,
-	0x67, 0x25, 0xc3, 0x27, 0xb1, 0x22, 0x9b, 0xcf, 0xa7, 0x3d, 0x3d, 0x0f, 0x73, 0x3e, 0x09, 0x22,
-	0xfd, 0x34, 0xdc, 0x97, 0x3d, 0x1e, 0xbe, 0xe7, 0x86, 0x54, 0xff, 0x4d, 0xd6, 0x9b, 0xb6, 0x03,
-	0x4a, 0x22, 0x6a, 0xd0, 0x7b, 0x5d, 0x1a, 0x46, 0xf8, 0x00, 0xd4, 0x9c, 0xc3, 0xad, 0x5a, 0xd9,
-	0xdc, 0x69, 0xa4, 0x41, 0xbb, 0x21, 0x83, 0x36, 0xff, 0xf8, 0xb2, 0x69, 0x35, 0x7a, 0x8f, 0x34,
-	0xfc, 0x83, 0x56, 0x83, 0xa5, 0x80, 0x0c, 0x32, 0x99, 0x02, 0x54, 0x55, 0x0d, 0x95, 0x3b, 0x5e,
-	0x81, 0xf9, 0xae, 0x1f, 0xd2, 0x20, 0xe2, 0x9a, 0x95, 0x0d, 0x41, 0xb1, 0xfd, 0xeb, 0x11, 0xc7,
-	0xb6, 0x48, 0x14, 0xef, 0x4f, 0xd9, 0x48, 0x68, 0xfd, 0xb7, 0x59, 0xf4, 0xcf, 0xfb, 0xd6, 0x07,
-	0x85, 0x5e, 0x45, 0x59, 0xc8, 0xa2, 0x54, 0x3d, 0xa8, 0x98, 0xf5, 0xa0, 0x5f, 0x66, 0xf1, 0x5f,
-	0xa3, 0x0e, 0x4d, 0xf1, 0x0f, 0x73, 0x66, 0x0d, 0x16, 0x4c, 0x12, 0x9a, 0xc4, 0x92, 0x52, 0x24,
-	0xc9, 0x02, 0x99, 0x1f, 0x78, 0x3e, 0x69, 0x71, 0x4e, 0xb7, 0x3d, 0xc7, 0x36, 0x0f, 0x85, 0xb8,
-	0xc1, 0x1f, 0x06, 0x1c, 0x7f, 0x2e, 0xdf, 0xf1, 0x4b, 0x59, 0xd8, 0xe7, 0xa0, 0xb2, 0x77, 0xe8,
-	0x9a, 0xcf, 0xf9, 0xf1, 0xe1, 0x3e, 0x05, 0x25, 0x3b, 0xa2, 0x9d, 0x50, 0x43, 0xfc, 0x60, 0xc7,
-	0x84, 0xfe, 0x9f, 0x12, 0xac, 0x28, 0xba, 0xb1, 0x05, 0x79, 0x9a, 0xe5, 0x45, 0xa9, 0x15, 0x98,
-	0xb7, 0x82, 0x43, 0xa3, 0xeb, 0x0a, 0x07, 0x10, 0x14, 0x13, 0xec, 0x07, 0x5d, 0x37, 0x86, 0x5f,
-	0x36, 0x62, 0x02, 0xef, 0x43, 0x39, 0x8c, 0x58, 0x95, 0xd1, 0x3a, 0xe4, 0xc0, 0x2b, 0x9b, 0x9f,
-	0x9d, 0x6e, 0xd3, 0x19, 0xf4, 0x3d, 0xc1, 0xd1, 0x48, 0x78, 0xe3, 0x7b, 0x2c, 0xa6, 0xc5, 0x81,
-	0x2e, 0xd4, 0x16, 0x6a, 0xc5, 0x7a, 0x65, 0x73, 0x6f, 0x7a, 0x41, 0xcf, 0xf9, 0xac, 0x42, 0x52,
-	0x32, 0x98, 0x91, 0x4a, 0x61, 0x61, 0xb4, 0x23, 0xe2, 0x43, 0x28, 0xaa, 0x81, 0x74, 0x00, 0x7f,
-	0x11, 0x4a, 0xb6, 0xbb, 0xef, 0x85, 0xda, 0x22, 0x07, 0xf3, 0xf4, 0x74, 0x60, 0x76, 0xdc, 0x7d,
-	0xcf, 0x88, 0x19, 0xe2, 0x7b, 0xb0, 0x14, 0xd0, 0x28, 0x38, 0x94, 0x56, 0xd0, 0x80, 0xdb, 0xf5,
-	0x73, 0xd3, 0x49, 0x30, 0x54, 0x96, 0x46, 0x56, 0x02, 0xde, 0x82, 0x4a, 0x98, 0xfa, 0x98, 0x56,
-	0xe1, 0x02, 0xb5, 0x0c, 0x23, 0xc5, 0x07, 0x0d, 0x75, 0xf2, 0x80, 0x77, 0x1f, 0xcb, 0xf7, 0xee,
-	0xa5, 0xb1, 0x59, 0xed, 0xf8, 0x04, 0x59, 0x6d, 0xb9, 0x3f, 0xab, 0xfd, 0x1b, 0xc1, 0xea, 0x40,
-	0x70, 0xda, 0xf3, 0x69, 0xee, 0x31, 0x20, 0x30, 0x17, 0xfa, 0xd4, 0xe4, 0x99, 0xaa, 0xb2, 0x79,
-	0x73, 0x66, 0xd1, 0x8a, 0xcb, 0xe5, 0xac, 0xf3, 0x02, 0xea, 0x94, 0x71, 0xe1, 0x47, 0x08, 0x3e,
-	0xaa, 0xc8, 0xbc, 0x4d, 0x22, 0xb3, 0x9d, 0xa7, 0x2c, 0x3b, 0xbf, 0x6c, 0x8e, 0xc8, 0xcb, 0x31,
-	0xc1, 0xac, 0xca, 0x3f, 0xee, 0x1c, 0xfa, 0x0c, 0x20, 0xfb, 0x25, 0x1d, 0x98, 0xb2, 0x78, 0xfa,
-	0x19, 0x82, 0xaa, 0x1a, 0xc3, 0x3d, 0xc7, 0x79, 0x91, 0x98, 0x07, 0x79, 0x20, 0x8f, 0x43, 0xc1,
-	0xb6, 0x38, 0xc2, 0xa2, 0x51, 0xb0, 0xad, 0x23, 0x06, 0xa3, 0x7e, 0xb8, 0xf3, 0xf9, 0x70, 0x17,
-	0xb2, 0x70, 0xdf, 0xef, 0x83, 0x2b, 0x43, 0x42, 0x0e, 0xdc, 0x55, 0x58, 0x74, 0xfb, 0x0a, 0xd9,
-	0x74, 0x60, 0x48, 0x01, 0x5b, 0x18, 0x28, 0x60, 0x35, 0x58, 0xe8, 0x25, 0xd7, 0x1c, 0xf6, 0xb3,
-	0x24, 0x99, 0x8a, 0xad, 0xc0, 0xeb, 0xfa, 0xc2, 0xe8, 0x31, 0xc1, 0x50, 0x1c, 0xd8, 0x2e, 0x2b,
-	0xc9, 0x39, 0x0a, 0xf6, 0x7d, 0xf4, 0x8b, 0x4d, 0x46, 0xed, 0x9f, 0x17, 0xe0, 0x63, 0x43, 0xd4,
-	0x1e, 0xeb, 0x4f, 0x1f, 0x0e, 0xdd, 0x13, 0xaf, 0x5e, 0x18, 0xe9, 0xd5, 0xe5, 0x71, 0x5e, 0xbd,
-	0x98, 0x6f, 0x2f, 0xc8, 0xda, 0xeb, 0x27, 0x05, 0xa8, 0x0d, 0xb1, 0xd7, 0xf8, 0x72, 0xe2, 0x43,
-	0x63, 0xb0, 0x7d, 0x2f, 0x10, 0x5e, 0x52, 0x36, 0x62, 0x82, 0x9d, 0x33, 0x2f, 0xf0, 0xdb, 0xc4,
-	0xe5, 0xde, 0x51, 0x36, 0x04, 0x35, 0xa5, 0xa9, 0xae, 0x81, 0x26, 0xcd, 0x73, 0xd5, 0x8c, 0x83,
-	0x54, 0x40, 0x3a, 0x34, 0xa2, 0x41, 0x38, 0x2a, 0x44, 0xf5, 0x88, 0xd3, 0xa5, 0x32, 0x44, 0x71,
-	0x42, 0xff, 0x67, 0xa1, 0x9f, 0x8d, 0xd1, 0x75, 0x3f, 0xfc, 0x86, 0x5e, 0x81, 0x79, 0xc2, 0xd1,
-	0x0a, 0xd7, 0x14, 0xd4, 0x80, 0x49, 0xcb, 0xf9, 0x26, 0x5d, 0xcc, 0xe6, 0x4b, 0x02, 0x5a, 0x30,
-	0xc2, 0xa4, 0x1a, 0xf0, 0x4a, 0x64, 0x2d, 0x93, 0x9e, 0x46, 0xd9, 0xdf, 0x18, 0xc9, 0x46, 0xff,
-	0x26, 0x82, 0x33, 0xd9, 0x65, 0xe1, 0xae, 0x1d, 0x46, 0xf2, 0x16, 0x83, 0xf7, 0x61, 0x21, 0x56,
-	0x25, 0xae, 0x41, 0x2b, 0x9b, 0xbb, 0xd3, 0x56, 0x26, 0x99, 0xbd, 0x95, 0xcc, 0xf5, 0xc7, 0xe1,
-	0xcc, 0xd0, 0x70, 0x2c, 0x60, 0x54, 0xa1, 0x2c, 0xab, 0x31, 0xb1, 0xfb, 0x09, 0xad, 0xbf, 0x35,
-	0x97, 0xcd, 0x8d, 0x9e, 0xb5, 0xeb, 0xb5, 0x72, 0x1a, 0x13, 0xf9, 0x1e, 0xc3, 0x76, 0xc3, 0xb3,
-	0x94, 0x1e, 0x84, 0x24, 0xd9, 0x3a, 0xd3, 0x73, 0x23, 0x62, 0xbb, 0x34, 0x10, 0xe9, 0x3b, 0x1d,
-	0x60, 0x3b, 0x1d, 0xda, 0xae, 0x49, 0xf7, 0xa8, 0xe9, 0xb9, 0x56, 0xc8, 0x5d, 0xa6, 0x68, 0x64,
-	0xc6, 0xf0, 0xb3, 0xb0, 0xc8, 0xe9, 0x3b, 0x76, 0x27, 0xce, 0x57, 0x95, 0xcd, 0xf5, 0x46, 0xdc,
-	0x2c, 0x6c, 0xa8, 0xcd, 0xc2, 0xd4, 0x86, 0x1d, 0x1a, 0x91, 0x46, 0xef, 0x4a, 0x83, 0xad, 0x30,
-	0xd2, 0xc5, 0x0c, 0x4b, 0x44, 0x6c, 0x67, 0xd7, 0x76, 0x79, 0x85, 0xcc, 0x44, 0xa5, 0x03, 0xcc,
-	0x1b, 0xf7, 0x3d, 0xc7, 0xf1, 0x5e, 0x92, 0x07, 0x3c, 0xa6, 0xd8, 0xaa, 0xae, 0x1b, 0xd9, 0x0e,
-	0x97, 0x1f, 0xfb, 0x5a, 0x3a, 0xc0, 0x57, 0xd9, 0x4e, 0x44, 0x03, 0x71, 0xb2, 0x05, 0x95, 0xf8,
-	0x7b, 0x25, 0xee, 0x7f, 0xc9, 0xc0, 0x12, 0x9f, 0x8c, 0x63, 0xea, 0xc9, 0xe8, 0x3f, 0x6d, 0x4b,
-	0x43, 0x9a, 0x38, 0xbc, 0x1d, 0x48, 0x7b, 0xb6, 0xd7, 0x65, 0xc5, 0x1f, 0xaf, 0x91, 0x24, 0x3d,
-	0x70, 0x5a, 0x96, 0xf3, 0x4f, 0xcb, 0x89, 0xec, 0x69, 0xe1, 0x25, 0x7c, 0x64, 0xb6, 0xb7, 0x49,
-	0x48, 0xb5, 0x93, 0x9c, 0x75, 0x3a, 0xa0, 0xff, 0x0e, 0x41, 0x79, 0xd7, 0x6b, 0x5d, 0x77, 0xa3,
-	0xe0, 0x90, 0x5f, 0xf6, 0x3c, 0x37, 0xa2, 0xae, 0xf4, 0x26, 0x49, 0xb2, 0x2d, 0x8a, 0xec, 0x0e,
-	0xdd, 0x8b, 0x48, 0xc7, 0x17, 0xa5, 0xe2, 0x91, 0xb6, 0x28, 0x59, 0xcc, 0xcc, 0xe6, 0x90, 0x30,
-	0xe2, 0x21, 0xa7, 0x6c, 0xf0, 0x6f, 0xa6, 0x60, 0x32, 0x61, 0x2f, 0x0a, 0x44, 0xbc, 0xc9, 0x8c,
-	0xa9, 0x0e, 0x58, 0x8a, 0xb1, 0x09, 0x52, 0xef, 0xc0, 0xfd, 0xc9, 0x1d, 0xe6, 0x0e, 0x0d, 0x3a,
-	0xb6, 0x4b, 0xf2, 0x93, 0xd0, 0x04, 0x5d, 0xca, 0x9c, 0x2b, 0xb4, 0x97, 0x39, 0x92, 0xec, 0x4a,
-	0x70, 0xd7, 0x76, 0x2d, 0xef, 0xa5, 0x9c, 0xa3, 0x35, 0x9d, 0xc0, 0xbf, 0x64, 0x1b, 0x8d, 0x8a,
-	0xc4, 0x24, 0x0e, 0x3c, 0x0b, 0x4b, 0x2c, 0x62, 0xf4, 0xa8, 0xf8, 0x41, 0x04, 0x25, 0x7d, 0x54,
-	0xcf, 0x27, 0xe5, 0x61, 0x64, 0x17, 0xe2, 0x5d, 0x58, 0x26, 0x61, 0x68, 0xb7, 0x5c, 0x6a, 0x49,
-	0x5e, 0x85, 0x89, 0x79, 0xf5, 0x2f, 0x8d, 0xbb, 0x07, 0x7c, 0x86, 0xd8, 0x6f, 0x49, 0xea, 0xdf,
-	0x40, 0x70, 0x7a, 0x28, 0x93, 0xe4, 0x5c, 0x21, 0x25, 0x8f, 0x54, 0xa1, 0x1c, 0x9a, 0x6d, 0x6a,
-	0x75, 0x1d, 0x99, 0x17, 0x13, 0x9a, 0xfd, 0x66, 0x75, 0xe3, 0xdd, 0x17, 0x79, 0x2c, 0xa1, 0xf1,
-	0x59, 0x80, 0x0e, 0x71, 0xbb, 0xc4, 0xe1, 0x10, 0xe6, 0x38, 0x04, 0x65, 0x44, 0x5f, 0x85, 0xea,
-	0x30, 0xd7, 0x11, 0xad, 0xaa, 0x7f, 0x21, 0x38, 0x2e, 0x43, 0xae, 0xd8, 0xdd, 0x3a, 0x2c, 0x2b,
-	0x66, 0xb8, 0x95, 0x6e, 0x74, 0xff, 0xf0, 0x98, 0x70, 0x2a, 0xbd, 0xa4, 0x98, 0x7d, 0x2b, 0xe8,
-	0x65, 0xba, 0xfd, 0x13, 0x27, 0x5c, 0x34, 0xa3, 0x32, 0xf8, 0xeb, 0xa0, 0xdd, 0x24, 0x2e, 0x69,
-	0x51, 0x2b, 0x51, 0x3b, 0x71, 0xb1, 0xaf, 0xa8, 0x3d, 0x97, 0xa9, 0x3b, 0x1c, 0x49, 0xc5, 0x68,
-	0xef, 0xef, 0xcb, 0xfe, 0x4d, 0x00, 0xe5, 0x5d, 0xdb, 0x3d, 0xd8, 0x71, 0xf7, 0x3d, 0xa6, 0x71,
-	0x64, 0x47, 0x8e, 0xb4, 0x6e, 0x4c, 0xe0, 0x13, 0x50, 0xec, 0x06, 0x8e, 0xf0, 0x00, 0xf6, 0x89,
-	0x6b, 0x50, 0xb1, 0x68, 0x68, 0x06, 0xb6, 0x2f, 0xf6, 0x9f, 0xf7, 0xbe, 0x95, 0x21, 0xb6, 0x0f,
-	0xb6, 0xe9, 0xb9, 0xdb, 0x0e, 0x09, 0x43, 0x99, 0x9e, 0x92, 0x01, 0xfd, 0x49, 0x58, 0x62, 0x32,
-	0x53, 0x35, 0x2f, 0x66, 0xd5, 0x3c, 0x9d, 0x81, 0x2f, 0xe1, 0x49, 0xc4, 0x04, 0xee, 0x63, 0x55,
-	0xc1, 0x55, 0xdf, 0x17, 0x4c, 0x26, 0xac, 0xc7, 0x8a, 0xc3, 0xb2, 0xeb, 0xd0, 0x96, 0xef, 0xe6,
-	0x1b, 0x6b, 0x80, 0xd5, 0x73, 0x42, 0x83, 0x9e, 0x6d, 0x52, 0xfc, 0x5d, 0x04, 0x73, 0x4c, 0x34,
-	0x7e, 0x60, 0xd4, 0xb1, 0xe4, 0xfe, 0x5a, 0x9d, 0xdd, 0x7d, 0x9e, 0x49, 0xd3, 0x57, 0x5f, 0xfd,
-	0xeb, 0xdf, 0xbf, 0x57, 0x58, 0xc1, 0xa7, 0xf8, 0x43, 0x5f, 0xef, 0x8a, 0xfa, 0xe8, 0x16, 0xe2,
-	0xd7, 0x10, 0x60, 0x51, 0x25, 0x29, 0x4f, 0x21, 0xf8, 0xe2, 0x28, 0x88, 0x43, 0x9e, 0x4c, 0xaa,
-	0x0f, 0x28, 0x59, 0xa5, 0x61, 0x7a, 0x01, 0x65, 0x39, 0x84, 0x4f, 0xe0, 0x00, 0xd6, 0x39, 0x80,
-	0xf3, 0x58, 0x1f, 0x06, 0xa0, 0xf9, 0x32, 0xb3, 0xe8, 0x2b, 0x4d, 0x1a, 0xcb, 0x7d, 0x13, 0x41,
-	0xe9, 0x2e, 0xbf, 0x0a, 0x8d, 0x31, 0xd2, 0xde, 0xcc, 0x8c, 0xc4, 0xc5, 0x71, 0xb4, 0xfa, 0x39,
-	0x8e, 0xf4, 0x01, 0x7c, 0x46, 0x22, 0x0d, 0xa3, 0x80, 0x92, 0x4e, 0x06, 0xf0, 0x65, 0x84, 0xdf,
-	0x46, 0x30, 0x1f, 0xf7, 0xc0, 0xf1, 0xda, 0x28, 0x94, 0x99, 0x1e, 0x79, 0x75, 0x76, 0x0d, 0x65,
-	0xfd, 0x61, 0x8e, 0xf1, 0x9c, 0x3e, 0x74, 0x3b, 0xb7, 0x32, 0xed, 0xe6, 0xd7, 0x11, 0x14, 0x6f,
-	0xd0, 0xb1, 0xfe, 0x36, 0x43, 0x70, 0x03, 0x06, 0x1c, 0xb2, 0xd5, 0xf8, 0x2d, 0x04, 0xf7, 0xdf,
-	0xa0, 0xd1, 0xf0, 0xf4, 0x88, 0xeb, 0xe3, 0x73, 0x96, 0x70, 0xbb, 0x8b, 0x13, 0xcc, 0x4c, 0xf2,
-	0x42, 0x93, 0x23, 0x7b, 0x18, 0x5f, 0xc8, 0x73, 0xc2, 0xf0, 0xd0, 0x35, 0x5f, 0x12, 0x38, 0xfe,
-	0x84, 0xe0, 0x44, 0xff, 0x93, 0x27, 0xd6, 0xfb, 0xee, 0x28, 0x43, 0x5e, 0x44, 0xab, 0xb7, 0xa6,
-	0x8d, 0xb2, 0x59, 0xa6, 0xfa, 0x55, 0x8e, 0xfc, 0x09, 0xfc, 0x78, 0x1e, 0xf2, 0xa4, 0xa1, 0xd8,
-	0x7c, 0x59, 0x7e, 0xbe, 0xc2, 0x9f, 0xe7, 0x39, 0xec, 0x3f, 0x23, 0x38, 0x25, 0xf9, 0x6e, 0xb7,
-	0x49, 0x10, 0x5d, 0xa3, 0xac, 0xc2, 0x0e, 0x27, 0xd2, 0x67, 0xca, 0xac, 0xa1, 0xca, 0xd3, 0xaf,
-	0x73, 0x5d, 0x3e, 0x8d, 0x9f, 0x3a, 0xb2, 0x2e, 0x26, 0x63, 0x63, 0x09, 0xd8, 0xef, 0x20, 0x38,
-	0x7e, 0x83, 0x46, 0xcf, 0x6d, 0xef, 0x1c, 0x69, 0x67, 0xa6, 0x74, 0x74, 0x45, 0x9c, 0x7e, 0x8d,
-	0x2b, 0xf2, 0x29, 0xfc, 0xe4, 0x91, 0x15, 0xf1, 0x4c, 0x3b, 0xd9, 0x97, 0x57, 0x11, 0x1c, 0xbb,
-	0x41, 0xa3, 0x9b, 0x49, 0x73, 0x7e, 0x6d, 0xa2, 0x07, 0xbf, 0xea, 0x6a, 0x43, 0xf9, 0x77, 0x83,
-	0xfc, 0x29, 0x71, 0xf5, 0x0d, 0x8e, 0xed, 0x02, 0x5e, 0xcb, 0xc3, 0x96, 0x3e, 0x08, 0xbc, 0x89,
-	0xe0, 0xb4, 0x0a, 0x22, 0x7d, 0x28, 0xfd, 0xf8, 0xd1, 0x9e, 0x1f, 0xc5, 0x23, 0xe6, 0x18, 0x74,
-	0x9b, 0x1c, 0xdd, 0x25, 0x7d, 0xf8, 0x41, 0xec, 0x0c, 0xa0, 0xd8, 0x42, 0xeb, 0x75, 0x84, 0x7f,
-	0x8f, 0x60, 0x3e, 0xee, 0x8d, 0x8f, 0xb6, 0x51, 0xe6, 0x61, 0x6f, 0x96, 0x51, 0x4d, 0x78, 0x6d,
-	0xf5, 0xf2, 0x70, 0x83, 0xaa, 0xeb, 0xe5, 0xd6, 0x36, 0xb8, 0x95, 0xb3, 0xe1, 0xf8, 0x57, 0x08,
-	0x20, 0xed, 0xef, 0xe3, 0x87, 0xf3, 0xf5, 0x50, 0xde, 0x00, 0xaa, 0xb3, 0xed, 0xf0, 0xeb, 0x0d,
-	0xae, 0x4f, 0xbd, 0x5a, 0xcb, 0x8d, 0x85, 0x3e, 0x35, 0xb7, 0xe2, 0xb7, 0x80, 0x1f, 0x23, 0x28,
-	0xf1, 0xb6, 0x2a, 0x3e, 0x3f, 0x0a, 0xb3, 0xda, 0x75, 0x9d, 0xa5, 0xe9, 0x1f, 0xe2, 0x50, 0x6b,
-	0x9b, 0x79, 0x09, 0x65, 0x0b, 0xad, 0xe3, 0x1e, 0xcc, 0xc7, 0x8d, 0xcc, 0xd1, 0xee, 0x91, 0x69,
-	0x74, 0x56, 0x6b, 0x39, 0x05, 0x4e, 0xec, 0xa8, 0x22, 0x97, 0xad, 0x8f, 0xcb, 0x65, 0x73, 0x2c,
-	0xdd, 0xe0, 0x73, 0x79, 0xc9, 0xe8, 0xff, 0x60, 0x98, 0x8b, 0x1c, 0xdd, 0x9a, 0x5e, 0x1b, 0x97,
-	0xcf, 0x98, 0x75, 0x7e, 0x80, 0xe0, 0x44, 0xff, 0x25, 0x01, 0x9f, 0x19, 0xda, 0x6f, 0x13, 0xb9,
-	0x35, 0x6b, 0xc5, 0x51, 0x17, 0x0c, 0xfd, 0x33, 0x1c, 0xc5, 0x16, 0x7e, 0x6c, 0xec, 0xc9, 0xb8,
-	0x25, 0xa3, 0x0e, 0x63, 0xb4, 0x91, 0x3e, 0x56, 0xfe, 0x1a, 0xc1, 0x31, 0xc9, 0xf7, 0x4e, 0x40,
-	0x69, 0x3e, 0xac, 0xd9, 0x1d, 0x04, 0x26, 0x4b, 0x7f, 0x92, 0xc3, 0xff, 0x04, 0x7e, 0x74, 0x42,
-	0xf8, 0x12, 0xf6, 0x46, 0xc4, 0x90, 0xfe, 0x01, 0xc1, 0xc9, 0xbb, 0xb1, 0xdf, 0x7f, 0x40, 0xf8,
-	0xb7, 0x39, 0xfe, 0xa7, 0xf0, 0x13, 0x39, 0xf5, 0xea, 0x38, 0x35, 0x2e, 0x23, 0xfc, 0x0b, 0x04,
-	0x65, 0xf9, 0xc8, 0x85, 0x2f, 0x8c, 0x3c, 0x18, 0xd9, 0x67, 0xb0, 0x59, 0x3a, 0xb3, 0x28, 0xce,
-	0xf4, 0xf3, 0xb9, 0xd9, 0x54, 0xc8, 0x67, 0x0e, 0xfd, 0x3a, 0x02, 0x9c, 0xdc, 0xfd, 0x93, 0x6e,
-	0x00, 0x7e, 0x28, 0x23, 0x6a, 0x64, 0x83, 0xa9, 0x7a, 0x61, 0xec, 0xbc, 0x6c, 0x2a, 0x5d, 0xcf,
-	0x4d, 0xa5, 0x5e, 0x22, 0xff, 0x5b, 0x08, 0x2a, 0x37, 0x68, 0x72, 0x97, 0xca, 0xb1, 0x65, 0xf6,
-	0x8d, 0xae, 0x5a, 0x1f, 0x3f, 0x51, 0x20, 0xba, 0xc4, 0x11, 0x3d, 0x84, 0xf3, 0x4d, 0x25, 0x01,
-	0xfc, 0x10, 0xc1, 0xd2, 0x6d, 0xd5, 0x45, 0xf1, 0xa5, 0x71, 0x92, 0x32, 0x91, 0x7c, 0x72, 0x5c,
-	0x8f, 0x70, 0x5c, 0x1b, 0xfa, 0x44, 0xb8, 0xb6, 0xc4, 0x73, 0xd7, 0x1b, 0x28, 0xbe, 0x8c, 0xf7,
-	0x75, 0xed, 0xff, 0x57, 0xbb, 0xe5, 0x34, 0xff, 0xf5, 0x47, 0x39, 0xbe, 0x06, 0xbe, 0x34, 0x09,
-	0xbe, 0xa6, 0x68, 0xe5, 0xe3, 0xef, 0x23, 0x38, 0xc9, 0x1f, 0x6d, 0x54, 0xc6, 0x38, 0xef, 0xa5,
-	0x22, 0x7d, 0xe2, 0x99, 0x20, 0xc5, 0x7c, 0x92, 0x83, 0xba, 0xa2, 0x1f, 0x09, 0x14, 0xf3, 0xff,
-	0x6f, 0x23, 0x38, 0x2e, 0xf3, 0x99, 0xd8, 0xd8, 0x8d, 0x71, 0x36, 0x3b, 0x6a, 0xfe, 0x13, 0x9e,
-	0xb6, 0x3e, 0x99, 0xa7, 0xbd, 0x8d, 0x60, 0x41, 0x3c, 0x57, 0xe4, 0x54, 0x09, 0xca, 0x7b, 0x46,
-	0xb5, 0xaf, 0x4d, 0x23, 0xfa, 0xd9, 0xfa, 0x97, 0xb8, 0xd8, 0xe7, 0x71, 0x33, 0x4f, 0xac, 0xef,
-	0x59, 0x61, 0xf3, 0x65, 0xd1, 0x4c, 0x7e, 0xa5, 0xe9, 0x78, 0xad, 0xf0, 0x05, 0x1d, 0xe7, 0xe6,
-	0x42, 0x36, 0xe7, 0x32, 0xc2, 0x11, 0x2c, 0x32, 0xbf, 0xe0, 0xbd, 0x1f, 0x5c, 0xeb, 0xeb, 0x14,
-	0x0d, 0xb4, 0x85, 0xaa, 0xd5, 0x81, 0x5e, 0x52, 0x9a, 0xfc, 0xc4, 0x4d, 0x1c, 0x3f, 0x98, 0x2b,
-	0x96, 0x0b, 0x7a, 0x0d, 0xc1, 0x49, 0xd5, 0xd1, 0x63, 0xf1, 0x13, 0xbb, 0x79, 0x1e, 0x0a, 0x51,
-	0x4f, 0xe3, 0xf5, 0x89, 0x7c, 0x88, 0xc3, 0x79, 0xfa, 0x99, 0x3f, 0xbe, 0x77, 0x16, 0xbd, 0xfb,
-	0xde, 0x59, 0xf4, 0xb7, 0xf7, 0xce, 0xa2, 0x17, 0x1e, 0x9b, 0xec, 0xdf, 0xda, 0xa6, 0x63, 0x53,
-	0x37, 0x52, 0xd9, 0xff, 0x37, 0x00, 0x00, 0xff, 0xff, 0x47, 0x2b, 0xad, 0x16, 0x93, 0x2e, 0x00,
-	0x00,
+	// 2885 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5a, 0xcf, 0x8f, 0x1c, 0x47,
+	0xf5, 0xff, 0xd6, 0xcc, 0xce, 0xee, 0xec, 0x1b, 0xff, 0xac, 0xd8, 0xfe, 0x76, 0xc6, 0x1b, 0x33,
+	0x69, 0xff, 0x9a, 0xac, 0xbd, 0x33, 0xf6, 0xc4, 0xa0, 0x64, 0x93, 0x10, 0x9c, 0xb5, 0xe3, 0x2c,
+	0xac, 0x1d, 0xd3, 0xeb, 0xc4, 0x28, 0x1c, 0xa0, 0xd2, 0x5d, 0x3b, 0xd3, 0x6c, 0x4f, 0x77, 0xbb,
+	0xbb, 0x67, 0xc2, 0x2a, 0xe4, 0x12, 0x84, 0xc4, 0x21, 0x0a, 0x02, 0x72, 0xe0, 0xc0, 0x2f, 0x25,
+	0x8a, 0x84, 0x10, 0x88, 0x0b, 0x42, 0x48, 0x08, 0x09, 0x0e, 0x41, 0x70, 0x40, 0x8a, 0xe0, 0x1f,
+	0x40, 0x11, 0xe2, 0x48, 0x2e, 0x39, 0x23, 0x54, 0xd5, 0x55, 0xdd, 0xd5, 0xf3, 0xa3, 0x67, 0x96,
+	0x19, 0x14, 0x4b, 0xdc, 0xfa, 0xd5, 0x54, 0xbd, 0xf7, 0x79, 0xaf, 0x5e, 0xbd, 0x57, 0xf5, 0xde,
+	0xc0, 0x99, 0x90, 0x06, 0x7d, 0x1a, 0x34, 0x89, 0xef, 0x3b, 0xb6, 0x49, 0x22, 0xdb, 0x73, 0xd5,
+	0xef, 0x86, 0x1f, 0x78, 0x91, 0x87, 0x2b, 0xca, 0x50, 0x75, 0xa5, 0xed, 0x79, 0x6d, 0x87, 0x36,
+	0x89, 0x6f, 0x37, 0x89, 0xeb, 0x7a, 0x11, 0x1f, 0x0e, 0xe3, 0xa9, 0x55, 0x7d, 0xf7, 0xb1, 0xb0,
+	0x61, 0x7b, 0xfc, 0x57, 0xd3, 0x0b, 0x68, 0xb3, 0x7f, 0xb9, 0xd9, 0xa6, 0x2e, 0x0d, 0x48, 0x44,
+	0x2d, 0x31, 0xe7, 0x4a, 0x3a, 0xa7, 0x4b, 0xcc, 0x8e, 0xed, 0xd2, 0x60, 0xaf, 0xe9, 0xef, 0xb6,
+	0xd9, 0x40, 0xd8, 0xec, 0xd2, 0x88, 0x8c, 0x5a, 0xb5, 0xd5, 0xb6, 0xa3, 0x4e, 0xef, 0xe5, 0x86,
+	0xe9, 0x75, 0x9b, 0x24, 0x68, 0x7b, 0x7e, 0xe0, 0x7d, 0x85, 0x7f, 0xac, 0x99, 0x56, 0xb3, 0xff,
+	0x68, 0xca, 0x40, 0xd5, 0xa5, 0x7f, 0x99, 0x38, 0x7e, 0x87, 0x0c, 0x73, 0xbb, 0x3e, 0x81, 0x5b,
+	0x40, 0x7d, 0x4f, 0xd8, 0x86, 0x7f, 0xda, 0x91, 0x17, 0xec, 0x29, 0x9f, 0x31, 0x1b, 0xfd, 0x23,
+	0x04, 0x47, 0xae, 0xa6, 0xf2, 0x3e, 0xdf, 0xa3, 0xc1, 0x1e, 0xc6, 0xb0, 0xe0, 0x92, 0x2e, 0xd5,
+	0x50, 0x0d, 0xd5, 0x97, 0x0d, 0xfe, 0x8d, 0x35, 0x58, 0x0a, 0xe8, 0x4e, 0x40, 0xc3, 0x8e, 0x56,
+	0xe0, 0xc3, 0x92, 0xc4, 0x55, 0x28, 0x33, 0xe1, 0xd4, 0x8c, 0x42, 0xad, 0x58, 0x2b, 0xd6, 0x97,
+	0x8d, 0x84, 0xc6, 0x75, 0x38, 0x1c, 0xd0, 0xd0, 0xeb, 0x05, 0x26, 0x7d, 0x91, 0x06, 0xa1, 0xed,
+	0xb9, 0xda, 0x02, 0x5f, 0x3d, 0x38, 0xcc, 0xb8, 0x84, 0xd4, 0xa1, 0x66, 0xe4, 0x05, 0x5a, 0x89,
+	0x4f, 0x49, 0x68, 0x86, 0x87, 0x01, 0xd7, 0x16, 0x63, 0x3c, 0xec, 0x1b, 0xeb, 0x70, 0x80, 0xf8,
+	0xfe, 0x2d, 0xd2, 0xa5, 0xa1, 0x4f, 0x4c, 0xaa, 0x2d, 0xf1, 0xdf, 0x32, 0x63, 0x0c, 0xb3, 0x40,
+	0xa2, 0x95, 0x39, 0x30, 0x49, 0xea, 0x1b, 0xb0, 0x7c, 0xcb, 0xb3, 0xe8, 0x78, 0x75, 0x07, 0xd9,
+	0x17, 0x86, 0xd9, 0xeb, 0xef, 0x21, 0x38, 0x6e, 0xd0, 0xbe, 0xcd, 0xf0, 0xdf, 0xa4, 0x11, 0xb1,
+	0x48, 0x44, 0x06, 0x39, 0x16, 0x12, 0x8e, 0x55, 0x28, 0x07, 0x62, 0xb2, 0x56, 0xe0, 0xe3, 0x09,
+	0x3d, 0x24, 0xad, 0x98, 0xaf, 0x4c, 0x6c, 0x42, 0x49, 0xe2, 0x1a, 0x54, 0x62, 0x5b, 0x6e, 0xba,
+	0x16, 0xfd, 0x2a, 0xb7, 0x5e, 0xc9, 0x50, 0x87, 0xf0, 0x0a, 0x2c, 0xf7, 0x63, 0x3b, 0x6f, 0x5a,
+	0xdc, 0x8a, 0x25, 0x23, 0x1d, 0xd0, 0xff, 0x81, 0xe0, 0x94, 0xe2, 0x03, 0x86, 0xd8, 0x99, 0xeb,
+	0x7d, 0xea, 0x46, 0xe1, 0x78, 0x85, 0x2e, 0xc2, 0x51, 0xb9, 0x89, 0x83, 0x76, 0x1a, 0xfe, 0x81,
+	0xa9, 0xa8, 0x0e, 0x4a, 0x15, 0xd5, 0x31, 0xa6, 0x88, 0xa4, 0x5f, 0xd8, 0xbc, 0x26, 0xd4, 0x54,
+	0x87, 0x86, 0x0c, 0x55, 0xca, 0x37, 0xd4, 0x62, 0xc6, 0x50, 0xfa, 0xfb, 0x08, 0x34, 0x45, 0xd1,
+	0x9b, 0xc4, 0xb5, 0x77, 0x68, 0x18, 0x4d, 0xbb, 0x67, 0x68, 0x8e, 0x7b, 0x56, 0x87, 0xc3, 0xb1,
+	0x56, 0xb7, 0xd9, 0x79, 0x64, 0xf1, 0x47, 0x2b, 0xd5, 0x8a, 0xf5, 0xa2, 0x31, 0x38, 0xcc, 0xf6,
+	0x4e, 0xca, 0x0c, 0xb5, 0x45, 0xee, 0xc6, 0xe9, 0x80, 0xfe, 0x30, 0x2c, 0x3f, 0x6b, 0x3b, 0x74,
+	0xa3, 0xd3, 0x73, 0x77, 0xf1, 0x31, 0x28, 0x99, 0xec, 0x83, 0xeb, 0x70, 0xc0, 0x88, 0x09, 0xfd,
+	0xdb, 0x08, 0x1e, 0x1e, 0xa7, 0xf5, 0x5d, 0x3b, 0xea, 0xb0, 0xf5, 0xe1, 0x38, 0xf5, 0xcd, 0x0e,
+	0x35, 0x77, 0xc3, 0x5e, 0x57, 0xba, 0xac, 0xa4, 0x67, 0x53, 0x5f, 0xff, 0x29, 0x82, 0xfa, 0x44,
+	0x4c, 0x77, 0x03, 0xe2, 0xfb, 0x34, 0xc0, 0xcf, 0x42, 0xe9, 0x1e, 0xfb, 0x81, 0x1f, 0xd0, 0x4a,
+	0xab, 0xd1, 0x50, 0x03, 0xfc, 0x44, 0x2e, 0xcf, 0xfd, 0x9f, 0x11, 0x2f, 0xc7, 0x0d, 0x69, 0x9e,
+	0x02, 0xe7, 0x73, 0x22, 0xc3, 0x27, 0xb1, 0x22, 0x9b, 0xcf, 0xa7, 0x3d, 0xb3, 0x08, 0x0b, 0x3e,
+	0x09, 0x22, 0xfd, 0x38, 0x3c, 0x90, 0x3d, 0x1e, 0xbe, 0xe7, 0x86, 0x54, 0xff, 0x4d, 0xd6, 0x9b,
+	0x36, 0x02, 0x4a, 0x22, 0x6a, 0xd0, 0x7b, 0x3d, 0x1a, 0x46, 0x78, 0x17, 0xd4, 0x9c, 0xc3, 0xad,
+	0x5a, 0x69, 0x6d, 0x36, 0xd2, 0xa0, 0xdd, 0x90, 0x41, 0x9b, 0x7f, 0x7c, 0xc9, 0xb4, 0x1a, 0xfd,
+	0x47, 0x1b, 0xfe, 0x6e, 0xbb, 0xc1, 0x52, 0x40, 0x06, 0x99, 0x4c, 0x01, 0xaa, 0xaa, 0x86, 0xca,
+	0x1d, 0x9f, 0x80, 0xc5, 0x9e, 0x1f, 0xd2, 0x20, 0xe2, 0x9a, 0x95, 0x0d, 0x41, 0xb1, 0xfd, 0xeb,
+	0x13, 0xc7, 0xb6, 0x48, 0x14, 0xef, 0x4f, 0xd9, 0x48, 0x68, 0xfd, 0xb7, 0x59, 0xf4, 0x2f, 0xf8,
+	0xd6, 0xc7, 0x85, 0x5e, 0x45, 0x59, 0xc8, 0xa2, 0x54, 0x3d, 0xa8, 0x98, 0xf5, 0xa0, 0x5f, 0x66,
+	0xf1, 0x5f, 0xa3, 0x0e, 0x4d, 0xf1, 0x8f, 0x72, 0x66, 0x0d, 0x96, 0x4c, 0x12, 0x9a, 0xc4, 0x92,
+	0x52, 0x24, 0xc9, 0x02, 0x99, 0x1f, 0x78, 0x3e, 0x69, 0x73, 0x4e, 0xb7, 0x3d, 0xc7, 0x36, 0xf7,
+	0x84, 0xb8, 0xe1, 0x1f, 0x86, 0x1c, 0x7f, 0x21, 0xdf, 0xf1, 0x4b, 0x59, 0xd8, 0xa7, 0xa1, 0xb2,
+	0xbd, 0xe7, 0x9a, 0xcf, 0xfb, 0xf1, 0xe1, 0x3e, 0x06, 0x25, 0x3b, 0xa2, 0xdd, 0x50, 0x43, 0xfc,
+	0x60, 0xc7, 0x84, 0xfe, 0xaf, 0x12, 0x9c, 0x50, 0x74, 0x63, 0x0b, 0xf2, 0x34, 0xcb, 0x8b, 0x52,
+	0x27, 0x60, 0xd1, 0x0a, 0xf6, 0x8c, 0x9e, 0x2b, 0x1c, 0x40, 0x50, 0x4c, 0xb0, 0x1f, 0xf4, 0xdc,
+	0x18, 0x7e, 0xd9, 0x88, 0x09, 0xbc, 0x03, 0xe5, 0x30, 0x62, 0xb7, 0x8c, 0xf6, 0x1e, 0x07, 0x5e,
+	0x69, 0x7d, 0x76, 0xb6, 0x4d, 0x67, 0xd0, 0xb7, 0x05, 0x47, 0x23, 0xe1, 0x8d, 0xef, 0xb1, 0x98,
+	0x16, 0x07, 0xba, 0x50, 0x5b, 0xaa, 0x15, 0xeb, 0x95, 0xd6, 0xf6, 0xec, 0x82, 0x9e, 0xf7, 0xd9,
+	0x0d, 0x49, 0xc9, 0x60, 0x46, 0x2a, 0x85, 0x85, 0xd1, 0xae, 0x88, 0x0f, 0xa1, 0xb8, 0x0d, 0xa4,
+	0x03, 0xf8, 0x0b, 0x50, 0xb2, 0xdd, 0x1d, 0x2f, 0xd4, 0x96, 0x39, 0x98, 0x67, 0x66, 0x03, 0xb3,
+	0xe9, 0xee, 0x78, 0x46, 0xcc, 0x10, 0xdf, 0x83, 0x83, 0x01, 0x8d, 0x82, 0x3d, 0x69, 0x05, 0x0d,
+	0xb8, 0x5d, 0x3f, 0x37, 0x9b, 0x04, 0x43, 0x65, 0x69, 0x64, 0x25, 0xe0, 0x75, 0xa8, 0x84, 0xa9,
+	0x8f, 0x69, 0x15, 0x2e, 0x50, 0xcb, 0x30, 0x52, 0x7c, 0xd0, 0x50, 0x27, 0x0f, 0x79, 0xf7, 0x81,
+	0x7c, 0xef, 0x3e, 0x38, 0x31, 0xab, 0x1d, 0x9a, 0x22, 0xab, 0x1d, 0x1e, 0xcc, 0x6a, 0x1f, 0x22,
+	0x58, 0x19, 0x0a, 0x4e, 0xdb, 0x3e, 0xcd, 0x3d, 0x06, 0x04, 0x16, 0x42, 0x9f, 0x9a, 0x3c, 0x53,
+	0x55, 0x5a, 0x37, 0xe7, 0x16, 0xad, 0xb8, 0x5c, 0xce, 0x3a, 0x2f, 0xa0, 0xce, 0x18, 0x17, 0x7e,
+	0x84, 0xe0, 0xff, 0x15, 0x99, 0xb7, 0x49, 0x64, 0x76, 0xf2, 0x94, 0x65, 0xe7, 0x97, 0xcd, 0x11,
+	0x79, 0x39, 0x26, 0x98, 0x55, 0xf9, 0xc7, 0x9d, 0x3d, 0x9f, 0x01, 0x64, 0xbf, 0xa4, 0x03, 0x33,
+	0x5e, 0x9e, 0x7e, 0x86, 0xa0, 0xaa, 0xc6, 0x70, 0xcf, 0x71, 0x5e, 0x26, 0xe6, 0x6e, 0x1e, 0xc8,
+	0x43, 0x50, 0xb0, 0x2d, 0x8e, 0xb0, 0x68, 0x14, 0x6c, 0x6b, 0x9f, 0xc1, 0x68, 0x10, 0xee, 0x62,
+	0x3e, 0xdc, 0xa5, 0x2c, 0xdc, 0x8f, 0x06, 0xe0, 0xca, 0x90, 0x90, 0x03, 0x77, 0x05, 0x96, 0xdd,
+	0x81, 0x8b, 0x6c, 0x3a, 0x30, 0xe2, 0x02, 0x5b, 0x18, 0xba, 0xc0, 0x6a, 0xb0, 0xd4, 0x4f, 0x9e,
+	0x39, 0xec, 0x67, 0x49, 0x32, 0x15, 0xdb, 0x81, 0xd7, 0xf3, 0x85, 0xd1, 0x63, 0x82, 0xa1, 0xd8,
+	0xb5, 0x5d, 0x76, 0x25, 0xe7, 0x28, 0xd8, 0xf7, 0xfe, 0x1f, 0x36, 0x19, 0xb5, 0x7f, 0x5e, 0x80,
+	0x4f, 0x8c, 0x50, 0x7b, 0xa2, 0x3f, 0xdd, 0x1f, 0xba, 0x27, 0x5e, 0xbd, 0x34, 0xd6, 0xab, 0xcb,
+	0x93, 0xbc, 0x7a, 0x39, 0xdf, 0x5e, 0x90, 0xb5, 0xd7, 0x4f, 0x0a, 0x50, 0x1b, 0x61, 0xaf, 0xc9,
+	0xd7, 0x89, 0xfb, 0xc6, 0x60, 0x3b, 0x5e, 0x20, 0xbc, 0xa4, 0x6c, 0xc4, 0x04, 0x3b, 0x67, 0x5e,
+	0xe0, 0x77, 0x88, 0xcb, 0xbd, 0xa3, 0x6c, 0x08, 0x6a, 0x46, 0x53, 0x5d, 0x03, 0x4d, 0x9a, 0xe7,
+	0xaa, 0x19, 0x07, 0xa9, 0x80, 0x74, 0x69, 0x44, 0x83, 0x70, 0x5c, 0x88, 0xea, 0x13, 0xa7, 0x47,
+	0x65, 0x88, 0xe2, 0x84, 0xfe, 0x66, 0x61, 0x90, 0x8d, 0xd1, 0x73, 0xef, 0x7f, 0x43, 0x9f, 0x80,
+	0x45, 0xc2, 0xd1, 0x0a, 0xd7, 0x14, 0xd4, 0x90, 0x49, 0xcb, 0xf9, 0x26, 0x5d, 0xce, 0x98, 0x74,
+	0xbd, 0xa0, 0x21, 0xfd, 0xc3, 0x02, 0x54, 0xc7, 0x19, 0xe4, 0xc5, 0xd6, 0xff, 0x9a, 0x49, 0x30,
+	0x01, 0x2d, 0x18, 0xe3, 0x65, 0x1a, 0xf0, 0xcb, 0xd9, 0xd9, 0x4c, 0xc6, 0x1e, 0xe7, 0x92, 0xc6,
+	0x58, 0x36, 0xfa, 0x37, 0x10, 0x9c, 0xcc, 0x2e, 0x0b, 0xb7, 0xec, 0x30, 0x92, 0x0f, 0x3b, 0xbc,
+	0x03, 0x4b, 0xb1, 0x2a, 0xf1, 0xb5, 0xbc, 0xd2, 0xda, 0x9a, 0xf5, 0xb2, 0x96, 0xd9, 0x5d, 0xc9,
+	0x5c, 0x7f, 0x1c, 0x4e, 0x8e, 0xcc, 0x50, 0x02, 0x46, 0x15, 0xca, 0xf2, 0x82, 0x2a, 0x76, 0x3f,
+	0xa1, 0xf5, 0x77, 0x16, 0xb2, 0xd7, 0x05, 0xcf, 0xda, 0xf2, 0xda, 0x39, 0xb5, 0x9a, 0x7c, 0x8f,
+	0x61, 0xbb, 0xe1, 0x59, 0x4a, 0x59, 0x46, 0x92, 0x6c, 0x9d, 0xe9, 0xb9, 0x11, 0xb1, 0x5d, 0x1a,
+	0x88, 0x1b, 0x4d, 0x3a, 0xc0, 0x76, 0x3a, 0xb4, 0x5d, 0x93, 0x6e, 0x53, 0xd3, 0x73, 0xad, 0x90,
+	0xbb, 0x4c, 0xd1, 0xc8, 0x8c, 0xe1, 0xe7, 0x60, 0x99, 0xd3, 0x77, 0xec, 0x6e, 0x9c, 0xc2, 0x2b,
+	0xad, 0xd5, 0x46, 0x5c, 0x3f, 0x6d, 0xa8, 0xf5, 0xd3, 0xd4, 0x86, 0x5d, 0x1a, 0x91, 0x46, 0xff,
+	0x72, 0x83, 0xad, 0x30, 0xd2, 0xc5, 0x0c, 0x4b, 0x44, 0x6c, 0x67, 0xcb, 0x76, 0xf9, 0xa3, 0x81,
+	0x89, 0x4a, 0x07, 0x98, 0x37, 0xee, 0x78, 0x8e, 0xe3, 0xbd, 0x22, 0x63, 0x5e, 0x4c, 0xb1, 0x55,
+	0x3d, 0x37, 0xb2, 0x1d, 0x2e, 0x3f, 0xf6, 0xb5, 0x74, 0x80, 0xaf, 0xb2, 0x9d, 0x88, 0x06, 0x22,
+	0xd8, 0x09, 0x2a, 0xf1, 0xf7, 0x4a, 0x5c, 0x12, 0x94, 0xb1, 0x36, 0x3e, 0x19, 0x07, 0xd4, 0x93,
+	0x31, 0x78, 0xda, 0x0e, 0x8e, 0xa8, 0x6b, 0xf1, 0x0a, 0x29, 0xed, 0xdb, 0x5e, 0x8f, 0xdd, 0x87,
+	0xf9, 0xb5, 0x51, 0xd2, 0x43, 0xa7, 0xe5, 0x70, 0xfe, 0x69, 0x39, 0x92, 0x3d, 0x2d, 0xfc, 0x55,
+	0x13, 0x99, 0x9d, 0x0d, 0x12, 0x52, 0xed, 0x28, 0x67, 0x9d, 0x0e, 0xe8, 0xbf, 0x43, 0x50, 0xde,
+	0xf2, 0xda, 0xd7, 0xdd, 0x28, 0xd8, 0xe3, 0xef, 0x5f, 0xcf, 0x8d, 0xa8, 0x2b, 0xbd, 0x49, 0x92,
+	0x6c, 0x8b, 0x22, 0xbb, 0x4b, 0xb7, 0x23, 0xd2, 0xf5, 0xc5, 0xed, 0x79, 0x5f, 0x5b, 0x94, 0x2c,
+	0x66, 0x66, 0x73, 0x48, 0x18, 0xf1, 0x90, 0x53, 0x36, 0xf8, 0x37, 0x53, 0x30, 0x99, 0xb0, 0x1d,
+	0x05, 0x22, 0xde, 0x64, 0xc6, 0x54, 0x07, 0x2c, 0xc5, 0xd8, 0x04, 0xa9, 0x77, 0xe1, 0xc1, 0xe4,
+	0x59, 0x77, 0x87, 0x06, 0x5d, 0xdb, 0x25, 0xf9, 0x79, 0x79, 0x8a, 0xc2, 0x6d, 0x4e, 0x55, 0xc1,
+	0xcb, 0x1c, 0x49, 0xf6, 0x4a, 0xba, 0x6b, 0xbb, 0x96, 0xf7, 0x4a, 0xce, 0xd1, 0x9a, 0x4d, 0xe0,
+	0x5f, 0xb2, 0xb5, 0x57, 0x45, 0x62, 0x12, 0x07, 0x9e, 0x83, 0x83, 0x2c, 0x62, 0xf4, 0xa9, 0xf8,
+	0x41, 0x04, 0x25, 0x7d, 0x5c, 0x19, 0x2c, 0xe5, 0x61, 0x64, 0x17, 0xe2, 0x2d, 0x38, 0x4c, 0xc2,
+	0xd0, 0x6e, 0xbb, 0xd4, 0x92, 0xbc, 0x0a, 0x53, 0xf3, 0x1a, 0x5c, 0x1a, 0x17, 0x54, 0xf8, 0x0c,
+	0xb1, 0xdf, 0x92, 0xd4, 0xbf, 0x8e, 0xe0, 0xf8, 0x48, 0x26, 0xc9, 0xb9, 0x42, 0x4a, 0x1e, 0xa9,
+	0x42, 0x39, 0x34, 0x3b, 0xd4, 0xea, 0x39, 0xf2, 0xaa, 0x90, 0xd0, 0xec, 0x37, 0xab, 0x17, 0xef,
+	0xbe, 0xc8, 0x63, 0x09, 0x8d, 0x4f, 0x01, 0x74, 0x89, 0xdb, 0x23, 0x0e, 0x87, 0xb0, 0xc0, 0x21,
+	0x28, 0x23, 0xfa, 0x0a, 0x54, 0x47, 0xb9, 0x8e, 0xa8, 0xde, 0xfd, 0x13, 0xc1, 0x21, 0x19, 0x72,
+	0xc5, 0xee, 0xd6, 0xe1, 0xb0, 0x62, 0x86, 0x5b, 0xe9, 0x46, 0x0f, 0x0e, 0x4f, 0x08, 0xa7, 0xd2,
+	0x4b, 0x8a, 0xd9, 0xf6, 0x49, 0x3f, 0xd3, 0x00, 0x99, 0x3a, 0xe1, 0xa2, 0x39, 0xbd, 0x0c, 0xbe,
+	0x06, 0xda, 0x4d, 0xe2, 0x92, 0x36, 0xb5, 0x12, 0xb5, 0x13, 0x17, 0xfb, 0xb2, 0x5a, 0x86, 0x9a,
+	0xb9, 0xe8, 0x93, 0x5c, 0xa2, 0xed, 0x9d, 0x1d, 0x59, 0xd2, 0x0a, 0xa0, 0xbc, 0x65, 0xbb, 0xbb,
+	0x9b, 0xee, 0x8e, 0xc7, 0x34, 0x8e, 0xec, 0xc8, 0x91, 0xd6, 0x8d, 0x09, 0x7c, 0x04, 0x8a, 0xbd,
+	0xc0, 0x11, 0x1e, 0xc0, 0x3e, 0x71, 0x0d, 0x2a, 0x16, 0x0d, 0xcd, 0xc0, 0xf6, 0xc5, 0xfe, 0xf3,
+	0x76, 0x80, 0x32, 0xc4, 0xf6, 0xc1, 0x36, 0x3d, 0x77, 0xc3, 0x21, 0x61, 0x28, 0xd3, 0x53, 0x32,
+	0xa0, 0x3f, 0x09, 0x07, 0x99, 0xcc, 0x54, 0xcd, 0x0b, 0x59, 0x35, 0x8f, 0x67, 0xe0, 0x4b, 0x78,
+	0x12, 0x31, 0x81, 0x07, 0xd8, 0xad, 0xe0, 0xaa, 0xef, 0x0b, 0x26, 0x53, 0x5e, 0x51, 0x8b, 0xa3,
+	0xb2, 0xeb, 0xc8, 0x2a, 0x78, 0xeb, 0xbd, 0x73, 0x80, 0xd5, 0x73, 0x42, 0x83, 0xbe, 0x6d, 0x52,
+	0xfc, 0x1d, 0x04, 0x0b, 0x4c, 0x34, 0x7e, 0x68, 0xdc, 0xb1, 0xe4, 0xfe, 0x5a, 0x9d, 0x5f, 0x89,
+	0x83, 0x49, 0xd3, 0x57, 0x5e, 0xff, 0xeb, 0xdf, 0xbf, 0x5b, 0x38, 0x81, 0x8f, 0xf1, 0xde, 0x67,
+	0xff, 0xb2, 0xda, 0x87, 0x0c, 0xf1, 0x1b, 0x08, 0xb0, 0xb8, 0x25, 0x29, 0xdd, 0x21, 0x7c, 0x61,
+	0x1c, 0xc4, 0x11, 0x5d, 0xa4, 0xea, 0x43, 0x4a, 0x56, 0x69, 0x98, 0x5e, 0x40, 0x59, 0x0e, 0xe1,
+	0x13, 0x38, 0x80, 0x55, 0x0e, 0xe0, 0x0c, 0xd6, 0x47, 0x01, 0x68, 0xbe, 0xca, 0x2c, 0xfa, 0x5a,
+	0x93, 0xc6, 0x72, 0xdf, 0x46, 0x50, 0xba, 0xcb, 0x5f, 0x87, 0x13, 0x8c, 0xb4, 0x3d, 0x37, 0x23,
+	0x71, 0x71, 0x1c, 0xad, 0x7e, 0x9a, 0x23, 0x7d, 0x08, 0x9f, 0x94, 0x48, 0xc3, 0x28, 0xa0, 0xa4,
+	0x9b, 0x01, 0x7c, 0x09, 0xe1, 0x77, 0x11, 0x2c, 0xc6, 0x6d, 0x01, 0x7c, 0x76, 0x1c, 0xca, 0x4c,
+	0xdb, 0xa0, 0x3a, 0xbf, 0x1a, 0xbb, 0xfe, 0x08, 0xc7, 0x78, 0x5a, 0x1f, 0xb9, 0x9d, 0xeb, 0x99,
+	0x0a, 0xfc, 0x5b, 0x08, 0x8a, 0x37, 0xe8, 0x44, 0x7f, 0x9b, 0x23, 0xb8, 0x21, 0x03, 0x8e, 0xd8,
+	0x6a, 0xfc, 0x0e, 0x82, 0x07, 0x6f, 0xd0, 0x68, 0x74, 0x7a, 0xc4, 0xf5, 0xc9, 0x39, 0x4b, 0xb8,
+	0xdd, 0x85, 0x29, 0x66, 0x26, 0x79, 0xa1, 0xc9, 0x91, 0x3d, 0x82, 0xcf, 0xe7, 0x39, 0x61, 0xb8,
+	0xe7, 0x9a, 0xaf, 0x08, 0x1c, 0x7f, 0x42, 0x70, 0x64, 0xb0, 0x0b, 0x8c, 0xf5, 0x81, 0x37, 0xca,
+	0x88, 0x26, 0x71, 0xf5, 0xd6, 0xac, 0x51, 0x36, 0xcb, 0x54, 0xbf, 0xca, 0x91, 0x3f, 0x81, 0x1f,
+	0xcf, 0x43, 0x9e, 0xd4, 0x58, 0x9b, 0xaf, 0xca, 0xcf, 0xd7, 0xf8, 0x3f, 0x16, 0x38, 0xec, 0x3f,
+	0x23, 0x38, 0x26, 0xf9, 0x6e, 0x74, 0x48, 0x10, 0x5d, 0xa3, 0xec, 0x86, 0x1d, 0x4e, 0xa5, 0xcf,
+	0x8c, 0x59, 0x43, 0x95, 0xa7, 0x5f, 0xe7, 0xba, 0x3c, 0x8d, 0x9f, 0xda, 0xb7, 0x2e, 0x26, 0x63,
+	0x63, 0x09, 0xd8, 0xef, 0x21, 0x38, 0x74, 0x83, 0x46, 0xcf, 0x6f, 0x6c, 0xee, 0x6b, 0x67, 0x66,
+	0x74, 0x74, 0x45, 0x9c, 0x7e, 0x8d, 0x2b, 0xf2, 0x69, 0xfc, 0xe4, 0xbe, 0x15, 0xf1, 0x4c, 0x3b,
+	0xd9, 0x97, 0xd7, 0x11, 0x1c, 0xb8, 0x41, 0xa3, 0x9b, 0x49, 0xbf, 0xe2, 0xec, 0x54, 0x3d, 0xd0,
+	0xea, 0x4a, 0x43, 0xf9, 0xc3, 0x87, 0xfc, 0x29, 0x71, 0xf5, 0x35, 0x8e, 0xed, 0x3c, 0x3e, 0x9b,
+	0x87, 0x2d, 0xed, 0x91, 0xbc, 0x8d, 0xe0, 0xb8, 0x0a, 0x22, 0xed, 0x1d, 0x7f, 0x72, 0x7f, 0x1d,
+	0x59, 0xd1, 0xd7, 0x9d, 0x80, 0xae, 0xc5, 0xd1, 0x5d, 0xd4, 0x47, 0x1f, 0xc4, 0xee, 0x10, 0x8a,
+	0x75, 0xb4, 0x5a, 0x47, 0xf8, 0xf7, 0x08, 0x16, 0xe3, 0x76, 0xc1, 0x78, 0x1b, 0x65, 0x7a, 0x9d,
+	0xf3, 0x8c, 0x6a, 0xc2, 0x6b, 0xab, 0x97, 0x46, 0x1b, 0x54, 0x5d, 0x2f, 0xb7, 0xb6, 0xc1, 0xad,
+	0x9c, 0x0d, 0xc7, 0xbf, 0x42, 0x00, 0x69, 0xcb, 0x03, 0x3f, 0x92, 0xaf, 0x87, 0xd2, 0x16, 0xa9,
+	0xce, 0xb7, 0xe9, 0xa1, 0x37, 0xb8, 0x3e, 0xf5, 0x6a, 0x2d, 0x37, 0x16, 0xfa, 0xd4, 0x5c, 0x8f,
+	0xdb, 0x23, 0x3f, 0x46, 0x50, 0xe2, 0x95, 0x66, 0x7c, 0x66, 0x1c, 0x66, 0xb5, 0x10, 0x3d, 0x4f,
+	0xd3, 0x9f, 0xe3, 0x50, 0x6b, 0xad, 0xbc, 0x84, 0xb2, 0x8e, 0x56, 0x71, 0x1f, 0x16, 0xe3, 0xda,
+	0xee, 0x78, 0xf7, 0xc8, 0xd4, 0x7e, 0xab, 0xb5, 0x9c, 0x0b, 0x4e, 0xec, 0xa8, 0x22, 0x97, 0xad,
+	0x4e, 0xca, 0x65, 0x0b, 0x2c, 0xdd, 0xe0, 0xd3, 0x79, 0xc9, 0xe8, 0xbf, 0x60, 0x98, 0x0b, 0x1c,
+	0xdd, 0x59, 0xbd, 0x36, 0x29, 0x9f, 0x31, 0xeb, 0x7c, 0x0f, 0xc1, 0x91, 0xc1, 0x47, 0x02, 0x3e,
+	0x39, 0xb2, 0xde, 0x26, 0x72, 0x6b, 0xd6, 0x8a, 0xe3, 0x1e, 0x18, 0xfa, 0x67, 0x38, 0x8a, 0x75,
+	0xfc, 0xd8, 0xc4, 0x93, 0x71, 0x4b, 0x46, 0x1d, 0xc6, 0x68, 0x2d, 0xed, 0xdf, 0xfe, 0x1a, 0xc1,
+	0x01, 0xc9, 0xf7, 0x4e, 0x40, 0x69, 0x3e, 0xac, 0xf9, 0x1d, 0x04, 0x26, 0x4b, 0x7f, 0x92, 0xc3,
+	0xff, 0x14, 0xbe, 0x32, 0x25, 0x7c, 0x09, 0x7b, 0x2d, 0x62, 0x48, 0xff, 0x80, 0xe0, 0xe8, 0xdd,
+	0xd8, 0xef, 0x3f, 0x26, 0xfc, 0x1b, 0x1c, 0xff, 0x53, 0xf8, 0x89, 0x9c, 0xfb, 0xea, 0x24, 0x35,
+	0x2e, 0x21, 0xfc, 0x0b, 0x04, 0x65, 0xd9, 0xf7, 0xc3, 0xe7, 0xc7, 0x1e, 0x8c, 0x6c, 0x67, 0x70,
+	0x9e, 0xce, 0x2c, 0x2e, 0x67, 0xfa, 0x99, 0xdc, 0x6c, 0x2a, 0xe4, 0x33, 0x87, 0x7e, 0x0b, 0x01,
+	0x4e, 0xde, 0xfe, 0x49, 0x35, 0x00, 0x9f, 0xcb, 0x88, 0x1a, 0x5b, 0x60, 0xaa, 0x9e, 0x9f, 0x38,
+	0x2f, 0x9b, 0x4a, 0x57, 0x73, 0x53, 0xa9, 0x97, 0xc8, 0x7f, 0x13, 0x41, 0xe5, 0x06, 0x4d, 0xde,
+	0x52, 0x39, 0xb6, 0xcc, 0xb6, 0x2d, 0xab, 0xf5, 0xc9, 0x13, 0x05, 0xa2, 0x8b, 0x1c, 0xd1, 0x39,
+	0x9c, 0x6f, 0x2a, 0x09, 0xe0, 0xfb, 0x08, 0x0e, 0xde, 0x56, 0x5d, 0x14, 0x5f, 0x9c, 0x24, 0x29,
+	0x13, 0xc9, 0xa7, 0xc7, 0xf5, 0x28, 0xc7, 0xb5, 0xa6, 0x4f, 0x85, 0x6b, 0x5d, 0x74, 0x00, 0x7f,
+	0x88, 0xe2, 0xc7, 0xf8, 0x40, 0xd5, 0xfe, 0x3f, 0xb5, 0x5b, 0x4e, 0xf1, 0x5f, 0xbf, 0xc2, 0xf1,
+	0x35, 0xf0, 0xc5, 0x69, 0xf0, 0x35, 0x45, 0x29, 0x1f, 0xff, 0x00, 0xc1, 0x51, 0xde, 0xb6, 0x51,
+	0x19, 0xe3, 0xbc, 0x4e, 0x45, 0xda, 0xe4, 0x99, 0x22, 0xc5, 0x3c, 0x1d, 0xc7, 0x1f, 0x7d, 0x5f,
+	0xa0, 0xd6, 0x45, 0x43, 0xe6, 0x9b, 0x05, 0xc4, 0xf6, 0xf7, 0x81, 0x21, 0x7c, 0x2f, 0xb6, 0x06,
+	0x0c, 0x38, 0xbe, 0x0d, 0x35, 0x05, 0xc6, 0x75, 0x8e, 0xf1, 0x8a, 0xde, 0xdc, 0x0f, 0xc6, 0x66,
+	0xbf, 0xc5, 0x8e, 0xe9, 0xb7, 0x10, 0x1c, 0x92, 0x69, 0x57, 0xf8, 0xdf, 0xda, 0xa4, 0xad, 0xdd,
+	0x6f, 0x9a, 0x16, 0x07, 0x62, 0x75, 0xba, 0x03, 0xf1, 0x2e, 0x82, 0x25, 0xd1, 0x55, 0xc9, 0xb9,
+	0xcc, 0x28, 0x6d, 0x97, 0xea, 0x40, 0x35, 0x49, 0x94, 0xdd, 0xf5, 0x2f, 0x72, 0xb1, 0x2f, 0xe0,
+	0x5c, 0xb3, 0xf8, 0x9e, 0x15, 0x36, 0x5f, 0x15, 0x35, 0xef, 0xd7, 0x9a, 0x8e, 0xd7, 0x0e, 0x5f,
+	0xd2, 0x71, 0x6e, 0xca, 0x66, 0x73, 0x2e, 0x21, 0x1c, 0xc1, 0x32, 0x73, 0x5f, 0x5e, 0xa2, 0xc2,
+	0xb5, 0x81, 0x82, 0xd6, 0x50, 0xf5, 0xaa, 0x5a, 0x1d, 0x2a, 0x79, 0xa5, 0x39, 0x5a, 0x14, 0x0c,
+	0xf0, 0xc3, 0xb9, 0x62, 0xb9, 0xa0, 0x37, 0x10, 0x1c, 0x55, 0xcf, 0x63, 0x2c, 0x7e, 0xea, 0xd3,
+	0x98, 0x87, 0x42, 0x5c, 0xfb, 0xf1, 0xea, 0x54, 0x6e, 0xc4, 0xe1, 0x3c, 0xf3, 0xec, 0x1f, 0x3f,
+	0x38, 0x85, 0xde, 0xff, 0xe0, 0x14, 0xfa, 0xdb, 0x07, 0xa7, 0xd0, 0x4b, 0x8f, 0x4d, 0xf7, 0x3f,
+	0x7b, 0xd3, 0xb1, 0xa9, 0x1b, 0xa9, 0xec, 0xff, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x81, 0x66, 0x91,
+	0xb9, 0x4d, 0x30, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -3155,8 +3274,13 @@ type ApplicationServiceClient interface {
 	PatchResource(ctx context.Context, in *ApplicationResourcePatchRequest, opts ...grpc.CallOption) (*ApplicationResourceResponse, error)
 	// ListResourceActions returns list of resource actions
 	ListResourceActions(ctx context.Context, in *ApplicationResourceRequest, opts ...grpc.CallOption) (*ResourceActionsListResponse, error)
-	// RunResourceAction run resource action
+	// RunResourceAction runs a resource action
+	//
+	// Deprecated: use RunResourceActionV2 instead. This version does not support resource action parameters but is
+	// maintained for backward compatibility. It will be removed in a future release.
 	RunResourceAction(ctx context.Context, in *ResourceActionRunRequest, opts ...grpc.CallOption) (*ApplicationResponse, error)
+	// RunResourceActionV2 runs a resource action with parameters
+	RunResourceActionV2(ctx context.Context, in *ResourceActionRunRequestV2, opts ...grpc.CallOption) (*ApplicationResponse, error)
 	// DeleteResource deletes a single application resource
 	DeleteResource(ctx context.Context, in *ApplicationResourceDeleteRequest, opts ...grpc.CallOption) (*ApplicationResponse, error)
 	// PodLogs returns stream of log entries for the specified pod. Pod
@@ -3462,6 +3586,7 @@ func (c *applicationServiceClient) ListResourceActions(ctx context.Context, in *
 	return out, nil
 }
 
+// Deprecated: Do not use.
 func (c *applicationServiceClient) RunResourceAction(ctx context.Context, in *ResourceActionRunRequest, opts ...grpc.CallOption) (*ApplicationResponse, error) {
 	out := new(ApplicationResponse)
 	err := c.cc.Invoke(ctx, "/application.ApplicationService/RunResourceAction", in, out, opts...)
@@ -3471,6 +3596,15 @@ func (c *applicationServiceClient) RunResourceAction(ctx context.Context, in *Re
 	return out, nil
 }
 
+func (c *applicationServiceClient) RunResourceActionV2(ctx context.Context, in *ResourceActionRunRequestV2, opts ...grpc.CallOption) (*ApplicationResponse, error) {
+	out := new(ApplicationResponse)
+	err := c.cc.Invoke(ctx, "/application.ApplicationService/RunResourceActionV2", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 func (c *applicationServiceClient) DeleteResource(ctx context.Context, in *ApplicationResourceDeleteRequest, opts ...grpc.CallOption) (*ApplicationResponse, error) {
 	out := new(ApplicationResponse)
 	err := c.cc.Invoke(ctx, "/application.ApplicationService/DeleteResource", in, out, opts...)
@@ -3580,8 +3714,13 @@ type ApplicationServiceServer interface {
 	PatchResource(context.Context, *ApplicationResourcePatchRequest) (*ApplicationResourceResponse, error)
 	// ListResourceActions returns list of resource actions
 	ListResourceActions(context.Context, *ApplicationResourceRequest) (*ResourceActionsListResponse, error)
-	// RunResourceAction run resource action
+	// RunResourceAction runs a resource action
+	//
+	// Deprecated: use RunResourceActionV2 instead. This version does not support resource action parameters but is
+	// maintained for backward compatibility. It will be removed in a future release.
 	RunResourceAction(context.Context, *ResourceActionRunRequest) (*ApplicationResponse, error)
+	// RunResourceActionV2 runs a resource action with parameters
+	RunResourceActionV2(context.Context, *ResourceActionRunRequestV2) (*ApplicationResponse, error)
 	// DeleteResource deletes a single application resource
 	DeleteResource(context.Context, *ApplicationResourceDeleteRequest) (*ApplicationResponse, error)
 	// PodLogs returns stream of log entries for the specified pod. Pod
@@ -3671,6 +3810,9 @@ func (*UnimplementedApplicationServiceServer) ListResourceActions(ctx context.Co
 func (*UnimplementedApplicationServiceServer) RunResourceAction(ctx context.Context, req *ResourceActionRunRequest) (*ApplicationResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method RunResourceAction not implemented")
 }
+func (*UnimplementedApplicationServiceServer) RunResourceActionV2(ctx context.Context, req *ResourceActionRunRequestV2) (*ApplicationResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RunResourceActionV2 not implemented")
+}
 func (*UnimplementedApplicationServiceServer) DeleteResource(ctx context.Context, req *ApplicationResourceDeleteRequest) (*ApplicationResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DeleteResource not implemented")
 }
@@ -4152,6 +4294,24 @@ func _ApplicationService_RunResourceAction_Handler(srv interface{}, ctx context.
 	return interceptor(ctx, in, info, handler)
 }
 
+func _ApplicationService_RunResourceActionV2_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ResourceActionRunRequestV2)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ApplicationServiceServer).RunResourceActionV2(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/application.ApplicationService/RunResourceActionV2",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ApplicationServiceServer).RunResourceActionV2(ctx, req.(*ResourceActionRunRequestV2))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 func _ApplicationService_DeleteResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ApplicationResourceDeleteRequest)
 	if err := dec(in); err != nil {
@@ -4319,6 +4479,10 @@ var _ApplicationService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "RunResourceAction",
 			Handler:    _ApplicationService_RunResourceAction_Handler,
 		},
+		{
+			MethodName: "RunResourceActionV2",
+			Handler:    _ApplicationService_RunResourceActionV2_Handler,
+		},
 		{
 			MethodName: "DeleteResource",
 			Handler:    _ApplicationService_DeleteResource_Handler,
@@ -5885,20 +6049,6 @@ func (m *ResourceActionRunRequest) MarshalToSizedBuffer(dAtA []byte) (int, error
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.ResourceActionParameters) > 0 {
-		for iNdEx := len(m.ResourceActionParameters) - 1; iNdEx >= 0; iNdEx-- {
-			{
-				size, err := m.ResourceActionParameters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
-				if err != nil {
-					return 0, err
-				}
-				i -= size
-				i = encodeVarintApplication(dAtA, i, uint64(size))
-			}
-			i--
-			dAtA[i] = 0x52
-		}
-	}
 	if m.Project != nil {
 		i -= len(*m.Project)
 		copy(dAtA[i:], *m.Project)
@@ -5975,7 +6125,7 @@ func (m *ResourceActionRunRequest) MarshalToSizedBuffer(dAtA []byte) (int, error
 	return len(dAtA) - i, nil
 }
 
-func (m *ResourceActionsListResponse) Marshal() (dAtA []byte, err error) {
+func (m *ResourceActionRunRequestV2) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalToSizedBuffer(dAtA[:size])
@@ -5985,12 +6135,12 @@ func (m *ResourceActionsListResponse) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }
 
-func (m *ResourceActionsListResponse) MarshalTo(dAtA []byte) (int, error) {
+func (m *ResourceActionRunRequestV2) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
 }
 
-func (m *ResourceActionsListResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+func (m *ResourceActionRunRequestV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	i := len(dAtA)
 	_ = i
 	var l int
@@ -5999,10 +6149,10 @@ func (m *ResourceActionsListResponse) MarshalToSizedBuffer(dAtA []byte) (int, er
 		i -= len(m.XXX_unrecognized)
 		copy(dAtA[i:], m.XXX_unrecognized)
 	}
-	if len(m.Actions) > 0 {
-		for iNdEx := len(m.Actions) - 1; iNdEx >= 0; iNdEx-- {
+	if len(m.ResourceActionParameters) > 0 {
+		for iNdEx := len(m.ResourceActionParameters) - 1; iNdEx >= 0; iNdEx-- {
 			{
-				size, err := m.Actions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				size, err := m.ResourceActionParameters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
 				if err != nil {
 					return 0, err
 				}
@@ -6010,58 +6160,172 @@ func (m *ResourceActionsListResponse) MarshalToSizedBuffer(dAtA []byte) (int, er
 				i = encodeVarintApplication(dAtA, i, uint64(size))
 			}
 			i--
-			dAtA[i] = 0xa
+			dAtA[i] = 0x52
 		}
 	}
-	return len(dAtA) - i, nil
-}
-
-func (m *ApplicationResourceResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
+	if m.Project != nil {
+		i -= len(*m.Project)
+		copy(dAtA[i:], *m.Project)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project)))
+		i--
+		dAtA[i] = 0x4a
 	}
-	return dAtA[:n], nil
-}
-
-func (m *ApplicationResourceResponse) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *ApplicationResourceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	if m.XXX_unrecognized != nil {
-		i -= len(m.XXX_unrecognized)
-		copy(dAtA[i:], m.XXX_unrecognized)
+	if m.AppNamespace != nil {
+		i -= len(*m.AppNamespace)
+		copy(dAtA[i:], *m.AppNamespace)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.AppNamespace)))
+		i--
+		dAtA[i] = 0x42
 	}
-	if m.Manifest == nil {
-		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("manifest")
+	if m.Action == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("action")
 	} else {
-		i -= len(*m.Manifest)
-		copy(dAtA[i:], *m.Manifest)
-		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Manifest)))
+		i -= len(*m.Action)
+		copy(dAtA[i:], *m.Action)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Action)))
 		i--
-		dAtA[i] = 0xa
+		dAtA[i] = 0x3a
 	}
-	return len(dAtA) - i, nil
-}
-
-func (m *ApplicationPodLogsQuery) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
+	if m.Kind == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("kind")
+	} else {
+		i -= len(*m.Kind)
+		copy(dAtA[i:], *m.Kind)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Kind)))
+		i--
+		dAtA[i] = 0x32
 	}
-	return dAtA[:n], nil
-}
-
+	if m.Group != nil {
+		i -= len(*m.Group)
+		copy(dAtA[i:], *m.Group)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Group)))
+		i--
+		dAtA[i] = 0x2a
+	}
+	if m.Version == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("version")
+	} else {
+		i -= len(*m.Version)
+		copy(dAtA[i:], *m.Version)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Version)))
+		i--
+		dAtA[i] = 0x22
+	}
+	if m.ResourceName == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("resourceName")
+	} else {
+		i -= len(*m.ResourceName)
+		copy(dAtA[i:], *m.ResourceName)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.ResourceName)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.Namespace != nil {
+		i -= len(*m.Namespace)
+		copy(dAtA[i:], *m.Namespace)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Namespace)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.Name == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("name")
+	} else {
+		i -= len(*m.Name)
+		copy(dAtA[i:], *m.Name)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Name)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ResourceActionsListResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ResourceActionsListResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ResourceActionsListResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.Actions) > 0 {
+		for iNdEx := len(m.Actions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Actions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApplication(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ApplicationResourceResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ApplicationResourceResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ApplicationResourceResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Manifest == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("manifest")
+	} else {
+		i -= len(*m.Manifest)
+		copy(dAtA[i:], *m.Manifest)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Manifest)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ApplicationPodLogsQuery) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
 func (m *ApplicationPodLogsQuery) MarshalTo(dAtA []byte) (int, error) {
 	size := m.Size()
 	return m.MarshalToSizedBuffer(dAtA[:size])
@@ -7545,6 +7809,54 @@ func (m *ResourceActionParameters) Size() (n int) {
 }
 
 func (m *ResourceActionRunRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Name != nil {
+		l = len(*m.Name)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Namespace != nil {
+		l = len(*m.Namespace)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.ResourceName != nil {
+		l = len(*m.ResourceName)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Version != nil {
+		l = len(*m.Version)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Group != nil {
+		l = len(*m.Group)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Kind != nil {
+		l = len(*m.Kind)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Action != nil {
+		l = len(*m.Action)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.AppNamespace != nil {
+		l = len(*m.AppNamespace)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Project != nil {
+		l = len(*m.Project)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ResourceActionRunRequestV2) Size() (n int) {
 	if m == nil {
 		return 0
 	}
@@ -13010,6 +13322,375 @@ func (m *ResourceActionRunRequest) Unmarshal(dAtA []byte) error {
 			s := string(dAtA[iNdEx:postIndex])
 			m.Project = &s
 			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApplication(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+	if hasFields[0]&uint64(0x00000001) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("name")
+	}
+	if hasFields[0]&uint64(0x00000002) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("resourceName")
+	}
+	if hasFields[0]&uint64(0x00000004) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("version")
+	}
+	if hasFields[0]&uint64(0x00000008) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("kind")
+	}
+	if hasFields[0]&uint64(0x00000010) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("action")
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ResourceActionRunRequestV2) Unmarshal(dAtA []byte) error {
+	var hasFields [1]uint64
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApplication
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ResourceActionRunRequestV2: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ResourceActionRunRequestV2: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Name = &s
+			iNdEx = postIndex
+			hasFields[0] |= uint64(0x00000001)
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Namespace = &s
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.ResourceName = &s
+			iNdEx = postIndex
+			hasFields[0] |= uint64(0x00000002)
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Version = &s
+			iNdEx = postIndex
+			hasFields[0] |= uint64(0x00000004)
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Group = &s
+			iNdEx = postIndex
+		case 6:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Kind = &s
+			iNdEx = postIndex
+			hasFields[0] |= uint64(0x00000008)
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Action = &s
+			iNdEx = postIndex
+			hasFields[0] |= uint64(0x00000010)
+		case 8:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AppNamespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.AppNamespace = &s
+			iNdEx = postIndex
+		case 9:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Project = &s
+			iNdEx = postIndex
 		case 10:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field ResourceActionParameters", wireType)
diff --git a/pkg/apiclient/application/application.pb.gw.go b/pkg/apiclient/application/application.pb.gw.go
index e302d60d03ee6..80c8dec506be6 100644
--- a/pkg/apiclient/application/application.pb.gw.go
+++ b/pkg/apiclient/application/application.pb.gw.go
@@ -1715,6 +1715,10 @@ func local_request_ApplicationService_ListResourceActions_0(ctx context.Context,
 
 }
 
+var (
+	filter_ApplicationService_RunResourceAction_0 = &utilities.DoubleArray{Encoding: map[string]int{"action": 0, "name": 1}, Base: []int{1, 1, 2, 0, 0}, Check: []int{0, 1, 1, 2, 3}}
+)
+
 func request_ApplicationService_RunResourceAction_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq ResourceActionRunRequest
 	var metadata runtime.ServerMetadata
@@ -1723,7 +1727,7 @@ func request_ApplicationService_RunResourceAction_0(ctx context.Context, marshal
 	if berr != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
 	}
-	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Action); err != nil && err != io.EOF {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 
@@ -1745,6 +1749,13 @@ func request_ApplicationService_RunResourceAction_0(ctx context.Context, marshal
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err)
 	}
 
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationService_RunResourceAction_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
 	msg, err := client.RunResourceAction(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 
@@ -1758,7 +1769,7 @@ func local_request_ApplicationService_RunResourceAction_0(ctx context.Context, m
 	if berr != nil {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
 	}
-	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.Action); err != nil && err != io.EOF {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
 
@@ -1780,11 +1791,88 @@ func local_request_ApplicationService_RunResourceAction_0(ctx context.Context, m
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err)
 	}
 
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationService_RunResourceAction_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
 	msg, err := server.RunResourceAction(ctx, &protoReq)
 	return msg, metadata, err
 
 }
 
+func request_ApplicationService_RunResourceActionV2_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq ResourceActionRunRequestV2
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["name"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name")
+	}
+
+	protoReq.Name, err = runtime.StringP(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err)
+	}
+
+	msg, err := client.RunResourceActionV2(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_ApplicationService_RunResourceActionV2_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq ResourceActionRunRequestV2
+	var metadata runtime.ServerMetadata
+
+	newReader, berr := utilities.IOReaderFactory(req.Body)
+	if berr != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
+	}
+	if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["name"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name")
+	}
+
+	protoReq.Name, err = runtime.StringP(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err)
+	}
+
+	msg, err := server.RunResourceActionV2(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
 var (
 	filter_ApplicationService_DeleteResource_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
 )
@@ -2637,6 +2725,29 @@ func RegisterApplicationServiceHandlerServer(ctx context.Context, mux *runtime.S
 
 	})
 
+	mux.Handle("POST", pattern_ApplicationService_RunResourceActionV2_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_ApplicationService_RunResourceActionV2_0(rctx, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_ApplicationService_RunResourceActionV2_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	mux.Handle("DELETE", pattern_ApplicationService_DeleteResource_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -3261,6 +3372,26 @@ func RegisterApplicationServiceHandlerClient(ctx context.Context, mux *runtime.S
 
 	})
 
+	mux.Handle("POST", pattern_ApplicationService_RunResourceActionV2_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_ApplicationService_RunResourceActionV2_0(rctx, inboundMarshaler, client, req, pathParams)
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_ApplicationService_RunResourceActionV2_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	mux.Handle("DELETE", pattern_ApplicationService_DeleteResource_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -3415,6 +3546,8 @@ var (
 
 	pattern_ApplicationService_RunResourceAction_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 2, 5}, []string{"api", "v1", "applications", "name", "resource", "actions"}, "", runtime.AssumeColonVerbOpt(true)))
 
+	pattern_ApplicationService_RunResourceActionV2_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 2, 5, 2, 6}, []string{"api", "v1", "applications", "name", "resource", "actions", "v2"}, "", runtime.AssumeColonVerbOpt(true)))
+
 	pattern_ApplicationService_DeleteResource_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applications", "name", "resource"}, "", runtime.AssumeColonVerbOpt(true)))
 
 	pattern_ApplicationService_PodLogs_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"api", "v1", "applications", "name", "pods", "podName", "logs"}, "", runtime.AssumeColonVerbOpt(true)))
@@ -3477,6 +3610,8 @@ var (
 
 	forward_ApplicationService_RunResourceAction_0 = runtime.ForwardResponseMessage
 
+	forward_ApplicationService_RunResourceActionV2_0 = runtime.ForwardResponseMessage
+
 	forward_ApplicationService_DeleteResource_0 = runtime.ForwardResponseMessage
 
 	forward_ApplicationService_PodLogs_0 = runtime.ForwardResponseStream
diff --git a/server/application/application.go b/server/application/application.go
index 29944e644a1f1..4285d791329d2 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -2497,7 +2497,32 @@ func (s *Server) getAvailableActions(resourceOverrides map[string]v1alpha1.Resou
 	return availableActions, nil
 }
 
+// RunResourceAction runs a resource action on a live resource
+//
+// Deprecated: use RunResourceActionV2 instead. This version does not support resource action parameters but is
+// maintained for backward compatibility. It will be removed in a future release.
 func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceActionRunRequest) (*application.ApplicationResponse, error) {
+	log.WithFields(log.Fields{
+		"action":        q.Action,
+		"application":   q.Name,
+		"app-namespace": q.AppNamespace,
+		"project":       q.Project,
+		"user":          session.Username(ctx),
+	}).Warn("RunResourceAction was called. RunResourceAction is deprecated and will be removed in a future release. Use RunResourceActionV2 instead.")
+	qV2 := &application.ResourceActionRunRequestV2{
+		Name:         q.Name,
+		AppNamespace: q.AppNamespace,
+		Namespace:    q.Namespace,
+		ResourceName: q.ResourceName,
+		Kind:         q.Kind,
+		Version:      q.Version,
+		Group:        q.Group,
+		Project:      q.Project,
+	}
+	return s.RunResourceActionV2(ctx, qV2)
+}
+
+func (s *Server) RunResourceActionV2(ctx context.Context, q *application.ResourceActionRunRequestV2) (*application.ApplicationResponse, error) {
 	resourceRequest := &application.ApplicationResourceRequest{
 		Name:         q.Name,
 		AppNamespace: q.AppNamespace,
diff --git a/server/application/application.proto b/server/application/application.proto
index 7cd69c3d40b2b..6cbfd77687774 100644
--- a/server/application/application.proto
+++ b/server/application/application.proto
@@ -208,7 +208,22 @@ message ResourceActionParameters {
 	required string value = 2;
 }
 
+// ResourceActionRunRequest is a request to run a resource action.
+// This message is deprecated and replaced by ResourceActionRunRequestV2.
 message ResourceActionRunRequest {
+	option deprecated = true;
+	required string name = 1;
+	optional string namespace = 2;
+	required string resourceName = 3;
+	required string version = 4;
+	optional string group = 5;
+	required string kind = 6;
+	required string action = 7;
+	optional string appNamespace = 8;
+	optional string project = 9;
+}
+
+message ResourceActionRunRequestV2 {
 	required string name = 1;
 	optional string namespace = 2;
 	required string resourceName = 3;
@@ -470,10 +485,22 @@ service ApplicationService {
 		option (google.api.http).get = "/api/v1/applications/{name}/resource/actions";
 	}
 
-	// RunResourceAction run resource action
+	// RunResourceAction runs a resource action
+	//
+	// Deprecated: use RunResourceActionV2 instead. This version does not support resource action parameters but is
+	// maintained for backward compatibility. It will be removed in a future release.
 	rpc RunResourceAction(ResourceActionRunRequest) returns (ApplicationResponse) {
+		option deprecated = true;
 		option (google.api.http) = {
 			post: "/api/v1/applications/{name}/resource/actions"
+			body: "action"
+		};
+	}
+
+	// RunResourceActionV2 runs a resource action with parameters
+	rpc RunResourceActionV2(ResourceActionRunRequestV2) returns (ApplicationResponse) {
+		option (google.api.http) = {
+			post: "/api/v1/applications/{name}/resource/actions/v2"
 			body: "*"
 		};
 	}
diff --git a/server/application/application_test.go b/server/application/application_test.go
index 56a9718975262..006ebb88e137e 100644
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -989,15 +989,15 @@ func TestNoAppEnumeration(t *testing.T) {
 	})
 
 	t.Run("RunResourceAction", func(t *testing.T) {
-		_, err := appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Action: ptr.To("restart")})
+		_, err := appServer.RunResourceActionV2(adminCtx, &application.ResourceActionRunRequestV2{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Action: ptr.To("restart")})
 		require.NoError(t, err)
-		_, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Name: ptr.To("test")})
+		_, err = appServer.RunResourceActionV2(noRoleCtx, &application.ResourceActionRunRequestV2{Name: ptr.To("test")})
 		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
-		_, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")})
+		_, err = appServer.RunResourceActionV2(noRoleCtx, &application.ResourceActionRunRequestV2{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")})
 		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
-		_, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist")})
+		_, err = appServer.RunResourceActionV2(adminCtx, &application.ResourceActionRunRequestV2{Name: ptr.To("doest-not-exist")})
 		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
-		_, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")})
+		_, err = appServer.RunResourceActionV2(adminCtx, &application.ResourceActionRunRequestV2{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")})
 		assert.EqualError(t, err, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", "when the request specifies a project, we can return the standard k8s error message")
 	})
 
@@ -2536,7 +2536,7 @@ func TestRunNewStyleResourceAction(t *testing.T) {
 		err := appStateCache.SetAppResourcesTree(testApp.Name, &v1alpha1.ApplicationTree{Nodes: nodes})
 		require.NoError(t, err)
 
-		appResponse, runErr := appServer.RunResourceAction(t.Context(), &application.ResourceActionRunRequest{
+		appResponse, runErr := appServer.RunResourceActionV2(t.Context(), &application.ResourceActionRunRequestV2{
 			Name:         &testApp.Name,
 			Namespace:    &namespace,
 			Action:       &action,
@@ -2562,7 +2562,7 @@ func TestRunNewStyleResourceAction(t *testing.T) {
 		err := appStateCache.SetAppResourcesTree(testApp.Name, &v1alpha1.ApplicationTree{Nodes: nodes})
 		require.NoError(t, err)
 
-		appResponse, runErr := appServer.RunResourceAction(t.Context(), &application.ResourceActionRunRequest{
+		appResponse, runErr := appServer.RunResourceActionV2(t.Context(), &application.ResourceActionRunRequestV2{
 			Name:         &testApp.Name,
 			Namespace:    &namespace,
 			Action:       &action,
@@ -2633,7 +2633,7 @@ func TestRunOldStyleResourceAction(t *testing.T) {
 		err := appStateCache.SetAppResourcesTree(testApp.Name, &v1alpha1.ApplicationTree{Nodes: nodes})
 		require.NoError(t, err)
 
-		appResponse, runErr := appServer.RunResourceAction(t.Context(), &application.ResourceActionRunRequest{
+		appResponse, runErr := appServer.RunResourceActionV2(t.Context(), &application.ResourceActionRunRequestV2{
 			Name:         &testApp.Name,
 			Namespace:    &namespace,
 			Action:       &action,
diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go
index ad81a35150cd3..f28ede2660c7b 100644
--- a/test/e2e/app_management_ns_test.go
+++ b/test/e2e/app_management_ns_test.go
@@ -875,7 +875,7 @@ func TestNamespacedResourceAction(t *testing.T) {
 			require.NoError(t, err)
 			assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions)
 
-			_, err = client.RunResourceAction(t.Context(), &applicationpkg.ResourceActionRunRequest{
+			_, err = client.RunResourceActionV2(t.Context(), &applicationpkg.ResourceActionRunRequestV2{
 				Name:         &app.Name,
 				Group:        ptr.To("apps"),
 				Kind:         ptr.To("Deployment"),
@@ -1076,7 +1076,7 @@ func assertNSResourceActions(t *testing.T, appName string, successful bool) {
 	})
 	assertError(err, expectedError)
 
-	_, err = cdClient.RunResourceAction(t.Context(), &applicationpkg.ResourceActionRunRequest{
+	_, err = cdClient.RunResourceActionV2(t.Context(), &applicationpkg.ResourceActionRunRequestV2{
 		Name:         &appName,
 		AppNamespace: ptr.To(fixture.AppNamespace()),
 		ResourceName: ptr.To("guestbook-ui"),
diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go
index 0c6b97e6bb780..6d4ff14849965 100644
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@@ -1086,7 +1086,7 @@ func TestOldStyleResourceAction(t *testing.T) {
 			require.NoError(t, err)
 			assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions)
 
-			_, err = client.RunResourceAction(t.Context(), &applicationpkg.ResourceActionRunRequest{
+			_, err = client.RunResourceActionV2(t.Context(), &applicationpkg.ResourceActionRunRequestV2{
 				Name:         &app.Name,
 				Group:        ptr.To("apps"),
 				Kind:         ptr.To("Deployment"),
@@ -1192,7 +1192,7 @@ func TestNewStyleResourceActionPermitted(t *testing.T) {
 			require.NoError(t, err)
 			assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions)
 
-			_, err = client.RunResourceAction(t.Context(), &applicationpkg.ResourceActionRunRequest{
+			_, err = client.RunResourceActionV2(t.Context(), &applicationpkg.ResourceActionRunRequestV2{
 				Name:         &app.Name,
 				Group:        ptr.To("batch"),
 				Kind:         ptr.To("CronJob"),
@@ -1304,7 +1304,7 @@ func TestNewStyleResourceActionMixedOk(t *testing.T) {
 			require.NoError(t, err)
 			assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions)
 
-			_, err = client.RunResourceAction(t.Context(), &applicationpkg.ResourceActionRunRequest{
+			_, err = client.RunResourceActionV2(t.Context(), &applicationpkg.ResourceActionRunRequestV2{
 				Name:         &app.Name,
 				Group:        ptr.To("batch"),
 				Kind:         ptr.To("CronJob"),
@@ -1507,7 +1507,7 @@ func assertResourceActions(t *testing.T, appName string, successful bool) {
 	})
 	assertError(err, expectedError)
 
-	_, err = cdClient.RunResourceAction(t.Context(), &applicationpkg.ResourceActionRunRequest{
+	_, err = cdClient.RunResourceActionV2(t.Context(), &applicationpkg.ResourceActionRunRequestV2{
 		Name:         &appName,
 		ResourceName: ptr.To("guestbook-ui"),
 		Namespace:    ptr.To(fixture.DeploymentNamespace()),
diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts
index 6f5544ca6c474..6d05369b310a9 100644
--- a/ui/src/app/shared/services/applications-service.ts
+++ b/ui/src/app/shared/services/applications-service.ts
@@ -347,7 +347,7 @@ export class ApplicationsService {
         resourceActionParameters: models.ResourceActionParam[]
     ): Promise<models.ResourceAction[]> {
         return requests
-            .post(`/applications/${name}/resource/actions`)
+            .post(`/applications/${name}/resource/actions/v2`)
             .send(
                 JSON.stringify({
                     appNamespace,

From 755ea737a4063aaaf5768c109969e377af5eaa5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Jul 2025 10:48:14 -0400
Subject: [PATCH 107/383] chore(deps): bump library/golang from 1.24.4 to
 1.24.5 in /test/remote (#23699)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/remote/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index a1989a6eed9a1..b5c48c06d93f9 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
-FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS go
+FROM docker.io/library/golang:1.24.5@sha256:a9219eb99cd2951b042985dbec09d508b3ddc20c4da52a3a55b275b3779e4a05 AS go
 
 RUN go install github.com/mattn/goreman@latest && \
     go install github.com/kisielk/godepgraph@latest

From efb98fbe7c552aca4edd412bdebe0d8ae39b6858 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Jul 2025 15:33:06 +0000
Subject: [PATCH 108/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.133.0 to 0.134.0 (#23681)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 10b12234a41f4..62b748a86d57c 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.133.0
+	gitlab.com/gitlab-org/api/client-go v0.134.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index 0d577192c6412..a210b55d69bc4 100644
--- a/go.sum
+++ b/go.sum
@@ -903,8 +903,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.133.0 h1:Y+t86XrCUY24A1yLMU1mYgC1/kvUTohLPG7bUJs692M=
-gitlab.com/gitlab-org/api/client-go v0.133.0/go.mod h1:crkp9sCwMQ8gDwuMLgk11sDT336t6U3kESBT0BGsOBo=
+gitlab.com/gitlab-org/api/client-go v0.134.0 h1:J4i6qPN5hRLsqatPxVbe9w2C0A3JEItyCQrzsP52S2k=
+gitlab.com/gitlab-org/api/client-go v0.134.0/go.mod h1:crkp9sCwMQ8gDwuMLgk11sDT336t6U3kESBT0BGsOBo=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From eebe884b4d7d78e35ade7bd39af5f449ed17de03 Mon Sep 17 00:00:00 2001
From: OpenGuidou <73480729+OpenGuidou@users.noreply.github.com>
Date: Wed, 9 Jul 2025 17:42:20 +0200
Subject: [PATCH 109/383] chore: Add unit test to cover apps health status in
 an app in any namespace context (#23693)

Signed-off-by: OpenGuidou <guillaume.doussin@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 server/application/application_test.go | 41 ++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/server/application/application_test.go b/server/application/application_test.go
index 006ebb88e137e..3b365ee6f105d 100644
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -2449,6 +2449,47 @@ func TestInferResourcesStatusHealth(t *testing.T) {
 	assert.Nil(t, testApp.Status.Resources[1].Health)
 }
 
+func TestInferResourcesStatusHealthWithAppInAnyNamespace(t *testing.T) {
+	cacheClient := cache.NewCache(cache.NewInMemoryCache(1 * time.Hour))
+
+	testApp := newTestApp()
+	testApp.Namespace = "otherNamespace"
+	testApp.Status.ResourceHealthSource = v1alpha1.ResourceHealthLocationAppTree
+	testApp.Status.Resources = []v1alpha1.ResourceStatus{{
+		Group:     "apps",
+		Kind:      "Deployment",
+		Name:      "guestbook",
+		Namespace: "otherNamespace",
+	}, {
+		Group:     "apps",
+		Kind:      "StatefulSet",
+		Name:      "guestbook-stateful",
+		Namespace: "otherNamespace",
+	}}
+	appServer := newTestAppServer(t, testApp)
+	appStateCache := appstate.NewCache(cacheClient, time.Minute)
+	err := appStateCache.SetAppResourcesTree("otherNamespace"+"_"+testApp.Name, &v1alpha1.ApplicationTree{Nodes: []v1alpha1.ResourceNode{{
+		ResourceRef: v1alpha1.ResourceRef{
+			Group:     "apps",
+			Kind:      "Deployment",
+			Name:      "guestbook",
+			Namespace: "otherNamespace",
+		},
+		Health: &v1alpha1.HealthStatus{
+			Status: health.HealthStatusDegraded,
+		},
+	}}})
+
+	require.NoError(t, err)
+
+	appServer.cache = servercache.NewCache(appStateCache, time.Minute, time.Minute)
+
+	appServer.inferResourcesStatusHealth(testApp)
+
+	assert.Equal(t, health.HealthStatusDegraded, testApp.Status.Resources[0].Health.Status)
+	assert.Nil(t, testApp.Status.Resources[1].Health)
+}
+
 func TestRunNewStyleResourceAction(t *testing.T) {
 	cacheClient := cache.NewCache(cache.NewInMemoryCache(1 * time.Hour))
 

From 8e880ee127a8c3ba654d49fb832f2b541b6103eb Mon Sep 17 00:00:00 2001
From: rumstead <37445536+rumstead@users.noreply.github.com>
Date: Wed, 9 Jul 2025 13:28:43 -0400
Subject: [PATCH 110/383] docs(images): add a note about missing images for 3.0
 releases (#23612) (#23712)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/2.14-3.0.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/operator-manual/upgrading/2.14-3.0.md b/docs/operator-manual/upgrading/2.14-3.0.md
index bed4a4e93b88d..38fdb9369920b 100644
--- a/docs/operator-manual/upgrading/2.14-3.0.md
+++ b/docs/operator-manual/upgrading/2.14-3.0.md
@@ -7,6 +7,13 @@ applicable) restore Argo CD 2.x default behavior.
 Once 3.0 is released, no more 2.x minor versions will be released. We will continue to cut patch releases for the two
 most recent minor versions (so 2.14 until 3.2 is released and 2.13 until 3.1 is released).
 
+## Images missing release notes on GitHub
+
+!!! important
+    Images 3.0.7 - 3.0.9 are missing release notes on GitHub. There was an issue with GoReleaser and building the darwin
+    CLI that prevented the release notes from being published. More information can be found
+    on [PR #23507](https://github.com/argoproj/argo-cd/pull/23507)
+
 ## Breaking Changes
 
 ### Fine-Grained RBAC for application `update` and `delete` sub-resources

From 0d18661bfcf43841e6b1b531920e2e39c2de46e9 Mon Sep 17 00:00:00 2001
From: Cayde6 <tjdfkr2421@gmail.com>
Date: Thu, 10 Jul 2025 05:29:24 +0900
Subject: [PATCH 111/383] chore(migrate): migrate otelgrpc pkg interceptor to
 stats handler(#18258) (#18366)

Signed-off-by: Jack-R-lantern <tjdfkr2421@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmpserver/apiclient/clientset.go  |  6 +++---
 cmpserver/server.go               |  3 +--
 pkg/apiclient/apiclient.go        |  6 +++---
 reposerver/apiclient/clientset.go |  8 ++++----
 reposerver/server.go              |  1 +
 server/server.go                  |  6 ++----
 util/grpc/interceptor.go          | 24 ++++++++++++++++++++++
 util/grpc/trace.go                | 33 -------------------------------
 8 files changed, 38 insertions(+), 49 deletions(-)
 create mode 100644 util/grpc/interceptor.go
 delete mode 100644 util/grpc/trace.go

diff --git a/cmpserver/apiclient/clientset.go b/cmpserver/apiclient/clientset.go
index fb751850e60fb..1e3bd68c6f395 100644
--- a/cmpserver/apiclient/clientset.go
+++ b/cmpserver/apiclient/clientset.go
@@ -10,6 +10,7 @@ import (
 
 	grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/retry"
 	log "github.com/sirupsen/logrus"
+	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 
@@ -44,11 +45,10 @@ func NewConnection(address string) (*grpc.ClientConn, error) {
 	}
 	unaryInterceptors := []grpc.UnaryClientInterceptor{grpc_retry.UnaryClientInterceptor(retryOpts...)}
 	dialOpts := []grpc.DialOption{
-		grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)),
+		grpc.WithStreamInterceptor(grpc_util.RetryOnlyForServerStreamInterceptor(retryOpts...)),
 		grpc.WithChainUnaryInterceptor(unaryInterceptors...),
 		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize)),
-		grpc.WithUnaryInterceptor(grpc_util.OTELUnaryClientInterceptor()),
-		grpc.WithStreamInterceptor(grpc_util.OTELStreamClientInterceptor()),
+		grpc.WithStatsHandler(otelgrpc.NewClientHandler()),
 	}
 
 	dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials()))
diff --git a/cmpserver/server.go b/cmpserver/server.go
index 24edc8decadad..9b9ead7b1cce0 100644
--- a/cmpserver/server.go
+++ b/cmpserver/server.go
@@ -49,13 +49,11 @@ func NewServer(initConstants plugin.CMPServerInitConstants) (*ArgoCDCMPServer, e
 
 	serverLog := log.NewEntry(log.StandardLogger())
 	streamInterceptors := []grpc.StreamServerInterceptor{
-		otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
 		logging.StreamServerInterceptor(grpc_util.InterceptorLogger(serverLog)),
 		serverMetrics.StreamServerInterceptor(),
 		recovery.StreamServerInterceptor(recovery.WithRecoveryHandler(grpc_util.LoggerRecoveryHandler(serverLog))),
 	}
 	unaryInterceptors := []grpc.UnaryServerInterceptor{
-		otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
 		logging.UnaryServerInterceptor(grpc_util.InterceptorLogger(serverLog)),
 		serverMetrics.UnaryServerInterceptor(),
 		recovery.UnaryServerInterceptor(recovery.WithRecoveryHandler(grpc_util.LoggerRecoveryHandler(serverLog))),
@@ -71,6 +69,7 @@ func NewServer(initConstants plugin.CMPServerInitConstants) (*ArgoCDCMPServer, e
 				MinTime: common.GetGRPCKeepAliveEnforcementMinimum(),
 			},
 		),
+		grpc.StatsHandler(otelgrpc.NewServerHandler()),
 	}
 
 	return &ArgoCDCMPServer{
diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go
index 8f30d86ec1c4c..5f0a4b2950123 100644
--- a/pkg/apiclient/apiclient.go
+++ b/pkg/apiclient/apiclient.go
@@ -21,6 +21,7 @@ import (
 	grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/retry"
 	"github.com/hashicorp/go-retryablehttp"
 	log "github.com/sirupsen/logrus"
+	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
 	"golang.org/x/oauth2"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
@@ -522,10 +523,9 @@ func (c *client) newConn() (*grpc.ClientConn, io.Closer, error) {
 	var dialOpts []grpc.DialOption
 	dialOpts = append(dialOpts, grpc.WithPerRPCCredentials(endpointCredentials))
 	dialOpts = append(dialOpts, grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize)))
-	dialOpts = append(dialOpts, grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)))
+	dialOpts = append(dialOpts, grpc.WithStreamInterceptor(grpc_util.RetryOnlyForServerStreamInterceptor(retryOpts...)))
 	dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(grpc_retry.UnaryClientInterceptor(retryOpts...)))
-	dialOpts = append(dialOpts, grpc.WithUnaryInterceptor(grpc_util.OTELUnaryClientInterceptor()))
-	dialOpts = append(dialOpts, grpc.WithStreamInterceptor(grpc_util.OTELStreamClientInterceptor()))
+	dialOpts = append(dialOpts, grpc.WithStatsHandler(otelgrpc.NewClientHandler()))
 
 	ctx := context.Background()
 
diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go
index 2243caf45ed62..def437e878415 100644
--- a/reposerver/apiclient/clientset.go
+++ b/reposerver/apiclient/clientset.go
@@ -13,11 +13,12 @@ import (
 	grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/retry"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/timeout"
 	log "github.com/sirupsen/logrus"
+	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 
-	argogrpc "github.com/argoproj/argo-cd/v3/util/grpc"
+	grpc_util "github.com/argoproj/argo-cd/v3/util/grpc"
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 )
 
@@ -63,11 +64,10 @@ func NewConnection(address string, timeoutSeconds int, tlsConfig *TLSConfigurati
 		unaryInterceptors = append(unaryInterceptors, timeout.UnaryClientInterceptor(time.Duration(timeoutSeconds)*time.Second))
 	}
 	opts := []grpc.DialOption{
-		grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)),
+		grpc.WithStreamInterceptor(grpc_util.RetryOnlyForServerStreamInterceptor(retryOpts...)),
 		grpc.WithChainUnaryInterceptor(unaryInterceptors...),
 		grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxGRPCMessageSize), grpc.MaxCallSendMsgSize(MaxGRPCMessageSize)),
-		grpc.WithUnaryInterceptor(argogrpc.OTELUnaryClientInterceptor()),
-		grpc.WithStreamInterceptor(argogrpc.OTELStreamClientInterceptor()),
+		grpc.WithStatsHandler(otelgrpc.NewClientHandler()),
 	}
 
 	tlsC := &tls.Config{}
diff --git a/reposerver/server.go b/reposerver/server.go
index 3df2c0ddb4bc0..0495f518a1ec8 100644
--- a/reposerver/server.go
+++ b/reposerver/server.go
@@ -91,6 +91,7 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach
 				MinTime: common.GetGRPCKeepAliveEnforcementMinimum(),
 			},
 		),
+		grpc.StatsHandler(otelgrpc.NewServerHandler()),
 	}
 
 	// We do allow for non-TLS servers to be created, in case of mTLS will be
diff --git a/server/server.go b/server/server.go
index ad818f7faf6c3..63335854e413e 100644
--- a/server/server.go
+++ b/server/server.go
@@ -514,8 +514,7 @@ func (server *ArgoCDServer) Listen() (*Listeners, error) {
 	var dOpts []grpc.DialOption
 	dOpts = append(dOpts, grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(apiclient.MaxGRPCMessageSize)))
 	dOpts = append(dOpts, grpc.WithUserAgent(fmt.Sprintf("%s/%s", common.ArgoCDUserAgentName, common.GetVersion().Version)))
-	dOpts = append(dOpts, grpc.WithUnaryInterceptor(grpc_util.OTELUnaryClientInterceptor()))
-	dOpts = append(dOpts, grpc.WithStreamInterceptor(grpc_util.OTELStreamClientInterceptor()))
+	dOpts = append(dOpts, grpc.WithStatsHandler(otelgrpc.NewClientHandler()))
 	if server.useTLS() {
 		// The following sets up the dial Options for grpc-gateway to talk to gRPC server over TLS.
 		// grpc-gateway is just translating HTTP/HTTPS requests as gRPC requests over localhost,
@@ -947,7 +946,6 @@ func (server *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResour
 	// NOTE: notice we do not configure the gRPC server here with TLS (e.g. grpc.Creds(creds))
 	// This is because TLS handshaking occurs in cmux handling
 	sOpts = append(sOpts, grpc.ChainStreamInterceptor(
-		otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
 		logging.StreamServerInterceptor(grpc_util.InterceptorLogger(server.log)),
 		serverMetrics.StreamServerInterceptor(),
 		grpc_auth.StreamServerInterceptor(server.Authenticate),
@@ -961,7 +959,6 @@ func (server *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResour
 	))
 	sOpts = append(sOpts, grpc.ChainUnaryInterceptor(
 		bug21955WorkaroundInterceptor,
-		otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
 		logging.UnaryServerInterceptor(grpc_util.InterceptorLogger(server.log)),
 		serverMetrics.UnaryServerInterceptor(),
 		grpc_auth.UnaryServerInterceptor(server.Authenticate),
@@ -973,6 +970,7 @@ func (server *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResour
 		grpc_util.ErrorCodeGitUnaryServerInterceptor(),
 		recovery.UnaryServerInterceptor(recovery.WithRecoveryHandler(grpc_util.LoggerRecoveryHandler(server.log))),
 	))
+	sOpts = append(sOpts, grpc.StatsHandler(otelgrpc.NewServerHandler()))
 	grpcS := grpc.NewServer(sOpts...)
 
 	versionpkg.RegisterVersionServiceServer(grpcS, server.serviceSet.VersionService)
diff --git a/util/grpc/interceptor.go b/util/grpc/interceptor.go
new file mode 100644
index 0000000000000..944ac869fce3c
--- /dev/null
+++ b/util/grpc/interceptor.go
@@ -0,0 +1,24 @@
+package grpc
+
+import (
+	"context"
+
+	grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/retry"
+	"google.golang.org/grpc"
+)
+
+func RetryOnlyForServerStreamInterceptor(retryOpts ...grpc_retry.CallOption) grpc.StreamClientInterceptor {
+	return func(
+		ctx context.Context,
+		desc *grpc.StreamDesc,
+		cc *grpc.ClientConn,
+		method string,
+		streamer grpc.Streamer,
+		opts ...grpc.CallOption,
+	) (grpc.ClientStream, error) {
+		if desc.ServerStreams && !desc.ClientStreams {
+			return grpc_retry.StreamClientInterceptor(retryOpts...)(ctx, desc, cc, method, streamer, opts...)
+		}
+		return streamer(ctx, desc, cc, method, opts...)
+	}
+}
diff --git a/util/grpc/trace.go b/util/grpc/trace.go
deleted file mode 100644
index 7ecc5bc9647d0..0000000000000
--- a/util/grpc/trace.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package grpc
-
-import (
-	"sync"
-
-	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
-	"google.golang.org/grpc"
-)
-
-var (
-	otelUnaryInterceptor    grpc.UnaryClientInterceptor
-	otelStreamInterceptor   grpc.StreamClientInterceptor
-	interceptorsInitialized = sync.Once{}
-)
-
-// otel interceptors must be created once to avoid memory leak
-// see https://github.com/open-telemetry/opentelemetry-go-contrib/issues/4226 for details
-func ensureInitialized() {
-	interceptorsInitialized.Do(func() {
-		otelUnaryInterceptor = otelgrpc.UnaryClientInterceptor()   //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
-		otelStreamInterceptor = otelgrpc.StreamClientInterceptor() //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
-	})
-}
-
-func OTELUnaryClientInterceptor() grpc.UnaryClientInterceptor {
-	ensureInitialized()
-	return otelUnaryInterceptor
-}
-
-func OTELStreamClientInterceptor() grpc.StreamClientInterceptor {
-	ensureInitialized()
-	return otelStreamInterceptor
-}

From 333ec992b39bc5495f1c209df016af52a7ebf2d6 Mon Sep 17 00:00:00 2001
From: Mubarak Jama <83465122+mubarak-j@users.noreply.github.com>
Date: Thu, 10 Jul 2025 00:16:52 -0600
Subject: [PATCH 112/383] feat(helm): upgrading helm to 3.18.4 (#23724)

Signed-off-by: Mubarak Jama <mubarak.jama@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.0-3.1.md           |  6 +++---
 hack/installers/checksums/add-helm-checksums.sh     | 13 ++++++++++---
 .../helm-v3.18.4-darwin-amd64.tar.gz.sha256         |  1 +
 .../helm-v3.18.4-darwin-arm64.tar.gz.sha256         |  1 +
 .../helm-v3.18.4-linux-amd64.tar.gz.sha256          |  1 +
 .../helm-v3.18.4-linux-arm64.tar.gz.sha256          |  1 +
 .../helm-v3.18.4-linux-ppc64le.tar.gz.sha256        |  1 +
 .../helm-v3.18.4-linux-s390x.tar.gz.sha256          |  1 +
 hack/tool-versions.sh                               |  2 +-
 9 files changed, 20 insertions(+), 7 deletions(-)
 create mode 100644 hack/installers/checksums/helm-v3.18.4-darwin-amd64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.4-darwin-arm64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.4-linux-amd64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.4-linux-arm64.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.4-linux-ppc64le.tar.gz.sha256
 create mode 100644 hack/installers/checksums/helm-v3.18.4-linux-s390x.tar.gz.sha256

diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index f53c3ae22e646..ffefdb3cb2bce 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -60,12 +60,12 @@ If it returns `"enablePKCEAuthentication": true`, then PKCE is used.
 
 On your identity provider, ensure that the OIDC client used for Argo CD has the `/auth/callback` endpoint of your Argo CD URL (e.g. https://argocd.example.com/auth/callback) in the redirect URIs.
 
-## Helm Upgraded to 3.18.3
+## Helm Upgraded to 3.18.4
 
-Argo CD v3.1 upgrades the bundled Helm version to 3.18.3. There are no breaking changes in Helm 3.18 according to the
+Argo CD v3.1 upgrades the bundled Helm version to 3.18.4. There are no breaking changes in Helm 3.18 according to the
 [release notes](https://github.com/helm/helm/releases/tag/v3.18.0).
 
 ## Kustomize Upgraded to 5.7.0
 
-Argo CD v3.1 upgrades the bundled Kustomize version to 5.7.0. There are no breaking changes in Kustomize 5.7 according 
+Argo CD v3.1 upgrades the bundled Kustomize version to 5.7.0. There are no breaking changes in Kustomize 5.7 according
 to the [release notes](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.7.0).
diff --git a/hack/installers/checksums/add-helm-checksums.sh b/hack/installers/checksums/add-helm-checksums.sh
index 95bf2b2566b69..26fb4ee090708 100755
--- a/hack/installers/checksums/add-helm-checksums.sh
+++ b/hack/installers/checksums/add-helm-checksums.sh
@@ -1,12 +1,19 @@
 #!/usr/bin/env sh
 
-# Usage: ./add-helm-checksums.sh 3.9.4  # use the desired version
+# Usage: ./add-helm-checksums.sh <helm-version>  # use the desired version e.g. 3.18.4
 
 set -e
+
 for arch in amd64 arm64 ppc64le s390x; do
-  wget "https://get.helm.sh/helm-v$1-linux-$arch.tar.gz.sha256sum"   -O "helm-v$1-linux-$arch.tar.gz.sha256"
+  checksumfile="helm-v$1-linux-$arch.tar.gz.sha256"
+  wget "https://get.helm.sh/helm-v$1-linux-$arch.tar.gz.sha256sum" -O "$checksumfile"
+  outname="$(git rev-parse --show-toplevel)/hack/installers/checksums/helm-v$1-linux-$arch.tar.gz.sha256"
+  mv $checksumfile  $outname
 done
 
 for arch in amd64 arm64; do
-  wget "https://get.helm.sh/helm-v$1-darwin-$arch.tar.gz.sha256sum"   -O "helm-v$1-darwin-$arch.tar.gz.sha256"
+  checksumfile="helm-v$1-darwin-$arch.tar.gz.sha256"
+  wget "https://get.helm.sh/helm-v$1-darwin-$arch.tar.gz.sha256sum" -O "$checksumfile"
+  outname="$(git rev-parse --show-toplevel)/hack/installers/checksums/helm-v$1-darwin-$arch.tar.gz.sha256"
+  mv $checksumfile  $outname
 done
\ No newline at end of file
diff --git a/hack/installers/checksums/helm-v3.18.4-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.4-darwin-amd64.tar.gz.sha256
new file mode 100644
index 0000000000000..22b26080955f1
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.4-darwin-amd64.tar.gz.sha256
@@ -0,0 +1 @@
+860a7238285b44b5dc7b3c4dad6194316885d7015d77c34e23177e0e9554af8f  helm-v3.18.4-darwin-amd64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.4-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.4-darwin-arm64.tar.gz.sha256
new file mode 100644
index 0000000000000..85d20c14029a8
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.4-darwin-arm64.tar.gz.sha256
@@ -0,0 +1 @@
+041849741550b20710d7ad0956e805ebd960b483fe978864f8e7fdd03ca84ec8  helm-v3.18.4-darwin-arm64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.4-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.4-linux-amd64.tar.gz.sha256
new file mode 100644
index 0000000000000..a524c2050a041
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.4-linux-amd64.tar.gz.sha256
@@ -0,0 +1 @@
+f8180838c23d7c7d797b208861fecb591d9ce1690d8704ed1e4cb8e2add966c1  helm-v3.18.4-linux-amd64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.4-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.4-linux-arm64.tar.gz.sha256
new file mode 100644
index 0000000000000..44b3ef00bcdef
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.4-linux-arm64.tar.gz.sha256
@@ -0,0 +1 @@
+c0a45e67eef0c7416a8a8c9e9d5d2d30d70e4f4d3f7bea5de28241fffa8f3b89  helm-v3.18.4-linux-arm64.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.4-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.4-linux-ppc64le.tar.gz.sha256
new file mode 100644
index 0000000000000..f50fbc5fb11ab
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.4-linux-ppc64le.tar.gz.sha256
@@ -0,0 +1 @@
+dbd74c59e7710f26e058596723abbf73662b553e01f40dfb08508ffffaeb7b81  helm-v3.18.4-linux-ppc64le.tar.gz
diff --git a/hack/installers/checksums/helm-v3.18.4-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.18.4-linux-s390x.tar.gz.sha256
new file mode 100644
index 0000000000000..6528a1d46adb4
--- /dev/null
+++ b/hack/installers/checksums/helm-v3.18.4-linux-s390x.tar.gz.sha256
@@ -0,0 +1 @@
+c8bafb34bcebd53494f0223239977e1ff7b487e714598a5843a0cb1788e20075  helm-v3.18.4-linux-s390x.tar.gz
diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh
index 1ec9f326bdf9b..3be52847b500d 100644
--- a/hack/tool-versions.sh
+++ b/hack/tool-versions.sh
@@ -11,7 +11,7 @@
 # Use ./hack/installers/checksums/add-helm-checksums.sh and
 # add-kustomize-checksums.sh to help download checksums.
 ###############################################################################
-helm3_version=3.18.3
+helm3_version=3.18.4
 kustomize5_version=5.7.0
 protoc_version=29.3
 oras_version=1.2.0

From cc731ffef0843f120b2b4115615364d345b67845 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Jul 2025 22:35:45 -1000
Subject: [PATCH 113/383] chore(deps): bump golang.org/x/term from 0.32.0 to
 0.33.0 (#23729)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 62b748a86d57c..5c824e512433d 100644
--- a/go.mod
+++ b/go.mod
@@ -95,7 +95,7 @@ require (
 	golang.org/x/net v0.41.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.15.0
-	golang.org/x/term v0.32.0
+	golang.org/x/term v0.33.0
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237
 	google.golang.org/grpc v1.73.0
@@ -268,7 +268,7 @@ require (
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
 	golang.org/x/mod v0.25.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
 	golang.org/x/text v0.26.0 // indirect
 	golang.org/x/tools v0.33.0 // indirect
 	gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect
diff --git a/go.sum b/go.sum
index a210b55d69bc4..9b9876b82d8d8 100644
--- a/go.sum
+++ b/go.sum
@@ -1214,8 +1214,8 @@ golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -1243,8 +1243,8 @@ golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From a8f9b3ec843ccf185d0428ac53850d8249568846 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Jul 2025 09:17:16 +0000
Subject: [PATCH 114/383] chore(deps): bump golang.org/x/sync from 0.15.0 to
 0.16.0 (#23730)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5c824e512433d..86101bd151c16 100644
--- a/go.mod
+++ b/go.mod
@@ -94,7 +94,7 @@ require (
 	golang.org/x/crypto v0.39.0
 	golang.org/x/net v0.41.0
 	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.15.0
+	golang.org/x/sync v0.16.0
 	golang.org/x/term v0.33.0
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237
diff --git a/go.sum b/go.sum
index 9b9876b82d8d8..14b42e7433c45 100644
--- a/go.sum
+++ b/go.sum
@@ -1130,8 +1130,8 @@ golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
-golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From 71ed5787e1cbd20bf4c89dca6af962c1183ca49a Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Thu, 10 Jul 2025 08:34:05 -0400
Subject: [PATCH 115/383] fix(health): CRD health check message (#23690)
 (#23691)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../CustomResourceDefinition/health.lua       | 45 ++++++-------------
 .../crd-v1-non-structual-degraded.yaml        | 10 ++---
 2 files changed, 18 insertions(+), 37 deletions(-)

diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua
index 23d944fc460e1..015d10fd8761b 100644
--- a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua
+++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/health.lua
@@ -20,23 +20,29 @@ if #obj.status.conditions == 0 then
 end
 
 local isEstablished
-local isTerminating
-local namesNotAccepted
-local hasViolations
 local conditionMsg = ""
 
 for _, condition in pairs(obj.status.conditions) do
 
     -- Check if CRD is terminating
     if condition.type == "Terminating" and condition.status == "True" then
-        isTerminating = true
-        conditionMsg = condition.message
+        hs.status = "Progressing"
+        hs.message = "CRD is terminating: " .. condition.message
+        return hs
     end
 
     -- Check if K8s has accepted names for this CRD
     if condition.type == "NamesAccepted" and condition.status == "False" then
-        namesNotAccepted = true
-        conditionMsg = condition.message
+        hs.status = "Degraded"
+        hs.message = "CRD names have not been accepted: " .. condition.message
+        return hs
+    end
+
+    -- Checking if CRD has violations
+    if condition.type == "NonStructuralSchema" and condition.status == "True" then
+        hs.status = "Degraded"
+        hs.message = "Schema violations found: " .. condition.message
+        return hs
     end
 
     -- Checking if CRD is established
@@ -44,25 +50,6 @@ for _, condition in pairs(obj.status.conditions) do
         isEstablished = true
         conditionMsg = condition.message
     end
-
-    -- Checking if CRD has violations
-    if condition.type == "NonStructuralSchema" and condition.status == "True" then
-        hasViolations = true
-        conditionMsg = condition.message
-    end
-
-end
-
-if isTerminating then
-    hs.status = "Progressing"
-    hs.message = "CRD is terminating: " .. conditionMsg
-    return hs
-end
-
-if namesNotAccepted then
-    hs.status = "Degraded"
-    hs.message = "CRD names have not been accepted: " .. conditionMsg
-    return hs
 end
 
 if not isEstablished then
@@ -71,12 +58,6 @@ if not isEstablished then
     return hs
 end
 
-if hasViolations then
-    hs.status = "Degraded"
-    hs.message = "Schema violations found: " .. conditionMsg
-    return hs
-end
-
 hs.status = "Healthy"
 hs.message = "CRD is healthy"
 return hs
\ No newline at end of file
diff --git a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml
index 3c7a07f3e3a0b..443f07e8e0e55 100644
--- a/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml
+++ b/resource_customizations/apiextensions.k8s.io/CustomResourceDefinition/testdata/crd-v1-non-structual-degraded.yaml
@@ -47,15 +47,15 @@ status:
       reason: NoConflicts
       status: 'True'
       type: NamesAccepted
-    - lastTransitionTime: '2024-05-19T23:35:28Z'
-      message: the initial names have been accepted
-      reason: InitialNamesAccepted
-      status: 'True'
-      type: Established
     - lastTransitionTime: '2024-10-26T19:44:57Z'
       message: 'spec.preserveUnknownFields: Invalid value: true: must be false'
       reason: Violations
       status: 'True'
       type: NonStructuralSchema
+    - lastTransitionTime: '2024-05-19T23:35:28Z'
+      message: the initial names have been accepted
+      reason: InitialNamesAccepted
+      status: 'True'
+      type: Established
   storedVersions:
     - v1alpha1
\ No newline at end of file

From 87f01e208d7b905f37710768446b788cbe6f389b Mon Sep 17 00:00:00 2001
From: rumstead <37445536+rumstead@users.noreply.github.com>
Date: Thu, 10 Jul 2025 10:09:51 -0400
Subject: [PATCH 116/383] docs(images): add a note about missing images for 3.0
 releases (#23741)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/2.14-3.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/upgrading/2.14-3.0.md b/docs/operator-manual/upgrading/2.14-3.0.md
index 38fdb9369920b..9a6f79e1caa84 100644
--- a/docs/operator-manual/upgrading/2.14-3.0.md
+++ b/docs/operator-manual/upgrading/2.14-3.0.md
@@ -10,7 +10,7 @@ most recent minor versions (so 2.14 until 3.2 is released and 2.13 until 3.1 is
 ## Images missing release notes on GitHub
 
 !!! important
-    Images 3.0.7 - 3.0.9 are missing release notes on GitHub. There was an issue with GoReleaser and building the darwin
+    Images 3.0.7 - 3.0.10 are missing release notes on GitHub. There was an issue with GoReleaser and building the darwin
     CLI that prevented the release notes from being published. More information can be found
     on [PR #23507](https://github.com/argoproj/argo-cd/pull/23507)
 

From 43772b6c343da893fc78b484ebbaf1b2f08e760d Mon Sep 17 00:00:00 2001
From: Yusuke Abe <moonset20@gmail.com>
Date: Fri, 11 Jul 2025 00:55:47 +0900
Subject: [PATCH 117/383] chore: fix contradiction between function name and
 comment (#23736)

Signed-off-by: chansuke <moonset20@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/utils/kubernetes.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/applicationset/utils/kubernetes.go b/applicationset/utils/kubernetes.go
index b06d499b6013e..037b4a3203a26 100644
--- a/applicationset/utils/kubernetes.go
+++ b/applicationset/utils/kubernetes.go
@@ -14,7 +14,7 @@ import (
 
 var ErrDisallowedSecretAccess = fmt.Errorf("secret must have label %q=%q", common.LabelKeySecretType, common.LabelValueSecretTypeSCMCreds)
 
-// getSecretRef gets the value of the key for the specified Secret resource.
+// GetSecretRef gets the value of the key for the specified Secret resource.
 func GetSecretRef(ctx context.Context, k8sClient client.Client, ref *argoprojiov1alpha1.SecretRef, namespace string, tokenRefStrictMode bool) (string, error) {
 	if ref == nil {
 		return "", nil

From c95f56f21e4a2948ae814af7eaa50da03ab435d7 Mon Sep 17 00:00:00 2001
From: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Date: Thu, 10 Jul 2025 13:27:55 -0400
Subject: [PATCH 118/383] feat(hydrator): add .gitattributes file to hydrated
 repo root (#23678) (#23725)

Signed-off-by: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 commitserver/commit/hydratorhelper.go      | 34 ++++++++++++++++++++++
 commitserver/commit/hydratorhelper_test.go | 13 +++++++++
 2 files changed, 47 insertions(+)

diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go
index 44dce9b2d3df1..b7ab2bfa10db0 100644
--- a/commitserver/commit/hydratorhelper.go
+++ b/commitserver/commit/hydratorhelper.go
@@ -17,6 +17,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	"github.com/argoproj/argo-cd/v3/commitserver/apiclient"
+	"github.com/argoproj/argo-cd/v3/common"
 	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/util/git"
 	"github.com/argoproj/argo-cd/v3/util/io"
@@ -24,6 +25,9 @@ import (
 
 var sprigFuncMap = sprig.GenericFuncMap() // a singleton for better performance
 
+const gitAttributesContents = `*/README.md linguist-generated=true
+*/hydrator.metadata linguist-generated=true`
+
 func init() {
 	// Avoid allowing the user to learn things about the environment.
 	delete(sprigFuncMap, "env")
@@ -57,6 +61,12 @@ func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *app
 		return fmt.Errorf("failed to write top-level hydrator metadata: %w", err)
 	}
 
+	// Write .gitattributes
+	err = writeGitAttributes(root)
+	if err != nil {
+		return fmt.Errorf("failed to write git attributes: %w", err)
+	}
+
 	for _, p := range paths {
 		hydratePath := p.Path
 		if hydratePath == "." {
@@ -137,6 +147,30 @@ func writeReadme(root *os.Root, dirPath string, metadata hydratorMetadataFile) e
 	return nil
 }
 
+func writeGitAttributes(root *os.Root) error {
+	gitAttributesFile, err := root.Create(".gitattributes")
+	if err != nil {
+		return fmt.Errorf("failed to create git attributes file: %w", err)
+	}
+
+	defer func() {
+		err = gitAttributesFile.Close()
+		if err != nil {
+			log.WithFields(log.Fields{
+				common.SecurityField:    common.SecurityMedium,
+				common.SecurityCWEField: common.SecurityCWEMissingReleaseOfFileDescriptor,
+			}).Errorf("error closing file %q: %v", gitAttributesFile.Name(), err)
+		}
+	}()
+
+	_, err = gitAttributesFile.WriteString(gitAttributesContents)
+	if err != nil {
+		return fmt.Errorf("failed to write git attributes: %w", err)
+	}
+
+	return nil
+}
+
 // writeManifests writes the manifests to the manifest.yaml file, truncating the file if it exists and appending the
 // manifests in the order they are provided.
 func writeManifests(root *os.Root, dirPath string, manifests []*apiclient.HydratedManifestDetails) error {
diff --git a/commitserver/commit/hydratorhelper_test.go b/commitserver/commit/hydratorhelper_test.go
index 05c0bd2f85f0a..72ebb66779162 100644
--- a/commitserver/commit/hydratorhelper_test.go
+++ b/commitserver/commit/hydratorhelper_test.go
@@ -223,3 +223,16 @@ func TestWriteManifests(t *testing.T) {
 	require.NoError(t, err)
 	assert.Contains(t, string(manifestBytes), "kind")
 }
+
+func TestWriteGitAttributes(t *testing.T) {
+	root := tempRoot(t)
+
+	err := writeGitAttributes(root)
+	require.NoError(t, err)
+
+	gitAttributesPath := filepath.Join(root.Name(), ".gitattributes")
+	gitAttributesBytes, err := os.ReadFile(gitAttributesPath)
+	require.NoError(t, err)
+	assert.Contains(t, string(gitAttributesBytes), "*/README.md linguist-generated=true")
+	assert.Contains(t, string(gitAttributesBytes), "*/hydrator.metadata linguist-generated=true")
+}

From 06774aa4c5edb7cc7710f52ddfb0b143f71c8047 Mon Sep 17 00:00:00 2001
From: dudinea <eugene.doudine@octopus.com>
Date: Thu, 10 Jul 2025 22:39:34 +0300
Subject: [PATCH 119/383] fix(test): TestFailKustomizeBuildPatches fails on
 MacOS dev. env  (#23737)

Signed-off-by: Eugene Doudine <eugene.doudine@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../{Kustomization.yaml => customization.yaml}                    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename util/kustomize/testdata/kustomization_yaml_patches_empty/{Kustomization.yaml => customization.yaml} (100%)

diff --git a/util/kustomize/testdata/kustomization_yaml_patches_empty/Kustomization.yaml b/util/kustomize/testdata/kustomization_yaml_patches_empty/customization.yaml
similarity index 100%
rename from util/kustomize/testdata/kustomization_yaml_patches_empty/Kustomization.yaml
rename to util/kustomize/testdata/kustomization_yaml_patches_empty/customization.yaml

From 4f763d1301806221fef1724bb25d5cbfd503bb22 Mon Sep 17 00:00:00 2001
From: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Date: Thu, 10 Jul 2025 16:09:25 -0400
Subject: [PATCH 120/383] chore(tilt): fix sync reference to argocd build file
 (#23749)

Signed-off-by: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Tiltfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Tiltfile b/Tiltfile
index 31b57323a3fad..b3413262c5218 100644
--- a/Tiltfile
+++ b/Tiltfile
@@ -69,7 +69,7 @@ docker_build_with_restart(
     ],
     platform=platform,
     live_update=[
-        sync('.tilt-bin/argocd_linux_amd64', '/usr/local/bin/argocd'),
+        sync('.tilt-bin/argocd_linux', '/usr/local/bin/argocd'),
     ],
     only=[
         '.tilt-bin',
@@ -260,6 +260,7 @@ local_resource(
     'make lint-local',
     deps = code_deps,
     allow_parallel=True,
+    resource_deps=['vendor']
 )
 
 local_resource(

From 6252a1a2bba246faeee8912c905207da789d3fe1 Mon Sep 17 00:00:00 2001
From: Kanika Rana <46766610+ranakan19@users.noreply.github.com>
Date: Thu, 10 Jul 2025 18:16:42 -0400
Subject: [PATCH 121/383] feat(appset): deleting applications in order when
 Progressive sync enabled on applicationSet (#23465)

Signed-off-by: Kanika Rana <krana@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../controllers/applicationset_controller.go  |   90 +-
 .../applicationset_controller_test.go         |  129 ++
 assets/swagger.json                           |    4 +
 manifests/core-install-with-hydrator.yaml     |    2 +
 manifests/core-install.yaml                   |    2 +
 manifests/crds/applicationset-crd.yaml        |    2 +
 manifests/ha/install-with-hydrator.yaml       |    2 +
 manifests/ha/install.yaml                     |    2 +
 manifests/install-with-hydrator.yaml          |    2 +
 manifests/install.yaml                        |    2 +
 .../v1alpha1/applicationset_types.go          |    4 +-
 pkg/apis/application/v1alpha1/generated.pb.go | 1583 +++++++++--------
 pkg/apis/application/v1alpha1/generated.proto |    4 +
 13 files changed, 1048 insertions(+), 780 deletions(-)

diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go
index b152087ed3d67..9b2473bbfd3b5 100644
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"reflect"
 	"runtime/debug"
@@ -67,6 +68,8 @@ const (
 	//   https://github.com/argoproj-labs/argocd-notifications/blob/33d345fa838829bb50fca5c08523aba380d2c12b/pkg/controller/state.go#L17
 	NotifiedAnnotationKey             = "notified.notifications.argoproj.io"
 	ReconcileRequeueOnValidationError = time.Minute * 3
+	ReverseDeletionOrder              = "Reverse"
+	AllAtOnceDeletionOrder            = "AllAtOnce"
 )
 
 var defaultPreservedAnnotations = []string{
@@ -74,6 +77,11 @@ var defaultPreservedAnnotations = []string{
 	argov1alpha1.AnnotationKeyRefresh,
 }
 
+type deleteInOrder struct {
+	AppName string
+	Step    int
+}
+
 // ApplicationSetReconciler reconciles a ApplicationSet object
 type ApplicationSetReconciler struct {
 	client.Client
@@ -139,6 +147,19 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			}
 			logCtx.Debugf("ownerReferences referring %s is deleted from generated applications", appsetName)
 		}
+		if isProgressiveSyncDeletionOrderReversed(&applicationSetInfo) {
+			logCtx.Debugf("DeletionOrder is set as Reverse on %s", appsetName)
+			currentApplications, err := r.getCurrentApplications(ctx, applicationSetInfo)
+			if err != nil {
+				return ctrl.Result{}, err
+			}
+			requeueTime, err := r.performReverseDeletion(ctx, logCtx, applicationSetInfo, currentApplications)
+			if err != nil {
+				return ctrl.Result{}, err
+			} else if requeueTime > 0 {
+				return ctrl.Result{RequeueAfter: requeueTime}, err
+			}
+		}
 		controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName)
 		if err := r.Update(ctx, &applicationSetInfo); err != nil {
 			return ctrl.Result{}, err
@@ -363,6 +384,55 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	}, nil
 }
 
+func (r *ApplicationSetReconciler) performReverseDeletion(ctx context.Context, logCtx *log.Entry, appset argov1alpha1.ApplicationSet, currentApps []argov1alpha1.Application) (time.Duration, error) {
+	requeueTime := 10 * time.Second
+	stepLength := len(appset.Spec.Strategy.RollingSync.Steps)
+
+	// map applications by name using current applications
+	appMap := make(map[string]*argov1alpha1.Application)
+	for _, app := range currentApps {
+		appMap[app.Name] = &app
+	}
+
+	// Get Rolling Sync Step Maps
+	_, appStepMap := r.buildAppDependencyList(logCtx, appset, currentApps)
+	// reverse the AppStepMap to perform deletion
+	var reverseDeleteAppSteps []deleteInOrder
+	for appName, appStep := range appStepMap {
+		reverseDeleteAppSteps = append(reverseDeleteAppSteps, deleteInOrder{appName, stepLength - appStep - 1})
+	}
+
+	sort.Slice(reverseDeleteAppSteps, func(i, j int) bool {
+		return reverseDeleteAppSteps[i].Step < reverseDeleteAppSteps[j].Step
+	})
+
+	for _, step := range reverseDeleteAppSteps {
+		logCtx.Infof("step %v : app %v", step.Step, step.AppName)
+		app := appMap[step.AppName]
+		retrievedApp := argov1alpha1.Application{}
+		if err := r.Get(ctx, types.NamespacedName{Name: app.Name, Namespace: app.Namespace}, &retrievedApp); err != nil {
+			if apierrors.IsNotFound(err) {
+				logCtx.Infof("application %s successfully deleted", step.AppName)
+				continue
+			}
+		}
+		// Check if the application is already being deleted
+		if retrievedApp.DeletionTimestamp != nil {
+			logCtx.Infof("application %s has been marked for deletion, but object not removed yet", step.AppName)
+			if time.Since(retrievedApp.DeletionTimestamp.Time) > 2*time.Minute {
+				return 0, errors.New("application has not been deleted in over 2 minutes")
+			}
+		}
+		// The application has not been deleted yet, trigger its deletion
+		if err := r.Delete(ctx, &retrievedApp); err != nil {
+			return 0, err
+		}
+		return requeueTime, nil
+	}
+	logCtx.Infof("completed reverse deletion for ApplicationSet %v", appset.Name)
+	return 0, nil
+}
+
 func getParametersGeneratedCondition(parametersGenerated bool, message string) argov1alpha1.ApplicationSetCondition {
 	var parametersGeneratedCondition argov1alpha1.ApplicationSetCondition
 	if parametersGenerated {
@@ -738,7 +808,7 @@ func (r *ApplicationSetReconciler) deleteInCluster(ctx context.Context, logCtx *
 		return fmt.Errorf("error getting current applications: %w", err)
 	}
 
-	m := make(map[string]bool) // Will holds the app names in appList for the deletion process
+	m := make(map[string]bool) // will hold the app names in appList for the deletion process
 
 	for _, app := range desiredApplications {
 		m[app.Name] = true
@@ -1017,6 +1087,11 @@ func progressiveSyncsRollingSyncStrategyEnabled(appset *argov1alpha1.Application
 	return isRollingSyncStrategy(appset) && len(appset.Spec.Strategy.RollingSync.Steps) > 0
 }
 
+func isProgressiveSyncDeletionOrderReversed(appset *argov1alpha1.ApplicationSet) bool {
+	// When progressive sync is enabled + deletionOrder is set to Reverse (case-insensitive)
+	return progressiveSyncsRollingSyncStrategyEnabled(appset) && strings.EqualFold(appset.Spec.Strategy.DeletionOrder, ReverseDeletionOrder)
+}
+
 func isApplicationHealthy(app argov1alpha1.Application) bool {
 	healthStatusString, syncStatusString, operationPhaseString := statusStrings(app)
 
@@ -1146,15 +1221,10 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress
 
 	// if we have no RollingUpdate steps, clear out the existing ApplicationStatus entries
 	if progressiveSyncsRollingSyncStrategyEnabled(applicationSet) {
-		updateCountMap := []int{}
-		totalCountMap := []int{}
-
 		length := len(applicationSet.Spec.Strategy.RollingSync.Steps)
 
-		for s := 0; s < length; s++ {
-			updateCountMap = append(updateCountMap, 0)
-			totalCountMap = append(totalCountMap, 0)
-		}
+		updateCountMap := make([]int, length)
+		totalCountMap := make([]int, length)
 
 		// populate updateCountMap with counts of existing Pending and Progressing Applications
 		for _, appStatus := range applicationSet.Status.ApplicationStatus {
@@ -1626,10 +1696,14 @@ func shouldRequeueForApplicationSet(appSetOld, appSetNew *argov1alpha1.Applicati
 	}
 
 	// Requeue if any ApplicationStatus.Status changed for Progressive sync strategy
+	// Requeue if deletionTimestamp added
 	if enableProgressiveSyncs {
 		if !cmp.Equal(appSetOld.Status.ApplicationStatus, appSetNew.Status.ApplicationStatus, cmpopts.EquateEmpty()) {
 			return true
 		}
+		if !cmp.Equal(appSetOld.DeletionTimestamp, appSetNew.DeletionTimestamp, cmpopts.EquateEmpty()) {
+			return true
+		}
 	}
 
 	// only compare the applicationset spec, annotations, labels and finalizers, specifically avoiding
diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go
index 77fae3908d265..575ef7e399913 100644
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
@@ -7106,6 +7106,28 @@ func TestApplicationSetOwnsHandlerUpdate(t *testing.T) {
 			enableProgressiveSyncs: false,
 			want:                   false,
 		},
+		{
+			name:      "deletionTimestamp present when progressive sync enabled",
+			appSetOld: buildAppSet(map[string]string{}),
+			appSetNew: &v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					DeletionTimestamp: &metav1.Time{Time: time.Now()},
+				},
+			},
+			enableProgressiveSyncs: true,
+			want:                   true,
+		},
+		{
+			name:      "deletionTimestamp present when progressive sync disabled",
+			appSetOld: buildAppSet(map[string]string{}),
+			appSetNew: &v1alpha1.ApplicationSet{
+				ObjectMeta: metav1.ObjectMeta{
+					DeletionTimestamp: &metav1.Time{Time: time.Now()},
+				},
+			},
+			enableProgressiveSyncs: false,
+			want:                   false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -7491,3 +7513,110 @@ func TestSyncApplication(t *testing.T) {
 		})
 	}
 }
+
+func TestIsRollingSyncDeletionReversed(t *testing.T) {
+	tests := []struct {
+		name     string
+		appset   *v1alpha1.ApplicationSet
+		expected bool
+	}{
+		{
+			name: "Deletion Order on strategy is set as Reverse",
+			appset: &v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
+					Strategy: &v1alpha1.ApplicationSetStrategy{
+						Type: "RollingSync",
+						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{
+							Steps: []v1alpha1.ApplicationSetRolloutStep{
+								{
+									MatchExpressions: []v1alpha1.ApplicationMatchExpression{
+										{
+											Key:      "environment",
+											Operator: "In",
+											Values: []string{
+												"dev",
+											},
+										},
+									},
+								},
+								{
+									MatchExpressions: []v1alpha1.ApplicationMatchExpression{
+										{
+											Key:      "environment",
+											Operator: "In",
+											Values: []string{
+												"staging",
+											},
+										},
+									},
+								},
+							},
+						},
+						DeletionOrder: ReverseDeletionOrder,
+					},
+				},
+			},
+			expected: true,
+		},
+		{
+			name: "Deletion Order on strategy is set as AllAtOnce",
+			appset: &v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
+					Strategy: &v1alpha1.ApplicationSetStrategy{
+						Type: "RollingSync",
+						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{
+							Steps: []v1alpha1.ApplicationSetRolloutStep{},
+						},
+						DeletionOrder: AllAtOnceDeletionOrder,
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "Deletion Order on strategy is set as Reverse but no steps in RollingSync",
+			appset: &v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
+					Strategy: &v1alpha1.ApplicationSetStrategy{
+						Type: "RollingSync",
+						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{
+							Steps: []v1alpha1.ApplicationSetRolloutStep{},
+						},
+						DeletionOrder: ReverseDeletionOrder,
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "Deletion Order on strategy is set as Reverse, but AllAtOnce is explicitly set",
+			appset: &v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
+					Strategy: &v1alpha1.ApplicationSetStrategy{
+						Type: "AllAtOnce",
+						RollingSync: &v1alpha1.ApplicationSetRolloutStrategy{
+							Steps: []v1alpha1.ApplicationSetRolloutStep{},
+						},
+						DeletionOrder: ReverseDeletionOrder,
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "Strategy is Nil",
+			appset: &v1alpha1.ApplicationSet{
+				Spec: v1alpha1.ApplicationSetSpec{
+					Strategy: &v1alpha1.ApplicationSetStrategy{},
+				},
+			},
+			expected: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := isProgressiveSyncDeletionOrderReversed(tt.appset)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
diff --git a/assets/swagger.json b/assets/swagger.json
index 0f5bdcd069434..2d74fd16b8f6b 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -7260,6 +7260,10 @@
       "description": "ApplicationSetStrategy configures how generated Applications are updated in sequence.",
       "type": "object",
       "properties": {
+        "deletionOrder": {
+          "type": "string",
+          "title": "DeletionOrder allows specifying the order for deleting generated apps when progressive sync is enabled.\naccepts values \"AllAtOnce\" and \"Reverse\""
+        },
         "rollingSync": {
           "$ref": "#/definitions/v1alpha1ApplicationSetRolloutStrategy"
         },
diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index 67c5d336d38f4..c3700d745c387 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -22840,6 +22840,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index aa80744568cd5..366fd4e58e616 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -22840,6 +22840,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml
index d8bad34c79542..b7aeed2481837 100644
--- a/manifests/crds/applicationset-crd.yaml
+++ b/manifests/crds/applicationset-crd.yaml
@@ -16948,6 +16948,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 1712909aa9bb4..104dce16618bd 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -22840,6 +22840,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index ecca64ce53d12..6f6bbfc55dee2 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -22840,6 +22840,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index 671b66bf2d826..f502313332128 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -22840,6 +22840,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/manifests/install.yaml b/manifests/install.yaml
index a309400a83996..9fdce34bb0e0d 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -22840,6 +22840,8 @@ spec:
                 type: object
               strategy:
                 properties:
+                  deletionOrder:
+                    type: string
                   rollingSync:
                     properties:
                       steps:
diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go
index b628812562f4a..1c5df821e5c8c 100644
--- a/pkg/apis/application/v1alpha1/applicationset_types.go
+++ b/pkg/apis/application/v1alpha1/applicationset_types.go
@@ -84,7 +84,9 @@ type ApplicationPreservedFields struct {
 type ApplicationSetStrategy struct {
 	Type        string                         `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"`
 	RollingSync *ApplicationSetRolloutStrategy `json:"rollingSync,omitempty" protobuf:"bytes,2,opt,name=rollingSync"`
-	// RollingUpdate *ApplicationSetRolloutStrategy `json:"rollingUpdate,omitempty" protobuf:"bytes,3,opt,name=rollingUpdate"`
+	// DeletionOrder allows specifying the order for deleting generated apps when progressive sync is enabled.
+	// accepts values "AllAtOnce" and "Reverse"
+	DeletionOrder string `json:"deletionOrder,omitempty" protobuf:"bytes,3,opt,name=deletionOrder"`
 }
 type ApplicationSetRolloutStrategy struct {
 	Steps []ApplicationSetRolloutStep `json:"steps,omitempty" protobuf:"bytes,1,opt,name=steps"`
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index aa5cb17ba1825..09004a763176e 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -4914,779 +4914,780 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12344 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7,
-	0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0x1d, 0xfa, 0xee, 0x48, 0xdc, 0xf1, 0x03, 0xe7,
-	0xa1, 0x4c, 0xd1, 0x11, 0x09, 0x98, 0x47, 0x52, 0x66, 0x4c, 0x5b, 0x36, 0x3e, 0xee, 0x03, 0x77,
-	0xc0, 0x01, 0xec, 0xc5, 0xdd, 0x59, 0x94, 0x29, 0x6a, 0xb0, 0xdb, 0x58, 0xcc, 0x61, 0x76, 0x66,
-	0x39, 0x33, 0x8b, 0xc3, 0xd2, 0xb2, 0x2c, 0x59, 0x92, 0x2d, 0x5b, 0x5f, 0x8c, 0x95, 0x8a, 0xa8,
-	0x24, 0x52, 0xe4, 0xd8, 0xf9, 0xaa, 0x94, 0xca, 0x4a, 0xfc, 0x23, 0xae, 0xb2, 0x5d, 0x2a, 0x7f,
-	0x94, 0x4a, 0x8e, 0x93, 0xd8, 0x51, 0x29, 0x96, 0x13, 0x5b, 0x88, 0x74, 0x49, 0xca, 0xae, 0x54,
-	0xc5, 0x55, 0x76, 0xf2, 0x23, 0x75, 0x49, 0xa5, 0x52, 0xfd, 0xdd, 0x33, 0x3b, 0x0b, 0x2c, 0x0e,
-	0x83, 0xbb, 0x93, 0xcc, 0x7f, 0xbb, 0xfd, 0xde, 0xbc, 0xd7, 0xd3, 0xd3, 0xfd, 0xde, 0xeb, 0xd7,
-	0xef, 0xbd, 0x86, 0xa5, 0x86, 0x1b, 0x6f, 0xb6, 0xd7, 0xa7, 0x6b, 0x41, 0x73, 0xc6, 0x09, 0x1b,
-	0x41, 0x2b, 0x0c, 0x6e, 0xb0, 0x1f, 0x4f, 0xd5, 0xea, 0x33, 0xdb, 0xcf, 0xcc, 0xb4, 0xb6, 0x1a,
-	0x33, 0x4e, 0xcb, 0x8d, 0x66, 0x9c, 0x56, 0xcb, 0x73, 0x6b, 0x4e, 0xec, 0x06, 0xfe, 0xcc, 0xf6,
-	0xd3, 0x8e, 0xd7, 0xda, 0x74, 0x9e, 0x9e, 0x69, 0x10, 0x9f, 0x84, 0x4e, 0x4c, 0xea, 0xd3, 0xad,
-	0x30, 0x88, 0x03, 0xf4, 0x43, 0x9a, 0xda, 0xb4, 0xa4, 0xc6, 0x7e, 0xbc, 0x52, 0xab, 0x4f, 0x6f,
-	0x3f, 0x33, 0xdd, 0xda, 0x6a, 0x4c, 0x53, 0x6a, 0xd3, 0x06, 0xb5, 0x69, 0x49, 0xed, 0xf4, 0x53,
-	0x46, 0x5f, 0x1a, 0x41, 0x23, 0x98, 0x61, 0x44, 0xd7, 0xdb, 0x1b, 0xec, 0x1f, 0xfb, 0xc3, 0x7e,
-	0x71, 0x66, 0xa7, 0xed, 0xad, 0xe7, 0xa3, 0x69, 0x37, 0xa0, 0xdd, 0x9b, 0xa9, 0x05, 0x21, 0x99,
-	0xd9, 0xee, 0xea, 0xd0, 0xe9, 0x8b, 0x1a, 0x87, 0xec, 0xc4, 0xc4, 0x8f, 0xdc, 0xc0, 0x8f, 0x9e,
-	0xa2, 0x5d, 0x20, 0xe1, 0x36, 0x09, 0xcd, 0xd7, 0x33, 0x10, 0xb2, 0x28, 0x3d, 0xab, 0x29, 0x35,
-	0x9d, 0xda, 0xa6, 0xeb, 0x93, 0xb0, 0xa3, 0x1f, 0x6f, 0x92, 0xd8, 0xc9, 0x7a, 0x6a, 0xa6, 0xd7,
-	0x53, 0x61, 0xdb, 0x8f, 0xdd, 0x26, 0xe9, 0x7a, 0xe0, 0x1d, 0xfb, 0x3d, 0x10, 0xd5, 0x36, 0x49,
-	0xd3, 0xe9, 0x7a, 0xee, 0x99, 0x5e, 0xcf, 0xb5, 0x63, 0xd7, 0x9b, 0x71, 0xfd, 0x38, 0x8a, 0xc3,
-	0xf4, 0x43, 0xf6, 0xdf, 0xb7, 0x60, 0x74, 0xf6, 0x7a, 0x75, 0xb6, 0x1d, 0x6f, 0xce, 0x07, 0xfe,
-	0x86, 0xdb, 0x40, 0xcf, 0xc1, 0x70, 0xcd, 0x6b, 0x47, 0x31, 0x09, 0xaf, 0x38, 0x4d, 0x32, 0x69,
-	0x9d, 0xb1, 0x9e, 0xa8, 0xcc, 0x1d, 0xff, 0xea, 0xee, 0xd4, 0x5b, 0x6e, 0xed, 0x4e, 0x0d, 0xcf,
-	0x6b, 0x10, 0x36, 0xf1, 0xd0, 0xf7, 0xc1, 0x50, 0x18, 0x78, 0x64, 0x16, 0x5f, 0x99, 0x2c, 0xb0,
-	0x47, 0xc6, 0xc5, 0x23, 0x43, 0x98, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0xad, 0x30, 0xd8, 0x70, 0x3d,
-	0x32, 0x59, 0x4c, 0xa2, 0xae, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0x67, 0x0b, 0x30, 0x3e, 0xdb, 0x6a,
+	// 12364 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xc9,
+	0x71, 0x18, 0xcc, 0x9e, 0xc1, 0x00, 0x33, 0x89, 0xd7, 0xa2, 0x76, 0xf7, 0x0e, 0xbb, 0xf7, 0xc0,
+	0xaa, 0x8f, 0x3a, 0x9e, 0x3e, 0xde, 0x01, 0xba, 0xbd, 0x3b, 0xea, 0x3e, 0x9d, 0x44, 0x09, 0x8f,
+	0x7d, 0x60, 0x17, 0x58, 0xe0, 0x6a, 0xb0, 0xbb, 0xe2, 0x51, 0xc7, 0x63, 0x63, 0xa6, 0x30, 0xe8,
+	0x45, 0x4f, 0xf7, 0x5c, 0x77, 0x0f, 0x16, 0x73, 0x22, 0x29, 0x52, 0x24, 0x25, 0x4a, 0x7c, 0x9d,
+	0x45, 0x87, 0x79, 0xb4, 0x4d, 0x9a, 0xb2, 0xe4, 0x57, 0x38, 0x18, 0xa2, 0xad, 0x1f, 0x56, 0x84,
+	0xa4, 0x60, 0xe8, 0x11, 0x0c, 0xca, 0x2f, 0xc9, 0x0c, 0x5a, 0x94, 0x2d, 0x11, 0x26, 0xd7, 0x76,
+	0x48, 0xe1, 0x08, 0x2b, 0x42, 0xb2, 0x7f, 0x38, 0xd6, 0x0e, 0x87, 0xa3, 0xde, 0xd5, 0x3d, 0x3d,
+	0xc0, 0x60, 0xd1, 0xd8, 0x5d, 0x52, 0xf7, 0x6f, 0xa6, 0x32, 0x2b, 0xb3, 0xba, 0xba, 0x3a, 0x33,
+	0x2b, 0x2b, 0x33, 0x0b, 0x96, 0x1a, 0x6e, 0xbc, 0xd9, 0x5e, 0x9f, 0xae, 0x05, 0xcd, 0x19, 0x27,
+	0x6c, 0x04, 0xad, 0x30, 0xb8, 0xc1, 0x7e, 0x3c, 0x55, 0xab, 0xcf, 0x6c, 0x3f, 0x33, 0xd3, 0xda,
+	0x6a, 0xcc, 0x38, 0x2d, 0x37, 0x9a, 0x71, 0x5a, 0x2d, 0xcf, 0xad, 0x39, 0xb1, 0x1b, 0xf8, 0x33,
+	0xdb, 0x4f, 0x3b, 0x5e, 0x6b, 0xd3, 0x79, 0x7a, 0xa6, 0x41, 0x7c, 0x12, 0x3a, 0x31, 0xa9, 0x4f,
+	0xb7, 0xc2, 0x20, 0x0e, 0xd0, 0x8f, 0x68, 0x6a, 0xd3, 0x92, 0x1a, 0xfb, 0xf1, 0x4a, 0xad, 0x3e,
+	0xbd, 0xfd, 0xcc, 0x74, 0x6b, 0xab, 0x31, 0x4d, 0xa9, 0x4d, 0x1b, 0xd4, 0xa6, 0x25, 0xb5, 0xd3,
+	0x4f, 0x19, 0x63, 0x69, 0x04, 0x8d, 0x60, 0x86, 0x11, 0x5d, 0x6f, 0x6f, 0xb0, 0x7f, 0xec, 0x0f,
+	0xfb, 0xc5, 0x99, 0x9d, 0xb6, 0xb7, 0x9e, 0x8f, 0xa6, 0xdd, 0x80, 0x0e, 0x6f, 0xa6, 0x16, 0x84,
+	0x64, 0x66, 0xbb, 0x6b, 0x40, 0xa7, 0x2f, 0x6a, 0x1c, 0xb2, 0x13, 0x13, 0x3f, 0x72, 0x03, 0x3f,
+	0x7a, 0x8a, 0x0e, 0x81, 0x84, 0xdb, 0x24, 0x34, 0x1f, 0xcf, 0x40, 0xc8, 0xa2, 0xf4, 0xac, 0xa6,
+	0xd4, 0x74, 0x6a, 0x9b, 0xae, 0x4f, 0xc2, 0x8e, 0xee, 0xde, 0x24, 0xb1, 0x93, 0xd5, 0x6b, 0xa6,
+	0x57, 0xaf, 0xb0, 0xed, 0xc7, 0x6e, 0x93, 0x74, 0x75, 0x78, 0xc7, 0x7e, 0x1d, 0xa2, 0xda, 0x26,
+	0x69, 0x3a, 0x5d, 0xfd, 0x9e, 0xe9, 0xd5, 0xaf, 0x1d, 0xbb, 0xde, 0x8c, 0xeb, 0xc7, 0x51, 0x1c,
+	0xa6, 0x3b, 0xd9, 0x7f, 0xd7, 0x82, 0xd1, 0xd9, 0xeb, 0xd5, 0xd9, 0x76, 0xbc, 0x39, 0x1f, 0xf8,
+	0x1b, 0x6e, 0x03, 0x3d, 0x07, 0xc3, 0x35, 0xaf, 0x1d, 0xc5, 0x24, 0xbc, 0xe2, 0x34, 0xc9, 0xa4,
+	0x75, 0xc6, 0x7a, 0xa2, 0x32, 0x77, 0xfc, 0x6b, 0xbb, 0x53, 0x6f, 0xb9, 0xb5, 0x3b, 0x35, 0x3c,
+	0xaf, 0x41, 0xd8, 0xc4, 0x43, 0x3f, 0x00, 0x43, 0x61, 0xe0, 0x91, 0x59, 0x7c, 0x65, 0xb2, 0xc0,
+	0xba, 0x8c, 0x8b, 0x2e, 0x43, 0x98, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0xad, 0x30, 0xd8, 0x70, 0x3d,
+	0x32, 0x59, 0x4c, 0xa2, 0xae, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0xe7, 0x0a, 0x30, 0x3e, 0xdb, 0x6a,
 	0x5d, 0x24, 0x8e, 0x17, 0x6f, 0x56, 0x63, 0x27, 0x6e, 0x47, 0xa8, 0x01, 0x83, 0x11, 0xfb, 0x25,
-	0xfa, 0xb6, 0x22, 0x9e, 0x1e, 0xe4, 0xf0, 0xdb, 0xbb, 0x53, 0x3f, 0x9c, 0x35, 0xa3, 0x1b, 0x6e,
-	0x1c, 0xb4, 0xa2, 0xa7, 0x88, 0xdf, 0x70, 0x7d, 0xc2, 0xc6, 0x65, 0x93, 0x51, 0x9d, 0x36, 0x89,
-	0xcf, 0x07, 0x75, 0x82, 0x05, 0x79, 0xda, 0xcf, 0x26, 0x89, 0x22, 0xa7, 0x41, 0xd2, 0xaf, 0xb4,
-	0xcc, 0x9b, 0xb1, 0x84, 0xa3, 0x10, 0x90, 0xe7, 0x44, 0xf1, 0x5a, 0xe8, 0xf8, 0x91, 0x4b, 0xa7,
-	0xf4, 0x9a, 0xdb, 0xe4, 0x6f, 0x37, 0x7c, 0xf6, 0x6f, 0x4c, 0xf3, 0x0f, 0x33, 0x6d, 0x7e, 0x18,
-	0xbd, 0x0e, 0xe8, 0xbc, 0x99, 0xde, 0x7e, 0x7a, 0x9a, 0x3e, 0x31, 0xf7, 0xc0, 0xad, 0xdd, 0x29,
+	0xc6, 0xb6, 0x22, 0x7a, 0x0f, 0x72, 0xf8, 0xed, 0xdd, 0xa9, 0x1f, 0xcd, 0x5a, 0xd1, 0x0d, 0x37,
+	0x0e, 0x5a, 0xd1, 0x53, 0xc4, 0x6f, 0xb8, 0x3e, 0x61, 0xf3, 0xb2, 0xc9, 0xa8, 0x4e, 0x9b, 0xc4,
+	0xe7, 0x83, 0x3a, 0xc1, 0x82, 0x3c, 0x1d, 0x67, 0x93, 0x44, 0x91, 0xd3, 0x20, 0xe9, 0x47, 0x5a,
+	0xe6, 0xcd, 0x58, 0xc2, 0x51, 0x08, 0xc8, 0x73, 0xa2, 0x78, 0x2d, 0x74, 0xfc, 0xc8, 0xa5, 0x4b,
+	0x7a, 0xcd, 0x6d, 0xf2, 0xa7, 0x1b, 0x3e, 0xfb, 0xff, 0x4d, 0xf3, 0x17, 0x33, 0x6d, 0xbe, 0x18,
+	0xfd, 0x1d, 0xd0, 0x75, 0x33, 0xbd, 0xfd, 0xf4, 0x34, 0xed, 0x31, 0xf7, 0xc0, 0xad, 0xdd, 0x29,
 	0xb4, 0xd4, 0x45, 0x09, 0x67, 0x50, 0xb7, 0xff, 0xa8, 0x00, 0x30, 0xdb, 0x6a, 0xad, 0x86, 0xc1,
-	0x0d, 0x52, 0x8b, 0xd1, 0x7b, 0xa1, 0x4c, 0x49, 0xd5, 0x9d, 0xd8, 0x61, 0x03, 0x33, 0x7c, 0xf6,
-	0xfb, 0xfb, 0x63, 0xbc, 0xb2, 0x4e, 0x9f, 0x5f, 0x26, 0xb1, 0x33, 0x87, 0xc4, 0x0b, 0x82, 0x6e,
-	0xc3, 0x8a, 0x2a, 0xf2, 0x61, 0x20, 0x6a, 0x91, 0x1a, 0x1b, 0x8c, 0xe1, 0xb3, 0x4b, 0xd3, 0x87,
-	0x59, 0xe9, 0xd3, 0xba, 0xe7, 0xd5, 0x16, 0xa9, 0xcd, 0x8d, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66,
-	0x7c, 0xd0, 0xb6, 0xfa, 0xd0, 0x7c, 0x20, 0xaf, 0xe4, 0xc6, 0x91, 0x51, 0x9d, 0x1b, 0x4b, 0x4e,
-	0x1c, 0xf9, 0xdd, 0xed, 0x6f, 0x5a, 0x30, 0xa6, 0x91, 0x97, 0xdc, 0x28, 0x46, 0x3f, 0xde, 0x35,
-	0xb8, 0xd3, 0xfd, 0x0d, 0x2e, 0x7d, 0x9a, 0x0d, 0xed, 0x31, 0xc1, 0xac, 0x2c, 0x5b, 0x8c, 0x81,
-	0x6d, 0x42, 0xc9, 0x8d, 0x49, 0x33, 0x9a, 0x2c, 0x9c, 0x29, 0x3e, 0x31, 0x7c, 0xf6, 0x62, 0x5e,
-	0xef, 0x39, 0x37, 0x2a, 0x98, 0x96, 0x16, 0x29, 0x79, 0xcc, 0xb9, 0xd8, 0x7f, 0x35, 0x6a, 0xbe,
-	0x1f, 0x1d, 0x70, 0xf4, 0x34, 0x0c, 0x47, 0x41, 0x3b, 0xac, 0x11, 0x4c, 0x5a, 0x01, 0x5d, 0x58,
-	0x45, 0x3a, 0xdd, 0xe9, 0x82, 0xaf, 0xea, 0x66, 0x6c, 0xe2, 0xa0, 0x4f, 0x5a, 0x30, 0x52, 0x27,
-	0x51, 0xec, 0xfa, 0x8c, 0xbf, 0xec, 0xfc, 0xda, 0xa1, 0x3b, 0x2f, 0x1b, 0x17, 0x34, 0xf1, 0xb9,
-	0x13, 0xe2, 0x45, 0x46, 0x8c, 0xc6, 0x08, 0x27, 0xf8, 0x53, 0xc1, 0x55, 0x27, 0x51, 0x2d, 0x74,
-	0x5b, 0xf4, 0xbf, 0x10, 0x2d, 0x4a, 0x70, 0x2d, 0x68, 0x10, 0x36, 0xf1, 0x90, 0x0f, 0x25, 0x2a,
-	0x98, 0xa2, 0xc9, 0x01, 0xd6, 0xff, 0xc5, 0xc3, 0xf5, 0x5f, 0x0c, 0x2a, 0x95, 0x79, 0x7a, 0xf4,
-	0xe9, 0xbf, 0x08, 0x73, 0x36, 0xe8, 0x13, 0x16, 0x4c, 0x0a, 0xc1, 0x89, 0x09, 0x1f, 0xd0, 0xeb,
-	0x9b, 0x6e, 0x4c, 0x3c, 0x37, 0x8a, 0x27, 0x4b, 0xac, 0x0f, 0x33, 0xfd, 0xcd, 0xad, 0x0b, 0x61,
-	0xd0, 0x6e, 0x5d, 0x76, 0xfd, 0xfa, 0xdc, 0x19, 0xc1, 0x69, 0x72, 0xbe, 0x07, 0x61, 0xdc, 0x93,
-	0x25, 0xfa, 0xb4, 0x05, 0xa7, 0x7d, 0xa7, 0x49, 0xa2, 0x96, 0x43, 0x3f, 0x2d, 0x07, 0xcf, 0x79,
-	0x4e, 0x6d, 0x8b, 0xf5, 0x68, 0xf0, 0xce, 0x7a, 0x64, 0x8b, 0x1e, 0x9d, 0xbe, 0xd2, 0x93, 0x34,
-	0xde, 0x83, 0x2d, 0xfa, 0x25, 0x0b, 0x26, 0x82, 0xb0, 0xb5, 0xe9, 0xf8, 0xa4, 0x2e, 0xa1, 0xd1,
-	0xe4, 0x10, 0x5b, 0x7a, 0xef, 0x39, 0xdc, 0x27, 0x5a, 0x49, 0x93, 0x5d, 0x0e, 0x7c, 0x37, 0x0e,
-	0xc2, 0x2a, 0x89, 0x63, 0xd7, 0x6f, 0x44, 0x73, 0x27, 0x6f, 0xed, 0x4e, 0x4d, 0x74, 0x61, 0xe1,
-	0xee, 0xfe, 0xa0, 0x9f, 0x80, 0xe1, 0xa8, 0xe3, 0xd7, 0xae, 0xbb, 0x7e, 0x3d, 0xb8, 0x19, 0x4d,
-	0x96, 0xf3, 0x58, 0xbe, 0x55, 0x45, 0x50, 0x2c, 0x40, 0xcd, 0x00, 0x9b, 0xdc, 0xb2, 0x3f, 0x9c,
-	0x9e, 0x4a, 0x95, 0xbc, 0x3f, 0x9c, 0x9e, 0x4c, 0x7b, 0xb0, 0x45, 0x3f, 0x6b, 0xc1, 0x68, 0xe4,
-	0x36, 0x7c, 0x27, 0x6e, 0x87, 0xe4, 0x32, 0xe9, 0x44, 0x93, 0xc0, 0x3a, 0x72, 0xe9, 0x90, 0xa3,
-	0x62, 0x90, 0x9c, 0x3b, 0x29, 0xfa, 0x38, 0x6a, 0xb6, 0x46, 0x38, 0xc9, 0x37, 0x6b, 0xa1, 0xe9,
-	0x69, 0x3d, 0x9c, 0xef, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, 0xa3, 0x70, 0x8c, 0x37, 0xa9,
-	0x91, 0x8d, 0x26, 0x47, 0x98, 0xa0, 0x3d, 0x71, 0x6b, 0x77, 0xea, 0x58, 0x35, 0x05, 0xc3, 0x5d,
-	0xd8, 0xe8, 0x55, 0x98, 0x6a, 0x91, 0xb0, 0xe9, 0xc6, 0x2b, 0xbe, 0xd7, 0x91, 0xe2, 0xbb, 0x16,
-	0xb4, 0x48, 0x5d, 0x74, 0x27, 0x9a, 0x1c, 0x3d, 0x63, 0x3d, 0x51, 0x9e, 0x7b, 0x9b, 0xe8, 0xe6,
-	0xd4, 0xea, 0xde, 0xe8, 0x78, 0x3f, 0x7a, 0xe8, 0x2b, 0x16, 0x9c, 0x36, 0xa4, 0x6c, 0x95, 0x84,
-	0xdb, 0x6e, 0x8d, 0xcc, 0xd6, 0x6a, 0x41, 0xdb, 0x8f, 0xa3, 0xc9, 0x31, 0x36, 0x8c, 0xeb, 0x47,
-	0x21, 0xf3, 0x93, 0xac, 0xf4, 0xbc, 0xec, 0x89, 0x12, 0xe1, 0x3d, 0x7a, 0x6a, 0xff, 0x5e, 0x01,
-	0x8e, 0xa5, 0x2d, 0x00, 0xf4, 0x8f, 0x2d, 0x18, 0xbf, 0x71, 0x33, 0x5e, 0x0b, 0xb6, 0x88, 0x1f,
-	0xcd, 0x75, 0xa8, 0x9c, 0x66, 0xba, 0x6f, 0xf8, 0x6c, 0x2d, 0x5f, 0x5b, 0x63, 0xfa, 0x52, 0x92,
-	0xcb, 0x39, 0x3f, 0x0e, 0x3b, 0x73, 0x0f, 0x8a, 0x77, 0x1a, 0xbf, 0x74, 0x7d, 0xcd, 0x84, 0xe2,
-	0x74, 0xa7, 0x4e, 0x7f, 0xcc, 0x82, 0x13, 0x59, 0x24, 0xd0, 0x31, 0x28, 0x6e, 0x91, 0x0e, 0xb7,
-	0x84, 0x31, 0xfd, 0x89, 0x5e, 0x86, 0xd2, 0xb6, 0xe3, 0xb5, 0x89, 0x30, 0xd3, 0x2e, 0x1c, 0xee,
-	0x45, 0x54, 0xcf, 0x30, 0xa7, 0xfa, 0x83, 0x85, 0xe7, 0x2d, 0xfb, 0x0f, 0x8a, 0x30, 0x6c, 0x7c,
-	0xb4, 0xbb, 0x60, 0x7a, 0x06, 0x09, 0xd3, 0x73, 0x39, 0xb7, 0xf9, 0xd6, 0xd3, 0xf6, 0xbc, 0x99,
-	0xb2, 0x3d, 0x57, 0xf2, 0x63, 0xb9, 0xa7, 0xf1, 0x89, 0x62, 0xa8, 0x04, 0x2d, 0xba, 0x45, 0xa3,
-	0x36, 0xcc, 0x40, 0x1e, 0x9f, 0x70, 0x45, 0x92, 0x9b, 0x1b, 0xbd, 0xb5, 0x3b, 0x55, 0x51, 0x7f,
-	0xb1, 0x66, 0x64, 0x7f, 0xc3, 0x82, 0x13, 0x46, 0x1f, 0xe7, 0x03, 0xbf, 0xce, 0x36, 0x1a, 0xe8,
-	0x0c, 0x0c, 0xc4, 0x9d, 0x96, 0xdc, 0x06, 0xaa, 0x91, 0x5a, 0xeb, 0xb4, 0x08, 0x66, 0x90, 0xfb,
-	0x7d, 0x97, 0xf4, 0x69, 0x0b, 0x1e, 0xc8, 0x16, 0x30, 0xe8, 0x71, 0x18, 0xe4, 0x3e, 0x00, 0xf1,
-	0x76, 0xfa, 0x93, 0xb0, 0x56, 0x2c, 0xa0, 0x68, 0x06, 0x2a, 0x4a, 0xe1, 0x89, 0x77, 0x9c, 0x10,
-	0xa8, 0x15, 0xad, 0x25, 0x35, 0x0e, 0x1d, 0x34, 0xfa, 0x47, 0x98, 0xa0, 0x6a, 0xd0, 0xd8, 0xa6,
-	0x99, 0x41, 0xec, 0xaf, 0x5b, 0xf0, 0xd6, 0x7e, 0xc4, 0xde, 0xd1, 0xf5, 0xb1, 0x0a, 0x27, 0xeb,
-	0x64, 0xc3, 0x69, 0x7b, 0x71, 0x92, 0xa3, 0xe8, 0xf4, 0x23, 0xe2, 0xe1, 0x93, 0x0b, 0x59, 0x48,
-	0x38, 0xfb, 0x59, 0xfb, 0x3f, 0x5b, 0x6c, 0xbb, 0x2e, 0x5f, 0xeb, 0x2e, 0x6c, 0x9d, 0xfc, 0xe4,
-	0xd6, 0x69, 0x31, 0xb7, 0x65, 0xda, 0x63, 0xef, 0xf4, 0x09, 0x0b, 0x4e, 0x1b, 0x58, 0xcb, 0x4e,
-	0x5c, 0xdb, 0x3c, 0xb7, 0xd3, 0x0a, 0x49, 0x14, 0xd1, 0x29, 0xf5, 0x88, 0x21, 0x8e, 0xe7, 0x86,
-	0x05, 0x85, 0xe2, 0x65, 0xd2, 0xe1, 0xb2, 0xf9, 0x49, 0x28, 0xf3, 0x35, 0x17, 0x84, 0xe2, 0x23,
-	0xa9, 0x77, 0x5b, 0x11, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0xcc, 0xa5, 0x32, 0x88, 0x9a,
-	0x09, 0x40, 0xbf, 0xfb, 0x35, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x12, 0xdd, 0x59, 0x0d, 0x09, 0x9b,
-	0x0f, 0xf5, 0xf3, 0x2e, 0xf1, 0xea, 0x11, 0xdd, 0xd6, 0x39, 0xbe, 0x1f, 0xc4, 0x62, 0x87, 0x66,
-	0x6c, 0xeb, 0x66, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xcf, 0x59, 0x27, 0x1e, 0x1f, 0x51, 0xc1,
-	0x74, 0x89, 0xb5, 0x60, 0x01, 0xb1, 0x6f, 0x15, 0xd8, 0x06, 0x52, 0x49, 0x34, 0x72, 0x37, 0xbc,
-	0x0f, 0x61, 0x42, 0x05, 0xac, 0xe6, 0x27, 0x8f, 0x49, 0x6f, 0x0f, 0xc4, 0x6b, 0x29, 0x2d, 0x80,
-	0x73, 0xe5, 0xba, 0xb7, 0x17, 0xe2, 0x03, 0x45, 0x98, 0x4a, 0x3e, 0xd0, 0xa5, 0x44, 0xe8, 0x96,
-	0xd7, 0x60, 0x94, 0xf6, 0xd5, 0x19, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0x87, 0x0b, 0x47, 0x29, 0x87,
-	0x4d, 0x35, 0x51, 0xdc, 0x47, 0x4d, 0x3c, 0xae, 0x46, 0x7d, 0x20, 0x25, 0xf3, 0x92, 0xaa, 0xf2,
-	0x0c, 0x0c, 0x44, 0x31, 0x69, 0x4d, 0x96, 0x92, 0x62, 0xb6, 0x1a, 0x93, 0x16, 0x66, 0x10, 0xf4,
-	0xc3, 0x30, 0x1e, 0x3b, 0x61, 0x83, 0xc4, 0x21, 0xd9, 0x76, 0x99, 0x5f, 0x97, 0xed, 0x67, 0x2b,
-	0x73, 0xc7, 0xa9, 0xd5, 0xb5, 0xc6, 0x40, 0x58, 0x82, 0x70, 0x1a, 0xd7, 0xfe, 0xef, 0x05, 0x78,
-	0x30, 0xf9, 0x09, 0xb4, 0x62, 0xfc, 0x91, 0x84, 0x62, 0x7c, 0xbb, 0xa9, 0x18, 0x6f, 0xef, 0x4e,
-	0x3d, 0xd4, 0xe3, 0xb1, 0xef, 0x18, 0xbd, 0x89, 0x2e, 0xa4, 0x3e, 0xc2, 0x4c, 0x97, 0x97, 0xf5,
-	0x91, 0x1e, 0xef, 0x98, 0xfa, 0x4a, 0x8f, 0xc3, 0x60, 0x48, 0x9c, 0x28, 0xf0, 0xc5, 0x77, 0x52,
-	0x5f, 0x13, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xd7, 0x2a, 0xe9, 0xc1, 0xbe, 0xc0, 0x7d, 0xd5, 0x41,
-	0x88, 0x5c, 0x18, 0x60, 0xbb, 0x36, 0x2e, 0x59, 0x2e, 0x1f, 0x6e, 0x15, 0x52, 0x2d, 0xa2, 0x48,
-	0xcf, 0x95, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0x3b, 0x50, 0xae, 0xc9, 0xcd, 0x54, 0x21,
-	0x0f, 0xb7, 0xa3, 0xd8, 0x4a, 0x69, 0x8e, 0x23, 0x54, 0xdc, 0xab, 0x1d, 0x98, 0xe2, 0x86, 0x08,
-	0x14, 0x1b, 0x6e, 0x2c, 0x3e, 0xeb, 0x21, 0xb7, 0xcb, 0x17, 0x5c, 0xe3, 0x15, 0x87, 0xa8, 0x0e,
-	0xba, 0xe0, 0xc6, 0x98, 0xd2, 0x47, 0x1f, 0xb1, 0x60, 0x38, 0xaa, 0x35, 0x57, 0xc3, 0x60, 0xdb,
-	0xad, 0x93, 0x50, 0xd8, 0x98, 0x87, 0x94, 0x6c, 0xd5, 0xf9, 0x65, 0x49, 0x50, 0xf3, 0xe5, 0xee,
-	0x0b, 0x0d, 0xc1, 0x26, 0x5f, 0xba, 0xf7, 0x7a, 0x50, 0xbc, 0xfb, 0x02, 0xa9, 0xb1, 0x15, 0x27,
-	0xf7, 0xcc, 0x6c, 0xa6, 0x1c, 0xda, 0xe6, 0x5e, 0x68, 0xd7, 0xb6, 0xe8, 0x7a, 0xd3, 0x1d, 0x7a,
-	0xe8, 0xd6, 0xee, 0xd4, 0x83, 0xf3, 0xd9, 0x3c, 0x71, 0xaf, 0xce, 0xb0, 0x01, 0x6b, 0xb5, 0x3d,
-	0x0f, 0x93, 0x57, 0xdb, 0x84, 0x79, 0xc4, 0x72, 0x18, 0xb0, 0x55, 0x4d, 0x30, 0x35, 0x60, 0x06,
-	0x04, 0x9b, 0x7c, 0xd1, 0xab, 0x30, 0xd8, 0x74, 0xe2, 0xd0, 0xdd, 0x11, 0x6e, 0xb0, 0x43, 0xee,
-	0x82, 0x96, 0x19, 0x2d, 0xcd, 0x9c, 0x29, 0x7a, 0xde, 0x88, 0x05, 0x23, 0xd4, 0x84, 0x52, 0x93,
-	0x84, 0x0d, 0x32, 0x59, 0xce, 0xc3, 0xe5, 0xbf, 0x4c, 0x49, 0x69, 0x86, 0x15, 0x6a, 0x5c, 0xb1,
-	0x36, 0xcc, 0xb9, 0xa0, 0x97, 0xa1, 0x1c, 0x11, 0x8f, 0xd4, 0xa8, 0x79, 0x54, 0x61, 0x1c, 0x9f,
-	0xe9, 0xd3, 0x54, 0xa4, 0x76, 0x49, 0x55, 0x3c, 0xca, 0x17, 0x98, 0xfc, 0x87, 0x15, 0x49, 0x3a,
-	0x80, 0x2d, 0xaf, 0xdd, 0x70, 0xfd, 0x49, 0xc8, 0x63, 0x00, 0x57, 0x19, 0xad, 0xd4, 0x00, 0xf2,
-	0x46, 0x2c, 0x18, 0xd9, 0xff, 0xcd, 0x02, 0x94, 0x14, 0x6a, 0x77, 0xc1, 0x26, 0x7e, 0x35, 0x69,
-	0x13, 0x2f, 0xe5, 0x69, 0xb4, 0xf4, 0x30, 0x8b, 0x7f, 0xbd, 0x02, 0x29, 0x75, 0x70, 0x85, 0x44,
-	0x31, 0xa9, 0xbf, 0x29, 0xc2, 0xdf, 0x14, 0xe1, 0x6f, 0x8a, 0x70, 0x25, 0xc2, 0xd7, 0x53, 0x22,
-	0xfc, 0x9d, 0xc6, 0xaa, 0xd7, 0xb1, 0x07, 0xaf, 0xa8, 0xe0, 0x04, 0xb3, 0x07, 0x06, 0x02, 0x95,
-	0x04, 0x97, 0xaa, 0x2b, 0x57, 0x32, 0x65, 0xf6, 0x2b, 0x49, 0x99, 0x7d, 0x58, 0x16, 0x7f, 0x1d,
-	0xa4, 0xf4, 0x57, 0x2c, 0x78, 0x5b, 0x52, 0x7a, 0xc9, 0x99, 0xb3, 0xd8, 0xf0, 0x83, 0x90, 0x2c,
-	0xb8, 0x1b, 0x1b, 0x24, 0x24, 0x7e, 0x8d, 0x44, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0, 0x67,
-	0x61, 0xe4, 0x46, 0x14, 0xf8, 0xab, 0x81, 0xeb, 0x0b, 0x11, 0x44, 0x77, 0x1c, 0xc7, 0x6e, 0xed,
-	0x4e, 0x8d, 0xd0, 0x11, 0x95, 0xed, 0x38, 0x81, 0x85, 0xe6, 0x61, 0xe2, 0xc6, 0xab, 0xab, 0x4e,
-	0x6c, 0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x7a, 0x31, 0x05, 0xc4, 0xdd, 0xf8, 0xf6,
-	0xdf, 0x2b, 0xc0, 0xa9, 0xd4, 0x8b, 0x04, 0x9e, 0x17, 0xb4, 0x63, 0xba, 0x27, 0x42, 0x9f, 0xb7,
-	0xe0, 0x58, 0x33, 0xe9, 0xb0, 0x88, 0x84, 0xbb, 0xfb, 0xc7, 0x72, 0xd3, 0x11, 0x29, 0x8f, 0xc8,
-	0xdc, 0xa4, 0x18, 0xa1, 0x63, 0x29, 0x40, 0x84, 0xbb, 0xfa, 0x82, 0x5e, 0x86, 0x4a, 0xd3, 0xd9,
-	0xb9, 0xda, 0xaa, 0x3b, 0xb1, 0xdc, 0x8e, 0xf6, 0xf6, 0x22, 0xb4, 0x63, 0xd7, 0x9b, 0xe6, 0x51,
-	0x2d, 0xd3, 0x8b, 0x7e, 0xbc, 0x12, 0x56, 0xe3, 0xd0, 0xf5, 0x1b, 0xdc, 0xc9, 0xb9, 0x2c, 0xc9,
-	0x60, 0x4d, 0xd1, 0xfe, 0x9c, 0x95, 0x56, 0x52, 0x6a, 0x74, 0x42, 0x27, 0x26, 0x8d, 0x0e, 0x7a,
-	0x1f, 0x94, 0xe8, 0xbe, 0x51, 0x8e, 0xca, 0xf5, 0x3c, 0x35, 0xa7, 0xf1, 0x25, 0xb4, 0x12, 0xa5,
-	0xff, 0x22, 0xcc, 0x99, 0xda, 0x9f, 0xaf, 0xa4, 0x8d, 0x05, 0x76, 0x36, 0x7f, 0x16, 0xa0, 0x11,
-	0xac, 0x91, 0x66, 0xcb, 0xa3, 0xc3, 0x62, 0xb1, 0x03, 0x1e, 0xe5, 0x2a, 0xb9, 0xa0, 0x20, 0xd8,
-	0xc0, 0x42, 0x3f, 0x67, 0x01, 0x34, 0xe4, 0x9c, 0x97, 0x86, 0xc0, 0xd5, 0x3c, 0x5f, 0x47, 0xaf,
-	0x28, 0xdd, 0x17, 0xc5, 0x10, 0x1b, 0xcc, 0xd1, 0x4f, 0x5b, 0x50, 0x8e, 0x65, 0xf7, 0xb9, 0x6a,
-	0x5c, 0xcb, 0xb3, 0x27, 0xf2, 0xa5, 0xb5, 0x4d, 0xa4, 0x86, 0x44, 0xf1, 0x45, 0x3f, 0x63, 0x01,
-	0x44, 0x1d, 0xbf, 0xb6, 0x1a, 0x78, 0x6e, 0xad, 0x23, 0x34, 0xe6, 0xb5, 0x5c, 0xdd, 0x39, 0x8a,
-	0xfa, 0xdc, 0x18, 0x1d, 0x0d, 0xfd, 0x1f, 0x1b, 0x9c, 0xd1, 0xfb, 0xa1, 0x1c, 0x89, 0xe9, 0x26,
-	0x74, 0xe4, 0x5a, 0xbe, 0x4e, 0x25, 0x4e, 0x5b, 0x88, 0x57, 0xf1, 0x0f, 0x2b, 0x9e, 0xe8, 0x33,
-	0x16, 0x8c, 0xb7, 0x92, 0x6e, 0x42, 0xa1, 0x0e, 0xf3, 0x93, 0x01, 0x29, 0x37, 0x24, 0xf7, 0xb6,
-	0xa4, 0x1a, 0x71, 0xba, 0x17, 0x54, 0x02, 0xea, 0x19, 0xbc, 0xd2, 0xe2, 0x2e, 0xcb, 0x21, 0x2d,
-	0x01, 0x2f, 0xa4, 0x81, 0xb8, 0x1b, 0x1f, 0xad, 0xc2, 0x09, 0xda, 0xbb, 0x0e, 0x37, 0x3f, 0xa5,
-	0x7a, 0x89, 0x98, 0x32, 0x2c, 0xcf, 0x3d, 0x2c, 0x66, 0x08, 0x3b, 0xeb, 0x48, 0xe3, 0xe0, 0xcc,
-	0x27, 0xd1, 0x1f, 0x58, 0xf0, 0xb0, 0xcb, 0xd4, 0x80, 0xe9, 0xb0, 0xd7, 0x1a, 0x41, 0x1c, 0xb4,
-	0x93, 0x5c, 0x65, 0x45, 0x2f, 0xf5, 0x33, 0xf7, 0x56, 0xf1, 0x06, 0x0f, 0x2f, 0xee, 0xd1, 0x25,
-	0xbc, 0x67, 0x87, 0xd1, 0x0f, 0xc0, 0xa8, 0x5c, 0x17, 0xab, 0x54, 0x04, 0x33, 0x45, 0x5b, 0x99,
-	0x9b, 0xb8, 0xb5, 0x3b, 0x35, 0xba, 0x66, 0x02, 0x70, 0x12, 0xcf, 0xfe, 0xd7, 0xc5, 0xc4, 0x29,
-	0x91, 0xf2, 0x61, 0x32, 0x71, 0x53, 0x93, 0xfe, 0x1f, 0x29, 0x3d, 0x73, 0x15, 0x37, 0xca, 0xbb,
-	0xa4, 0xc5, 0x8d, 0x6a, 0x8a, 0xb0, 0xc1, 0x9c, 0x1a, 0xa5, 0x13, 0x4e, 0xda, 0x53, 0x2a, 0x24,
-	0xe0, 0xcb, 0x79, 0x76, 0xa9, 0xfb, 0x4c, 0xef, 0x94, 0xe8, 0xda, 0x44, 0x17, 0x08, 0x77, 0x77,
-	0x09, 0xfd, 0x24, 0x54, 0x42, 0x15, 0xd9, 0x52, 0xcc, 0x63, 0xab, 0x26, 0xa7, 0x8d, 0xe8, 0x8e,
-	0x3a, 0x00, 0xd2, 0x31, 0x2c, 0x9a, 0xa3, 0xfd, 0xfb, 0xc9, 0x83, 0x31, 0x43, 0x76, 0xf4, 0x71,
-	0xe8, 0xf7, 0x49, 0x0b, 0x86, 0xc3, 0xc0, 0xf3, 0x5c, 0xbf, 0x41, 0xe5, 0x9c, 0x50, 0xd6, 0xef,
-	0x3e, 0x12, 0x7d, 0x29, 0x04, 0x1a, 0xb3, 0xac, 0xb1, 0xe6, 0x89, 0xcd, 0x0e, 0xd8, 0xdf, 0xb4,
-	0x60, 0xb2, 0x97, 0x3c, 0x46, 0x04, 0x1e, 0x92, 0xc2, 0x46, 0x0d, 0xc5, 0x8a, 0xbf, 0x40, 0x3c,
-	0xa2, 0xdc, 0xe6, 0xe5, 0xb9, 0xc7, 0xc4, 0x6b, 0x3e, 0xb4, 0xda, 0x1b, 0x15, 0xef, 0x45, 0x07,
-	0xbd, 0x04, 0xc7, 0x8c, 0xf7, 0x8a, 0xd4, 0xc0, 0x54, 0xe6, 0xa6, 0xa9, 0x01, 0x34, 0x9b, 0x82,
-	0xdd, 0xde, 0x9d, 0x7a, 0x20, 0xdd, 0x26, 0x14, 0x46, 0x17, 0x1d, 0xfb, 0x97, 0x0b, 0xe9, 0xaf,
-	0xa5, 0x74, 0xfd, 0x1b, 0x56, 0x97, 0x37, 0xe1, 0xc7, 0x8e, 0x42, 0xbf, 0x32, 0xbf, 0x83, 0x0a,
-	0xc3, 0xe8, 0x8d, 0x73, 0x0f, 0x8f, 0xed, 0xed, 0x7f, 0x33, 0x00, 0x7b, 0xf4, 0xac, 0x0f, 0xe3,
-	0xfd, 0xc0, 0xe7, 0xa8, 0x1f, 0xb7, 0xd4, 0x81, 0x19, 0x5f, 0xc3, 0xf5, 0xa3, 0x1a, 0x7b, 0xbe,
-	0x7f, 0x8a, 0x78, 0xe8, 0x88, 0xf2, 0xa2, 0x27, 0x8f, 0xe6, 0xd0, 0x17, 0xac, 0xe4, 0x91, 0x1f,
-	0x0f, 0x6a, 0x74, 0x8f, 0xac, 0x4f, 0xc6, 0x39, 0x22, 0xef, 0x98, 0x3e, 0x7d, 0xea, 0x75, 0xc2,
-	0x38, 0x0d, 0xb0, 0xe1, 0xfa, 0x8e, 0xe7, 0xbe, 0x46, 0x77, 0x47, 0x25, 0xa6, 0xe0, 0x99, 0xc5,
-	0x74, 0x5e, 0xb5, 0x62, 0x03, 0xe3, 0xf4, 0xdf, 0x84, 0x61, 0xe3, 0xcd, 0x33, 0x22, 0x5e, 0x4e,
-	0x98, 0x11, 0x2f, 0x15, 0x23, 0x50, 0xe5, 0xf4, 0x3b, 0xe1, 0x58, 0xba, 0x83, 0x07, 0x79, 0xde,
-	0xfe, 0xdf, 0x43, 0xe9, 0x33, 0xb8, 0x35, 0x12, 0x36, 0x69, 0xd7, 0xde, 0x74, 0x6c, 0xbd, 0xe9,
-	0xd8, 0x7a, 0xd3, 0xb1, 0x65, 0x9e, 0x4d, 0x08, 0xa7, 0xcd, 0xd0, 0x5d, 0x72, 0xda, 0x24, 0xdc,
-	0x50, 0xe5, 0xdc, 0xdd, 0x50, 0xf6, 0x47, 0xba, 0x3c, 0xf7, 0x6b, 0x21, 0x21, 0x28, 0x80, 0x92,
-	0x1f, 0xd4, 0x89, 0xb4, 0x71, 0x2f, 0xe5, 0x63, 0xb0, 0x5d, 0x09, 0xea, 0x46, 0xb8, 0x38, 0xfd,
-	0x17, 0x61, 0xce, 0xc7, 0xfe, 0xf0, 0x20, 0x24, 0xcc, 0x49, 0xfe, 0xdd, 0xbf, 0x0f, 0x86, 0x42,
-	0xd2, 0x0a, 0xae, 0xe2, 0x25, 0xa1, 0xcb, 0x74, 0xb6, 0x0d, 0x6f, 0xc6, 0x12, 0x4e, 0x75, 0x5e,
-	0xcb, 0x89, 0x37, 0x85, 0x32, 0x53, 0x3a, 0x6f, 0xd5, 0x89, 0x37, 0x31, 0x83, 0xa0, 0x77, 0xc2,
-	0x58, 0x9c, 0x38, 0x0a, 0x17, 0x47, 0xbe, 0x0f, 0x08, 0xdc, 0xb1, 0xe4, 0x41, 0x39, 0x4e, 0x61,
-	0xa3, 0x57, 0x61, 0x60, 0x93, 0x78, 0x4d, 0xf1, 0xe9, 0xab, 0xf9, 0xe9, 0x1a, 0xf6, 0xae, 0x17,
-	0x89, 0xd7, 0xe4, 0x92, 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x9d, 0xf7, 0x95, 0xad, 0x76, 0x14, 0x07,
-	0x4d, 0xf7, 0x35, 0xe9, 0xe9, 0xfc, 0xb1, 0x9c, 0x19, 0x5f, 0x96, 0xf4, 0xb9, 0x4b, 0x49, 0xfd,
-	0xc5, 0x9a, 0x33, 0xeb, 0x47, 0xdd, 0x0d, 0xd9, 0x94, 0xe9, 0x08, 0x87, 0x65, 0xde, 0xfd, 0x58,
-	0x90, 0xf4, 0x79, 0x3f, 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x8e, 0x5a, 0x7f, 0xc3, 0xac, 0x0f, 0x57,
-	0x73, 0xee, 0x03, 0x5f, 0x7b, 0x99, 0xeb, 0xf0, 0x31, 0x28, 0xd5, 0x36, 0x9d, 0x30, 0x9e, 0x1c,
-	0x61, 0x93, 0x46, 0xcd, 0xe2, 0x79, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x02, 0xc5, 0x90, 0x6c, 0xb0,
-	0xe8, 0x64, 0x23, 0x2e, 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d, 0x36, 0xd6, 0x33, 0x60, 0xee,
-	0x17, 0x0b, 0x49, 0xc3, 0x2e, 0x39, 0x32, 0x7c, 0x3d, 0xd4, 0xda, 0x61, 0x24, 0x1d, 0x64, 0xc6,
-	0x7a, 0x60, 0xcd, 0x58, 0xc2, 0xd1, 0x07, 0x2d, 0x18, 0xba, 0x11, 0x05, 0xbe, 0x4f, 0x62, 0xa1,
-	0x44, 0xaf, 0xe5, 0x3c, 0x58, 0x97, 0x38, 0x75, 0xdd, 0x07, 0xd1, 0x80, 0x25, 0x5f, 0xda, 0x5d,
-	0xb2, 0x53, 0xf3, 0xda, 0xf5, 0xae, 0x60, 0x98, 0x73, 0xbc, 0x19, 0x4b, 0x38, 0x45, 0x75, 0x7d,
-	0x8e, 0x3a, 0x90, 0x44, 0x5d, 0xf4, 0x05, 0xaa, 0x80, 0xdb, 0xbf, 0x5a, 0x86, 0x93, 0x99, 0xcb,
-	0x87, 0x9a, 0x5c, 0xcc, 0xa8, 0x39, 0xef, 0x7a, 0x44, 0x86, 0x81, 0x31, 0x93, 0xeb, 0x9a, 0x6a,
-	0xc5, 0x06, 0x06, 0xfa, 0x29, 0x80, 0x96, 0x13, 0x3a, 0x4d, 0xa2, 0x1c, 0xd8, 0x87, 0xb6, 0x6c,
-	0x68, 0x3f, 0x56, 0x25, 0x4d, 0xbd, 0x89, 0x57, 0x4d, 0x11, 0x36, 0x58, 0xa2, 0xe7, 0x60, 0x38,
-	0x24, 0x1e, 0x71, 0x22, 0x16, 0xfe, 0x9e, 0xce, 0xe5, 0xc1, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0xb8,
-	0x8a, 0x98, 0x4b, 0x45, 0x0e, 0x25, 0xa3, 0xe6, 0xd0, 0xa7, 0x2c, 0x18, 0xdb, 0x70, 0x3d, 0xa2,
-	0xb9, 0x8b, 0xcc, 0x9b, 0x95, 0xc3, 0xbf, 0xe4, 0x79, 0x93, 0xae, 0x96, 0xa1, 0x89, 0xe6, 0x08,
-	0xa7, 0xd8, 0xd3, 0xcf, 0xbc, 0x4d, 0x42, 0x26, 0x7c, 0x07, 0x93, 0x9f, 0xf9, 0x1a, 0x6f, 0xc6,
-	0x12, 0x8e, 0x66, 0x61, 0xbc, 0xe5, 0x44, 0xd1, 0x7c, 0x48, 0xea, 0xc4, 0x8f, 0x5d, 0xc7, 0xe3,
-	0x79, 0x31, 0x65, 0x1d, 0x4e, 0xbe, 0x9a, 0x04, 0xe3, 0x34, 0x3e, 0x7a, 0x17, 0x3c, 0xc8, 0x3d,
-	0x44, 0xcb, 0x6e, 0x14, 0xb9, 0x7e, 0x43, 0x4f, 0x03, 0xe1, 0x28, 0x9b, 0x12, 0xa4, 0x1e, 0x5c,
-	0xcc, 0x46, 0xc3, 0xbd, 0x9e, 0x47, 0x4f, 0x42, 0x39, 0xda, 0x72, 0x5b, 0xf3, 0x61, 0x3d, 0x62,
-	0xa7, 0x43, 0x65, 0xed, 0x96, 0xad, 0x8a, 0x76, 0xac, 0x30, 0x50, 0x0d, 0x46, 0xf8, 0x27, 0xe1,
-	0x21, 0x7f, 0x42, 0x82, 0x3e, 0xd5, 0x53, 0x91, 0x8b, 0x14, 0xd8, 0x69, 0xec, 0xdc, 0x3c, 0x27,
-	0xcf, 0xaa, 0xf8, 0xd1, 0xca, 0x35, 0x83, 0x0c, 0x4e, 0x10, 0x4d, 0xee, 0xe9, 0x86, 0xfb, 0xd8,
-	0xd3, 0x3d, 0x07, 0xc3, 0x5b, 0xed, 0x75, 0x22, 0x46, 0x5e, 0x08, 0x36, 0x35, 0xfb, 0x2e, 0x6b,
-	0x10, 0x36, 0xf1, 0x58, 0xb4, 0x65, 0xcb, 0x15, 0xff, 0xa2, 0xc9, 0x51, 0x23, 0xda, 0x72, 0x75,
-	0x51, 0x36, 0x63, 0x13, 0x87, 0x76, 0x8d, 0x8e, 0xc5, 0x1a, 0x89, 0x58, 0x32, 0x05, 0x1d, 0x2e,
-	0xd5, 0xb5, 0xaa, 0x04, 0x60, 0x8d, 0x83, 0x56, 0xe1, 0x04, 0xfd, 0x53, 0x65, 0x29, 0xc0, 0xd7,
-	0x1c, 0xcf, 0xad, 0xf3, 0xd0, 0xbf, 0xf1, 0xa4, 0x7f, 0xb3, 0x9a, 0x81, 0x83, 0x33, 0x9f, 0xb4,
-	0x3f, 0x5b, 0x48, 0x7a, 0x4e, 0x4c, 0x11, 0x86, 0x22, 0x2a, 0xa8, 0xe2, 0x6b, 0x4e, 0x28, 0x0d,
-	0x9e, 0x43, 0x26, 0x37, 0x09, 0xba, 0xd7, 0x9c, 0xd0, 0x14, 0x79, 0x8c, 0x01, 0x96, 0x9c, 0xd0,
-	0x0d, 0x18, 0x88, 0x3d, 0x27, 0xa7, 0x6c, 0x48, 0x83, 0xa3, 0x76, 0x64, 0x2d, 0xcd, 0x46, 0x98,
-	0xf1, 0x40, 0x0f, 0xd3, 0xdd, 0xdb, 0xba, 0x3c, 0x69, 0x13, 0x1b, 0xae, 0xf5, 0x08, 0xb3, 0x56,
-	0xfb, 0x6f, 0x8f, 0x66, 0x68, 0x1d, 0x65, 0x08, 0xa0, 0xb3, 0x00, 0x74, 0xd2, 0xac, 0x86, 0x64,
-	0xc3, 0xdd, 0x11, 0x86, 0x98, 0x92, 0x6c, 0x57, 0x14, 0x04, 0x1b, 0x58, 0xf2, 0x99, 0x6a, 0x7b,
-	0x83, 0x3e, 0x53, 0xe8, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x85, 0x41, 0xb7, 0xe9, 0x34,
-	0x54, 0x20, 0xf0, 0xc3, 0x54, 0xa4, 0x2d, 0xb2, 0x96, 0xdb, 0xbb, 0x53, 0x63, 0xaa, 0x43, 0xac,
-	0x09, 0x0b, 0x5c, 0xf4, 0xcb, 0x16, 0x8c, 0xd4, 0x82, 0x66, 0x33, 0xf0, 0xf9, 0xf6, 0x59, 0xf8,
-	0x02, 0x6e, 0x1c, 0x95, 0x99, 0x34, 0x3d, 0x6f, 0x30, 0xe3, 0xce, 0x00, 0x95, 0xb6, 0x69, 0x82,
-	0x70, 0xa2, 0x57, 0xa6, 0xe4, 0x2b, 0xed, 0x23, 0xf9, 0x7e, 0xcd, 0x82, 0x09, 0xfe, 0xac, 0xb1,
-	0xab, 0x17, 0x19, 0x8a, 0xc1, 0x11, 0xbf, 0x56, 0x97, 0xa3, 0x43, 0x39, 0x7b, 0xbb, 0xe0, 0xb8,
-	0xbb, 0x93, 0xe8, 0x02, 0x4c, 0x6c, 0x04, 0x61, 0x8d, 0x98, 0x03, 0x21, 0xc4, 0xb6, 0x22, 0x74,
-	0x3e, 0x8d, 0x80, 0xbb, 0x9f, 0x41, 0xd7, 0xe0, 0x01, 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0xb9, 0x1f,
-	0x15, 0xd4, 0x1e, 0x38, 0x9f, 0x89, 0x85, 0x7b, 0x3c, 0x9d, 0x14, 0x92, 0x95, 0x3e, 0x84, 0xe4,
-	0x2b, 0x70, 0xaa, 0xd6, 0x3d, 0x32, 0xdb, 0x51, 0x7b, 0x3d, 0xe2, 0x72, 0xbc, 0x3c, 0xf7, 0x3d,
-	0x82, 0xc0, 0xa9, 0xf9, 0x5e, 0x88, 0xb8, 0x37, 0x0d, 0xf4, 0x3e, 0x28, 0x87, 0x84, 0x7d, 0x95,
-	0x48, 0xa4, 0xeb, 0x1d, 0xd2, 0xdb, 0xa1, 0x2d, 0x78, 0x4e, 0x56, 0x6b, 0x26, 0xd1, 0x10, 0x61,
-	0xc5, 0x11, 0xdd, 0x84, 0xa1, 0x96, 0x13, 0xd7, 0x36, 0x45, 0x92, 0xde, 0xa1, 0x7d, 0xf3, 0x8a,
-	0x39, 0x3b, 0x4a, 0x31, 0x4a, 0x1e, 0x70, 0x26, 0x58, 0x72, 0xa3, 0xb6, 0x5a, 0x2d, 0x68, 0xb6,
-	0x02, 0x9f, 0xf8, 0xb1, 0x54, 0x22, 0x63, 0xfc, 0xbc, 0x43, 0xb6, 0x62, 0x03, 0xa3, 0x4b, 0x97,
-	0x6b, 0xb4, 0xc9, 0x89, 0x3d, 0x74, 0xb9, 0x41, 0xad, 0xd7, 0xf3, 0x54, 0xd9, 0x30, 0xb7, 0xe2,
-	0x75, 0x37, 0xde, 0x0c, 0xda, 0xb1, 0xdc, 0x25, 0x0b, 0x45, 0xa5, 0x94, 0xcd, 0x52, 0x06, 0x0e,
-	0xce, 0x7c, 0x32, 0xad, 0x59, 0xc7, 0xef, 0x4c, 0xb3, 0x1e, 0xeb, 0x43, 0xb3, 0x56, 0xe1, 0x24,
-	0xeb, 0x81, 0xb0, 0x92, 0xa5, 0xd3, 0x32, 0x9a, 0x44, 0xac, 0xf3, 0x2a, 0xbf, 0x65, 0x29, 0x0b,
-	0x09, 0x67, 0x3f, 0x7b, 0xfa, 0x47, 0x60, 0xa2, 0x4b, 0xc8, 0x1d, 0xc8, 0x21, 0xb9, 0x00, 0x0f,
-	0x64, 0x8b, 0x93, 0x03, 0xb9, 0x25, 0x7f, 0x35, 0x15, 0x97, 0x6e, 0x6c, 0xd1, 0xfa, 0x70, 0x71,
-	0x3b, 0x50, 0x24, 0xfe, 0xb6, 0xd0, 0xae, 0xe7, 0x0f, 0x37, 0xab, 0xcf, 0xf9, 0xdb, 0x5c, 0x1a,
-	0x32, 0x3f, 0xde, 0x39, 0x7f, 0x1b, 0x53, 0xda, 0xe8, 0x17, 0xac, 0xc4, 0x06, 0x82, 0x3b, 0xc6,
-	0xdf, 0x73, 0x24, 0x7b, 0xd2, 0xbe, 0xf7, 0x14, 0xf6, 0xbf, 0x2d, 0xc0, 0x99, 0xfd, 0x88, 0xf4,
-	0x31, 0x7c, 0x8f, 0xc1, 0x60, 0xc4, 0x22, 0x4d, 0x84, 0xba, 0x1a, 0xa6, 0xab, 0x98, 0xc7, 0x9e,
-	0xbc, 0x82, 0x05, 0x08, 0x79, 0x50, 0x6c, 0x3a, 0x2d, 0xe1, 0x2f, 0x5d, 0x3c, 0x6c, 0xfe, 0x1e,
-	0xfd, 0xef, 0x78, 0xcb, 0x4e, 0x8b, 0xcf, 0x79, 0xa3, 0x01, 0x53, 0x36, 0x28, 0x86, 0x92, 0x13,
-	0x86, 0x8e, 0x0c, 0x6b, 0xb8, 0x9c, 0x0f, 0xbf, 0x59, 0x4a, 0x92, 0x9f, 0x0a, 0x27, 0x9a, 0x30,
-	0x67, 0x66, 0x7f, 0xa6, 0x9c, 0x48, 0xf6, 0x62, 0xb1, 0x2a, 0x11, 0x0c, 0x0a, 0x37, 0xa9, 0x95,
-	0x77, 0xda, 0x24, 0xcf, 0xa6, 0x66, 0x1e, 0x08, 0x51, 0x93, 0x42, 0xb0, 0x42, 0x1f, 0xb3, 0x58,
-	0xe5, 0x07, 0x99, 0x41, 0x27, 0x76, 0xf5, 0x47, 0x53, 0x88, 0xc2, 0xac, 0x27, 0x21, 0x1b, 0xb1,
-	0xc9, 0x5d, 0x54, 0xb7, 0x61, 0xbb, 0x99, 0xee, 0xea, 0x36, 0x6c, 0x77, 0x22, 0xe1, 0x68, 0x27,
-	0x23, 0x26, 0x25, 0x87, 0xea, 0x01, 0x7d, 0x44, 0xa1, 0x7c, 0xc1, 0x82, 0x09, 0x37, 0x1d, 0x5c,
-	0x20, 0xf6, 0xc0, 0xd7, 0xf3, 0xf1, 0x69, 0x76, 0xc7, 0x2e, 0x28, 0x43, 0xa7, 0x0b, 0x84, 0xbb,
-	0x3b, 0x83, 0xea, 0x30, 0xe0, 0xfa, 0x1b, 0x81, 0x30, 0xef, 0xe6, 0x0e, 0xd7, 0xa9, 0x45, 0x7f,
-	0x23, 0xd0, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x82, 0x13, 0x32, 0xdf, 0xe7, 0xa2, 0x1b,
-	0xc5, 0x41, 0xd8, 0x59, 0x72, 0x9b, 0x6e, 0xcc, 0x4c, 0xb3, 0xe2, 0xdc, 0x24, 0x55, 0x6f, 0x38,
-	0x03, 0x8e, 0x33, 0x9f, 0x42, 0xaf, 0xc1, 0x90, 0x3c, 0xd0, 0x2f, 0xe7, 0xe1, 0x4f, 0xe8, 0x9e,
-	0xff, 0x6a, 0x32, 0x55, 0xc5, 0x89, 0xbe, 0x64, 0x88, 0x3e, 0x6a, 0xc1, 0x18, 0xff, 0x7d, 0xb1,
-	0x53, 0xe7, 0x29, 0x86, 0x95, 0x3c, 0xa2, 0xf6, 0xab, 0x09, 0x9a, 0x73, 0xe8, 0xd6, 0xee, 0xd4,
-	0x58, 0xb2, 0x0d, 0xa7, 0xf8, 0xda, 0xff, 0x64, 0x04, 0xba, 0x43, 0x20, 0x92, 0xf1, 0x0e, 0xd6,
-	0xdd, 0x8e, 0x77, 0xa0, 0xbb, 0xca, 0x48, 0x87, 0x2a, 0xe4, 0xb0, 0xcc, 0x04, 0x57, 0x7d, 0x0c,
-	0xdd, 0xf1, 0x6b, 0x98, 0xf1, 0x40, 0x6d, 0x18, 0xe4, 0xc5, 0xa5, 0x84, 0x06, 0x38, 0xfc, 0xc9,
-	0xb7, 0x59, 0xa4, 0x4a, 0xbb, 0xb5, 0x78, 0x2b, 0x16, 0xcc, 0xd0, 0x0e, 0x0c, 0x6d, 0xf2, 0xe9,
-	0x28, 0xf6, 0x7a, 0xcb, 0x87, 0x1d, 0xdf, 0xc4, 0x1c, 0xd7, 0x93, 0x4f, 0x34, 0x60, 0xc9, 0x8e,
-	0x85, 0xd7, 0x19, 0x01, 0x40, 0x5c, 0x90, 0xe4, 0x97, 0x2d, 0xd9, 0x7f, 0xf4, 0xcf, 0x7b, 0x61,
-	0x24, 0x24, 0xb5, 0xc0, 0xaf, 0xb9, 0x1e, 0xa9, 0xcf, 0xca, 0x03, 0xb1, 0x83, 0x24, 0xc9, 0x31,
-	0x6f, 0x12, 0x36, 0x68, 0xe0, 0x04, 0x45, 0xb6, 0xce, 0x54, 0xe2, 0x3c, 0xfd, 0x20, 0x44, 0x1c,
-	0x7c, 0x2c, 0xe5, 0x94, 0xa6, 0xcf, 0x68, 0xf2, 0x75, 0x96, 0x6c, 0xc3, 0x29, 0xbe, 0xe8, 0x25,
-	0x80, 0x60, 0x9d, 0xc7, 0xd0, 0xcd, 0xc6, 0xe2, 0x14, 0xe4, 0x20, 0xaf, 0x3a, 0xc6, 0x93, 0x6d,
-	0x25, 0x05, 0x6c, 0x50, 0x43, 0x97, 0x01, 0xf8, 0xca, 0x59, 0xeb, 0xb4, 0xe4, 0x86, 0x50, 0x66,
-	0x39, 0x42, 0x55, 0x41, 0x6e, 0xef, 0x4e, 0x75, 0xfb, 0x9c, 0x59, 0xa0, 0x90, 0xf1, 0x38, 0xfa,
-	0x09, 0x18, 0x8a, 0xda, 0xcd, 0xa6, 0xa3, 0xce, 0x48, 0x72, 0x4c, 0xdf, 0xe5, 0x74, 0x0d, 0xc1,
-	0xc8, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x50, 0x11, 0x2f, 0x24, 0x14, 0x5f, 0x45, 0xdc, 0x42, 0xe1,
-	0x9e, 0xc0, 0x77, 0xc8, 0x5d, 0x0c, 0xce, 0xc0, 0xb9, 0xbd, 0x3b, 0xf5, 0x40, 0xb2, 0x7d, 0x29,
-	0x10, 0x09, 0xb5, 0x99, 0x34, 0xd1, 0x25, 0x59, 0x47, 0x8b, 0xbe, 0xb6, 0x2c, 0xef, 0xf2, 0x84,
-	0xae, 0xa3, 0xc5, 0x9a, 0x7b, 0x8f, 0x99, 0xf9, 0x30, 0x5a, 0x86, 0xe3, 0xb5, 0xc0, 0x8f, 0xc3,
-	0xc0, 0xf3, 0x78, 0x8d, 0x3d, 0xbe, 0x37, 0xe7, 0x67, 0x28, 0x0f, 0x89, 0x6e, 0x1f, 0x9f, 0xef,
-	0x46, 0xc1, 0x59, 0xcf, 0x51, 0x9b, 0x3c, 0xad, 0x1f, 0xc6, 0x72, 0x39, 0x5e, 0x4f, 0xd0, 0x14,
-	0x12, 0x4a, 0xb9, 0xbd, 0xf7, 0xd1, 0x14, 0x7e, 0xf2, 0x90, 0x55, 0x7c, 0xb1, 0x67, 0x61, 0x84,
-	0xec, 0xc4, 0x24, 0xf4, 0x1d, 0xef, 0x2a, 0x5e, 0x92, 0x07, 0x16, 0x6c, 0x61, 0x9e, 0x33, 0xda,
-	0x71, 0x02, 0x0b, 0xd9, 0xca, 0x4b, 0x66, 0x64, 0xae, 0x73, 0x2f, 0x99, 0xf4, 0x89, 0xd9, 0x5f,
-	0x2a, 0x26, 0x6c, 0xd6, 0x7b, 0x72, 0xa4, 0xcb, 0x4a, 0x24, 0xc9, 0x5a, 0x52, 0x0c, 0x20, 0xf6,
-	0x62, 0x79, 0x72, 0x56, 0x25, 0x92, 0x56, 0x4c, 0x46, 0x38, 0xc9, 0x17, 0x6d, 0x41, 0x69, 0x33,
-	0x88, 0x62, 0xb9, 0x43, 0x3b, 0xe4, 0x66, 0xf0, 0x62, 0x10, 0xc5, 0xcc, 0xd0, 0x52, 0xaf, 0x4d,
-	0x5b, 0x22, 0xcc, 0x79, 0xd0, 0xbd, 0x7f, 0xb4, 0xe9, 0x84, 0xf5, 0x68, 0x9e, 0xd5, 0x99, 0x18,
-	0x60, 0x16, 0x96, 0xb2, 0xa7, 0xab, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcf, 0xac, 0xc4, 0xa9, 0xd6,
-	0x75, 0x96, 0x34, 0xb0, 0x4d, 0x7c, 0x2a, 0xa2, 0xcc, 0x30, 0xc5, 0x1f, 0x48, 0xa5, 0x60, 0xbf,
-	0xad, 0x57, 0x39, 0xcc, 0x9b, 0x94, 0xc2, 0x34, 0x23, 0x61, 0x44, 0x34, 0x7e, 0xc0, 0x4a, 0xe6,
-	0xd2, 0x17, 0xf2, 0xd8, 0xba, 0x99, 0xf5, 0x24, 0xf6, 0x4d, 0xcb, 0xb7, 0x7f, 0xc1, 0x82, 0xa1,
-	0x39, 0xa7, 0xb6, 0x15, 0x6c, 0x6c, 0xa0, 0x27, 0xa1, 0x5c, 0x6f, 0x87, 0x66, 0x5a, 0xbf, 0x72,
-	0x56, 0x2d, 0x88, 0x76, 0xac, 0x30, 0xe8, 0xd4, 0xdf, 0x70, 0x6a, 0xb2, 0xaa, 0x44, 0x91, 0x4f,
-	0xfd, 0xf3, 0xac, 0x05, 0x0b, 0x08, 0x1d, 0xfe, 0xa6, 0xb3, 0x23, 0x1f, 0x4e, 0x1f, 0xa9, 0x2d,
-	0x6b, 0x10, 0x36, 0xf1, 0xec, 0xdf, 0xb5, 0x60, 0x72, 0xce, 0x89, 0xdc, 0xda, 0x6c, 0x3b, 0xde,
-	0x9c, 0x73, 0xe3, 0xf5, 0x76, 0x6d, 0x8b, 0xc4, 0xbc, 0xfa, 0x08, 0xed, 0x65, 0x3b, 0xa2, 0x2b,
-	0x50, 0xed, 0x98, 0x55, 0x2f, 0xaf, 0x8a, 0x76, 0xac, 0x30, 0xd0, 0x6b, 0x30, 0xdc, 0x72, 0xa2,
-	0xe8, 0x66, 0x10, 0xd6, 0x31, 0xd9, 0xc8, 0xa7, 0x3e, 0x51, 0x95, 0xd4, 0x42, 0x12, 0x63, 0xb2,
-	0x21, 0x02, 0x54, 0x34, 0x7d, 0x6c, 0x32, 0xb3, 0x7f, 0xce, 0x82, 0x13, 0x73, 0xc4, 0x09, 0x49,
-	0xc8, 0xca, 0x19, 0xa9, 0x17, 0x41, 0xaf, 0x42, 0x39, 0xa6, 0x2d, 0xb4, 0x47, 0x56, 0xbe, 0x3d,
-	0x62, 0xa1, 0x25, 0x6b, 0x82, 0x38, 0x56, 0x6c, 0xec, 0x4f, 0x5a, 0x70, 0x2a, 0xab, 0x2f, 0xf3,
-	0x5e, 0xd0, 0xae, 0xdf, 0x8b, 0x0e, 0xfd, 0x5d, 0x0b, 0x46, 0xd8, 0x71, 0xfd, 0x02, 0x89, 0x1d,
-	0xd7, 0xeb, 0x2a, 0xa5, 0x68, 0xf5, 0x59, 0x4a, 0xf1, 0x0c, 0x0c, 0x6c, 0x06, 0x4d, 0x92, 0x0e,
-	0x35, 0xb9, 0x18, 0x34, 0x09, 0x66, 0x10, 0xf4, 0x34, 0x9d, 0x84, 0xae, 0x1f, 0x3b, 0x74, 0x39,
-	0xca, 0xe3, 0x8c, 0x71, 0x3e, 0x01, 0x55, 0x33, 0x36, 0x71, 0xec, 0xdf, 0xaa, 0xc0, 0x90, 0x88,
-	0x8b, 0xea, 0xbb, 0x1a, 0x8e, 0xf4, 0xe2, 0x14, 0x7a, 0x7a, 0x71, 0x22, 0x18, 0xac, 0xb1, 0x7a,
-	0xb7, 0xc2, 0x42, 0xbf, 0x9c, 0x4b, 0x20, 0x1d, 0x2f, 0xa1, 0xab, 0xbb, 0xc5, 0xff, 0x63, 0xc1,
-	0x0a, 0xbd, 0x6e, 0xc1, 0x78, 0x2d, 0xf0, 0x7d, 0x52, 0xd3, 0xb6, 0xe3, 0x40, 0x1e, 0x1b, 0x84,
-	0xf9, 0x24, 0x51, 0x7d, 0x12, 0x9c, 0x02, 0xe0, 0x34, 0x7b, 0xf4, 0x02, 0x8c, 0xf2, 0x31, 0xbb,
-	0x96, 0x38, 0x83, 0xd1, 0x15, 0xf6, 0x4c, 0x20, 0x4e, 0xe2, 0xa2, 0x69, 0x7e, 0x96, 0x25, 0x6a,
-	0xd9, 0x0d, 0x6a, 0x57, 0xb5, 0x51, 0xc5, 0xce, 0xc0, 0x40, 0x21, 0xa0, 0x90, 0x6c, 0x84, 0x24,
-	0xda, 0x14, 0x71, 0x63, 0xcc, 0x6e, 0x1d, 0xba, 0xb3, 0x3a, 0x16, 0xb8, 0x8b, 0x12, 0xce, 0xa0,
-	0x8e, 0xb6, 0x84, 0x1b, 0xa1, 0x9c, 0x87, 0x3c, 0x17, 0x9f, 0xb9, 0xa7, 0x37, 0x61, 0x0a, 0x4a,
-	0x4c, 0x75, 0x31, 0x7b, 0xb9, 0xc8, 0x73, 0x27, 0x99, 0x62, 0xc3, 0xbc, 0x1d, 0x2d, 0xc0, 0xb1,
-	0x54, 0x7d, 0xc0, 0x48, 0x9c, 0x95, 0xa8, 0x3c, 0xb9, 0x54, 0x65, 0xc1, 0x08, 0x77, 0x3d, 0x61,
-	0xba, 0x98, 0x86, 0xf7, 0x71, 0x31, 0x75, 0x54, 0x74, 0x32, 0x3f, 0xc5, 0x78, 0x31, 0x97, 0x01,
-	0xe8, 0x2b, 0x14, 0xf9, 0x13, 0xa9, 0x50, 0xe4, 0x51, 0xd6, 0x81, 0x6b, 0xf9, 0x74, 0xe0, 0xe0,
-	0x71, 0xc7, 0xf7, 0x32, 0x8e, 0xf8, 0x7f, 0x59, 0x20, 0xbf, 0xeb, 0xbc, 0x53, 0xdb, 0x24, 0x74,
-	0xca, 0xa0, 0x77, 0xc2, 0x98, 0xf2, 0x4e, 0x70, 0x93, 0xc8, 0x62, 0xb3, 0x46, 0xd9, 0xce, 0x38,
-	0x01, 0xc5, 0x29, 0x6c, 0x34, 0x03, 0x15, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0xf7, 0x95, 0x07, 0x64,
-	0x76, 0x75, 0x51, 0x3c, 0xa5, 0x71, 0x50, 0x00, 0x13, 0x9e, 0x13, 0xc5, 0xac, 0x07, 0xd5, 0x8e,
-	0x5f, 0xbb, 0xc3, 0x2a, 0x32, 0x2c, 0x19, 0x6b, 0x29, 0x4d, 0x08, 0x77, 0xd3, 0xb6, 0xff, 0x7d,
-	0x09, 0x46, 0x13, 0x92, 0xf1, 0x80, 0x06, 0xc3, 0x93, 0x50, 0x96, 0x3a, 0x3c, 0x5d, 0x2e, 0x4b,
-	0x29, 0x7a, 0x85, 0x41, 0x95, 0xd6, 0xba, 0xd6, 0xaa, 0x69, 0x03, 0xc7, 0x50, 0xb8, 0xd8, 0xc4,
-	0x63, 0x42, 0x39, 0xf6, 0xa2, 0x79, 0xcf, 0x25, 0x7e, 0xcc, 0xbb, 0x99, 0x8f, 0x50, 0x5e, 0x5b,
-	0xaa, 0x9a, 0x44, 0xb5, 0x50, 0x4e, 0x01, 0x70, 0x9a, 0x3d, 0xfa, 0xb0, 0x05, 0xa3, 0xce, 0xcd,
-	0x48, 0x17, 0x65, 0x17, 0x41, 0xc7, 0x87, 0x54, 0x52, 0x89, 0x3a, 0xef, 0xdc, 0xb1, 0x9f, 0x68,
-	0xc2, 0x49, 0xa6, 0xe8, 0x0d, 0x0b, 0x10, 0xd9, 0x21, 0x35, 0x19, 0x16, 0x2d, 0xfa, 0x32, 0x98,
-	0xc7, 0x0e, 0xfe, 0x5c, 0x17, 0x5d, 0x2e, 0xd5, 0xbb, 0xdb, 0x71, 0x46, 0x1f, 0xd0, 0x25, 0x40,
-	0x75, 0x37, 0x72, 0xd6, 0x3d, 0x32, 0x1f, 0x34, 0x65, 0x02, 0xb1, 0x38, 0x4f, 0x3f, 0x2d, 0xc6,
-	0x19, 0x2d, 0x74, 0x61, 0xe0, 0x8c, 0xa7, 0xd8, 0x2c, 0x0b, 0x83, 0x9d, 0xce, 0xd5, 0xd0, 0x63,
-	0x5a, 0xc2, 0x9c, 0x65, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0xcf, 0x8b, 0x6a, 0x29, 0xeb, 0x1c, 0x00,
-	0xc7, 0x88, 0x45, 0xb6, 0xee, 0x3c, 0x16, 0x59, 0x47, 0x4a, 0x75, 0xa7, 0xc5, 0x27, 0xb2, 0x68,
-	0x0b, 0xf7, 0x28, 0x8b, 0xf6, 0xa7, 0xad, 0x44, 0x49, 0xba, 0xe1, 0xb3, 0x2f, 0xe5, 0x9b, 0x7f,
-	0x30, 0xcd, 0xa3, 0xb8, 0x52, 0x7a, 0x25, 0x15, 0xbc, 0xf7, 0x24, 0x94, 0x37, 0x3c, 0x87, 0x15,
-	0x52, 0x61, 0x0b, 0xd5, 0x88, 0x30, 0x3b, 0x2f, 0xda, 0xb1, 0xc2, 0xa0, 0x52, 0xdf, 0x20, 0x7a,
-	0x20, 0xa9, 0xfd, 0x9f, 0x8a, 0x30, 0x6c, 0x68, 0xfc, 0x4c, 0xf3, 0xcd, 0xba, 0xcf, 0xcc, 0xb7,
-	0xc2, 0x01, 0xcc, 0xb7, 0x9f, 0x82, 0x4a, 0x4d, 0x6a, 0xa3, 0x7c, 0x4a, 0xec, 0xa7, 0x75, 0x9c,
-	0x56, 0x48, 0xaa, 0x09, 0x6b, 0x9e, 0xe8, 0x42, 0x22, 0x53, 0x33, 0xe1, 0x17, 0xc8, 0x4a, 0xa5,
-	0x14, 0x1a, 0xad, 0xfb, 0x99, 0x74, 0x7c, 0x40, 0x69, 0xff, 0xf8, 0x00, 0xfb, 0x1b, 0x96, 0xfa,
-	0xb8, 0x77, 0xa1, 0x24, 0xcf, 0x8d, 0x64, 0x49, 0x9e, 0x73, 0xb9, 0x0c, 0x73, 0x8f, 0x5a, 0x3c,
-	0x57, 0x60, 0x68, 0x3e, 0x68, 0x36, 0x1d, 0xbf, 0x8e, 0xbe, 0x17, 0x86, 0x6a, 0xfc, 0xa7, 0xf0,
-	0xa1, 0xb1, 0xc3, 0x6a, 0x01, 0xc5, 0x12, 0x86, 0x1e, 0x86, 0x01, 0x27, 0x6c, 0x48, 0xbf, 0x19,
-	0x0b, 0x82, 0x9b, 0x0d, 0x1b, 0x11, 0x66, 0xad, 0xf6, 0x5f, 0x5a, 0x30, 0x46, 0x1f, 0x71, 0xd9,
-	0x4b, 0xb1, 0xd7, 0x79, 0x1c, 0x06, 0x9d, 0x76, 0xbc, 0x19, 0x74, 0xed, 0xc3, 0x66, 0x59, 0x2b,
-	0x16, 0x50, 0xba, 0x0f, 0x53, 0xb5, 0x1c, 0x8c, 0x7d, 0xd8, 0x02, 0x9d, 0xcb, 0x0c, 0x42, 0x4d,
-	0xd9, 0xa8, 0xbd, 0x9e, 0x75, 0x5a, 0x5a, 0xe5, 0xcd, 0x58, 0xc2, 0x29, 0xb1, 0xf5, 0xa0, 0xde,
-	0x11, 0xa1, 0xbd, 0x8a, 0xd8, 0x5c, 0x50, 0xef, 0x60, 0x06, 0x41, 0x8f, 0x40, 0x31, 0xda, 0x74,
-	0xe4, 0xb9, 0xbc, 0x8c, 0x32, 0xaf, 0x5e, 0x9c, 0xc5, 0xb4, 0x5d, 0x25, 0x4d, 0x84, 0x5e, 0x3a,
-	0xc6, 0x36, 0x99, 0x34, 0x11, 0x7a, 0xf6, 0xbf, 0x1c, 0x00, 0x16, 0x6f, 0xe3, 0x84, 0xa4, 0xbe,
-	0x16, 0xb0, 0x6a, 0xc0, 0x47, 0x7a, 0xac, 0xad, 0x37, 0xb2, 0xf7, 0xf3, 0xd1, 0xb6, 0x71, 0xbc,
-	0x59, 0xbc, 0xdb, 0xc7, 0x9b, 0xd9, 0x27, 0xd6, 0x03, 0xf7, 0xd1, 0x89, 0xb5, 0xfd, 0x71, 0x0b,
-	0x90, 0x8a, 0x9e, 0xd2, 0x21, 0x25, 0x33, 0x50, 0x51, 0xe1, 0x5a, 0x62, 0xbd, 0x68, 0xb1, 0x28,
-	0x01, 0x58, 0xe3, 0xf4, 0xe1, 0xbd, 0x78, 0x4c, 0xea, 0xac, 0x62, 0x32, 0xe7, 0x82, 0x69, 0x3a,
-	0xa1, 0xc2, 0xec, 0xdf, 0x2e, 0xc0, 0x03, 0xdc, 0x5c, 0x5a, 0x76, 0x7c, 0xa7, 0x41, 0x9a, 0xb4,
-	0x57, 0xfd, 0x06, 0x09, 0xd5, 0xe8, 0xb6, 0xd9, 0x95, 0x19, 0x12, 0x87, 0x95, 0x57, 0x5c, 0xce,
-	0x70, 0xc9, 0xb2, 0xe8, 0xbb, 0x31, 0x66, 0xc4, 0x51, 0x04, 0x65, 0x79, 0x1f, 0x91, 0xd0, 0x3f,
-	0x39, 0x31, 0x52, 0xa2, 0x58, 0x58, 0x16, 0x04, 0x2b, 0x46, 0xd4, 0x7c, 0xf0, 0x82, 0xda, 0x16,
-	0x5d, 0xf2, 0x69, 0xf3, 0x61, 0x49, 0xb4, 0x63, 0x85, 0x61, 0x37, 0x61, 0x5c, 0x8e, 0x61, 0xeb,
-	0x32, 0xe9, 0x60, 0xb2, 0x41, 0x75, 0x6e, 0x4d, 0x36, 0x19, 0x57, 0x24, 0x29, 0x9d, 0x3b, 0x6f,
-	0x02, 0x71, 0x12, 0x57, 0x16, 0x08, 0x2e, 0x64, 0x17, 0x08, 0xb6, 0x7f, 0xdb, 0x82, 0xb4, 0xd2,
-	0x37, 0xca, 0xa1, 0x5a, 0x7b, 0x96, 0x43, 0x3d, 0x40, 0x41, 0xd1, 0x1f, 0x87, 0x61, 0x27, 0xa6,
-	0x56, 0x1d, 0xf7, 0xc0, 0x14, 0xef, 0xec, 0xe4, 0x70, 0x39, 0xa8, 0xbb, 0x1b, 0x2e, 0xf3, 0xbc,
-	0x98, 0xe4, 0xec, 0x37, 0x2c, 0xa8, 0x2c, 0x84, 0x9d, 0x83, 0xa7, 0xaa, 0x75, 0x27, 0xa2, 0x15,
-	0x0e, 0x94, 0x88, 0x26, 0x53, 0xdd, 0x8a, 0xbd, 0x52, 0xdd, 0xec, 0xbf, 0x1a, 0x80, 0x89, 0xae,
-	0xdc, 0x4b, 0xf4, 0x3c, 0x8c, 0xa8, 0xaf, 0x24, 0xdd, 0xae, 0x15, 0x33, 0x78, 0x59, 0xc3, 0x70,
-	0x02, 0xb3, 0x8f, 0xa5, 0xba, 0x08, 0xc7, 0x43, 0xf2, 0x6a, 0x9b, 0xb4, 0xc9, 0xec, 0x46, 0x4c,
-	0xc2, 0x2a, 0xa9, 0x05, 0x7e, 0x9d, 0xd7, 0x13, 0x2e, 0xce, 0x3d, 0x78, 0x6b, 0x77, 0xea, 0x38,
-	0xee, 0x06, 0xe3, 0xac, 0x67, 0x50, 0x0b, 0x46, 0x3d, 0x73, 0xbf, 0x20, 0xb6, 0xa9, 0x77, 0xb4,
-	0xd5, 0x50, 0xb3, 0x35, 0xd1, 0x8c, 0x93, 0x0c, 0x92, 0x9b, 0x8e, 0xd2, 0x3d, 0xda, 0x74, 0x7c,
-	0x48, 0x6f, 0x3a, 0x78, 0x2c, 0xd0, 0xbb, 0x73, 0xce, 0xbd, 0xed, 0x67, 0xd7, 0x71, 0x98, 0x7d,
-	0xc4, 0x8b, 0x50, 0x96, 0x71, 0x92, 0x7d, 0xc5, 0x17, 0x9a, 0x74, 0x7a, 0xc8, 0xf6, 0xc7, 0xe1,
-	0xad, 0xe7, 0xc2, 0xd0, 0x18, 0xcc, 0x2b, 0x41, 0x3c, 0xeb, 0x79, 0xc1, 0x4d, 0x6a, 0xae, 0x5c,
-	0x8d, 0x88, 0xf0, 0x03, 0xda, 0xb7, 0x0b, 0x90, 0xb1, 0xa5, 0xa6, 0x6b, 0x52, 0xdb, 0x85, 0x89,
-	0x35, 0x79, 0x30, 0xdb, 0x10, 0xed, 0xf0, 0x58, 0x52, 0x6e, 0x0d, 0xbc, 0x2b, 0x6f, 0x97, 0x80,
-	0x0e, 0x2f, 0x55, 0x92, 0x52, 0x85, 0x98, 0x9e, 0x05, 0xd0, 0xe6, 0xbc, 0xb0, 0x09, 0x55, 0x70,
-	0x88, 0xb6, 0xfa, 0xb1, 0x81, 0x85, 0x9e, 0x83, 0x61, 0xd7, 0x8f, 0x62, 0xc7, 0xf3, 0x2e, 0xba,
-	0x7e, 0x2c, 0xec, 0x44, 0x65, 0xf6, 0x2c, 0x6a, 0x10, 0x36, 0xf1, 0x4e, 0xbf, 0xc3, 0xf8, 0x7e,
-	0x07, 0xf9, 0xee, 0x9b, 0x70, 0xea, 0x82, 0x1b, 0xab, 0x24, 0x45, 0x35, 0xdf, 0xa8, 0xb5, 0xae,
-	0x64, 0x95, 0xd5, 0x33, 0x2d, 0xd7, 0x48, 0x12, 0x2c, 0x24, 0x73, 0x1a, 0xd3, 0x49, 0x82, 0x76,
-	0x0d, 0x4e, 0x5c, 0x70, 0xe3, 0xf3, 0xae, 0x47, 0x8e, 0x90, 0xc9, 0x97, 0x07, 0x61, 0xc4, 0xcc,
-	0xdd, 0x3f, 0x88, 0x64, 0xff, 0x24, 0xb5, 0x63, 0xc5, 0x40, 0xb8, 0xea, 0xc0, 0xfb, 0xfa, 0xa1,
-	0x0b, 0x09, 0x64, 0x0f, 0xae, 0x61, 0xca, 0x6a, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x09, 0xa5, 0x0d,
-	0x96, 0xef, 0x56, 0xcc, 0x23, 0x54, 0x29, 0x6b, 0xf0, 0xf5, 0xca, 0xe5, 0x19, 0x73, 0x9c, 0x1f,
-	0x35, 0x3f, 0xc2, 0x64, 0x9a, 0xb5, 0x91, 0x85, 0x20, 0xf4, 0x9a, 0xc2, 0xe8, 0xa5, 0x3d, 0x4a,
-	0x77, 0xa0, 0x3d, 0x12, 0xb2, 0x7c, 0xf0, 0x1e, 0xc9, 0x72, 0x96, 0xbb, 0x18, 0x6f, 0x32, 0xe3,
-	0x58, 0xa4, 0x4d, 0x0d, 0xb1, 0x41, 0x30, 0x72, 0x17, 0x13, 0x60, 0x9c, 0xc6, 0x47, 0xef, 0x57,
-	0xda, 0xa0, 0x9c, 0xc7, 0x81, 0x82, 0x39, 0xa3, 0x8f, 0x5a, 0x11, 0x7c, 0xbc, 0x00, 0x63, 0x17,
-	0xfc, 0xf6, 0xea, 0x85, 0xd5, 0xf6, 0xba, 0xe7, 0xd6, 0x2e, 0x93, 0x0e, 0x95, 0xf6, 0x5b, 0xa4,
-	0xb3, 0xb8, 0x20, 0x56, 0x90, 0x9a, 0x33, 0x97, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0xb7, 0x36, 0x5c,
-	0xbf, 0x41, 0xc2, 0x56, 0xe8, 0x0a, 0x5f, 0xbf, 0x21, 0xb7, 0xce, 0x6b, 0x10, 0x36, 0xf1, 0x28,
-	0xed, 0xe0, 0xa6, 0x4f, 0xc2, 0xf4, 0x2e, 0x61, 0x85, 0x36, 0x62, 0x0e, 0xa3, 0x48, 0x71, 0xd8,
-	0x16, 0xae, 0x34, 0x03, 0x69, 0x8d, 0x36, 0x62, 0x0e, 0x13, 0xbb, 0x74, 0x16, 0x09, 0x56, 0xea,
-	0xda, 0xa5, 0xb3, 0x20, 0x0a, 0x09, 0xa7, 0xa8, 0x5b, 0xa4, 0xb3, 0xe0, 0xc4, 0x4e, 0x7a, 0x93,
-	0x7d, 0x99, 0x37, 0x63, 0x09, 0x67, 0xc5, 0x91, 0x93, 0xc3, 0xf1, 0x1d, 0x57, 0x1c, 0x39, 0xd9,
-	0xfd, 0x1e, 0x0e, 0x99, 0xbf, 0x53, 0x80, 0x91, 0x37, 0x6f, 0x30, 0xcd, 0xb8, 0x9b, 0xe7, 0x3a,
-	0x4c, 0x74, 0x65, 0x4c, 0xf7, 0x61, 0x21, 0xed, 0x5b, 0xd1, 0xc2, 0xc6, 0x30, 0x4c, 0x09, 0xcb,
-	0xa2, 0x80, 0xf3, 0x30, 0xc1, 0x17, 0x2f, 0xe5, 0xc4, 0x12, 0x60, 0x55, 0x16, 0x3c, 0x3b, 0xcc,
-	0xba, 0x96, 0x06, 0xe2, 0x6e, 0x7c, 0xfb, 0x13, 0x16, 0x8c, 0x26, 0x92, 0xd8, 0x73, 0xb2, 0xe5,
-	0xd8, 0xea, 0x0e, 0x58, 0x14, 0x33, 0xcb, 0x2a, 0x29, 0x32, 0x35, 0xac, 0x57, 0xb7, 0x06, 0x61,
-	0x13, 0xcf, 0xfe, 0xbd, 0x22, 0x94, 0x65, 0xc4, 0x55, 0x1f, 0x5d, 0xf9, 0x98, 0x05, 0xa3, 0xea,
-	0x00, 0x91, 0x79, 0x7c, 0x0b, 0x79, 0xe4, 0xd4, 0xd1, 0x1e, 0x28, 0xff, 0x89, 0xbf, 0x11, 0xe8,
-	0x8d, 0x05, 0x36, 0x99, 0xe1, 0x24, 0x6f, 0x74, 0x0d, 0x20, 0xea, 0x44, 0x31, 0x69, 0x1a, 0xbe,
-	0x67, 0xdb, 0x98, 0x65, 0xd3, 0xb5, 0x20, 0x24, 0x74, 0x4e, 0x5d, 0x09, 0xea, 0xa4, 0xaa, 0x30,
-	0xb5, 0x85, 0xa7, 0xdb, 0xb0, 0x41, 0x09, 0xbd, 0xa6, 0x8e, 0xbb, 0x07, 0xf2, 0xd0, 0xeb, 0x72,
-	0x7c, 0xfb, 0x39, 0xef, 0x3e, 0xc4, 0xf9, 0xb2, 0xfd, 0x2b, 0x05, 0x38, 0x96, 0x1e, 0x49, 0xf4,
-	0x6e, 0x18, 0x91, 0x83, 0x66, 0xb8, 0x19, 0x64, 0x98, 0xdb, 0x08, 0x36, 0x60, 0xb7, 0x77, 0xa7,
-	0xa6, 0xba, 0xaf, 0xc2, 0x9e, 0x36, 0x51, 0x70, 0x82, 0x18, 0x3f, 0x7c, 0x16, 0x51, 0x12, 0x73,
-	0x9d, 0xd9, 0x56, 0x4b, 0x9c, 0x20, 0x1b, 0x87, 0xcf, 0x26, 0x14, 0xa7, 0xb0, 0xd1, 0x2a, 0x9c,
-	0x30, 0x5a, 0xae, 0x10, 0xb7, 0xb1, 0xb9, 0x1e, 0x84, 0x72, 0x5f, 0xfb, 0xb0, 0x0e, 0xaa, 0xed,
-	0xc6, 0xc1, 0x99, 0x4f, 0x52, 0xc3, 0xa8, 0xe6, 0xb4, 0x9c, 0x9a, 0x1b, 0x77, 0xc4, 0x19, 0x80,
-	0x12, 0xe3, 0xf3, 0xa2, 0x1d, 0x2b, 0x0c, 0xfb, 0x1f, 0x0e, 0xc0, 0x31, 0x1e, 0x45, 0x4a, 0x54,
-	0x90, 0x34, 0x7a, 0x37, 0x54, 0xa2, 0xd8, 0x09, 0xb9, 0x53, 0xc3, 0x3a, 0xb0, 0xe8, 0xd2, 0x99,
-	0xf7, 0x92, 0x08, 0xd6, 0xf4, 0xd0, 0x4b, 0xac, 0x6c, 0x99, 0x1b, 0x6d, 0x32, 0xea, 0x85, 0x3b,
-	0x73, 0x99, 0x9c, 0x57, 0x14, 0xb0, 0x41, 0x0d, 0xfd, 0x10, 0x94, 0x5a, 0x9b, 0x4e, 0x24, 0xfd,
-	0x79, 0x8f, 0x4b, 0x39, 0xb1, 0x4a, 0x1b, 0x6f, 0xef, 0x4e, 0x9d, 0x4c, 0xbf, 0x2a, 0x03, 0x60,
-	0xfe, 0x90, 0x29, 0xe5, 0x07, 0xf6, 0xbf, 0x5a, 0xa7, 0x1e, 0x76, 0xaa, 0x17, 0x67, 0xd3, 0x97,
-	0xb1, 0x2c, 0xb0, 0x56, 0x2c, 0xa0, 0x54, 0x26, 0x6d, 0x72, 0x96, 0x75, 0x8a, 0x3c, 0x98, 0xb4,
-	0x38, 0x2e, 0x6a, 0x10, 0x36, 0xf1, 0xd0, 0xc7, 0xbb, 0x63, 0x8c, 0x87, 0x8e, 0x20, 0x07, 0xa5,
-	0xdf, 0xe8, 0xe2, 0x73, 0x50, 0x11, 0x5d, 0x5d, 0x0b, 0xd0, 0xf3, 0x30, 0xc2, 0xdd, 0x45, 0x73,
-	0xa1, 0xe3, 0xd7, 0x36, 0xd3, 0x4e, 0x9e, 0x35, 0x03, 0x86, 0x13, 0x98, 0xf6, 0x32, 0x0c, 0xf4,
-	0x29, 0x64, 0xfb, 0xda, 0xbb, 0xbf, 0x08, 0x65, 0x4a, 0x4e, 0x6e, 0xd0, 0xf2, 0x20, 0x19, 0x40,
-	0x59, 0x5e, 0xd4, 0x88, 0x6c, 0x28, 0xba, 0x8e, 0x8c, 0x25, 0x51, 0x4b, 0x68, 0x31, 0x8a, 0xda,
-	0x6c, 0xda, 0x51, 0x20, 0x7a, 0x0c, 0x8a, 0x64, 0xa7, 0x95, 0x0e, 0x1a, 0x39, 0xb7, 0xd3, 0x72,
-	0x43, 0x12, 0x51, 0x24, 0xb2, 0xd3, 0x42, 0xa7, 0xa1, 0xe0, 0xd6, 0xc5, 0x8c, 0x04, 0x81, 0x53,
-	0x58, 0x5c, 0xc0, 0x05, 0xb7, 0x6e, 0xef, 0x40, 0x45, 0xdd, 0x0c, 0x89, 0xb6, 0xa4, 0x49, 0x65,
-	0xe5, 0x11, 0x45, 0x2c, 0xe9, 0xf6, 0x30, 0xa6, 0xda, 0x00, 0xba, 0xa4, 0x43, 0x5e, 0x2a, 0xf8,
-	0x0c, 0x0c, 0xd4, 0x02, 0x51, 0x8c, 0xa7, 0xac, 0xc9, 0x30, 0x5b, 0x8a, 0x41, 0xec, 0xeb, 0x30,
-	0x76, 0xd9, 0x0f, 0x6e, 0xb2, 0x0b, 0x9c, 0x58, 0xbd, 0x62, 0x4a, 0x78, 0x83, 0xfe, 0x48, 0x5b,
-	0xee, 0x0c, 0x8a, 0x39, 0x4c, 0x55, 0x52, 0x2d, 0xf4, 0xaa, 0xa4, 0x6a, 0x7f, 0xc0, 0x82, 0x11,
-	0x95, 0x1b, 0x7e, 0x61, 0x7b, 0x8b, 0xd2, 0x6d, 0x84, 0x41, 0xbb, 0x95, 0xa6, 0xcb, 0x2e, 0xa1,
-	0xc5, 0x1c, 0x66, 0x16, 0x4d, 0x28, 0xec, 0x53, 0x34, 0xe1, 0x0c, 0x0c, 0x6c, 0xb9, 0x7e, 0x3d,
-	0xed, 0x14, 0xbd, 0xec, 0xfa, 0x75, 0xcc, 0x20, 0xb4, 0x0b, 0xc7, 0x54, 0x17, 0xa4, 0xcd, 0xf4,
-	0x3c, 0x8c, 0xac, 0xb7, 0x5d, 0xaf, 0x2e, 0x0b, 0x31, 0xa7, 0x96, 0xcb, 0x9c, 0x01, 0xc3, 0x09,
-	0x4c, 0x74, 0x16, 0x60, 0xdd, 0xf5, 0x9d, 0xb0, 0xb3, 0xaa, 0x8d, 0x34, 0xa5, 0xb7, 0xe7, 0x14,
-	0x04, 0x1b, 0x58, 0xf6, 0xa7, 0x8a, 0x30, 0x96, 0xcc, 0x90, 0xef, 0xc3, 0x77, 0xf1, 0x18, 0x94,
-	0x58, 0xd2, 0x7c, 0xfa, 0xd3, 0xf2, 0xda, 0xc5, 0x1c, 0x86, 0x22, 0x18, 0xe4, 0x8b, 0x39, 0x9f,
-	0x8b, 0x3c, 0x55, 0x27, 0x95, 0x27, 0x95, 0xc5, 0x5a, 0x0b, 0xc7, 0xb4, 0x60, 0x85, 0x3e, 0x6c,
-	0xc1, 0x50, 0xd0, 0x32, 0x2b, 0x70, 0xbe, 0x2b, 0xcf, 0xea, 0x01, 0x22, 0x45, 0x57, 0xd8, 0x23,
-	0xea, 0xd3, 0xcb, 0xcf, 0x21, 0x59, 0x9f, 0xfe, 0x41, 0x18, 0x31, 0x31, 0xf7, 0x33, 0x49, 0xca,
-	0xa6, 0x49, 0xf2, 0x31, 0x73, 0x52, 0x88, 0xfa, 0x08, 0x7d, 0x2c, 0xb7, 0xab, 0x50, 0xaa, 0xa9,
-	0x80, 0xb4, 0x3b, 0x2a, 0xdf, 0xaf, 0xea, 0x87, 0xb1, 0xc3, 0x7e, 0x4e, 0xcd, 0xfe, 0x86, 0x65,
-	0xcc, 0x0f, 0x4c, 0xa2, 0xc5, 0x3a, 0x0a, 0xa1, 0xd8, 0xd8, 0xde, 0x12, 0x6a, 0xfe, 0x52, 0x4e,
-	0xc3, 0x7b, 0x61, 0x7b, 0x4b, 0xcf, 0x71, 0xb3, 0x15, 0x53, 0x66, 0x7d, 0xb8, 0xfb, 0x13, 0x65,
-	0x34, 0x8a, 0xfb, 0x97, 0xd1, 0xb0, 0xdf, 0x28, 0xc0, 0x44, 0xd7, 0xa4, 0x42, 0xaf, 0x41, 0x29,
-	0xa4, 0x6f, 0x29, 0x5e, 0x6f, 0x29, 0xb7, 0xc2, 0x17, 0xd1, 0x62, 0x5d, 0xab, 0xcf, 0x64, 0x3b,
-	0xe6, 0x2c, 0xd1, 0x25, 0x40, 0x3a, 0x6c, 0x52, 0x9d, 0x35, 0xf0, 0x57, 0x56, 0xb1, 0x55, 0xb3,
-	0x5d, 0x18, 0x38, 0xe3, 0x29, 0xf4, 0x42, 0xfa, 0xc8, 0xa2, 0x98, 0x3c, 0x2b, 0xdb, 0xeb, 0xf4,
-	0xc1, 0xfe, 0x8d, 0x02, 0x8c, 0x26, 0x0a, 0xa2, 0x22, 0x0f, 0xca, 0xc4, 0x63, 0x07, 0x99, 0x52,
-	0xd9, 0x1c, 0xf6, 0x7a, 0x13, 0xa5, 0x20, 0xcf, 0x09, 0xba, 0x58, 0x71, 0xb8, 0x3f, 0x42, 0xae,
-	0x9e, 0x87, 0x11, 0xd9, 0xa1, 0x77, 0x39, 0x4d, 0x4f, 0x0c, 0xa0, 0x9a, 0xa3, 0xe7, 0x0c, 0x18,
-	0x4e, 0x60, 0xda, 0xbf, 0x53, 0x84, 0x49, 0x7e, 0xf2, 0x5b, 0x57, 0x33, 0x4f, 0x45, 0x70, 0xfc,
-	0xbc, 0x2e, 0x5b, 0x6c, 0xe5, 0x71, 0x87, 0x77, 0x2f, 0x46, 0x7d, 0x45, 0x0a, 0x7f, 0x3e, 0x15,
-	0x29, 0xcc, 0x77, 0xa6, 0x8d, 0x23, 0xea, 0xd1, 0x77, 0x56, 0xe8, 0xf0, 0x3f, 0x2d, 0xc0, 0x78,
-	0xea, 0xaa, 0x36, 0xf4, 0xa9, 0xe4, 0xed, 0x1e, 0x56, 0x1e, 0xa7, 0x62, 0x7b, 0xde, 0xde, 0x75,
-	0xb0, 0x3b, 0x3e, 0xee, 0xd1, 0x52, 0xb1, 0xbf, 0x5e, 0x80, 0xb1, 0xe4, 0x1d, 0x73, 0xf7, 0xe1,
-	0x48, 0xbd, 0x1d, 0x2a, 0xec, 0x1a, 0xa5, 0xcb, 0xa4, 0x23, 0x0f, 0xd5, 0xf8, 0x8d, 0x35, 0xb2,
-	0x11, 0x6b, 0xf8, 0x7d, 0x71, 0x75, 0x8a, 0xfd, 0xcf, 0x2d, 0x38, 0xc9, 0xdf, 0x32, 0x3d, 0x0f,
-	0xff, 0x56, 0xd6, 0xe8, 0xbe, 0x9c, 0x6f, 0x07, 0x53, 0xe5, 0xb6, 0xf7, 0x1b, 0x5f, 0x76, 0x93,
-	0xb9, 0xe8, 0x6d, 0x72, 0x2a, 0xdc, 0x87, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0x43, 0x01, 0x86,
-	0x57, 0xe6, 0x17, 0x95, 0x08, 0x9f, 0x81, 0x4a, 0x2d, 0x24, 0x8e, 0xf6, 0x76, 0x98, 0x71, 0x45,
-	0x12, 0x80, 0x35, 0x0e, 0xdd, 0x34, 0xf0, 0xb8, 0xbc, 0x28, 0xbd, 0x69, 0xe0, 0x61, 0x7b, 0x11,
-	0x96, 0x70, 0xf4, 0x24, 0x94, 0x59, 0xc6, 0xec, 0xd5, 0x50, 0x6a, 0x1c, 0xbd, 0x93, 0x64, 0xed,
-	0x78, 0x09, 0x2b, 0x0c, 0x4a, 0xb8, 0x1e, 0xd4, 0x22, 0x8a, 0x9c, 0x72, 0x40, 0x2c, 0xd0, 0x66,
-	0xbc, 0x84, 0x25, 0x9c, 0x15, 0x3c, 0x64, 0x9b, 0x74, 0x8a, 0x5c, 0x4a, 0x76, 0x9a, 0xef, 0xe6,
-	0x29, 0xba, 0xc6, 0x39, 0x48, 0x61, 0xcc, 0x54, 0xd6, 0xda, 0x50, 0x7f, 0x59, 0x6b, 0xf6, 0xd7,
-	0x8b, 0xa0, 0x2f, 0xc5, 0x47, 0xae, 0x28, 0x13, 0x91, 0x4b, 0x39, 0xf7, 0x6a, 0xc7, 0xaf, 0xe9,
-	0xeb, 0xf7, 0xcb, 0xa9, 0x2a, 0x11, 0x3f, 0x6b, 0xc1, 0xb0, 0xeb, 0xbb, 0xb1, 0xeb, 0x30, 0x57,
-	0x58, 0x3e, 0x37, 0x5b, 0x2b, 0x76, 0x8b, 0x9c, 0x72, 0x10, 0x9a, 0x27, 0xdc, 0x8a, 0x19, 0x36,
-	0x39, 0xa3, 0xf7, 0x8a, 0x24, 0xa9, 0x62, 0x6e, 0xb5, 0x56, 0xca, 0xa9, 0xcc, 0xa8, 0x16, 0x35,
-	0x68, 0xe3, 0x30, 0xa7, 0x12, 0x45, 0x98, 0x92, 0x52, 0x37, 0x83, 0xa8, 0x2d, 0x03, 0x6b, 0xc6,
-	0x9c, 0x91, 0x1d, 0x01, 0xea, 0x1e, 0x8b, 0x03, 0x26, 0xa0, 0xcc, 0x40, 0xc5, 0x69, 0xc7, 0x41,
-	0x93, 0x0e, 0x93, 0x38, 0x1f, 0xd7, 0x29, 0x36, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xa9, 0x12, 0xa4,
-	0x8a, 0x36, 0xa0, 0x1d, 0xa8, 0xa8, 0xb2, 0x0d, 0xf9, 0x24, 0x74, 0xea, 0x19, 0xa5, 0x3a, 0xa3,
-	0x9a, 0xb0, 0x66, 0x86, 0x1a, 0xd2, 0xab, 0xc8, 0x57, 0xfb, 0x8b, 0x69, 0xaf, 0xe2, 0x8f, 0xf6,
-	0x77, 0xc8, 0x44, 0xe7, 0xea, 0x0c, 0x2f, 0xd3, 0x37, 0xbd, 0xaf, 0x03, 0x72, 0xbf, 0xbb, 0xbd,
-	0x3f, 0x28, 0xee, 0xe1, 0xc2, 0x24, 0x6a, 0x7b, 0xb1, 0x98, 0x0d, 0x2f, 0xe6, 0xb8, 0xca, 0x38,
-	0x61, 0x5d, 0xfc, 0x88, 0xff, 0xc7, 0x06, 0xd3, 0xa4, 0x9b, 0x78, 0xf0, 0x48, 0xdd, 0xc4, 0x43,
-	0xb9, 0xba, 0x89, 0xcf, 0x02, 0xb0, 0xb9, 0xcd, 0x03, 0xe5, 0xcb, 0xcc, 0x7b, 0xa7, 0x54, 0x0c,
-	0x56, 0x10, 0x6c, 0x60, 0xd9, 0xdf, 0x0f, 0xc9, 0xea, 0x5d, 0x68, 0x4a, 0x16, 0x0b, 0xe3, 0x07,
-	0x60, 0x2c, 0x47, 0x31, 0x51, 0xd7, 0xeb, 0xd7, 0x2c, 0x30, 0x4b, 0x8c, 0xa1, 0x57, 0x79, 0x2d,
-	0x33, 0x2b, 0x8f, 0x03, 0x15, 0x83, 0xee, 0xf4, 0xb2, 0xd3, 0x4a, 0x05, 0xf7, 0xc8, 0x82, 0x66,
-	0xa7, 0xdf, 0x01, 0x65, 0x09, 0x3d, 0x90, 0xb1, 0xfc, 0x7e, 0x38, 0x2e, 0xeb, 0x1d, 0xc8, 0xb3,
-	0x0f, 0x71, 0xc8, 0xbe, 0xbf, 0x4b, 0x4d, 0xfa, 0xc9, 0x0a, 0xbd, 0xfc, 0x64, 0x6a, 0xf7, 0x5f,
-	0xec, 0x59, 0xa5, 0xfc, 0xd7, 0x2d, 0x38, 0x93, 0xee, 0x40, 0xb4, 0x1c, 0xf8, 0x6e, 0x1c, 0x84,
-	0x55, 0x12, 0xc7, 0xae, 0xdf, 0x60, 0x25, 0x67, 0x6f, 0x3a, 0xa1, 0xbc, 0x76, 0x88, 0x09, 0xca,
-	0xeb, 0x4e, 0xe8, 0x63, 0xd6, 0x8a, 0x3a, 0x30, 0xc8, 0x23, 0x8b, 0xc5, 0x2e, 0xe8, 0x90, 0x6b,
-	0x23, 0x63, 0x38, 0xf4, 0x36, 0x8c, 0x47, 0x35, 0x63, 0xc1, 0xd0, 0xfe, 0x96, 0x05, 0x68, 0x65,
-	0x9b, 0x84, 0xa1, 0x5b, 0x37, 0x62, 0xa1, 0xd9, 0x7d, 0x96, 0xc6, 0xbd, 0x95, 0x66, 0x35, 0x8e,
-	0xd4, 0x7d, 0x96, 0xc6, 0xbf, 0xec, 0xfb, 0x2c, 0x0b, 0x07, 0xbb, 0xcf, 0x12, 0xad, 0xc0, 0xc9,
-	0x26, 0xdf, 0xc6, 0xf1, 0x3b, 0xe2, 0xf8, 0x9e, 0x4e, 0x25, 0x8e, 0x9f, 0xba, 0xb5, 0x3b, 0x75,
-	0x72, 0x39, 0x0b, 0x01, 0x67, 0x3f, 0x67, 0xbf, 0x03, 0x10, 0x0f, 0x81, 0x9e, 0xcf, 0x8a, 0xe2,
-	0xec, 0xe9, 0xd6, 0xb2, 0x3f, 0x57, 0x82, 0xf1, 0xd4, 0xa5, 0x14, 0x74, 0x0b, 0xdd, 0x1d, 0x36,
-	0x7a, 0x68, 0xfd, 0xdd, 0xdd, 0xbd, 0xbe, 0x02, 0x51, 0x7d, 0x28, 0xb9, 0x7e, 0xab, 0x1d, 0xe7,
-	0x53, 0xb7, 0x82, 0x77, 0x62, 0x91, 0x12, 0x34, 0xdc, 0xf0, 0xf4, 0x2f, 0xe6, 0x6c, 0xf2, 0x0c,
-	0x6b, 0x4d, 0x6c, 0x72, 0x06, 0xee, 0x91, 0x9b, 0xe5, 0x83, 0x3a, 0xc8, 0xb4, 0x94, 0x87, 0xc3,
-	0x36, 0x35, 0x59, 0x8e, 0x3a, 0xb2, 0xe8, 0x4b, 0x05, 0x18, 0x36, 0x3e, 0x1a, 0xfa, 0xc5, 0x64,
-	0x01, 0x4e, 0x2b, 0xbf, 0x57, 0x62, 0xf4, 0xa7, 0x75, 0x89, 0x4d, 0xfe, 0x4a, 0x8f, 0x77, 0xd7,
-	0xde, 0xbc, 0xbd, 0x3b, 0x75, 0x2c, 0x55, 0x5d, 0x33, 0x51, 0x8f, 0xf3, 0xf4, 0x4f, 0xc2, 0x78,
-	0x8a, 0x4c, 0xc6, 0x2b, 0xaf, 0x99, 0xaf, 0x7c, 0x68, 0x77, 0x9f, 0x39, 0x64, 0x5f, 0xa4, 0x43,
-	0x26, 0xd2, 0xe5, 0x03, 0x8f, 0xf4, 0xe1, 0xdb, 0x4e, 0xed, 0x2f, 0x0a, 0x7d, 0x56, 0xc5, 0x78,
-	0x02, 0xca, 0xad, 0xc0, 0x73, 0x6b, 0xae, 0xaa, 0xdf, 0xcd, 0xea, 0x70, 0xac, 0x8a, 0x36, 0xac,
-	0xa0, 0xe8, 0x26, 0x54, 0x6e, 0xdc, 0x8c, 0xf9, 0xa9, 0x9a, 0x38, 0x37, 0xc8, 0xeb, 0x30, 0x4d,
-	0x19, 0x2d, 0xea, 0xd8, 0x0e, 0x6b, 0x5e, 0xc8, 0x86, 0x41, 0xa6, 0x04, 0x65, 0xea, 0x1c, 0x3b,
-	0xd3, 0x60, 0xda, 0x31, 0xc2, 0x02, 0x62, 0xff, 0xbb, 0x61, 0x38, 0x91, 0x75, 0x33, 0x10, 0x7a,
-	0x1f, 0x0c, 0xf2, 0x3e, 0xe6, 0x73, 0xf9, 0x5c, 0x16, 0x8f, 0x0b, 0x8c, 0xa0, 0xe8, 0x16, 0xfb,
-	0x8d, 0x05, 0x4f, 0xc1, 0xdd, 0x73, 0xd6, 0xc5, 0x0c, 0x39, 0x1a, 0xee, 0x4b, 0x8e, 0xe6, 0xbe,
-	0xe4, 0x70, 0xee, 0x9e, 0xb3, 0x8e, 0x76, 0xa0, 0xd4, 0x70, 0x63, 0xe2, 0x08, 0xe7, 0xcc, 0xf5,
-	0x23, 0x61, 0x4e, 0x1c, 0x6e, 0xa5, 0xb1, 0x9f, 0x98, 0x33, 0x44, 0x5f, 0xb0, 0x60, 0x7c, 0x3d,
-	0x59, 0x8e, 0x47, 0x08, 0x4f, 0xe7, 0x08, 0x6e, 0x7f, 0x4a, 0x32, 0xe2, 0x17, 0xba, 0xa6, 0x1a,
-	0x71, 0xba, 0x3b, 0xe8, 0x43, 0x16, 0x0c, 0x6d, 0xb8, 0x9e, 0x71, 0xbd, 0xc6, 0x11, 0x7c, 0x9c,
-	0xf3, 0x8c, 0x81, 0xde, 0x71, 0xf0, 0xff, 0x11, 0x96, 0x9c, 0x7b, 0x69, 0xaa, 0xc1, 0xc3, 0x6a,
-	0xaa, 0xa1, 0x7b, 0xa4, 0xa9, 0x3e, 0x6a, 0x41, 0x45, 0x8d, 0xb4, 0x28, 0x6b, 0xf2, 0xee, 0x23,
-	0xfc, 0xe4, 0xdc, 0x23, 0xa5, 0xfe, 0x62, 0xcd, 0x1c, 0xbd, 0x6e, 0xc1, 0xb0, 0xf3, 0x5a, 0x3b,
-	0x24, 0x75, 0xb2, 0x1d, 0xb4, 0x22, 0x51, 0x6f, 0xf4, 0xe5, 0xfc, 0x3b, 0x33, 0x4b, 0x99, 0x2c,
-	0x90, 0xed, 0x95, 0x56, 0x24, 0xd2, 0x7a, 0x75, 0x03, 0x36, 0xbb, 0x80, 0x7e, 0x46, 0xeb, 0x71,
-	0xc8, 0xa3, 0xea, 0x74, 0x56, 0x6f, 0xfa, 0xca, 0x52, 0x27, 0xf0, 0x50, 0x2d, 0xf0, 0x63, 0xd7,
-	0x6f, 0x93, 0x15, 0x1f, 0x93, 0x56, 0x70, 0x25, 0x88, 0xcf, 0x07, 0x6d, 0xbf, 0x7e, 0x2e, 0x0c,
-	0x83, 0x90, 0xd5, 0x6d, 0x31, 0xee, 0x1c, 0x9d, 0xef, 0x8d, 0x8a, 0xf7, 0xa2, 0x73, 0x18, 0x9b,
-	0x61, 0xb7, 0x00, 0x53, 0xfb, 0x0c, 0x36, 0x7a, 0x1e, 0x46, 0x82, 0xb0, 0xe1, 0xf8, 0xee, 0x6b,
-	0x66, 0x29, 0x32, 0x65, 0x90, 0xae, 0x18, 0x30, 0x9c, 0xc0, 0x34, 0x6b, 0xd4, 0x14, 0xf6, 0xa9,
-	0x51, 0x73, 0x06, 0x06, 0x42, 0xd2, 0x0a, 0xd2, 0xfb, 0x2a, 0x96, 0x89, 0xc7, 0x20, 0xe8, 0x11,
-	0x28, 0x3a, 0x2d, 0x57, 0x38, 0x17, 0xd5, 0x76, 0x71, 0x76, 0x75, 0x11, 0xd3, 0xf6, 0x44, 0xc9,
-	0xac, 0xd2, 0x5d, 0x29, 0x99, 0x45, 0x35, 0xa6, 0x38, 0x3e, 0x1b, 0xd4, 0x1a, 0x33, 0x79, 0xac,
-	0x65, 0xbf, 0x51, 0x84, 0x47, 0xf6, 0x5c, 0x5a, 0x3a, 0x42, 0xdb, 0xda, 0x23, 0x42, 0x5b, 0x0e,
-	0x4f, 0x61, 0xbf, 0xe1, 0x29, 0xf6, 0x18, 0x9e, 0x0f, 0x51, 0x89, 0x21, 0x4b, 0xb8, 0xe5, 0x73,
-	0xf5, 0x79, 0xaf, 0x8a, 0x70, 0x42, 0x58, 0x48, 0x28, 0xd6, 0x7c, 0xe9, 0x76, 0x29, 0x51, 0x9f,
-	0xa5, 0x94, 0x87, 0xc6, 0xec, 0x59, 0x46, 0x8d, 0x8b, 0x89, 0x5e, 0x45, 0x5f, 0xec, 0xdf, 0x1c,
-	0x80, 0xc7, 0xfa, 0x50, 0x74, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c, 0xc5, 0xdf, 0xe1, 0x9f, 0xe9, 0x23,
-	0x99, 0x9f, 0x09, 0xe7, 0xff, 0x99, 0xf6, 0xfe, 0x42, 0xec, 0x04, 0xc2, 0x8f, 0x48, 0xad, 0x1d,
-	0xf2, 0x6c, 0x15, 0x23, 0x4d, 0x77, 0x51, 0xb4, 0x63, 0x85, 0x41, 0xb7, 0xbf, 0x35, 0x87, 0x2e,
-	0xff, 0xa1, 0x9c, 0xea, 0x71, 0x98, 0x19, 0xbf, 0xdc, 0xfa, 0x9a, 0x9f, 0xa5, 0x12, 0x80, 0xb3,
-	0xb1, 0x7f, 0xd7, 0x82, 0xd3, 0xbd, 0xad, 0x11, 0xf4, 0x34, 0x0c, 0xaf, 0xb3, 0xd8, 0xc1, 0x65,
-	0x16, 0x9f, 0x24, 0xa6, 0x0e, 0x7b, 0x5f, 0xdd, 0x8c, 0x4d, 0x1c, 0x34, 0x0f, 0x13, 0x66, 0xd0,
-	0xe1, 0xb2, 0x11, 0xd8, 0xc4, 0xfc, 0x25, 0x6b, 0x69, 0x20, 0xee, 0xc6, 0x47, 0xd3, 0x00, 0xb1,
-	0x1b, 0x7b, 0x84, 0x3f, 0xcd, 0x27, 0x1a, 0x73, 0x28, 0xae, 0xa9, 0x56, 0x6c, 0x60, 0xd8, 0xdf,
-	0x2e, 0x66, 0xbf, 0x06, 0xb7, 0x72, 0x0f, 0x32, 0xfb, 0xc5, 0xdc, 0x2e, 0xf4, 0x21, 0xa1, 0x8b,
-	0x77, 0x5b, 0x42, 0x0f, 0xf4, 0x92, 0xd0, 0x68, 0x01, 0x8e, 0x19, 0xb7, 0x98, 0xf2, 0x8a, 0x2e,
-	0xfc, 0x50, 0x4a, 0x95, 0x63, 0x5b, 0x4d, 0xc1, 0x71, 0xd7, 0x13, 0xf7, 0xf9, 0x54, 0xfd, 0x4a,
-	0x01, 0x4e, 0xf5, 0xdc, 0x58, 0xdc, 0x25, 0x0d, 0x64, 0x7e, 0xfe, 0x81, 0xbb, 0xf3, 0xf9, 0xcd,
-	0x8f, 0x52, 0xda, 0xf7, 0xa3, 0xf4, 0xa3, 0xce, 0xff, 0xa8, 0xd0, 0x73, 0xb1, 0xd0, 0x8d, 0xe8,
-	0x77, 0xed, 0x48, 0xbe, 0x00, 0xa3, 0x4e, 0xab, 0xc5, 0xf1, 0x58, 0x22, 0x42, 0xaa, 0x44, 0xe4,
-	0xac, 0x09, 0xc4, 0x49, 0xdc, 0xbe, 0x06, 0xf6, 0x4f, 0x2d, 0xa8, 0x60, 0xb2, 0xc1, 0x25, 0x1c,
-	0xba, 0x21, 0x86, 0xc8, 0xca, 0xa3, 0x4e, 0x3f, 0x1d, 0xd8, 0xc8, 0x65, 0xc5, 0xeb, 0xb3, 0x06,
-	0xfb, 0xb0, 0x05, 0x07, 0xd4, 0xdd, 0xa7, 0xc5, 0xde, 0x77, 0x9f, 0xda, 0x5f, 0xae, 0xd0, 0xd7,
-	0x6b, 0x05, 0xf3, 0x21, 0xa9, 0x47, 0xf4, 0xfb, 0xb6, 0x43, 0x4f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf,
-	0xe2, 0x25, 0x4c, 0xdb, 0x13, 0xe7, 0x93, 0x85, 0x03, 0x15, 0xc8, 0x2b, 0xee, 0x5b, 0x20, 0xef,
-	0x05, 0x18, 0x8d, 0xa2, 0xcd, 0xd5, 0xd0, 0xdd, 0x76, 0x62, 0x72, 0x99, 0xc8, 0x4a, 0x3a, 0xba,
-	0x58, 0x54, 0xf5, 0xa2, 0x06, 0xe2, 0x24, 0x2e, 0xba, 0x00, 0x13, 0xba, 0x4c, 0x1d, 0x09, 0x63,
-	0x96, 0xe1, 0xc7, 0x67, 0x82, 0xaa, 0x92, 0xa2, 0x0b, 0xdb, 0x09, 0x04, 0xdc, 0xfd, 0x0c, 0x95,
-	0xb9, 0x89, 0x46, 0xda, 0x91, 0xc1, 0xa4, 0xcc, 0x4d, 0xd0, 0xa1, 0x7d, 0xe9, 0x7a, 0x02, 0x2d,
-	0xc3, 0x71, 0x3e, 0x31, 0x66, 0x5b, 0x2d, 0xe3, 0x8d, 0x86, 0x92, 0xc5, 0xd1, 0x2f, 0x74, 0xa3,
-	0xe0, 0xac, 0xe7, 0xd0, 0x73, 0x30, 0xac, 0x9a, 0x17, 0x17, 0xc4, 0xd1, 0x9a, 0x72, 0xed, 0x29,
-	0x32, 0x8b, 0x75, 0x6c, 0xe2, 0xa1, 0x77, 0xc1, 0x83, 0xfa, 0x2f, 0xcf, 0x18, 0xe7, 0xe7, 0xcd,
-	0x0b, 0xa2, 0x02, 0xa8, 0xba, 0x7b, 0xeb, 0x42, 0x26, 0x5a, 0x1d, 0xf7, 0x7a, 0x1e, 0xad, 0xc3,
-	0x69, 0x05, 0x3a, 0xe7, 0xc7, 0x2c, 0xa7, 0x33, 0x22, 0x73, 0x4e, 0xc4, 0x22, 0x27, 0x80, 0xbd,
-	0xa7, 0x2d, 0xa8, 0x9f, 0xbe, 0xe0, 0xc6, 0x17, 0xb3, 0x30, 0xf1, 0x12, 0xde, 0x83, 0x0a, 0x9a,
-	0x81, 0x0a, 0xf1, 0x9d, 0x75, 0x8f, 0xac, 0xcc, 0x2f, 0x8a, 0x1d, 0xa9, 0x4e, 0x06, 0x90, 0x00,
-	0xac, 0x71, 0x54, 0x38, 0xfb, 0x48, 0xaf, 0x70, 0x76, 0xb4, 0x0a, 0x27, 0x1a, 0xb5, 0x16, 0xb5,
-	0x32, 0xdd, 0x1a, 0x99, 0xad, 0xb1, 0xe8, 0x5d, 0xfa, 0x61, 0x78, 0xd5, 0x7a, 0x95, 0x17, 0x74,
-	0x61, 0x7e, 0xb5, 0x0b, 0x07, 0x67, 0x3e, 0xc9, 0xa2, 0xbc, 0xc3, 0x60, 0xa7, 0x33, 0x79, 0x3c,
-	0x15, 0xe5, 0x4d, 0x1b, 0x31, 0x87, 0xa1, 0x4b, 0x80, 0x58, 0x6e, 0xdc, 0xc5, 0x38, 0x6e, 0x29,
-	0xb3, 0x76, 0xf2, 0x44, 0xb2, 0x1e, 0xe0, 0xf9, 0x2e, 0x0c, 0x9c, 0xf1, 0x14, 0xb5, 0x7a, 0xfc,
-	0x80, 0x51, 0x9f, 0x7c, 0x30, 0x69, 0xf5, 0x5c, 0xe1, 0xcd, 0x58, 0xc2, 0xd1, 0x8f, 0xc3, 0x64,
-	0x3b, 0x22, 0x6c, 0xc3, 0x7c, 0x3d, 0x08, 0xb7, 0xbc, 0xc0, 0xa9, 0x2f, 0xb2, 0x4b, 0x56, 0xe3,
-	0xce, 0xe4, 0x24, 0x63, 0x7e, 0x46, 0x3c, 0x3b, 0x79, 0xb5, 0x07, 0x1e, 0xee, 0x49, 0x21, 0x5d,
-	0xd0, 0xf2, 0x54, 0x9f, 0x05, 0x2d, 0x57, 0xe1, 0x84, 0xd4, 0x6b, 0x2b, 0xf3, 0x8b, 0xea, 0xa5,
-	0x27, 0x4f, 0x27, 0x6f, 0x6d, 0x5b, 0xcc, 0xc0, 0xc1, 0x99, 0x4f, 0xda, 0x7f, 0x62, 0xc1, 0xa8,
-	0x92, 0x60, 0x77, 0x21, 0x47, 0xd7, 0x4b, 0xe6, 0xe8, 0x5e, 0x38, 0xbc, 0x0e, 0x60, 0x3d, 0xef,
-	0x91, 0x51, 0xf2, 0x99, 0x51, 0x00, 0xad, 0x27, 0x94, 0x8a, 0xb6, 0x7a, 0xaa, 0xe8, 0xfb, 0x56,
-	0x46, 0x67, 0x15, 0x28, 0x2c, 0xdd, 0xdb, 0x02, 0x85, 0x55, 0x38, 0x29, 0xa7, 0x14, 0x3f, 0x52,
-	0xbe, 0x18, 0x44, 0x4a, 0xe4, 0x1b, 0xd7, 0xf0, 0x2d, 0x66, 0x21, 0xe1, 0xec, 0x67, 0x13, 0xb6,
-	0xdd, 0xd0, 0xbe, 0xb6, 0x9d, 0x92, 0x72, 0x4b, 0x1b, 0xf2, 0x92, 0xcc, 0x94, 0x94, 0x5b, 0x3a,
-	0x5f, 0xc5, 0x1a, 0x27, 0x5b, 0xd5, 0x55, 0x72, 0x52, 0x75, 0x70, 0x60, 0x55, 0x27, 0x85, 0xee,
-	0x70, 0x4f, 0xa1, 0x2b, 0x8f, 0xae, 0x46, 0x7a, 0x1e, 0x5d, 0xbd, 0x13, 0xc6, 0x5c, 0x7f, 0x93,
-	0x84, 0x6e, 0x4c, 0xea, 0x6c, 0x2d, 0x30, 0x81, 0x5c, 0xd6, 0x86, 0xce, 0x62, 0x02, 0x8a, 0x53,
-	0xd8, 0x49, 0x4d, 0x31, 0xd6, 0x87, 0xa6, 0xe8, 0xa1, 0x9f, 0xc7, 0xf3, 0xd1, 0xcf, 0xc7, 0x0e,
-	0xaf, 0x9f, 0x27, 0x8e, 0x54, 0x3f, 0xa3, 0x5c, 0xf4, 0x73, 0x5f, 0xaa, 0xcf, 0xd8, 0xa4, 0x9f,
-	0xd8, 0x67, 0x93, 0xde, 0x4b, 0x39, 0x9f, 0xbc, 0x63, 0xe5, 0x9c, 0xad, 0x77, 0x1f, 0x78, 0x53,
-	0xef, 0xe6, 0xa2, 0x77, 0x3f, 0x5a, 0x80, 0x93, 0x5a, 0x33, 0x51, 0x79, 0xe0, 0x6e, 0x50, 0xd9,
-	0xcc, 0x6e, 0x9e, 0xe6, 0x07, 0xde, 0x46, 0x66, 0xb8, 0xce, 0x8d, 0x57, 0x10, 0x6c, 0x60, 0xb1,
-	0x04, 0x6b, 0x12, 0xb2, 0x3b, 0x4f, 0xd2, 0x6a, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x41, 0x07, 0x81,
-	0xfe, 0x16, 0xf5, 0x3d, 0xd2, 0xd5, 0xb4, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x09, 0xce, 0x84,
-	0x89, 0x4c, 0xaa, 0xba, 0x46, 0xf8, 0xb6, 0x52, 0x49, 0x49, 0x05, 0x95, 0xdd, 0x61, 0x05, 0x00,
-	0x4a, 0xdd, 0xdd, 0x61, 0xb1, 0xa3, 0x0a, 0xc3, 0xfe, 0x9f, 0x16, 0x9c, 0xca, 0x1c, 0x8a, 0xbb,
-	0x60, 0x8e, 0xec, 0x24, 0xcd, 0x91, 0x6a, 0x5e, 0x5b, 0x52, 0xe3, 0x2d, 0x7a, 0x98, 0x26, 0xff,
-	0xd1, 0x82, 0x31, 0x8d, 0x7f, 0x17, 0x5e, 0xd5, 0x4d, 0xbe, 0x6a, 0x7e, 0xbb, 0xef, 0x4a, 0xd7,
-	0xbb, 0xfd, 0x4e, 0x01, 0x54, 0x85, 0xfb, 0xd9, 0x9a, 0xbc, 0x3f, 0x64, 0x9f, 0x10, 0x8c, 0x0e,
-	0x0c, 0xb2, 0x08, 0x92, 0x28, 0x9f, 0xe8, 0xb8, 0x24, 0x7f, 0x16, 0x8d, 0xa2, 0x0f, 0xf4, 0xd8,
-	0xdf, 0x08, 0x0b, 0x86, 0xec, 0x46, 0x1e, 0x5e, 0x3c, 0xbc, 0x2e, 0xf2, 0x84, 0xf5, 0x8d, 0x3c,
-	0xa2, 0x1d, 0x2b, 0x0c, 0xaa, 0x30, 0xdd, 0x5a, 0xe0, 0xcf, 0x7b, 0x4e, 0x14, 0x09, 0x1b, 0x4e,
-	0x29, 0xcc, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x05, 0x97, 0xb8, 0x51, 0xcb, 0x73, 0x3a, 0x86, 0x8f,
-	0xc5, 0xa8, 0x63, 0xa5, 0x40, 0xd8, 0xc4, 0xb3, 0x9b, 0x30, 0x99, 0x7c, 0x89, 0x05, 0xb2, 0xc1,
-	0x22, 0xbb, 0xfb, 0x1a, 0xce, 0x19, 0xa8, 0x38, 0xec, 0xa9, 0xa5, 0xb6, 0x23, 0x64, 0x82, 0x8e,
-	0x6f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x7f, 0x66, 0xc1, 0xf1, 0x8c, 0x41, 0xcb, 0x31, 0x0f, 0x3b,
-	0xd6, 0xd2, 0x26, 0xcb, 0xd4, 0xf9, 0x3e, 0x18, 0xaa, 0x93, 0x0d, 0x47, 0xc6, 0x0e, 0x9b, 0xa9,
-	0x06, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x1b, 0x05, 0x18, 0x4f, 0xf6, 0x35, 0x62, 0xb9, 0x8d, 0x7c,
-	0x98, 0xdc, 0xa8, 0x16, 0x6c, 0x93, 0xb0, 0x43, 0xdf, 0xdc, 0x4a, 0xe5, 0x36, 0x76, 0x61, 0xe0,
-	0x8c, 0xa7, 0xd8, 0xfd, 0x16, 0x75, 0x35, 0xda, 0x72, 0x46, 0x5e, 0xcb, 0x73, 0x46, 0xea, 0x8f,
-	0x69, 0xc6, 0x19, 0x29, 0x96, 0xd8, 0xe4, 0x4f, 0x4d, 0x2e, 0x96, 0x2c, 0x32, 0xd7, 0x76, 0xbd,
-	0xd8, 0xf5, 0xc5, 0x2b, 0x8b, 0xb9, 0xaa, 0x4c, 0xae, 0xe5, 0x6e, 0x14, 0x9c, 0xf5, 0x9c, 0xfd,
-	0xad, 0x01, 0x50, 0x35, 0x46, 0x58, 0x1c, 0x68, 0x4e, 0x51, 0xb4, 0x07, 0xcd, 0x90, 0x55, 0x73,
-	0x6b, 0x60, 0xaf, 0xc0, 0x2c, 0xee, 0x98, 0x33, 0x3d, 0xf8, 0x6a, 0xc0, 0xd6, 0x34, 0x08, 0x9b,
-	0x78, 0xb4, 0x27, 0x9e, 0xbb, 0x4d, 0xf8, 0x43, 0x83, 0xc9, 0x9e, 0x2c, 0x49, 0x00, 0xd6, 0x38,
-	0xac, 0x9c, 0xb5, 0xbb, 0xb1, 0x21, 0xbc, 0x4c, 0xba, 0x9c, 0xb5, 0xbb, 0xb1, 0x81, 0x19, 0x84,
-	0xdf, 0x80, 0x14, 0x6c, 0x89, 0x6d, 0x86, 0x71, 0x03, 0x52, 0xb0, 0x85, 0x19, 0x84, 0x7e, 0x25,
-	0x3f, 0x08, 0x9b, 0x8e, 0xe7, 0xbe, 0x46, 0xea, 0x8a, 0x8b, 0xd8, 0x5e, 0xa8, 0xaf, 0x74, 0xa5,
-	0x1b, 0x05, 0x67, 0x3d, 0x47, 0x27, 0x74, 0x2b, 0x24, 0x75, 0xb7, 0x16, 0x9b, 0xd4, 0x20, 0x39,
-	0xa1, 0x57, 0xbb, 0x30, 0x70, 0xc6, 0x53, 0x68, 0x16, 0xc6, 0x65, 0x8d, 0x18, 0x59, 0x57, 0x71,
-	0x38, 0x59, 0x9c, 0x0d, 0x27, 0xc1, 0x38, 0x8d, 0x4f, 0x85, 0x64, 0x53, 0x54, 0x85, 0x65, 0xbb,
-	0x11, 0x43, 0x48, 0xca, 0x6a, 0xb1, 0x58, 0x61, 0xd8, 0x1f, 0x2c, 0x52, 0xa5, 0xde, 0xa3, 0xf8,
-	0xf2, 0x5d, 0x8b, 0xda, 0x4e, 0xce, 0xc8, 0x81, 0x3e, 0x66, 0xe4, 0xb3, 0x30, 0x72, 0x23, 0x0a,
-	0x7c, 0x15, 0x11, 0x5d, 0xea, 0x19, 0x11, 0x6d, 0x60, 0x65, 0x47, 0x44, 0x0f, 0xe6, 0x15, 0x11,
-	0x3d, 0x74, 0x87, 0x11, 0xd1, 0xbf, 0x5f, 0x02, 0x75, 0xc5, 0xe5, 0x15, 0x12, 0xdf, 0x0c, 0xc2,
-	0x2d, 0xd7, 0x6f, 0xb0, 0x7a, 0x27, 0x5f, 0xb0, 0x64, 0xc9, 0x94, 0x25, 0x33, 0x53, 0x78, 0x23,
-	0xa7, 0x6b, 0x0a, 0x13, 0xcc, 0xa6, 0xd7, 0x0c, 0x46, 0x3c, 0xb2, 0x26, 0x55, 0x9a, 0x45, 0x1c,
-	0x1a, 0x24, 0x7a, 0x84, 0x7e, 0x12, 0x40, 0xba, 0xe4, 0x37, 0xa4, 0x04, 0x5e, 0xcc, 0xa7, 0x7f,
-	0x98, 0x6c, 0x68, 0x93, 0x7a, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0x51, 0x9d, 0x45, 0xcd, 0x53,
-	0xa7, 0xde, 0x7b, 0x24, 0x63, 0xd3, 0x4f, 0x0e, 0x35, 0x86, 0x21, 0xd7, 0x6f, 0xd0, 0x79, 0x22,
-	0x22, 0x47, 0xdf, 0x96, 0x55, 0x4e, 0x6b, 0x29, 0x70, 0xea, 0x73, 0x8e, 0xe7, 0xf8, 0x35, 0x12,
-	0x2e, 0x72, 0x74, 0xad, 0x41, 0x45, 0x03, 0x96, 0x84, 0xba, 0xee, 0xe1, 0x2c, 0xf5, 0x73, 0x0f,
-	0xe7, 0xe9, 0x1f, 0x81, 0x89, 0xae, 0x8f, 0x79, 0xa0, 0x94, 0xe9, 0x43, 0x14, 0xd2, 0xfa, 0xcd,
-	0x41, 0xad, 0xb4, 0xae, 0x04, 0x75, 0x7e, 0xad, 0x63, 0xa8, 0xbf, 0xa8, 0x30, 0x99, 0x73, 0x9c,
-	0x22, 0x4a, 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xe7, 0x68, 0xcb, 0x09, 0x89, 0x7f, 0xd4, 0x73,
-	0x74, 0x55, 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x99, 0xc8, 0xed, 0x3b, 0x7f, 0xf8, 0xdc, 0x3e, 0x56,
-	0xdc, 0x34, 0xeb, 0xf6, 0xb3, 0xd7, 0x2d, 0x18, 0xf3, 0x13, 0x33, 0x37, 0x9f, 0x70, 0xfe, 0xec,
-	0x55, 0xc1, 0x6f, 0x48, 0x4e, 0xb6, 0xe1, 0x14, 0xff, 0x2c, 0x95, 0x56, 0x3a, 0xa0, 0x4a, 0xd3,
-	0xd7, 0xca, 0x0e, 0xf6, 0xba, 0x56, 0x16, 0xf9, 0xea, 0xbe, 0xef, 0xa1, 0x3c, 0xca, 0x91, 0x24,
-	0x2e, 0xfb, 0x86, 0x8c, 0x8b, 0xbe, 0xaf, 0x9b, 0xa9, 0xbf, 0x07, 0xbf, 0xf7, 0x79, 0xb4, 0x57,
-	0x8a, 0xb0, 0xfd, 0x7f, 0x06, 0xe0, 0x98, 0x1c, 0x11, 0x99, 0x0a, 0x44, 0xf5, 0x23, 0xe7, 0xab,
-	0x6d, 0x65, 0xa5, 0x1f, 0x2f, 0x4a, 0x00, 0xd6, 0x38, 0xd4, 0x1e, 0x6b, 0x47, 0x64, 0xa5, 0x45,
-	0xfc, 0x25, 0x77, 0x3d, 0x12, 0xc7, 0xef, 0x6a, 0xa1, 0x5c, 0xd5, 0x20, 0x6c, 0xe2, 0xb1, 0xfc,
-	0x64, 0xc3, 0x68, 0x35, 0xf3, 0x93, 0x85, 0xa1, 0x2a, 0xe1, 0xe8, 0xb3, 0x99, 0xb7, 0x41, 0xe4,
-	0x93, 0x40, 0xdb, 0x95, 0x01, 0x75, 0xb0, 0x6b, 0x20, 0xd0, 0x3f, 0xb2, 0xe0, 0x24, 0x6f, 0x95,
-	0x23, 0x79, 0xb5, 0x55, 0x77, 0x62, 0x12, 0xe5, 0x73, 0x73, 0x56, 0x46, 0xff, 0xb4, 0x17, 0x3d,
-	0x8b, 0x2d, 0xce, 0xee, 0x0d, 0xfa, 0x94, 0x05, 0xe3, 0x5b, 0x89, 0x9a, 0x56, 0x52, 0x75, 0x1c,
-	0xb6, 0xdc, 0x4c, 0x82, 0xa8, 0x5e, 0x6a, 0xc9, 0xf6, 0x08, 0xa7, 0xb9, 0xdb, 0x7f, 0x69, 0x81,
-	0x29, 0x46, 0xef, 0x7e, 0x29, 0xac, 0x83, 0x9b, 0x82, 0xd2, 0xba, 0x2c, 0xf5, 0xb4, 0x2e, 0x1f,
-	0x81, 0x62, 0xdb, 0xad, 0x8b, 0xfd, 0x85, 0x3e, 0xf0, 0x5f, 0x5c, 0xc0, 0xb4, 0xdd, 0xfe, 0x66,
-	0x49, 0xbb, 0x41, 0x44, 0x7e, 0xea, 0x77, 0xc5, 0x6b, 0x6f, 0xa8, 0x1a, 0xb7, 0xfc, 0xcd, 0xaf,
-	0x74, 0xd5, 0xb8, 0xfd, 0xa1, 0x83, 0xa7, 0x1f, 0xf3, 0x01, 0xea, 0x55, 0xe2, 0x76, 0x68, 0x9f,
-	0xdc, 0xe3, 0x1b, 0x50, 0xa6, 0x5b, 0x30, 0xe6, 0xcf, 0x2c, 0x27, 0x3a, 0x55, 0xbe, 0x28, 0xda,
-	0x6f, 0xef, 0x4e, 0xfd, 0xe0, 0xc1, 0xbb, 0x25, 0x9f, 0xc6, 0x8a, 0x3e, 0x8a, 0xa0, 0x42, 0x7f,
-	0xb3, 0x34, 0x69, 0xb1, 0xb9, 0xbb, 0xaa, 0x64, 0xa6, 0x04, 0xe4, 0x92, 0x83, 0xad, 0xf9, 0x20,
-	0x1f, 0x2a, 0x14, 0x91, 0x33, 0xe5, 0x7b, 0xc0, 0x55, 0x95, 0xac, 0x2c, 0x01, 0xb7, 0x77, 0xa7,
-	0x5e, 0x38, 0x38, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0x0c, 0xd5, 0x38, 0xdc, 0xf3, 0xc6, 0xf5, 0xff,
-	0x3b, 0xa0, 0xe7, 0xb7, 0x28, 0x7f, 0xfc, 0x5d, 0x31, 0xbf, 0x9f, 0x4f, 0xcd, 0xef, 0x33, 0x5d,
-	0xf3, 0x7b, 0x8c, 0x8e, 0x59, 0x46, 0x51, 0xe6, 0xbb, 0x6d, 0x2c, 0xec, 0xef, 0x93, 0x60, 0x56,
-	0xd2, 0xab, 0x6d, 0x37, 0x24, 0xd1, 0x6a, 0xd8, 0xf6, 0x5d, 0xbf, 0xc1, 0xa6, 0x6c, 0xd9, 0xb4,
-	0x92, 0x12, 0x60, 0x9c, 0xc6, 0xa7, 0x1b, 0x7f, 0x3a, 0x2f, 0xae, 0x3b, 0xdb, 0x7c, 0xe6, 0x19,
-	0xa5, 0x27, 0xab, 0xa2, 0x1d, 0x2b, 0x0c, 0xb4, 0x09, 0x0f, 0x4b, 0x02, 0x0b, 0xc4, 0x23, 0xf4,
-	0x85, 0x58, 0x20, 0x63, 0xd8, 0xe4, 0x69, 0x06, 0x3c, 0x16, 0xe5, 0xad, 0x82, 0xc2, 0xc3, 0x78,
-	0x0f, 0x5c, 0xbc, 0x27, 0x25, 0xfb, 0x8b, 0x2c, 0x74, 0xc1, 0xa8, 0x16, 0x41, 0x67, 0x9f, 0xe7,
-	0x36, 0x5d, 0x59, 0x21, 0x53, 0xcd, 0xbe, 0x25, 0xda, 0x88, 0x39, 0x0c, 0xdd, 0x84, 0xa1, 0x75,
-	0x7e, 0x13, 0x7b, 0x3e, 0x37, 0x20, 0x89, 0x6b, 0xdd, 0x59, 0x75, 0x6c, 0x79, 0xc7, 0xfb, 0x6d,
-	0xfd, 0x13, 0x4b, 0x6e, 0xf6, 0xd7, 0x4a, 0x30, 0x2e, 0xc3, 0xcb, 0x2e, 0xba, 0x11, 0x8b, 0x48,
-	0x30, 0xaf, 0x0c, 0x28, 0xec, 0x7b, 0x65, 0xc0, 0x7b, 0x00, 0xea, 0xa4, 0xe5, 0x05, 0x1d, 0x66,
-	0x1c, 0x0e, 0x1c, 0xd8, 0x38, 0x54, 0xfb, 0x89, 0x05, 0x45, 0x05, 0x1b, 0x14, 0x45, 0x59, 0x50,
-	0x7e, 0x03, 0x41, 0xaa, 0x2c, 0xa8, 0x71, 0x4f, 0xda, 0xe0, 0xdd, 0xbd, 0x27, 0xcd, 0x85, 0x71,
-	0xde, 0x45, 0x55, 0x93, 0xe1, 0x0e, 0x4a, 0x2f, 0xb0, 0xac, 0xb6, 0x85, 0x24, 0x19, 0x9c, 0xa6,
-	0x6b, 0x5e, 0x82, 0x56, 0xbe, 0xdb, 0x97, 0xa0, 0xbd, 0x1d, 0x2a, 0xf2, 0x3b, 0x47, 0x93, 0x15,
-	0x5d, 0x2f, 0x48, 0x4e, 0x83, 0x08, 0x6b, 0x78, 0x57, 0x79, 0x19, 0xb8, 0x57, 0xe5, 0x65, 0xec,
-	0xd7, 0x8b, 0x74, 0x57, 0xc1, 0xfb, 0x75, 0xe0, 0x3b, 0x04, 0x2f, 0x1a, 0x77, 0x08, 0x1e, 0xec,
-	0x7b, 0x96, 0x53, 0x77, 0x0d, 0x3e, 0x0c, 0x03, 0xb1, 0xd3, 0x90, 0x49, 0xb8, 0x0c, 0xba, 0xe6,
-	0x34, 0x22, 0xcc, 0x5a, 0x0f, 0x52, 0x45, 0xf9, 0x05, 0x18, 0x8d, 0xdc, 0x86, 0xef, 0xc4, 0xed,
-	0x90, 0x18, 0xe7, 0x97, 0x3a, 0x48, 0xc7, 0x04, 0xe2, 0x24, 0x2e, 0xfa, 0x90, 0x05, 0x10, 0x12,
-	0xb5, 0x67, 0x19, 0xcc, 0x63, 0x0e, 0x29, 0x31, 0x20, 0xe9, 0x9a, 0x65, 0x41, 0xd4, 0x5e, 0xc5,
-	0x60, 0x6b, 0x7f, 0xc4, 0x82, 0x89, 0xae, 0xa7, 0x50, 0x0b, 0x06, 0x6b, 0xec, 0xa6, 0xc7, 0x7c,
-	0xea, 0x4e, 0x26, 0x6f, 0x8d, 0xe4, 0xca, 0x89, 0xb7, 0x61, 0xc1, 0xc7, 0xfe, 0xf2, 0x08, 0x9c,
-	0xa8, 0xce, 0x2f, 0xcb, 0x7b, 0x7f, 0x8e, 0x2c, 0xab, 0x38, 0x8b, 0xc7, 0xdd, 0xcb, 0x2a, 0xee,
-	0xc1, 0xdd, 0x33, 0xb2, 0x8a, 0x3d, 0x23, 0xab, 0x38, 0x99, 0xe2, 0x59, 0xcc, 0x23, 0xc5, 0x33,
-	0xab, 0x07, 0xfd, 0xa4, 0x78, 0x1e, 0x59, 0x9a, 0xf1, 0x9e, 0x1d, 0x3a, 0x50, 0x9a, 0xb1, 0xca,
-	0xc1, 0xce, 0x25, 0xa3, 0xac, 0xc7, 0xa7, 0xca, 0xcc, 0xc1, 0x56, 0xf9, 0xaf, 0x3c, 0x5b, 0x52,
-	0x28, 0xbd, 0x97, 0xf3, 0xef, 0x40, 0x1f, 0xf9, 0xaf, 0x22, 0x61, 0xd3, 0xcc, 0xb9, 0x1e, 0xca,
-	0x23, 0xe7, 0x3a, 0xab, 0x3b, 0xfb, 0xe6, 0x5c, 0xbf, 0x00, 0xa3, 0x35, 0x2f, 0xf0, 0xc9, 0x6a,
-	0x18, 0xc4, 0x41, 0x2d, 0x90, 0xf7, 0x6a, 0xeb, 0x2b, 0x12, 0x4d, 0x20, 0x4e, 0xe2, 0xf6, 0x4a,
-	0xd8, 0xae, 0x1c, 0x36, 0x61, 0x1b, 0xee, 0x51, 0xc2, 0xb6, 0x91, 0x92, 0x3c, 0x9c, 0x47, 0x4a,
-	0x72, 0xd6, 0x17, 0xe9, 0x2b, 0x25, 0xf9, 0x0d, 0x7e, 0xad, 0x3c, 0xdd, 0x8c, 0x70, 0x29, 0xcc,
-	0x8e, 0xe8, 0x86, 0xcf, 0xbe, 0x72, 0x04, 0x13, 0xf6, 0x7a, 0x55, 0xb3, 0x51, 0x57, 0xcd, 0xeb,
-	0x26, 0x9c, 0xec, 0xc8, 0x61, 0xd2, 0x98, 0x3f, 0x57, 0x80, 0xef, 0xd9, 0xb7, 0x0b, 0xe8, 0x26,
-	0x40, 0xec, 0x34, 0xc4, 0x44, 0x15, 0x07, 0x59, 0x87, 0x8c, 0x2b, 0x5e, 0x93, 0xf4, 0x44, 0x8a,
-	0x9d, 0x22, 0x8f, 0x0d, 0x56, 0x2c, 0x9c, 0x38, 0xf0, 0xba, 0x4a, 0x46, 0xe3, 0xc0, 0x23, 0x98,
-	0x41, 0xa8, 0x21, 0x14, 0x92, 0x06, 0x35, 0xee, 0x8b, 0x49, 0x43, 0x08, 0xb3, 0x56, 0x2c, 0xa0,
-	0xe8, 0x39, 0x18, 0x76, 0x3c, 0x8f, 0xa7, 0xfb, 0x91, 0x48, 0xdc, 0x5d, 0xaa, 0x6b, 0xd7, 0x6a,
-	0x10, 0x36, 0xf1, 0xec, 0xbf, 0x28, 0xc0, 0xd4, 0x3e, 0x32, 0xa5, 0x2b, 0xcd, 0xbb, 0xd4, 0x77,
-	0x9a, 0xb7, 0x48, 0x57, 0x1a, 0xec, 0x91, 0xae, 0xf4, 0x1c, 0x0c, 0xc7, 0xc4, 0x69, 0x8a, 0x48,
-	0xc4, 0x74, 0x49, 0xc6, 0x35, 0x0d, 0xc2, 0x26, 0x1e, 0x95, 0x62, 0x63, 0x4e, 0xad, 0x46, 0xa2,
-	0x48, 0xe6, 0x23, 0x09, 0x2f, 0x77, 0x6e, 0xc9, 0x4e, 0xec, 0xf0, 0x60, 0x36, 0xc1, 0x02, 0xa7,
-	0x58, 0xa6, 0x07, 0xbc, 0xd2, 0xe7, 0x80, 0xff, 0x52, 0x01, 0x1e, 0xd9, 0x53, 0xbb, 0xf5, 0x9d,
-	0x2a, 0xd6, 0x8e, 0x48, 0x98, 0x9e, 0x38, 0x57, 0x23, 0x12, 0x62, 0x06, 0xe1, 0xa3, 0xd4, 0x6a,
-	0xa9, 0x28, 0xf2, 0xfc, 0x73, 0x2b, 0xf9, 0x28, 0x25, 0x58, 0xe0, 0x14, 0xcb, 0x3b, 0x9d, 0x96,
-	0x5f, 0x1b, 0x80, 0xc7, 0xfa, 0xb0, 0x01, 0x72, 0xcc, 0x41, 0x4d, 0xe6, 0x57, 0x17, 0xef, 0x51,
-	0x7e, 0xf5, 0x9d, 0x0d, 0xd7, 0x9b, 0x69, 0xd9, 0x7d, 0xe5, 0xba, 0x7e, 0xb1, 0x00, 0xa7, 0x7b,
-	0x1b, 0x2c, 0xe8, 0x87, 0x61, 0x3c, 0x54, 0x21, 0x89, 0x66, 0x6a, 0xf6, 0x71, 0xee, 0xe3, 0x4a,
-	0x80, 0x70, 0x1a, 0x17, 0x4d, 0x03, 0xb4, 0x9c, 0x78, 0x33, 0x3a, 0xb7, 0xe3, 0x46, 0xb1, 0xa8,
-	0x65, 0x37, 0xc6, 0x4f, 0x5e, 0x65, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x21, 0xb8, 0x12,
-	0xc4, 0xfc, 0x21, 0xbe, 0xf5, 0x3c, 0x2e, 0x2f, 0x3a, 0x34, 0x40, 0x38, 0x8d, 0x4b, 0xd9, 0xb1,
-	0xb3, 0x7d, 0xde, 0xd1, 0x01, 0x9d, 0xcc, 0xbd, 0xa4, 0x5a, 0xb1, 0x81, 0x91, 0x4e, 0x3a, 0x2f,
-	0xed, 0x9f, 0x74, 0x6e, 0xff, 0xab, 0x02, 0x9c, 0xea, 0x69, 0xf0, 0xf6, 0x27, 0xa6, 0xee, 0xbf,
-	0xc4, 0xef, 0x3b, 0x5c, 0x61, 0x07, 0x4a, 0x18, 0xb6, 0xff, 0xb4, 0xc7, 0x4c, 0x13, 0xc9, 0xc0,
-	0x77, 0x5e, 0x37, 0xe5, 0xfe, 0x1b, 0xcf, 0xae, 0xfc, 0xdf, 0x81, 0x03, 0xe4, 0xff, 0xa6, 0x3e,
-	0x46, 0xa9, 0x4f, 0xed, 0xf0, 0x5f, 0x07, 0x7a, 0x0e, 0x2f, 0xdd, 0x20, 0xf7, 0x75, 0x82, 0xb0,
-	0x00, 0xc7, 0x5c, 0x9f, 0x5d, 0x5d, 0x5b, 0x6d, 0xaf, 0x8b, 0xf2, 0x66, 0xbc, 0x86, 0xaf, 0xca,
-	0xbe, 0x59, 0x4c, 0xc1, 0x71, 0xd7, 0x13, 0xf7, 0x61, 0x3e, 0xf6, 0x9d, 0x0d, 0xe9, 0x01, 0x25,
-	0xf7, 0x0a, 0x9c, 0x94, 0x43, 0xb1, 0xe9, 0x84, 0xa4, 0x2e, 0x94, 0x6d, 0x24, 0xf2, 0xad, 0x4e,
-	0xf1, 0x9c, 0xad, 0x0c, 0x04, 0x9c, 0xfd, 0x1c, 0xbb, 0x67, 0x34, 0x68, 0xb9, 0x35, 0xb1, 0x15,
-	0xd4, 0xf7, 0x8c, 0xd2, 0x46, 0xcc, 0x61, 0x5a, 0x5f, 0x54, 0xee, 0x8e, 0xbe, 0x78, 0x0f, 0x54,
-	0xd4, 0x78, 0xf3, 0x9c, 0x0a, 0x35, 0xc9, 0xbb, 0x72, 0x2a, 0xd4, 0x0c, 0x37, 0xb0, 0xf6, 0xbb,
-	0xce, 0xff, 0x19, 0x18, 0x51, 0xbe, 0xc0, 0x7e, 0x6f, 0x7b, 0xb5, 0xff, 0x5f, 0x01, 0x52, 0x17,
-	0x9b, 0xa1, 0x1d, 0xa8, 0xd4, 0xe5, 0x85, 0xfa, 0xf9, 0xd4, 0x90, 0x56, 0xf7, 0xf3, 0xeb, 0x83,
-	0x30, 0xd5, 0x84, 0x35, 0x33, 0xf4, 0x3e, 0x5e, 0xae, 0x59, 0xb0, 0x2e, 0xe4, 0x91, 0x93, 0x5f,
-	0x55, 0xf4, 0xcc, 0xeb, 0x1c, 0x65, 0x1b, 0x36, 0xf8, 0xa1, 0x18, 0x2a, 0x9b, 0xf2, 0x02, 0xb7,
-	0x7c, 0xc4, 0x9d, 0xba, 0x0f, 0x8e, 0x9b, 0x68, 0xea, 0x2f, 0xd6, 0x8c, 0xec, 0x3f, 0x29, 0xc0,
-	0x89, 0xe4, 0x07, 0x10, 0x07, 0x97, 0xbf, 0x62, 0xc1, 0x83, 0x9e, 0x13, 0xc5, 0xd5, 0x36, 0xdb,
-	0x28, 0x6c, 0xb4, 0xbd, 0x95, 0x54, 0x65, 0xef, 0xc3, 0x3a, 0x5b, 0x14, 0xe1, 0xf4, 0x85, 0x7f,
-	0x73, 0x0f, 0xdd, 0xda, 0x9d, 0x7a, 0x70, 0x29, 0x9b, 0x39, 0xee, 0xd5, 0x2b, 0xf4, 0xba, 0x05,
-	0xc7, 0x6a, 0xed, 0x30, 0x24, 0x7e, 0xac, 0xbb, 0xca, 0xbf, 0xe2, 0x95, 0x5c, 0x06, 0x52, 0x77,
-	0xf0, 0x04, 0x15, 0xa8, 0xf3, 0x29, 0x5e, 0xb8, 0x8b, 0xbb, 0xfd, 0xf3, 0x54, 0x73, 0xf6, 0x7c,
-	0xcf, 0xbf, 0x66, 0x37, 0x14, 0xfe, 0xd9, 0x20, 0x8c, 0x26, 0xca, 0x97, 0x27, 0x0e, 0xfb, 0xac,
-	0x7d, 0x0f, 0xfb, 0x58, 0x86, 0x60, 0xdb, 0x97, 0x97, 0xb7, 0x1b, 0x19, 0x82, 0x6d, 0x9f, 0x60,
-	0x0e, 0x13, 0x43, 0x8a, 0xdb, 0xbe, 0xc8, 0x05, 0x30, 0x87, 0x14, 0xb7, 0x7d, 0x2c, 0xa0, 0xe8,
-	0x03, 0x16, 0x8c, 0xb0, 0xc5, 0x27, 0x8e, 0x4a, 0x85, 0x42, 0xbb, 0x94, 0xc3, 0x72, 0x97, 0xa5,
-	0xfa, 0x59, 0xec, 0xa8, 0xd9, 0x82, 0x13, 0x1c, 0xd1, 0x87, 0x2d, 0xa8, 0xa8, 0x9b, 0x62, 0xc5,
-	0xd9, 0x48, 0x35, 0xdf, 0xea, 0xf0, 0x29, 0xa9, 0xa7, 0xca, 0x74, 0x63, 0xcd, 0x18, 0x45, 0xea,
-	0x1c, 0x73, 0xe8, 0x68, 0xce, 0x31, 0x21, 0xe3, 0x0c, 0xf3, 0xed, 0x50, 0x69, 0x3a, 0xbe, 0xbb,
-	0x41, 0xa2, 0x98, 0x1f, 0x2d, 0xca, 0xcb, 0x40, 0x64, 0x23, 0xd6, 0x70, 0x6a, 0xec, 0x47, 0xec,
-	0xc5, 0x62, 0xe3, 0x2c, 0x90, 0x19, 0xfb, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xf3, 0xe0, 0x12, 0xee,
-	0xe9, 0xc1, 0xe5, 0xf0, 0x3e, 0x07, 0x97, 0x55, 0x38, 0xe9, 0xb4, 0xe3, 0xe0, 0x22, 0x71, 0xbc,
-	0xd9, 0x38, 0x26, 0xcd, 0x56, 0x1c, 0xf1, 0x8a, 0xf7, 0x23, 0xcc, 0x05, 0xac, 0xa2, 0xdd, 0xaa,
-	0xc4, 0xdb, 0xe8, 0x42, 0xc2, 0xd9, 0xcf, 0xda, 0xff, 0xc2, 0x82, 0x93, 0x99, 0x53, 0xe1, 0xfe,
-	0xcd, 0x33, 0xb0, 0x3f, 0x5d, 0x82, 0xe3, 0x19, 0x97, 0x1b, 0xa0, 0x8e, 0xb9, 0x48, 0xac, 0x3c,
-	0x42, 0xf6, 0x92, 0x11, 0x68, 0xf2, 0xdb, 0x64, 0xac, 0x8c, 0x83, 0xc5, 0x22, 0xe8, 0x78, 0x80,
-	0xe2, 0xdd, 0x8d, 0x07, 0x30, 0xe6, 0xfa, 0xc0, 0x3d, 0x9d, 0xeb, 0xa5, 0x7d, 0xe6, 0xfa, 0x97,
-	0x2c, 0x98, 0x6c, 0xf6, 0xb8, 0xa9, 0x4c, 0x9c, 0x27, 0x5d, 0x3b, 0x9a, 0x7b, 0xd0, 0xe6, 0x1e,
-	0xbe, 0xb5, 0x3b, 0xd5, 0xf3, 0x82, 0x38, 0xdc, 0xb3, 0x57, 0xf6, 0xb7, 0x8a, 0xc0, 0xec, 0x35,
-	0x56, 0xc0, 0xba, 0x83, 0xde, 0x6f, 0xde, 0x91, 0x62, 0xe5, 0x75, 0x9f, 0x07, 0x27, 0xae, 0xee,
-	0x58, 0xe1, 0x23, 0x98, 0x75, 0xe5, 0x4a, 0x5a, 0x12, 0x16, 0xfa, 0x90, 0x84, 0x9e, 0xbc, 0x8c,
-	0xa6, 0x98, 0xff, 0x65, 0x34, 0x95, 0xf4, 0x45, 0x34, 0x7b, 0x7f, 0xe2, 0x81, 0xfb, 0xf2, 0x13,
-	0xff, 0x96, 0xc5, 0x05, 0x4f, 0xea, 0x2b, 0x68, 0x73, 0xc3, 0xda, 0xc3, 0xdc, 0x78, 0x12, 0xca,
-	0x91, 0x90, 0xcc, 0xc2, 0x2c, 0xd1, 0xa1, 0x60, 0xa2, 0x1d, 0x2b, 0x0c, 0xba, 0xeb, 0x72, 0x3c,
-	0x2f, 0xb8, 0x79, 0xae, 0xd9, 0x8a, 0x3b, 0xc2, 0x40, 0x51, 0xdb, 0x82, 0x59, 0x05, 0xc1, 0x06,
-	0x16, 0x7a, 0x0c, 0x06, 0x79, 0xa5, 0x09, 0xe1, 0xdc, 0x19, 0xa6, 0xeb, 0x90, 0x97, 0xa1, 0xa8,
-	0x63, 0x01, 0xb2, 0x37, 0xc1, 0xd8, 0x55, 0xdc, 0xf9, 0xed, 0xcf, 0xea, 0x1e, 0xda, 0x42, 0xaf,
-	0x7b, 0x68, 0xed, 0x7f, 0x50, 0x10, 0xac, 0xf8, 0x2e, 0x41, 0x47, 0x06, 0x5a, 0x07, 0x8c, 0x0c,
-	0x7c, 0x1f, 0x40, 0x2d, 0x68, 0xb6, 0xe8, 0xbe, 0x79, 0x2d, 0xc8, 0x67, 0xb3, 0x35, 0xaf, 0xe8,
-	0xe9, 0x51, 0xd5, 0x6d, 0xd8, 0xe0, 0x97, 0x10, 0xed, 0xc5, 0x7d, 0x45, 0x7b, 0x42, 0xca, 0x0d,
-	0xec, 0x2d, 0xe5, 0xec, 0xbf, 0xb0, 0x20, 0x61, 0xf5, 0xa1, 0x16, 0x94, 0x68, 0x77, 0x3b, 0x42,
-	0x60, 0xac, 0xe4, 0x67, 0x62, 0x52, 0x49, 0x2d, 0x56, 0x21, 0xfb, 0x89, 0x39, 0x23, 0xe4, 0x89,
-	0x28, 0xc8, 0x5c, 0x36, 0x3f, 0x26, 0xc3, 0x8b, 0x41, 0xb0, 0xc5, 0x83, 0x89, 0x74, 0x44, 0xa5,
-	0xfd, 0x3c, 0x4c, 0x74, 0x75, 0x8a, 0xdd, 0x18, 0x1d, 0xc8, 0x1d, 0xbc, 0xb1, 0x7a, 0x58, 0xc1,
-	0x07, 0xcc, 0x61, 0xf6, 0x17, 0x2d, 0x38, 0x96, 0x26, 0x8f, 0xde, 0xb0, 0x60, 0x22, 0x4a, 0xd3,
-	0x3b, 0xaa, 0xb1, 0x53, 0xd9, 0x0e, 0x5d, 0x20, 0xdc, 0xdd, 0x09, 0xfb, 0x7f, 0x08, 0x6d, 0x70,
-	0xdd, 0xf5, 0xeb, 0xc1, 0x4d, 0x65, 0x27, 0x59, 0x3d, 0xed, 0x24, 0x2a, 0x1e, 0x6a, 0x9b, 0xa4,
-	0xde, 0xf6, 0xba, 0xca, 0x50, 0x54, 0x45, 0x3b, 0x56, 0x18, 0x2c, 0xeb, 0xbe, 0x2d, 0xf6, 0xad,
-	0xa9, 0x49, 0xb9, 0x20, 0xda, 0xb1, 0xc2, 0x40, 0xcf, 0xc2, 0x88, 0xf1, 0x92, 0x72, 0x5e, 0xb2,
-	0x4d, 0x87, 0xa1, 0xc1, 0x23, 0x9c, 0xc0, 0x42, 0xd3, 0x00, 0xca, 0xe6, 0x92, 0x1a, 0x9b, 0x39,
-	0xda, 0x95, 0x60, 0x8c, 0xb0, 0x81, 0xc1, 0x6a, 0x5c, 0x78, 0xed, 0x88, 0x9d, 0x24, 0x0f, 0xea,
-	0x0b, 0x1d, 0xe6, 0x45, 0x1b, 0x56, 0x50, 0x2a, 0xdc, 0x9a, 0x8e, 0xdf, 0x76, 0x3c, 0x3a, 0x42,
-	0xc2, 0x75, 0xa6, 0x96, 0xe1, 0xb2, 0x82, 0x60, 0x03, 0x8b, 0xbe, 0x71, 0xec, 0x36, 0xc9, 0x4b,
-	0x81, 0x2f, 0xa3, 0xd4, 0x75, 0x70, 0x81, 0x68, 0xc7, 0x0a, 0x03, 0x3d, 0x0f, 0xc3, 0x8e, 0x5f,
-	0xe7, 0x06, 0x62, 0x10, 0x8a, 0x33, 0x4a, 0xb5, 0xfb, 0xbc, 0x1a, 0x91, 0x59, 0x0d, 0xc5, 0x26,
-	0x6a, 0xfa, 0x36, 0x0b, 0xe8, 0xf3, 0xb6, 0xbc, 0x3f, 0xb7, 0x60, 0x5c, 0x17, 0x2d, 0x62, 0x1e,
-	0xb6, 0x84, 0x6b, 0xd1, 0xda, 0xd7, 0xb5, 0x98, 0xac, 0x5d, 0x52, 0xe8, 0xab, 0x76, 0x89, 0x59,
-	0x56, 0xa4, 0xb8, 0x67, 0x59, 0x91, 0xef, 0x85, 0xa1, 0x2d, 0xd2, 0x31, 0xea, 0x8f, 0x30, 0xe5,
-	0x70, 0x99, 0x37, 0x61, 0x09, 0x43, 0x36, 0x0c, 0xd6, 0x1c, 0x55, 0xc3, 0x70, 0x44, 0xc4, 0xa6,
-	0xcd, 0x32, 0x24, 0x01, 0xb1, 0x57, 0xa0, 0xa2, 0x0e, 0xf5, 0xa5, 0xa7, 0xcf, 0xca, 0xf6, 0xf4,
-	0xf5, 0x55, 0xde, 0x60, 0x6e, 0xfd, 0xab, 0xdf, 0x7e, 0xf4, 0x2d, 0x7f, 0xf8, 0xed, 0x47, 0xdf,
-	0xf2, 0xc7, 0xdf, 0x7e, 0xf4, 0x2d, 0x1f, 0xb8, 0xf5, 0xa8, 0xf5, 0xd5, 0x5b, 0x8f, 0x5a, 0x7f,
-	0x78, 0xeb, 0x51, 0xeb, 0x8f, 0x6f, 0x3d, 0x6a, 0x7d, 0xeb, 0xd6, 0xa3, 0xd6, 0xeb, 0xff, 0xe5,
-	0xd1, 0xb7, 0xbc, 0x94, 0x99, 0x17, 0x41, 0x7f, 0x3c, 0x55, 0xab, 0xcf, 0x6c, 0x3f, 0xc3, 0x42,
-	0xf3, 0xe9, 0x7a, 0x9e, 0x31, 0x26, 0xf1, 0x8c, 0x5c, 0xcf, 0xff, 0x3f, 0x00, 0x00, 0xff, 0xff,
-	0xae, 0x1f, 0x8f, 0xcd, 0xce, 0xff, 0x00, 0x00,
+	0x0d, 0x52, 0x8b, 0xd1, 0x7b, 0xa1, 0x4c, 0x49, 0xd5, 0x9d, 0xd8, 0x61, 0x13, 0x33, 0x7c, 0xf6,
+	0x07, 0xfb, 0x63, 0xbc, 0xb2, 0x4e, 0xfb, 0x2f, 0x93, 0xd8, 0x99, 0x43, 0xe2, 0x01, 0x41, 0xb7,
+	0x61, 0x45, 0x15, 0xf9, 0x30, 0x10, 0xb5, 0x48, 0x8d, 0x4d, 0xc6, 0xf0, 0xd9, 0xa5, 0xe9, 0xc3,
+	0x7c, 0xe9, 0xd3, 0x7a, 0xe4, 0xd5, 0x16, 0xa9, 0xcd, 0x8d, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66,
+	0x7c, 0xd0, 0xb6, 0x7a, 0xd1, 0x7c, 0x22, 0xaf, 0xe4, 0xc6, 0x91, 0x51, 0x9d, 0x1b, 0x4b, 0x2e,
+	0x1c, 0xf9, 0xde, 0xed, 0x6f, 0x59, 0x30, 0xa6, 0x91, 0x97, 0xdc, 0x28, 0x46, 0x3f, 0xd9, 0x35,
+	0xb9, 0xd3, 0xfd, 0x4d, 0x2e, 0xed, 0xcd, 0xa6, 0xf6, 0x98, 0x60, 0x56, 0x96, 0x2d, 0xc6, 0xc4,
+	0x36, 0xa1, 0xe4, 0xc6, 0xa4, 0x19, 0x4d, 0x16, 0xce, 0x14, 0x9f, 0x18, 0x3e, 0x7b, 0x31, 0xaf,
+	0xe7, 0x9c, 0x1b, 0x15, 0x4c, 0x4b, 0x8b, 0x94, 0x3c, 0xe6, 0x5c, 0xec, 0xbf, 0x1a, 0x35, 0x9f,
+	0x8f, 0x4e, 0x38, 0x7a, 0x1a, 0x86, 0xa3, 0xa0, 0x1d, 0xd6, 0x08, 0x26, 0xad, 0x80, 0x7e, 0x58,
+	0x45, 0xba, 0xdc, 0xe9, 0x07, 0x5f, 0xd5, 0xcd, 0xd8, 0xc4, 0x41, 0x9f, 0xb2, 0x60, 0xa4, 0x4e,
+	0xa2, 0xd8, 0xf5, 0x19, 0x7f, 0x39, 0xf8, 0xb5, 0x43, 0x0f, 0x5e, 0x36, 0x2e, 0x68, 0xe2, 0x73,
+	0x27, 0xc4, 0x83, 0x8c, 0x18, 0x8d, 0x11, 0x4e, 0xf0, 0xa7, 0x82, 0xab, 0x4e, 0xa2, 0x5a, 0xe8,
+	0xb6, 0xe8, 0x7f, 0x21, 0x5a, 0x94, 0xe0, 0x5a, 0xd0, 0x20, 0x6c, 0xe2, 0x21, 0x1f, 0x4a, 0x54,
+	0x30, 0x45, 0x93, 0x03, 0x6c, 0xfc, 0x8b, 0x87, 0x1b, 0xbf, 0x98, 0x54, 0x2a, 0xf3, 0xf4, 0xec,
+	0xd3, 0x7f, 0x11, 0xe6, 0x6c, 0xd0, 0x27, 0x2d, 0x98, 0x14, 0x82, 0x13, 0x13, 0x3e, 0xa1, 0xd7,
+	0x37, 0xdd, 0x98, 0x78, 0x6e, 0x14, 0x4f, 0x96, 0xd8, 0x18, 0x66, 0xfa, 0x5b, 0x5b, 0x17, 0xc2,
+	0xa0, 0xdd, 0xba, 0xec, 0xfa, 0xf5, 0xb9, 0x33, 0x82, 0xd3, 0xe4, 0x7c, 0x0f, 0xc2, 0xb8, 0x27,
+	0x4b, 0xf4, 0x19, 0x0b, 0x4e, 0xfb, 0x4e, 0x93, 0x44, 0x2d, 0x87, 0xbe, 0x5a, 0x0e, 0x9e, 0xf3,
+	0x9c, 0xda, 0x16, 0x1b, 0xd1, 0xe0, 0x9d, 0x8d, 0xc8, 0x16, 0x23, 0x3a, 0x7d, 0xa5, 0x27, 0x69,
+	0xbc, 0x07, 0x5b, 0xf4, 0xcb, 0x16, 0x4c, 0x04, 0x61, 0x6b, 0xd3, 0xf1, 0x49, 0x5d, 0x42, 0xa3,
+	0xc9, 0x21, 0xf6, 0xe9, 0xbd, 0xe7, 0x70, 0xaf, 0x68, 0x25, 0x4d, 0x76, 0x39, 0xf0, 0xdd, 0x38,
+	0x08, 0xab, 0x24, 0x8e, 0x5d, 0xbf, 0x11, 0xcd, 0x9d, 0xbc, 0xb5, 0x3b, 0x35, 0xd1, 0x85, 0x85,
+	0xbb, 0xc7, 0x83, 0x7e, 0x0a, 0x86, 0xa3, 0x8e, 0x5f, 0xbb, 0xee, 0xfa, 0xf5, 0xe0, 0x66, 0x34,
+	0x59, 0xce, 0xe3, 0xf3, 0xad, 0x2a, 0x82, 0xe2, 0x03, 0xd4, 0x0c, 0xb0, 0xc9, 0x2d, 0xfb, 0xc5,
+	0xe9, 0xa5, 0x54, 0xc9, 0xfb, 0xc5, 0xe9, 0xc5, 0xb4, 0x07, 0x5b, 0xf4, 0x73, 0x16, 0x8c, 0x46,
+	0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x2e, 0x93, 0x4e, 0x34, 0x09, 0x6c, 0x20, 0x97, 0x0e, 0x39,
+	0x2b, 0x06, 0xc9, 0xb9, 0x93, 0x62, 0x8c, 0xa3, 0x66, 0x6b, 0x84, 0x93, 0x7c, 0xb3, 0x3e, 0x34,
+	0xbd, 0xac, 0x87, 0xf3, 0xfd, 0xd0, 0xf4, 0xa2, 0xee, 0xc9, 0x12, 0xfd, 0x38, 0x1c, 0xe3, 0x4d,
+	0x6a, 0x66, 0xa3, 0xc9, 0x11, 0x26, 0x68, 0x4f, 0xdc, 0xda, 0x9d, 0x3a, 0x56, 0x4d, 0xc1, 0x70,
+	0x17, 0x36, 0x7a, 0x15, 0xa6, 0x5a, 0x24, 0x6c, 0xba, 0xf1, 0x8a, 0xef, 0x75, 0xa4, 0xf8, 0xae,
+	0x05, 0x2d, 0x52, 0x17, 0xc3, 0x89, 0x26, 0x47, 0xcf, 0x58, 0x4f, 0x94, 0xe7, 0xde, 0x26, 0x86,
+	0x39, 0xb5, 0xba, 0x37, 0x3a, 0xde, 0x8f, 0x1e, 0xfa, 0xaa, 0x05, 0xa7, 0x0d, 0x29, 0x5b, 0x25,
+	0xe1, 0xb6, 0x5b, 0x23, 0xb3, 0xb5, 0x5a, 0xd0, 0xf6, 0xe3, 0x68, 0x72, 0x8c, 0x4d, 0xe3, 0xfa,
+	0x51, 0xc8, 0xfc, 0x24, 0x2b, 0xbd, 0x2e, 0x7b, 0xa2, 0x44, 0x78, 0x8f, 0x91, 0xda, 0xbf, 0x5f,
+	0x80, 0x63, 0x69, 0x0b, 0x00, 0xfd, 0x43, 0x0b, 0xc6, 0x6f, 0xdc, 0x8c, 0xd7, 0x82, 0x2d, 0xe2,
+	0x47, 0x73, 0x1d, 0x2a, 0xa7, 0x99, 0xee, 0x1b, 0x3e, 0x5b, 0xcb, 0xd7, 0xd6, 0x98, 0xbe, 0x94,
+	0xe4, 0x72, 0xce, 0x8f, 0xc3, 0xce, 0xdc, 0x83, 0xe2, 0x99, 0xc6, 0x2f, 0x5d, 0x5f, 0x33, 0xa1,
+	0x38, 0x3d, 0xa8, 0xd3, 0x1f, 0xb7, 0xe0, 0x44, 0x16, 0x09, 0x74, 0x0c, 0x8a, 0x5b, 0xa4, 0xc3,
+	0x2d, 0x61, 0x4c, 0x7f, 0xa2, 0x97, 0xa1, 0xb4, 0xed, 0x78, 0x6d, 0x22, 0xcc, 0xb4, 0x0b, 0x87,
+	0x7b, 0x10, 0x35, 0x32, 0xcc, 0xa9, 0xfe, 0x70, 0xe1, 0x79, 0xcb, 0xfe, 0x83, 0x22, 0x0c, 0x1b,
+	0x2f, 0xed, 0x2e, 0x98, 0x9e, 0x41, 0xc2, 0xf4, 0x5c, 0xce, 0x6d, 0xbd, 0xf5, 0xb4, 0x3d, 0x6f,
+	0xa6, 0x6c, 0xcf, 0x95, 0xfc, 0x58, 0xee, 0x69, 0x7c, 0xa2, 0x18, 0x2a, 0x41, 0x8b, 0x6e, 0xd1,
+	0xa8, 0x0d, 0x33, 0x90, 0xc7, 0x2b, 0x5c, 0x91, 0xe4, 0xe6, 0x46, 0x6f, 0xed, 0x4e, 0x55, 0xd4,
+	0x5f, 0xac, 0x19, 0xd9, 0xdf, 0xb4, 0xe0, 0x84, 0x31, 0xc6, 0xf9, 0xc0, 0xaf, 0xb3, 0x8d, 0x06,
+	0x3a, 0x03, 0x03, 0x71, 0xa7, 0x25, 0xb7, 0x81, 0x6a, 0xa6, 0xd6, 0x3a, 0x2d, 0x82, 0x19, 0xe4,
+	0x7e, 0xdf, 0x25, 0x7d, 0xc6, 0x82, 0x07, 0xb2, 0x05, 0x0c, 0x7a, 0x1c, 0x06, 0xb9, 0x0f, 0x40,
+	0x3c, 0x9d, 0x7e, 0x25, 0xac, 0x15, 0x0b, 0x28, 0x9a, 0x81, 0x8a, 0x52, 0x78, 0xe2, 0x19, 0x27,
+	0x04, 0x6a, 0x45, 0x6b, 0x49, 0x8d, 0x43, 0x27, 0x8d, 0xfe, 0x11, 0x26, 0xa8, 0x9a, 0x34, 0xb6,
+	0x69, 0x66, 0x10, 0xfb, 0x1b, 0x16, 0xbc, 0xb5, 0x1f, 0xb1, 0x77, 0x74, 0x63, 0xac, 0xc2, 0xc9,
+	0x3a, 0xd9, 0x70, 0xda, 0x5e, 0x9c, 0xe4, 0x28, 0x06, 0xfd, 0x88, 0xe8, 0x7c, 0x72, 0x21, 0x0b,
+	0x09, 0x67, 0xf7, 0xb5, 0xff, 0x93, 0xc5, 0xb6, 0xeb, 0xf2, 0xb1, 0xee, 0xc2, 0xd6, 0xc9, 0x4f,
+	0x6e, 0x9d, 0x16, 0x73, 0xfb, 0x4c, 0x7b, 0xec, 0x9d, 0x3e, 0x69, 0xc1, 0x69, 0x03, 0x6b, 0xd9,
+	0x89, 0x6b, 0x9b, 0xe7, 0x76, 0x5a, 0x21, 0x89, 0x22, 0xba, 0xa4, 0x1e, 0x31, 0xc4, 0xf1, 0xdc,
+	0xb0, 0xa0, 0x50, 0xbc, 0x4c, 0x3a, 0x5c, 0x36, 0x3f, 0x09, 0x65, 0xfe, 0xcd, 0x05, 0xa1, 0x78,
+	0x49, 0xea, 0xd9, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xc8, 0x86, 0x41, 0x26, 0x73, 0xa9, 0x0c, 0xa2,
+	0x66, 0x02, 0xd0, 0xf7, 0x7e, 0x8d, 0xb5, 0x60, 0x01, 0xb1, 0xa3, 0xc4, 0x70, 0x56, 0x43, 0xc2,
+	0xd6, 0x43, 0xfd, 0xbc, 0x4b, 0xbc, 0x7a, 0x44, 0xb7, 0x75, 0x8e, 0xef, 0x07, 0xb1, 0xd8, 0xa1,
+	0x19, 0xdb, 0xba, 0x59, 0xdd, 0x8c, 0x4d, 0x1c, 0xca, 0xd4, 0x73, 0xd6, 0x89, 0xc7, 0x67, 0x54,
+	0x30, 0x5d, 0x62, 0x2d, 0x58, 0x40, 0xec, 0x5b, 0x05, 0xb6, 0x81, 0x54, 0x12, 0x8d, 0xdc, 0x0d,
+	0xef, 0x43, 0x98, 0x50, 0x01, 0xab, 0xf9, 0xc9, 0x63, 0xd2, 0xdb, 0x03, 0xf1, 0x5a, 0x4a, 0x0b,
+	0xe0, 0x5c, 0xb9, 0xee, 0xed, 0x85, 0xf8, 0x60, 0x11, 0xa6, 0x92, 0x1d, 0xba, 0x94, 0x08, 0xdd,
+	0xf2, 0x1a, 0x8c, 0xd2, 0xbe, 0x3a, 0x03, 0x1f, 0x9b, 0x78, 0x3d, 0xe4, 0x70, 0xe1, 0x28, 0xe5,
+	0xb0, 0xa9, 0x26, 0x8a, 0xfb, 0xa8, 0x89, 0xc7, 0xd5, 0xac, 0x0f, 0xa4, 0x64, 0x5e, 0x52, 0x55,
+	0x9e, 0x81, 0x81, 0x28, 0x26, 0xad, 0xc9, 0x52, 0x52, 0xcc, 0x56, 0x63, 0xd2, 0xc2, 0x0c, 0x82,
+	0x7e, 0x14, 0xc6, 0x63, 0x27, 0x6c, 0x90, 0x38, 0x24, 0xdb, 0x2e, 0xf3, 0xeb, 0xb2, 0xfd, 0x6c,
+	0x65, 0xee, 0x38, 0xb5, 0xba, 0xd6, 0x18, 0x08, 0x4b, 0x10, 0x4e, 0xe3, 0xda, 0xff, 0xad, 0x00,
+	0x0f, 0x26, 0x5f, 0x81, 0x56, 0x8c, 0x3f, 0x96, 0x50, 0x8c, 0x6f, 0x37, 0x15, 0xe3, 0xed, 0xdd,
+	0xa9, 0x87, 0x7a, 0x74, 0xfb, 0xae, 0xd1, 0x9b, 0xe8, 0x42, 0xea, 0x25, 0xcc, 0x74, 0x79, 0x59,
+	0x1f, 0xe9, 0xf1, 0x8c, 0xa9, 0xb7, 0xf4, 0x38, 0x0c, 0x86, 0xc4, 0x89, 0x02, 0x5f, 0xbc, 0x27,
+	0xf5, 0x36, 0x31, 0x6b, 0xc5, 0x02, 0x6a, 0x7f, 0xbd, 0x92, 0x9e, 0xec, 0x0b, 0xdc, 0x57, 0x1d,
+	0x84, 0xc8, 0x85, 0x01, 0xb6, 0x6b, 0xe3, 0x92, 0xe5, 0xf2, 0xe1, 0xbe, 0x42, 0xaa, 0x45, 0x14,
+	0xe9, 0xb9, 0x32, 0x7d, 0x6b, 0xb4, 0x09, 0x33, 0x16, 0x68, 0x07, 0xca, 0x35, 0xb9, 0x99, 0x2a,
+	0xe4, 0xe1, 0x76, 0x14, 0x5b, 0x29, 0xcd, 0x71, 0x84, 0x8a, 0x7b, 0xb5, 0x03, 0x53, 0xdc, 0x10,
+	0x81, 0x62, 0xc3, 0x8d, 0xc5, 0x6b, 0x3d, 0xe4, 0x76, 0xf9, 0x82, 0x6b, 0x3c, 0xe2, 0x10, 0xd5,
+	0x41, 0x17, 0xdc, 0x18, 0x53, 0xfa, 0xe8, 0xa3, 0x16, 0x0c, 0x47, 0xb5, 0xe6, 0x6a, 0x18, 0x6c,
+	0xbb, 0x75, 0x12, 0x0a, 0x1b, 0xf3, 0x90, 0x92, 0xad, 0x3a, 0xbf, 0x2c, 0x09, 0x6a, 0xbe, 0xdc,
+	0x7d, 0xa1, 0x21, 0xd8, 0xe4, 0x4b, 0xf7, 0x5e, 0x0f, 0x8a, 0x67, 0x5f, 0x20, 0x35, 0xf6, 0xc5,
+	0xc9, 0x3d, 0x33, 0x5b, 0x29, 0x87, 0xb6, 0xb9, 0x17, 0xda, 0xb5, 0x2d, 0xfa, 0xbd, 0xe9, 0x01,
+	0x3d, 0x74, 0x6b, 0x77, 0xea, 0xc1, 0xf9, 0x6c, 0x9e, 0xb8, 0xd7, 0x60, 0xd8, 0x84, 0xb5, 0xda,
+	0x9e, 0x87, 0xc9, 0xab, 0x6d, 0xc2, 0x3c, 0x62, 0x39, 0x4c, 0xd8, 0xaa, 0x26, 0x98, 0x9a, 0x30,
+	0x03, 0x82, 0x4d, 0xbe, 0xe8, 0x55, 0x18, 0x6c, 0x3a, 0x71, 0xe8, 0xee, 0x08, 0x37, 0xd8, 0x21,
+	0x77, 0x41, 0xcb, 0x8c, 0x96, 0x66, 0xce, 0x14, 0x3d, 0x6f, 0xc4, 0x82, 0x11, 0x6a, 0x42, 0xa9,
+	0x49, 0xc2, 0x06, 0x99, 0x2c, 0xe7, 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x0a, 0x35, 0xae,
+	0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0xcb, 0x50, 0x8e, 0x88, 0x47, 0x6a, 0xd4, 0x3c, 0xaa, 0x30, 0x8e,
+	0xcf, 0xf4, 0x69, 0x2a, 0x52, 0xbb, 0xa4, 0x2a, 0xba, 0xf2, 0x0f, 0x4c, 0xfe, 0xc3, 0x8a, 0x24,
+	0x9d, 0xc0, 0x96, 0xd7, 0x6e, 0xb8, 0xfe, 0x24, 0xe4, 0x31, 0x81, 0xab, 0x8c, 0x56, 0x6a, 0x02,
+	0x79, 0x23, 0x16, 0x8c, 0xec, 0xff, 0x6a, 0x01, 0x4a, 0x0a, 0xb5, 0xbb, 0x60, 0x13, 0xbf, 0x9a,
+	0xb4, 0x89, 0x97, 0xf2, 0x34, 0x5a, 0x7a, 0x98, 0xc5, 0xbf, 0x51, 0x81, 0x94, 0x3a, 0xb8, 0x42,
+	0xa2, 0x98, 0xd4, 0xdf, 0x14, 0xe1, 0x6f, 0x8a, 0xf0, 0x37, 0x45, 0xb8, 0x12, 0xe1, 0xeb, 0x29,
+	0x11, 0xfe, 0x4e, 0xe3, 0xab, 0xd7, 0xb1, 0x07, 0xaf, 0xa8, 0xe0, 0x04, 0x73, 0x04, 0x06, 0x02,
+	0x95, 0x04, 0x97, 0xaa, 0x2b, 0x57, 0x32, 0x65, 0xf6, 0x2b, 0x49, 0x99, 0x7d, 0x58, 0x16, 0x7f,
+	0x1d, 0xa4, 0xf4, 0x57, 0x2d, 0x78, 0x5b, 0x52, 0x7a, 0xc9, 0x95, 0xb3, 0xd8, 0xf0, 0x83, 0x90,
+	0x2c, 0xb8, 0x1b, 0x1b, 0x24, 0x24, 0x7e, 0x8d, 0x44, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0,
+	0x67, 0x61, 0xe4, 0x46, 0x14, 0xf8, 0xab, 0x81, 0xeb, 0x0b, 0x11, 0x44, 0x77, 0x1c, 0xc7, 0x6e,
+	0xed, 0x4e, 0x8d, 0xd0, 0x19, 0x95, 0xed, 0x38, 0x81, 0x85, 0xe6, 0x61, 0xe2, 0xc6, 0xab, 0xab,
+	0x4e, 0x6c, 0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x7a, 0x31, 0x05, 0xc4, 0xdd, 0xf8,
+	0xf6, 0xdf, 0x29, 0xc0, 0xa9, 0xd4, 0x83, 0x04, 0x9e, 0x17, 0xb4, 0x63, 0xba, 0x27, 0x42, 0x5f,
+	0xb0, 0xe0, 0x58, 0x33, 0xe9, 0xb0, 0x88, 0x84, 0xbb, 0xfb, 0x27, 0x72, 0xd3, 0x11, 0x29, 0x8f,
+	0xc8, 0xdc, 0xa4, 0x98, 0xa1, 0x63, 0x29, 0x40, 0x84, 0xbb, 0xc6, 0x82, 0x5e, 0x86, 0x4a, 0xd3,
+	0xd9, 0xb9, 0xda, 0xaa, 0x3b, 0xb1, 0xdc, 0x8e, 0xf6, 0xf6, 0x22, 0xb4, 0x63, 0xd7, 0x9b, 0xe6,
+	0x51, 0x2d, 0xd3, 0x8b, 0x7e, 0xbc, 0x12, 0x56, 0xe3, 0xd0, 0xf5, 0x1b, 0xdc, 0xc9, 0xb9, 0x2c,
+	0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0xbc, 0x95, 0x56, 0x52, 0x6a, 0x76, 0x42, 0x27, 0x26, 0x8d, 0x0e,
+	0x7a, 0x1f, 0x94, 0xe8, 0xbe, 0x51, 0xce, 0xca, 0xf5, 0x3c, 0x35, 0xa7, 0xf1, 0x26, 0xb4, 0x12,
+	0xa5, 0xff, 0x22, 0xcc, 0x99, 0xda, 0x5f, 0xa8, 0xa4, 0x8d, 0x05, 0x76, 0x36, 0x7f, 0x16, 0xa0,
+	0x11, 0xac, 0x91, 0x66, 0xcb, 0xa3, 0xd3, 0x62, 0xb1, 0x03, 0x1e, 0xe5, 0x2a, 0xb9, 0xa0, 0x20,
+	0xd8, 0xc0, 0x42, 0x3f, 0x6f, 0x01, 0x34, 0xe4, 0x9a, 0x97, 0x86, 0xc0, 0xd5, 0x3c, 0x1f, 0x47,
+	0x7f, 0x51, 0x7a, 0x2c, 0x8a, 0x21, 0x36, 0x98, 0xa3, 0x9f, 0xb1, 0xa0, 0x1c, 0xcb, 0xe1, 0x73,
+	0xd5, 0xb8, 0x96, 0xe7, 0x48, 0xe4, 0x43, 0x6b, 0x9b, 0x48, 0x4d, 0x89, 0xe2, 0x8b, 0x7e, 0xd6,
+	0x02, 0x88, 0x3a, 0x7e, 0x6d, 0x35, 0xf0, 0xdc, 0x5a, 0x47, 0x68, 0xcc, 0x6b, 0xb9, 0xba, 0x73,
+	0x14, 0xf5, 0xb9, 0x31, 0x3a, 0x1b, 0xfa, 0x3f, 0x36, 0x38, 0xa3, 0x0f, 0x40, 0x39, 0x12, 0xcb,
+	0x4d, 0xe8, 0xc8, 0xb5, 0x7c, 0x9d, 0x4a, 0x9c, 0xb6, 0x10, 0xaf, 0xe2, 0x1f, 0x56, 0x3c, 0xd1,
+	0x67, 0x2d, 0x18, 0x6f, 0x25, 0xdd, 0x84, 0x42, 0x1d, 0xe6, 0x27, 0x03, 0x52, 0x6e, 0x48, 0xee,
+	0x6d, 0x49, 0x35, 0xe2, 0xf4, 0x28, 0xa8, 0x04, 0xd4, 0x2b, 0x78, 0xa5, 0xc5, 0x5d, 0x96, 0x43,
+	0x5a, 0x02, 0x5e, 0x48, 0x03, 0x71, 0x37, 0x3e, 0x5a, 0x85, 0x13, 0x74, 0x74, 0x1d, 0x6e, 0x7e,
+	0x4a, 0xf5, 0x12, 0x31, 0x65, 0x58, 0x9e, 0x7b, 0x58, 0xac, 0x10, 0x76, 0xd6, 0x91, 0xc6, 0xc1,
+	0x99, 0x3d, 0xd1, 0x1f, 0x58, 0xf0, 0xb0, 0xcb, 0xd4, 0x80, 0xe9, 0xb0, 0xd7, 0x1a, 0x41, 0x1c,
+	0xb4, 0x93, 0x5c, 0x65, 0x45, 0x2f, 0xf5, 0x33, 0xf7, 0x56, 0xf1, 0x04, 0x0f, 0x2f, 0xee, 0x31,
+	0x24, 0xbc, 0xe7, 0x80, 0xd1, 0x0f, 0xc1, 0xa8, 0xfc, 0x2e, 0x56, 0xa9, 0x08, 0x66, 0x8a, 0xb6,
+	0x32, 0x37, 0x71, 0x6b, 0x77, 0x6a, 0x74, 0xcd, 0x04, 0xe0, 0x24, 0x9e, 0xfd, 0x2f, 0x8b, 0x89,
+	0x53, 0x22, 0xe5, 0xc3, 0x64, 0xe2, 0xa6, 0x26, 0xfd, 0x3f, 0x52, 0x7a, 0xe6, 0x2a, 0x6e, 0x94,
+	0x77, 0x49, 0x8b, 0x1b, 0xd5, 0x14, 0x61, 0x83, 0x39, 0x35, 0x4a, 0x27, 0x9c, 0xb4, 0xa7, 0x54,
+	0x48, 0xc0, 0x97, 0xf3, 0x1c, 0x52, 0xf7, 0x99, 0xde, 0x29, 0x31, 0xb4, 0x89, 0x2e, 0x10, 0xee,
+	0x1e, 0x12, 0x7a, 0x3f, 0x54, 0x42, 0x15, 0xd9, 0x52, 0xcc, 0x63, 0xab, 0x26, 0x97, 0x8d, 0x18,
+	0x8e, 0x3a, 0x00, 0xd2, 0x31, 0x2c, 0x9a, 0xa3, 0xfd, 0xb1, 0x42, 0xe2, 0x60, 0xcc, 0x90, 0x1d,
+	0x7d, 0x1c, 0xfa, 0x7d, 0xca, 0x82, 0xe1, 0x30, 0xf0, 0x3c, 0xd7, 0x6f, 0x50, 0x39, 0x27, 0x94,
+	0xf5, 0xbb, 0x8f, 0x44, 0x5f, 0x0a, 0x81, 0xc6, 0x2c, 0x6b, 0xac, 0x79, 0x62, 0x73, 0x00, 0xe8,
+	0x05, 0x18, 0xad, 0x13, 0x8f, 0xd0, 0xbe, 0x2b, 0x21, 0xdd, 0x13, 0x71, 0x27, 0xb3, 0x8a, 0x14,
+	0x59, 0x30, 0x81, 0x38, 0x89, 0x6b, 0x7f, 0xcb, 0x82, 0xc9, 0x5e, 0xc2, 0x1c, 0x11, 0x78, 0x48,
+	0x4a, 0x2a, 0x35, 0x8f, 0x2b, 0xbe, 0xa4, 0x27, 0xf4, 0xf1, 0x63, 0x82, 0xcf, 0x43, 0xab, 0xbd,
+	0x51, 0xf1, 0x5e, 0x74, 0xd0, 0x4b, 0x70, 0xcc, 0x98, 0x94, 0x48, 0xcd, 0x6a, 0x65, 0x6e, 0x9a,
+	0x5a, 0x4f, 0xb3, 0x29, 0xd8, 0xed, 0xdd, 0xa9, 0x07, 0xd2, 0x6d, 0x42, 0xdb, 0x74, 0xd1, 0xb1,
+	0x7f, 0xa5, 0xeb, 0x55, 0x2b, 0x43, 0xe1, 0x0d, 0xab, 0xcb, 0x15, 0xf1, 0x13, 0x47, 0xa1, 0x9c,
+	0x99, 0xd3, 0x42, 0xc5, 0x70, 0xf4, 0xc6, 0xb9, 0x87, 0x67, 0xfe, 0xf6, 0xbf, 0x1e, 0x80, 0x3d,
+	0x46, 0xd6, 0x87, 0xe5, 0x7f, 0xe0, 0x43, 0xd8, 0x4f, 0x58, 0xea, 0xb4, 0x8d, 0x0b, 0x80, 0xfa,
+	0x51, 0xcd, 0x3d, 0xdf, 0x7c, 0x45, 0x3c, 0xee, 0x44, 0xb9, 0xe0, 0x93, 0xe7, 0x7a, 0xe8, 0x8b,
+	0x56, 0xf2, 0xbc, 0x90, 0x47, 0x44, 0xba, 0x47, 0x36, 0x26, 0xe3, 0x10, 0x92, 0x0f, 0x4c, 0x1f,
+	0x5d, 0xf5, 0x3a, 0x9e, 0x9c, 0x06, 0xd8, 0x70, 0x7d, 0xc7, 0x73, 0x5f, 0xa3, 0x5b, 0xab, 0x12,
+	0xb3, 0x0e, 0x98, 0xb9, 0x75, 0x5e, 0xb5, 0x62, 0x03, 0xe3, 0xf4, 0xff, 0x0f, 0xc3, 0xc6, 0x93,
+	0x67, 0x84, 0xcb, 0x9c, 0x30, 0xc3, 0x65, 0x2a, 0x46, 0x94, 0xcb, 0xe9, 0x77, 0xc2, 0xb1, 0xf4,
+	0x00, 0x0f, 0xd2, 0xdf, 0xfe, 0x5f, 0x43, 0xe9, 0x03, 0xbc, 0x35, 0x12, 0x36, 0xe9, 0xd0, 0xde,
+	0xf4, 0x8a, 0xbd, 0xe9, 0x15, 0x7b, 0xd3, 0x2b, 0x66, 0x1e, 0x6c, 0x08, 0x8f, 0xcf, 0xd0, 0x5d,
+	0xf2, 0xf8, 0x24, 0x7c, 0x58, 0xe5, 0xdc, 0x7d, 0x58, 0xf6, 0x47, 0xbb, 0xdc, 0xfe, 0x6b, 0x21,
+	0x21, 0x28, 0x80, 0x92, 0x1f, 0xd4, 0x89, 0x34, 0x90, 0x2f, 0xe5, 0x63, 0xed, 0x5d, 0x09, 0xea,
+	0x46, 0xac, 0x39, 0xfd, 0x17, 0x61, 0xce, 0xc7, 0xfe, 0xc8, 0x20, 0x24, 0x6c, 0x51, 0xfe, 0xde,
+	0x7f, 0x00, 0x86, 0x42, 0xd2, 0x0a, 0xae, 0xe2, 0x25, 0xa1, 0xcb, 0x74, 0xaa, 0x0e, 0x6f, 0xc6,
+	0x12, 0x4e, 0x75, 0x5e, 0xcb, 0x89, 0x37, 0x85, 0x32, 0x53, 0x3a, 0x6f, 0xd5, 0x89, 0x37, 0x31,
+	0x83, 0xa0, 0x77, 0xc2, 0x58, 0x9c, 0x38, 0x47, 0x17, 0xe7, 0xc5, 0x0f, 0x08, 0xdc, 0xb1, 0xe4,
+	0x29, 0x3b, 0x4e, 0x61, 0xa3, 0x57, 0x61, 0x60, 0x93, 0x78, 0x4d, 0xf1, 0xea, 0xab, 0xf9, 0xe9,
+	0x1a, 0xf6, 0xac, 0x17, 0x89, 0xd7, 0xe4, 0x92, 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x5d, 0xf7, 0x95,
+	0xad, 0x76, 0x14, 0x07, 0x4d, 0xf7, 0x35, 0xe9, 0x26, 0xfd, 0x89, 0x9c, 0x19, 0x5f, 0x96, 0xf4,
+	0xb9, 0x3f, 0x4a, 0xfd, 0xc5, 0x9a, 0x33, 0x1b, 0x47, 0xdd, 0x0d, 0xd9, 0x92, 0xe9, 0x08, 0x6f,
+	0x67, 0xde, 0xe3, 0x58, 0x90, 0xf4, 0xf9, 0x38, 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x8e, 0xfa, 0xfe,
+	0x86, 0xd9, 0x18, 0xae, 0xe6, 0x3c, 0x06, 0xfe, 0xed, 0x65, 0x7e, 0x87, 0x8f, 0x41, 0xa9, 0xb6,
+	0xe9, 0x84, 0xf1, 0xe4, 0x08, 0x5b, 0x34, 0x6a, 0x15, 0xcf, 0xd3, 0x46, 0xcc, 0x61, 0xe8, 0x11,
+	0x28, 0x86, 0x64, 0x83, 0x85, 0x36, 0x1b, 0x41, 0x55, 0x98, 0x6c, 0x60, 0xda, 0xae, 0xec, 0xb2,
+	0xb1, 0x9e, 0xd1, 0x76, 0xbf, 0x54, 0x48, 0x1a, 0x76, 0xc9, 0x99, 0xe1, 0xdf, 0x43, 0xad, 0x1d,
+	0x46, 0xd2, 0xbb, 0x66, 0x7c, 0x0f, 0xac, 0x19, 0x4b, 0x38, 0xfa, 0x90, 0x05, 0x43, 0x37, 0xa2,
+	0xc0, 0xf7, 0x49, 0x2c, 0x94, 0xe8, 0xb5, 0x9c, 0x27, 0xeb, 0x12, 0xa7, 0xae, 0xc7, 0x20, 0x1a,
+	0xb0, 0xe4, 0x4b, 0x87, 0x4b, 0x76, 0x6a, 0x5e, 0xbb, 0xde, 0x15, 0x49, 0x73, 0x8e, 0x37, 0x63,
+	0x09, 0xa7, 0xa8, 0xae, 0xcf, 0x51, 0x07, 0x92, 0xa8, 0x8b, 0xbe, 0x40, 0x15, 0x70, 0xfb, 0xd7,
+	0xca, 0x70, 0x32, 0xf3, 0xf3, 0xa1, 0x26, 0x17, 0x33, 0x6a, 0xce, 0xbb, 0x1e, 0x91, 0x31, 0x64,
+	0xcc, 0xe4, 0xba, 0xa6, 0x5a, 0xb1, 0x81, 0x81, 0x7e, 0x1a, 0xa0, 0xe5, 0x84, 0x4e, 0x93, 0x28,
+	0xef, 0xf7, 0xa1, 0x2d, 0x1b, 0x3a, 0x8e, 0x55, 0x49, 0x53, 0x7b, 0x00, 0x54, 0x53, 0x84, 0x0d,
+	0x96, 0xe8, 0x39, 0x18, 0x0e, 0x89, 0x47, 0x9c, 0x88, 0xc5, 0xce, 0xa7, 0x13, 0x81, 0xb0, 0x06,
+	0x61, 0x13, 0x0f, 0x3d, 0xae, 0xc2, 0xed, 0x52, 0x61, 0x47, 0xc9, 0x90, 0x3b, 0xf4, 0x69, 0x0b,
+	0xc6, 0x36, 0x5c, 0x8f, 0x68, 0xee, 0x22, 0x6d, 0x67, 0xe5, 0xf0, 0x0f, 0x79, 0xde, 0xa4, 0xab,
+	0x65, 0x68, 0xa2, 0x39, 0xc2, 0x29, 0xf6, 0xf4, 0x35, 0x6f, 0x93, 0x90, 0x09, 0xdf, 0xc1, 0xe4,
+	0x6b, 0xbe, 0xc6, 0x9b, 0xb1, 0x84, 0xa3, 0x59, 0x18, 0x6f, 0x39, 0x51, 0x34, 0x1f, 0x92, 0x3a,
+	0xf1, 0x63, 0xd7, 0xf1, 0x78, 0x52, 0x4d, 0x59, 0xc7, 0xa2, 0xaf, 0x26, 0xc1, 0x38, 0x8d, 0x8f,
+	0xde, 0x05, 0x0f, 0x72, 0xf7, 0xd2, 0xb2, 0x1b, 0x45, 0xae, 0xdf, 0xd0, 0xcb, 0x40, 0x78, 0xd9,
+	0xa6, 0x04, 0xa9, 0x07, 0x17, 0xb3, 0xd1, 0x70, 0xaf, 0xfe, 0xe8, 0x49, 0x28, 0x47, 0x5b, 0x6e,
+	0x6b, 0x3e, 0xac, 0x47, 0xec, 0x68, 0xa9, 0xac, 0x7d, 0xba, 0x55, 0xd1, 0x8e, 0x15, 0x06, 0xaa,
+	0xc1, 0x08, 0x7f, 0x25, 0x3c, 0x5e, 0x50, 0x48, 0xd0, 0xa7, 0x7a, 0x2a, 0x72, 0x91, 0x3f, 0x3b,
+	0x8d, 0x9d, 0x9b, 0xe7, 0xe4, 0x41, 0x17, 0x3f, 0x97, 0xb9, 0x66, 0x90, 0xc1, 0x09, 0xa2, 0xc9,
+	0x3d, 0xdd, 0x70, 0x1f, 0x7b, 0xba, 0xe7, 0x60, 0x78, 0xab, 0xbd, 0x4e, 0xc4, 0xcc, 0x0b, 0xc1,
+	0xa6, 0x56, 0xdf, 0x65, 0x0d, 0xc2, 0x26, 0x1e, 0x0b, 0xd5, 0x6c, 0xb9, 0xe2, 0x5f, 0x34, 0x39,
+	0x6a, 0x84, 0x6a, 0xae, 0x2e, 0xca, 0x66, 0x6c, 0xe2, 0xd0, 0xa1, 0xd1, 0xb9, 0x58, 0x23, 0x11,
+	0xcb, 0xc4, 0xa0, 0xd3, 0xa5, 0x86, 0x56, 0x95, 0x00, 0xac, 0x71, 0xd0, 0x2a, 0x9c, 0xa0, 0x7f,
+	0xaa, 0x2c, 0x7f, 0xf8, 0x9a, 0xe3, 0xb9, 0x75, 0x1e, 0x37, 0x38, 0x9e, 0x74, 0x8e, 0x56, 0x33,
+	0x70, 0x70, 0x66, 0x4f, 0xfb, 0x73, 0x85, 0xa4, 0xe7, 0xc4, 0x14, 0x61, 0x28, 0xa2, 0x82, 0x2a,
+	0xbe, 0xe6, 0x84, 0xd2, 0xe0, 0x39, 0x64, 0x66, 0x94, 0xa0, 0x7b, 0xcd, 0x09, 0x4d, 0x91, 0xc7,
+	0x18, 0x60, 0xc9, 0x09, 0xdd, 0x80, 0x81, 0xd8, 0x73, 0x72, 0x4a, 0xa5, 0x34, 0x38, 0x6a, 0x2f,
+	0xd8, 0xd2, 0x6c, 0x84, 0x19, 0x0f, 0xf4, 0x30, 0xdd, 0xbd, 0xad, 0xcb, 0x63, 0x3a, 0xb1, 0xe1,
+	0x5a, 0x8f, 0x30, 0x6b, 0xb5, 0xff, 0xe6, 0x68, 0x86, 0xd6, 0x51, 0x86, 0x00, 0x3a, 0x0b, 0x40,
+	0x17, 0xcd, 0x6a, 0x48, 0x36, 0xdc, 0x1d, 0x61, 0x88, 0x29, 0xc9, 0x76, 0x45, 0x41, 0xb0, 0x81,
+	0x25, 0xfb, 0x54, 0xdb, 0x1b, 0xb4, 0x4f, 0xa1, 0xbb, 0x0f, 0x87, 0x60, 0x03, 0x0b, 0x3d, 0x0b,
+	0x83, 0x6e, 0xd3, 0x69, 0xa8, 0x28, 0xe2, 0x87, 0xa9, 0x48, 0x5b, 0x64, 0x2d, 0xb7, 0x77, 0xa7,
+	0xc6, 0xd4, 0x80, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0x57, 0x2c, 0x18, 0xa9, 0x05, 0xcd, 0x66, 0xe0,
+	0xf3, 0xed, 0xb3, 0xf0, 0x05, 0xdc, 0x38, 0x2a, 0x33, 0x69, 0x7a, 0xde, 0x60, 0xc6, 0x9d, 0x01,
+	0x2a, 0xe7, 0xd3, 0x04, 0xe1, 0xc4, 0xa8, 0x4c, 0xc9, 0x57, 0xda, 0x47, 0xf2, 0xfd, 0xba, 0x05,
+	0x13, 0xbc, 0xaf, 0xb1, 0xab, 0x17, 0xe9, 0x8d, 0xc1, 0x11, 0x3f, 0x56, 0x97, 0xa3, 0x43, 0x79,
+	0x8a, 0xbb, 0xe0, 0xb8, 0x7b, 0x90, 0xe8, 0x02, 0x4c, 0x6c, 0x04, 0x61, 0x8d, 0x98, 0x13, 0x21,
+	0xc4, 0xb6, 0x22, 0x74, 0x3e, 0x8d, 0x80, 0xbb, 0xfb, 0xa0, 0x6b, 0xf0, 0x80, 0xd1, 0x68, 0xce,
+	0x03, 0x97, 0xdc, 0x8f, 0x0a, 0x6a, 0x0f, 0x9c, 0xcf, 0xc4, 0xc2, 0x3d, 0x7a, 0x27, 0x85, 0x64,
+	0xa5, 0x0f, 0x21, 0xf9, 0x0a, 0x9c, 0xaa, 0x75, 0xcf, 0xcc, 0x76, 0xd4, 0x5e, 0x8f, 0xb8, 0x1c,
+	0x2f, 0xcf, 0x7d, 0x9f, 0x20, 0x70, 0x6a, 0xbe, 0x17, 0x22, 0xee, 0x4d, 0x03, 0xbd, 0x0f, 0xca,
+	0x21, 0x61, 0x6f, 0x25, 0x12, 0xb9, 0x7e, 0x87, 0xf4, 0x76, 0x68, 0x0b, 0x9e, 0x93, 0xd5, 0x9a,
+	0x49, 0x34, 0x44, 0x58, 0x71, 0x44, 0x37, 0x61, 0xa8, 0xe5, 0xc4, 0xb5, 0x4d, 0x91, 0xe1, 0x77,
+	0x68, 0xc7, 0xbe, 0x62, 0xce, 0xce, 0x61, 0x8c, 0x7a, 0x09, 0x9c, 0x09, 0x96, 0xdc, 0xa8, 0xad,
+	0x56, 0x0b, 0x9a, 0xad, 0xc0, 0x27, 0x7e, 0x2c, 0x95, 0xc8, 0x18, 0x3f, 0x2c, 0x91, 0xad, 0xd8,
+	0xc0, 0xe8, 0xd2, 0xe5, 0x1a, 0x6d, 0x72, 0x62, 0x0f, 0x5d, 0x6e, 0x50, 0xeb, 0xd5, 0x9f, 0x2a,
+	0x1b, 0xe6, 0x56, 0xbc, 0xee, 0xc6, 0x9b, 0x41, 0x3b, 0x96, 0xbb, 0x64, 0xa1, 0xa8, 0x94, 0xb2,
+	0x59, 0xca, 0xc0, 0xc1, 0x99, 0x3d, 0xd3, 0x9a, 0x75, 0xfc, 0xce, 0x34, 0xeb, 0xb1, 0x3e, 0x34,
+	0x6b, 0x15, 0x4e, 0xb2, 0x11, 0x08, 0x2b, 0x59, 0x3a, 0x2d, 0xa3, 0x49, 0xc4, 0x06, 0xaf, 0x92,
+	0x63, 0x96, 0xb2, 0x90, 0x70, 0x76, 0xdf, 0xd3, 0x3f, 0x06, 0x13, 0x5d, 0x42, 0xee, 0x40, 0x0e,
+	0xc9, 0x05, 0x78, 0x20, 0x5b, 0x9c, 0x1c, 0xc8, 0x2d, 0xf9, 0x6b, 0xa9, 0xa0, 0x76, 0x63, 0x8b,
+	0xd6, 0x87, 0x8b, 0xdb, 0x81, 0x22, 0xf1, 0xb7, 0x85, 0x76, 0x3d, 0x7f, 0xb8, 0x55, 0x7d, 0xce,
+	0xdf, 0xe6, 0xd2, 0x90, 0xf9, 0xf1, 0xce, 0xf9, 0xdb, 0x98, 0xd2, 0x46, 0xbf, 0x68, 0x25, 0x36,
+	0x10, 0xdc, 0x31, 0xfe, 0x9e, 0x23, 0xd9, 0x93, 0xf6, 0xbd, 0xa7, 0xb0, 0xff, 0x4d, 0x01, 0xce,
+	0xec, 0x47, 0xa4, 0x8f, 0xe9, 0x7b, 0x0c, 0x06, 0x23, 0x16, 0xa6, 0x22, 0xd4, 0xd5, 0x30, 0xfd,
+	0x8a, 0x79, 0xe0, 0xca, 0x2b, 0x58, 0x80, 0x90, 0x07, 0xc5, 0xa6, 0xd3, 0x12, 0xfe, 0xd2, 0xc5,
+	0xc3, 0x26, 0xff, 0xd1, 0xff, 0x8e, 0xb7, 0xec, 0xb4, 0xf8, 0x9a, 0x37, 0x1a, 0x30, 0x65, 0x83,
+	0x62, 0x28, 0x39, 0x61, 0xe8, 0xc8, 0x98, 0x88, 0xcb, 0xf9, 0xf0, 0x9b, 0xa5, 0x24, 0xf9, 0x91,
+	0x72, 0xa2, 0x09, 0x73, 0x66, 0xf6, 0x67, 0xcb, 0x89, 0x4c, 0x31, 0x16, 0xe8, 0x12, 0xc1, 0xa0,
+	0x70, 0x93, 0x5a, 0x79, 0xe7, 0x5c, 0xf2, 0x54, 0x6c, 0xe6, 0x81, 0x10, 0x05, 0x2d, 0x04, 0x2b,
+	0xf4, 0x71, 0x8b, 0x95, 0x8d, 0x90, 0xe9, 0x77, 0x62, 0x57, 0x7f, 0x34, 0x55, 0x2c, 0xcc, 0x62,
+	0x14, 0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x69, 0x1c, 0xb6, 0x9b, 0xe9, 0x2e, 0x8d, 0xc3, 0x76, 0x27,
+	0x12, 0x8e, 0x76, 0x32, 0x02, 0x5a, 0x72, 0x28, 0x3d, 0xd0, 0x47, 0x08, 0xcb, 0x17, 0x2d, 0x98,
+	0x70, 0xd3, 0x91, 0x09, 0x62, 0x0f, 0x7c, 0x3d, 0x1f, 0x9f, 0x66, 0x77, 0xe0, 0x83, 0x32, 0x74,
+	0xba, 0x40, 0xb8, 0x7b, 0x30, 0xa8, 0x0e, 0x03, 0xae, 0xbf, 0x11, 0x08, 0xf3, 0x6e, 0xee, 0x70,
+	0x83, 0x5a, 0xf4, 0x37, 0x02, 0xfd, 0x35, 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x4b, 0x70, 0x42, 0x26,
+	0x0b, 0x5d, 0x74, 0xa3, 0x38, 0x08, 0x3b, 0x4b, 0x6e, 0xd3, 0x8d, 0x99, 0x69, 0x56, 0x9c, 0x9b,
+	0xa4, 0xea, 0x0d, 0x67, 0xc0, 0x71, 0x66, 0x2f, 0xf4, 0x1a, 0x0c, 0xc9, 0x68, 0x80, 0x72, 0x1e,
+	0xfe, 0x84, 0xee, 0xf5, 0xaf, 0x16, 0x53, 0x55, 0x84, 0x03, 0x48, 0x86, 0xe8, 0x63, 0x16, 0x8c,
+	0xf1, 0xdf, 0x17, 0x3b, 0x75, 0x9e, 0x9f, 0x58, 0xc9, 0x23, 0xe4, 0xbf, 0x9a, 0xa0, 0x39, 0x87,
+	0x6e, 0xed, 0x4e, 0x8d, 0x25, 0xdb, 0x70, 0x8a, 0xaf, 0xfd, 0x8f, 0x46, 0xa0, 0x3b, 0x7e, 0x22,
+	0x19, 0x2c, 0x61, 0xdd, 0xed, 0x60, 0x09, 0xba, 0xab, 0x8c, 0x74, 0x9c, 0x43, 0x0e, 0x9f, 0x99,
+	0xe0, 0xaa, 0x8f, 0xa1, 0x3b, 0x7e, 0x0d, 0x33, 0x1e, 0xa8, 0x0d, 0x83, 0xbc, 0x32, 0x95, 0xd0,
+	0x00, 0x87, 0x3f, 0xf9, 0x36, 0x2b, 0x5c, 0x69, 0xb7, 0x16, 0x6f, 0xc5, 0x82, 0x19, 0xda, 0x81,
+	0xa1, 0x4d, 0xbe, 0x1c, 0xc5, 0x5e, 0x6f, 0xf9, 0xb0, 0xf3, 0x9b, 0x58, 0xe3, 0x7a, 0xf1, 0x89,
+	0x06, 0x2c, 0xd9, 0xb1, 0xd8, 0x3c, 0x23, 0x7a, 0x88, 0x0b, 0x92, 0xfc, 0x52, 0x2d, 0xfb, 0x0f,
+	0x1d, 0x7a, 0x2f, 0x8c, 0x84, 0xa4, 0x16, 0xf8, 0x35, 0xd7, 0x23, 0xf5, 0x59, 0x79, 0x20, 0x76,
+	0x90, 0x0c, 0x3b, 0xe6, 0x4d, 0xc2, 0x06, 0x0d, 0x9c, 0xa0, 0xc8, 0xbe, 0x33, 0x95, 0x75, 0x4f,
+	0x5f, 0x08, 0x11, 0x07, 0x1f, 0x4b, 0x39, 0xe5, 0xf8, 0x33, 0x9a, 0xfc, 0x3b, 0x4b, 0xb6, 0xe1,
+	0x14, 0x5f, 0xf4, 0x12, 0x40, 0xb0, 0xce, 0x03, 0xf0, 0x66, 0x63, 0x71, 0x0a, 0x72, 0x90, 0x47,
+	0x1d, 0xe3, 0x99, 0xba, 0x92, 0x02, 0x36, 0xa8, 0xa1, 0xcb, 0x00, 0xfc, 0xcb, 0x59, 0xeb, 0xb4,
+	0xe4, 0x86, 0x50, 0xa6, 0x48, 0x42, 0x55, 0x41, 0x6e, 0xef, 0x4e, 0x75, 0xfb, 0x9c, 0x59, 0x94,
+	0x91, 0xd1, 0x1d, 0xfd, 0x14, 0x0c, 0x45, 0xed, 0x66, 0xd3, 0x51, 0x67, 0x24, 0x39, 0xe6, 0xfe,
+	0x72, 0xba, 0x86, 0x60, 0xe4, 0x0d, 0x58, 0x72, 0x44, 0x37, 0xa8, 0x88, 0x17, 0x12, 0x8a, 0x7f,
+	0x45, 0xdc, 0x42, 0xe1, 0x9e, 0xc0, 0x77, 0xc8, 0x5d, 0x0c, 0xce, 0xc0, 0xb9, 0xbd, 0x3b, 0xf5,
+	0x40, 0xb2, 0x7d, 0x29, 0x10, 0xd9, 0xb8, 0x99, 0x34, 0xd1, 0x25, 0x59, 0x84, 0x8b, 0x3e, 0xb6,
+	0xac, 0x0d, 0xf3, 0x84, 0x2e, 0xc2, 0xc5, 0x9a, 0x7b, 0xcf, 0x99, 0xd9, 0x19, 0x2d, 0xc3, 0xf1,
+	0x5a, 0xe0, 0xc7, 0x61, 0xe0, 0x79, 0xbc, 0x40, 0x1f, 0xdf, 0x9b, 0xf3, 0x33, 0x94, 0x87, 0xc4,
+	0xb0, 0x8f, 0xcf, 0x77, 0xa3, 0xe0, 0xac, 0x7e, 0xd4, 0x26, 0x4f, 0xeb, 0x87, 0xb1, 0x5c, 0x8e,
+	0xd7, 0x13, 0x34, 0x85, 0x84, 0x52, 0x6e, 0xef, 0x7d, 0x34, 0x85, 0x9f, 0x3c, 0x64, 0x15, 0x6f,
+	0xec, 0x59, 0x18, 0x21, 0x3b, 0x31, 0x09, 0x7d, 0xc7, 0xbb, 0x8a, 0x97, 0xe4, 0x81, 0x05, 0xfb,
+	0x30, 0xcf, 0x19, 0xed, 0x38, 0x81, 0x85, 0x6c, 0xe5, 0x25, 0x33, 0xd2, 0xde, 0xb9, 0x97, 0x4c,
+	0xfa, 0xc4, 0xec, 0x2f, 0x17, 0x13, 0x36, 0xeb, 0x3d, 0x39, 0xd2, 0x65, 0xf5, 0x95, 0x64, 0x21,
+	0x2a, 0x06, 0x10, 0x7b, 0xb1, 0x3c, 0x39, 0xab, 0xa8, 0xb9, 0x15, 0x93, 0x11, 0x4e, 0xf2, 0x45,
+	0x5b, 0x50, 0xda, 0x0c, 0xa2, 0x58, 0xee, 0xd0, 0x0e, 0xb9, 0x19, 0xbc, 0x18, 0x44, 0x31, 0x33,
+	0xb4, 0xd4, 0x63, 0xd3, 0x96, 0x08, 0x73, 0x1e, 0x74, 0xef, 0x1f, 0x6d, 0x3a, 0x61, 0x3d, 0x9a,
+	0x67, 0x45, 0x2a, 0x06, 0x98, 0x85, 0xa5, 0xec, 0xe9, 0xaa, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x33,
+	0x2b, 0x71, 0xaa, 0x75, 0x9d, 0x65, 0x1c, 0x6c, 0x13, 0x9f, 0x8a, 0x28, 0x33, 0xc6, 0xf1, 0x87,
+	0x52, 0xf9, 0xdb, 0x6f, 0xeb, 0x55, 0x4b, 0xf3, 0x26, 0xa5, 0x30, 0xcd, 0x48, 0x18, 0xe1, 0x90,
+	0x1f, 0xb4, 0x92, 0x89, 0xf8, 0x85, 0x3c, 0xb6, 0x6e, 0x66, 0x31, 0x8a, 0x7d, 0x73, 0xfa, 0xed,
+	0x5f, 0xb4, 0x60, 0x68, 0xce, 0xa9, 0x6d, 0x05, 0x1b, 0x1b, 0xe8, 0x49, 0x28, 0xd7, 0xdb, 0xa1,
+	0x59, 0x13, 0x40, 0x39, 0xab, 0x16, 0x44, 0x3b, 0x56, 0x18, 0x74, 0xe9, 0x6f, 0x38, 0x35, 0x59,
+	0x92, 0xa2, 0xc8, 0x97, 0xfe, 0x79, 0xd6, 0x82, 0x05, 0x84, 0x4e, 0x7f, 0xd3, 0xd9, 0x91, 0x9d,
+	0xd3, 0x47, 0x6a, 0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xf7, 0x2c, 0x98, 0x9c, 0x73, 0x22, 0xb7,
+	0x36, 0xdb, 0x8e, 0x37, 0xe7, 0xdc, 0x78, 0xbd, 0x5d, 0xdb, 0x22, 0x31, 0x2f, 0x5d, 0x42, 0x47,
+	0xd9, 0x8e, 0xe8, 0x17, 0xa8, 0x76, 0xcc, 0x6a, 0x94, 0x57, 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x35,
+	0x18, 0x6e, 0x39, 0x51, 0x74, 0x33, 0x08, 0xeb, 0x98, 0x6c, 0xe4, 0x53, 0xdc, 0xa8, 0x4a, 0x6a,
+	0x21, 0x89, 0x31, 0xd9, 0x10, 0x01, 0x2a, 0x9a, 0x3e, 0x36, 0x99, 0xd9, 0x3f, 0x6f, 0xc1, 0x89,
+	0x39, 0xe2, 0x84, 0x24, 0x64, 0xb5, 0x90, 0xd4, 0x83, 0xa0, 0x57, 0xa1, 0x1c, 0xd3, 0x16, 0x3a,
+	0x22, 0x2b, 0xdf, 0x11, 0xb1, 0xd0, 0x92, 0x35, 0x41, 0x1c, 0x2b, 0x36, 0xf6, 0xa7, 0x2c, 0x38,
+	0x95, 0x35, 0x96, 0x79, 0x2f, 0x68, 0xd7, 0xef, 0xc5, 0x80, 0xfe, 0xb6, 0x05, 0x23, 0xec, 0xb8,
+	0x7e, 0x81, 0xc4, 0x8e, 0xeb, 0x75, 0xd5, 0x61, 0xb4, 0xfa, 0xac, 0xc3, 0x78, 0x06, 0x06, 0x36,
+	0x83, 0x26, 0x49, 0x87, 0x9a, 0x5c, 0x0c, 0x9a, 0x04, 0x33, 0x08, 0x7a, 0x9a, 0x2e, 0x42, 0xd7,
+	0x8f, 0x1d, 0xfa, 0x39, 0xca, 0xe3, 0x8c, 0x71, 0xbe, 0x00, 0x55, 0x33, 0x36, 0x71, 0xec, 0xdf,
+	0xae, 0xc0, 0x90, 0x88, 0x8b, 0xea, 0xbb, 0x94, 0x8e, 0xf4, 0xe2, 0x14, 0x7a, 0x7a, 0x71, 0x22,
+	0x18, 0xac, 0xb1, 0x62, 0xb9, 0xc2, 0x42, 0xbf, 0x9c, 0x4b, 0x20, 0x1d, 0xaf, 0xbf, 0xab, 0x87,
+	0xc5, 0xff, 0x63, 0xc1, 0x0a, 0xbd, 0x6e, 0xc1, 0x78, 0x2d, 0xf0, 0x7d, 0x52, 0xd3, 0xb6, 0xe3,
+	0x40, 0x1e, 0x1b, 0x84, 0xf9, 0x24, 0x51, 0x7d, 0x12, 0x9c, 0x02, 0xe0, 0x34, 0x7b, 0xf4, 0x02,
+	0x8c, 0xf2, 0x39, 0xbb, 0x96, 0x38, 0x83, 0xd1, 0xe5, 0xf9, 0x4c, 0x20, 0x4e, 0xe2, 0xa2, 0x69,
+	0x7e, 0x96, 0x25, 0x0a, 0xe1, 0x0d, 0x6a, 0x57, 0xb5, 0x51, 0x02, 0xcf, 0xc0, 0x40, 0x21, 0xa0,
+	0x90, 0x6c, 0x84, 0x24, 0xda, 0x14, 0x71, 0x63, 0xcc, 0x6e, 0x1d, 0xba, 0xb3, 0x22, 0x18, 0xb8,
+	0x8b, 0x12, 0xce, 0xa0, 0x8e, 0xb6, 0x84, 0x1b, 0xa1, 0x9c, 0x87, 0x3c, 0x17, 0xaf, 0xb9, 0xa7,
+	0x37, 0x61, 0x0a, 0x4a, 0x4c, 0x75, 0x31, 0x7b, 0xb9, 0xc8, 0x13, 0x2f, 0x99, 0x62, 0xc3, 0xbc,
+	0x1d, 0x2d, 0xc0, 0xb1, 0x54, 0x71, 0xc1, 0x48, 0x9c, 0x95, 0xa8, 0x24, 0xbb, 0x54, 0x59, 0xc2,
+	0x08, 0x77, 0xf5, 0x30, 0x5d, 0x4c, 0xc3, 0xfb, 0xb8, 0x98, 0x3a, 0x2a, 0x3a, 0x99, 0x9f, 0x62,
+	0xbc, 0x98, 0xcb, 0x04, 0xf4, 0x15, 0x8a, 0xfc, 0xc9, 0x54, 0x28, 0xf2, 0x28, 0x1b, 0xc0, 0xb5,
+	0x7c, 0x06, 0x70, 0xf0, 0xb8, 0xe3, 0x7b, 0x19, 0x47, 0xfc, 0x3f, 0x2d, 0x90, 0xef, 0x75, 0xde,
+	0xa9, 0x6d, 0x12, 0xba, 0x64, 0xd0, 0x3b, 0x61, 0x4c, 0x79, 0x27, 0xb8, 0x49, 0x64, 0xb1, 0x55,
+	0xa3, 0x6c, 0x67, 0x9c, 0x80, 0xe2, 0x14, 0x36, 0x9a, 0x81, 0x0a, 0x9d, 0x27, 0xde, 0x95, 0xeb,
+	0x7d, 0xe5, 0x01, 0x99, 0x5d, 0x5d, 0x14, 0xbd, 0x34, 0x0e, 0x0a, 0x60, 0xc2, 0x73, 0xa2, 0x98,
+	0x8d, 0xa0, 0xda, 0xf1, 0x6b, 0x77, 0x58, 0x82, 0x86, 0x65, 0x72, 0x2d, 0xa5, 0x09, 0xe1, 0x6e,
+	0xda, 0xf6, 0xbf, 0x2b, 0xc1, 0x68, 0x42, 0x32, 0x1e, 0xd0, 0x60, 0x78, 0x12, 0xca, 0x52, 0x87,
+	0xa7, 0x6b, 0x6d, 0x29, 0x45, 0xaf, 0x30, 0xa8, 0xd2, 0x5a, 0xd7, 0x5a, 0x35, 0x6d, 0xe0, 0x18,
+	0x0a, 0x17, 0x9b, 0x78, 0x4c, 0x28, 0xc7, 0x5e, 0x34, 0xef, 0xb9, 0xc4, 0x8f, 0xf9, 0x30, 0xf3,
+	0x11, 0xca, 0x6b, 0x4b, 0x55, 0x93, 0xa8, 0x16, 0xca, 0x29, 0x00, 0x4e, 0xb3, 0x47, 0x1f, 0xb1,
+	0x60, 0xd4, 0xb9, 0x19, 0xe9, 0x8a, 0xee, 0x22, 0xe8, 0xf8, 0x90, 0x4a, 0x2a, 0x51, 0x24, 0x9e,
+	0x3b, 0xf6, 0x13, 0x4d, 0x38, 0xc9, 0x14, 0xbd, 0x61, 0x01, 0x22, 0x3b, 0xa4, 0x26, 0xc3, 0xa2,
+	0xc5, 0x58, 0x06, 0xf3, 0xd8, 0xc1, 0x9f, 0xeb, 0xa2, 0xcb, 0xa5, 0x7a, 0x77, 0x3b, 0xce, 0x18,
+	0x03, 0xba, 0x04, 0xa8, 0xee, 0x46, 0xce, 0xba, 0x47, 0xe6, 0x83, 0xa6, 0xcc, 0x3e, 0x16, 0xe7,
+	0xe9, 0xa7, 0xc5, 0x3c, 0xa3, 0x85, 0x2e, 0x0c, 0x9c, 0xd1, 0x8b, 0xad, 0xb2, 0x30, 0xd8, 0xe9,
+	0x5c, 0x0d, 0x3d, 0xa6, 0x25, 0xcc, 0x55, 0x26, 0xda, 0xb1, 0xc2, 0xb0, 0xff, 0xbc, 0xa8, 0x3e,
+	0x65, 0x9d, 0x03, 0xe0, 0x18, 0xb1, 0xc8, 0xd6, 0x9d, 0xc7, 0x22, 0xeb, 0x48, 0xa9, 0xee, 0x9c,
+	0xfa, 0x44, 0x0a, 0x6e, 0xe1, 0x1e, 0xa5, 0xe0, 0xfe, 0x8c, 0x95, 0xa8, 0x67, 0x37, 0x7c, 0xf6,
+	0xa5, 0x7c, 0xf3, 0x0f, 0xa6, 0x79, 0x14, 0x57, 0x4a, 0xaf, 0xa4, 0x82, 0xf7, 0x9e, 0x84, 0xf2,
+	0x86, 0xe7, 0xb0, 0x2a, 0x2c, 0xec, 0x43, 0x35, 0x22, 0xcc, 0xce, 0x8b, 0x76, 0xac, 0x30, 0xa8,
+	0xd4, 0x37, 0x88, 0x1e, 0x48, 0x6a, 0xff, 0xc7, 0x22, 0x0c, 0x1b, 0x1a, 0x3f, 0xd3, 0x7c, 0xb3,
+	0xee, 0x33, 0xf3, 0xad, 0x70, 0x00, 0xf3, 0xed, 0xa7, 0xa1, 0x52, 0x93, 0xda, 0x28, 0x9f, 0xfa,
+	0xfc, 0x69, 0x1d, 0xa7, 0x15, 0x92, 0x6a, 0xc2, 0x9a, 0x27, 0xba, 0x90, 0x48, 0xf3, 0x4c, 0xf8,
+	0x05, 0xb2, 0xf2, 0x30, 0x85, 0x46, 0xeb, 0xee, 0x93, 0x8e, 0x0f, 0x28, 0xed, 0x1f, 0x1f, 0x60,
+	0x7f, 0xd3, 0x52, 0x2f, 0xf7, 0x2e, 0xd4, 0xf3, 0xb9, 0x91, 0xac, 0xe7, 0x73, 0x2e, 0x97, 0x69,
+	0xee, 0x51, 0xc8, 0xe7, 0x0a, 0x0c, 0xcd, 0x07, 0xcd, 0xa6, 0xe3, 0xd7, 0xd1, 0xf7, 0xc3, 0x50,
+	0x8d, 0xff, 0x14, 0x3e, 0x34, 0x76, 0x58, 0x2d, 0xa0, 0x58, 0xc2, 0xd0, 0xc3, 0x30, 0xe0, 0x84,
+	0x0d, 0xe9, 0x37, 0x63, 0x41, 0x70, 0xb3, 0x61, 0x23, 0xc2, 0xac, 0xd5, 0xfe, 0x4b, 0x0b, 0xc6,
+	0x68, 0x17, 0x97, 0x3d, 0x14, 0x7b, 0x9c, 0xc7, 0x61, 0xd0, 0x69, 0xc7, 0x9b, 0x41, 0xd7, 0x3e,
+	0x6c, 0x96, 0xb5, 0x62, 0x01, 0xa5, 0xfb, 0x30, 0x55, 0x08, 0xc2, 0xd8, 0x87, 0x2d, 0xd0, 0xb5,
+	0xcc, 0x20, 0xd4, 0x94, 0x8d, 0xda, 0xeb, 0x59, 0xa7, 0xa5, 0x55, 0xde, 0x8c, 0x25, 0x9c, 0x12,
+	0x5b, 0x0f, 0xea, 0x1d, 0x11, 0xda, 0xab, 0x88, 0xcd, 0x05, 0xf5, 0x0e, 0x66, 0x10, 0xf4, 0x08,
+	0x14, 0xa3, 0x4d, 0x47, 0x9e, 0xcb, 0xcb, 0x28, 0xf3, 0xea, 0xc5, 0x59, 0x4c, 0xdb, 0x55, 0xd2,
+	0x44, 0xe8, 0xa5, 0x63, 0x6c, 0x93, 0x49, 0x13, 0xa1, 0x67, 0xff, 0xf3, 0x01, 0x60, 0xf1, 0x36,
+	0x4e, 0x48, 0xea, 0x6b, 0x01, 0x2b, 0x25, 0x7c, 0xa4, 0xc7, 0xda, 0x7a, 0x23, 0x7b, 0x3f, 0x1f,
+	0x6d, 0x1b, 0xc7, 0x9b, 0xc5, 0xbb, 0x7d, 0xbc, 0x99, 0x7d, 0x62, 0x3d, 0x70, 0x1f, 0x9d, 0x58,
+	0xdb, 0x9f, 0xb0, 0x00, 0xa9, 0xe8, 0x29, 0x1d, 0x52, 0x32, 0x03, 0x15, 0x15, 0xae, 0x25, 0xbe,
+	0x17, 0x2d, 0x16, 0x25, 0x00, 0x6b, 0x9c, 0x3e, 0xbc, 0x17, 0x8f, 0x49, 0x9d, 0x55, 0x4c, 0xe6,
+	0x5c, 0x30, 0x4d, 0x27, 0x54, 0x98, 0xfd, 0x3b, 0x05, 0x78, 0x80, 0x9b, 0x4b, 0xcb, 0x8e, 0xef,
+	0x34, 0x48, 0x93, 0x8e, 0xaa, 0xdf, 0x20, 0xa1, 0x1a, 0xdd, 0x36, 0xbb, 0x32, 0x43, 0xe2, 0xb0,
+	0xf2, 0x8a, 0xcb, 0x19, 0x2e, 0x59, 0x16, 0x7d, 0x37, 0xc6, 0x8c, 0x38, 0x8a, 0xa0, 0x2c, 0x2f,
+	0x33, 0x12, 0xfa, 0x27, 0x27, 0x46, 0x4a, 0x14, 0x0b, 0xcb, 0x82, 0x60, 0xc5, 0x88, 0x9a, 0x0f,
+	0x5e, 0x50, 0xdb, 0xa2, 0x9f, 0x7c, 0xda, 0x7c, 0x58, 0x12, 0xed, 0x58, 0x61, 0xd8, 0x4d, 0x18,
+	0x97, 0x73, 0xd8, 0xba, 0x4c, 0x3a, 0x98, 0x6c, 0x50, 0x9d, 0x5b, 0x93, 0x4d, 0xc6, 0xfd, 0x4a,
+	0x4a, 0xe7, 0xce, 0x9b, 0x40, 0x9c, 0xc4, 0x95, 0xd5, 0x85, 0x0b, 0xd9, 0xd5, 0x85, 0xed, 0xdf,
+	0xb1, 0x20, 0xad, 0xf4, 0x8d, 0x5a, 0xaa, 0xd6, 0x9e, 0xb5, 0x54, 0x0f, 0x50, 0x8d, 0xf4, 0x27,
+	0x61, 0xd8, 0x89, 0xa9, 0x55, 0xc7, 0x3d, 0x30, 0xc5, 0x3b, 0x3b, 0x39, 0x5c, 0x0e, 0xea, 0xee,
+	0x86, 0xcb, 0x3c, 0x2f, 0x26, 0x39, 0xfb, 0x0d, 0x0b, 0x2a, 0x0b, 0x61, 0xe7, 0xe0, 0xa9, 0x6a,
+	0xdd, 0x89, 0x68, 0x85, 0x03, 0x25, 0xa2, 0xc9, 0x54, 0xb7, 0x62, 0xaf, 0x54, 0x37, 0xfb, 0xaf,
+	0x06, 0x60, 0xa2, 0x2b, 0xf7, 0x12, 0x3d, 0x0f, 0x23, 0xea, 0x2d, 0x49, 0xb7, 0x6b, 0xc5, 0x0c,
+	0x5e, 0xd6, 0x30, 0x9c, 0xc0, 0xec, 0xe3, 0x53, 0x5d, 0x84, 0xe3, 0x21, 0x79, 0xb5, 0x4d, 0xda,
+	0x64, 0x76, 0x23, 0x26, 0x61, 0x95, 0xd4, 0x02, 0xbf, 0xce, 0x8b, 0x11, 0x17, 0xe7, 0x1e, 0xbc,
+	0xb5, 0x3b, 0x75, 0x1c, 0x77, 0x83, 0x71, 0x56, 0x1f, 0xd4, 0x82, 0x51, 0xcf, 0xdc, 0x2f, 0x88,
+	0x6d, 0xea, 0x1d, 0x6d, 0x35, 0xd4, 0x6a, 0x4d, 0x34, 0xe3, 0x24, 0x83, 0xe4, 0xa6, 0xa3, 0x74,
+	0x8f, 0x36, 0x1d, 0x1f, 0xd6, 0x9b, 0x0e, 0x1e, 0x0b, 0xf4, 0xee, 0x9c, 0x73, 0x6f, 0xfb, 0xd9,
+	0x75, 0x1c, 0x66, 0x1f, 0xf1, 0x22, 0x94, 0x65, 0x9c, 0x64, 0x5f, 0xf1, 0x85, 0x26, 0x9d, 0x1e,
+	0xb2, 0xfd, 0x71, 0x78, 0xeb, 0xb9, 0x30, 0x34, 0x26, 0xf3, 0x4a, 0x10, 0xcf, 0x7a, 0x5e, 0x70,
+	0x93, 0x9a, 0x2b, 0x57, 0x23, 0x22, 0xfc, 0x80, 0xf6, 0xed, 0x02, 0x64, 0x6c, 0xa9, 0xe9, 0x37,
+	0xa9, 0xed, 0xc2, 0xc4, 0x37, 0x79, 0x30, 0xdb, 0x10, 0xed, 0xf0, 0x58, 0x52, 0x6e, 0x0d, 0xbc,
+	0x2b, 0x6f, 0x97, 0x80, 0x0e, 0x2f, 0x55, 0x92, 0x52, 0x85, 0x98, 0x9e, 0x05, 0xd0, 0xe6, 0xbc,
+	0xb0, 0x09, 0x55, 0x70, 0x88, 0xb6, 0xfa, 0xb1, 0x81, 0x85, 0x9e, 0x83, 0x61, 0xd7, 0x8f, 0x62,
+	0xc7, 0xf3, 0x2e, 0xba, 0x7e, 0x2c, 0xec, 0x44, 0x65, 0xf6, 0x2c, 0x6a, 0x10, 0x36, 0xf1, 0x4e,
+	0xbf, 0xc3, 0x78, 0x7f, 0x07, 0x79, 0xef, 0x9b, 0x70, 0xea, 0x82, 0x1b, 0xab, 0x24, 0x45, 0xb5,
+	0xde, 0xa8, 0xb5, 0xae, 0x64, 0x95, 0xd5, 0x33, 0x2d, 0xd7, 0x48, 0x12, 0x2c, 0x24, 0x73, 0x1a,
+	0xd3, 0x49, 0x82, 0x76, 0x0d, 0x4e, 0x5c, 0x70, 0xe3, 0xf3, 0xae, 0x47, 0x8e, 0x90, 0xc9, 0x57,
+	0x06, 0x61, 0xc4, 0xcc, 0xdd, 0x3f, 0x88, 0x64, 0xff, 0x14, 0xb5, 0x63, 0xc5, 0x44, 0xb8, 0xea,
+	0xc0, 0xfb, 0xfa, 0xa1, 0x0b, 0x09, 0x64, 0x4f, 0xae, 0x61, 0xca, 0x6a, 0x9e, 0xd8, 0x1c, 0x00,
+	0xba, 0x09, 0xa5, 0x0d, 0x96, 0xef, 0x56, 0xcc, 0x23, 0x54, 0x29, 0x6b, 0xf2, 0xf5, 0x97, 0xcb,
+	0x33, 0xe6, 0x38, 0x3f, 0x6a, 0x7e, 0x84, 0xc9, 0x34, 0x6b, 0x23, 0x0b, 0x41, 0xe8, 0x35, 0x85,
+	0xd1, 0x4b, 0x7b, 0x94, 0xee, 0x40, 0x7b, 0x24, 0x64, 0xf9, 0xe0, 0x3d, 0x92, 0xe5, 0x2c, 0x77,
+	0x31, 0xde, 0x64, 0xc6, 0xb1, 0x48, 0x9b, 0x1a, 0x62, 0x93, 0x60, 0xe4, 0x2e, 0x26, 0xc0, 0x38,
+	0x8d, 0x8f, 0x3e, 0xa0, 0xb4, 0x41, 0x39, 0x8f, 0x03, 0x05, 0x73, 0x45, 0x1f, 0xb5, 0x22, 0xf8,
+	0x44, 0x01, 0xc6, 0x2e, 0xf8, 0xed, 0xd5, 0x0b, 0xab, 0xed, 0x75, 0xcf, 0xad, 0x5d, 0x26, 0x1d,
+	0x2a, 0xed, 0xb7, 0x48, 0x67, 0x71, 0x41, 0x7c, 0x41, 0x6a, 0xcd, 0x5c, 0xa6, 0x8d, 0x98, 0xc3,
+	0xa8, 0xdc, 0xda, 0x70, 0xfd, 0x06, 0x09, 0x5b, 0xa1, 0x2b, 0x7c, 0xfd, 0x86, 0xdc, 0x3a, 0xaf,
+	0x41, 0xd8, 0xc4, 0xa3, 0xb4, 0x83, 0x9b, 0xbe, 0x2a, 0xa4, 0xa4, 0x68, 0xaf, 0xd0, 0x46, 0xcc,
+	0x61, 0x14, 0x29, 0x0e, 0xdb, 0xc2, 0x95, 0x66, 0x20, 0xad, 0xd1, 0x46, 0xcc, 0x61, 0x62, 0x97,
+	0xce, 0x22, 0xc1, 0x4a, 0x5d, 0xbb, 0x74, 0x16, 0x44, 0x21, 0xe1, 0x14, 0x75, 0x8b, 0x74, 0x16,
+	0x9c, 0xd8, 0x49, 0x6f, 0xb2, 0x2f, 0xf3, 0x66, 0x2c, 0xe1, 0xac, 0xb2, 0x72, 0x72, 0x3a, 0xbe,
+	0xeb, 0x2a, 0x2b, 0x27, 0x87, 0xdf, 0xc3, 0x21, 0xf3, 0xb7, 0x0a, 0x30, 0xf2, 0xe6, 0xf5, 0xa7,
+	0x19, 0x17, 0xfb, 0x5c, 0x87, 0x89, 0xae, 0x8c, 0xe9, 0x3e, 0x2c, 0xa4, 0x7d, 0x2b, 0x5a, 0xd8,
+	0x18, 0x86, 0x29, 0x61, 0x59, 0x51, 0x70, 0x1e, 0x26, 0xf8, 0xc7, 0x4b, 0x39, 0xb1, 0x04, 0x58,
+	0x95, 0x05, 0xcf, 0x0e, 0xb3, 0xae, 0xa5, 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xa4, 0x05, 0xa3, 0x89,
+	0x24, 0xf6, 0x9c, 0x6c, 0x39, 0xf6, 0x75, 0x07, 0x2c, 0x8a, 0x99, 0x65, 0x95, 0x14, 0x99, 0x1a,
+	0xd6, 0x5f, 0xb7, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0xfd, 0x22, 0x94, 0x65, 0xc4, 0x55, 0x1f, 0x43,
+	0xf9, 0xb8, 0x05, 0xa3, 0xea, 0x00, 0x91, 0x79, 0x7c, 0x0b, 0x79, 0xe4, 0xd4, 0xd1, 0x11, 0x28,
+	0xff, 0x89, 0xbf, 0x11, 0xe8, 0x8d, 0x05, 0x36, 0x99, 0xe1, 0x24, 0x6f, 0x74, 0x0d, 0x20, 0xea,
+	0x44, 0x31, 0x69, 0x1a, 0xbe, 0x67, 0xdb, 0x58, 0x65, 0xd3, 0xb5, 0x20, 0x24, 0x74, 0x4d, 0x5d,
+	0x09, 0xea, 0xa4, 0xaa, 0x30, 0xb5, 0x85, 0xa7, 0xdb, 0xb0, 0x41, 0x09, 0xbd, 0xa6, 0x8e, 0xbb,
+	0x07, 0xf2, 0xd0, 0xeb, 0x72, 0x7e, 0xfb, 0x39, 0xef, 0x3e, 0xc4, 0xf9, 0xb2, 0xfd, 0xab, 0x05,
+	0x38, 0x96, 0x9e, 0x49, 0xf4, 0x6e, 0x18, 0x91, 0x93, 0x66, 0xb8, 0x19, 0x64, 0x98, 0xdb, 0x08,
+	0x36, 0x60, 0xb7, 0x77, 0xa7, 0xa6, 0xba, 0xef, 0xd1, 0x9e, 0x36, 0x51, 0x70, 0x82, 0x18, 0x3f,
+	0x7c, 0x16, 0x51, 0x12, 0x73, 0x9d, 0xd9, 0x56, 0x4b, 0x9c, 0x20, 0x1b, 0x87, 0xcf, 0x26, 0x14,
+	0xa7, 0xb0, 0xd1, 0x2a, 0x9c, 0x30, 0x5a, 0xae, 0x10, 0xb7, 0xb1, 0xb9, 0x1e, 0x84, 0x72, 0x5f,
+	0xfb, 0xb0, 0x0e, 0xaa, 0xed, 0xc6, 0xc1, 0x99, 0x3d, 0xa9, 0x61, 0x54, 0x73, 0x5a, 0x4e, 0xcd,
+	0x8d, 0x3b, 0xe2, 0x0c, 0x40, 0x89, 0xf1, 0x79, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0xf7, 0x07, 0xe0,
+	0x18, 0x8f, 0x22, 0x25, 0x2a, 0x48, 0x1a, 0xbd, 0x1b, 0x2a, 0x51, 0xec, 0x84, 0xdc, 0xa9, 0x61,
+	0x1d, 0x58, 0x74, 0xe9, 0xcc, 0x7b, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x25, 0x56, 0xb6, 0xcc, 0x8d,
+	0x36, 0x19, 0xf5, 0xc2, 0x9d, 0xb9, 0x4c, 0xce, 0x2b, 0x0a, 0xd8, 0xa0, 0x86, 0x7e, 0x04, 0x4a,
+	0xad, 0x4d, 0x27, 0x92, 0xfe, 0xbc, 0xc7, 0xa5, 0x9c, 0x58, 0xa5, 0x8d, 0xb7, 0x77, 0xa7, 0x4e,
+	0xa6, 0x1f, 0x95, 0x01, 0x30, 0xef, 0x64, 0x4a, 0xf9, 0x81, 0xfd, 0xef, 0xe5, 0xa9, 0x87, 0x9d,
+	0xea, 0xc5, 0xd9, 0xf4, 0x4d, 0x2e, 0x0b, 0xac, 0x15, 0x0b, 0x28, 0x95, 0x49, 0x9b, 0x9c, 0x65,
+	0x9d, 0x22, 0x0f, 0x26, 0x2d, 0x8e, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x89, 0xee, 0x18, 0xe3,
+	0xa1, 0x23, 0xc8, 0x41, 0xe9, 0x37, 0xba, 0xf8, 0x1c, 0x54, 0xc4, 0x50, 0xd7, 0x02, 0xf4, 0x3c,
+	0x8c, 0x70, 0x77, 0xd1, 0x5c, 0xe8, 0xf8, 0xb5, 0xcd, 0xb4, 0x93, 0x67, 0xcd, 0x80, 0xe1, 0x04,
+	0xa6, 0xbd, 0x0c, 0x03, 0x7d, 0x0a, 0xd9, 0xbe, 0xf6, 0xee, 0x2f, 0x42, 0x99, 0x92, 0x93, 0x1b,
+	0xb4, 0x3c, 0x48, 0x06, 0x50, 0x96, 0xb7, 0x3c, 0x22, 0x1b, 0x8a, 0xae, 0x23, 0x63, 0x49, 0xd4,
+	0x27, 0xb4, 0x18, 0x45, 0x6d, 0xb6, 0xec, 0x28, 0x10, 0x3d, 0x06, 0x45, 0xb2, 0xd3, 0x4a, 0x07,
+	0x8d, 0x9c, 0xdb, 0x69, 0xb9, 0x21, 0x89, 0x28, 0x12, 0xd9, 0x69, 0xa1, 0xd3, 0x50, 0x70, 0xeb,
+	0x62, 0x45, 0x82, 0xc0, 0x29, 0x2c, 0x2e, 0xe0, 0x82, 0x5b, 0xb7, 0x77, 0xa0, 0xa2, 0xae, 0x95,
+	0x44, 0x5b, 0xd2, 0xa4, 0xb2, 0xf2, 0x88, 0x22, 0x96, 0x74, 0x7b, 0x18, 0x53, 0x6d, 0x00, 0x5d,
+	0xd2, 0x21, 0x2f, 0x15, 0x7c, 0x06, 0x06, 0x6a, 0x81, 0x28, 0xc6, 0x53, 0xd6, 0x64, 0x98, 0x2d,
+	0xc5, 0x20, 0xf6, 0x75, 0x18, 0xbb, 0xec, 0x07, 0x37, 0xd9, 0xed, 0x4f, 0xac, 0xd8, 0x31, 0x25,
+	0xbc, 0x41, 0x7f, 0xa4, 0x2d, 0x77, 0x06, 0xc5, 0x1c, 0xa6, 0xca, 0xb0, 0x16, 0x7a, 0x95, 0x61,
+	0xb5, 0x3f, 0x68, 0xc1, 0x88, 0xca, 0x0d, 0xbf, 0xb0, 0xbd, 0x45, 0xe9, 0x36, 0xc2, 0xa0, 0xdd,
+	0x4a, 0xd3, 0x65, 0x37, 0xd8, 0x62, 0x0e, 0x33, 0x8b, 0x26, 0x14, 0xf6, 0x29, 0x9a, 0x70, 0x06,
+	0x06, 0xb6, 0x5c, 0xbf, 0x9e, 0x76, 0x8a, 0x5e, 0x76, 0xfd, 0x3a, 0x66, 0x10, 0x3a, 0x84, 0x63,
+	0x6a, 0x08, 0xd2, 0x66, 0x7a, 0x1e, 0x46, 0xd6, 0xdb, 0xae, 0x57, 0x97, 0x55, 0x9c, 0x53, 0x9f,
+	0xcb, 0x9c, 0x01, 0xc3, 0x09, 0x4c, 0x74, 0x16, 0x60, 0xdd, 0xf5, 0x9d, 0xb0, 0xb3, 0xaa, 0x8d,
+	0x34, 0xa5, 0xb7, 0xe7, 0x14, 0x04, 0x1b, 0x58, 0xf6, 0xa7, 0x8b, 0x30, 0x96, 0xcc, 0x90, 0xef,
+	0xc3, 0x77, 0xf1, 0x18, 0x94, 0x58, 0xd2, 0x7c, 0xfa, 0xd5, 0xf2, 0xc2, 0xc7, 0x1c, 0x86, 0x22,
+	0x18, 0xe4, 0x1f, 0x73, 0x3e, 0xb7, 0x80, 0xaa, 0x41, 0x2a, 0x4f, 0x2a, 0x8b, 0xb5, 0x16, 0x8e,
+	0x69, 0xc1, 0x0a, 0x7d, 0xc4, 0x82, 0xa1, 0xa0, 0x65, 0x56, 0xe0, 0x7c, 0x57, 0x9e, 0xd5, 0x03,
+	0x44, 0x8a, 0xae, 0xb0, 0x47, 0xd4, 0xab, 0x97, 0xaf, 0x43, 0xb2, 0x3e, 0xfd, 0xc3, 0x30, 0x62,
+	0x62, 0xee, 0x67, 0x92, 0x94, 0x4d, 0x93, 0xe4, 0xe3, 0xe6, 0xa2, 0x10, 0xf5, 0x11, 0xfa, 0xf8,
+	0xdc, 0xae, 0x42, 0xa9, 0xa6, 0x02, 0xd2, 0xee, 0xa8, 0xf6, 0xbf, 0xaa, 0x1f, 0xc6, 0x0e, 0xfb,
+	0x39, 0x35, 0xfb, 0x9b, 0x96, 0xb1, 0x3e, 0x30, 0x89, 0x16, 0xeb, 0x28, 0x84, 0x62, 0x63, 0x7b,
+	0x4b, 0xa8, 0xf9, 0x4b, 0x39, 0x4d, 0xef, 0x85, 0xed, 0x2d, 0xbd, 0xc6, 0xcd, 0x56, 0x4c, 0x99,
+	0xf5, 0xe1, 0xee, 0x4f, 0x94, 0xd1, 0x28, 0xee, 0x5f, 0x46, 0xc3, 0x7e, 0xa3, 0x00, 0x13, 0x5d,
+	0x8b, 0x0a, 0xbd, 0x06, 0xa5, 0x90, 0x3e, 0xa5, 0x78, 0xbc, 0xa5, 0xdc, 0x0a, 0x5f, 0x44, 0x8b,
+	0x75, 0xad, 0x3e, 0x93, 0xed, 0x98, 0xb3, 0x44, 0x97, 0x00, 0xe9, 0xb0, 0x49, 0x75, 0xd6, 0xc0,
+	0x1f, 0x59, 0xc5, 0x56, 0xcd, 0x76, 0x61, 0xe0, 0x8c, 0x5e, 0xe8, 0x85, 0xf4, 0x91, 0x45, 0xaa,
+	0xa6, 0xf3, 0x5e, 0xa7, 0x0f, 0xf6, 0x6f, 0x16, 0x60, 0x34, 0x51, 0x10, 0x15, 0x79, 0x50, 0x26,
+	0x1e, 0x3b, 0xc8, 0x94, 0xca, 0xe6, 0xb0, 0x77, 0xa3, 0x28, 0x05, 0x79, 0x4e, 0xd0, 0xc5, 0x8a,
+	0xc3, 0xfd, 0x11, 0x72, 0xf5, 0x3c, 0x8c, 0xc8, 0x01, 0xbd, 0xcb, 0x69, 0x7a, 0x62, 0x02, 0xd5,
+	0x1a, 0x3d, 0x67, 0xc0, 0x70, 0x02, 0xd3, 0xfe, 0xdd, 0x22, 0x4c, 0xf2, 0x93, 0xdf, 0xba, 0x5a,
+	0x79, 0x2a, 0x82, 0xe3, 0x17, 0x74, 0xd9, 0x62, 0x2b, 0x8f, 0x0b, 0xc0, 0x7b, 0x31, 0xea, 0x2b,
+	0x52, 0xf8, 0x0b, 0xa9, 0x48, 0x61, 0xbe, 0x33, 0x6d, 0x1c, 0xd1, 0x88, 0xbe, 0xbb, 0x42, 0x87,
+	0xff, 0x71, 0x01, 0xc6, 0x53, 0xf7, 0xbc, 0xa1, 0x4f, 0x27, 0xaf, 0x06, 0xb1, 0xf2, 0x38, 0x15,
+	0xdb, 0xf3, 0xea, 0xaf, 0x83, 0x5d, 0x10, 0x72, 0x8f, 0x3e, 0x15, 0xfb, 0x1b, 0x05, 0x18, 0x4b,
+	0x5e, 0x50, 0x77, 0x1f, 0xce, 0xd4, 0xdb, 0xa1, 0xc2, 0xee, 0x60, 0xba, 0x4c, 0x3a, 0xf2, 0x50,
+	0x8d, 0x5f, 0x77, 0x23, 0x1b, 0xb1, 0x86, 0xdf, 0x17, 0xf7, 0xae, 0xd8, 0xff, 0xd4, 0x82, 0x93,
+	0xfc, 0x29, 0xd3, 0xeb, 0xf0, 0x6f, 0x64, 0xcd, 0xee, 0xcb, 0xf9, 0x0e, 0x30, 0x55, 0x6e, 0x7b,
+	0xbf, 0xf9, 0x65, 0xd7, 0xa0, 0x8b, 0xd1, 0x26, 0x97, 0xc2, 0x7d, 0x38, 0xd8, 0x03, 0x2d, 0x06,
+	0xfb, 0xdf, 0x17, 0x60, 0x78, 0x65, 0x7e, 0x51, 0x89, 0xf0, 0x19, 0xa8, 0xd4, 0x42, 0xe2, 0x68,
+	0x6f, 0x87, 0x19, 0x57, 0x24, 0x01, 0x58, 0xe3, 0xd0, 0x4d, 0x03, 0x8f, 0xcb, 0x8b, 0xd2, 0x9b,
+	0x06, 0x1e, 0xb6, 0x17, 0x61, 0x09, 0x47, 0x4f, 0x42, 0x99, 0x65, 0xcc, 0x5e, 0x0d, 0xa5, 0xc6,
+	0xd1, 0x3b, 0x49, 0xd6, 0x8e, 0x97, 0xb0, 0xc2, 0xa0, 0x84, 0xeb, 0x41, 0x2d, 0xa2, 0xc8, 0x29,
+	0x07, 0xc4, 0x02, 0x6d, 0xc6, 0x4b, 0x58, 0xc2, 0x59, 0xc1, 0x43, 0xb6, 0x49, 0xa7, 0xc8, 0xa5,
+	0xe4, 0xa0, 0xf9, 0x6e, 0x9e, 0xa2, 0x6b, 0x9c, 0x83, 0x14, 0xc6, 0x4c, 0x65, 0xad, 0x0d, 0xf5,
+	0x97, 0xb5, 0x66, 0x7f, 0xa3, 0x08, 0xfa, 0x46, 0x7d, 0xe4, 0x8a, 0x32, 0x11, 0xb9, 0x94, 0x73,
+	0xaf, 0x76, 0xfc, 0x9a, 0xbe, 0xbb, 0xbf, 0x9c, 0xaa, 0x12, 0xf1, 0x73, 0x16, 0x0c, 0xbb, 0xbe,
+	0x1b, 0xbb, 0x0e, 0x73, 0x85, 0xe5, 0x73, 0x2d, 0xb6, 0x62, 0xb7, 0xc8, 0x29, 0x07, 0xa1, 0x79,
+	0xc2, 0xad, 0x98, 0x61, 0x93, 0x33, 0x7a, 0xaf, 0x48, 0x92, 0x2a, 0xe6, 0x56, 0x6b, 0xa5, 0x9c,
+	0xca, 0x8c, 0x6a, 0x51, 0x83, 0x36, 0x0e, 0x73, 0x2a, 0x51, 0x84, 0x29, 0x29, 0x75, 0xad, 0x88,
+	0xda, 0x32, 0xb0, 0x66, 0xcc, 0x19, 0xd9, 0x11, 0xa0, 0xee, 0xb9, 0x38, 0x60, 0x02, 0xca, 0x0c,
+	0x54, 0x9c, 0x76, 0x1c, 0x34, 0xe9, 0x34, 0x89, 0xf3, 0x71, 0x9d, 0x62, 0x23, 0x01, 0x58, 0xe3,
+	0xd8, 0x9f, 0x2e, 0x41, 0xaa, 0x68, 0x03, 0xda, 0x81, 0x8a, 0x2a, 0xdb, 0x90, 0x4f, 0x42, 0xa7,
+	0x5e, 0x51, 0x6a, 0x30, 0xaa, 0x09, 0x6b, 0x66, 0xa8, 0x21, 0xbd, 0x8a, 0xfc, 0x6b, 0x7f, 0x31,
+	0xed, 0x55, 0xfc, 0xf1, 0xfe, 0x0e, 0x99, 0xe8, 0x5a, 0x9d, 0xe1, 0x65, 0xfa, 0xa6, 0xf7, 0x75,
+	0x40, 0xee, 0x77, 0x31, 0xf8, 0x87, 0xc4, 0x25, 0x5e, 0x98, 0x44, 0x6d, 0x2f, 0x16, 0xab, 0xe1,
+	0xc5, 0x1c, 0xbf, 0x32, 0x4e, 0x58, 0x17, 0x3f, 0xe2, 0xff, 0xb1, 0xc1, 0x34, 0xe9, 0x26, 0x1e,
+	0x3c, 0x52, 0x37, 0xf1, 0x50, 0xae, 0x6e, 0xe2, 0xb3, 0x00, 0x6c, 0x6d, 0xf3, 0x40, 0xf9, 0x32,
+	0xf3, 0xde, 0x29, 0x15, 0x83, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x0f, 0x42, 0xb2, 0x7a, 0x17, 0x9a,
+	0x92, 0xc5, 0xc2, 0xf8, 0x01, 0x18, 0xcb, 0x51, 0x4c, 0xd4, 0xf5, 0xfa, 0x75, 0x0b, 0xcc, 0x12,
+	0x63, 0xe8, 0x55, 0x5e, 0xcb, 0xcc, 0xca, 0xe3, 0x40, 0xc5, 0xa0, 0x3b, 0xbd, 0xec, 0xb4, 0x52,
+	0xc1, 0x3d, 0xb2, 0xa0, 0xd9, 0xe9, 0x77, 0x40, 0x59, 0x42, 0x0f, 0x64, 0x2c, 0x7f, 0x00, 0x8e,
+	0xcb, 0x7a, 0x07, 0xf2, 0xec, 0x43, 0x1c, 0xb2, 0xef, 0xef, 0x52, 0x93, 0x7e, 0xb2, 0x42, 0x2f,
+	0x3f, 0x99, 0xda, 0xfd, 0x17, 0x7b, 0x56, 0x29, 0xff, 0x0d, 0x0b, 0xce, 0xa4, 0x07, 0x10, 0x2d,
+	0x07, 0xbe, 0x1b, 0x07, 0x61, 0x95, 0xc4, 0xb1, 0xeb, 0x37, 0x58, 0xc9, 0xd9, 0x9b, 0x4e, 0x28,
+	0xaf, 0x1d, 0x62, 0x82, 0xf2, 0xba, 0x13, 0xfa, 0x98, 0xb5, 0xa2, 0x0e, 0x0c, 0xf2, 0xc8, 0x62,
+	0xb1, 0x0b, 0x3a, 0xe4, 0xb7, 0x91, 0x31, 0x1d, 0x7a, 0x1b, 0xc6, 0xa3, 0x9a, 0xb1, 0x60, 0x68,
+	0x7f, 0xdb, 0x02, 0xb4, 0xb2, 0x4d, 0xc2, 0xd0, 0xad, 0x1b, 0xb1, 0xd0, 0xec, 0x32, 0x4c, 0xe3,
+	0xd2, 0x4b, 0xb3, 0x1a, 0x47, 0xea, 0x32, 0x4c, 0xe3, 0x5f, 0xf6, 0x65, 0x98, 0x85, 0x83, 0x5d,
+	0x86, 0x89, 0x56, 0xe0, 0x64, 0x93, 0x6f, 0xe3, 0xf8, 0x05, 0x73, 0x7c, 0x4f, 0xa7, 0x12, 0xc7,
+	0x4f, 0xdd, 0xda, 0x9d, 0x3a, 0xb9, 0x9c, 0x85, 0x80, 0xb3, 0xfb, 0xd9, 0xef, 0x00, 0xc4, 0x43,
+	0xa0, 0xe7, 0xb3, 0xa2, 0x38, 0x7b, 0xba, 0xb5, 0xec, 0xcf, 0x97, 0x60, 0x3c, 0x75, 0x29, 0x05,
+	0xdd, 0x42, 0x77, 0x87, 0x8d, 0x1e, 0x5a, 0x7f, 0x77, 0x0f, 0xaf, 0xaf, 0x40, 0x54, 0x1f, 0x4a,
+	0xae, 0xdf, 0x6a, 0xc7, 0xf9, 0xd4, 0xad, 0xe0, 0x83, 0x58, 0xa4, 0x04, 0x0d, 0x37, 0x3c, 0xfd,
+	0x8b, 0x39, 0x9b, 0x3c, 0xc3, 0x5a, 0x13, 0x9b, 0x9c, 0x81, 0x7b, 0xe4, 0x66, 0xf9, 0x90, 0x0e,
+	0x32, 0x2d, 0xe5, 0xe1, 0xb0, 0x4d, 0x2d, 0x96, 0xa3, 0x8e, 0x2c, 0xfa, 0x72, 0x01, 0x86, 0x8d,
+	0x97, 0x86, 0x7e, 0x29, 0x59, 0x80, 0xd3, 0xca, 0xef, 0x91, 0x18, 0xfd, 0x69, 0x5d, 0x62, 0x93,
+	0x3f, 0xd2, 0xe3, 0xdd, 0xb5, 0x37, 0x6f, 0xef, 0x4e, 0x1d, 0x4b, 0x55, 0xd7, 0x4c, 0xd4, 0xe3,
+	0x3c, 0xfd, 0x7e, 0x18, 0x4f, 0x91, 0xc9, 0x78, 0xe4, 0x35, 0xf3, 0x91, 0x0f, 0xed, 0xee, 0x33,
+	0xa7, 0xec, 0x4b, 0x74, 0xca, 0x44, 0xba, 0x7c, 0xe0, 0x91, 0x3e, 0x7c, 0xdb, 0xa9, 0xfd, 0x45,
+	0xa1, 0xcf, 0xaa, 0x18, 0x4f, 0x40, 0xb9, 0x15, 0x78, 0x6e, 0xcd, 0x55, 0xf5, 0xbb, 0x59, 0x1d,
+	0x8e, 0x55, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x84, 0xca, 0x8d, 0x9b, 0x31, 0x3f, 0x55, 0x13, 0xe7,
+	0x06, 0x79, 0x1d, 0xa6, 0x29, 0xa3, 0x45, 0x1d, 0xdb, 0x61, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, 0x94,
+	0xa0, 0x4c, 0x9d, 0x63, 0x67, 0x1a, 0x4c, 0x3b, 0x46, 0x58, 0x40, 0xec, 0x7f, 0x3b, 0x0c, 0x27,
+	0xb2, 0x6e, 0x06, 0x42, 0xef, 0x83, 0x41, 0x3e, 0xc6, 0x7c, 0x2e, 0x9f, 0xcb, 0xe2, 0x71, 0x81,
+	0x11, 0x14, 0xc3, 0x62, 0xbf, 0xb1, 0xe0, 0x29, 0xb8, 0x7b, 0xce, 0xba, 0x58, 0x21, 0x47, 0xc3,
+	0x7d, 0xc9, 0xd1, 0xdc, 0x97, 0x1c, 0xce, 0xdd, 0x73, 0xd6, 0xd1, 0x0e, 0x94, 0x1a, 0x6e, 0x4c,
+	0x1c, 0xe1, 0x9c, 0xb9, 0x7e, 0x24, 0xcc, 0x89, 0xc3, 0xad, 0x34, 0xf6, 0x13, 0x73, 0x86, 0xe8,
+	0x8b, 0x16, 0x8c, 0xaf, 0x27, 0xcb, 0xf1, 0x08, 0xe1, 0xe9, 0x1c, 0xc1, 0xed, 0x4f, 0x49, 0x46,
+	0xfc, 0x36, 0xd8, 0x54, 0x23, 0x4e, 0x0f, 0x07, 0x7d, 0xd8, 0x82, 0xa1, 0x0d, 0xd7, 0x33, 0xae,
+	0xd7, 0x38, 0x82, 0x97, 0x73, 0x9e, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc2, 0x92, 0x73, 0x2f,
+	0x4d, 0x35, 0x78, 0x58, 0x4d, 0x35, 0x74, 0x8f, 0x34, 0xd5, 0xc7, 0x2c, 0xa8, 0xa8, 0x99, 0x16,
+	0x65, 0x4d, 0xde, 0x7d, 0x84, 0xaf, 0x9c, 0x7b, 0xa4, 0xd4, 0x5f, 0xac, 0x99, 0xa3, 0xd7, 0x2d,
+	0x18, 0x76, 0x5e, 0x6b, 0x87, 0xa4, 0x4e, 0xb6, 0x83, 0x56, 0x24, 0xea, 0x8d, 0xbe, 0x9c, 0xff,
+	0x60, 0x66, 0x29, 0x93, 0x05, 0xb2, 0xbd, 0xd2, 0x8a, 0x44, 0x5a, 0xaf, 0x6e, 0xc0, 0xe6, 0x10,
+	0xd0, 0xcf, 0x6a, 0x3d, 0x0e, 0x79, 0x54, 0x9d, 0xce, 0x1a, 0x4d, 0x5f, 0x59, 0xea, 0x04, 0x1e,
+	0xaa, 0x05, 0x7e, 0xec, 0xfa, 0x6d, 0xb2, 0xe2, 0x63, 0xd2, 0x0a, 0xae, 0x04, 0xf1, 0xf9, 0xa0,
+	0xed, 0xd7, 0xcf, 0x85, 0x61, 0x10, 0xb2, 0xba, 0x2d, 0xc6, 0x9d, 0xa3, 0xf3, 0xbd, 0x51, 0xf1,
+	0x5e, 0x74, 0x0e, 0x63, 0x33, 0xec, 0x16, 0x60, 0x6a, 0x9f, 0xc9, 0x46, 0xcf, 0xc3, 0x48, 0x10,
+	0x36, 0x1c, 0xdf, 0x7d, 0xcd, 0x2c, 0x45, 0xa6, 0x0c, 0xd2, 0x15, 0x03, 0x86, 0x13, 0x98, 0x66,
+	0x8d, 0x9a, 0xc2, 0x3e, 0x35, 0x6a, 0xce, 0xc0, 0x40, 0x48, 0x5a, 0x41, 0x7a, 0x5f, 0xc5, 0x32,
+	0xf1, 0x18, 0x04, 0x3d, 0x02, 0x45, 0xa7, 0xe5, 0x0a, 0xe7, 0xa2, 0xda, 0x2e, 0xce, 0xae, 0x2e,
+	0x62, 0xda, 0x9e, 0x28, 0x99, 0x55, 0xba, 0x2b, 0x25, 0xb3, 0xa8, 0xc6, 0x14, 0xc7, 0x67, 0x83,
+	0x5a, 0x63, 0x26, 0x8f, 0xb5, 0xec, 0x37, 0x8a, 0xf0, 0xc8, 0x9e, 0x9f, 0x96, 0x8e, 0xd0, 0xb6,
+	0xf6, 0x88, 0xd0, 0x96, 0xd3, 0x53, 0xd8, 0x6f, 0x7a, 0x8a, 0x3d, 0xa6, 0xe7, 0xc3, 0x54, 0x62,
+	0xc8, 0x12, 0x6e, 0xf9, 0xdc, 0x9b, 0xde, 0xab, 0x22, 0x9c, 0x10, 0x16, 0x12, 0x8a, 0x35, 0x5f,
+	0xba, 0x5d, 0x4a, 0xd4, 0x67, 0x29, 0xe5, 0xa1, 0x31, 0x7b, 0x96, 0x51, 0xe3, 0x62, 0xa2, 0x57,
+	0xd1, 0x17, 0xfb, 0xb7, 0x06, 0xe0, 0xb1, 0x3e, 0x14, 0x9d, 0xb9, 0x8a, 0xad, 0x3e, 0x57, 0xf1,
+	0x77, 0xf9, 0x6b, 0xfa, 0x68, 0xe6, 0x6b, 0xc2, 0xf9, 0xbf, 0xa6, 0xbd, 0xdf, 0x10, 0x3b, 0x81,
+	0xf0, 0x23, 0x52, 0x6b, 0x87, 0x3c, 0x5b, 0xc5, 0x48, 0xd3, 0x5d, 0x14, 0xed, 0x58, 0x61, 0xd0,
+	0xed, 0x6f, 0xcd, 0xa1, 0x9f, 0xff, 0x50, 0x4e, 0xf5, 0x38, 0xcc, 0x8c, 0x5f, 0x6e, 0x7d, 0xcd,
+	0xcf, 0x52, 0x09, 0xc0, 0xd9, 0xd8, 0xbf, 0x67, 0xc1, 0xe9, 0xde, 0xd6, 0x08, 0x7a, 0x1a, 0x86,
+	0xd7, 0x59, 0xec, 0xe0, 0x32, 0x8b, 0x4f, 0x12, 0x4b, 0x87, 0x3d, 0xaf, 0x6e, 0xc6, 0x26, 0x0e,
+	0x9a, 0x87, 0x09, 0x33, 0xe8, 0x70, 0xd9, 0x08, 0x6c, 0x62, 0xfe, 0x92, 0xb5, 0x34, 0x10, 0x77,
+	0xe3, 0xa3, 0x69, 0x80, 0xd8, 0x8d, 0x3d, 0xc2, 0x7b, 0xf3, 0x85, 0xc6, 0x1c, 0x8a, 0x6b, 0xaa,
+	0x15, 0x1b, 0x18, 0xf6, 0x77, 0x8a, 0xd9, 0x8f, 0xc1, 0xad, 0xdc, 0x83, 0xac, 0x7e, 0xb1, 0xb6,
+	0x0b, 0x7d, 0x48, 0xe8, 0xe2, 0xdd, 0x96, 0xd0, 0x03, 0xbd, 0x24, 0x34, 0x5a, 0x80, 0x63, 0xc6,
+	0x2d, 0xa6, 0xbc, 0xa2, 0x0b, 0x3f, 0x94, 0x52, 0xe5, 0xd8, 0x56, 0x53, 0x70, 0xdc, 0xd5, 0xe3,
+	0x3e, 0x5f, 0xaa, 0x5f, 0x2d, 0xc0, 0xa9, 0x9e, 0x1b, 0x8b, 0xbb, 0xa4, 0x81, 0xcc, 0xd7, 0x3f,
+	0x70, 0x77, 0x5e, 0xbf, 0xf9, 0x52, 0x4a, 0xfb, 0xbe, 0x94, 0x7e, 0xd4, 0xf9, 0x1f, 0x15, 0x7a,
+	0x7e, 0x2c, 0x74, 0x23, 0xfa, 0x3d, 0x3b, 0x93, 0x2f, 0xc0, 0xa8, 0xd3, 0x6a, 0x71, 0x3c, 0x96,
+	0x88, 0x90, 0x2a, 0x11, 0x39, 0x6b, 0x02, 0x71, 0x12, 0xb7, 0xaf, 0x89, 0xfd, 0x53, 0x0b, 0x2a,
+	0x98, 0x6c, 0x70, 0x09, 0x87, 0x6e, 0x88, 0x29, 0xb2, 0xf2, 0xa8, 0xd3, 0x4f, 0x27, 0x36, 0x72,
+	0x59, 0xf1, 0xfa, 0xac, 0xc9, 0x3e, 0x6c, 0xc1, 0x01, 0x75, 0xf7, 0x69, 0xb1, 0xf7, 0xdd, 0xa7,
+	0xf6, 0x57, 0x2a, 0xf4, 0xf1, 0x5a, 0xc1, 0x7c, 0x48, 0xea, 0x11, 0x7d, 0xbf, 0xed, 0xd0, 0x13,
+	0x8b, 0x44, 0xbd, 0xdf, 0xab, 0x78, 0x09, 0xd3, 0xf6, 0xc4, 0xf9, 0x64, 0xe1, 0x40, 0x05, 0xf2,
+	0x8a, 0xfb, 0x16, 0xc8, 0x7b, 0x01, 0x46, 0xa3, 0x68, 0x73, 0x35, 0x74, 0xb7, 0x9d, 0x98, 0x5c,
+	0x26, 0xb2, 0x92, 0x8e, 0x2e, 0x16, 0x55, 0xbd, 0xa8, 0x81, 0x38, 0x89, 0x8b, 0x2e, 0xc0, 0x84,
+	0x2e, 0x53, 0x47, 0xc2, 0x98, 0x65, 0xf8, 0xf1, 0x95, 0xa0, 0xaa, 0xa4, 0xe8, 0xc2, 0x76, 0x02,
+	0x01, 0x77, 0xf7, 0xa1, 0x32, 0x37, 0xd1, 0x48, 0x07, 0x32, 0x98, 0x94, 0xb9, 0x09, 0x3a, 0x74,
+	0x2c, 0x5d, 0x3d, 0xd0, 0x32, 0x1c, 0xe7, 0x0b, 0x63, 0xb6, 0xd5, 0x32, 0x9e, 0x68, 0x28, 0x59,
+	0x1c, 0xfd, 0x42, 0x37, 0x0a, 0xce, 0xea, 0x87, 0x9e, 0x83, 0x61, 0xd5, 0xbc, 0xb8, 0x20, 0x8e,
+	0xd6, 0x94, 0x6b, 0x4f, 0x91, 0x59, 0xac, 0x63, 0x13, 0x0f, 0xbd, 0x0b, 0x1e, 0xd4, 0x7f, 0x79,
+	0xc6, 0x38, 0x3f, 0x6f, 0x5e, 0x10, 0x15, 0x40, 0xd5, 0xdd, 0x5b, 0x17, 0x32, 0xd1, 0xea, 0xb8,
+	0x57, 0x7f, 0xb4, 0x0e, 0xa7, 0x15, 0xe8, 0x9c, 0x1f, 0xb3, 0x9c, 0xce, 0x88, 0xcc, 0x39, 0x11,
+	0x8b, 0x9c, 0x00, 0xf6, 0x9c, 0xb6, 0xa0, 0x7e, 0xfa, 0x82, 0x1b, 0x5f, 0xcc, 0xc2, 0xc4, 0x4b,
+	0x78, 0x0f, 0x2a, 0x68, 0x06, 0x2a, 0xc4, 0x77, 0xd6, 0x3d, 0xb2, 0x32, 0xbf, 0x28, 0x76, 0xa4,
+	0x3a, 0x19, 0x40, 0x02, 0xb0, 0xc6, 0x51, 0xe1, 0xec, 0x23, 0xbd, 0xc2, 0xd9, 0xd1, 0x2a, 0x9c,
+	0x68, 0xd4, 0x5a, 0xd4, 0xca, 0x74, 0x6b, 0x64, 0xb6, 0xc6, 0xa2, 0x77, 0xe9, 0x8b, 0xe1, 0x55,
+	0xeb, 0x55, 0x5e, 0xd0, 0x85, 0xf9, 0xd5, 0x2e, 0x1c, 0x9c, 0xd9, 0x93, 0x45, 0x79, 0x87, 0xc1,
+	0x4e, 0x67, 0xf2, 0x78, 0x2a, 0xca, 0x9b, 0x36, 0x62, 0x0e, 0x43, 0x97, 0x00, 0xb1, 0xdc, 0xb8,
+	0x8b, 0x71, 0xdc, 0x52, 0x66, 0xed, 0xe4, 0x89, 0x64, 0x3d, 0xc0, 0xf3, 0x5d, 0x18, 0x38, 0xa3,
+	0x17, 0xb5, 0x7a, 0xfc, 0x80, 0x51, 0x9f, 0x7c, 0x30, 0x69, 0xf5, 0x5c, 0xe1, 0xcd, 0x58, 0xc2,
+	0xd1, 0x4f, 0xc2, 0x64, 0x3b, 0x22, 0x6c, 0xc3, 0x7c, 0x3d, 0x08, 0xb7, 0xbc, 0xc0, 0xa9, 0x2f,
+	0xb2, 0x4b, 0x56, 0xe3, 0xce, 0xe4, 0x24, 0x63, 0x7e, 0x46, 0xf4, 0x9d, 0xbc, 0xda, 0x03, 0x0f,
+	0xf7, 0xa4, 0x90, 0x2e, 0x68, 0x79, 0xaa, 0xcf, 0x82, 0x96, 0xab, 0x70, 0x42, 0xea, 0xb5, 0x95,
+	0xf9, 0x45, 0xf5, 0xd0, 0x93, 0xa7, 0x93, 0xb7, 0xb6, 0x2d, 0x66, 0xe0, 0xe0, 0xcc, 0x9e, 0xf6,
+	0x9f, 0x58, 0x30, 0xaa, 0x24, 0xd8, 0x5d, 0xc8, 0xd1, 0xf5, 0x92, 0x39, 0xba, 0x17, 0x0e, 0xaf,
+	0x03, 0xd8, 0xc8, 0x7b, 0x64, 0x94, 0x7c, 0x76, 0x14, 0x40, 0xeb, 0x09, 0xa5, 0xa2, 0xad, 0x9e,
+	0x2a, 0xfa, 0xbe, 0x95, 0xd1, 0x59, 0x05, 0x0a, 0x4b, 0xf7, 0xb6, 0x40, 0x61, 0x15, 0x4e, 0xca,
+	0x25, 0xc5, 0x8f, 0x94, 0x2f, 0x06, 0x91, 0x12, 0xf9, 0xc6, 0x35, 0x7c, 0x8b, 0x59, 0x48, 0x38,
+	0xbb, 0x6f, 0xc2, 0xb6, 0x1b, 0xda, 0xd7, 0xb6, 0x53, 0x52, 0x6e, 0x69, 0x43, 0x5e, 0x92, 0x99,
+	0x92, 0x72, 0x4b, 0xe7, 0xab, 0x58, 0xe3, 0x64, 0xab, 0xba, 0x4a, 0x4e, 0xaa, 0x0e, 0x0e, 0xac,
+	0xea, 0xa4, 0xd0, 0x1d, 0xee, 0x29, 0x74, 0xe5, 0xd1, 0xd5, 0x48, 0xcf, 0xa3, 0xab, 0x77, 0xc2,
+	0x98, 0xeb, 0x6f, 0x92, 0xd0, 0x8d, 0x49, 0x9d, 0x7d, 0x0b, 0x4c, 0x20, 0x97, 0xb5, 0xa1, 0xb3,
+	0x98, 0x80, 0xe2, 0x14, 0x76, 0x52, 0x53, 0x8c, 0xf5, 0xa1, 0x29, 0x7a, 0xe8, 0xe7, 0xf1, 0x7c,
+	0xf4, 0xf3, 0xb1, 0xc3, 0xeb, 0xe7, 0x89, 0x23, 0xd5, 0xcf, 0x28, 0x17, 0xfd, 0xdc, 0x97, 0xea,
+	0x33, 0x36, 0xe9, 0x27, 0xf6, 0xd9, 0xa4, 0xf7, 0x52, 0xce, 0x27, 0xef, 0x58, 0x39, 0x67, 0xeb,
+	0xdd, 0x07, 0xde, 0xd4, 0xbb, 0xb9, 0xe8, 0xdd, 0x8f, 0x15, 0xe0, 0xa4, 0xd6, 0x4c, 0x54, 0x1e,
+	0xb8, 0x1b, 0x54, 0x36, 0xb3, 0x9b, 0xa7, 0xf9, 0x81, 0xb7, 0x91, 0x19, 0xae, 0x73, 0xe3, 0x15,
+	0x04, 0x1b, 0x58, 0x2c, 0xc1, 0x9a, 0x84, 0xec, 0xce, 0x93, 0xb4, 0xda, 0x9a, 0x17, 0xed, 0x58,
+	0x61, 0xd0, 0x49, 0xa0, 0xbf, 0x45, 0x7d, 0x8f, 0x74, 0x35, 0xed, 0x79, 0x0d, 0xc2, 0x26, 0x1e,
+	0x7a, 0x82, 0x33, 0x61, 0x22, 0x93, 0xaa, 0xae, 0x11, 0xbe, 0xad, 0x54, 0x52, 0x52, 0x41, 0xe5,
+	0x70, 0x58, 0x01, 0x80, 0x52, 0xf7, 0x70, 0x58, 0xec, 0xa8, 0xc2, 0xb0, 0xff, 0x87, 0x05, 0xa7,
+	0x32, 0xa7, 0xe2, 0x2e, 0x98, 0x23, 0x3b, 0x49, 0x73, 0xa4, 0x9a, 0xd7, 0x96, 0xd4, 0x78, 0x8a,
+	0x1e, 0xa6, 0xc9, 0x7f, 0xb0, 0x60, 0x4c, 0xe3, 0xdf, 0x85, 0x47, 0x75, 0x93, 0x8f, 0x9a, 0xdf,
+	0xee, 0xbb, 0xd2, 0xf5, 0x6c, 0xbf, 0x5b, 0x00, 0x55, 0xe1, 0x7e, 0xb6, 0x26, 0xef, 0x0f, 0xd9,
+	0x27, 0x04, 0xa3, 0x03, 0x83, 0x2c, 0x82, 0x24, 0xca, 0x27, 0x3a, 0x2e, 0xc9, 0x9f, 0x45, 0xa3,
+	0xe8, 0x03, 0x3d, 0xf6, 0x37, 0xc2, 0x82, 0x21, 0xbb, 0x91, 0x87, 0x17, 0x0f, 0xaf, 0x8b, 0x3c,
+	0x61, 0x7d, 0x23, 0x8f, 0x68, 0xc7, 0x0a, 0x83, 0x2a, 0x4c, 0xb7, 0x16, 0xf8, 0xf3, 0x9e, 0x13,
+	0x45, 0xc2, 0x86, 0x53, 0x0a, 0x73, 0x51, 0x02, 0xb0, 0xc6, 0x61, 0xc1, 0x25, 0x6e, 0xd4, 0xf2,
+	0x9c, 0x8e, 0xe1, 0x63, 0x31, 0xea, 0x58, 0x29, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0x26, 0x1f,
+	0x62, 0x81, 0x6c, 0xb0, 0xc8, 0xee, 0xbe, 0xa6, 0x73, 0x06, 0x2a, 0x0e, 0xeb, 0xb5, 0xd4, 0x76,
+	0x84, 0x4c, 0xd0, 0xf1, 0xcd, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0x4f, 0x2c, 0x38, 0x9e, 0x31, 0x69,
+	0x39, 0xe6, 0x61, 0xc7, 0x5a, 0xda, 0x64, 0x99, 0x3a, 0x3f, 0x00, 0x43, 0x75, 0xb2, 0xe1, 0xc8,
+	0xd8, 0x61, 0x33, 0xd5, 0x80, 0x37, 0x63, 0x09, 0xb7, 0x7f, 0xb3, 0x00, 0xe3, 0xc9, 0xb1, 0x46,
+	0x2c, 0xb7, 0x91, 0x4f, 0x93, 0x1b, 0xd5, 0x82, 0x6d, 0x12, 0x76, 0xe8, 0x93, 0x5b, 0xa9, 0xdc,
+	0xc6, 0x2e, 0x0c, 0x9c, 0xd1, 0x8b, 0xdd, 0x6f, 0x51, 0x57, 0xb3, 0x2d, 0x57, 0xe4, 0xb5, 0x3c,
+	0x57, 0xa4, 0x7e, 0x99, 0x66, 0x9c, 0x91, 0x62, 0x89, 0x4d, 0xfe, 0xd4, 0xe4, 0x62, 0xc9, 0x22,
+	0x73, 0x6d, 0xd7, 0x8b, 0x5d, 0x5f, 0x3c, 0xb2, 0x58, 0xab, 0xca, 0xe4, 0x5a, 0xee, 0x46, 0xc1,
+	0x59, 0xfd, 0xec, 0x6f, 0x0f, 0x80, 0xaa, 0x31, 0xc2, 0xe2, 0x40, 0x73, 0x8a, 0xa2, 0x3d, 0x68,
+	0x86, 0xac, 0x5a, 0x5b, 0x03, 0x7b, 0x05, 0x66, 0x71, 0xc7, 0x9c, 0xe9, 0xc1, 0x57, 0x13, 0xb6,
+	0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x23, 0xf1, 0xdc, 0x6d, 0xc2, 0x3b, 0x0d, 0x26, 0x47, 0xb2, 0x24,
+	0x01, 0x58, 0xe3, 0xb0, 0x72, 0xd6, 0xee, 0xc6, 0x86, 0xf0, 0x32, 0xe9, 0x72, 0xd6, 0xee, 0xc6,
+	0x06, 0x66, 0x10, 0x7e, 0x03, 0x52, 0xb0, 0x25, 0xb6, 0x19, 0xc6, 0x0d, 0x48, 0xc1, 0x16, 0x66,
+	0x10, 0xfa, 0x96, 0xfc, 0x20, 0x6c, 0x3a, 0x9e, 0xfb, 0x1a, 0xa9, 0x2b, 0x2e, 0x62, 0x7b, 0xa1,
+	0xde, 0xd2, 0x95, 0x6e, 0x14, 0x9c, 0xd5, 0x8f, 0x2e, 0xe8, 0x56, 0x48, 0xea, 0x6e, 0x2d, 0x36,
+	0xa9, 0x41, 0x72, 0x41, 0xaf, 0x76, 0x61, 0xe0, 0x8c, 0x5e, 0x68, 0x16, 0xc6, 0x65, 0x8d, 0x18,
+	0x59, 0x57, 0x71, 0x38, 0x59, 0x9c, 0x0d, 0x27, 0xc1, 0x38, 0x8d, 0x4f, 0x85, 0x64, 0x53, 0x54,
+	0x85, 0x65, 0xbb, 0x11, 0x43, 0x48, 0xca, 0x6a, 0xb1, 0x58, 0x61, 0xd8, 0x1f, 0x2a, 0x52, 0xa5,
+	0xde, 0xa3, 0xf8, 0xf2, 0x5d, 0x8b, 0xda, 0x4e, 0xae, 0xc8, 0x81, 0x3e, 0x56, 0xe4, 0xb3, 0x30,
+	0x72, 0x23, 0x0a, 0x7c, 0x15, 0x11, 0x5d, 0xea, 0x19, 0x11, 0x6d, 0x60, 0x65, 0x47, 0x44, 0x0f,
+	0xe6, 0x15, 0x11, 0x3d, 0x74, 0x87, 0x11, 0xd1, 0xff, 0xaa, 0x04, 0xea, 0x8a, 0xcb, 0x2b, 0x24,
+	0xbe, 0x19, 0x84, 0x5b, 0xae, 0xdf, 0x60, 0xf5, 0x4e, 0xbe, 0x68, 0xc9, 0x92, 0x29, 0x4b, 0x66,
+	0xa6, 0xf0, 0x46, 0x4e, 0xd7, 0x14, 0x26, 0x98, 0x4d, 0xaf, 0x19, 0x8c, 0x78, 0x64, 0x4d, 0xaa,
+	0x34, 0x8b, 0x38, 0x34, 0x48, 0x8c, 0x08, 0xbd, 0x1f, 0x40, 0xba, 0xe4, 0x37, 0xa4, 0x04, 0x5e,
+	0xcc, 0x67, 0x7c, 0x98, 0x6c, 0x68, 0x93, 0x7a, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0x31, 0x9d,
+	0x45, 0xcd, 0x53, 0xa7, 0xde, 0x7b, 0x24, 0x73, 0xd3, 0x4f, 0x0e, 0x35, 0x86, 0x21, 0xd7, 0x6f,
+	0xd0, 0x75, 0x22, 0x22, 0x47, 0xdf, 0x96, 0x55, 0x4e, 0x6b, 0x29, 0x70, 0xea, 0x73, 0x8e, 0xe7,
+	0xf8, 0x35, 0x12, 0x2e, 0x72, 0x74, 0xad, 0x41, 0x45, 0x03, 0x96, 0x84, 0xba, 0xee, 0xe1, 0x2c,
+	0xf5, 0x73, 0x0f, 0xe7, 0xe9, 0x1f, 0x83, 0x89, 0xae, 0x97, 0x79, 0xa0, 0x94, 0xe9, 0x43, 0x14,
+	0xd2, 0xfa, 0xad, 0x41, 0xad, 0xb4, 0xae, 0x04, 0x75, 0x7e, 0xad, 0x63, 0xa8, 0xdf, 0xa8, 0x30,
+	0x99, 0x73, 0x5c, 0x22, 0x4a, 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xd7, 0x68, 0xcb, 0x09, 0x89,
+	0x7f, 0xd4, 0x6b, 0x74, 0x55, 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x99, 0xc8, 0xed, 0x3b, 0x7f, 0xf8,
+	0xdc, 0x3e, 0x56, 0xdc, 0x34, 0xeb, 0xf6, 0xb3, 0xd7, 0x2d, 0x18, 0xf3, 0x13, 0x2b, 0x37, 0x9f,
+	0x70, 0xfe, 0xec, 0xaf, 0x82, 0xdf, 0x90, 0x9c, 0x6c, 0xc3, 0x29, 0xfe, 0x59, 0x2a, 0xad, 0x74,
+	0x40, 0x95, 0xa6, 0xaf, 0x95, 0x1d, 0xec, 0x75, 0xad, 0x2c, 0xf2, 0xd5, 0x7d, 0xdf, 0x43, 0x79,
+	0x94, 0x23, 0x49, 0x5c, 0xf6, 0x0d, 0x19, 0x17, 0x7d, 0x5f, 0x37, 0x53, 0x7f, 0x0f, 0x7e, 0xef,
+	0xf3, 0x68, 0xaf, 0x14, 0x61, 0xfb, 0x7f, 0x0f, 0xc0, 0x31, 0x39, 0x23, 0x32, 0x15, 0x88, 0xea,
+	0x47, 0xce, 0x57, 0xdb, 0xca, 0x4a, 0x3f, 0x5e, 0x94, 0x00, 0xac, 0x71, 0xa8, 0x3d, 0xd6, 0x8e,
+	0xc8, 0x4a, 0x8b, 0xf8, 0x4b, 0xee, 0x7a, 0x24, 0x8e, 0xdf, 0xd5, 0x87, 0x72, 0x55, 0x83, 0xb0,
+	0x89, 0xc7, 0xf2, 0x93, 0x0d, 0xa3, 0xd5, 0xcc, 0x4f, 0x16, 0x86, 0xaa, 0x84, 0xa3, 0xcf, 0x65,
+	0xde, 0x06, 0x91, 0x4f, 0x02, 0x6d, 0x57, 0x06, 0xd4, 0xc1, 0xae, 0x81, 0x40, 0xff, 0xc0, 0x82,
+	0x93, 0xbc, 0x55, 0xce, 0xe4, 0xd5, 0x56, 0xdd, 0x89, 0x49, 0x94, 0xcf, 0xcd, 0x59, 0x19, 0xe3,
+	0xd3, 0x5e, 0xf4, 0x2c, 0xb6, 0x38, 0x7b, 0x34, 0xe8, 0xd3, 0x16, 0x8c, 0x6f, 0x25, 0x6a, 0x5a,
+	0x49, 0xd5, 0x71, 0xd8, 0x72, 0x33, 0x09, 0xa2, 0xfa, 0x53, 0x4b, 0xb6, 0x47, 0x38, 0xcd, 0xdd,
+	0xfe, 0x4b, 0x0b, 0x4c, 0x31, 0x7a, 0xf7, 0x4b, 0x61, 0x1d, 0xdc, 0x14, 0x94, 0xd6, 0x65, 0xa9,
+	0xa7, 0x75, 0xf9, 0x08, 0x14, 0xdb, 0x6e, 0x5d, 0xec, 0x2f, 0xf4, 0x81, 0xff, 0xe2, 0x02, 0xa6,
+	0xed, 0xf6, 0xb7, 0x4a, 0xda, 0x0d, 0x22, 0xf2, 0x53, 0xbf, 0x27, 0x1e, 0x7b, 0x43, 0xd5, 0xb8,
+	0xe5, 0x4f, 0x7e, 0xa5, 0xab, 0xc6, 0xed, 0x8f, 0x1c, 0x3c, 0xfd, 0x98, 0x4f, 0x50, 0xaf, 0x12,
+	0xb7, 0x43, 0xfb, 0xe4, 0x1e, 0xdf, 0x80, 0x32, 0xdd, 0x82, 0x31, 0x7f, 0x66, 0x39, 0x31, 0xa8,
+	0xf2, 0x45, 0xd1, 0x7e, 0x7b, 0x77, 0xea, 0x87, 0x0f, 0x3e, 0x2c, 0xd9, 0x1b, 0x2b, 0xfa, 0x28,
+	0x82, 0x0a, 0xfd, 0xcd, 0xd2, 0xa4, 0xc5, 0xe6, 0xee, 0xaa, 0x92, 0x99, 0x12, 0x90, 0x4b, 0x0e,
+	0xb6, 0xe6, 0x83, 0x7c, 0xa8, 0x50, 0x44, 0xce, 0x94, 0xef, 0x01, 0x57, 0x55, 0xb2, 0xb2, 0x04,
+	0xdc, 0xde, 0x9d, 0x7a, 0xe1, 0xe0, 0x4c, 0x55, 0x77, 0xac, 0x59, 0x18, 0xaa, 0x71, 0xb8, 0xe7,
+	0x8d, 0xeb, 0xff, 0x67, 0x40, 0xaf, 0x6f, 0x51, 0xfe, 0xf8, 0x7b, 0x62, 0x7d, 0x3f, 0x9f, 0x5a,
+	0xdf, 0x67, 0xba, 0xd6, 0xf7, 0x18, 0x9d, 0xb3, 0x8c, 0xa2, 0xcc, 0x77, 0xdb, 0x58, 0xd8, 0xdf,
+	0x27, 0xc1, 0xac, 0xa4, 0x57, 0xdb, 0x6e, 0x48, 0xa2, 0xd5, 0xb0, 0xed, 0xbb, 0x7e, 0x83, 0x2d,
+	0xd9, 0xb2, 0x69, 0x25, 0x25, 0xc0, 0x38, 0x8d, 0x4f, 0x37, 0xfe, 0x74, 0x5d, 0x5c, 0x77, 0xb6,
+	0xf9, 0xca, 0x33, 0x4a, 0x4f, 0x56, 0x45, 0x3b, 0x56, 0x18, 0x68, 0x13, 0x1e, 0x96, 0x04, 0x16,
+	0x88, 0x47, 0xe8, 0x03, 0xb1, 0x40, 0xc6, 0xb0, 0xc9, 0xd3, 0x0c, 0x78, 0x2c, 0xca, 0x5b, 0x05,
+	0x85, 0x87, 0xf1, 0x1e, 0xb8, 0x78, 0x4f, 0x4a, 0xf6, 0x97, 0x58, 0xe8, 0x82, 0x51, 0x2d, 0x82,
+	0xae, 0x3e, 0xcf, 0x6d, 0xba, 0xb2, 0x42, 0xa6, 0x5a, 0x7d, 0x4b, 0xb4, 0x11, 0x73, 0x18, 0xba,
+	0x09, 0x43, 0xeb, 0xfc, 0x26, 0xf6, 0x7c, 0x6e, 0x40, 0x12, 0xd7, 0xba, 0xb3, 0xea, 0xd8, 0xf2,
+	0x8e, 0xf7, 0xdb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xaf, 0x97, 0x60, 0x5c, 0x86, 0x97, 0x5d, 0x74,
+	0x23, 0x16, 0x91, 0x60, 0x5e, 0x19, 0x50, 0xd8, 0xf7, 0xca, 0x80, 0xf7, 0x00, 0xd4, 0x49, 0xcb,
+	0x0b, 0x3a, 0xcc, 0x38, 0x1c, 0x38, 0xb0, 0x71, 0xa8, 0xf6, 0x13, 0x0b, 0x8a, 0x0a, 0x36, 0x28,
+	0x8a, 0xb2, 0xa0, 0xfc, 0x06, 0x82, 0x54, 0x59, 0x50, 0xe3, 0x9e, 0xb4, 0xc1, 0xbb, 0x7b, 0x4f,
+	0x9a, 0x0b, 0xe3, 0x7c, 0x88, 0xaa, 0x26, 0xc3, 0x1d, 0x94, 0x5e, 0x60, 0x59, 0x6d, 0x0b, 0x49,
+	0x32, 0x38, 0x4d, 0xd7, 0xbc, 0x04, 0xad, 0x7c, 0xb7, 0x2f, 0x41, 0x7b, 0x3b, 0x54, 0xe4, 0x7b,
+	0x8e, 0x26, 0x2b, 0xba, 0x5e, 0x90, 0x5c, 0x06, 0x11, 0xd6, 0xf0, 0xae, 0xf2, 0x32, 0x70, 0xaf,
+	0xca, 0xcb, 0xd8, 0xaf, 0x17, 0xe9, 0xae, 0x82, 0x8f, 0xeb, 0xc0, 0x77, 0x08, 0x5e, 0x34, 0xee,
+	0x10, 0x3c, 0xd8, 0xfb, 0x2c, 0xa7, 0xee, 0x1a, 0x7c, 0x18, 0x06, 0x62, 0xa7, 0x21, 0x93, 0x70,
+	0x19, 0x74, 0xcd, 0x69, 0x44, 0x98, 0xb5, 0x1e, 0xa4, 0x8a, 0xf2, 0x0b, 0x30, 0x1a, 0xb9, 0x0d,
+	0xdf, 0x89, 0xdb, 0x21, 0x31, 0xce, 0x2f, 0x75, 0x90, 0x8e, 0x09, 0xc4, 0x49, 0x5c, 0xf4, 0x61,
+	0x0b, 0x20, 0x24, 0x6a, 0xcf, 0x32, 0x98, 0xc7, 0x1a, 0x52, 0x62, 0x40, 0xd2, 0x35, 0xcb, 0x82,
+	0xa8, 0xbd, 0x8a, 0xc1, 0xd6, 0xfe, 0xa8, 0x05, 0x13, 0x5d, 0xbd, 0x50, 0x0b, 0x06, 0x6b, 0xec,
+	0xa6, 0xc7, 0x7c, 0xea, 0x4e, 0x26, 0x6f, 0x8d, 0xe4, 0xca, 0x89, 0xb7, 0x61, 0xc1, 0xc7, 0xfe,
+	0xca, 0x08, 0x9c, 0xa8, 0xce, 0x2f, 0xcb, 0x7b, 0x7f, 0x8e, 0x2c, 0xab, 0x38, 0x8b, 0xc7, 0xdd,
+	0xcb, 0x2a, 0xee, 0xc1, 0xdd, 0x33, 0xb2, 0x8a, 0x3d, 0x23, 0xab, 0x38, 0x99, 0xe2, 0x59, 0xcc,
+	0x23, 0xc5, 0x33, 0x6b, 0x04, 0xfd, 0xa4, 0x78, 0x1e, 0x59, 0x9a, 0xf1, 0x9e, 0x03, 0x3a, 0x50,
+	0x9a, 0xb1, 0xca, 0xc1, 0xce, 0x25, 0xa3, 0xac, 0xc7, 0xab, 0xca, 0xcc, 0xc1, 0x56, 0xf9, 0xaf,
+	0x3c, 0x5b, 0x52, 0x28, 0xbd, 0x97, 0xf3, 0x1f, 0x40, 0x1f, 0xf9, 0xaf, 0x22, 0x61, 0xd3, 0xcc,
+	0xb9, 0x1e, 0xca, 0x23, 0xe7, 0x3a, 0x6b, 0x38, 0xfb, 0xe6, 0x5c, 0xbf, 0x00, 0xa3, 0x35, 0x2f,
+	0xf0, 0xc9, 0x6a, 0x18, 0xc4, 0x41, 0x2d, 0x90, 0xf7, 0x6a, 0xeb, 0x2b, 0x12, 0x4d, 0x20, 0x4e,
+	0xe2, 0xf6, 0x4a, 0xd8, 0xae, 0x1c, 0x36, 0x61, 0x1b, 0xee, 0x51, 0xc2, 0xb6, 0x91, 0x92, 0x3c,
+	0x9c, 0x47, 0x4a, 0x72, 0xd6, 0x1b, 0xe9, 0x2b, 0x25, 0xf9, 0x0d, 0x7e, 0xad, 0x3c, 0xdd, 0x8c,
+	0x70, 0x29, 0xcc, 0x8e, 0xe8, 0x86, 0xcf, 0xbe, 0x72, 0x04, 0x0b, 0xf6, 0x7a, 0x55, 0xb3, 0x51,
+	0x57, 0xcd, 0xeb, 0x26, 0x9c, 0x1c, 0xc8, 0x61, 0xd2, 0x98, 0x3f, 0x5f, 0x80, 0xef, 0xdb, 0x77,
+	0x08, 0xe8, 0x26, 0x40, 0xec, 0x34, 0xc4, 0x42, 0x15, 0x07, 0x59, 0x87, 0x8c, 0x2b, 0x5e, 0x93,
+	0xf4, 0x44, 0x8a, 0x9d, 0x22, 0x8f, 0x0d, 0x56, 0x2c, 0x9c, 0x38, 0xf0, 0xba, 0x4a, 0x46, 0xe3,
+	0xc0, 0x23, 0x98, 0x41, 0xa8, 0x21, 0x14, 0x92, 0x06, 0x35, 0xee, 0x8b, 0x49, 0x43, 0x08, 0xb3,
+	0x56, 0x2c, 0xa0, 0xe8, 0x39, 0x18, 0x76, 0x3c, 0x8f, 0xa7, 0xfb, 0x91, 0x48, 0xdc, 0x5d, 0xaa,
+	0x6b, 0xd7, 0x6a, 0x10, 0x36, 0xf1, 0xec, 0xbf, 0x28, 0xc0, 0xd4, 0x3e, 0x32, 0xa5, 0x2b, 0xcd,
+	0xbb, 0xd4, 0x77, 0x9a, 0xb7, 0x48, 0x57, 0x1a, 0xec, 0x91, 0xae, 0xf4, 0x1c, 0x0c, 0xc7, 0xc4,
+	0x69, 0x8a, 0x48, 0xc4, 0x74, 0x49, 0xc6, 0x35, 0x0d, 0xc2, 0x26, 0x1e, 0x95, 0x62, 0x63, 0x4e,
+	0xad, 0x46, 0xa2, 0x48, 0xe6, 0x23, 0x09, 0x2f, 0x77, 0x6e, 0xc9, 0x4e, 0xec, 0xf0, 0x60, 0x36,
+	0xc1, 0x02, 0xa7, 0x58, 0xa6, 0x27, 0xbc, 0xd2, 0xe7, 0x84, 0xff, 0x72, 0x01, 0x1e, 0xd9, 0x53,
+	0xbb, 0xf5, 0x9d, 0x2a, 0xd6, 0x8e, 0x48, 0x98, 0x5e, 0x38, 0x57, 0x23, 0x12, 0x62, 0x06, 0xe1,
+	0xb3, 0xd4, 0x6a, 0xa9, 0x28, 0xf2, 0xfc, 0x73, 0x2b, 0xf9, 0x2c, 0x25, 0x58, 0xe0, 0x14, 0xcb,
+	0x3b, 0x5d, 0x96, 0x5f, 0x1f, 0x80, 0xc7, 0xfa, 0xb0, 0x01, 0x72, 0xcc, 0x41, 0x4d, 0xe6, 0x57,
+	0x17, 0xef, 0x51, 0x7e, 0xf5, 0x9d, 0x4d, 0xd7, 0x9b, 0x69, 0xd9, 0x7d, 0xe5, 0xba, 0x7e, 0xa9,
+	0x00, 0xa7, 0x7b, 0x1b, 0x2c, 0xe8, 0x47, 0x61, 0x3c, 0x54, 0x21, 0x89, 0x66, 0x6a, 0xf6, 0x71,
+	0xee, 0xe3, 0x4a, 0x80, 0x70, 0x1a, 0x17, 0x4d, 0x03, 0xb4, 0x9c, 0x78, 0x33, 0x3a, 0xb7, 0xe3,
+	0x46, 0xb1, 0xa8, 0x65, 0x37, 0xc6, 0x4f, 0x5e, 0x65, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f,
+	0x21, 0xb8, 0x12, 0xc4, 0xbc, 0x13, 0xdf, 0x7a, 0x1e, 0x97, 0x17, 0x1d, 0x1a, 0x20, 0x9c, 0xc6,
+	0xa5, 0xec, 0xd8, 0xd9, 0x3e, 0x1f, 0xe8, 0x80, 0x4e, 0xe6, 0x5e, 0x52, 0xad, 0xd8, 0xc0, 0x48,
+	0x27, 0x9d, 0x97, 0xf6, 0x4f, 0x3a, 0xb7, 0xff, 0x45, 0x01, 0x4e, 0xf5, 0x34, 0x78, 0xfb, 0x13,
+	0x53, 0xf7, 0x5f, 0xe2, 0xf7, 0x1d, 0x7e, 0x61, 0x07, 0x4a, 0x18, 0xb6, 0xff, 0xb4, 0xc7, 0x4a,
+	0x13, 0xc9, 0xc0, 0x77, 0x5e, 0x37, 0xe5, 0xfe, 0x9b, 0xcf, 0xae, 0xfc, 0xdf, 0x81, 0x03, 0xe4,
+	0xff, 0xa6, 0x5e, 0x46, 0xa9, 0x4f, 0xed, 0xf0, 0x5f, 0x06, 0x7a, 0x4e, 0x2f, 0xdd, 0x20, 0xf7,
+	0x75, 0x82, 0xb0, 0x00, 0xc7, 0x5c, 0x9f, 0x5d, 0x5d, 0x5b, 0x6d, 0xaf, 0x8b, 0xf2, 0x66, 0xbc,
+	0x86, 0xaf, 0xca, 0xbe, 0x59, 0x4c, 0xc1, 0x71, 0x57, 0x8f, 0xfb, 0x30, 0x1f, 0xfb, 0xce, 0xa6,
+	0xf4, 0x80, 0x92, 0x7b, 0x05, 0x4e, 0xca, 0xa9, 0xd8, 0x74, 0x42, 0x52, 0x17, 0xca, 0x36, 0x12,
+	0xf9, 0x56, 0xa7, 0x78, 0xce, 0x56, 0x06, 0x02, 0xce, 0xee, 0xc7, 0xee, 0x19, 0x0d, 0x5a, 0x6e,
+	0x4d, 0x6c, 0x05, 0xf5, 0x3d, 0xa3, 0xb4, 0x11, 0x73, 0x98, 0xd6, 0x17, 0x95, 0xbb, 0xa3, 0x2f,
+	0xde, 0x03, 0x15, 0x35, 0xdf, 0x3c, 0xa7, 0x42, 0x2d, 0xf2, 0xae, 0x9c, 0x0a, 0xb5, 0xc2, 0x0d,
+	0xac, 0xfd, 0xae, 0xf3, 0x7f, 0x06, 0x46, 0x94, 0x2f, 0xb0, 0xdf, 0xdb, 0x5e, 0xed, 0xff, 0x5b,
+	0x80, 0xd4, 0xc5, 0x66, 0x68, 0x07, 0x2a, 0x75, 0x79, 0xa1, 0x7e, 0x3e, 0x35, 0xa4, 0xd5, 0xfd,
+	0xfc, 0xfa, 0x20, 0x4c, 0x35, 0x61, 0xcd, 0x0c, 0xbd, 0x8f, 0x97, 0x6b, 0x16, 0xac, 0x0b, 0x79,
+	0xe4, 0xe4, 0x57, 0x15, 0x3d, 0xf3, 0x3a, 0x47, 0xd9, 0x86, 0x0d, 0x7e, 0x28, 0x86, 0xca, 0xa6,
+	0xbc, 0xc0, 0x2d, 0x1f, 0x71, 0xa7, 0xee, 0x83, 0xe3, 0x26, 0x9a, 0xfa, 0x8b, 0x35, 0x23, 0xfb,
+	0x4f, 0x0a, 0x70, 0x22, 0xf9, 0x02, 0xc4, 0xc1, 0xe5, 0xaf, 0x5a, 0xf0, 0xa0, 0xe7, 0x44, 0x71,
+	0xb5, 0xcd, 0x36, 0x0a, 0x1b, 0x6d, 0x6f, 0x25, 0x55, 0xd9, 0xfb, 0xb0, 0xce, 0x16, 0x45, 0x38,
+	0x7d, 0xe1, 0xdf, 0xdc, 0x43, 0xb7, 0x76, 0xa7, 0x1e, 0x5c, 0xca, 0x66, 0x8e, 0x7b, 0x8d, 0x0a,
+	0xbd, 0x6e, 0xc1, 0xb1, 0x5a, 0x3b, 0x0c, 0x89, 0x1f, 0xeb, 0xa1, 0xf2, 0xb7, 0x78, 0x25, 0x97,
+	0x89, 0xd4, 0x03, 0x3c, 0x41, 0x05, 0xea, 0x7c, 0x8a, 0x17, 0xee, 0xe2, 0x6e, 0xff, 0x02, 0xd5,
+	0x9c, 0x3d, 0x9f, 0xf3, 0xaf, 0xd9, 0x0d, 0x85, 0x7f, 0x36, 0x08, 0xa3, 0x89, 0xf2, 0xe5, 0x89,
+	0xc3, 0x3e, 0x6b, 0xdf, 0xc3, 0x3e, 0x96, 0x21, 0xd8, 0xf6, 0xe5, 0xe5, 0xed, 0x46, 0x86, 0x60,
+	0xdb, 0x27, 0x98, 0xc3, 0xc4, 0x94, 0xe2, 0xb6, 0x2f, 0x72, 0x01, 0xcc, 0x29, 0xc5, 0x6d, 0x1f,
+	0x0b, 0x28, 0xfa, 0xa0, 0x05, 0x23, 0xec, 0xe3, 0x13, 0x47, 0xa5, 0x42, 0xa1, 0x5d, 0xca, 0xe1,
+	0x73, 0x97, 0xa5, 0xfa, 0x59, 0xec, 0xa8, 0xd9, 0x82, 0x13, 0x1c, 0xd1, 0x47, 0x2c, 0xa8, 0xa8,
+	0x9b, 0x62, 0xc5, 0xd9, 0x48, 0x35, 0xdf, 0xea, 0xf0, 0x29, 0xa9, 0xa7, 0xca, 0x74, 0x63, 0xcd,
+	0x18, 0x45, 0xea, 0x1c, 0x73, 0xe8, 0x68, 0xce, 0x31, 0x21, 0xe3, 0x0c, 0xf3, 0xed, 0x50, 0x69,
+	0x3a, 0xbe, 0xbb, 0x41, 0xa2, 0x98, 0x1f, 0x2d, 0xca, 0xcb, 0x40, 0x64, 0x23, 0xd6, 0x70, 0x6a,
+	0xec, 0x47, 0xec, 0xc1, 0x62, 0xe3, 0x2c, 0x90, 0x19, 0xfb, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xf3,
+	0xe0, 0x12, 0xee, 0xe9, 0xc1, 0xe5, 0xf0, 0x3e, 0x07, 0x97, 0x55, 0x38, 0xe9, 0xb4, 0xe3, 0xe0,
+	0x22, 0x71, 0xbc, 0xd9, 0x38, 0x26, 0xcd, 0x56, 0x1c, 0xf1, 0x8a, 0xf7, 0x23, 0xcc, 0x05, 0xac,
+	0xa2, 0xdd, 0xaa, 0xc4, 0xdb, 0xe8, 0x42, 0xc2, 0xd9, 0x7d, 0xed, 0x7f, 0x66, 0xc1, 0xc9, 0xcc,
+	0xa5, 0x70, 0xff, 0xe6, 0x19, 0xd8, 0x9f, 0x29, 0xc1, 0xf1, 0x8c, 0xcb, 0x0d, 0x50, 0xc7, 0xfc,
+	0x48, 0xac, 0x3c, 0x42, 0xf6, 0x92, 0x11, 0x68, 0xf2, 0xdd, 0x64, 0x7c, 0x19, 0x07, 0x8b, 0x45,
+	0xd0, 0xf1, 0x00, 0xc5, 0xbb, 0x1b, 0x0f, 0x60, 0xac, 0xf5, 0x81, 0x7b, 0xba, 0xd6, 0x4b, 0xfb,
+	0xac, 0xf5, 0x2f, 0x5b, 0x30, 0xd9, 0xec, 0x71, 0x53, 0x99, 0x38, 0x4f, 0xba, 0x76, 0x34, 0xf7,
+	0xa0, 0xcd, 0x3d, 0x7c, 0x6b, 0x77, 0xaa, 0xe7, 0x05, 0x71, 0xb8, 0xe7, 0xa8, 0xec, 0x6f, 0x17,
+	0x81, 0xd9, 0x6b, 0xac, 0x80, 0x75, 0x07, 0x7d, 0xc0, 0xbc, 0x23, 0xc5, 0xca, 0xeb, 0x3e, 0x0f,
+	0x4e, 0x5c, 0xdd, 0xb1, 0xc2, 0x67, 0x30, 0xeb, 0xca, 0x95, 0xb4, 0x24, 0x2c, 0xf4, 0x21, 0x09,
+	0x3d, 0x79, 0x19, 0x4d, 0x31, 0xff, 0xcb, 0x68, 0x2a, 0xe9, 0x8b, 0x68, 0xf6, 0x7e, 0xc5, 0x03,
+	0xf7, 0xe5, 0x2b, 0xfe, 0x6d, 0x8b, 0x0b, 0x9e, 0xd4, 0x5b, 0xd0, 0xe6, 0x86, 0xb5, 0x87, 0xb9,
+	0xf1, 0x24, 0x94, 0x23, 0x21, 0x99, 0x85, 0x59, 0xa2, 0x43, 0xc1, 0x44, 0x3b, 0x56, 0x18, 0x74,
+	0xd7, 0xe5, 0x78, 0x5e, 0x70, 0xf3, 0x5c, 0xb3, 0x15, 0x77, 0x84, 0x81, 0xa2, 0xb6, 0x05, 0xb3,
+	0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x18, 0x0c, 0xf2, 0x4a, 0x13, 0xc2, 0xb9, 0x33, 0x4c, 0xbf, 0x43,
+	0x5e, 0x86, 0xa2, 0x8e, 0x05, 0xc8, 0xde, 0x04, 0x63, 0x57, 0x71, 0xe7, 0xb7, 0x3f, 0xab, 0x7b,
+	0x68, 0x0b, 0xbd, 0xee, 0xa1, 0xb5, 0xff, 0x5e, 0x41, 0xb0, 0xe2, 0xbb, 0x04, 0x1d, 0x19, 0x68,
+	0x1d, 0x30, 0x32, 0xf0, 0x7d, 0x00, 0xb5, 0xa0, 0xd9, 0xa2, 0xfb, 0xe6, 0xb5, 0x20, 0x9f, 0xcd,
+	0xd6, 0xbc, 0xa2, 0xa7, 0x67, 0x55, 0xb7, 0x61, 0x83, 0x5f, 0x42, 0xb4, 0x17, 0xf7, 0x15, 0xed,
+	0x09, 0x29, 0x37, 0xb0, 0xb7, 0x94, 0xb3, 0xff, 0xc2, 0x82, 0x84, 0xd5, 0x87, 0x5a, 0x50, 0xa2,
+	0xc3, 0xed, 0x08, 0x81, 0xb1, 0x92, 0x9f, 0x89, 0x49, 0x25, 0xb5, 0xf8, 0x0a, 0xd9, 0x4f, 0xcc,
+	0x19, 0x21, 0x4f, 0x44, 0x41, 0xe6, 0xb2, 0xf9, 0x31, 0x19, 0x5e, 0x0c, 0x82, 0x2d, 0x1e, 0x4c,
+	0xa4, 0x23, 0x2a, 0xed, 0xe7, 0x61, 0xa2, 0x6b, 0x50, 0xec, 0xc6, 0xe8, 0x40, 0xee, 0xe0, 0x8d,
+	0xaf, 0x87, 0x15, 0x7c, 0xc0, 0x1c, 0x66, 0x7f, 0xc9, 0x82, 0x63, 0x69, 0xf2, 0xe8, 0x0d, 0x0b,
+	0x26, 0xa2, 0x34, 0xbd, 0xa3, 0x9a, 0x3b, 0x95, 0xed, 0xd0, 0x05, 0xc2, 0xdd, 0x83, 0xb0, 0xff,
+	0xbb, 0xd0, 0x06, 0xd7, 0x5d, 0xbf, 0x1e, 0xdc, 0x54, 0x76, 0x92, 0xd5, 0xd3, 0x4e, 0xa2, 0xe2,
+	0xa1, 0xb6, 0x49, 0xea, 0x6d, 0xaf, 0xab, 0x0c, 0x45, 0x55, 0xb4, 0x63, 0x85, 0xc1, 0xb2, 0xee,
+	0xdb, 0x62, 0xdf, 0x9a, 0x5a, 0x94, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xf4, 0x2c, 0x8c, 0x18, 0x0f,
+	0x29, 0xd7, 0x25, 0xdb, 0x74, 0x18, 0x1a, 0x3c, 0xc2, 0x09, 0x2c, 0x34, 0x0d, 0xa0, 0x6c, 0x2e,
+	0xa9, 0xb1, 0x99, 0xa3, 0x5d, 0x09, 0xc6, 0x08, 0x1b, 0x18, 0xac, 0xc6, 0x85, 0xd7, 0x8e, 0xd8,
+	0x49, 0xf2, 0xa0, 0xbe, 0xd0, 0x61, 0x5e, 0xb4, 0x61, 0x05, 0xa5, 0xc2, 0xad, 0xe9, 0xf8, 0x6d,
+	0xc7, 0xa3, 0x33, 0x24, 0x5c, 0x67, 0xea, 0x33, 0x5c, 0x56, 0x10, 0x6c, 0x60, 0xd1, 0x27, 0x8e,
+	0xdd, 0x26, 0x79, 0x29, 0xf0, 0x65, 0x94, 0xba, 0x0e, 0x2e, 0x10, 0xed, 0x58, 0x61, 0xa0, 0xe7,
+	0x61, 0xd8, 0xf1, 0xeb, 0xdc, 0x40, 0x0c, 0x42, 0x71, 0x46, 0xa9, 0x76, 0x9f, 0x57, 0x23, 0x32,
+	0xab, 0xa1, 0xd8, 0x44, 0x4d, 0xdf, 0x66, 0x01, 0x7d, 0xde, 0x96, 0xf7, 0xe7, 0x16, 0x8c, 0xeb,
+	0xa2, 0x45, 0xcc, 0xc3, 0x96, 0x70, 0x2d, 0x5a, 0xfb, 0xba, 0x16, 0x93, 0xb5, 0x4b, 0x0a, 0x7d,
+	0xd5, 0x2e, 0x31, 0xcb, 0x8a, 0x14, 0xf7, 0x2c, 0x2b, 0xf2, 0xfd, 0x30, 0xb4, 0x45, 0x3a, 0x46,
+	0xfd, 0x11, 0xa6, 0x1c, 0x2e, 0xf3, 0x26, 0x2c, 0x61, 0xc8, 0x86, 0xc1, 0x9a, 0xa3, 0x6a, 0x18,
+	0x8e, 0x88, 0xd8, 0xb4, 0x59, 0x86, 0x24, 0x20, 0xf6, 0x0a, 0x54, 0xd4, 0xa1, 0xbe, 0xf4, 0xf4,
+	0x59, 0xd9, 0x9e, 0xbe, 0xbe, 0xca, 0x1b, 0xcc, 0xad, 0x7f, 0xed, 0x3b, 0x8f, 0xbe, 0xe5, 0x0f,
+	0xbf, 0xf3, 0xe8, 0x5b, 0xfe, 0xf8, 0x3b, 0x8f, 0xbe, 0xe5, 0x83, 0xb7, 0x1e, 0xb5, 0xbe, 0x76,
+	0xeb, 0x51, 0xeb, 0x0f, 0x6f, 0x3d, 0x6a, 0xfd, 0xf1, 0xad, 0x47, 0xad, 0x6f, 0xdf, 0x7a, 0xd4,
+	0x7a, 0xfd, 0x3f, 0x3f, 0xfa, 0x96, 0x97, 0x32, 0xf3, 0x22, 0xe8, 0x8f, 0xa7, 0x6a, 0xf5, 0x99,
+	0xed, 0x67, 0x58, 0x68, 0x3e, 0xfd, 0x9e, 0x67, 0x8c, 0x45, 0x3c, 0x23, 0xbf, 0xe7, 0xff, 0x17,
+	0x00, 0x00, 0xff, 0xff, 0x4c, 0x7a, 0x03, 0x43, 0x0b, 0x00, 0x01, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
@@ -7283,6 +7284,11 @@ func (m *ApplicationSetStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error)
 	_ = i
 	var l int
 	_ = l
+	i -= len(m.DeletionOrder)
+	copy(dAtA[i:], m.DeletionOrder)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.DeletionOrder)))
+	i--
+	dAtA[i] = 0x1a
 	if m.RollingSync != nil {
 		{
 			size, err := m.RollingSync.MarshalToSizedBuffer(dAtA[:i])
@@ -16669,6 +16675,8 @@ func (m *ApplicationSetStrategy) Size() (n int) {
 		l = m.RollingSync.Size()
 		n += 1 + l + sovGenerated(uint64(l))
 	}
+	l = len(m.DeletionOrder)
+	n += 1 + l + sovGenerated(uint64(l))
 	return n
 }
 
@@ -20343,6 +20351,7 @@ func (this *ApplicationSetStrategy) String() string {
 	s := strings.Join([]string{`&ApplicationSetStrategy{`,
 		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
 		`RollingSync:` + strings.Replace(this.RollingSync.String(), "ApplicationSetRolloutStrategy", "ApplicationSetRolloutStrategy", 1) + `,`,
+		`DeletionOrder:` + fmt.Sprintf("%v", this.DeletionOrder) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -27521,6 +27530,38 @@ func (m *ApplicationSetStrategy) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field DeletionOrder", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.DeletionOrder = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index 9f02185b69772..87389dc4d6d9e 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -376,6 +376,10 @@ message ApplicationSetStrategy {
   optional string type = 1;
 
   optional ApplicationSetRolloutStrategy rollingSync = 2;
+
+  // DeletionOrder allows specifying the order for deleting generated apps when progressive sync is enabled.
+  // accepts values "AllAtOnce" and "Reverse"
+  optional string deletionOrder = 3;
 }
 
 // ApplicationSetSyncPolicy configures how generated Applications will relate to their

From e53ac921525aa155b4419127895a5d333a4e01ff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Jul 2025 22:53:54 -1000
Subject: [PATCH 122/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.108.0 to 2.109.0 (#23758)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 86101bd151c16..053d541742a96 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.8.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.108.0
+	github.com/casbin/casbin/v2 v2.109.0
 	github.com/casbin/govaluate v1.8.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index 14b42e7433c45..dd4d7320a2b33 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.108.0 h1:aMc3I81wfLpQe/uzMdElB1OBhEmPZoWMPb2nfEaKygY=
-github.com/casbin/casbin/v2 v2.108.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.109.0 h1:/Rxcqa8V9t6/mMleX4laRtc/mduA+oYdZr449Rd1lD0=
+github.com/casbin/casbin/v2 v2.109.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.8.0 h1:1dUaV/I0LFP2tcY1uNQEb6wBCbp8GMTcC/zhwQDWvZo=
 github.com/casbin/govaluate v1.8.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From 94960c5005ff52d99f173621ec2ed2105bf2cbd1 Mon Sep 17 00:00:00 2001
From: dudinea <eugene.doudine@octopus.com>
Date: Fri, 11 Jul 2025 14:28:44 +0300
Subject: [PATCH 123/383] fix(test):
 Test_SSHCreds_Environ_TempFileCleanupOnInvalidProxyURL fails on Macos dev.
 env. (#23755)

Signed-off-by: Eugene Doudine <eugene.doudine@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/git/creds_test.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/util/git/creds_test.go b/util/git/creds_test.go
index 925ebd3de3ee9..36f26e4d99c45 100644
--- a/util/git/creds_test.go
+++ b/util/git/creds_test.go
@@ -328,9 +328,18 @@ func Test_SSHCreds_Environ_WithProxyUserNamePassword(t *testing.T) {
 func Test_SSHCreds_Environ_TempFileCleanupOnInvalidProxyURL(t *testing.T) {
 	// Previously, if the proxy URL was invalid, a temporary file would be left in /dev/shm. This ensures the file is cleaned up in this case.
 
-	// countDev returns the number of files in /dev/shm (argoutilio.TempDir)
+	// argoio.TempDir will be /dev/shm or "" (on an OS without /dev/shm).
+	// In this case os.CreateTemp(), which is used by creds.Environ(),
+	// will use os.TempDir for the temporary directory.
+	// Reproducing this logic here:
+	argoioTempDir := argoio.TempDir
+	if argoioTempDir == "" {
+		argoioTempDir = os.TempDir()
+	}
+
+	// countDev returns the number of files in the temporary directory
 	countFilesInDevShm := func() int {
-		entries, err := os.ReadDir(argoio.TempDir)
+		entries, err := os.ReadDir(argoioTempDir)
 		require.NoError(t, err)
 
 		return len(entries)

From b4ff3cd9cfff43b877a157184dd26cfdc4131eb5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Jul 2025 15:23:03 +0000
Subject: [PATCH 124/383] chore(deps): bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.0 to 1.18.1 (#23759)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 053d541742a96..49d0c3f5d93cc 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.24.4
 require (
 	code.gitea.io/sdk/gitea v0.21.0
 	dario.cat/mergo v1.0.2
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
 	github.com/Azure/kubelogin v0.2.9
 	github.com/Masterminds/semver/v3 v3.4.0
diff --git a/go.sum b/go.sum
index dd4d7320a2b33..eebc6eed5f5d4 100644
--- a/go.sum
+++ b/go.sum
@@ -44,8 +44,8 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
 github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0 h1:Gt0j3wceWMwPmiazCa8MzMA0MfhmPIz0Qp0FJ6qcM0U=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 h1:Wc1ml6QlJs2BHQ/9Bqu1jiyggbsSjramq2oUmp5WeIo=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=

From 8d9fab27ef3b0ea97583f5449e8061b1f749946c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Jul 2025 13:58:48 -0400
Subject: [PATCH 125/383] chore(deps): bump golang.org/x/crypto from 0.39.0 to
 0.40.0 (#23757)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 49d0c3f5d93cc..b9670143dd795 100644
--- a/go.mod
+++ b/go.mod
@@ -91,7 +91,7 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
 	go.opentelemetry.io/otel/sdk v1.36.0
 	go.uber.org/automaxprocs v1.6.0
-	golang.org/x/crypto v0.39.0
+	golang.org/x/crypto v0.40.0
 	golang.org/x/net v0.41.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.16.0
@@ -269,8 +269,8 @@ require (
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
 	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.26.0 // indirect
-	golang.org/x/tools v0.33.0 // indirect
+	golang.org/x/text v0.27.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
 	gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	gomodules.xyz/notify v0.1.1 // indirect
diff --git a/go.sum b/go.sum
index eebc6eed5f5d4..e2b50f9bc240e 100644
--- a/go.sum
+++ b/go.sum
@@ -981,8 +981,8 @@ golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/
 golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
-golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
+golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1267,8 +1267,8 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
-golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1339,8 +1339,8 @@ golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
-golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
-golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 577d5493fb453e0810558b4d2e5714b8594c9e6b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 11 Jul 2025 18:35:05 +0000
Subject: [PATCH 126/383] chore(deps): update module
 github.com/golangci/golangci-lint to v2.2.2 (#23761)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml       | 2 +-
 hack/installers/install-lint-tools.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index b9a37b36f045f..07daaca425dbf 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -112,7 +112,7 @@ jobs:
         uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
         with:
           # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
-          version: v2.2.1
+          version: v2.2.2
           args: --verbose
 
   test-go:
diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh
index 2f2163c55312d..3032b5e51f4a5 100755
--- a/hack/installers/install-lint-tools.sh
+++ b/hack/installers/install-lint-tools.sh
@@ -2,6 +2,6 @@
 set -eux -o pipefail
 
 # renovate: datasource=go packageName=github.com/golangci/golangci-lint
-GOLANGCI_LINT_VERSION=2.2.1
+GOLANGCI_LINT_VERSION=2.2.2
 
 GO111MODULE=on go install "github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v${GOLANGCI_LINT_VERSION}"

From c8b903f79d63b8048a05cc777b1fa737f7ecf6fc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Jul 2025 18:40:14 +0000
Subject: [PATCH 127/383] chore(deps): bump golang.org/x/net from 0.41.0 to
 0.42.0 (#23756)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b9670143dd795..d3200d8136a2a 100644
--- a/go.mod
+++ b/go.mod
@@ -92,7 +92,7 @@ require (
 	go.opentelemetry.io/otel/sdk v1.36.0
 	go.uber.org/automaxprocs v1.6.0
 	golang.org/x/crypto v0.40.0
-	golang.org/x/net v0.41.0
+	golang.org/x/net v0.42.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.16.0
 	golang.org/x/term v0.33.0
diff --git a/go.sum b/go.sum
index e2b50f9bc240e..c440a71cacaf5 100644
--- a/go.sum
+++ b/go.sum
@@ -1099,8 +1099,8 @@ golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
-golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 89a48a64573fe3cbb50fd312f0e26da008e895bb Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Sat, 12 Jul 2025 20:04:01 +0530
Subject: [PATCH 128/383] test: add tests for setting log format and level
 (#23686)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/cli/cli_test.go | 104 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)

diff --git a/util/cli/cli_test.go b/util/cli/cli_test.go
index 284f7036337fb..450ce4825c2bc 100644
--- a/util/cli/cli_test.go
+++ b/util/cli/cli_test.go
@@ -1,9 +1,16 @@
 package cli
 
 import (
+	"errors"
+	"flag"
 	"os"
+	"os/exec"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
+	"github.com/argoproj/argo-cd/v3/common"
+
 	"github.com/stretchr/testify/require"
 )
 
@@ -29,3 +36,100 @@ func TestPromptPassword_Fallback(t *testing.T) {
 	password := PromptPassword("")
 	require.Equal(t, pwd, password)
 }
+
+func TestSetLogFormat(t *testing.T) {
+	tests := []struct {
+		name          string
+		logFormat     string
+		expected      string
+		expectedFatal bool
+	}{
+		{
+			name:      "log format is set to json",
+			logFormat: "json",
+			expected:  "json",
+		},
+		{
+			name:      "log format is set to text",
+			logFormat: "text",
+			expected:  "text",
+		},
+		{
+			name:      "log format is not set",
+			logFormat: "text",
+			expected:  "text",
+		},
+		{
+			name:          "invalid log format",
+			logFormat:     "invalid",
+			expected:      "",
+			expectedFatal: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.expectedFatal {
+				if os.Getenv("TEST_FATAL") == "1" {
+					SetLogFormat(tt.logFormat)
+					return
+				}
+				cmd := exec.Command(os.Args[0], "-test.run="+t.Name())
+				cmd.Env = append(os.Environ(), "TEST_FATAL=1")
+				err := cmd.Run()
+				e := &exec.ExitError{}
+				if errors.As(err, &e) {
+					return
+				}
+				t.Fatalf("expected fatal exit for invalid log format")
+			} else {
+				SetLogFormat(tt.logFormat)
+				assert.Equal(t, tt.expected, os.Getenv(common.EnvLogFormat))
+			}
+		})
+	}
+}
+
+func TestSetLogLevel(t *testing.T) {
+	tests := []struct {
+		name     string
+		level    string
+		expected string
+	}{
+		{
+			name:     "log level is set to debug",
+			level:    "debug",
+			expected: "debug",
+		},
+		{
+			name:     "log level is set to info",
+			level:    "info",
+			expected: "info",
+		},
+		{
+			name:     "log level is set to warn",
+			level:    "warn",
+			expected: "warning",
+		},
+		{
+			name:     "log level is set to error",
+			level:    "error",
+			expected: "error",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			SetLogLevel(tt.level)
+			assert.Equal(t, tt.expected, os.Getenv(common.EnvLogLevel))
+		})
+	}
+}
+
+func TestSetGLogLevel(t *testing.T) {
+	SetGLogLevel(3)
+
+	vFlag := flag.Lookup("v")
+	assert.Equal(t, "3", vFlag.Value.String())
+
+	logToStderrFlag := flag.Lookup("logtostderr")
+	assert.Equal(t, "true", logToStderrFlag.Value.String())
+}

From d27f8b9734b3c8c3fc62644e74d6012135031b2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?No=C3=A9=20Charmet?= <noe.charmet@gmail.com>
Date: Sun, 13 Jul 2025 18:14:48 +0200
Subject: [PATCH 129/383] docs: add shipfox to argocd user list (#23771)

Signed-off-by: Noe Charmet <noe.charmet@shipfox.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index b3238d2233b6c..25caf466d901d 100644
--- a/USERS.md
+++ b/USERS.md
@@ -322,6 +322,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [SEKAI](https://www.sekai.io/)
 1. [Semgrep](https://semgrep.com)
 1. [Shield](https://shield.com)
+1. [Shipfox](https://www.shipfox.io)
 1. [SI Analytics](https://si-analytics.ai)
 1. [Sidewalk Entertainment](https://sidewalkplay.com/)
 1. [Skit](https://skit.ai/)

From e5d89f84cd834d4f58f4ae2a37e745ce9bae220c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 13 Jul 2025 23:02:52 -0400
Subject: [PATCH 130/383] chore(deps): bump library/golang from `a9219eb` to
 `14fd8a5` in /test/remote (#23728)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/remote/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index b5c48c06d93f9..0fa1f483ff9a7 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
-FROM docker.io/library/golang:1.24.5@sha256:a9219eb99cd2951b042985dbec09d508b3ddc20c4da52a3a55b275b3779e4a05 AS go
+FROM docker.io/library/golang:1.24.5@sha256:14fd8a55e59a560704e5fc44970b301d00d344e45d6b914dda228e09f359a088 AS go
 
 RUN go install github.com/mattn/goreman@latest && \
     go install github.com/kisielk/godepgraph@latest

From c4ea6d22d8fdc319cea5833ad0125d141a24dd80 Mon Sep 17 00:00:00 2001
From: Jaewoo Choi <jaewoo45@gmail.com>
Date: Mon, 14 Jul 2025 12:04:08 +0900
Subject: [PATCH 131/383] fix(ui): fix misleading pointer cursor and animation
 click-block issue (#23688)

Signed-off-by: choejwoo <jaewoo45@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-resource-tree.scss                       | 9 +++++++++
 .../application-resource-tree.tsx                        | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss
index 09df06e2edee2..21efee5dad655 100644
--- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss
+++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.scss
@@ -107,6 +107,14 @@
             }
         }
 
+        &--grouped-node {
+            cursor: default;
+        }
+
+        &__top-part {
+            cursor: pointer;
+        }
+
         &--load-balancer {
             cursor: default;
             background-color: $argo-color-teal-2;
@@ -320,6 +328,7 @@
         top: 0;
         bottom: 0;
         animation: shadow-pulse 1s 1;
+        pointer-events: none;
     }
 
     @keyframes shadow-pulse {
diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx
index 3ecc673baceac..311ea1fb344be 100644
--- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx
+++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx
@@ -446,7 +446,8 @@ function renderPodGroup(props: ApplicationResourceTreeProps, id: string, node: R
         <div
             className={classNames('application-resource-tree__node', {
                 'active': fullName === props.selectedNodeFullName,
-                'application-resource-tree__node--orphaned': node.orphaned
+                'application-resource-tree__node--orphaned': node.orphaned,
+                'application-resource-tree__node--grouped-node': !showPodGroupByStatus
             })}
             title={describeNode(node)}
             style={{

From 3c802b63740bf0dd72775e7befb7536e740c6d34 Mon Sep 17 00:00:00 2001
From: Papapetrou Patroklos <1743100+ppapapetrou76@users.noreply.github.com>
Date: Mon, 14 Jul 2025 16:01:33 +0300
Subject: [PATCH 132/383] chore: adds all components in goreman run script
 (#23777)

Signed-off-by: Patroklos Papapetrou <ppapapetrou76@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/goreman-start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/goreman-start.sh b/hack/goreman-start.sh
index b5886084c7dff..5b7b75b1a6344 100644
--- a/hack/goreman-start.sh
+++ b/hack/goreman-start.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-declare -a services=("controller" "api-server" "redis" "repo-server" "ui")
+declare -a services=("controller" "api-server" "redis" "repo-server" "cmp-server" "ui" "applicationset-controller" "commit-server" "notification" "dex" "git-server" "helm-registry" "dev-mounter")
 
 EXCLUDE=$exclude
 

From 6d60e82a974a716f8b5f7b36a8fd692983d12145 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 14 Jul 2025 13:11:35 +0000
Subject: [PATCH 133/383] [Bot] docs: Update Snyk report (#23770)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   44 +-
 docs/snyk/master/argocd-iac-install.html      |   90 +-
 .../master/argocd-iac-namespace-install.html  |    2 +-
 docs/snyk/master/argocd-test.html             |   10 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_latest.html       |  736 +++++-
 docs/snyk/v2.13.8/argocd-iac-install.html     |    2 +-
 .../v2.13.8/argocd-iac-namespace-install.html |    2 +-
 docs/snyk/v2.13.8/argocd-test.html            |    2 +-
 .../v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html   |    2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |    2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v2.13.8.html      | 2206 +++++++++++++++--
 docs/snyk/v2.13.8/redis_7.0.15-alpine.html    |    2 +-
 docs/snyk/v2.14.15/argocd-iac-install.html    |    2 +-
 .../argocd-iac-namespace-install.html         |    2 +-
 docs/snyk/v2.14.15/argocd-test.html           |    2 +-
 .../v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html  |    2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |    2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v2.14.15.html     | 2008 +++++++++++++--
 docs/snyk/v2.14.15/redis_7.0.15-alpine.html   |    2 +-
 .../argocd-iac-install.html                   |    4 +-
 .../argocd-iac-namespace-install.html         |    4 +-
 .../snyk/{v3.0.9 => v3.0.11}/argocd-test.html |    2 +-
 .../ghcr.io_dexidp_dex_v2.41.1.html           |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v3.0.11.html}     | 1128 +++++++--
 .../redis_7.2.7-alpine.html                   |    2 +-
 .../argocd-iac-install.html                   |    4 +-
 .../argocd-iac-namespace-install.html         |    4 +-
 .../argocd-test.html                          |    2 +-
 .../ghcr.io_dexidp_dex_v2.43.0.html           |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v3.1.0-rc3.html}  | 1112 +++++----
 39 files changed, 6064 insertions(+), 1340 deletions(-)
 rename docs/snyk/{v3.0.9 => v3.0.11}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.0.9 => v3.0.11}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.0.9 => v3.0.11}/argocd-test.html (99%)
 rename docs/snyk/{v3.0.9 => v3.0.11}/ghcr.io_dexidp_dex_v2.41.1.html (99%)
 rename docs/snyk/{v3.1.0-rc1 => v3.0.11}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.0.9 => v3.0.11}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html => v3.0.11/quay.io_argoproj_argocd_v3.0.11.html} (70%)
 rename docs/snyk/{v3.0.9 => v3.0.11}/redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.1.0-rc1 => v3.1.0-rc3}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.1.0-rc1 => v3.1.0-rc3}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.1.0-rc1 => v3.1.0-rc3}/argocd-test.html (99%)
 rename docs/snyk/{v3.1.0-rc1 => v3.1.0-rc3}/ghcr.io_dexidp_dex_v2.43.0.html (99%)
 rename docs/snyk/{v3.0.9 => v3.1.0-rc3}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.1.0-rc1 => v3.1.0-rc3}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.0.9/quay.io_argoproj_argocd_v3.0.9.html => v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html} (84%)

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index e88afa27bd7e8..66e06c33da2c8 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -18,36 +18,36 @@ recent minor releases.
 | [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
 | [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 8 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 9 | 7 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.1.0-rc1
+### v3.1.0-rc3
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.1.0-rc1/argocd-test.html) | 0 | 0 | 5 | 0 |
-| [ui/yarn.lock](v3.1.0-rc1/argocd-test.html) | 0 | 0 | 1 | 2 |
-| [dex:v2.43.0](v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
-| [haproxy:3.0.8-alpine](v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.1.0-rc1](v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html) | 0 | 0 | 3 | 9 |
-| [install.yaml](v3.1.0-rc1/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.1.0-rc1/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.1.0-rc3/argocd-test.html) | 0 | 0 | 5 | 0 |
+| [ui/yarn.lock](v3.1.0-rc3/argocd-test.html) | 0 | 0 | 1 | 2 |
+| [dex:v2.43.0](v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
+| [haproxy:3.0.8-alpine](v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.1.0-rc3](v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html) | 0 | 0 | 8 | 9 |
+| [install.yaml](v3.1.0-rc3/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.1.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.0.9
+### v3.0.11
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.0.9/argocd-test.html) | 0 | 3 | 5 | 0 |
-| [ui/yarn.lock](v3.0.9/argocd-test.html) | 0 | 1 | 2 | 4 |
-| [dex:v2.41.1](v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:3.0.8-alpine](v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.0.9](v3.0.9/quay.io_argoproj_argocd_v3.0.9.html) | 0 | 0 | 4 | 9 |
-| [redis:7.2.7-alpine](v3.0.9/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v3.0.9/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.0.9/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.0.11/argocd-test.html) | 0 | 3 | 5 | 0 |
+| [ui/yarn.lock](v3.0.11/argocd-test.html) | 0 | 1 | 2 | 4 |
+| [dex:v2.41.1](v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
+| [haproxy:3.0.8-alpine](v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.0.11](v3.0.11/quay.io_argoproj_argocd_v3.0.11.html) | 0 | 0 | 8 | 9 |
+| [redis:7.2.7-alpine](v3.0.11/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v3.0.11/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.0.11/argocd-iac-namespace-install.html) | - | - | - | - |
 
 ### v2.14.15
 
@@ -58,7 +58,7 @@ recent minor releases.
 | [dex:v2.41.1](v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 4 | 9 |
+| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 21 | 9 |
 | [redis:7.0.15-alpine](v2.14.15/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.14.15/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.14.15/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -72,7 +72,7 @@ recent minor releases.
 | [dex:v2.41.1](v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 6 | 9 |
+| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 23 | 9 |
 | [redis:7.0.15-alpine](v2.13.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.13.8/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.13.8/argocd-iac-namespace-install.html) | - | - | - | - |
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index ee7c722b088de..805b6241dd6d8 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:26:09 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:26:39 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -507,7 +507,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24392
+                              Line number: 24394
                           </li>
                       </ul>
               
@@ -553,7 +553,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24072
+                              Line number: 24074
                           </li>
                       </ul>
               
@@ -599,7 +599,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24160
+                              Line number: 24162
                           </li>
                       </ul>
               
@@ -645,7 +645,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24188
+                              Line number: 24190
                           </li>
                       </ul>
               
@@ -691,7 +691,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24218
+                              Line number: 24220
                           </li>
                       </ul>
               
@@ -737,7 +737,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24236
+                              Line number: 24238
                           </li>
                       </ul>
               
@@ -783,7 +783,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24254
+                              Line number: 24256
                           </li>
                       </ul>
               
@@ -829,7 +829,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24276
+                              Line number: 24278
                           </li>
                       </ul>
               
@@ -881,7 +881,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25484
+                              Line number: 25486
                           </li>
                       </ul>
               
@@ -933,7 +933,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25803
+                              Line number: 25805
                           </li>
                       </ul>
               
@@ -991,7 +991,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24979
+                              Line number: 24981
                           </li>
                       </ul>
               
@@ -1049,7 +1049,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25280
+                              Line number: 25282
                           </li>
                       </ul>
               
@@ -1107,7 +1107,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25228
+                              Line number: 25230
                           </li>
                       </ul>
               
@@ -1165,7 +1165,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25342
+                              Line number: 25344
                           </li>
                       </ul>
               
@@ -1223,7 +1223,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25455
+                              Line number: 25457
                           </li>
                       </ul>
               
@@ -1281,7 +1281,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25479
+                              Line number: 25481
                           </li>
                       </ul>
               
@@ -1339,7 +1339,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25803
+                              Line number: 25805
                           </li>
                       </ul>
               
@@ -1397,7 +1397,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25538
+                              Line number: 25540
                           </li>
                       </ul>
               
@@ -1455,7 +1455,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25890
+                              Line number: 25892
                           </li>
                       </ul>
               
@@ -1513,7 +1513,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26300
+                              Line number: 26302
                           </li>
                       </ul>
               
@@ -1565,7 +1565,7 @@ <h2 class="card__title">Container is running with multiple open ports</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25260
+                              Line number: 25262
                           </li>
                       </ul>
               
@@ -1617,7 +1617,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24979
+                              Line number: 24981
                           </li>
                       </ul>
               
@@ -1669,7 +1669,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25228
+                              Line number: 25230
                           </li>
                       </ul>
               
@@ -1721,7 +1721,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25455
+                              Line number: 25457
                           </li>
                       </ul>
               
@@ -1779,7 +1779,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24979
+                              Line number: 24981
                           </li>
                       </ul>
               
@@ -1837,7 +1837,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25228
+                              Line number: 25230
                           </li>
                       </ul>
               
@@ -1895,7 +1895,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25280
+                              Line number: 25282
                           </li>
                       </ul>
               
@@ -1953,7 +1953,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25342
+                              Line number: 25344
                           </li>
                       </ul>
               
@@ -2011,7 +2011,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25455
+                              Line number: 25457
                           </li>
                       </ul>
               
@@ -2069,7 +2069,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25479
+                              Line number: 25481
                           </li>
                       </ul>
               
@@ -2127,7 +2127,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25803
+                              Line number: 25805
                           </li>
                       </ul>
               
@@ -2185,7 +2185,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25538
+                              Line number: 25540
                           </li>
                       </ul>
               
@@ -2243,7 +2243,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25890
+                              Line number: 25892
                           </li>
                       </ul>
               
@@ -2301,7 +2301,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26300
+                              Line number: 26302
                           </li>
                       </ul>
               
@@ -2357,7 +2357,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25150
+                              Line number: 25152
                           </li>
                       </ul>
               
@@ -2413,7 +2413,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25288
+                              Line number: 25290
                           </li>
                       </ul>
               
@@ -2469,7 +2469,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25263
+                              Line number: 25265
                           </li>
                       </ul>
               
@@ -2525,7 +2525,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25387
+                              Line number: 25389
                           </li>
                       </ul>
               
@@ -2581,7 +2581,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25472
+                              Line number: 25474
                           </li>
                       </ul>
               
@@ -2637,7 +2637,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25486
+                              Line number: 25488
                           </li>
                       </ul>
               
@@ -2693,7 +2693,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25810
+                              Line number: 25812
                           </li>
                       </ul>
               
@@ -2749,7 +2749,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25776
+                              Line number: 25778
                           </li>
                       </ul>
               
@@ -2805,7 +2805,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26199
+                              Line number: 26201
                           </li>
                       </ul>
               
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26569
+                              Line number: 26571
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index 5f8555e0350d9..154e1e4a4ed00 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:26:22 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:26:49 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index 96726d805ef5e..406197b7e75ba 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:23:47 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:24:27 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,7 +501,7 @@ <h1 class="project__header__title">Snyk test report</h1>
               <div class="meta-counts">
                 <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
                 <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2105</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2106</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -697,7 +697,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.133.0
+                                        gitlab.com/gitlab-org/api/client-go@0.134.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -905,7 +905,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.133.0
+                                        gitlab.com/gitlab-org/api/client-go@0.134.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -916,7 +916,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.133.0
+                                        gitlab.com/gitlab-org/api/client-go@0.134.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index a4e04c60b60d0..81d4015bc4492 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:23:59 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:24:38 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index a2f172dd1f67d..f03466157ddce 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:24:05 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:24:43 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index afae67011709a..8cb9f5b9dbf5b 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:24:12 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:24:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index 1bf6430d63e01..dda4d6e08b527 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="17 known vulnerabilities found in 67 vulnerable dependency paths.">
+  <meta name="description" content="22 known vulnerabilities found in 82 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:24:32 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:25:07 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>67 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>22</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>82 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2322</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -562,7 +562,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
+                                        util-linux@2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-7ubuntu4.3
                                         
@@ -573,7 +573,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-7ubuntu4.3
                                         
@@ -681,7 +681,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
+                                        util-linux@2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
@@ -692,7 +692,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
@@ -727,7 +727,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
+                                        util-linux@2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
@@ -738,7 +738,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
@@ -828,7 +828,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
+                                        util-linux@2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-7ubuntu4.3
                                         
@@ -839,7 +839,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-7ubuntu4.3
                                         
@@ -947,7 +947,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
+                                        util-linux@2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
@@ -958,7 +958,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-7ubuntu4.3
                                         
@@ -993,7 +993,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.40.2-14ubuntu1
+                                        util-linux@2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
@@ -1004,7 +1004,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-7ubuntu4.3
                                         
@@ -1039,6 +1039,581 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795712">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">NULL Pointer Dereference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691374">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
+        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691440">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Heap-based Buffer Overflow</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691453">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.48.1-0ubuntu1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691517">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-5745</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.41-6ubuntu1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.41-6ubuntu1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5745">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5745</a></li>
+        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33060">https://sourceware.org/bugzilla/show_bug.cgi?id=33060</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-10321966">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-5702</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.41-6ubuntu1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.41-6ubuntu1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
+        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-10321977">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
@@ -1440,7 +2015,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.48.1-0ubuntu1 and others
+                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.48.1-0ubuntu1.1 and others
                     </li>
                 </ul>
         
@@ -1454,9 +2029,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1
+                                        git@1:2.48.1-0ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.48.1-0ubuntu1
+                                        git/git-man@1:2.48.1-0ubuntu1.1
                                         
                                 </span>
         
@@ -1465,7 +2040,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1
+                                        git@1:2.48.1-0ubuntu1.1
                                         
                                 </span>
         
@@ -1476,7 +2051,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.6.1-1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1
+                                        git@1:2.48.1-0ubuntu1.1
                                         
                                 </span>
         
@@ -1558,7 +2133,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1
+                                        util-linux/login@1:4.16.0-2+really2.40.2-14ubuntu1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login.defs@1:4.16.0-7ubuntu1
                                         
@@ -1840,7 +2415,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.11.0-6ubuntu1
                                         
@@ -1851,7 +2426,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu23
+                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.11.0-6ubuntu1
                                         
@@ -1862,7 +2437,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu23
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.11.0-6ubuntu1
                                         
@@ -1875,7 +2450,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu23
+                                        gnupg2/gpgv@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.11.0-6ubuntu1
                                         
@@ -1886,9 +2461,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu23
+                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu23
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.11.0-6ubuntu1
                                         
@@ -1952,7 +2527,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu23
+                                docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu23.1
         
                     </li>
                 </ul>
@@ -1967,7 +2542,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu23
+                                        gnupg2/gpgv@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -1978,7 +2553,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@3.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu23
+                                        gnupg2/gpgv@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -1987,9 +2562,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu23
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -1998,9 +2573,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu23
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu23
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -2009,9 +2584,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu23
+                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu23
+                                        gnupg2/gpgconf@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -2020,7 +2595,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23
+                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -2029,7 +2604,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu23
+                                        gnupg2/gpg@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -2038,7 +2613,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu23
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu23.1
                                         
                                 </span>
         
@@ -2155,87 +2730,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-9828016">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-0167</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            curl/libcurl3t64-gnutls
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@latest, git@1:2.48.1-0ubuntu1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>When asked to use a <code>.netrc</code> file for credentials <strong>and</strong> to follow HTTP
-        redirects, curl could leak the password used for the first host to the
-        followed-to host under certain circumstances.</p>
-        <p>This flaw only manifests itself if the netrc file has a <code>default</code> entry that
-        omits both login and password. A rare circumstance.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>curl</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167</a></li>
-        <li><a href="https://curl.se/docs/CVE-2025-0167.json">https://curl.se/docs/CVE-2025-0167.json</a></li>
-        <li><a href="https://hackerone.com/reports/2917232">https://hackerone.com/reports/2917232</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250306-0008/">https://security.netapp.com/advisory/ntap-20250306-0008/</a></li>
-        <li><a href="https://curl.se/docs/CVE-2025-0167.html">https://curl.se/docs/CVE-2025-0167.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-CURL-9791313">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
             <h2 class="card__title">Improper Input Validation</h2>
diff --git a/docs/snyk/v2.13.8/argocd-iac-install.html b/docs/snyk/v2.13.8/argocd-iac-install.html
index 209860e132a8e..5f055bb21a6f0 100644
--- a/docs/snyk/v2.13.8/argocd-iac-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:37:25 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:37:15 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
index 6c88b7e45c521..07a65ec792944 100644
--- a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:37:37 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:37:25 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-test.html b/docs/snyk/v2.13.8/argocd-test.html
index b488e262d9974..f3cc29348bcf2 100644
--- a/docs/snyk/v2.13.8/argocd-test.html
+++ b/docs/snyk/v2.13.8/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:35:14 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:35:08 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
index af208f4cee4fc..cc66cca72ab41 100644
--- a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:35:22 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:35:17 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index 5b8c6600b9f66..fca34e6eaed06 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:35:26 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:35:20 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index da9f27b995722..f1a60f771f0c4 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:35:31 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:35:25 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
index 286dba0c8afc3..6a71c617b1612 100644
--- a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
+++ b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="31 known vulnerabilities found in 122 vulnerable dependency paths.">
+  <meta name="description" content="48 known vulnerabilities found in 172 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:35:53 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:35:45 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>31</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>122 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>48</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>172 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2361</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -1273,6 +1273,14 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10354">https://access.redhat.com/errata/RHSA-2025:10354</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10357">https://access.redhat.com/errata/RHSA-2025:10357</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10358">https://access.redhat.com/errata/RHSA-2025:10358</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10359">https://access.redhat.com/errata/RHSA-2025:10359</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10361">https://access.redhat.com/errata/RHSA-2025:10361</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10362">https://access.redhat.com/errata/RHSA-2025:10362</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
         </ul>
         
               <hr/>
@@ -1768,7 +1776,7 @@ <h2 id="references">References</h2>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Reversible One-Way Hash</h2>
+            <h2 class="card__title">Out-of-bounds Read</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1789,7 +1797,7 @@ <h2 class="card__title">Reversible One-Way Hash</h2>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            krb5/libk5crypto3
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
@@ -1813,13 +1821,76 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
                             </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5318">https://access.redhat.com/security/cve/CVE-2025-5318</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369131">https://bugzilla.redhat.com/show_bug.cgi?id=2369131</a></li>
+        <li><a href="https://www.libssh.org/security/advisories/CVE-2025-5318.txt">https://www.libssh.org/security/advisories/CVE-2025-5318.txt</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10499336">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Return of Wrong Status Code</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@v2.13.8
@@ -1828,15 +1899,75 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
                             </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5987">https://access.redhat.com/security/cve/CVE-2025-5987</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376219">https://bugzilla.redhat.com/show_bug.cgi?id=2376219</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500564">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Incorrect Calculation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@v2.13.8
@@ -1845,13 +1976,75 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
                             </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions&#39; confidentiality, integrity, and availability.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5372">https://access.redhat.com/security/cve/CVE-2025-5372</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369388">https://bugzilla.redhat.com/show_bug.cgi?id=2369388</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500576">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@v2.13.8
@@ -1860,15 +2053,75 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
                             </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5351">https://access.redhat.com/security/cve/CVE-2025-5351</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369367">https://bugzilla.redhat.com/show_bug.cgi?id=2369367</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500583">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-4877</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@v2.13.8
@@ -1877,22 +2130,232 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
                             </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500658">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-4878</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500669">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Reversible One-Way Hash</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            krb5/libk5crypto3
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1913,40 +2376,1145 @@ <h3 class="card__section__title">Detailed paths</h3>
                                         
                                 </span>
         
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                        
-                                </span>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/krb5-locales@1.20.1-6ubuntu2.5
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>krb5</code> package and not the <code>krb5</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>krb5</code> to version 1.20.1-6ubuntu2.6 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-3576">https://access.redhat.com/security/cve/CVE-2025-3576</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359465">https://bugzilla.redhat.com/show_bug.cgi?id=2359465</a></li>
+        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:8411">https://access.redhat.com/errata/RHSA-2025:8411</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9418">https://access.redhat.com/errata/RHSA-2025:9418</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:9430">https://access.redhat.com/errata/RHSA-2025:9430</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-9726834">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">LGPL-3.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            gopkg.in/retry.v1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gopkg.in/retry.v1@v1.0.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>LGPL-3.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/net/html
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.33.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/net/html@v0.33.0
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/net/html@v0.23.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
+        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
+        <h2 id="details">Details</h2>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
+        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
+        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
+        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
+        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
+        <h3 id="types-of-attacks">Types of attacks</h3>
+        <p>There are a few methods by which XSS can be manipulated:</p>
+        <table>
+        <thead>
+        <tr>
+        <th>Type</th>
+        <th>Origin</th>
+        <th>Description</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td><strong>Stored</strong></td>
+        <td>Server</td>
+        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
+        </tr>
+        <tr>
+        <td><strong>Reflected</strong></td>
+        <td>Server</td>
+        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
+        </tr>
+        <tr>
+        <td><strong>DOM-based</strong></td>
+        <td>Client</td>
+        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
+        </tr>
+        <tr>
+        <td><strong>Mutated</strong></td>
+        <td></td>
+        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
+        </tr>
+        </tbody></table>
+        <h3 id="affected-environments">Affected environments</h3>
+        <p>The following environments are susceptible to an XSS attack:</p>
+        <ul>
+        <li>Web servers</li>
+        <li>Application servers</li>
+        <li>Web application environments</li>
+        </ul>
+        <h3 id="how-to-prevent">How to prevent</h3>
+        <p>This section describes the top best practices designed to specifically protect your code: </p>
+        <ul>
+        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
+        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
+        <li>Give users the option to disable client-side scripts.</li>
+        <li>Redirect invalid requests.</li>
+        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
+        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
+        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
+        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">NULL Pointer Dereference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
+        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Heap-based Buffer Overflow</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.7.14build2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-5702</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and glibc/libc-bin@2.39-0ubuntu8.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
+        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Unexpected Status Code or Return Value</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/redis/go-redis/v9
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/redis/go-redis/v9@v9.7.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/redis/go-redis/v9@v9.7.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in <code>initConn()</code>, which causes out of order responses when <code>CLIENT SETINFO</code> times out while establishing a connection.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by setting <code>DisableIndentity</code> to true when initializing a client.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/redis/go-redis/v9</code> to version 9.5.5, 9.6.3, 9.7.2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6">GitHub Commit</a></li>
+        <li><a href="https://github.com/redis/go-redis/pull/3295">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMREDISGOREDISV9-9486471">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/r3labs/diff
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/r3labs/diff@v1.1.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-version
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-version@v1.6.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-retryablehttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
         
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                        
-                                </span>
+                    </li>
+                </ul>
         
-                            </li>
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                        github.com/argoproj/argo-cd/v2@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        krb5/krb5-locales@1.20.1-6ubuntu2.5
+                                        github.com/hashicorp/go-retryablehttp@v0.7.7
                                         
                                 </span>
         
@@ -1957,32 +3525,17 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>krb5</code> package and not the <code>krb5</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>krb5</code> to version 1.20.1-6ubuntu2.6 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-3576">https://access.redhat.com/security/cve/CVE-2025-3576</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359465">https://bugzilla.redhat.com/show_bug.cgi?id=2359465</a></li>
-        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:8411">https://access.redhat.com/errata/RHSA-2025:8411</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9418">https://access.redhat.com/errata/RHSA-2025:9418</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9430">https://access.redhat.com/errata/RHSA-2025:9430</a></li>
-        </ul>
+              <p>MPL-2.0 license</p>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-9726834">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
+            <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1995,7 +3548,7 @@ <h2 class="card__title">LGPL-3.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2003,12 +3556,12 @@ <h2 class="card__title">LGPL-3.0 license</h2>
                     <li class="card__meta__item">
                             Module:
         
-                            gopkg.in/retry.v1
+                            github.com/hashicorp/go-multierror
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
+                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
         
                     </li>
                 </ul>
@@ -2021,9 +3574,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        helm.sh/helm/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@v1.0.3
+                                        github.com/hashicorp/go-multierror@v1.1.1
                                         
                                 </span>
         
@@ -2034,17 +3587,17 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>LGPL-3.0 license</p>
+              <p>MPL-2.0 license</p>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2063,14 +3616,14 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
                         Package Manager: golang
                     </li>
                     <li class="card__meta__item">
-                            Vulnerable module:
+                            Module:
         
-                            golang.org/x/net/html
+                            github.com/hashicorp/go-cleanhttp
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.33.0
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
         
                     </li>
                 </ul>
@@ -2085,16 +3638,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v2@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.23.0
+                                        github.com/hashicorp/go-cleanhttp@v0.5.2
                                         
                                 </span>
         
@@ -2105,82 +3649,17 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
+              <p>MPL-2.0 license</p>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Unexpected Status Code or Return Value</h2>
+            <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2199,14 +3678,14 @@ <h2 class="card__title">Unexpected Status Code or Return Value</h2>
                         Package Manager: golang
                     </li>
                     <li class="card__meta__item">
-                            Vulnerable module:
+                            Module:
         
-                            github.com/redis/go-redis/v9
+                            github.com/gosimple/slug
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/redis/go-redis/v9@v9.7.1
+                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
         
                     </li>
                 </ul>
@@ -2221,7 +3700,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v2@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@v9.7.1
+                                        github.com/gosimple/slug@v1.14.0
                                         
                                 </span>
         
@@ -2232,27 +3711,17 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in <code>initConn()</code>, which causes out of order responses when <code>CLIENT SETINFO</code> times out while establishing a connection.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by setting <code>DisableIndentity</code> to true when initializing a client.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/redis/go-redis/v9</code> to version 9.5.5, 9.6.3, 9.7.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6">GitHub Commit</a></li>
-        <li><a href="https://github.com/redis/go-redis/pull/3295">GitHub PR</a></li>
-        </ul>
+              <p>MPL-2.0 license</p>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMREDISGOREDISV9-9486471">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2271,14 +3740,14 @@ <h2 class="card__title">MPL-2.0 license</h2>
                         Package Manager: golang
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/r3labs/diff
+                            github.com/argoproj/gitops-engine/pkg/utils/kube
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
+                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
         
                     </li>
                 </ul>
@@ -2293,7 +3762,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v2@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff@v1.1.0
+                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
                                         
                                 </span>
         
@@ -2304,17 +3773,26 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/utils/kube</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
+        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2333,14 +3811,14 @@ <h2 class="card__title">MPL-2.0 license</h2>
                         Package Manager: golang
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-version
+                            github.com/argoproj/gitops-engine/pkg/diff
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
+                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
         
                     </li>
                 </ul>
@@ -2355,7 +3833,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v2@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.6.0
+                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
                                         
                                 </span>
         
@@ -2366,17 +3844,26 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/diff</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
+        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Buffer Overflow</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2389,35 +3876,57 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-retryablehttp
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
         
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
                 <hr/>
         
         
-                        <h3 class="card__section__title">Detailed paths</h3>
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
         
-                    <ul class="card__meta__paths">
+                            </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2428,17 +3937,27 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr">https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664136">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Arbitrary Argument Injection</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2451,21 +3970,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-multierror
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
         
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2477,9 +3996,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-multierror@v1.1.1
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2490,17 +4031,28 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835</a></li>
+        <li><a href="https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da">https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da</a></li>
+        <li><a href="https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg">https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664171">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">External Control of File Name or Path</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2513,21 +4065,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-cleanhttp
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
         
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2539,9 +4091,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@v0.5.2
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2552,17 +4126,27 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655">https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664178">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Link Following</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2575,21 +4159,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/gosimple/slug
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
         
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2601,9 +4185,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/gosimple/slug@v1.14.0
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2614,17 +4220,28 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9">https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9</a></li>
+        <li><a href="https://github.com/liamg/CVE-2025-48384">https://github.com/liamg/CVE-2025-48384</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664185">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
+            <h2 class="card__title">OS Command Injection</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2637,21 +4254,21 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            github.com/argoproj/gitops-engine/pkg/utils/kube
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
         
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2663,9 +4280,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2676,26 +4315,29 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk&#39;s Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/utils/kube</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613</a></li>
+        <li><a href="https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5">https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5</a></li>
+        <li><a href="https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652">https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652</a></li>
+        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v">https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664269">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
+            <h2 class="card__title">OS Command Injection</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -2708,21 +4350,21 @@ <h2 class="card__title">Generation of Error Message Containing Sensitive Informa
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            github.com/argoproj/gitops-engine/pkg/diff
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
         
+                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -2734,9 +4376,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2747,21 +4411,23 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/diff</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614</a></li>
+        <li><a href="https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129">https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129</a></li>
+        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc">https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664291">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
diff --git a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
index 4c47664c6cc79..2869e6e91304e 100644
--- a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:35:58 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:35:49 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-install.html b/docs/snyk/v2.14.15/argocd-iac-install.html
index 4390be6b24fb4..de74f6a16b81a 100644
--- a/docs/snyk/v2.14.15/argocd-iac-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:34:45 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:34:43 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
index 8ecda3d3b1f26..4139f7aeea695 100644
--- a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:34:56 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:34:53 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-test.html b/docs/snyk/v2.14.15/argocd-test.html
index 2b94f71c9d4db..d6f581f6f99fa 100644
--- a/docs/snyk/v2.14.15/argocd-test.html
+++ b/docs/snyk/v2.14.15/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:32:21 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:32:25 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
index 3a4513a703150..f4c7a2b22c474 100644
--- a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:32:27 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:32:33 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index ff266eabc9469..d31dd2e0e6324 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:32:33 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:32:39 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index dadf930a50937..e8764352162f2 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:32:41 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:32:45 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
index 7f861e2812b14..56aa16f5d1516 100644
--- a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
+++ b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="24 known vulnerabilities found in 93 vulnerable dependency paths.">
+  <meta name="description" content="41 known vulnerabilities found in 143 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:33:05 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:33:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>93 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>41</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>143 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -903,6 +903,14 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10354">https://access.redhat.com/errata/RHSA-2025:10354</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10357">https://access.redhat.com/errata/RHSA-2025:10357</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10358">https://access.redhat.com/errata/RHSA-2025:10358</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10359">https://access.redhat.com/errata/RHSA-2025:10359</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10361">https://access.redhat.com/errata/RHSA-2025:10361</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10362">https://access.redhat.com/errata/RHSA-2025:10362</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
         </ul>
         
               <hr/>
@@ -1398,7 +1406,7 @@ <h2 id="references">References</h2>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
+            <h2 class="card__title">Out-of-bounds Read</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1411,21 +1419,21 @@ <h2 class="card__title">LGPL-3.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            gopkg.in/retry.v1
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1437,9 +1445,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@v1.0.3
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
@@ -1450,17 +1462,29 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>LGPL-3.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5318">https://access.redhat.com/security/cve/CVE-2025-5318</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369131">https://bugzilla.redhat.com/show_bug.cgi?id=2369131</a></li>
+        <li><a href="https://www.libssh.org/security/advisories/CVE-2025-5318.txt">https://www.libssh.org/security/advisories/CVE-2025-5318.txt</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10499336">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <h2 class="card__title">Return of Wrong Status Code</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1473,21 +1497,21 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            golang.org/x/net/html
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1499,9 +1523,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.26.0
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
@@ -1512,82 +1540,28 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5987">https://access.redhat.com/security/cve/CVE-2025-5987</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376219">https://bugzilla.redhat.com/show_bug.cgi?id=2376219</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500564">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Incorrect Calculation</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1600,21 +1574,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/r3labs/diff
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1626,9 +1600,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff@v1.1.0
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
@@ -1639,17 +1617,28 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions&#39; confidentiality, integrity, and availability.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5372">https://access.redhat.com/security/cve/CVE-2025-5372</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369388">https://bugzilla.redhat.com/show_bug.cgi?id=2369388</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500576">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Double Free</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1662,21 +1651,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-version
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1688,9 +1677,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.6.0
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
@@ -1701,17 +1694,28 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5351">https://access.redhat.com/security/cve/CVE-2025-5351</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369367">https://bugzilla.redhat.com/show_bug.cgi?id=2369367</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500583">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">CVE-2025-4877</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1724,21 +1728,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-retryablehttp
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1750,9 +1754,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
@@ -1763,17 +1771,24 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500658">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">CVE-2025-4878</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1786,21 +1801,21 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/hashicorp/go-multierror
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1812,9 +1827,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-multierror@v1.1.1
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
                                         
                                 </span>
         
@@ -1825,17 +1844,24 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878</a></li>
+        </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500669">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">LGPL-3.0 license</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1856,12 +1882,12 @@ <h2 class="card__title">MPL-2.0 license</h2>
                     <li class="card__meta__item">
                             Module:
         
-                            github.com/hashicorp/go-cleanhttp
+                            gopkg.in/retry.v1
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
+                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
         
                     </li>
                 </ul>
@@ -1876,7 +1902,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v2@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@v0.5.2
+                                        gopkg.in/retry.v1@v1.0.3
                                         
                                 </span>
         
@@ -1887,17 +1913,17 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
+              <p>LGPL-3.0 license</p>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
+            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1910,20 +1936,20 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
                     </li>
                     <li class="card__meta__item">
-                            Module:
+                            Vulnerable module:
         
-                            github.com/gosimple/slug
+                            golang.org/x/net/html
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
+                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
         
                     </li>
                 </ul>
@@ -1936,9 +1962,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        helm.sh/helm/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/gosimple/slug@v1.14.0
+                                        golang.org/x/net/html@v0.26.0
                                         
                                 </span>
         
@@ -1949,44 +1975,1470 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
+        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
+        <h2 id="details">Details</h2>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
+        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
+        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
+        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
+        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
+        <h3 id="types-of-attacks">Types of attacks</h3>
+        <p>There are a few methods by which XSS can be manipulated:</p>
+        <table>
+        <thead>
+        <tr>
+        <th>Type</th>
+        <th>Origin</th>
+        <th>Description</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td><strong>Stored</strong></td>
+        <td>Server</td>
+        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
+        </tr>
+        <tr>
+        <td><strong>Reflected</strong></td>
+        <td>Server</td>
+        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
+        </tr>
+        <tr>
+        <td><strong>DOM-based</strong></td>
+        <td>Client</td>
+        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
+        </tr>
+        <tr>
+        <td><strong>Mutated</strong></td>
+        <td></td>
+        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
+        </tr>
+        </tbody></table>
+        <h3 id="affected-environments">Affected environments</h3>
+        <p>The following environments are susceptible to an XSS attack:</p>
+        <ul>
+        <li>Web servers</li>
+        <li>Application servers</li>
+        <li>Web application environments</li>
+        </ul>
+        <h3 id="how-to-prevent">How to prevent</h3>
+        <p>This section describes the top best practices designed to specifically protect your code: </p>
+        <ul>
+        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
+        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
+        <li>Give users the option to disable client-side scripts.</li>
+        <li>Redirect invalid requests.</li>
+        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
+        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
+        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
+        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">NULL Pointer Dereference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
+        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Heap-based Buffer Overflow</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-5702</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and glibc/libc-bin@2.39-0ubuntu8.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
+        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/r3labs/diff
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/r3labs/diff@v1.1.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-version
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-version@v1.6.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-retryablehttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-multierror
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-multierror@v1.1.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-cleanhttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@v0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/gosimple/slug
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/gosimple/slug@v1.14.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/go-jose/go-jose/v4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v4@v4.0.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/go-jose/go-jose/v4@v4.0.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/go-jose/go-jose/v4</code> to version 4.0.5 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
+        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Buffer Overflow</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr">https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664136">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Arbitrary Argument Injection</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835</a></li>
+        <li><a href="https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da">https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da</a></li>
+        <li><a href="https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg">https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664171">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">External Control of File Name or Path</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655">https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664178">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Link Following</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            github.com/go-jose/go-jose/v4
+                            git/git-man
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v4@v4.0.2
         
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
                     </li>
                 </ul>
         
@@ -1998,9 +3450,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-jose/go-jose/v4@v4.0.2
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
                                         
                                 </span>
         
@@ -2011,22 +3485,214 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/go-jose/go-jose/v4</code> to version 4.0.5 or higher.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
-        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9">https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9</a></li>
+        <li><a href="https://github.com/liamg/CVE-2025-48384">https://github.com/liamg/CVE-2025-48384</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664185">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">OS Command Injection</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk&#39;s Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613</a></li>
+        <li><a href="https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5">https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5</a></li>
+        <li><a href="https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652">https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652</a></li>
+        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v">https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664269">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">OS Command Injection</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614</a></li>
+        <li><a href="https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129">https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129</a></li>
+        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc">https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664291">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
diff --git a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
index f78c3e24bb3d0..25d9c35a928b7 100644
--- a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:33:10 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:33:11 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/argocd-iac-install.html b/docs/snyk/v3.0.11/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.0.9/argocd-iac-install.html
rename to docs/snyk/v3.0.11/argocd-iac-install.html
index e32199ebeacf9..03766898fd36a 100644
--- a/docs/snyk/v3.0.9/argocd-iac-install.html
+++ b/docs/snyk/v3.0.11/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:31:44 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:31:53 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26461
+                              Line number: 26467
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v3.0.9/argocd-iac-namespace-install.html b/docs/snyk/v3.0.11/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.0.9/argocd-iac-namespace-install.html
rename to docs/snyk/v3.0.11/argocd-iac-namespace-install.html
index 7218fe383d28d..50adba9563d12 100644
--- a/docs/snyk/v3.0.9/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.11/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:31:56 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:32:03 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2348
+                              Line number: 2354
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v3.0.9/argocd-test.html b/docs/snyk/v3.0.11/argocd-test.html
similarity index 99%
rename from docs/snyk/v3.0.9/argocd-test.html
rename to docs/snyk/v3.0.11/argocd-test.html
index 25f157404dc31..696b673e4d2c3 100644
--- a/docs/snyk/v3.0.9/argocd-test.html
+++ b/docs/snyk/v3.0.11/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:29:22 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:29:39 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
similarity index 99%
rename from docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
rename to docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
index 00feaeebb7acc..8cd1fa4ee0fa9 100644
--- a/docs/snyk/v3.0.9/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:29:33 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:29:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 57ce972e55986..1ea80e08a60f1 100644
--- a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:26:47 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:29:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 9e01df7e88fdb..372650c6a5e56 100644
--- a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:29:42 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:29:56 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html b/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
similarity index 70%
rename from docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
rename to docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
index 40df079176028..785b09182c511 100644
--- a/docs/snyk/v3.1.0-rc1/quay.io_argoproj_argocd_v3.1.0-rc1.html
+++ b/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="19 known vulnerabilities found in 75 vulnerable dependency paths.">
+  <meta name="description" content="27 known vulnerabilities found in 104 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,23 +487,23 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:27:14 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:30:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc1/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.11//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>19</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>75 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2369</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>104 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -511,6 +511,222 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/expr-lang/expr/vm
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/vm@v1.16.9
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/expr-lang/expr/vm@v1.16.9
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/expr-lang/expr/vm</code> to version 1.17.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
+        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRVM-9460820">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/expr-lang/expr/parser
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/parser@v1.16.9
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/expr-lang/expr/parser@v1.16.9
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/expr-lang/expr/parser</code> to version 1.17.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
+        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRPARSER-9460819">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/expr-lang/expr/conf
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/conf@v1.16.9
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/expr-lang/expr/conf@v1.16.9
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/expr-lang/expr/conf</code> to version 1.17.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
+        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
@@ -525,7 +741,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -538,7 +754,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -551,7 +767,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -560,7 +776,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -571,9 +787,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -582,7 +798,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -597,7 +813,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -614,7 +830,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -633,7 +849,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -642,7 +858,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -659,7 +875,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -668,7 +884,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -679,7 +895,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -690,7 +906,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -705,7 +921,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -714,7 +930,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -766,7 +982,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -779,7 +995,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -792,7 +1008,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -801,7 +1017,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -812,9 +1028,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -823,7 +1039,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -838,7 +1054,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -855,7 +1071,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -874,7 +1090,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -883,7 +1099,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -900,7 +1116,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -909,7 +1125,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -920,7 +1136,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -931,7 +1147,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -946,7 +1162,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -955,7 +1171,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1010,7 +1226,7 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1122,6 +1338,640 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">NULL Pointer Dereference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
+        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Heap-based Buffer Overflow</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-5702</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and glibc/libc-bin@2.39-0ubuntu8.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
+        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
@@ -1137,7 +1987,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1199,7 +2049,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1212,7 +2062,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.7.0
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.6.0
         
                     </li>
                 </ul>
@@ -1227,7 +2077,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.7.0
+                                        github.com/hashicorp/go-version@v1.6.0
                                         
                                 </span>
         
@@ -1261,7 +2111,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1323,7 +2173,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1385,7 +2235,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1447,7 +2297,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1509,7 +2359,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1523,7 +2373,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc1, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.11, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1535,31 +2385,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        git/git-man@1:2.43.0-1ubuntu7.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.4.1-1ubuntu0.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                         
                                 </span>
         
@@ -1604,7 +2454,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1617,7 +2467,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -1630,7 +2480,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -1639,7 +2489,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1650,7 +2500,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1663,7 +2513,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -1711,7 +2561,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1724,7 +2574,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -1737,7 +2587,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -1783,7 +2633,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1796,7 +2646,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -1809,7 +2659,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -1860,7 +2710,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1873,7 +2723,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -1886,7 +2736,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -1895,7 +2745,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1906,7 +2756,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1917,7 +2767,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1928,7 +2778,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1939,7 +2789,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1952,13 +2802,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
+                                        libssh/libssh-4@0.10.6-2ubuntu0.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -1967,9 +2817,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1984,9 +2834,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2001,7 +2851,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2010,7 +2860,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2060,7 +2910,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2073,7 +2923,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2086,7 +2936,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2095,9 +2945,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2106,9 +2956,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2117,9 +2967,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2128,7 +2978,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2141,11 +2991,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2154,11 +3004,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2167,7 +3017,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2228,7 +3078,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2241,7 +3091,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnupg2/gpgv@2.4.4-2ubuntu17.3
         
                     </li>
                 </ul>
@@ -2254,80 +3104,80 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
@@ -2376,7 +3226,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2389,7 +3239,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and glibc/libc-bin@2.39-0ubuntu8.4
         
                     </li>
                 </ul>
@@ -2402,7 +3252,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc-bin@2.39-0ubuntu8.4
                                         
@@ -2411,7 +3261,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc6@2.39-0ubuntu8.4
                                         
@@ -2459,7 +3309,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2473,7 +3323,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc1, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.11, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -2485,9 +3335,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                         
@@ -2540,7 +3390,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2553,7 +3403,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc1 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -2566,7 +3416,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc1
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         
diff --git a/docs/snyk/v3.0.9/redis_7.2.7-alpine.html b/docs/snyk/v3.0.11/redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.9/redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.11/redis_7.2.7-alpine.html
index 97a693342e46c..8819c046dc7fd 100644
--- a/docs/snyk/v3.0.9/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.11/redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:30:10 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:30:21 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html b/docs/snyk/v3.1.0-rc3/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc1/argocd-iac-install.html
rename to docs/snyk/v3.1.0-rc3/argocd-iac-install.html
index 578c9088d9a45..8dbccfc48fed1 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-iac-install.html
+++ b/docs/snyk/v3.1.0-rc3/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:28:48 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:29:09 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26551
+                              Line number: 26557
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html b/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
rename to docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
index 0f69bbb774dca..14e6dc7774433 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:29:00 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:29:19 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2354
+                              Line number: 2360
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v3.1.0-rc1/argocd-test.html b/docs/snyk/v3.1.0-rc3/argocd-test.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc1/argocd-test.html
rename to docs/snyk/v3.1.0-rc3/argocd-test.html
index 35f410fc75917..1480ac2f7768a 100644
--- a/docs/snyk/v3.1.0-rc1/argocd-test.html
+++ b/docs/snyk/v3.1.0-rc3/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:26:35 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:27:02 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
rename to docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
index e532495baf6c2..8e03f84aa0add 100644
--- a/docs/snyk/v3.1.0-rc1/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:26:42 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:27:08 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 71b7ddadd054a..9b52a3d266027 100644
--- a/docs/snyk/v3.0.9/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:29:37 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:27:11 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index af7100758e35b..888fbd5fd82a8 100644
--- a/docs/snyk/v3.1.0-rc1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:26:51 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:27:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html b/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
similarity index 84%
rename from docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
rename to docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
index 3a3c5028117d0..5af9c990c7cfc 100644
--- a/docs/snyk/v3.0.9/quay.io_argoproj_argocd_v3.0.9.html
+++ b/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="23 known vulnerabilities found in 92 vulnerable dependency paths.">
+  <meta name="description" content="23 known vulnerabilities found in 100 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,23 +487,23 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 6th 2025, 12:30:05 am (UTC+00:00)</p>
+                <p class="timestamp">July 13th 2025, 12:27:38 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.9//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
               <div class="meta-counts">
                 <div class="meta-count"><span>23</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>92 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>100 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2319</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -511,13 +511,13 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
         
                 <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
                     </div>
                 </div>
         
@@ -525,20 +525,20 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            github.com/expr-lang/expr/vm
+                            pam/libpam0g
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/vm@v1.16.9
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -551,153 +551,174 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/expr-lang/expr/vm@v1.16.9
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/expr-lang/expr/vm</code> to version 1.17.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
-        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRVM-9460820">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/expr-lang/expr/parser
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/parser@v1.16.9
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/expr-lang/expr/parser@v1.16.9
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/expr-lang/expr/parser</code> to version 1.17.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
-        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRPARSER-9460819">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                <hr/>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                            github.com/expr-lang/expr/conf
-                    </li>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                    <li class="card__meta__item">Introduced through:
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/conf@v1.16.9
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                    </li>
-                </ul>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                <hr/>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                        <h3 class="card__section__title">Detailed paths</h3>
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
         
-                    <ul class="card__meta__paths">
+                            </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/expr-lang/expr/conf@v1.16.9
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -708,27 +729,31 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/expr-lang/expr/conf</code> to version 1.17.0 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
-        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Directory Traversal</h2>
+            <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -741,7 +766,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -754,7 +779,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -767,38 +792,38 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -806,14 +831,14 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -821,16 +846,16 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -838,27 +863,27 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -866,47 +891,47 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -914,27 +939,27 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
                                 </span>
         
@@ -948,30 +973,31 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.</p>
+        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>pam</code> to version 1.5.3-5ubuntu5.4 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-10379114">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
+            <h2 class="card__title">NULL Pointer Dereference</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -984,7 +1010,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -992,12 +1018,12 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            pam/libpam0g
+                            gnutls28/libgnutls30t64
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
         
                     </li>
                 </ul>
@@ -1010,174 +1036,212 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
@@ -1189,30 +1253,28 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
+        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
+        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Authentication</h2>
+            <h2 class="card__title">Heap-based Buffer Overflow</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1225,7 +1287,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1233,12 +1295,12 @@ <h2 class="card__title">Improper Authentication</h2>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            pam/libpam0g
+                            gnutls28/libgnutls30t64
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and pam/libpam0g@1.5.3-5ubuntu5.1
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
         
                     </li>
                 </ul>
@@ -1251,174 +1313,212 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Certificate Validation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnutls28/libgnutls30t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
+                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
                                         
                                 </span>
         
@@ -1430,33 +1530,27 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
+        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <h2 class="card__title">CVE-2025-5702</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1469,20 +1563,20 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            golang.org/x/net/html
+                            glibc/libc-bin
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and glibc/libc-bin@2.39-0ubuntu8.4
         
                     </li>
                 </ul>
@@ -1495,9 +1589,18 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.33.0
+                                        glibc/libc6@2.39-0ubuntu8.4
                                         
                                 </span>
         
@@ -1508,77 +1611,22 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
+        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -1596,7 +1644,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1658,7 +1706,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1671,7 +1719,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.6.0
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.7.0
         
                     </li>
                 </ul>
@@ -1686,7 +1734,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.6.0
+                                        github.com/hashicorp/go-version@v1.7.0
                                         
                                 </span>
         
@@ -1720,7 +1768,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1782,7 +1830,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1844,7 +1892,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1906,7 +1954,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1968,7 +2016,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1982,7 +2030,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.9, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc3, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1994,31 +2042,31 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        git/git-man@1:2.43.0-1ubuntu7.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.4.1-1ubuntu0.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                         
                                 </span>
         
@@ -2063,7 +2111,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2076,7 +2124,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -2089,7 +2137,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2098,7 +2146,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2109,7 +2157,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2122,7 +2170,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2170,7 +2218,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2183,7 +2231,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2196,7 +2244,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2242,7 +2290,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2255,7 +2303,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2268,7 +2316,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2319,7 +2367,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2332,7 +2380,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -2345,7 +2393,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2354,7 +2402,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2365,7 +2413,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2376,7 +2424,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2387,7 +2435,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.12
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2398,7 +2446,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2411,13 +2459,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
+                                        libssh/libssh-4@0.10.6-2ubuntu0.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2426,9 +2474,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2443,9 +2491,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2460,7 +2508,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2469,7 +2517,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2519,7 +2567,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2532,7 +2580,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2545,7 +2593,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2554,9 +2602,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2565,9 +2613,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2576,9 +2624,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2587,7 +2635,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2600,11 +2648,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2613,11 +2661,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2626,7 +2674,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2634,7 +2682,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         systemd/libsystemd0@255.4-1ubuntu8.8
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2687,7 +2735,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2700,7 +2748,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnupg2/gpgv@2.4.4-2ubuntu17.3
         
                     </li>
                 </ul>
@@ -2713,80 +2761,80 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                         
                                 </span>
         
@@ -2835,7 +2883,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2848,7 +2896,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and glibc/libc-bin@2.39-0ubuntu8.4
         
                     </li>
                 </ul>
@@ -2861,7 +2909,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc-bin@2.39-0ubuntu8.4
                                         
@@ -2870,7 +2918,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc6@2.39-0ubuntu8.4
                                         
@@ -2918,7 +2966,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2932,7 +2980,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.9, git@1:2.43.0-1ubuntu7.2 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc3, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -2944,9 +2992,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
+                                        git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                         
@@ -2999,7 +3047,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.9/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3012,7 +3060,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.9 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -3025,7 +3073,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.9
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         

From 23a260545d08e32489698827271b76c8aa712deb Mon Sep 17 00:00:00 2001
From: Yusuke Abe <moonset20@gmail.com>
Date: Mon, 14 Jul 2025 23:28:23 +0900
Subject: [PATCH 134/383] chore(ui): convert ApplicationParametersSource
 components to functional components (#23769)

Signed-off-by: chansuke <moonset20@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-parameters-source.tsx         | 156 ++++++++----------
 1 file changed, 72 insertions(+), 84 deletions(-)

diff --git a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx
index 856e0d2c57161..4ca68836d0055 100644
--- a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx
+++ b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx
@@ -1,15 +1,16 @@
 import * as classNames from 'classnames';
 import * as React from 'react';
+import {ReactNode, useContext, useState} from 'react';
 import {FormApi} from 'react-form';
 import {EditablePanelItem} from '../../../shared/components';
 import {EditableSection} from '../../../shared/components/editable-panel/editable-section';
-import {Consumer} from '../../../shared/context';
+import {Context} from '../../../shared/context';
 import '../../../shared/components/editable-panel/editable-panel.scss';
 
 export interface ApplicationParametersPanelProps<T> {
-    floatingTitle?: string | React.ReactNode;
-    titleTop?: string | React.ReactNode;
-    titleBottom?: string | React.ReactNode;
+    floatingTitle?: string | ReactNode;
+    titleTop?: string | ReactNode;
+    titleBottom?: string | ReactNode;
     index: number;
     valuesTop?: T;
     valuesBottom?: T;
@@ -20,93 +21,80 @@ export interface ApplicationParametersPanelProps<T> {
     itemsTop?: EditablePanelItem[];
     itemsBottom?: EditablePanelItem[];
     onModeSwitch?: () => any;
-    viewTop?: string | React.ReactNode;
-    viewBottom?: string | React.ReactNode;
-    editTop?: (formApi: FormApi) => React.ReactNode;
-    editBottom?: (formApi: FormApi) => React.ReactNode;
+    viewTop?: string | ReactNode;
+    viewBottom?: string | ReactNode;
+    editTop?: (formApi: FormApi) => ReactNode;
+    editBottom?: (formApi: FormApi) => ReactNode;
     numberOfSources?: number;
     noReadonlyMode?: boolean;
     collapsible?: boolean;
     deleteSource: () => void;
 }
 
-interface ApplicationParametersPanelState {
-    editTop: boolean;
-    editBottom: boolean;
-    savingTop: boolean;
-    savingBottom: boolean;
-}
-
 // Currently two editable sections, but can be modified to support N panels in general.  This should be part of a white-box, editable-panel.
-export class ApplicationParametersSource<T = {}> extends React.Component<ApplicationParametersPanelProps<T>, ApplicationParametersPanelState> {
-    constructor(props: ApplicationParametersPanelProps<T>) {
-        super(props);
-        this.state = {editTop: !!props.noReadonlyMode, editBottom: !!props.noReadonlyMode, savingTop: false, savingBottom: false};
-    }
-
-    public render() {
-        return (
-            <Consumer>
-                {ctx => (
-                    <div className={classNames({'editable-panel--disabled': this.state.savingTop})}>
-                        {this.props.floatingTitle && <div className='white-box--additional-top-space editable-panel__sticky-title'>{this.props.floatingTitle}</div>}
-                        <EditableSection
-                            uniqueId={'top_' + this.props.index}
-                            title={this.props.titleTop}
-                            view={this.props.viewTop}
-                            values={this.props.valuesTop}
-                            items={this.props.itemsTop}
-                            validate={this.props.validateTop}
-                            save={this.props.saveTop}
-                            onModeSwitch={() => this.onModeSwitch()}
-                            noReadonlyMode={this.props.noReadonlyMode}
-                            edit={this.props.editTop}
-                            collapsible={this.props.collapsible}
-                            ctx={ctx}
-                            isTopSection={true}
-                            disabledState={this.state.editTop || this.state.editTop === null}
-                            disabledDelete={this.props.numberOfSources <= 1}
-                            updateButtons={editClicked => {
-                                this.setState({editBottom: editClicked});
-                            }}
-                            deleteSource={this.props.deleteSource}
-                        />
-                        {this.props.itemsTop && (
-                            <React.Fragment>
-                                <div className='row white-box__details-row'>
-                                    <p>&nbsp;</p>
-                                </div>
-                                <div className='white-box--no-padding editable-panel__divider' />
-                            </React.Fragment>
-                        )}
-                        <EditableSection
-                            uniqueId={'bottom_' + this.props.index}
-                            title={this.props.titleBottom}
-                            view={this.props.viewBottom}
-                            values={this.props.valuesBottom}
-                            items={this.props.itemsBottom}
-                            validate={this.props.validateBottom}
-                            save={this.props.saveBottom}
-                            onModeSwitch={() => this.onModeSwitch()}
-                            noReadonlyMode={this.props.noReadonlyMode}
-                            edit={this.props.editBottom}
-                            collapsible={this.props.collapsible}
-                            ctx={ctx}
-                            isTopSection={false}
-                            disabledState={this.state.editBottom || this.state.editBottom === null}
-                            updateButtons={editClicked => {
-                                this.setState({editTop: editClicked});
-                            }}
-                        />
-                    </div>
-                )}
-            </Consumer>
-        );
-    }
+export function ApplicationParametersSource<T = {}>(props: ApplicationParametersPanelProps<T>) {
+    const [editTop, setEditTop] = useState(!!props.noReadonlyMode);
+    const [editBottom, setEditBottom] = useState(!!props.noReadonlyMode);
+    const [savingTop] = useState(false);
+    const ctx = useContext(Context);
 
-    private onModeSwitch() {
-        if (this.props.onModeSwitch) {
-            this.props.onModeSwitch();
+    const onModeSwitch = () => {
+        if (props.onModeSwitch) {
+            props.onModeSwitch();
         }
-    }
+    };
+
+    return (
+        <div className={classNames({'editable-panel--disabled': savingTop})}>
+            {props.floatingTitle && <div className='white-box--additional-top-space editable-panel__sticky-title'>{props.floatingTitle}</div>}
+            <EditableSection
+                uniqueId={'top_' + props.index}
+                title={props.titleTop}
+                view={props.viewTop}
+                values={props.valuesTop}
+                items={props.itemsTop}
+                validate={props.validateTop}
+                save={props.saveTop}
+                onModeSwitch={() => onModeSwitch()}
+                noReadonlyMode={props.noReadonlyMode}
+                edit={props.editTop}
+                collapsible={props.collapsible}
+                ctx={ctx}
+                isTopSection={true}
+                disabledState={editTop || editTop === null}
+                disabledDelete={props.numberOfSources <= 1}
+                updateButtons={editClicked => {
+                    setEditBottom(editClicked);
+                }}
+                deleteSource={props.deleteSource}
+            />
+            {props.itemsTop && (
+                <>
+                    <div className='row white-box__details-row'>
+                        <p>&nbsp;</p>
+                    </div>
+                    <div className='white-box--no-padding editable-panel__divider' />
+                </>
+            )}
+            <EditableSection
+                uniqueId={'bottom_' + props.index}
+                title={props.titleBottom}
+                view={props.viewBottom}
+                values={props.valuesBottom}
+                items={props.itemsBottom}
+                validate={props.validateBottom}
+                save={props.saveBottom}
+                onModeSwitch={() => onModeSwitch()}
+                noReadonlyMode={props.noReadonlyMode}
+                edit={props.editBottom}
+                collapsible={props.collapsible}
+                ctx={ctx}
+                isTopSection={false}
+                disabledState={editBottom || editBottom === null}
+                updateButtons={editClicked => {
+                    setEditTop(editClicked);
+                }}
+            />
+        </div>
+    );
 }

From 3e6a92d0aa44bd6fa0bbb38b73416be394ce409c Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Mon, 14 Jul 2025 10:36:05 -0400
Subject: [PATCH 135/383] chore(refactor): simplify auto-sync and
 alreadyAttemptedSync (#23628)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go      | 102 +++++++++++-----------
 controller/appcontroller_test.go | 140 ++++++++++++++++++++++++-------
 controller/state.go              |  44 +++++-----
 controller/state_test.go         |   4 +-
 test/e2e/app_autosync_ns_test.go |   2 +-
 test/e2e/app_autosync_test.go    |   2 +-
 6 files changed, 186 insertions(+), 108 deletions(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index 456982bbfb823..154fe596465b0 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1774,7 +1774,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 
 	canSync, _ := project.Spec.SyncWindows.Matches(app).CanSync(false)
 	if canSync {
-		syncErrCond, opDuration := ctrl.autoSync(app, compareResult.syncStatus, compareResult.resources, compareResult.revisionUpdated)
+		syncErrCond, opDuration := ctrl.autoSync(app, compareResult.syncStatus, compareResult.resources, compareResult.revisionsMayHaveChanges)
 		setOpDuration = opDuration
 		if syncErrCond != nil {
 			app.Status.SetConditions(
@@ -2069,7 +2069,7 @@ func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, new
 }
 
 // autoSync will initiate a sync operation for an application configured with automated sync
-func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *appv1.SyncStatus, resources []appv1.ResourceStatus, revisionUpdated bool) (*appv1.ApplicationCondition, time.Duration) {
+func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *appv1.SyncStatus, resources []appv1.ResourceStatus, shouldCompareRevisions bool) (*appv1.ApplicationCondition, time.Duration) {
 	logCtx := log.WithFields(applog.GetAppLogFields(app))
 	ts := stats.NewTimingStats()
 	defer func() {
@@ -2113,23 +2113,21 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 		}
 	}
 
-	selfHeal := app.Spec.SyncPolicy.Automated.SelfHeal
+	desiredRevisions := []string{syncStatus.Revision}
+	if app.Spec.HasMultipleSources() {
+		desiredRevisions = syncStatus.Revisions
+	}
 
-	desiredCommitSHA := syncStatus.Revision
-	desiredCommitSHAsMS := syncStatus.Revisions
-	alreadyAttempted, attemptPhase := alreadyAttemptedSync(app, desiredCommitSHA, desiredCommitSHAsMS, app.Spec.HasMultipleSources(), revisionUpdated)
-	ts.AddCheckpoint("already_attempted_sync_ms")
 	op := appv1.Operation{
 		Sync: &appv1.SyncOperation{
-			Revision:    desiredCommitSHA,
+			Revision:    syncStatus.Revision,
 			Prune:       app.Spec.SyncPolicy.Automated.Prune,
 			SyncOptions: app.Spec.SyncPolicy.SyncOptions,
-			Revisions:   desiredCommitSHAsMS,
+			Revisions:   syncStatus.Revisions,
 		},
 		InitiatedBy: appv1.OperationInitiator{Automated: true},
 		Retry:       appv1.RetryStrategy{Limit: 5},
 	}
-
 	if app.Spec.SyncPolicy.Retry != nil {
 		op.Retry = *app.Spec.SyncPolicy.Retry
 	}
@@ -2138,14 +2136,16 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 	// auto-sync with pruning disabled). We need to ensure that we do not keep Syncing an
 	// application in an infinite loop. To detect this, we only attempt the Sync if the revision
 	// and parameter overrides are different from our most recent sync operation.
+	alreadyAttempted, lastAttemptedRevisions, lastAttemptedPhase := alreadyAttemptedSync(app, desiredRevisions, shouldCompareRevisions)
+	ts.AddCheckpoint("already_attempted_sync_ms")
 	if alreadyAttempted {
-		if !attemptPhase.Successful() {
-			logCtx.Warnf("Skipping auto-sync: failed previous sync attempt to %s", desiredCommitSHA)
-			message := fmt.Sprintf("Failed sync attempt to %s: %s", desiredCommitSHA, app.Status.OperationState.Message)
+		if !lastAttemptedPhase.Successful() {
+			logCtx.Warnf("Skipping auto-sync: failed previous sync attempt to %s and will not retry for %s", lastAttemptedRevisions, desiredRevisions)
+			message := fmt.Sprintf("Failed last sync attempt to %s: %s", lastAttemptedRevisions, app.Status.OperationState.Message)
 			return &appv1.ApplicationCondition{Type: appv1.ApplicationConditionSyncError, Message: message}, 0
 		}
-		if !selfHeal {
-			logCtx.Infof("Skipping auto-sync: most recent sync already to %s", desiredCommitSHA)
+		if !app.Spec.SyncPolicy.Automated.SelfHeal {
+			logCtx.Infof("Skipping auto-sync: most recent sync already to %s", desiredRevisions)
 			return nil, 0
 		}
 		// Self heal will trigger a new sync operation when the desired state changes and cause the application to
@@ -2159,9 +2159,8 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 			}
 		}
 
-		remainingTime := ctrl.selfHealRemainingBackoff(app, int(op.Sync.SelfHealAttemptsCount))
-		if remainingTime > 0 {
-			logCtx.Infof("Skipping auto-sync: already attempted sync to %s with timeout %v (retrying in %v)", desiredCommitSHA, ctrl.selfHealTimeout, remainingTime)
+		if remainingTime := ctrl.selfHealRemainingBackoff(app, int(op.Sync.SelfHealAttemptsCount)); remainingTime > 0 {
+			logCtx.Infof("Skipping auto-sync: already attempted sync to %s with timeout %v (retrying in %v)", lastAttemptedRevisions, ctrl.selfHealTimeout, remainingTime)
 			ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), &remainingTime)
 			return nil, 0
 		}
@@ -2187,7 +2186,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 			}
 		}
 		if bAllNeedPrune {
-			message := fmt.Sprintf("Skipping sync attempt to %s: auto-sync will wipe out all resources", desiredCommitSHA)
+			message := fmt.Sprintf("Skipping sync attempt to %s: auto-sync will wipe out all resources", desiredRevisions)
 			logCtx.Warn(message)
 			return &appv1.ApplicationCondition{Type: appv1.ApplicationConditionSyncError, Message: message}, 0
 		}
@@ -2203,57 +2202,60 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 		if stderrors.Is(err, argo.ErrAnotherOperationInProgress) {
 			// skipping auto-sync because another operation is in progress and was not noticed due to stale data in informer
 			// it is safe to skip auto-sync because it is already running
-			logCtx.Warnf("Failed to initiate auto-sync to %s: %v", desiredCommitSHA, err)
+			logCtx.Warnf("Failed to initiate auto-sync to %s: %v", desiredRevisions, err)
 			return nil, 0
 		}
 
-		logCtx.Errorf("Failed to initiate auto-sync to %s: %v", desiredCommitSHA, err)
+		logCtx.Errorf("Failed to initiate auto-sync to %s: %v", desiredRevisions, err)
 		return &appv1.ApplicationCondition{Type: appv1.ApplicationConditionSyncError, Message: err.Error()}, setOpTime
 	}
 	ctrl.writeBackToInformer(updatedApp)
 	ts.AddCheckpoint("write_back_to_informer_ms")
 
-	var target string
-	if updatedApp.Spec.HasMultipleSources() {
-		target = strings.Join(desiredCommitSHAsMS, ", ")
-	} else {
-		target = desiredCommitSHA
-	}
-	message := fmt.Sprintf("Initiated automated sync to '%s'", target)
+	message := fmt.Sprintf("Initiated automated sync to '%s'", desiredRevisions)
 	ctrl.logAppEvent(context.TODO(), app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: corev1.EventTypeNormal}, message)
 	logCtx.Info(message)
 	return nil, setOpTime
 }
 
-// alreadyAttemptedSync returns whether the most recent sync was performed against the
-// commitSHA and with the same app source config which are currently set in the app.
-func alreadyAttemptedSync(app *appv1.Application, commitSHA string, commitSHAsMS []string, hasMultipleSources bool, revisionUpdated bool) (bool, synccommon.OperationPhase) {
-	if app.Status.OperationState == nil || app.Status.OperationState.Operation.Sync == nil || app.Status.OperationState.SyncResult == nil {
-		return false, ""
-	}
-	if hasMultipleSources {
-		if revisionUpdated {
-			if !reflect.DeepEqual(app.Status.OperationState.SyncResult.Revisions, commitSHAsMS) {
-				return false, ""
+// alreadyAttemptedSync returns whether the most recently synced revision(s) exactly match the given desiredRevisions
+// and for the same application source. If the revision(s) have changed or the Application source configuration has been updated,
+// it will return false, indicating that a new sync should be attempted.
+// When newRevisionHasChanges is false, due to commits not having direct changes on the application, it will not compare the revision(s), but only the sources.
+// It also returns the last synced revisions if any, and the result of that last sync operation.
+func alreadyAttemptedSync(app *appv1.Application, desiredRevisions []string, newRevisionHasChanges bool) (bool, []string, synccommon.OperationPhase) {
+	if app.Status.OperationState == nil {
+		// The operation state may be removed when new operations are triggered
+		return false, []string{}, ""
+	}
+	if app.Status.OperationState.SyncResult == nil {
+		// If the sync has completed without result, it is very likely that an error happened
+		// We don't want to resync with auto-sync indefinitely. We should have retried the configured amount of time already
+		// In this case, a manual action to restore the app may be required
+		log.WithFields(applog.GetAppLogFields(app)).Warn("Already attempted sync: sync does not have any results")
+		return app.Status.OperationState.Phase.Completed(), []string{}, app.Status.OperationState.Phase
+	}
+
+	if newRevisionHasChanges {
+		log.WithFields(applog.GetAppLogFields(app)).Infof("Already attempted sync: comparing synced revisions to %s", desiredRevisions)
+		if app.Spec.HasMultipleSources() {
+			if !reflect.DeepEqual(app.Status.OperationState.SyncResult.Revisions, desiredRevisions) {
+				return false, app.Status.OperationState.SyncResult.Revisions, app.Status.OperationState.Phase
 			}
 		} else {
-			log.WithFields(applog.GetAppLogFields(app)).Debugf("Skipping auto-sync: commitSHA %s has no changes", commitSHA)
-		}
-	} else {
-		if revisionUpdated {
-			log.WithFields(applog.GetAppLogFields(app)).Infof("Executing compare of syncResult.Revision and commitSha because manifest changed: %v", commitSHA)
-			if app.Status.OperationState.SyncResult.Revision != commitSHA {
-				return false, ""
+			if len(desiredRevisions) != 1 || app.Status.OperationState.SyncResult.Revision != desiredRevisions[0] {
+				return false, []string{app.Status.OperationState.SyncResult.Revision}, app.Status.OperationState.Phase
 			}
-		} else {
-			log.WithFields(applog.GetAppLogFields(app)).Debugf("Skipping auto-sync: commitSHA %s has no changes", commitSHA)
 		}
+	} else {
+		log.WithFields(applog.GetAppLogFields(app)).Debugf("Already attempted sync: revisions %s have no changes", desiredRevisions)
 	}
 
-	if hasMultipleSources {
-		return reflect.DeepEqual(app.Spec.Sources, app.Status.OperationState.SyncResult.Sources), app.Status.OperationState.Phase
+	log.WithFields(applog.GetAppLogFields(app)).Debug("Already attempted sync: comparing sources")
+	if app.Spec.HasMultipleSources() {
+		return reflect.DeepEqual(app.Spec.Sources, app.Status.OperationState.SyncResult.Sources), app.Status.OperationState.SyncResult.Revisions, app.Status.OperationState.Phase
 	}
-	return reflect.DeepEqual(app.Spec.GetSource(), app.Status.OperationState.SyncResult.Source), app.Status.OperationState.Phase
+	return reflect.DeepEqual(app.Spec.GetSource(), app.Status.OperationState.SyncResult.Source), []string{app.Status.OperationState.SyncResult.Revision}, app.Status.OperationState.Phase
 }
 
 func (ctrl *ApplicationController) selfHealRemainingBackoff(app *appv1.Application, selfHealAttemptsCount int) time.Duration {
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index cb03d3198b035..17a6fa4784eb0 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -2522,35 +2522,71 @@ func TestAppStatusIsReplaced(t *testing.T) {
 
 func TestAlreadyAttemptSync(t *testing.T) {
 	app := newFakeApp()
+	defaultRevision := app.Status.OperationState.SyncResult.Revision
 
 	t.Run("no operation state", func(t *testing.T) {
 		app := app.DeepCopy()
 		app.Status.OperationState = nil
-		attempted, _ := alreadyAttemptedSync(app, "", []string{}, false, false)
+		attempted, _, _ := alreadyAttemptedSync(app, []string{defaultRevision}, true)
 		assert.False(t, attempted)
 	})
 
-	t.Run("no sync operation", func(t *testing.T) {
+	t.Run("no sync result for running sync", func(t *testing.T) {
 		app := app.DeepCopy()
-		app.Status.OperationState.Operation.Sync = nil
-		attempted, _ := alreadyAttemptedSync(app, "", []string{}, false, false)
+		app.Status.OperationState.SyncResult = nil
+		app.Status.OperationState.Phase = synccommon.OperationRunning
+		attempted, _, _ := alreadyAttemptedSync(app, []string{defaultRevision}, true)
 		assert.False(t, attempted)
 	})
 
-	t.Run("no sync result", func(t *testing.T) {
+	t.Run("no sync result for completed sync", func(t *testing.T) {
 		app := app.DeepCopy()
 		app.Status.OperationState.SyncResult = nil
-		attempted, _ := alreadyAttemptedSync(app, "", []string{}, false, false)
-		assert.False(t, attempted)
+		app.Status.OperationState.Phase = synccommon.OperationError
+		attempted, _, _ := alreadyAttemptedSync(app, []string{defaultRevision}, true)
+		assert.True(t, attempted)
 	})
 
 	t.Run("single source", func(t *testing.T) {
-		t.Run("same manifest with sync result", func(t *testing.T) {
-			attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, false)
+		t.Run("no revision", func(t *testing.T) {
+			attempted, _, _ := alreadyAttemptedSync(app, []string{}, true)
+			assert.False(t, attempted)
+		})
+
+		t.Run("empty revision", func(t *testing.T) {
+			attempted, _, _ := alreadyAttemptedSync(app, []string{""}, true)
+			assert.False(t, attempted)
+		})
+
+		t.Run("too many revision", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revision = "sha"
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha", "sha2"}, true)
+			assert.False(t, attempted)
+		})
+
+		t.Run("same manifest, same SHA with changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revision = "sha"
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha"}, true)
+			assert.True(t, attempted)
+		})
+
+		t.Run("same manifest, different SHA with changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revision = "sha1"
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha2"}, true)
+			assert.False(t, attempted)
+		})
+
+		t.Run("same manifest, different SHA without changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revision = "sha1"
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha2"}, false)
 			assert.True(t, attempted)
 		})
 
-		t.Run("same manifest with sync result different targetRevision, same SHA", func(t *testing.T) {
+		t.Run("different manifest, same SHA with changes", func(t *testing.T) {
 			// This test represents the case where the user changed a source's target revision to a new branch, but it
 			// points to the same revision as the old branch. We currently do not consider this as having been "already
 			// attempted." In the future we may want to short-circuit the auto-sync in these cases.
@@ -2558,55 +2594,101 @@ func TestAlreadyAttemptSync(t *testing.T) {
 			app.Status.OperationState.SyncResult.Source = v1alpha1.ApplicationSource{TargetRevision: "branch1"}
 			app.Spec.Source = &v1alpha1.ApplicationSource{TargetRevision: "branch2"}
 			app.Status.OperationState.SyncResult.Revision = "sha"
-			attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, false)
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha"}, true)
 			assert.False(t, attempted)
 		})
 
-		t.Run("different manifest with sync result, different SHA", func(t *testing.T) {
+		t.Run("different manifest, different SHA with changes", func(t *testing.T) {
 			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Source = v1alpha1.ApplicationSource{Path: "folder1"}
+			app.Spec.Source = &v1alpha1.ApplicationSource{Path: "folder2"}
 			app.Status.OperationState.SyncResult.Revision = "sha1"
-			attempted, _ := alreadyAttemptedSync(app, "sha2", []string{}, false, true)
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha2"}, true)
 			assert.False(t, attempted)
 		})
 
-		t.Run("different manifest with sync result, same SHA", func(t *testing.T) {
+		t.Run("different manifest, different SHA without changes", func(t *testing.T) {
 			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Source = v1alpha1.ApplicationSource{Path: "folder1"}
+			app.Spec.Source = &v1alpha1.ApplicationSource{Path: "folder2"}
+			app.Status.OperationState.SyncResult.Revision = "sha1"
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha2"}, false)
+			assert.False(t, attempted)
+		})
+
+		t.Run("different manifest, same SHA without changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Source = v1alpha1.ApplicationSource{Path: "folder1"}
+			app.Spec.Source = &v1alpha1.ApplicationSource{Path: "folder2"}
 			app.Status.OperationState.SyncResult.Revision = "sha"
-			attempted, _ := alreadyAttemptedSync(app, "sha", []string{}, false, true)
-			assert.True(t, attempted)
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha"}, false)
+			assert.False(t, attempted)
 		})
 	})
 
 	t.Run("multi-source", func(t *testing.T) {
-		t.Run("same manifest with sync result", func(t *testing.T) {
-			attempted, _ := alreadyAttemptedSync(app, "", []string{"sha"}, true, false)
+		app := app.DeepCopy()
+		app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder2"}}
+		app.Spec.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder2"}}
+
+		t.Run("same manifest, same SHAs with changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a", "sha_b"}
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a", "sha_b"}, true)
 			assert.True(t, attempted)
 		})
 
-		t.Run("same manifest with sync result, different targetRevision, same SHA", func(t *testing.T) {
+		t.Run("same manifest, different SHAs with changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a_=", "sha_b_1"}
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a_2", "sha_b_2"}, true)
+			assert.False(t, attempted)
+		})
+
+		t.Run("same manifest, different SHA without changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a_=", "sha_b_1"}
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a_2", "sha_b_2"}, false)
+			assert.True(t, attempted)
+		})
+
+		t.Run("different manifest, same SHA with changes", func(t *testing.T) {
 			// This test represents the case where the user changed a source's target revision to a new branch, but it
 			// points to the same revision as the old branch. We currently do not consider this as having been "already
 			// attempted." In the future we may want to short-circuit the auto-sync in these cases.
 			app := app.DeepCopy()
-			app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{TargetRevision: "branch1"}}
-			app.Spec.Sources = []v1alpha1.ApplicationSource{{TargetRevision: "branch2"}}
-			app.Status.OperationState.SyncResult.Revisions = []string{"sha"}
-			attempted, _ := alreadyAttemptedSync(app, "", []string{"sha"}, true, false)
+			app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{TargetRevision: "branch1"}, {TargetRevision: "branch2"}}
+			app.Spec.Sources = []v1alpha1.ApplicationSource{{TargetRevision: "branch1"}, {TargetRevision: "branch3"}}
+			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a_2", "sha_b_2"}
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a_2", "sha_b_2"}, false)
 			assert.False(t, attempted)
 		})
 
-		t.Run("different manifest with sync result, different SHAs", func(t *testing.T) {
+		t.Run("different manifest, different SHA with changes", func(t *testing.T) {
 			app := app.DeepCopy()
-			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a_=", "sha_b_1"}
-			attempted, _ := alreadyAttemptedSync(app, "", []string{"sha_a_2", "sha_b_2"}, true, true)
+			app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder2"}}
+			app.Spec.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder3"}}
+			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a", "sha_b"}
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a", "sha_b_2"}, true)
 			assert.False(t, attempted)
 		})
 
-		t.Run("different manifest with sync result, same SHAs", func(t *testing.T) {
+		t.Run("different manifest, different SHA without changes", func(t *testing.T) {
 			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder2"}}
+			app.Spec.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder3"}}
 			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a", "sha_b"}
-			attempted, _ := alreadyAttemptedSync(app, "", []string{"sha_a", "sha_b"}, true, true)
-			assert.True(t, attempted)
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a", "sha_b_2"}, false)
+			assert.False(t, attempted)
+		})
+
+		t.Run("different manifest, same SHA without changes", func(t *testing.T) {
+			app := app.DeepCopy()
+			app.Status.OperationState.SyncResult.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder2"}}
+			app.Spec.Sources = []v1alpha1.ApplicationSource{{Path: "folder1"}, {Path: "folder3"}}
+			app.Status.OperationState.SyncResult.Revisions = []string{"sha_a", "sha_b"}
+			attempted, _, _ := alreadyAttemptedSync(app, []string{"sha_a", "sha_b"}, false)
+			assert.False(t, attempted)
 		})
 	})
 }
diff --git a/controller/state.go b/controller/state.go
index 7c896fc1c02d2..e4420a3127fc6 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -90,7 +90,8 @@ type comparisonResult struct {
 	timings            map[string]time.Duration
 	diffResultList     *diff.DiffResultList
 	hasPostDeleteHooks bool
-	revisionUpdated    bool
+	// revisionsMayHaveChanges indicates if there are any possibilities that the revisions contain changes
+	revisionsMayHaveChanges bool
 }
 
 func (res *comparisonResult) GetSyncStatus() *v1alpha1.SyncStatus {
@@ -222,9 +223,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		return nil, nil, false, fmt.Errorf("failed to get ref sources: %w", err)
 	}
 
-	revisionUpdated := false
-
-	atLeastOneRevisionIsNotPossibleToBeUpdated := false
+	revisionsMayHaveChanges := false
 
 	keyManifestGenerateAnnotationVal, keyManifestGenerateAnnotationExists := app.Annotations[v1alpha1.AnnotationKeyManifestGeneratePaths]
 
@@ -281,7 +280,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 				return nil, nil, false, fmt.Errorf("failed to compare revisions for source %d of %d: %w", i+1, len(sources), err)
 			}
 			if updateRevisionResult.Changes {
-				revisionUpdated = true
+				revisionsMayHaveChanges = true
 			}
 
 			// Generate manifests should use same revision as updateRevisionForPaths, because HEAD revision may be different between these two calls
@@ -289,8 +288,8 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 				revision = updateRevisionResult.Revision
 			}
 		} else {
-			// revisionUpdated is set to true if at least one revision is not possible to be updated,
-			atLeastOneRevisionIsNotPossibleToBeUpdated = true
+			// revisionsMayHaveChanges is set to true if at least one revision is not possible to be updated
+			revisionsMayHaveChanges = true
 		}
 
 		repos := permittedHelmRepos
@@ -351,13 +350,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 	logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds())
 	logCtx.Info("GetRepoObjs stats")
 
-	// If a revision in any of the sources cannot be updated,
-	// we should trigger self-healing whenever there are changes to the manifests.
-	if atLeastOneRevisionIsNotPossibleToBeUpdated {
-		revisionUpdated = true
-	}
-
-	return targetObjs, manifestInfos, revisionUpdated, nil
+	return targetObjs, manifestInfos, revisionsMayHaveChanges, nil
 }
 
 // ResolveGitRevision will resolve the given revision to a full commit SHA. Only works for git.
@@ -589,7 +582,8 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 	var manifestInfos []*apiclient.ManifestResponse
 	targetNsExists := false
 
-	var revisionUpdated bool
+	// revisionsMayHaveChanges if there are any possibilities that the revisions contain changes
+	var revisionsMayHaveChanges bool
 
 	if len(localManifests) == 0 {
 		// If the length of revisions is not same as the length of sources,
@@ -601,7 +595,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 			}
 		}
 
-		targetObjs, manifestInfos, revisionUpdated, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, true)
+		targetObjs, manifestInfos, revisionsMayHaveChanges, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, true)
 		if err != nil {
 			targetObjs = make([]*unstructured.Unstructured, 0)
 			msg := "Failed to load target state: " + err.Error()
@@ -994,15 +988,15 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 	}
 
 	compRes := comparisonResult{
-		syncStatus:           &syncStatus,
-		healthStatus:         healthStatus,
-		resources:            resourceSummaries,
-		managedResources:     managedResources,
-		reconciliationResult: reconciliation,
-		diffConfig:           diffConfig,
-		diffResultList:       diffResults,
-		hasPostDeleteHooks:   hasPostDeleteHooks,
-		revisionUpdated:      revisionUpdated,
+		syncStatus:              &syncStatus,
+		healthStatus:            healthStatus,
+		resources:               resourceSummaries,
+		managedResources:        managedResources,
+		reconciliationResult:    reconciliation,
+		diffConfig:              diffConfig,
+		diffResultList:          diffResults,
+		hasPostDeleteHooks:      hasPostDeleteHooks,
+		revisionsMayHaveChanges: revisionsMayHaveChanges,
 	}
 
 	if hasMultipleSources {
diff --git a/controller/state_test.go b/controller/state_test.go
index 7fe2b48cfbc22..f3fdf92396dab 100644
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -1774,7 +1774,7 @@ func TestCompareAppStateDefaultRevisionUpdated(t *testing.T) {
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
-	assert.True(t, compRes.revisionUpdated)
+	assert.True(t, compRes.revisionsMayHaveChanges)
 }
 
 func TestCompareAppStateRevisionUpdatedWithHelmSource(t *testing.T) {
@@ -1797,7 +1797,7 @@ func TestCompareAppStateRevisionUpdatedWithHelmSource(t *testing.T) {
 	require.NoError(t, err)
 	assert.NotNil(t, compRes)
 	assert.NotNil(t, compRes.syncStatus)
-	assert.True(t, compRes.revisionUpdated)
+	assert.True(t, compRes.revisionsMayHaveChanges)
 }
 
 func Test_normalizeClusterScopeTracking(t *testing.T) {
diff --git a/test/e2e/app_autosync_ns_test.go b/test/e2e/app_autosync_ns_test.go
index e030156455586..17d6fcd09545c 100644
--- a/test/e2e/app_autosync_ns_test.go
+++ b/test/e2e/app_autosync_ns_test.go
@@ -81,7 +81,7 @@ func TestNSAutoSyncSelfHealEnabled(t *testing.T) {
 		Refresh(RefreshTypeNormal).
 		Then().
 		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
-		Expect(Condition(ApplicationConditionSyncError, "Failed sync attempt")).
+		Expect(Condition(ApplicationConditionSyncError, "Failed last sync attempt")).
 		When().
 		// SyncError condition should be removed after successful sync
 		PatchFile("guestbook-ui-deployment.yaml", `[{"op": "replace", "path": "/spec/revisionHistoryLimit", "value": 1}]`).
diff --git a/test/e2e/app_autosync_test.go b/test/e2e/app_autosync_test.go
index d0fc29a655a45..ef805f6bad625 100644
--- a/test/e2e/app_autosync_test.go
+++ b/test/e2e/app_autosync_test.go
@@ -76,7 +76,7 @@ func TestAutoSyncSelfHealEnabled(t *testing.T) {
 		Refresh(RefreshTypeNormal).
 		Then().
 		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
-		Expect(Condition(ApplicationConditionSyncError, "Failed sync attempt")).
+		Expect(Condition(ApplicationConditionSyncError, "Failed last sync attempt")).
 		When().
 		// SyncError condition should be removed after successful sync
 		PatchFile("guestbook-ui-deployment.yaml", `[{"op": "replace", "path": "/spec/revisionHistoryLimit", "value": 1}]`).

From 43c82043bd042575aeae6c938d516b8a63b81869 Mon Sep 17 00:00:00 2001
From: gyu-young-park <44598664+gyu-young-park@users.noreply.github.com>
Date: Tue, 15 Jul 2025 00:16:28 +0900
Subject: [PATCH 136/383] docs: fix missing closing parenthesis in onelogin
 (#23779)

Signed-off-by: gyu-young-park <gyoue200125@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/user-management/onelogin.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/user-management/onelogin.md b/docs/operator-manual/user-management/onelogin.md
index fa417d42de308..0407c21dc28f9 100644
--- a/docs/operator-manual/user-management/onelogin.md
+++ b/docs/operator-manual/user-management/onelogin.md
@@ -23,7 +23,7 @@ To create the application, do the following:
 2. Click "Add App".
 3. Search for "OpenID Connect" in the search field.
 4. Select the "OpenId Connect (OIDC)" app to create.
-5. Update the "Display Name" field (could be something like "ArgoCD (Production)".
+5. Update the "Display Name" field (could be something like "ArgoCD (Production)").
 6. Click "Save".
 
 ### Configuring OIDC Application Settings

From b85b8880741aab00dfe7814816e03f95af5968cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Nore=C3=B1a=20Perez?= <jdavid.norena@hotmail.com>
Date: Mon, 14 Jul 2025 10:17:14 -0500
Subject: [PATCH 137/383] docs: Microsoft SSO requestedIDTokenClaims to be
 ApplicationGroup (#23711)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: David Noreña Perez <jdavid.norena@hotmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/user-management/microsoft.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/user-management/microsoft.md b/docs/operator-manual/user-management/microsoft.md
index ac431bdc78c0e..ccbb38370d8b9 100644
--- a/docs/operator-manual/user-management/microsoft.md
+++ b/docs/operator-manual/user-management/microsoft.md
@@ -80,7 +80,7 @@
                      requestedIDTokenClaims:
                         groups:
                            essential: true
-                           value: "SecurityGroup"
+                           value: "ApplicationGroup"
                      requestedScopes:
                         - openid
                         - profile

From a2010f8c87ff6c35ac01c13dbba5caec08fb480d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 14 Jul 2025 12:18:05 -0400
Subject: [PATCH 138/383] chore(deps): bump github.com/bmatcuk/doublestar/v4
 from 4.8.1 to 4.9.0 (#23774)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d3200d8136a2a..b462e4c7944a3 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
 	github.com/aws/aws-sdk-go v1.55.7
-	github.com/bmatcuk/doublestar/v4 v4.8.1
+	github.com/bmatcuk/doublestar/v4 v4.9.0
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
 	github.com/casbin/casbin/v2 v2.109.0
diff --git a/go.sum b/go.sum
index c440a71cacaf5..49c603cee4611 100644
--- a/go.sum
+++ b/go.sum
@@ -164,8 +164,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
-github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38=
-github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bmatcuk/doublestar/v4 v4.9.0 h1:DBvuZxjdKkRP/dr4GVV4w2fnmrk5Hxc90T51LZjv0JA=
+github.com/bmatcuk/doublestar/v4 v4.9.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bombsimon/logrusr/v4 v4.1.0 h1:uZNPbwusB0eUXlO8hIUwStE6Lr5bLN6IgYgG+75kuh4=
 github.com/bombsimon/logrusr/v4 v4.1.0/go.mod h1:pjfHC5e59CvjTBIU3V3sGhFWFAnsnhOR03TRc6im0l8=
 github.com/bradleyfalzon/ghinstallation/v2 v2.16.0 h1:B91r9bHtXp/+XRgS5aZm6ZzTdz3ahgJYmkt4xZkgDz8=

From 19054f43a717cb13e45ef9acc56ef1af21f93424 Mon Sep 17 00:00:00 2001
From: Xiaopeng Han <hanxiaop8@outlook.com>
Date: Tue, 15 Jul 2025 15:13:47 +0800
Subject: [PATCH 139/383] fix(ui): account detail page crashes for accounts
 with empty capabilities (#23787)

Signed-off-by: xiaopeng <hanxiaop8@outlook.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../app/settings/components/account-details/account-details.tsx | 2 +-
 ui/src/app/settings/components/accounts-list/accounts-list.tsx  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/src/app/settings/components/account-details/account-details.tsx b/ui/src/app/settings/components/account-details/account-details.tsx
index e81993f07053e..9e59c1b8560b6 100644
--- a/ui/src/app/settings/components/account-details/account-details.tsx
+++ b/ui/src/app/settings/components/account-details/account-details.tsx
@@ -39,7 +39,7 @@ export const AccountDetails = (props: RouteComponentProps<{name: string}>) => {
                                     </div>
                                     <div className='row white-box__details-row'>
                                         <div className='columns small-3'>CAPABILITIES</div>
-                                        <div className='columns small-9'>{account.capabilities.join(', ')}</div>
+                                        <div className='columns small-9'>{(account.capabilities || []).join(', ')}</div>
                                     </div>
                                 </div>
                             </div>
diff --git a/ui/src/app/settings/components/accounts-list/accounts-list.tsx b/ui/src/app/settings/components/accounts-list/accounts-list.tsx
index f6e362d7743ca..44ae9bfe8a4d5 100644
--- a/ui/src/app/settings/components/accounts-list/accounts-list.tsx
+++ b/ui/src/app/settings/components/accounts-list/accounts-list.tsx
@@ -29,7 +29,7 @@ export const AccountsList = () => {
                                         <div className='row'>
                                             <div className='columns small-3'>{account.name}</div>
                                             <div className='columns small-3'>{(account.enabled && 'true') || 'false'}</div>
-                                            <div className='columns small-6'>{account.capabilities && account.capabilities.join(', ')}</div>
+                                            <div className='columns small-6'>{(account.capabilities || []).join(', ')}</div>
                                         </div>
                                     </div>
                                 ))}

From a7962a286cd1ae89275477a0451ba31884e322f3 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 16 Jul 2025 12:49:20 +0530
Subject: [PATCH 140/383] update redis init.sh

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 manifests/base/redis/argocd-redis-cm.yaml     |  33 ++--
 .../base/redis/argocd-redis-deployment.yaml   |   2 +-
 .../ha/base/redis-ha/chart/upstream.yaml      | 162 ++++++++++--------
 3 files changed, 105 insertions(+), 92 deletions(-)

diff --git a/manifests/base/redis/argocd-redis-cm.yaml b/manifests/base/redis/argocd-redis-cm.yaml
index 18d1e77b57442..dc701b0de9c82 100644
--- a/manifests/base/redis/argocd-redis-cm.yaml
+++ b/manifests/base/redis/argocd-redis-cm.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: argocd-redis-configmap
+  name: argocd-redis-cm
   labels:
     app.kubernetes.io/name: argocd-redis
     app.kubernetes.io/part-of: argocd
@@ -18,22 +18,25 @@ data:
 
     # Determine which source to use for the Redis password
     if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\n\r')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            REDIS_PASSWORD="$file_auth"
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${REDIS_PASSWORD:-}" ]; then
-        echo "Retrieved Redis password from environment"
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
     else
-        echo "WARNING: Redis password not set via file or environment."
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
     fi
-    }
 
     echo "Setting redis auth values.."
     ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
diff --git a/manifests/base/redis/argocd-redis-deployment.yaml b/manifests/base/redis/argocd-redis-deployment.yaml
index 331a92dabc5d3..7d68346933c7f 100644
--- a/manifests/base/redis/argocd-redis-deployment.yaml
+++ b/manifests/base/redis/argocd-redis-deployment.yaml
@@ -89,7 +89,7 @@ spec:
       volumes:
         - name: config
           configMap:
-            name: argocd-redis-configmap
+            name: argocd-redis-cm
         - name: data
           emptyDir: {}
         - name: redis-creds
diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml
index 89aa7568e1179..4a222e08c1319 100644
--- a/manifests/ha/base/redis-ha/chart/upstream.yaml
+++ b/manifests/ha/base/redis-ha/chart/upstream.yaml
@@ -395,22 +395,24 @@ data:
     # Load AUTH from file or env
     echo "Loading redis credentials"
     if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            AUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis credentials from environment"
-    else
-        echo "ERROR: Redis credentials not set via file or environment"
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
         exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
     fi
 
     set -eu
@@ -779,22 +781,24 @@ data:
     # Load AUTH from file or env
     echo "Loading redis credentials"
     if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            AUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis credentials from environment"
-    else
-        echo "ERROR: Redis credentials not set via file or environment"
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
         exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
     fi
 
     # Inject AUTH into haproxy config
@@ -835,22 +839,24 @@ data:
     # Load AUTH from file or env
     echo "Loading redis credentials"
     if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            AUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis credentials from environment"
-    else
-        echo "ERROR: Redis credentials not set via file or environment"
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASAUTHSWORD="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
         exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
     fi
 
     get_redis_role() {
@@ -900,22 +906,24 @@ data:
     # Load AUTH from file or env
     echo "Loading redis credentials"
     if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            AUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis credentials from environment"
-    else
-        echo "ERROR: Redis credentials not set via file or environment"
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
         exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
     fi
 
     response=$(
@@ -935,22 +943,24 @@ data:
     # Load AUTH from file or env
     echo "Loading redis credentials"
     if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            AUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis credentials from environment"
-    else
-        echo "ERROR: Redis credentials not set via file or environment"
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
         exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
     fi
 
     response=$(
@@ -1355,7 +1365,7 @@ spec:
           secretName: argocd-redis
           items:
             - key: auth
-              path: auth
+              path: test
           optional: true
       - name: config-volume
         configMap:

From 5510ccbf98e86958700114c2382666705378842e Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 16 Jul 2025 15:28:36 +0530
Subject: [PATCH 141/383] update redis ha overlay to update configmap

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 manifests/ha/base/redis-ha/kustomization.yaml |  14 +
 .../argocd-redis-ha-configmap-script.yaml     | 744 ++++++++++++++++++
 ...gocd-redis-ha-health-configmap-script.yaml | 100 +++
 3 files changed, 858 insertions(+)
 create mode 100644 manifests/ha/base/redis-ha/overlays/argocd-redis-ha-configmap-script.yaml
 create mode 100644 manifests/ha/base/redis-ha/overlays/argocd-redis-ha-health-configmap-script.yaml

diff --git a/manifests/ha/base/redis-ha/kustomization.yaml b/manifests/ha/base/redis-ha/kustomization.yaml
index 0da9beb9930e8..0f6386ae81b11 100644
--- a/manifests/ha/base/redis-ha/kustomization.yaml
+++ b/manifests/ha/base/redis-ha/kustomization.yaml
@@ -21,6 +21,20 @@ patches:
     name: argocd-redis-ha-configmap
     namespace: argocd
   path: overlays/remove-namespace.yaml
+- target:
+    version: v1
+    group: ""
+    kind: ConfigMap
+    name: argocd-redis-ha-health-configmap
+    namespace: argocd
+  path: overlays/argocd-redis-ha-health-configmap-script.yaml
+- target:
+    version: v1
+    group: ""
+    kind: ConfigMap
+    name: argocd-redis-ha-configmap
+    namespace: argocd
+  path: overlays/argocd-redis-ha-configmap-script.yaml 
 - target:
     version: v1
     group: ""
diff --git a/manifests/ha/base/redis-ha/overlays/argocd-redis-ha-configmap-script.yaml b/manifests/ha/base/redis-ha/overlays/argocd-redis-ha-configmap-script.yaml
new file mode 100644
index 0000000000000..442b633fdd6b3
--- /dev/null
+++ b/manifests/ha/base/redis-ha/overlays/argocd-redis-ha-configmap-script.yaml
@@ -0,0 +1,744 @@
+- op: replace
+  path: /data/init.sh
+  value: |
+    echo "$(date) Start..."
+    HOSTNAME="$(hostname)"
+    INDEX="${HOSTNAME##*-}"
+    SENTINEL_PORT=26379
+    ANNOUNCE_IP=''
+    MASTER=''
+    MASTER_GROUP="argocd"
+    QUORUM="2"
+    REDIS_CONF=/data/conf/redis.conf
+    REDIS_PORT=6379
+    REDIS_TLS_PORT=
+    SENTINEL_CONF=/data/conf/sentinel.conf
+    SENTINEL_TLS_PORT=
+    SERVICE=argocd-redis-ha
+    SENTINEL_TLS_REPLICATION_ENABLED=false
+    REDIS_TLS_REPLICATION_ENABLED=false
+
+    load_auth_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+    }
+
+    load_sentinel_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
+        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
+        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis sentinel credentials from file"
+            SENTINELAUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis sentinel credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${SENTINELAUTH:-}" ]; then
+        echo "Retrieved Redis sentinel credentials from environment"
+    else
+        echo "WARNING: Redis sentinel credentials not set via file or environment."
+    fi
+    }
+
+    set -eu
+    sentinel_get_master() {
+    set +e
+        if [ "$SENTINEL_PORT" -eq 0 ]; then
+            redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"  --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
+            grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
+        else
+            redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
+            grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
+        fi
+    set -e
+    }
+
+    sentinel_get_master_retry() {
+        master=''
+        retry=${1}
+        sleep=3
+        for i in $(seq 1 "${retry}"); do
+            master=$(sentinel_get_master)
+            if [ -n "${master}" ]; then
+                break
+            fi
+            sleep $((sleep + i))
+        done
+        echo "${master}"
+    }
+
+    identify_master() {
+        echo "Identifying redis master (get-master-addr-by-name).."
+        echo "  using sentinel (argocd-redis-ha), sentinel group name (argocd)"
+        MASTER="$(sentinel_get_master_retry 3)"
+        if [ -n "${MASTER}" ]; then
+            echo "  $(date) Found redis master (${MASTER})"
+        else
+            echo "  $(date) Did not find redis master (${MASTER})"
+        fi
+    }
+
+    sentinel_update() {
+        echo "Updating sentinel config.."
+        echo "  evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
+        eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
+        echo "  sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
+        sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
+        if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
+            echo "  redis master (${1}:${REDIS_TLS_PORT})"
+            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
+        else
+            echo "  redis master (${1}:${REDIS_PORT})"
+            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
+        fi
+        echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
+        if [ "$SENTINEL_PORT" -eq 0 ]; then
+            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
+            echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
+        else
+            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
+            echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
+        fi
+    }
+
+    redis_update() {
+        echo "Updating redis config.."
+        if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
+            echo "  we are slave of redis master (${1}:${REDIS_TLS_PORT})"
+            echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
+            echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
+        else
+            echo "  we are slave of redis master (${1}:${REDIS_PORT})"
+            echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
+            echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
+        fi
+        echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
+    }
+
+    copy_config() {
+        echo "Copying default redis config.."
+        echo "  to '${REDIS_CONF}'"
+        cp /readonly-config/redis.conf "${REDIS_CONF}"
+        echo "Copying default sentinel config.."
+        echo "  to '${SENTINEL_CONF}'"
+        cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
+    }
+
+    setup_defaults() {
+        echo "Setting up defaults.."
+        echo "  using statefulset index (${INDEX})"
+        if [ "${INDEX}" = "0" ]; then
+            echo "Setting this pod as master for redis and sentinel.."
+            echo "  using announce (${ANNOUNCE_IP})"
+            redis_update "${ANNOUNCE_IP}"
+            sentinel_update "${ANNOUNCE_IP}"
+            echo "  make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
+            sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
+        else
+            echo "Getting redis master ip.."
+            echo "  blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
+            DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
+            if [ -z "${DEFAULT_MASTER}" ]; then
+                echo "Error: Unable to resolve redis master (getent hosts)."
+                exit 1
+            fi
+            echo "  identified redis (may be redis master) ip (${DEFAULT_MASTER})"
+            echo "Setting default slave config for redis and sentinel.."
+            echo "  using master ip (${DEFAULT_MASTER})"
+            redis_update "${DEFAULT_MASTER}"
+            sentinel_update "${DEFAULT_MASTER}"
+        fi
+    }
+
+    redis_ping() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
+        else
+            redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping
+        fi
+    set -e
+    }
+
+    redis_ping_retry() {
+        ping=''
+        retry=${1}
+        sleep=3
+        for i in $(seq 1 "${retry}"); do
+            if [ "$(redis_ping)" = "PONG" ]; then
+               ping='PONG'
+               break
+            fi
+            sleep $((sleep + i))
+            MASTER=$(sentinel_get_master)
+        done
+        echo "${ping}"
+    }
+
+    find_master() {
+        echo "Verifying redis master.."
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            echo "  ping (${MASTER}:${REDIS_TLS_PORT})"
+        else
+            echo "  ping (${MASTER}:${REDIS_PORT})"
+        fi
+        if [ "$(redis_ping_retry 3)" != "PONG" ]; then
+            echo "  $(date) Can't ping redis master (${MASTER})"
+            echo "Attempting to force failover (sentinel failover).."
+
+            if [ "$SENTINEL_PORT" -eq 0 ]; then
+                echo "  on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
+                if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"  --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
+                    echo "Setting defaults for this pod.."
+                    setup_defaults
+                    return 0
+                fi
+            else
+                echo "  on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
+                if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
+                    echo "Setting defaults for this pod.."
+                    setup_defaults
+                    return 0
+                fi
+            fi
+
+            echo "Hold on for 10sec"
+            sleep 10
+            echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
+            if [ "$SENTINEL_PORT" -eq 0 ]; then
+                echo "  sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
+            else
+                echo "  sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
+            fi
+            MASTER="$(sentinel_get_master)"
+            if [ "${MASTER}" ]; then
+                echo "  $(date) Found redis master (${MASTER})"
+                echo "Updating redis and sentinel config.."
+                sentinel_update "${MASTER}"
+                redis_update "${MASTER}"
+            else
+                echo "$(date) Error: Could not failover, exiting..."
+                exit 1
+            fi
+        else
+            echo "  $(date) Found reachable redis master (${MASTER})"
+            echo "Updating redis and sentinel config.."
+            sentinel_update "${MASTER}"
+            redis_update "${MASTER}"
+        fi
+    }
+
+    redis_ro_update() {
+        echo "Updating read-only redis config.."
+        echo "  redis.conf set 'replica-priority 0'"
+        echo "replica-priority 0" >> ${REDIS_CONF}
+    }
+
+    getent_hosts() {
+        index=${1:-${INDEX}}
+        service="${SERVICE}-announce-${index}"
+        host=$(getent hosts "${service}")
+        echo "${host}"
+    }
+
+    identify_announce_ip() {
+        echo "Identify announce ip for this pod.."
+        echo "  using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
+        ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
+        echo "  identified announce (${ANNOUNCE_IP})"
+    }
+
+    mkdir -p /data/conf/
+
+    echo "Initializing config.."
+    copy_config
+
+    # where is redis master
+    identify_master
+
+    identify_announce_ip
+
+    # Load Redis credentials from file or env
+    echo "Loading redis credentials"
+    load_auth_password
+    load_sentinel_password
+
+    if [ -z "${ANNOUNCE_IP}" ]; then
+        "Error: Could not resolve the announce ip for this pod"
+        exit 1
+    elif [ "${MASTER}" ]; then
+        find_master
+    else
+        setup_defaults
+    fi
+
+    if [ "${AUTH:-}" ]; then
+        echo "Setting redis auth values.."
+        ESCAPED_AUTH=$(echo "${AUTH}" | sed -e 's/[\/&]/\\&/g');
+        sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}" "${SENTINEL_CONF}"
+    fi
+
+    if [ "${SENTINELAUTH:-}" ]; then
+        echo "Setting sentinel auth values"
+        ESCAPED_AUTH_SENTINEL=$(echo "$SENTINELAUTH" | sed -e 's/[\/&]/\\&/g');
+        sed -i "s/replace-default-sentinel-auth/${ESCAPED_AUTH_SENTINEL}/" "$SENTINEL_CONF"
+    fi
+
+    echo "$(date) Ready..."
+
+- op: replace
+  path: /data/fix-split-brain.sh
+  value: |
+    HOSTNAME="$(hostname)"
+    INDEX="${HOSTNAME##*-}"
+    SENTINEL_PORT=26379
+    ANNOUNCE_IP=''
+    MASTER=''
+    MASTER_GROUP="argocd"
+    QUORUM="2"
+    REDIS_CONF=/data/conf/redis.conf
+    REDIS_PORT=6379
+    REDIS_TLS_PORT=
+    SENTINEL_CONF=/data/conf/sentinel.conf
+    SENTINEL_TLS_PORT=
+    SERVICE=argocd-redis-ha
+    SENTINEL_TLS_REPLICATION_ENABLED=false
+    REDIS_TLS_REPLICATION_ENABLED=false
+
+    ROLE=''
+    REDIS_MASTER=''
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    set -eu
+    sentinel_get_master() {
+    set +e
+        if [ "$SENTINEL_PORT" -eq 0 ]; then
+            redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"  --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
+            grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
+        else
+            redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel get-master-addr-by-name "${MASTER_GROUP}" |\
+            grep -E '((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?s*$))'
+        fi
+    set -e
+    }
+
+    sentinel_get_master_retry() {
+        master=''
+        retry=${1}
+        sleep=3
+        for i in $(seq 1 "${retry}"); do
+            master=$(sentinel_get_master)
+            if [ -n "${master}" ]; then
+                break
+            fi
+            sleep $((sleep + i))
+        done
+        echo "${master}"
+    }
+
+    identify_master() {
+        echo "Identifying redis master (get-master-addr-by-name).."
+        echo "  using sentinel (argocd-redis-ha), sentinel group name (argocd)"
+        MASTER="$(sentinel_get_master_retry 3)"
+        if [ -n "${MASTER}" ]; then
+            echo "  $(date) Found redis master (${MASTER})"
+        else
+            echo "  $(date) Did not find redis master (${MASTER})"
+        fi
+    }
+
+    sentinel_update() {
+        echo "Updating sentinel config.."
+        echo "  evaluating sentinel id (\${SENTINEL_ID_${INDEX}})"
+        eval MY_SENTINEL_ID="\$SENTINEL_ID_${INDEX}"
+        echo "  sentinel id (${MY_SENTINEL_ID}), sentinel grp (${MASTER_GROUP}), quorum (${QUORUM})"
+        sed -i "1s/^/sentinel myid ${MY_SENTINEL_ID}\\n/" "${SENTINEL_CONF}"
+        if [ "$SENTINEL_TLS_REPLICATION_ENABLED" = true ]; then
+            echo "  redis master (${1}:${REDIS_TLS_PORT})"
+            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_TLS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
+        else
+            echo "  redis master (${1}:${REDIS_PORT})"
+            sed -i "2s/^/sentinel monitor ${MASTER_GROUP} ${1} ${REDIS_PORT} ${QUORUM} \\n/" "${SENTINEL_CONF}"
+        fi
+        echo "sentinel announce-ip ${ANNOUNCE_IP}" >> ${SENTINEL_CONF}
+        if [ "$SENTINEL_PORT" -eq 0 ]; then
+            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_TLS_PORT})"
+            echo "sentinel announce-port ${SENTINEL_TLS_PORT}" >> ${SENTINEL_CONF}
+        else
+            echo "  announce (${ANNOUNCE_IP}:${SENTINEL_PORT})"
+            echo "sentinel announce-port ${SENTINEL_PORT}" >> ${SENTINEL_CONF}
+        fi
+    }
+
+    redis_update() {
+        echo "Updating redis config.."
+        if [ "$REDIS_TLS_REPLICATION_ENABLED" = true ]; then
+            echo "  we are slave of redis master (${1}:${REDIS_TLS_PORT})"
+            echo "slaveof ${1} ${REDIS_TLS_PORT}" >> "${REDIS_CONF}"
+            echo "slave-announce-port ${REDIS_TLS_PORT}" >> ${REDIS_CONF}
+        else
+            echo "  we are slave of redis master (${1}:${REDIS_PORT})"
+            echo "slaveof ${1} ${REDIS_PORT}" >> "${REDIS_CONF}"
+            echo "slave-announce-port ${REDIS_PORT}" >> ${REDIS_CONF}
+        fi
+        echo "slave-announce-ip ${ANNOUNCE_IP}" >> ${REDIS_CONF}
+    }
+
+    copy_config() {
+        echo "Copying default redis config.."
+        echo "  to '${REDIS_CONF}'"
+        cp /readonly-config/redis.conf "${REDIS_CONF}"
+        echo "Copying default sentinel config.."
+        echo "  to '${SENTINEL_CONF}'"
+        cp /readonly-config/sentinel.conf "${SENTINEL_CONF}"
+    }
+
+    setup_defaults() {
+        echo "Setting up defaults.."
+        echo "  using statefulset index (${INDEX})"
+        if [ "${INDEX}" = "0" ]; then
+            echo "Setting this pod as master for redis and sentinel.."
+            echo "  using announce (${ANNOUNCE_IP})"
+            redis_update "${ANNOUNCE_IP}"
+            sentinel_update "${ANNOUNCE_IP}"
+            echo "  make sure ${ANNOUNCE_IP} is not a slave (slaveof no one)"
+            sed -i "s/^.*slaveof.*//" "${REDIS_CONF}"
+        else
+            echo "Getting redis master ip.."
+            echo "  blindly assuming (${SERVICE}-announce-0) or (${SERVICE}-server-0) are master"
+            DEFAULT_MASTER="$(getent_hosts 0 | awk '{ print $1 }')"
+            if [ -z "${DEFAULT_MASTER}" ]; then
+                echo "Error: Unable to resolve redis master (getent hosts)."
+                exit 1
+            fi
+            echo "  identified redis (may be redis master) ip (${DEFAULT_MASTER})"
+            echo "Setting default slave config for redis and sentinel.."
+            echo "  using master ip (${DEFAULT_MASTER})"
+            redis_update "${DEFAULT_MASTER}"
+            sentinel_update "${DEFAULT_MASTER}"
+        fi
+    }
+
+    redis_ping() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key ping
+        else
+            redis-cli -h "${MASTER}" -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" ping
+        fi
+    set -e
+    }
+
+    redis_ping_retry() {
+        ping=''
+        retry=${1}
+        sleep=3
+        for i in $(seq 1 "${retry}"); do
+            if [ "$(redis_ping)" = "PONG" ]; then
+               ping='PONG'
+               break
+            fi
+            sleep $((sleep + i))
+            MASTER=$(sentinel_get_master)
+        done
+        echo "${ping}"
+    }
+
+    find_master() {
+        echo "Verifying redis master.."
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            echo "  ping (${MASTER}:${REDIS_TLS_PORT})"
+        else
+            echo "  ping (${MASTER}:${REDIS_PORT})"
+        fi
+        if [ "$(redis_ping_retry 3)" != "PONG" ]; then
+            echo "  $(date) Can't ping redis master (${MASTER})"
+            echo "Attempting to force failover (sentinel failover).."
+
+            if [ "$SENTINEL_PORT" -eq 0 ]; then
+                echo "  on sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
+                if redis-cli -h "${SERVICE}" -p "${SENTINEL_TLS_PORT}"  --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
+                    echo "Setting defaults for this pod.."
+                    setup_defaults
+                    return 0
+                fi
+            else
+                echo "  on sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
+                if redis-cli -h "${SERVICE}" -p "${SENTINEL_PORT}"  sentinel failover "${MASTER_GROUP}" | grep -q 'NOGOODSLAVE' ; then
+                    echo "  $(date) Failover returned with 'NOGOODSLAVE'"
+                    echo "Setting defaults for this pod.."
+                    setup_defaults
+                    return 0
+                fi
+            fi
+
+            echo "Hold on for 10sec"
+            sleep 10
+            echo "We should get redis master's ip now. Asking (get-master-addr-by-name).."
+            if [ "$SENTINEL_PORT" -eq 0 ]; then
+                echo "  sentinel (${SERVICE}:${SENTINEL_TLS_PORT}), sentinel grp (${MASTER_GROUP})"
+            else
+                echo "  sentinel (${SERVICE}:${SENTINEL_PORT}), sentinel grp (${MASTER_GROUP})"
+            fi
+            MASTER="$(sentinel_get_master)"
+            if [ "${MASTER}" ]; then
+                echo "  $(date) Found redis master (${MASTER})"
+                echo "Updating redis and sentinel config.."
+                sentinel_update "${MASTER}"
+                redis_update "${MASTER}"
+            else
+                echo "$(date) Error: Could not failover, exiting..."
+                exit 1
+            fi
+        else
+            echo "  $(date) Found reachable redis master (${MASTER})"
+            echo "Updating redis and sentinel config.."
+            sentinel_update "${MASTER}"
+            redis_update "${MASTER}"
+        fi
+    }
+
+    redis_ro_update() {
+        echo "Updating read-only redis config.."
+        echo "  redis.conf set 'replica-priority 0'"
+        echo "replica-priority 0" >> ${REDIS_CONF}
+    }
+
+    getent_hosts() {
+        index=${1:-${INDEX}}
+        service="${SERVICE}-announce-${index}"
+        host=$(getent hosts "${service}")
+        echo "${host}"
+    }
+
+    identify_announce_ip() {
+        echo "Identify announce ip for this pod.."
+        echo "  using (${SERVICE}-announce-${INDEX}) or (${SERVICE}-server-${INDEX})"
+        ANNOUNCE_IP=$(getent_hosts | awk '{ print $1 }')
+        echo "  identified announce (${ANNOUNCE_IP})"
+    }
+
+    redis_role() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            ROLE=$(redis-cli  -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep role | sed 's/role://' | sed 's/\r//')
+        else
+            ROLE=$(redis-cli  -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep role | sed 's/role://' | sed 's/\r//')
+        fi
+    set -e
+    }
+
+    identify_redis_master() {
+    set +e
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            REDIS_MASTER=$(redis-cli  -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key info | grep master_host | sed 's/master_host://' | sed 's/\r//')
+        else
+            REDIS_MASTER=$(redis-cli  -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}" info | grep master_host | sed 's/master_host://' | sed 's/\r//')
+        fi
+    set -e
+    }
+
+    reinit() {
+    set +e
+        sh /readonly-config/init.sh
+
+        if [ "$REDIS_PORT" -eq 0 ]; then
+            echo "shutdown" | redis-cli  -a "${AUTH}" --no-auth-warning -p "${REDIS_TLS_PORT}" --tls --cacert /tls-certs/ca.crt  --cert /tls-certs/redis.crt --key /tls-certs/redis.key
+        else
+            echo "shutdown" | redis-cli  -a "${AUTH}" --no-auth-warning -p "${REDIS_PORT}"
+        fi
+    set -e
+    }
+
+    identify_announce_ip
+
+    while [ -z "${ANNOUNCE_IP}" ]; do
+        echo "Error: Could not resolve the announce ip for this pod."
+        sleep 30
+        identify_announce_ip
+    done
+
+    trap "exit 0" TERM
+    while true; do
+        sleep 60
+
+        # where is redis master
+        identify_master
+
+        if [ "$MASTER" = "$ANNOUNCE_IP" ]; then
+            redis_role
+            if [ "$ROLE" != "master" ]; then
+                reinit
+            fi
+        elif [ "${MASTER}" ]; then
+            identify_redis_master
+            if [ "$REDIS_MASTER" != "$MASTER" ]; then
+                reinit
+            fi
+        fi
+    done
+
+- op: replace
+  path: /data/haproxy_init.sh
+  value: |
+    HAPROXY_CONF=/data/haproxy.cfg
+    cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    # Inject AUTH into haproxy config
+    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
+    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
+
+    for loop in $(seq 1 10); do
+      getent hosts argocd-redis-ha-announce-0 && break
+      echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
+    done
+    ANNOUNCE_IP0=$(getent hosts "argocd-redis-ha-announce-0" | awk '{ print $1 }')
+    if [ -z "$ANNOUNCE_IP0" ]; then
+      echo "Could not resolve the announce ip for argocd-redis-ha-announce-0"
+      exit 1
+    fi
+    sed -i "s/REPLACE_ANNOUNCE0/$ANNOUNCE_IP0/" "$HAPROXY_CONF"
+    for loop in $(seq 1 10); do
+      getent hosts argocd-redis-ha-announce-1 && break
+      echo "Waiting for service argocd-redis-ha-announce-1 to be ready ($loop) ..." && sleep 1
+    done
+    ANNOUNCE_IP1=$(getent hosts "argocd-redis-ha-announce-1" | awk '{ print $1 }')
+    if [ -z "$ANNOUNCE_IP1" ]; then
+      echo "Could not resolve the announce ip for argocd-redis-ha-announce-1"
+      exit 1
+    fi
+    sed -i "s/REPLACE_ANNOUNCE1/$ANNOUNCE_IP1/" "$HAPROXY_CONF"
+    for loop in $(seq 1 10); do
+      getent hosts argocd-redis-ha-announce-2 && break
+      echo "Waiting for service argocd-redis-ha-announce-2 to be ready ($loop) ..." && sleep 1
+    done
+    ANNOUNCE_IP2=$(getent hosts "argocd-redis-ha-announce-2" | awk '{ print $1 }')
+    if [ -z "$ANNOUNCE_IP2" ]; then
+      echo "Could not resolve the announce ip for argocd-redis-ha-announce-2"
+      exit 1
+    fi
+    sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
+
+- op: replace
+  path: /data/trigger-failover-if-master.sh
+  value: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    get_redis_role() {
+      is_master=$(
+        redis-cli \
+          -a "${AUTH}" --no-auth-warning \
+          -h localhost \
+          -p 6379 \
+          info | grep -c 'role:master' || true
+      )
+    }
+    get_redis_role
+    if [[ "$is_master" -eq 1 ]]; then
+      echo "This node is currently master, we trigger a failover."
+      response=$(
+        redis-cli \
+          -h localhost \
+          -p 26379 \
+          SENTINEL failover argocd
+      )
+      if [[ "$response" != "OK" ]] ; then
+        echo "$response"
+        exit 1
+      fi
+      timeout=30
+      while [[ "$is_master" -eq 1 && $timeout -gt 0 ]]; do
+        sleep 1
+        get_redis_role
+        timeout=$((timeout - 1))
+      done
+      echo "Failover successful"
+    fi
\ No newline at end of file
diff --git a/manifests/ha/base/redis-ha/overlays/argocd-redis-ha-health-configmap-script.yaml b/manifests/ha/base/redis-ha/overlays/argocd-redis-ha-health-configmap-script.yaml
new file mode 100644
index 0000000000000..300611852f044
--- /dev/null
+++ b/manifests/ha/base/redis-ha/overlays/argocd-redis-ha-health-configmap-script.yaml
@@ -0,0 +1,100 @@
+- op: replace
+  path: /data/redis_liveness.sh
+  value: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    response=$(
+      redis-cli \
+        -a "${AUTH}" --no-auth-warning \
+        -h localhost \
+        -p 6379 \
+        ping
+    )
+    echo "response=$response"
+    case $response in
+      PONG|LOADING*) ;;
+      *) exit 1 ;;
+    esac
+    exit 0
+- op: replace
+  path: /data/redis_readiness.sh
+  value: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    response=$(
+      redis-cli \
+        -a "${AUTH}" --no-auth-warning \
+        -h localhost \
+        -p 6379 \
+        ping
+    )
+    if [ "$response" != "PONG" ] ; then
+      echo "ping=$response"
+      exit 1
+    fi
+
+    response=$(
+      redis-cli \
+        -a "${AUTH}" --no-auth-warning \
+        -h localhost \
+        -p 6379 \
+        role
+    )
+    role=$( echo "$response" | sed "1!d" )
+    if [ "$role" = "master" ]; then
+      echo "role=$role"
+      exit 0
+    elif [ "$role" = "slave" ]; then
+      repl=$( echo "$response" | sed "4!d" )
+      echo "role=$role; repl=$repl"
+      if [ "$repl" = "connected" ]; then
+        exit 0
+      else
+        exit 1
+      fi
+    else
+      echo "role=$role"
+      exit 1
+    fi
\ No newline at end of file

From 8512dd8d4656cd8699d0b571f562d50f02989cc9 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 16 Jul 2025 15:59:52 +0530
Subject: [PATCH 142/383] update redis ha overlay to update configmap in
 kustomize yaml

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 manifests/ha/base/redis-ha/kustomization.yaml |  6 ++-
 .../redis-ha-haproxy-file-mounted-secret.yaml | 24 ++++++++++
 ...is-ha-statefulset-file-mounted-secret.yaml | 48 +++++++++++++++++++
 3 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 manifests/ha/base/redis-ha/overlays/redis-ha-haproxy-file-mounted-secret.yaml
 create mode 100644 manifests/ha/base/redis-ha/overlays/redis-ha-statefulset-file-mounted-secret.yaml

diff --git a/manifests/ha/base/redis-ha/kustomization.yaml b/manifests/ha/base/redis-ha/kustomization.yaml
index 0f6386ae81b11..54f31e8d12164 100644
--- a/manifests/ha/base/redis-ha/kustomization.yaml
+++ b/manifests/ha/base/redis-ha/kustomization.yaml
@@ -319,4 +319,8 @@ patches:
     version: v1
     kind: Deployment
     name: argocd-redis-ha-haproxy
-  path: overlays/deployment-initContainers.yaml
\ No newline at end of file
+  path: overlays/deployment-initContainers.yaml
+
+# Enable file mounted secret  
+- path: overlays/redis-ha-haproxy-file-mounted-secret.yaml
+- path: overlays/redis-ha-statefulset-file-mounted-secret.yaml
\ No newline at end of file
diff --git a/manifests/ha/base/redis-ha/overlays/redis-ha-haproxy-file-mounted-secret.yaml b/manifests/ha/base/redis-ha/overlays/redis-ha-haproxy-file-mounted-secret.yaml
new file mode 100644
index 0000000000000..1181c42b8d302
--- /dev/null
+++ b/manifests/ha/base/redis-ha/overlays/redis-ha-haproxy-file-mounted-secret.yaml
@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-redis-ha-haproxy
+spec:
+  template:
+    spec:
+      initContainers:
+      - name: config-init
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/redis-creds"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: /redis-creds
+            readOnly: true
+      volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: true
\ No newline at end of file
diff --git a/manifests/ha/base/redis-ha/overlays/redis-ha-statefulset-file-mounted-secret.yaml b/manifests/ha/base/redis-ha/overlays/redis-ha-statefulset-file-mounted-secret.yaml
new file mode 100644
index 0000000000000..7e66f720db659
--- /dev/null
+++ b/manifests/ha/base/redis-ha/overlays/redis-ha-statefulset-file-mounted-secret.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: argocd-redis-ha-server
+spec:
+  template:
+    spec:
+      containers:
+      - name: redis
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: "/run/secrets/argocd/redis-auth"
+            readOnly: true
+      - name: sentinel
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
+      - name: split-brain-fix
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: "/run/secrets/argocd/redis-auth"
+            readOnly: true
+      initContainers:
+      - name: config-init
+        env:
+          - name: REDIS_CREDS_FILE_PATH
+            value: "/run/secrets/argocd/redis-auth"
+        volumeMounts:
+          - name: redis-creds
+            mountPath: "/run/secrets/argocd/redis-auth"
+            readOnly: true
+        volumeMounts:
+        - name: redis-creds
+          mountPath: /mnt"/run/secrets/argocd/redis-auth" 
+      volumes:
+        - name: redis-creds
+          secret:
+            secretName: argocd-redis
+            items:
+              - key: auth
+                path: auth
+            optional: false
\ No newline at end of file

From db9c46a77d3e144bc41884b71395554f94a10de0 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 16 Jul 2025 16:10:12 +0530
Subject: [PATCH 143/383] run make manifest-local

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 manifests/core-install-with-hydrator.yaml     | 138 ++++++++-
 manifests/core-install.yaml                   | 138 ++++++++-
 .../ha/base/redis-ha/chart/upstream.yaml      | 218 +-------------
 manifests/ha/install-with-hydrator.yaml       | 275 ++++++++++++++++--
 manifests/ha/install.yaml                     | 275 ++++++++++++++++--
 .../ha/namespace-install-with-hydrator.yaml   | 275 ++++++++++++++++--
 manifests/ha/namespace-install.yaml           | 275 ++++++++++++++++--
 manifests/install-with-hydrator.yaml          | 150 +++++++++-
 manifests/install.yaml                        | 150 +++++++++-
 .../namespace-install-with-hydrator.yaml      | 150 +++++++++-
 manifests/namespace-install.yaml              | 150 +++++++++-
 11 files changed, 1845 insertions(+), 349 deletions(-)

diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index c3700d745c387..358fbfcebdf5d 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -24395,6 +24395,61 @@ metadata:
   name: argocd-rbac-cm
 ---
 apiVersion: v1
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis-cm
+---
+apiVersion: v1
 data:
   ssh_known_hosts: |
     # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
@@ -24940,17 +24995,8 @@ spec:
             weight: 5
       containers:
       - args:
-        - --save
-        - ""
-        - --appendonly
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: auth
-              name: argocd-redis
+        - redis-server
+        - /data/conf/redis.conf
         image: public.ecr.aws/docker/library/redis:7.2.7-alpine
         imagePullPolicy: Always
         name: redis
@@ -24962,6 +25008,9 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /data
+          name: data
       initContainers:
       - command:
         - argocd
@@ -24979,6 +25028,36 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+      - command:
+        - sh
+        - /readonly-config/init.sh
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: auth
+              name: argocd-redis
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
+        image: public.ecr.aws/docker/library/redis:7.2.7-alpine
+        name: config-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /readonly-config
+          name: config
+        - mountPath: /data
+          name: data
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -24987,6 +25066,19 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: argocd-redis
+      volumes:
+      - configMap:
+          name: argocd-redis-cm
+        name: config
+      - emptyDir: {}
+        name: data
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -25025,6 +25117,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -25270,6 +25364,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -25310,6 +25407,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -25379,6 +25483,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -25663,6 +25769,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -25690,6 +25799,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index 366fd4e58e616..a9e58ec632965 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -24384,6 +24384,61 @@ metadata:
   name: argocd-rbac-cm
 ---
 apiVersion: v1
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis-cm
+---
+apiVersion: v1
 data:
   ssh_known_hosts: |
     # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
@@ -24774,17 +24829,8 @@ spec:
             weight: 5
       containers:
       - args:
-        - --save
-        - ""
-        - --appendonly
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: auth
-              name: argocd-redis
+        - redis-server
+        - /data/conf/redis.conf
         image: public.ecr.aws/docker/library/redis:7.2.7-alpine
         imagePullPolicy: Always
         name: redis
@@ -24796,6 +24842,9 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /data
+          name: data
       initContainers:
       - command:
         - argocd
@@ -24813,6 +24862,36 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+      - command:
+        - sh
+        - /readonly-config/init.sh
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: auth
+              name: argocd-redis
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
+        image: public.ecr.aws/docker/library/redis:7.2.7-alpine
+        name: config-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /readonly-config
+          name: config
+        - mountPath: /data
+          name: data
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -24821,6 +24900,19 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: argocd-redis
+      volumes:
+      - configMap:
+          name: argocd-redis-cm
+        name: config
+      - emptyDir: {}
+        name: data
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -24859,6 +24951,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -25104,6 +25198,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -25144,6 +25241,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -25213,6 +25317,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -25497,6 +25603,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -25524,6 +25633,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml
index 4a222e08c1319..ba87e074d794e 100644
--- a/manifests/ha/base/redis-ha/chart/upstream.yaml
+++ b/manifests/ha/base/redis-ha/chart/upstream.yaml
@@ -83,47 +83,6 @@ data:
     SENTINEL_TLS_REPLICATION_ENABLED=false
     REDIS_TLS_REPLICATION_ENABLED=false
 
-    load_auth_password() {
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
-        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis credentials from file"
-            AUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis credentials from environment"
-    else
-        echo "ERROR: Redis credentials not set via file or environment"
-        exit 1
-    fi
-    }
-
-    load_sentinel_password() {
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
-        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
-        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
-        if [ -n "$file_auth" ]; then
-            echo "Retrieved Redis sentinel credentials from file"
-            SENTINELAUTH="$file_auth"
-            return 0
-        else
-            echo "WARNING: Redis sentinel credential file is empty"
-            # fall through to try env
-        fi
-    fi
-    if [ -n "${SENTINELAUTH:-}" ]; then
-        echo "Retrieved Redis sentinel credentials from environment"
-    else
-        echo "WARNING: Redis sentinel credentials not set via file or environment."
-    fi
-    }
-
     set -eu
     sentinel_get_master() {
     set +e
@@ -344,11 +303,6 @@ data:
 
     identify_announce_ip
 
-    # Load Redis credentials from file or env
-    echo "Loading redis credentials"
-    load_auth_password
-    load_sentinel_password
-
     if [ -z "${ANNOUNCE_IP}" ]; then
         "Error: Could not resolve the announce ip for this pod"
         exit 1
@@ -392,29 +346,6 @@ data:
     ROLE=''
     REDIS_MASTER=''
 
-    # Load AUTH from file or env
-    echo "Loading redis credentials"
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
-      if [ -n "$file_auth" ]; then
-        echo "Retrieved Redis credentials from file."
-        AUTH="$file_auth"
-      elif [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis password from environment (file was empty)."
-      else
-        echo "ERROR: Redis credential file is empty and no environment variable set."
-        exit 1
-      fi
-
-    elif [ -n "${AUTH:-}" ]; then
-      # No valid file, but env var is set
-      echo "Retrieved Redis password from environment."
-    else
-      # Neither source provided anything
-      echo "WARNING: Redis password not set via file or environment."
-      exit 1
-    fi
-
     set -eu
     sentinel_get_master() {
     set +e
@@ -777,34 +708,6 @@ data:
   haproxy_init.sh: |
     HAPROXY_CONF=/data/haproxy.cfg
     cp /readonly/haproxy.cfg "$HAPROXY_CONF"
-
-    # Load AUTH from file or env
-    echo "Loading redis credentials"
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
-      if [ -n "$file_auth" ]; then
-        echo "Retrieved Redis credentials from file."
-        AUTH="$file_auth"
-      elif [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis password from environment (file was empty)."
-      else
-        echo "ERROR: Redis credential file is empty and no environment variable set."
-        exit 1
-      fi
-
-    elif [ -n "${AUTH:-}" ]; then
-      # No valid file, but env var is set
-      echo "Retrieved Redis password from environment."
-    else
-      # Neither source provided anything
-      echo "WARNING: Redis password not set via file or environment."
-      exit 1
-    fi
-
-    # Inject AUTH into haproxy config
-    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
-    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
-
     for loop in $(seq 1 10); do
       getent hosts argocd-redis-ha-announce-0 && break
       echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
@@ -836,29 +739,6 @@ data:
     fi
     sed -i "s/REPLACE_ANNOUNCE2/$ANNOUNCE_IP2/" "$HAPROXY_CONF"
   trigger-failover-if-master.sh: |
-    # Load AUTH from file or env
-    echo "Loading redis credentials"
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
-      if [ -n "$file_auth" ]; then
-        echo "Retrieved Redis credentials from file."
-        REDIS_PASAUTHSWORD="$file_auth"
-      elif [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis password from environment (file was empty)."
-      else
-        echo "ERROR: Redis credential file is empty and no environment variable set."
-        exit 1
-      fi
-
-    elif [ -n "${AUTH:-}" ]; then
-      # No valid file, but env var is set
-      echo "Retrieved Redis password from environment."
-    else
-      # Neither source provided anything
-      echo "WARNING: Redis password not set via file or environment."
-      exit 1
-    fi
-
     get_redis_role() {
       is_master=$(
         redis-cli \
@@ -903,29 +783,6 @@ metadata:
     app: argocd-redis-ha
 data:
   redis_liveness.sh: |
-    # Load AUTH from file or env
-    echo "Loading redis credentials"
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
-      if [ -n "$file_auth" ]; then
-        echo "Retrieved Redis credentials from file."
-        AUTH="$file_auth"
-      elif [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis password from environment (file was empty)."
-      else
-        echo "ERROR: Redis credential file is empty and no environment variable set."
-        exit 1
-      fi
-
-    elif [ -n "${AUTH:-}" ]; then
-      # No valid file, but env var is set
-      echo "Retrieved Redis password from environment."
-    else
-      # Neither source provided anything
-      echo "WARNING: Redis password not set via file or environment."
-      exit 1
-    fi
-
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -940,29 +797,6 @@ data:
     esac
     exit 0
   redis_readiness.sh: |
-    # Load AUTH from file or env
-    echo "Loading redis credentials"
-    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
-      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
-      if [ -n "$file_auth" ]; then
-        echo "Retrieved Redis credentials from file."
-        AUTH="$file_auth"
-      elif [ -n "${AUTH:-}" ]; then
-        echo "Retrieved Redis password from environment (file was empty)."
-      else
-        echo "ERROR: Redis credential file is empty and no environment variable set."
-        exit 1
-      fi
-
-    elif [ -n "${AUTH:-}" ]; then
-      # No valid file, but env var is set
-      echo "Retrieved Redis password from environment."
-    else
-      # Neither source provided anything
-      echo "WARNING: Redis password not set via file or environment."
-      exit 1
-    fi
-
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -1288,14 +1122,6 @@ spec:
       - name: config-init
         image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine
         imagePullPolicy: IfNotPresent
-        env:
-          - name: REDIS_CREDS_FILE_PATH
-            value: "/run/secrets/argocd/redis-auth"
-          - name: AUTH
-            valueFrom:
-              secretKeyRef:
-                name: argocd-redis
-                key: auth  
         resources:
           {}
         command:
@@ -1311,9 +1137,6 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
-        - name: redis-creds
-          mountPath: "/run/secrets/argocd/redis-auth"
-          readOnly: true
         - name: config-volume
           mountPath: /readonly
           readOnly: true
@@ -1331,6 +1154,12 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+        env:
+        - name: AUTH
+          valueFrom:
+            secretKeyRef:
+              name: argocd-redis
+              key: auth
         livenessProbe:
           httpGet:
             path: /healthz
@@ -1360,13 +1189,6 @@ spec:
         lifecycle:
           {}
       volumes:
-      - name: redis-creds
-        secret:
-          secretName: argocd-redis
-          items:
-            - key: auth
-              path: test
-          optional: true
       - name: config-volume
         configMap:
           name: argocd-redis-ha-configmap
@@ -1452,8 +1274,6 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        - name: REDIS_CREDS_FILE_PATH
-          value: "/run/secrets/argocd/redis-auth"  
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1465,9 +1285,7 @@ spec:
           readOnly: true
         - name: data
           mountPath: /data
-        - name: redis-creds
-          mountPath: "/run/secrets/argocd/redis-auth"
-          readOnly: true  
+
 
 
       containers:
@@ -1488,8 +1306,6 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         env:
-        - name: REDIS_CREDS_FILE_PATH
-          value: "/run/secrets/argocd/redis-auth"
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1534,9 +1350,6 @@ spec:
         - name: redis
           containerPort: 6379
         volumeMounts:
-        - name: redis-creds
-          mountPath: "/run/secrets/argocd/redis-auth"
-          readOnly: true
         - name: config
           mountPath: /readonly-config
           readOnly: true
@@ -1567,8 +1380,6 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         env:
-        - name: REDIS_CREDS_FILE_PATH
-          value: "/run/secrets/argocd/redis-auth"
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1613,9 +1424,6 @@ spec:
           - name: sentinel
             containerPort: 26379
         volumeMounts:
-        - name: redis-creds
-          mountPath: "/run/secrets/argocd/redis-auth"
-          readOnly: true
         - mountPath: /data
           name: data
         - mountPath: /health
@@ -1651,8 +1459,6 @@ spec:
           value: 40000915ab58c3fa8fd888fb8b24711944e6cbb4
         - name: SENTINEL_ID_2
           value: 2bbec7894d954a8af3bb54d13eaec53cb024e2ca
-        - name: REDIS_CREDS_FILE_PATH
-          value: "/run/secrets/argocd/redis-auth"  
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -1661,9 +1467,6 @@ spec:
         resources:
           {}
         volumeMounts:
-        - name: redis-creds
-          mountPath: "/run/secrets/argocd/redis-auth"
-          readOnly: true
         - name: config
           mountPath: /readonly-config
           readOnly: true
@@ -1680,10 +1483,3 @@ spec:
       - name: data
         emptyDir:
           {}
-      - name: redis-creds
-        secret:
-          secretName: argocd-redis
-          items:
-            - key: auth
-              path: test
-          optional: true
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 104dce16618bd..100f7748f39df 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -24834,6 +24834,29 @@ data:
     ROLE=''
     REDIS_MASTER=''
 
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -25142,6 +25165,34 @@ data:
   haproxy_init.sh: |
     HAPROXY_CONF=/data/haproxy.cfg
     cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    # Inject AUTH into haproxy config
+    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
+    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
+
     for loop in $(seq 1 10); do
       getent hosts argocd-redis-ha-announce-0 && break
       echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
@@ -25190,6 +25241,47 @@ data:
     SENTINEL_TLS_REPLICATION_ENABLED=false
     REDIS_TLS_REPLICATION_ENABLED=false
 
+    load_auth_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+    }
+
+    load_sentinel_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
+        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
+        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis sentinel credentials from file"
+            SENTINELAUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis sentinel credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${SENTINELAUTH:-}" ]; then
+        echo "Retrieved Redis sentinel credentials from environment"
+    else
+        echo "WARNING: Redis sentinel credentials not set via file or environment."
+    fi
+    }
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -25410,6 +25502,11 @@ data:
 
     identify_announce_ip
 
+    # Load Redis credentials from file or env
+    echo "Loading redis credentials"
+    load_auth_password
+    load_sentinel_password
+
     if [ -z "${ANNOUNCE_IP}" ]; then
         "Error: Could not resolve the announce ip for this pod"
         exit 1
@@ -25457,7 +25554,30 @@ data:
         maxclients 10000
         sentinel parallel-syncs argocd 5
     sentinel auth-pass argocd replace-default-auth
-  trigger-failover-if-master.sh: |
+  trigger-failover-if-master.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     get_redis_role() {
       is_master=$(
         redis-cli \
@@ -25499,6 +25619,29 @@ metadata:
 apiVersion: v1
 data:
   redis_liveness.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -25512,7 +25655,30 @@ data:
       *) exit 1 ;;
     esac
     exit 0
-  redis_readiness.sh: |
+  redis_readiness.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -26572,26 +26738,13 @@ spec:
         - mountPath: /run/haproxy
           name: shared-socket
       initContainers:
-      - command:
-        - argocd
-        - admin
-        - redis-initial-password
-        image: quay.io/argoproj/argocd:latest
-        imagePullPolicy: IfNotPresent
-        name: secret-init
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
       - args:
         - /readonly/haproxy_init.sh
         command:
         - sh
+        env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /redis-creds
         image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
@@ -26604,17 +26757,43 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /redis-creds
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly
           name: config-volume
           readOnly: true
         - mountPath: /data
           name: data
+      - command:
+        - argocd
+        - admin
+        - redis-initial-password
+        image: quay.io/argoproj/argocd:latest
+        imagePullPolicy: IfNotPresent
+        name: secret-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       securityContext:
         fsGroup: 99
         runAsNonRoot: true
         runAsUser: 99
       serviceAccountName: argocd-redis-ha-haproxy
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config-volume
@@ -26660,6 +26839,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -26905,6 +27086,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -26945,6 +27129,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -27014,6 +27205,8 @@ spec:
         env:
         - name: ARGOCD_API_SERVER_REPLICAS
           value: "2"
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -27330,6 +27523,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -27348,6 +27544,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -27424,6 +27627,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -27708,6 +27913,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -27735,6 +27943,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -27772,6 +27987,8 @@ spec:
         command:
         - redis-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -27831,6 +28048,9 @@ spec:
           successThreshold: 1
           timeoutSeconds: 15
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -27843,6 +28063,8 @@ spec:
         command:
         - redis-sentinel
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -27912,6 +28134,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -27936,6 +28160,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -27947,6 +28174,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -27970,6 +28199,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -27982,6 +28214,13 @@ spec:
       serviceAccountName: argocd-redis-ha
       terminationGracePeriodSeconds: 60
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: false
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index 6f6bbfc55dee2..c622ccd7584fe 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -24825,6 +24825,29 @@ data:
     ROLE=''
     REDIS_MASTER=''
 
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -25133,6 +25156,34 @@ data:
   haproxy_init.sh: |
     HAPROXY_CONF=/data/haproxy.cfg
     cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    # Inject AUTH into haproxy config
+    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
+    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
+
     for loop in $(seq 1 10); do
       getent hosts argocd-redis-ha-announce-0 && break
       echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
@@ -25181,6 +25232,47 @@ data:
     SENTINEL_TLS_REPLICATION_ENABLED=false
     REDIS_TLS_REPLICATION_ENABLED=false
 
+    load_auth_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+    }
+
+    load_sentinel_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
+        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
+        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis sentinel credentials from file"
+            SENTINELAUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis sentinel credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${SENTINELAUTH:-}" ]; then
+        echo "Retrieved Redis sentinel credentials from environment"
+    else
+        echo "WARNING: Redis sentinel credentials not set via file or environment."
+    fi
+    }
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -25401,6 +25493,11 @@ data:
 
     identify_announce_ip
 
+    # Load Redis credentials from file or env
+    echo "Loading redis credentials"
+    load_auth_password
+    load_sentinel_password
+
     if [ -z "${ANNOUNCE_IP}" ]; then
         "Error: Could not resolve the announce ip for this pod"
         exit 1
@@ -25448,7 +25545,30 @@ data:
         maxclients 10000
         sentinel parallel-syncs argocd 5
     sentinel auth-pass argocd replace-default-auth
-  trigger-failover-if-master.sh: |
+  trigger-failover-if-master.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     get_redis_role() {
       is_master=$(
         redis-cli \
@@ -25490,6 +25610,29 @@ metadata:
 apiVersion: v1
 data:
   redis_liveness.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -25503,7 +25646,30 @@ data:
       *) exit 1 ;;
     esac
     exit 0
-  redis_readiness.sh: |
+  redis_readiness.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -26408,26 +26574,13 @@ spec:
         - mountPath: /run/haproxy
           name: shared-socket
       initContainers:
-      - command:
-        - argocd
-        - admin
-        - redis-initial-password
-        image: quay.io/argoproj/argocd:latest
-        imagePullPolicy: IfNotPresent
-        name: secret-init
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
       - args:
         - /readonly/haproxy_init.sh
         command:
         - sh
+        env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /redis-creds
         image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
@@ -26440,17 +26593,43 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /redis-creds
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly
           name: config-volume
           readOnly: true
         - mountPath: /data
           name: data
+      - command:
+        - argocd
+        - admin
+        - redis-initial-password
+        image: quay.io/argoproj/argocd:latest
+        imagePullPolicy: IfNotPresent
+        name: secret-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       securityContext:
         fsGroup: 99
         runAsNonRoot: true
         runAsUser: 99
       serviceAccountName: argocd-redis-ha-haproxy
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config-volume
@@ -26496,6 +26675,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -26741,6 +26922,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -26781,6 +26965,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -26850,6 +27041,8 @@ spec:
         env:
         - name: ARGOCD_API_SERVER_REPLICAS
           value: "2"
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -27166,6 +27359,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -27184,6 +27380,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -27260,6 +27463,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -27544,6 +27749,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -27571,6 +27779,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -27608,6 +27823,8 @@ spec:
         command:
         - redis-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -27667,6 +27884,9 @@ spec:
           successThreshold: 1
           timeoutSeconds: 15
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -27679,6 +27899,8 @@ spec:
         command:
         - redis-sentinel
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -27748,6 +27970,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -27772,6 +27996,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -27783,6 +28010,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -27806,6 +28035,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -27818,6 +28050,13 @@ spec:
       serviceAccountName: argocd-redis-ha
       terminationGracePeriodSeconds: 60
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: false
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config
diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml
index 370056baf1033..d5a2b7e91e043 100644
--- a/manifests/ha/namespace-install-with-hydrator.yaml
+++ b/manifests/ha/namespace-install-with-hydrator.yaml
@@ -623,6 +623,29 @@ data:
     ROLE=''
     REDIS_MASTER=''
 
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -931,6 +954,34 @@ data:
   haproxy_init.sh: |
     HAPROXY_CONF=/data/haproxy.cfg
     cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    # Inject AUTH into haproxy config
+    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
+    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
+
     for loop in $(seq 1 10); do
       getent hosts argocd-redis-ha-announce-0 && break
       echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
@@ -979,6 +1030,47 @@ data:
     SENTINEL_TLS_REPLICATION_ENABLED=false
     REDIS_TLS_REPLICATION_ENABLED=false
 
+    load_auth_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+    }
+
+    load_sentinel_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
+        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
+        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis sentinel credentials from file"
+            SENTINELAUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis sentinel credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${SENTINELAUTH:-}" ]; then
+        echo "Retrieved Redis sentinel credentials from environment"
+    else
+        echo "WARNING: Redis sentinel credentials not set via file or environment."
+    fi
+    }
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -1199,6 +1291,11 @@ data:
 
     identify_announce_ip
 
+    # Load Redis credentials from file or env
+    echo "Loading redis credentials"
+    load_auth_password
+    load_sentinel_password
+
     if [ -z "${ANNOUNCE_IP}" ]; then
         "Error: Could not resolve the announce ip for this pod"
         exit 1
@@ -1246,7 +1343,30 @@ data:
         maxclients 10000
         sentinel parallel-syncs argocd 5
     sentinel auth-pass argocd replace-default-auth
-  trigger-failover-if-master.sh: |
+  trigger-failover-if-master.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     get_redis_role() {
       is_master=$(
         redis-cli \
@@ -1288,6 +1408,29 @@ metadata:
 apiVersion: v1
 data:
   redis_liveness.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -1301,7 +1444,30 @@ data:
       *) exit 1 ;;
     esac
     exit 0
-  redis_readiness.sh: |
+  redis_readiness.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -2361,26 +2527,13 @@ spec:
         - mountPath: /run/haproxy
           name: shared-socket
       initContainers:
-      - command:
-        - argocd
-        - admin
-        - redis-initial-password
-        image: quay.io/argoproj/argocd:latest
-        imagePullPolicy: IfNotPresent
-        name: secret-init
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
       - args:
         - /readonly/haproxy_init.sh
         command:
         - sh
+        env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /redis-creds
         image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
@@ -2393,17 +2546,43 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /redis-creds
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly
           name: config-volume
           readOnly: true
         - mountPath: /data
           name: data
+      - command:
+        - argocd
+        - admin
+        - redis-initial-password
+        image: quay.io/argoproj/argocd:latest
+        imagePullPolicy: IfNotPresent
+        name: secret-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       securityContext:
         fsGroup: 99
         runAsNonRoot: true
         runAsUser: 99
       serviceAccountName: argocd-redis-ha-haproxy
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config-volume
@@ -2449,6 +2628,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -2694,6 +2875,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -2734,6 +2918,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -2803,6 +2994,8 @@ spec:
         env:
         - name: ARGOCD_API_SERVER_REPLICAS
           value: "2"
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -3119,6 +3312,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -3137,6 +3333,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -3213,6 +3416,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -3497,6 +3702,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -3524,6 +3732,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -3561,6 +3776,8 @@ spec:
         command:
         - redis-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -3620,6 +3837,9 @@ spec:
           successThreshold: 1
           timeoutSeconds: 15
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -3632,6 +3852,8 @@ spec:
         command:
         - redis-sentinel
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -3701,6 +3923,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -3725,6 +3949,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -3736,6 +3963,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -3759,6 +3988,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -3771,6 +4003,13 @@ spec:
       serviceAccountName: argocd-redis-ha
       terminationGracePeriodSeconds: 60
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: false
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
index d544b81f385f3..7bd9765662b01 100644
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -614,6 +614,29 @@ data:
     ROLE=''
     REDIS_MASTER=''
 
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -922,6 +945,34 @@ data:
   haproxy_init.sh: |
     HAPROXY_CONF=/data/haproxy.cfg
     cp /readonly/haproxy.cfg "$HAPROXY_CONF"
+
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    # Inject AUTH into haproxy config
+    ESCAPED_AUTH=$(echo "$AUTH" | sed -e 's/[\/&]/\\&/g')
+    sed -i "s|\${AUTH}|${ESCAPED_AUTH}|" "$HAPROXY_CONF"
+
     for loop in $(seq 1 10); do
       getent hosts argocd-redis-ha-announce-0 && break
       echo "Waiting for service argocd-redis-ha-announce-0 to be ready ($loop) ..." && sleep 1
@@ -970,6 +1021,47 @@ data:
     SENTINEL_TLS_REPLICATION_ENABLED=false
     REDIS_TLS_REPLICATION_ENABLED=false
 
+    load_auth_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+        REDIS_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/auth"
+        file_auth="$(< "$REDIS_PASSWORD_FILE" tr -d '\r\n')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis credentials from file"
+            AUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis credentials from environment"
+    else
+        echo "ERROR: Redis credentials not set via file or environment"
+        exit 1
+    fi
+    }
+
+    load_sentinel_password() {
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/sentinel_auth" ]; then
+        SENTINEL_PASSWORD_FILE="${REDIS_CREDS_FILE_PATH}/sentinel_auth"
+        file_auth="$(< "$SENTINEL_PASSWORD_FILE" tr -d '\n\r')"
+        if [ -n "$file_auth" ]; then
+            echo "Retrieved Redis sentinel credentials from file"
+            SENTINELAUTH="$file_auth"
+            return 0
+        else
+            echo "WARNING: Redis sentinel credential file is empty"
+            # fall through to try env
+        fi
+    fi
+    if [ -n "${SENTINELAUTH:-}" ]; then
+        echo "Retrieved Redis sentinel credentials from environment"
+    else
+        echo "WARNING: Redis sentinel credentials not set via file or environment."
+    fi
+    }
+
     set -eu
     sentinel_get_master() {
     set +e
@@ -1190,6 +1282,11 @@ data:
 
     identify_announce_ip
 
+    # Load Redis credentials from file or env
+    echo "Loading redis credentials"
+    load_auth_password
+    load_sentinel_password
+
     if [ -z "${ANNOUNCE_IP}" ]; then
         "Error: Could not resolve the announce ip for this pod"
         exit 1
@@ -1237,7 +1334,30 @@ data:
         maxclients 10000
         sentinel parallel-syncs argocd 5
     sentinel auth-pass argocd replace-default-auth
-  trigger-failover-if-master.sh: |
+  trigger-failover-if-master.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     get_redis_role() {
       is_master=$(
         redis-cli \
@@ -1279,6 +1399,29 @@ metadata:
 apiVersion: v1
 data:
   redis_liveness.sh: |
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -1292,7 +1435,30 @@ data:
       *) exit 1 ;;
     esac
     exit 0
-  redis_readiness.sh: |
+  redis_readiness.sh: |-
+    # Load AUTH from file or env
+    echo "Loading redis credentials"
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        AUTH="$file_auth"
+      elif [ -n "${AUTH:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${AUTH:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
     response=$(
       redis-cli \
         -a "${AUTH}" --no-auth-warning \
@@ -2197,26 +2363,13 @@ spec:
         - mountPath: /run/haproxy
           name: shared-socket
       initContainers:
-      - command:
-        - argocd
-        - admin
-        - redis-initial-password
-        image: quay.io/argoproj/argocd:latest
-        imagePullPolicy: IfNotPresent
-        name: secret-init
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
       - args:
         - /readonly/haproxy_init.sh
         command:
         - sh
+        env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /redis-creds
         image: public.ecr.aws/docker/library/haproxy:3.0.8-alpine
         imagePullPolicy: IfNotPresent
         name: config-init
@@ -2229,17 +2382,43 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /redis-creds
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly
           name: config-volume
           readOnly: true
         - mountPath: /data
           name: data
+      - command:
+        - argocd
+        - admin
+        - redis-initial-password
+        image: quay.io/argoproj/argocd:latest
+        imagePullPolicy: IfNotPresent
+        name: secret-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       securityContext:
         fsGroup: 99
         runAsNonRoot: true
         runAsUser: 99
       serviceAccountName: argocd-redis-ha-haproxy
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config-volume
@@ -2285,6 +2464,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -2530,6 +2711,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -2570,6 +2754,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -2639,6 +2830,8 @@ spec:
         env:
         - name: ARGOCD_API_SERVER_REPLICAS
           value: "2"
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -2955,6 +3148,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -2973,6 +3169,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -3049,6 +3252,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -3333,6 +3538,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -3360,6 +3568,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -3397,6 +3612,8 @@ spec:
         command:
         - redis-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -3456,6 +3673,9 @@ spec:
           successThreshold: 1
           timeoutSeconds: 15
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -3468,6 +3688,8 @@ spec:
         command:
         - redis-sentinel
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: AUTH
           valueFrom:
             secretKeyRef:
@@ -3537,6 +3759,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -3561,6 +3785,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -3572,6 +3799,8 @@ spec:
         command:
         - sh
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: SENTINEL_ID_0
           value: 3c0d9c0320bb34888c2df5757c718ce6ca992ce6
         - name: SENTINEL_ID_1
@@ -3595,6 +3824,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /readonly-config
           name: config
           readOnly: true
@@ -3607,6 +3839,13 @@ spec:
       serviceAccountName: argocd-redis-ha
       terminationGracePeriodSeconds: 60
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: false
+          secretName: argocd-redis
       - configMap:
           name: argocd-redis-ha-configmap
         name: config
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index f502313332128..12d84c5dc921e 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -24764,6 +24764,61 @@ metadata:
   name: argocd-rbac-cm
 ---
 apiVersion: v1
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis-cm
+---
+apiVersion: v1
 data:
   ssh_known_hosts: |
     # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
@@ -25621,17 +25676,8 @@ spec:
             weight: 5
       containers:
       - args:
-        - --save
-        - ""
-        - --appendonly
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: auth
-              name: argocd-redis
+        - redis-server
+        - /data/conf/redis.conf
         image: public.ecr.aws/docker/library/redis:7.2.7-alpine
         imagePullPolicy: Always
         name: redis
@@ -25643,6 +25689,9 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /data
+          name: data
       initContainers:
       - command:
         - argocd
@@ -25660,6 +25709,36 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+      - command:
+        - sh
+        - /readonly-config/init.sh
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: auth
+              name: argocd-redis
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
+        image: public.ecr.aws/docker/library/redis:7.2.7-alpine
+        name: config-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /readonly-config
+          name: config
+        - mountPath: /data
+          name: data
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -25668,6 +25747,19 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: argocd-redis
+      volumes:
+      - configMap:
+          name: argocd-redis-cm
+        name: config
+      - emptyDir: {}
+        name: data
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -25706,6 +25798,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -25951,6 +26045,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -25991,6 +26088,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -26058,6 +26162,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -26374,6 +26480,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -26392,6 +26501,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -26468,6 +26584,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -26752,6 +26870,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -26779,6 +26900,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/manifests/install.yaml b/manifests/install.yaml
index 9fdce34bb0e0d..bef53d3ae3e81 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -24753,6 +24753,61 @@ metadata:
   name: argocd-rbac-cm
 ---
 apiVersion: v1
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis-cm
+---
+apiVersion: v1
 data:
   ssh_known_hosts: |
     # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
@@ -25455,17 +25510,8 @@ spec:
             weight: 5
       containers:
       - args:
-        - --save
-        - ""
-        - --appendonly
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: auth
-              name: argocd-redis
+        - redis-server
+        - /data/conf/redis.conf
         image: public.ecr.aws/docker/library/redis:7.2.7-alpine
         imagePullPolicy: Always
         name: redis
@@ -25477,6 +25523,9 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /data
+          name: data
       initContainers:
       - command:
         - argocd
@@ -25494,6 +25543,36 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+      - command:
+        - sh
+        - /readonly-config/init.sh
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: auth
+              name: argocd-redis
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
+        image: public.ecr.aws/docker/library/redis:7.2.7-alpine
+        name: config-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /readonly-config
+          name: config
+        - mountPath: /data
+          name: data
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -25502,6 +25581,19 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: argocd-redis
+      volumes:
+      - configMap:
+          name: argocd-redis-cm
+        name: config
+      - emptyDir: {}
+        name: data
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -25540,6 +25632,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -25785,6 +25879,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -25825,6 +25922,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -25892,6 +25996,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -26208,6 +26314,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -26226,6 +26335,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -26302,6 +26418,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -26586,6 +26704,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -26613,6 +26734,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml
index 36594ff9b4789..655bfaaff4c6e 100644
--- a/manifests/namespace-install-with-hydrator.yaml
+++ b/manifests/namespace-install-with-hydrator.yaml
@@ -553,6 +553,61 @@ metadata:
   name: argocd-rbac-cm
 ---
 apiVersion: v1
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis-cm
+---
+apiVersion: v1
 data:
   ssh_known_hosts: |
     # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
@@ -1410,17 +1465,8 @@ spec:
             weight: 5
       containers:
       - args:
-        - --save
-        - ""
-        - --appendonly
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: auth
-              name: argocd-redis
+        - redis-server
+        - /data/conf/redis.conf
         image: public.ecr.aws/docker/library/redis:7.2.7-alpine
         imagePullPolicy: Always
         name: redis
@@ -1432,6 +1478,9 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /data
+          name: data
       initContainers:
       - command:
         - argocd
@@ -1449,6 +1498,36 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+      - command:
+        - sh
+        - /readonly-config/init.sh
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: auth
+              name: argocd-redis
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
+        image: public.ecr.aws/docker/library/redis:7.2.7-alpine
+        name: config-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /readonly-config
+          name: config
+        - mountPath: /data
+          name: data
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -1457,6 +1536,19 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: argocd-redis
+      volumes:
+      - configMap:
+          name: argocd-redis-cm
+        name: config
+      - emptyDir: {}
+        name: data
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -1495,6 +1587,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -1740,6 +1834,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -1780,6 +1877,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -1847,6 +1951,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -2163,6 +2269,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -2181,6 +2290,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -2257,6 +2373,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -2541,6 +2659,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -2568,6 +2689,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml
index 492f2e080f54e..c53fa7e0990be 100644
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -542,6 +542,61 @@ metadata:
   name: argocd-rbac-cm
 ---
 apiVersion: v1
+data:
+  init.sh: |
+    echo "$(date) Start..."
+    REDIS_CONF=/data/conf/redis.conf
+
+    mkdir -p /data/conf
+
+    echo "Copying default redis config.."
+    cp /readonly-config/redis.conf "${REDIS_CONF}"
+
+    # Determine which source to use for the Redis password
+    if [ -n "${REDIS_CREDS_FILE_PATH}" ] && [ -f "${REDIS_CREDS_FILE_PATH}/auth" ]; then
+      file_auth="$(< "${REDIS_CREDS_FILE_PATH}/auth" tr -d '\n\r')"
+      if [ -n "$file_auth" ]; then
+        echo "Retrieved Redis credentials from file."
+        REDIS_PASSWORD="$file_auth"
+      elif [ -n "${REDIS_PASSWORD:-}" ]; then
+        echo "Retrieved Redis password from environment (file was empty)."
+      else
+        echo "ERROR: Redis credential file is empty and no environment variable set."
+        exit 1
+      fi
+
+    elif [ -n "${REDIS_PASSWORD:-}" ]; then
+      # No valid file, but env var is set
+      echo "Retrieved Redis password from environment."
+    else
+      # Neither source provided anything
+      echo "WARNING: Redis password not set via file or environment."
+      exit 1
+    fi
+
+    echo "Setting redis auth values.."
+    ESCAPED_AUTH=$(echo "${REDIS_PASSWORD}" | sed -e 's/[\/&]/\\&/g');
+    sed -i "s/replace-default-auth/${ESCAPED_AUTH}/" "${REDIS_CONF}"
+
+    echo "$(date) Ready..."
+  redis.conf: |
+    # Redis configuration file template
+
+    dir "/data"
+    port 6379
+    bind 0.0.0.0
+    appendonly no
+    save ""
+    requirepass replace-default-auth
+kind: ConfigMap
+metadata:
+  labels:
+    app.kubernetes.io/component: redis
+    app.kubernetes.io/name: argocd-redis
+    app.kubernetes.io/part-of: argocd
+  name: argocd-redis-cm
+---
+apiVersion: v1
 data:
   ssh_known_hosts: |
     # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
@@ -1244,17 +1299,8 @@ spec:
             weight: 5
       containers:
       - args:
-        - --save
-        - ""
-        - --appendonly
-        - "no"
-        - --requirepass $(REDIS_PASSWORD)
-        env:
-        - name: REDIS_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: auth
-              name: argocd-redis
+        - redis-server
+        - /data/conf/redis.conf
         image: public.ecr.aws/docker/library/redis:7.2.7-alpine
         imagePullPolicy: Always
         name: redis
@@ -1266,6 +1312,9 @@ spec:
             drop:
             - ALL
           readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /data
+          name: data
       initContainers:
       - command:
         - argocd
@@ -1283,6 +1332,36 @@ spec:
           runAsNonRoot: true
           seccompProfile:
             type: RuntimeDefault
+      - command:
+        - sh
+        - /readonly-config/init.sh
+        env:
+        - name: REDIS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: auth
+              name: argocd-redis
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
+        image: public.ecr.aws/docker/library/redis:7.2.7-alpine
+        name: config-init
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        volumeMounts:
+        - mountPath: /readonly-config
+          name: config
+        - mountPath: /data
+          name: data
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
       nodeSelector:
         kubernetes.io/os: linux
       securityContext:
@@ -1291,6 +1370,19 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: argocd-redis
+      volumes:
+      - configMap:
+          name: argocd-redis-cm
+        name: config
+      - emptyDir: {}
+        name: data
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -1329,6 +1421,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-repo-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -1574,6 +1668,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -1614,6 +1711,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-repo-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - configMap:
           name: argocd-ssh-known-hosts-cm
         name: ssh-known-hosts
@@ -1681,6 +1785,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-server
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -1997,6 +2103,9 @@ spec:
           seccompProfile:
             type: RuntimeDefault
         volumeMounts:
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         - mountPath: /app/config/ssh
           name: ssh-known-hosts
         - mountPath: /app/config/tls
@@ -2015,6 +2124,13 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: argocd-server
       volumes:
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
       - emptyDir: {}
         name: plugins-home
       - emptyDir: {}
@@ -2091,6 +2207,8 @@ spec:
       - args:
         - /usr/local/bin/argocd-application-controller
         env:
+        - name: REDIS_CREDS_FILE_PATH
+          value: /run/secrets/argocd/redis-auth
         - name: REDIS_PASSWORD
           valueFrom:
             secretKeyRef:
@@ -2375,6 +2493,9 @@ spec:
           name: argocd-cmd-params-cm
         - mountPath: /tmp
           name: argocd-application-controller-tmp
+        - mountPath: /run/secrets/argocd/redis-auth
+          name: redis-creds
+          readOnly: true
         workingDir: /home/argocd
       nodeSelector:
         kubernetes.io/os: linux
@@ -2402,6 +2523,13 @@ spec:
           name: argocd-cmd-params-cm
           optional: true
         name: argocd-cmd-params-cm
+      - name: redis-creds
+        secret:
+          items:
+          - key: auth
+            path: auth
+          optional: true
+          secretName: argocd-redis
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy

From 1dd3a4532ee71e375829beb05166bfe79360675a Mon Sep 17 00:00:00 2001
From: warjiang <1096409085@qq.com>
Date: Wed, 16 Jul 2025 18:48:46 +0800
Subject: [PATCH 144/383] fix: typo err for GetConditions comment (#23807)

Signed-off-by: warjiang <1096409085@qq.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 pkg/apis/application/v1alpha1/types.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index fbc79f9104837..8a3cbb516aa6e 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -3357,7 +3357,7 @@ func findConditionIndexByType(conditions []ApplicationCondition, t ApplicationCo
 	return -1
 }
 
-// GetErrorConditions returns list of application error conditions
+// GetConditions returns list of application error conditions
 func (status *ApplicationStatus) GetConditions(conditionTypes map[ApplicationConditionType]bool) []ApplicationCondition {
 	result := make([]ApplicationCondition, 0)
 	for i := range status.Conditions {

From 78662333d9b1abc87aced0fb07f4b599ad7f2852 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 16 Jul 2025 06:50:32 -0400
Subject: [PATCH 145/383] chore(deps): bump library/registry from `1fc7de6` to
 `45fbac2` in /test/container (#23800)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 73753eef006eb..ed96fa7e14cf7 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -10,7 +10,7 @@ FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f3
 
 FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS golang
 
-FROM docker.io/library/registry:3.0@sha256:1fc7de654f2ac1247f0b67e8a459e273b0993be7d2beda1f3f56fbf1001ed3e7 AS registry
+FROM docker.io/library/registry:3.0@sha256:45fbac229389d0ee0d2ba80c92df8a2bd5896f51950b6070b6f92e8009955268 AS registry
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 

From f2338ee22c4e81fc9c993b63242a0d9252950f0f Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 16 Jul 2025 17:15:11 +0530
Subject: [PATCH 146/383] added a new config-map

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 reposerver/repository/repository_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go
index 674e125d56a16..a6caece858e56 100644
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -226,7 +226,7 @@ func TestGenerateYamlManifestInDir(t *testing.T) {
 	}
 
 	// update this value if we add/remove manifests
-	const countOfManifests = 50
+	const countOfManifests = 51
 
 	res1, err := service.GenerateManifest(t.Context(), &q)
 

From c11e2f01876c2917e3ab26ced0db2901c54514ee Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 16 Jul 2025 20:22:36 +0530
Subject: [PATCH 147/383] read redis image from redis container

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/start-redis-with-password.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/start-redis-with-password.sh b/hack/start-redis-with-password.sh
index e42ecaf28f54d..d83ea4585d960 100755
--- a/hack/start-redis-with-password.sh
+++ b/hack/start-redis-with-password.sh
@@ -2,7 +2,7 @@
 
 # Default values for environment variables
 REDIS_PORT="${ARGOCD_E2E_REDIS_PORT:-6379}"
-REDIS_IMAGE_TAG=$(grep 'image: redis' manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3)
+REDIS_IMAGE_TAG=$(grep -A1 "name: redis" manifests/base/redis/argocd-redis-deployment.yaml | grep "image:" | cut -d':' -f3)
 
 if [ "$ARGOCD_REDIS_LOCAL" = 'true' ]; then
     if ! command -v redis-server &>/dev/null; then

From 27042be3e2e9125b221ac65fc92ceefeb13c0e38 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 16 Jul 2025 08:12:25 -0700
Subject: [PATCH 148/383] fix(repo-server): support .argocd-source.yaml
 kustomize version (#23643) (#23644)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 assets/swagger.json                           |   26 +
 controller/state.go                           |    6 +-
 docs/operator-manual/upgrading/3.1-3.2.md     |   39 +
 docs/operator-manual/upgrading/overview.md    |    1 +
 mkdocs.yml                                    |    1 +
 pkg/apis/application/v1alpha1/generated.pb.go | 2005 ++++++++++-------
 pkg/apis/application/v1alpha1/generated.proto |   19 +
 pkg/apis/application/v1alpha1/types.go        |   18 +
 .../v1alpha1/zz_generated.deepcopy.go         |   21 +
 reposerver/repository/repository.go           |   17 +-
 reposerver/repository/repository_test.go      |   58 +
 server/application/application.go             |   18 +-
 server/repository/repository.go               |    6 +-
 test/e2e/fixture/app/context.go               |    6 +
 test/e2e/fixture/app/expectation.go           |    7 +
 test/e2e/fixture/fixture.go                   |    7 +
 test/e2e/hydrator_test.go                     |   27 +
 .../.argocd-source.yaml                       |    2 +
 .../deployment.yaml                           |   20 +
 .../kustomization.yml                         |    2 +
 util/argo/argo.go                             |   10 +-
 .../.argocd-source.yaml                       |    2 +
 .../deployment.yaml                           |   20 +
 .../kustomization.yml                         |    2 +
 util/notification/argocd/service.go           |   10 +-
 util/settings/settings.go                     |   70 +-
 util/settings/settings_test.go                |   41 +-
 27 files changed, 1505 insertions(+), 956 deletions(-)
 create mode 100644 docs/operator-manual/upgrading/3.1-3.2.md
 create mode 100644 test/e2e/testdata/kustomize-with-version-override/.argocd-source.yaml
 create mode 100644 test/e2e/testdata/kustomize-with-version-override/deployment.yaml
 create mode 100644 test/e2e/testdata/kustomize-with-version-override/kustomization.yml
 create mode 100644 util/kustomize/testdata/kustomize-with-version-override/.argocd-source.yaml
 create mode 100644 util/kustomize/testdata/kustomize-with-version-override/deployment.yaml
 create mode 100644 util/kustomize/testdata/kustomize-with-version-override/kustomization.yml

diff --git a/assets/swagger.json b/assets/swagger.json
index 2d74fd16b8f6b..d70aa4fb91e36 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -8639,12 +8639,20 @@
       "title": "KustomizeOptions are options for kustomize to use when building manifests",
       "properties": {
         "binaryPath": {
+          "description": "Deprecated: Use settings.Settings instead. See: settings.Settings.KustomizeVersions.\nIf this field is set, it will be used as the Kustomize binary path.\nOtherwise, Versions is used.",
           "type": "string",
           "title": "BinaryPath holds optional path to kustomize binary"
         },
         "buildOptions": {
           "type": "string",
           "title": "BuildOptions is a string of build parameters to use when calling `kustomize build`"
+        },
+        "versions": {
+          "description": "Versions is a list of Kustomize versions and their corresponding binary paths and build options.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/v1alpha1KustomizeVersion"
+          }
         }
       }
     },
@@ -8708,6 +8716,24 @@
         }
       }
     },
+    "v1alpha1KustomizeVersion": {
+      "type": "object",
+      "title": "KustomizeVersion holds information about additional Kustomize versions",
+      "properties": {
+        "buildOptions": {
+          "type": "string",
+          "title": "BuildOptions that are specific to a Kustomize version"
+        },
+        "name": {
+          "type": "string",
+          "title": "Name holds Kustomize version name"
+        },
+        "path": {
+          "type": "string",
+          "title": "Path holds the corresponding binary path"
+        }
+      }
+    },
     "v1alpha1ListGenerator": {
       "type": "object",
       "title": "ListGenerator include items info",
diff --git a/controller/state.go b/controller/state.go
index e4420a3127fc6..63df4566466da 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -235,10 +235,6 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		if err != nil {
 			return nil, nil, false, fmt.Errorf("failed to get repo %q: %w", source.RepoURL, err)
 		}
-		kustomizeOptions, err := kustomizeSettings.GetOptions(source)
-		if err != nil {
-			return nil, nil, false, fmt.Errorf("failed to get Kustomize options for source %d of %d: %w", i+1, len(sources), err)
-		}
 
 		syncedRevision := app.Status.Sync.Revision
 		if app.Spec.HasMultipleSources() {
@@ -315,7 +311,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 			AppName:                         app.InstanceName(m.namespace),
 			Namespace:                       appNamespace,
 			ApplicationSource:               &source,
-			KustomizeOptions:                kustomizeOptions,
+			KustomizeOptions:                kustomizeSettings,
 			KubeVersion:                     serverVersion,
 			ApiVersions:                     apiVersions,
 			VerifySignature:                 verifySignature,
diff --git a/docs/operator-manual/upgrading/3.1-3.2.md b/docs/operator-manual/upgrading/3.1-3.2.md
new file mode 100644
index 0000000000000..4431414205ea1
--- /dev/null
+++ b/docs/operator-manual/upgrading/3.1-3.2.md
@@ -0,0 +1,39 @@
+# v3.1 to 3.2
+
+## Argo CD Now Respects Kustomize Version in `.argocd-source.yaml`
+
+Argo CD provides a way to [override Application `spec.source` values](../../user-guide/parameters.md#store-overrides-in-git) 
+using the `.argocd-source.yaml` file.
+
+Before Argo CD v3.2, you could set the Kustomize version in the Application's `.spec.source.kustomize.version` field,
+but you could not set it in the `.argocd-source.yaml` file.
+
+Starting with Argo CD v3.2, you can now set the Kustomize version in the `.argocd-source.yaml` file like this:
+
+```yaml
+kustomize:
+  version: v4.5.7
+```
+
+## Deprecated fields in the repo-server GRPC service
+
+The repo-server's GRPC service is generally considered an internal API and is not recommended for use by external 
+clients. No user-facing services or functionality have changed. However, if you are using the repo-server's GRPC service 
+directly, please note field deprecations in the following messages.
+
+The `kustomizeOptions.binaryPath` field in the `ManifestRequest` and `RepoServerAppDetailsQuery` messages has been 
+deprecated. Instead of calculating the correct binary path client-side, the client is expected to populate the 
+`kustomizeOptions.versions` field with the [configured Kustomize binary paths](../../user-guide/kustomize.md#custom-kustomize-versions). 
+This allows the repo-server to select the correct binary path based on the Kustomize version configured in the 
+Application's source field as well as any [overrides configured via git](../../user-guide/parameters.md#store-overrides-in-git).
+
+The `kustomizeOptions.binaryPath` will continue to be respected when `kustomizeOptions.versions` is not set, but this is
+not recommended. It will prevent overrides configured via git from being respected. The `kustomizeOptions.binaryPath` 
+field will be removed in a future release.
+
+If the repo-server encounters a request with the `kustomizeOptions.binaryPath` field set, it will log a warning message:
+
+> kustomizeOptions.binaryPath is deprecated, use KustomizeOptions.versions instead
+
+The `ManifestRequest` and `RepoServerAppDetailsQuery` messages are used by the following GRPC services: 
+`GenerateManifest`, `GenerateManifestWithFiles`, and `GetAppDetails`.
diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md
index 703db48c04707..9fe105f2017b3 100644
--- a/docs/operator-manual/upgrading/overview.md
+++ b/docs/operator-manual/upgrading/overview.md
@@ -38,6 +38,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/<v
 
 <hr/>
 
+- [v3.1 to v3.2](./3.1-3.2.md)
 - [v3.0 to v3.1](./3.0-3.1.md)
 - [v2.14 to v3.0](./2.14-3.0.md)
 - [v2.13 to v2.14](./2.13-2.14.md)
diff --git a/mkdocs.yml b/mkdocs.yml
index 20e5e89cf857b..c91ff6e1ee15e 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -131,6 +131,7 @@ nav:
     - operator-manual/server-commands/additional-configuration-method.md
   - Upgrading:
     - operator-manual/upgrading/overview.md
+    - operator-manual/upgrading/3.1-3.2.md
     - operator-manual/upgrading/3.0-3.1.md
     - operator-manual/upgrading/2.14-3.0.md
     - operator-manual/upgrading/2.13-2.14.md
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index 09004a763176e..7d8649b00a93b 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -2561,10 +2561,38 @@ func (m *KustomizeSelector) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo
 
+func (m *KustomizeVersion) Reset()      { *m = KustomizeVersion{} }
+func (*KustomizeVersion) ProtoMessage() {}
+func (*KustomizeVersion) Descriptor() ([]byte, []int) {
+	return fileDescriptor_c078c3c476799f44, []int{90}
+}
+func (m *KustomizeVersion) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *KustomizeVersion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	b = b[:cap(b)]
+	n, err := m.MarshalToSizedBuffer(b)
+	if err != nil {
+		return nil, err
+	}
+	return b[:n], nil
+}
+func (m *KustomizeVersion) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_KustomizeVersion.Merge(m, src)
+}
+func (m *KustomizeVersion) XXX_Size() int {
+	return m.Size()
+}
+func (m *KustomizeVersion) XXX_DiscardUnknown() {
+	xxx_messageInfo_KustomizeVersion.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_KustomizeVersion proto.InternalMessageInfo
+
 func (m *ListGenerator) Reset()      { *m = ListGenerator{} }
 func (*ListGenerator) ProtoMessage() {}
 func (*ListGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{90}
+	return fileDescriptor_c078c3c476799f44, []int{91}
 }
 func (m *ListGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2592,7 +2620,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo
 func (m *ManagedNamespaceMetadata) Reset()      { *m = ManagedNamespaceMetadata{} }
 func (*ManagedNamespaceMetadata) ProtoMessage() {}
 func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{91}
+	return fileDescriptor_c078c3c476799f44, []int{92}
 }
 func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2620,7 +2648,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo
 func (m *MatrixGenerator) Reset()      { *m = MatrixGenerator{} }
 func (*MatrixGenerator) ProtoMessage() {}
 func (*MatrixGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{92}
+	return fileDescriptor_c078c3c476799f44, []int{93}
 }
 func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2648,7 +2676,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo
 func (m *MergeGenerator) Reset()      { *m = MergeGenerator{} }
 func (*MergeGenerator) ProtoMessage() {}
 func (*MergeGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{93}
+	return fileDescriptor_c078c3c476799f44, []int{94}
 }
 func (m *MergeGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2676,7 +2704,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo
 func (m *NestedMatrixGenerator) Reset()      { *m = NestedMatrixGenerator{} }
 func (*NestedMatrixGenerator) ProtoMessage() {}
 func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{94}
+	return fileDescriptor_c078c3c476799f44, []int{95}
 }
 func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2704,7 +2732,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo
 func (m *NestedMergeGenerator) Reset()      { *m = NestedMergeGenerator{} }
 func (*NestedMergeGenerator) ProtoMessage() {}
 func (*NestedMergeGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{95}
+	return fileDescriptor_c078c3c476799f44, []int{96}
 }
 func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2732,7 +2760,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo
 func (m *OCIMetadata) Reset()      { *m = OCIMetadata{} }
 func (*OCIMetadata) ProtoMessage() {}
 func (*OCIMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{96}
+	return fileDescriptor_c078c3c476799f44, []int{97}
 }
 func (m *OCIMetadata) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2760,7 +2788,7 @@ var xxx_messageInfo_OCIMetadata proto.InternalMessageInfo
 func (m *Operation) Reset()      { *m = Operation{} }
 func (*Operation) ProtoMessage() {}
 func (*Operation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{97}
+	return fileDescriptor_c078c3c476799f44, []int{98}
 }
 func (m *Operation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2788,7 +2816,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo
 func (m *OperationInitiator) Reset()      { *m = OperationInitiator{} }
 func (*OperationInitiator) ProtoMessage() {}
 func (*OperationInitiator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{98}
+	return fileDescriptor_c078c3c476799f44, []int{99}
 }
 func (m *OperationInitiator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2816,7 +2844,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo
 func (m *OperationState) Reset()      { *m = OperationState{} }
 func (*OperationState) ProtoMessage() {}
 func (*OperationState) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{99}
+	return fileDescriptor_c078c3c476799f44, []int{100}
 }
 func (m *OperationState) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2844,7 +2872,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo
 func (m *OptionalArray) Reset()      { *m = OptionalArray{} }
 func (*OptionalArray) ProtoMessage() {}
 func (*OptionalArray) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{100}
+	return fileDescriptor_c078c3c476799f44, []int{101}
 }
 func (m *OptionalArray) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2872,7 +2900,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo
 func (m *OptionalMap) Reset()      { *m = OptionalMap{} }
 func (*OptionalMap) ProtoMessage() {}
 func (*OptionalMap) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{101}
+	return fileDescriptor_c078c3c476799f44, []int{102}
 }
 func (m *OptionalMap) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2900,7 +2928,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo
 func (m *OrphanedResourceKey) Reset()      { *m = OrphanedResourceKey{} }
 func (*OrphanedResourceKey) ProtoMessage() {}
 func (*OrphanedResourceKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{102}
+	return fileDescriptor_c078c3c476799f44, []int{103}
 }
 func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2928,7 +2956,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo
 func (m *OrphanedResourcesMonitorSettings) Reset()      { *m = OrphanedResourcesMonitorSettings{} }
 func (*OrphanedResourcesMonitorSettings) ProtoMessage() {}
 func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{103}
+	return fileDescriptor_c078c3c476799f44, []int{104}
 }
 func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2956,7 +2984,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo
 func (m *OverrideIgnoreDiff) Reset()      { *m = OverrideIgnoreDiff{} }
 func (*OverrideIgnoreDiff) ProtoMessage() {}
 func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{104}
+	return fileDescriptor_c078c3c476799f44, []int{105}
 }
 func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2984,7 +3012,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo
 func (m *PluginConfigMapRef) Reset()      { *m = PluginConfigMapRef{} }
 func (*PluginConfigMapRef) ProtoMessage() {}
 func (*PluginConfigMapRef) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{105}
+	return fileDescriptor_c078c3c476799f44, []int{106}
 }
 func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3012,7 +3040,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo
 func (m *PluginGenerator) Reset()      { *m = PluginGenerator{} }
 func (*PluginGenerator) ProtoMessage() {}
 func (*PluginGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{106}
+	return fileDescriptor_c078c3c476799f44, []int{107}
 }
 func (m *PluginGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3040,7 +3068,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo
 func (m *PluginInput) Reset()      { *m = PluginInput{} }
 func (*PluginInput) ProtoMessage() {}
 func (*PluginInput) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{107}
+	return fileDescriptor_c078c3c476799f44, []int{108}
 }
 func (m *PluginInput) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3068,7 +3096,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo
 func (m *ProjectRole) Reset()      { *m = ProjectRole{} }
 func (*ProjectRole) ProtoMessage() {}
 func (*ProjectRole) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{108}
+	return fileDescriptor_c078c3c476799f44, []int{109}
 }
 func (m *ProjectRole) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3096,7 +3124,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo
 func (m *PullRequestGenerator) Reset()      { *m = PullRequestGenerator{} }
 func (*PullRequestGenerator) ProtoMessage() {}
 func (*PullRequestGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{109}
+	return fileDescriptor_c078c3c476799f44, []int{110}
 }
 func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3124,7 +3152,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo
 func (m *PullRequestGeneratorAzureDevOps) Reset()      { *m = PullRequestGeneratorAzureDevOps{} }
 func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {}
 func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{110}
+	return fileDescriptor_c078c3c476799f44, []int{111}
 }
 func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3152,7 +3180,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo
 func (m *PullRequestGeneratorBitbucket) Reset()      { *m = PullRequestGeneratorBitbucket{} }
 func (*PullRequestGeneratorBitbucket) ProtoMessage() {}
 func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{111}
+	return fileDescriptor_c078c3c476799f44, []int{112}
 }
 func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3180,7 +3208,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo
 func (m *PullRequestGeneratorBitbucketServer) Reset()      { *m = PullRequestGeneratorBitbucketServer{} }
 func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {}
 func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{112}
+	return fileDescriptor_c078c3c476799f44, []int{113}
 }
 func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3208,7 +3236,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf
 func (m *PullRequestGeneratorFilter) Reset()      { *m = PullRequestGeneratorFilter{} }
 func (*PullRequestGeneratorFilter) ProtoMessage() {}
 func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{113}
+	return fileDescriptor_c078c3c476799f44, []int{114}
 }
 func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3236,7 +3264,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo
 func (m *PullRequestGeneratorGitLab) Reset()      { *m = PullRequestGeneratorGitLab{} }
 func (*PullRequestGeneratorGitLab) ProtoMessage() {}
 func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{114}
+	return fileDescriptor_c078c3c476799f44, []int{115}
 }
 func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3264,7 +3292,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo
 func (m *PullRequestGeneratorGitea) Reset()      { *m = PullRequestGeneratorGitea{} }
 func (*PullRequestGeneratorGitea) ProtoMessage() {}
 func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{115}
+	return fileDescriptor_c078c3c476799f44, []int{116}
 }
 func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3292,7 +3320,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo
 func (m *PullRequestGeneratorGithub) Reset()      { *m = PullRequestGeneratorGithub{} }
 func (*PullRequestGeneratorGithub) ProtoMessage() {}
 func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{116}
+	return fileDescriptor_c078c3c476799f44, []int{117}
 }
 func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3320,7 +3348,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo
 func (m *RefTarget) Reset()      { *m = RefTarget{} }
 func (*RefTarget) ProtoMessage() {}
 func (*RefTarget) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{117}
+	return fileDescriptor_c078c3c476799f44, []int{118}
 }
 func (m *RefTarget) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3348,7 +3376,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo
 func (m *RepoCreds) Reset()      { *m = RepoCreds{} }
 func (*RepoCreds) ProtoMessage() {}
 func (*RepoCreds) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{118}
+	return fileDescriptor_c078c3c476799f44, []int{119}
 }
 func (m *RepoCreds) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3376,7 +3404,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo
 func (m *RepoCredsList) Reset()      { *m = RepoCredsList{} }
 func (*RepoCredsList) ProtoMessage() {}
 func (*RepoCredsList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{119}
+	return fileDescriptor_c078c3c476799f44, []int{120}
 }
 func (m *RepoCredsList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3404,7 +3432,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo
 func (m *Repository) Reset()      { *m = Repository{} }
 func (*Repository) ProtoMessage() {}
 func (*Repository) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{120}
+	return fileDescriptor_c078c3c476799f44, []int{121}
 }
 func (m *Repository) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3432,7 +3460,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo
 func (m *RepositoryCertificate) Reset()      { *m = RepositoryCertificate{} }
 func (*RepositoryCertificate) ProtoMessage() {}
 func (*RepositoryCertificate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{121}
+	return fileDescriptor_c078c3c476799f44, []int{122}
 }
 func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3460,7 +3488,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo
 func (m *RepositoryCertificateList) Reset()      { *m = RepositoryCertificateList{} }
 func (*RepositoryCertificateList) ProtoMessage() {}
 func (*RepositoryCertificateList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{122}
+	return fileDescriptor_c078c3c476799f44, []int{123}
 }
 func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3488,7 +3516,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo
 func (m *RepositoryList) Reset()      { *m = RepositoryList{} }
 func (*RepositoryList) ProtoMessage() {}
 func (*RepositoryList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{123}
+	return fileDescriptor_c078c3c476799f44, []int{124}
 }
 func (m *RepositoryList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3516,7 +3544,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo
 func (m *ResourceAction) Reset()      { *m = ResourceAction{} }
 func (*ResourceAction) ProtoMessage() {}
 func (*ResourceAction) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{124}
+	return fileDescriptor_c078c3c476799f44, []int{125}
 }
 func (m *ResourceAction) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3544,7 +3572,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo
 func (m *ResourceActionDefinition) Reset()      { *m = ResourceActionDefinition{} }
 func (*ResourceActionDefinition) ProtoMessage() {}
 func (*ResourceActionDefinition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{125}
+	return fileDescriptor_c078c3c476799f44, []int{126}
 }
 func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3572,7 +3600,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo
 func (m *ResourceActionParam) Reset()      { *m = ResourceActionParam{} }
 func (*ResourceActionParam) ProtoMessage() {}
 func (*ResourceActionParam) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{126}
+	return fileDescriptor_c078c3c476799f44, []int{127}
 }
 func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3600,7 +3628,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo
 func (m *ResourceActions) Reset()      { *m = ResourceActions{} }
 func (*ResourceActions) ProtoMessage() {}
 func (*ResourceActions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{127}
+	return fileDescriptor_c078c3c476799f44, []int{128}
 }
 func (m *ResourceActions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3628,7 +3656,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo
 func (m *ResourceDiff) Reset()      { *m = ResourceDiff{} }
 func (*ResourceDiff) ProtoMessage() {}
 func (*ResourceDiff) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{128}
+	return fileDescriptor_c078c3c476799f44, []int{129}
 }
 func (m *ResourceDiff) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3656,7 +3684,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo
 func (m *ResourceIgnoreDifferences) Reset()      { *m = ResourceIgnoreDifferences{} }
 func (*ResourceIgnoreDifferences) ProtoMessage() {}
 func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{129}
+	return fileDescriptor_c078c3c476799f44, []int{130}
 }
 func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3684,7 +3712,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo
 func (m *ResourceNetworkingInfo) Reset()      { *m = ResourceNetworkingInfo{} }
 func (*ResourceNetworkingInfo) ProtoMessage() {}
 func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{130}
+	return fileDescriptor_c078c3c476799f44, []int{131}
 }
 func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3712,7 +3740,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo
 func (m *ResourceNode) Reset()      { *m = ResourceNode{} }
 func (*ResourceNode) ProtoMessage() {}
 func (*ResourceNode) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{131}
+	return fileDescriptor_c078c3c476799f44, []int{132}
 }
 func (m *ResourceNode) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3740,7 +3768,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo
 func (m *ResourceOverride) Reset()      { *m = ResourceOverride{} }
 func (*ResourceOverride) ProtoMessage() {}
 func (*ResourceOverride) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{132}
+	return fileDescriptor_c078c3c476799f44, []int{133}
 }
 func (m *ResourceOverride) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3768,7 +3796,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo
 func (m *ResourceRef) Reset()      { *m = ResourceRef{} }
 func (*ResourceRef) ProtoMessage() {}
 func (*ResourceRef) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{133}
+	return fileDescriptor_c078c3c476799f44, []int{134}
 }
 func (m *ResourceRef) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3796,7 +3824,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo
 func (m *ResourceResult) Reset()      { *m = ResourceResult{} }
 func (*ResourceResult) ProtoMessage() {}
 func (*ResourceResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{134}
+	return fileDescriptor_c078c3c476799f44, []int{135}
 }
 func (m *ResourceResult) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3824,7 +3852,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo
 func (m *ResourceStatus) Reset()      { *m = ResourceStatus{} }
 func (*ResourceStatus) ProtoMessage() {}
 func (*ResourceStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{135}
+	return fileDescriptor_c078c3c476799f44, []int{136}
 }
 func (m *ResourceStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3852,7 +3880,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo
 func (m *RetryStrategy) Reset()      { *m = RetryStrategy{} }
 func (*RetryStrategy) ProtoMessage() {}
 func (*RetryStrategy) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{136}
+	return fileDescriptor_c078c3c476799f44, []int{137}
 }
 func (m *RetryStrategy) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3880,7 +3908,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo
 func (m *RevisionHistory) Reset()      { *m = RevisionHistory{} }
 func (*RevisionHistory) ProtoMessage() {}
 func (*RevisionHistory) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{137}
+	return fileDescriptor_c078c3c476799f44, []int{138}
 }
 func (m *RevisionHistory) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3908,7 +3936,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo
 func (m *RevisionMetadata) Reset()      { *m = RevisionMetadata{} }
 func (*RevisionMetadata) ProtoMessage() {}
 func (*RevisionMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{138}
+	return fileDescriptor_c078c3c476799f44, []int{139}
 }
 func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3936,7 +3964,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo
 func (m *RevisionReference) Reset()      { *m = RevisionReference{} }
 func (*RevisionReference) ProtoMessage() {}
 func (*RevisionReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{139}
+	return fileDescriptor_c078c3c476799f44, []int{140}
 }
 func (m *RevisionReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3964,7 +3992,7 @@ var xxx_messageInfo_RevisionReference proto.InternalMessageInfo
 func (m *SCMProviderGenerator) Reset()      { *m = SCMProviderGenerator{} }
 func (*SCMProviderGenerator) ProtoMessage() {}
 func (*SCMProviderGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{140}
+	return fileDescriptor_c078c3c476799f44, []int{141}
 }
 func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3992,7 +4020,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo
 func (m *SCMProviderGeneratorAWSCodeCommit) Reset()      { *m = SCMProviderGeneratorAWSCodeCommit{} }
 func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {}
 func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{141}
+	return fileDescriptor_c078c3c476799f44, []int{142}
 }
 func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4020,7 +4048,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo
 func (m *SCMProviderGeneratorAzureDevOps) Reset()      { *m = SCMProviderGeneratorAzureDevOps{} }
 func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {}
 func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{142}
+	return fileDescriptor_c078c3c476799f44, []int{143}
 }
 func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4048,7 +4076,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo
 func (m *SCMProviderGeneratorBitbucket) Reset()      { *m = SCMProviderGeneratorBitbucket{} }
 func (*SCMProviderGeneratorBitbucket) ProtoMessage() {}
 func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{143}
+	return fileDescriptor_c078c3c476799f44, []int{144}
 }
 func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4076,7 +4104,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo
 func (m *SCMProviderGeneratorBitbucketServer) Reset()      { *m = SCMProviderGeneratorBitbucketServer{} }
 func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {}
 func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{144}
+	return fileDescriptor_c078c3c476799f44, []int{145}
 }
 func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4104,7 +4132,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf
 func (m *SCMProviderGeneratorFilter) Reset()      { *m = SCMProviderGeneratorFilter{} }
 func (*SCMProviderGeneratorFilter) ProtoMessage() {}
 func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{145}
+	return fileDescriptor_c078c3c476799f44, []int{146}
 }
 func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4132,7 +4160,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo
 func (m *SCMProviderGeneratorGitea) Reset()      { *m = SCMProviderGeneratorGitea{} }
 func (*SCMProviderGeneratorGitea) ProtoMessage() {}
 func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{146}
+	return fileDescriptor_c078c3c476799f44, []int{147}
 }
 func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4160,7 +4188,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo
 func (m *SCMProviderGeneratorGithub) Reset()      { *m = SCMProviderGeneratorGithub{} }
 func (*SCMProviderGeneratorGithub) ProtoMessage() {}
 func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{147}
+	return fileDescriptor_c078c3c476799f44, []int{148}
 }
 func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4188,7 +4216,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo
 func (m *SCMProviderGeneratorGitlab) Reset()      { *m = SCMProviderGeneratorGitlab{} }
 func (*SCMProviderGeneratorGitlab) ProtoMessage() {}
 func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{148}
+	return fileDescriptor_c078c3c476799f44, []int{149}
 }
 func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4216,7 +4244,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo
 func (m *SecretRef) Reset()      { *m = SecretRef{} }
 func (*SecretRef) ProtoMessage() {}
 func (*SecretRef) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{149}
+	return fileDescriptor_c078c3c476799f44, []int{150}
 }
 func (m *SecretRef) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4244,7 +4272,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo
 func (m *SignatureKey) Reset()      { *m = SignatureKey{} }
 func (*SignatureKey) ProtoMessage() {}
 func (*SignatureKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{150}
+	return fileDescriptor_c078c3c476799f44, []int{151}
 }
 func (m *SignatureKey) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4272,7 +4300,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo
 func (m *SourceHydrator) Reset()      { *m = SourceHydrator{} }
 func (*SourceHydrator) ProtoMessage() {}
 func (*SourceHydrator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{151}
+	return fileDescriptor_c078c3c476799f44, []int{152}
 }
 func (m *SourceHydrator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4300,7 +4328,7 @@ var xxx_messageInfo_SourceHydrator proto.InternalMessageInfo
 func (m *SourceHydratorStatus) Reset()      { *m = SourceHydratorStatus{} }
 func (*SourceHydratorStatus) ProtoMessage() {}
 func (*SourceHydratorStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{152}
+	return fileDescriptor_c078c3c476799f44, []int{153}
 }
 func (m *SourceHydratorStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4328,7 +4356,7 @@ var xxx_messageInfo_SourceHydratorStatus proto.InternalMessageInfo
 func (m *SuccessfulHydrateOperation) Reset()      { *m = SuccessfulHydrateOperation{} }
 func (*SuccessfulHydrateOperation) ProtoMessage() {}
 func (*SuccessfulHydrateOperation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{153}
+	return fileDescriptor_c078c3c476799f44, []int{154}
 }
 func (m *SuccessfulHydrateOperation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4356,7 +4384,7 @@ var xxx_messageInfo_SuccessfulHydrateOperation proto.InternalMessageInfo
 func (m *SyncOperation) Reset()      { *m = SyncOperation{} }
 func (*SyncOperation) ProtoMessage() {}
 func (*SyncOperation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{154}
+	return fileDescriptor_c078c3c476799f44, []int{155}
 }
 func (m *SyncOperation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4384,7 +4412,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo
 func (m *SyncOperationResource) Reset()      { *m = SyncOperationResource{} }
 func (*SyncOperationResource) ProtoMessage() {}
 func (*SyncOperationResource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{155}
+	return fileDescriptor_c078c3c476799f44, []int{156}
 }
 func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4412,7 +4440,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo
 func (m *SyncOperationResult) Reset()      { *m = SyncOperationResult{} }
 func (*SyncOperationResult) ProtoMessage() {}
 func (*SyncOperationResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{156}
+	return fileDescriptor_c078c3c476799f44, []int{157}
 }
 func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4440,7 +4468,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo
 func (m *SyncPolicy) Reset()      { *m = SyncPolicy{} }
 func (*SyncPolicy) ProtoMessage() {}
 func (*SyncPolicy) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{157}
+	return fileDescriptor_c078c3c476799f44, []int{158}
 }
 func (m *SyncPolicy) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4468,7 +4496,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo
 func (m *SyncPolicyAutomated) Reset()      { *m = SyncPolicyAutomated{} }
 func (*SyncPolicyAutomated) ProtoMessage() {}
 func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{158}
+	return fileDescriptor_c078c3c476799f44, []int{159}
 }
 func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4496,7 +4524,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo
 func (m *SyncSource) Reset()      { *m = SyncSource{} }
 func (*SyncSource) ProtoMessage() {}
 func (*SyncSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{159}
+	return fileDescriptor_c078c3c476799f44, []int{160}
 }
 func (m *SyncSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4524,7 +4552,7 @@ var xxx_messageInfo_SyncSource proto.InternalMessageInfo
 func (m *SyncStatus) Reset()      { *m = SyncStatus{} }
 func (*SyncStatus) ProtoMessage() {}
 func (*SyncStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{160}
+	return fileDescriptor_c078c3c476799f44, []int{161}
 }
 func (m *SyncStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4552,7 +4580,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo
 func (m *SyncStrategy) Reset()      { *m = SyncStrategy{} }
 func (*SyncStrategy) ProtoMessage() {}
 func (*SyncStrategy) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{161}
+	return fileDescriptor_c078c3c476799f44, []int{162}
 }
 func (m *SyncStrategy) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4580,7 +4608,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo
 func (m *SyncStrategyApply) Reset()      { *m = SyncStrategyApply{} }
 func (*SyncStrategyApply) ProtoMessage() {}
 func (*SyncStrategyApply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{162}
+	return fileDescriptor_c078c3c476799f44, []int{163}
 }
 func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4608,7 +4636,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo
 func (m *SyncStrategyHook) Reset()      { *m = SyncStrategyHook{} }
 func (*SyncStrategyHook) ProtoMessage() {}
 func (*SyncStrategyHook) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{163}
+	return fileDescriptor_c078c3c476799f44, []int{164}
 }
 func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4636,7 +4664,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo
 func (m *SyncWindow) Reset()      { *m = SyncWindow{} }
 func (*SyncWindow) ProtoMessage() {}
 func (*SyncWindow) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{164}
+	return fileDescriptor_c078c3c476799f44, []int{165}
 }
 func (m *SyncWindow) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4664,7 +4692,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo
 func (m *TLSClientConfig) Reset()      { *m = TLSClientConfig{} }
 func (*TLSClientConfig) ProtoMessage() {}
 func (*TLSClientConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{165}
+	return fileDescriptor_c078c3c476799f44, []int{166}
 }
 func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4692,7 +4720,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo
 func (m *TagFilter) Reset()      { *m = TagFilter{} }
 func (*TagFilter) ProtoMessage() {}
 func (*TagFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{166}
+	return fileDescriptor_c078c3c476799f44, []int{167}
 }
 func (m *TagFilter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4821,6 +4849,7 @@ func init() {
 	proto.RegisterType((*KustomizeReplica)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.KustomizeReplica")
 	proto.RegisterType((*KustomizeResId)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.KustomizeResId")
 	proto.RegisterType((*KustomizeSelector)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.KustomizeSelector")
+	proto.RegisterType((*KustomizeVersion)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.KustomizeVersion")
 	proto.RegisterType((*ListGenerator)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ListGenerator")
 	proto.RegisterType((*ManagedNamespaceMetadata)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ManagedNamespaceMetadata")
 	proto.RegisterMapType((map[string]string)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ManagedNamespaceMetadata.AnnotationsEntry")
@@ -4914,780 +4943,783 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12364 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0xc9,
-	0x71, 0x18, 0xcc, 0x9e, 0xc1, 0x00, 0x33, 0x89, 0xd7, 0xa2, 0x76, 0xf7, 0x0e, 0xbb, 0xf7, 0xc0,
-	0xaa, 0x8f, 0x3a, 0x9e, 0x3e, 0xde, 0x01, 0xba, 0xbd, 0x3b, 0xea, 0x3e, 0x9d, 0x44, 0x09, 0x8f,
-	0x7d, 0x60, 0x17, 0x58, 0xe0, 0x6a, 0xb0, 0xbb, 0xe2, 0x51, 0xc7, 0x63, 0x63, 0xa6, 0x30, 0xe8,
-	0x45, 0x4f, 0xf7, 0x5c, 0x77, 0x0f, 0x16, 0x73, 0x22, 0x29, 0x52, 0x24, 0x25, 0x4a, 0x7c, 0x9d,
-	0x45, 0x87, 0x79, 0xb4, 0x4d, 0x9a, 0xb2, 0xe4, 0x57, 0x38, 0x18, 0xa2, 0xad, 0x1f, 0x56, 0x84,
-	0xa4, 0x60, 0xe8, 0x11, 0x0c, 0xca, 0x2f, 0xc9, 0x0c, 0x5a, 0x94, 0x2d, 0x11, 0x26, 0xd7, 0x76,
-	0x48, 0xe1, 0x08, 0x2b, 0x42, 0xb2, 0x7f, 0x38, 0xd6, 0x0e, 0x87, 0xa3, 0xde, 0xd5, 0x3d, 0x3d,
-	0xc0, 0x60, 0xd1, 0xd8, 0x5d, 0x52, 0xf7, 0x6f, 0xa6, 0x32, 0x2b, 0xb3, 0xba, 0xba, 0x3a, 0x33,
-	0x2b, 0x2b, 0x33, 0x0b, 0x96, 0x1a, 0x6e, 0xbc, 0xd9, 0x5e, 0x9f, 0xae, 0x05, 0xcd, 0x19, 0x27,
-	0x6c, 0x04, 0xad, 0x30, 0xb8, 0xc1, 0x7e, 0x3c, 0x55, 0xab, 0xcf, 0x6c, 0x3f, 0x33, 0xd3, 0xda,
-	0x6a, 0xcc, 0x38, 0x2d, 0x37, 0x9a, 0x71, 0x5a, 0x2d, 0xcf, 0xad, 0x39, 0xb1, 0x1b, 0xf8, 0x33,
-	0xdb, 0x4f, 0x3b, 0x5e, 0x6b, 0xd3, 0x79, 0x7a, 0xa6, 0x41, 0x7c, 0x12, 0x3a, 0x31, 0xa9, 0x4f,
-	0xb7, 0xc2, 0x20, 0x0e, 0xd0, 0x8f, 0x68, 0x6a, 0xd3, 0x92, 0x1a, 0xfb, 0xf1, 0x4a, 0xad, 0x3e,
-	0xbd, 0xfd, 0xcc, 0x74, 0x6b, 0xab, 0x31, 0x4d, 0xa9, 0x4d, 0x1b, 0xd4, 0xa6, 0x25, 0xb5, 0xd3,
-	0x4f, 0x19, 0x63, 0x69, 0x04, 0x8d, 0x60, 0x86, 0x11, 0x5d, 0x6f, 0x6f, 0xb0, 0x7f, 0xec, 0x0f,
-	0xfb, 0xc5, 0x99, 0x9d, 0xb6, 0xb7, 0x9e, 0x8f, 0xa6, 0xdd, 0x80, 0x0e, 0x6f, 0xa6, 0x16, 0x84,
-	0x64, 0x66, 0xbb, 0x6b, 0x40, 0xa7, 0x2f, 0x6a, 0x1c, 0xb2, 0x13, 0x13, 0x3f, 0x72, 0x03, 0x3f,
-	0x7a, 0x8a, 0x0e, 0x81, 0x84, 0xdb, 0x24, 0x34, 0x1f, 0xcf, 0x40, 0xc8, 0xa2, 0xf4, 0xac, 0xa6,
-	0xd4, 0x74, 0x6a, 0x9b, 0xae, 0x4f, 0xc2, 0x8e, 0xee, 0xde, 0x24, 0xb1, 0x93, 0xd5, 0x6b, 0xa6,
-	0x57, 0xaf, 0xb0, 0xed, 0xc7, 0x6e, 0x93, 0x74, 0x75, 0x78, 0xc7, 0x7e, 0x1d, 0xa2, 0xda, 0x26,
-	0x69, 0x3a, 0x5d, 0xfd, 0x9e, 0xe9, 0xd5, 0xaf, 0x1d, 0xbb, 0xde, 0x8c, 0xeb, 0xc7, 0x51, 0x1c,
-	0xa6, 0x3b, 0xd9, 0x7f, 0xd7, 0x82, 0xd1, 0xd9, 0xeb, 0xd5, 0xd9, 0x76, 0xbc, 0x39, 0x1f, 0xf8,
-	0x1b, 0x6e, 0x03, 0x3d, 0x07, 0xc3, 0x35, 0xaf, 0x1d, 0xc5, 0x24, 0xbc, 0xe2, 0x34, 0xc9, 0xa4,
-	0x75, 0xc6, 0x7a, 0xa2, 0x32, 0x77, 0xfc, 0x6b, 0xbb, 0x53, 0x6f, 0xb9, 0xb5, 0x3b, 0x35, 0x3c,
-	0xaf, 0x41, 0xd8, 0xc4, 0x43, 0x3f, 0x00, 0x43, 0x61, 0xe0, 0x91, 0x59, 0x7c, 0x65, 0xb2, 0xc0,
-	0xba, 0x8c, 0x8b, 0x2e, 0x43, 0x98, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0xad, 0x30, 0xd8, 0x70, 0x3d,
-	0x32, 0x59, 0x4c, 0xa2, 0xae, 0xf2, 0x66, 0x2c, 0xe1, 0xf6, 0xe7, 0x0a, 0x30, 0x3e, 0xdb, 0x6a,
-	0x5d, 0x24, 0x8e, 0x17, 0x6f, 0x56, 0x63, 0x27, 0x6e, 0x47, 0xa8, 0x01, 0x83, 0x11, 0xfb, 0x25,
-	0xc6, 0xb6, 0x22, 0x7a, 0x0f, 0x72, 0xf8, 0xed, 0xdd, 0xa9, 0x1f, 0xcd, 0x5a, 0xd1, 0x0d, 0x37,
-	0x0e, 0x5a, 0xd1, 0x53, 0xc4, 0x6f, 0xb8, 0x3e, 0x61, 0xf3, 0xb2, 0xc9, 0xa8, 0x4e, 0x9b, 0xc4,
-	0xe7, 0x83, 0x3a, 0xc1, 0x82, 0x3c, 0x1d, 0x67, 0x93, 0x44, 0x91, 0xd3, 0x20, 0xe9, 0x47, 0x5a,
-	0xe6, 0xcd, 0x58, 0xc2, 0x51, 0x08, 0xc8, 0x73, 0xa2, 0x78, 0x2d, 0x74, 0xfc, 0xc8, 0xa5, 0x4b,
-	0x7a, 0xcd, 0x6d, 0xf2, 0xa7, 0x1b, 0x3e, 0xfb, 0xff, 0x4d, 0xf3, 0x17, 0x33, 0x6d, 0xbe, 0x18,
-	0xfd, 0x1d, 0xd0, 0x75, 0x33, 0xbd, 0xfd, 0xf4, 0x34, 0xed, 0x31, 0xf7, 0xc0, 0xad, 0xdd, 0x29,
-	0xb4, 0xd4, 0x45, 0x09, 0x67, 0x50, 0xb7, 0xff, 0xa8, 0x00, 0x30, 0xdb, 0x6a, 0xad, 0x86, 0xc1,
-	0x0d, 0x52, 0x8b, 0xd1, 0x7b, 0xa1, 0x4c, 0x49, 0xd5, 0x9d, 0xd8, 0x61, 0x13, 0x33, 0x7c, 0xf6,
-	0x07, 0xfb, 0x63, 0xbc, 0xb2, 0x4e, 0xfb, 0x2f, 0x93, 0xd8, 0x99, 0x43, 0xe2, 0x01, 0x41, 0xb7,
-	0x61, 0x45, 0x15, 0xf9, 0x30, 0x10, 0xb5, 0x48, 0x8d, 0x4d, 0xc6, 0xf0, 0xd9, 0xa5, 0xe9, 0xc3,
-	0x7c, 0xe9, 0xd3, 0x7a, 0xe4, 0xd5, 0x16, 0xa9, 0xcd, 0x8d, 0x08, 0xce, 0x03, 0xf4, 0x1f, 0x66,
-	0x7c, 0xd0, 0xb6, 0x7a, 0xd1, 0x7c, 0x22, 0xaf, 0xe4, 0xc6, 0x91, 0x51, 0x9d, 0x1b, 0x4b, 0x2e,
-	0x1c, 0xf9, 0xde, 0xed, 0x6f, 0x59, 0x30, 0xa6, 0x91, 0x97, 0xdc, 0x28, 0x46, 0x3f, 0xd9, 0x35,
-	0xb9, 0xd3, 0xfd, 0x4d, 0x2e, 0xed, 0xcd, 0xa6, 0xf6, 0x98, 0x60, 0x56, 0x96, 0x2d, 0xc6, 0xc4,
-	0x36, 0xa1, 0xe4, 0xc6, 0xa4, 0x19, 0x4d, 0x16, 0xce, 0x14, 0x9f, 0x18, 0x3e, 0x7b, 0x31, 0xaf,
-	0xe7, 0x9c, 0x1b, 0x15, 0x4c, 0x4b, 0x8b, 0x94, 0x3c, 0xe6, 0x5c, 0xec, 0xbf, 0x1a, 0x35, 0x9f,
-	0x8f, 0x4e, 0x38, 0x7a, 0x1a, 0x86, 0xa3, 0xa0, 0x1d, 0xd6, 0x08, 0x26, 0xad, 0x80, 0x7e, 0x58,
-	0x45, 0xba, 0xdc, 0xe9, 0x07, 0x5f, 0xd5, 0xcd, 0xd8, 0xc4, 0x41, 0x9f, 0xb2, 0x60, 0xa4, 0x4e,
-	0xa2, 0xd8, 0xf5, 0x19, 0x7f, 0x39, 0xf8, 0xb5, 0x43, 0x0f, 0x5e, 0x36, 0x2e, 0x68, 0xe2, 0x73,
-	0x27, 0xc4, 0x83, 0x8c, 0x18, 0x8d, 0x11, 0x4e, 0xf0, 0xa7, 0x82, 0xab, 0x4e, 0xa2, 0x5a, 0xe8,
-	0xb6, 0xe8, 0x7f, 0x21, 0x5a, 0x94, 0xe0, 0x5a, 0xd0, 0x20, 0x6c, 0xe2, 0x21, 0x1f, 0x4a, 0x54,
-	0x30, 0x45, 0x93, 0x03, 0x6c, 0xfc, 0x8b, 0x87, 0x1b, 0xbf, 0x98, 0x54, 0x2a, 0xf3, 0xf4, 0xec,
-	0xd3, 0x7f, 0x11, 0xe6, 0x6c, 0xd0, 0x27, 0x2d, 0x98, 0x14, 0x82, 0x13, 0x13, 0x3e, 0xa1, 0xd7,
-	0x37, 0xdd, 0x98, 0x78, 0x6e, 0x14, 0x4f, 0x96, 0xd8, 0x18, 0x66, 0xfa, 0x5b, 0x5b, 0x17, 0xc2,
-	0xa0, 0xdd, 0xba, 0xec, 0xfa, 0xf5, 0xb9, 0x33, 0x82, 0xd3, 0xe4, 0x7c, 0x0f, 0xc2, 0xb8, 0x27,
-	0x4b, 0xf4, 0x19, 0x0b, 0x4e, 0xfb, 0x4e, 0x93, 0x44, 0x2d, 0x87, 0xbe, 0x5a, 0x0e, 0x9e, 0xf3,
-	0x9c, 0xda, 0x16, 0x1b, 0xd1, 0xe0, 0x9d, 0x8d, 0xc8, 0x16, 0x23, 0x3a, 0x7d, 0xa5, 0x27, 0x69,
-	0xbc, 0x07, 0x5b, 0xf4, 0xcb, 0x16, 0x4c, 0x04, 0x61, 0x6b, 0xd3, 0xf1, 0x49, 0x5d, 0x42, 0xa3,
-	0xc9, 0x21, 0xf6, 0xe9, 0xbd, 0xe7, 0x70, 0xaf, 0x68, 0x25, 0x4d, 0x76, 0x39, 0xf0, 0xdd, 0x38,
-	0x08, 0xab, 0x24, 0x8e, 0x5d, 0xbf, 0x11, 0xcd, 0x9d, 0xbc, 0xb5, 0x3b, 0x35, 0xd1, 0x85, 0x85,
-	0xbb, 0xc7, 0x83, 0x7e, 0x0a, 0x86, 0xa3, 0x8e, 0x5f, 0xbb, 0xee, 0xfa, 0xf5, 0xe0, 0x66, 0x34,
-	0x59, 0xce, 0xe3, 0xf3, 0xad, 0x2a, 0x82, 0xe2, 0x03, 0xd4, 0x0c, 0xb0, 0xc9, 0x2d, 0xfb, 0xc5,
-	0xe9, 0xa5, 0x54, 0xc9, 0xfb, 0xc5, 0xe9, 0xc5, 0xb4, 0x07, 0x5b, 0xf4, 0x73, 0x16, 0x8c, 0x46,
-	0x6e, 0xc3, 0x77, 0xe2, 0x76, 0x48, 0x2e, 0x93, 0x4e, 0x34, 0x09, 0x6c, 0x20, 0x97, 0x0e, 0x39,
-	0x2b, 0x06, 0xc9, 0xb9, 0x93, 0x62, 0x8c, 0xa3, 0x66, 0x6b, 0x84, 0x93, 0x7c, 0xb3, 0x3e, 0x34,
-	0xbd, 0xac, 0x87, 0xf3, 0xfd, 0xd0, 0xf4, 0xa2, 0xee, 0xc9, 0x12, 0xfd, 0x38, 0x1c, 0xe3, 0x4d,
-	0x6a, 0x66, 0xa3, 0xc9, 0x11, 0x26, 0x68, 0x4f, 0xdc, 0xda, 0x9d, 0x3a, 0x56, 0x4d, 0xc1, 0x70,
-	0x17, 0x36, 0x7a, 0x15, 0xa6, 0x5a, 0x24, 0x6c, 0xba, 0xf1, 0x8a, 0xef, 0x75, 0xa4, 0xf8, 0xae,
-	0x05, 0x2d, 0x52, 0x17, 0xc3, 0x89, 0x26, 0x47, 0xcf, 0x58, 0x4f, 0x94, 0xe7, 0xde, 0x26, 0x86,
-	0x39, 0xb5, 0xba, 0x37, 0x3a, 0xde, 0x8f, 0x1e, 0xfa, 0xaa, 0x05, 0xa7, 0x0d, 0x29, 0x5b, 0x25,
-	0xe1, 0xb6, 0x5b, 0x23, 0xb3, 0xb5, 0x5a, 0xd0, 0xf6, 0xe3, 0x68, 0x72, 0x8c, 0x4d, 0xe3, 0xfa,
-	0x51, 0xc8, 0xfc, 0x24, 0x2b, 0xbd, 0x2e, 0x7b, 0xa2, 0x44, 0x78, 0x8f, 0x91, 0xda, 0xbf, 0x5f,
-	0x80, 0x63, 0x69, 0x0b, 0x00, 0xfd, 0x43, 0x0b, 0xc6, 0x6f, 0xdc, 0x8c, 0xd7, 0x82, 0x2d, 0xe2,
-	0x47, 0x73, 0x1d, 0x2a, 0xa7, 0x99, 0xee, 0x1b, 0x3e, 0x5b, 0xcb, 0xd7, 0xd6, 0x98, 0xbe, 0x94,
-	0xe4, 0x72, 0xce, 0x8f, 0xc3, 0xce, 0xdc, 0x83, 0xe2, 0x99, 0xc6, 0x2f, 0x5d, 0x5f, 0x33, 0xa1,
-	0x38, 0x3d, 0xa8, 0xd3, 0x1f, 0xb7, 0xe0, 0x44, 0x16, 0x09, 0x74, 0x0c, 0x8a, 0x5b, 0xa4, 0xc3,
-	0x2d, 0x61, 0x4c, 0x7f, 0xa2, 0x97, 0xa1, 0xb4, 0xed, 0x78, 0x6d, 0x22, 0xcc, 0xb4, 0x0b, 0x87,
-	0x7b, 0x10, 0x35, 0x32, 0xcc, 0xa9, 0xfe, 0x70, 0xe1, 0x79, 0xcb, 0xfe, 0x83, 0x22, 0x0c, 0x1b,
-	0x2f, 0xed, 0x2e, 0x98, 0x9e, 0x41, 0xc2, 0xf4, 0x5c, 0xce, 0x6d, 0xbd, 0xf5, 0xb4, 0x3d, 0x6f,
-	0xa6, 0x6c, 0xcf, 0x95, 0xfc, 0x58, 0xee, 0x69, 0x7c, 0xa2, 0x18, 0x2a, 0x41, 0x8b, 0x6e, 0xd1,
-	0xa8, 0x0d, 0x33, 0x90, 0xc7, 0x2b, 0x5c, 0x91, 0xe4, 0xe6, 0x46, 0x6f, 0xed, 0x4e, 0x55, 0xd4,
-	0x5f, 0xac, 0x19, 0xd9, 0xdf, 0xb4, 0xe0, 0x84, 0x31, 0xc6, 0xf9, 0xc0, 0xaf, 0xb3, 0x8d, 0x06,
-	0x3a, 0x03, 0x03, 0x71, 0xa7, 0x25, 0xb7, 0x81, 0x6a, 0xa6, 0xd6, 0x3a, 0x2d, 0x82, 0x19, 0xe4,
-	0x7e, 0xdf, 0x25, 0x7d, 0xc6, 0x82, 0x07, 0xb2, 0x05, 0x0c, 0x7a, 0x1c, 0x06, 0xb9, 0x0f, 0x40,
-	0x3c, 0x9d, 0x7e, 0x25, 0xac, 0x15, 0x0b, 0x28, 0x9a, 0x81, 0x8a, 0x52, 0x78, 0xe2, 0x19, 0x27,
-	0x04, 0x6a, 0x45, 0x6b, 0x49, 0x8d, 0x43, 0x27, 0x8d, 0xfe, 0x11, 0x26, 0xa8, 0x9a, 0x34, 0xb6,
-	0x69, 0x66, 0x10, 0xfb, 0x1b, 0x16, 0xbc, 0xb5, 0x1f, 0xb1, 0x77, 0x74, 0x63, 0xac, 0xc2, 0xc9,
-	0x3a, 0xd9, 0x70, 0xda, 0x5e, 0x9c, 0xe4, 0x28, 0x06, 0xfd, 0x88, 0xe8, 0x7c, 0x72, 0x21, 0x0b,
-	0x09, 0x67, 0xf7, 0xb5, 0xff, 0x93, 0xc5, 0xb6, 0xeb, 0xf2, 0xb1, 0xee, 0xc2, 0xd6, 0xc9, 0x4f,
-	0x6e, 0x9d, 0x16, 0x73, 0xfb, 0x4c, 0x7b, 0xec, 0x9d, 0x3e, 0x69, 0xc1, 0x69, 0x03, 0x6b, 0xd9,
-	0x89, 0x6b, 0x9b, 0xe7, 0x76, 0x5a, 0x21, 0x89, 0x22, 0xba, 0xa4, 0x1e, 0x31, 0xc4, 0xf1, 0xdc,
-	0xb0, 0xa0, 0x50, 0xbc, 0x4c, 0x3a, 0x5c, 0x36, 0x3f, 0x09, 0x65, 0xfe, 0xcd, 0x05, 0xa1, 0x78,
-	0x49, 0xea, 0xd9, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xc8, 0x86, 0x41, 0x26, 0x73, 0xa9, 0x0c, 0xa2,
-	0x66, 0x02, 0xd0, 0xf7, 0x7e, 0x8d, 0xb5, 0x60, 0x01, 0xb1, 0xa3, 0xc4, 0x70, 0x56, 0x43, 0xc2,
-	0xd6, 0x43, 0xfd, 0xbc, 0x4b, 0xbc, 0x7a, 0x44, 0xb7, 0x75, 0x8e, 0xef, 0x07, 0xb1, 0xd8, 0xa1,
-	0x19, 0xdb, 0xba, 0x59, 0xdd, 0x8c, 0x4d, 0x1c, 0xca, 0xd4, 0x73, 0xd6, 0x89, 0xc7, 0x67, 0x54,
-	0x30, 0x5d, 0x62, 0x2d, 0x58, 0x40, 0xec, 0x5b, 0x05, 0xb6, 0x81, 0x54, 0x12, 0x8d, 0xdc, 0x0d,
-	0xef, 0x43, 0x98, 0x50, 0x01, 0xab, 0xf9, 0xc9, 0x63, 0xd2, 0xdb, 0x03, 0xf1, 0x5a, 0x4a, 0x0b,
-	0xe0, 0x5c, 0xb9, 0xee, 0xed, 0x85, 0xf8, 0x60, 0x11, 0xa6, 0x92, 0x1d, 0xba, 0x94, 0x08, 0xdd,
-	0xf2, 0x1a, 0x8c, 0xd2, 0xbe, 0x3a, 0x03, 0x1f, 0x9b, 0x78, 0x3d, 0xe4, 0x70, 0xe1, 0x28, 0xe5,
-	0xb0, 0xa9, 0x26, 0x8a, 0xfb, 0xa8, 0x89, 0xc7, 0xd5, 0xac, 0x0f, 0xa4, 0x64, 0x5e, 0x52, 0x55,
-	0x9e, 0x81, 0x81, 0x28, 0x26, 0xad, 0xc9, 0x52, 0x52, 0xcc, 0x56, 0x63, 0xd2, 0xc2, 0x0c, 0x82,
-	0x7e, 0x14, 0xc6, 0x63, 0x27, 0x6c, 0x90, 0x38, 0x24, 0xdb, 0x2e, 0xf3, 0xeb, 0xb2, 0xfd, 0x6c,
-	0x65, 0xee, 0x38, 0xb5, 0xba, 0xd6, 0x18, 0x08, 0x4b, 0x10, 0x4e, 0xe3, 0xda, 0xff, 0xad, 0x00,
-	0x0f, 0x26, 0x5f, 0x81, 0x56, 0x8c, 0x3f, 0x96, 0x50, 0x8c, 0x6f, 0x37, 0x15, 0xe3, 0xed, 0xdd,
-	0xa9, 0x87, 0x7a, 0x74, 0xfb, 0xae, 0xd1, 0x9b, 0xe8, 0x42, 0xea, 0x25, 0xcc, 0x74, 0x79, 0x59,
-	0x1f, 0xe9, 0xf1, 0x8c, 0xa9, 0xb7, 0xf4, 0x38, 0x0c, 0x86, 0xc4, 0x89, 0x02, 0x5f, 0xbc, 0x27,
-	0xf5, 0x36, 0x31, 0x6b, 0xc5, 0x02, 0x6a, 0x7f, 0xbd, 0x92, 0x9e, 0xec, 0x0b, 0xdc, 0x57, 0x1d,
-	0x84, 0xc8, 0x85, 0x01, 0xb6, 0x6b, 0xe3, 0x92, 0xe5, 0xf2, 0xe1, 0xbe, 0x42, 0xaa, 0x45, 0x14,
-	0xe9, 0xb9, 0x32, 0x7d, 0x6b, 0xb4, 0x09, 0x33, 0x16, 0x68, 0x07, 0xca, 0x35, 0xb9, 0x99, 0x2a,
-	0xe4, 0xe1, 0x76, 0x14, 0x5b, 0x29, 0xcd, 0x71, 0x84, 0x8a, 0x7b, 0xb5, 0x03, 0x53, 0xdc, 0x10,
-	0x81, 0x62, 0xc3, 0x8d, 0xc5, 0x6b, 0x3d, 0xe4, 0x76, 0xf9, 0x82, 0x6b, 0x3c, 0xe2, 0x10, 0xd5,
-	0x41, 0x17, 0xdc, 0x18, 0x53, 0xfa, 0xe8, 0xa3, 0x16, 0x0c, 0x47, 0xb5, 0xe6, 0x6a, 0x18, 0x6c,
-	0xbb, 0x75, 0x12, 0x0a, 0x1b, 0xf3, 0x90, 0x92, 0xad, 0x3a, 0xbf, 0x2c, 0x09, 0x6a, 0xbe, 0xdc,
-	0x7d, 0xa1, 0x21, 0xd8, 0xe4, 0x4b, 0xf7, 0x5e, 0x0f, 0x8a, 0x67, 0x5f, 0x20, 0x35, 0xf6, 0xc5,
-	0xc9, 0x3d, 0x33, 0x5b, 0x29, 0x87, 0xb6, 0xb9, 0x17, 0xda, 0xb5, 0x2d, 0xfa, 0xbd, 0xe9, 0x01,
-	0x3d, 0x74, 0x6b, 0x77, 0xea, 0xc1, 0xf9, 0x6c, 0x9e, 0xb8, 0xd7, 0x60, 0xd8, 0x84, 0xb5, 0xda,
-	0x9e, 0x87, 0xc9, 0xab, 0x6d, 0xc2, 0x3c, 0x62, 0x39, 0x4c, 0xd8, 0xaa, 0x26, 0x98, 0x9a, 0x30,
-	0x03, 0x82, 0x4d, 0xbe, 0xe8, 0x55, 0x18, 0x6c, 0x3a, 0x71, 0xe8, 0xee, 0x08, 0x37, 0xd8, 0x21,
-	0x77, 0x41, 0xcb, 0x8c, 0x96, 0x66, 0xce, 0x14, 0x3d, 0x6f, 0xc4, 0x82, 0x11, 0x6a, 0x42, 0xa9,
-	0x49, 0xc2, 0x06, 0x99, 0x2c, 0xe7, 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x0a, 0x35, 0xae,
-	0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0xcb, 0x50, 0x8e, 0x88, 0x47, 0x6a, 0xd4, 0x3c, 0xaa, 0x30, 0x8e,
-	0xcf, 0xf4, 0x69, 0x2a, 0x52, 0xbb, 0xa4, 0x2a, 0xba, 0xf2, 0x0f, 0x4c, 0xfe, 0xc3, 0x8a, 0x24,
-	0x9d, 0xc0, 0x96, 0xd7, 0x6e, 0xb8, 0xfe, 0x24, 0xe4, 0x31, 0x81, 0xab, 0x8c, 0x56, 0x6a, 0x02,
-	0x79, 0x23, 0x16, 0x8c, 0xec, 0xff, 0x6a, 0x01, 0x4a, 0x0a, 0xb5, 0xbb, 0x60, 0x13, 0xbf, 0x9a,
-	0xb4, 0x89, 0x97, 0xf2, 0x34, 0x5a, 0x7a, 0x98, 0xc5, 0xbf, 0x51, 0x81, 0x94, 0x3a, 0xb8, 0x42,
-	0xa2, 0x98, 0xd4, 0xdf, 0x14, 0xe1, 0x6f, 0x8a, 0xf0, 0x37, 0x45, 0xb8, 0x12, 0xe1, 0xeb, 0x29,
-	0x11, 0xfe, 0x4e, 0xe3, 0xab, 0xd7, 0xb1, 0x07, 0xaf, 0xa8, 0xe0, 0x04, 0x73, 0x04, 0x06, 0x02,
-	0x95, 0x04, 0x97, 0xaa, 0x2b, 0x57, 0x32, 0x65, 0xf6, 0x2b, 0x49, 0x99, 0x7d, 0x58, 0x16, 0x7f,
-	0x1d, 0xa4, 0xf4, 0x57, 0x2d, 0x78, 0x5b, 0x52, 0x7a, 0xc9, 0x95, 0xb3, 0xd8, 0xf0, 0x83, 0x90,
-	0x2c, 0xb8, 0x1b, 0x1b, 0x24, 0x24, 0x7e, 0x8d, 0x44, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0,
-	0x67, 0x61, 0xe4, 0x46, 0x14, 0xf8, 0xab, 0x81, 0xeb, 0x0b, 0x11, 0x44, 0x77, 0x1c, 0xc7, 0x6e,
-	0xed, 0x4e, 0x8d, 0xd0, 0x19, 0x95, 0xed, 0x38, 0x81, 0x85, 0xe6, 0x61, 0xe2, 0xc6, 0xab, 0xab,
-	0x4e, 0x6c, 0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x7a, 0x31, 0x05, 0xc4, 0xdd, 0xf8,
-	0xf6, 0xdf, 0x29, 0xc0, 0xa9, 0xd4, 0x83, 0x04, 0x9e, 0x17, 0xb4, 0x63, 0xba, 0x27, 0x42, 0x5f,
-	0xb0, 0xe0, 0x58, 0x33, 0xe9, 0xb0, 0x88, 0x84, 0xbb, 0xfb, 0x27, 0x72, 0xd3, 0x11, 0x29, 0x8f,
-	0xc8, 0xdc, 0xa4, 0x98, 0xa1, 0x63, 0x29, 0x40, 0x84, 0xbb, 0xc6, 0x82, 0x5e, 0x86, 0x4a, 0xd3,
-	0xd9, 0xb9, 0xda, 0xaa, 0x3b, 0xb1, 0xdc, 0x8e, 0xf6, 0xf6, 0x22, 0xb4, 0x63, 0xd7, 0x9b, 0xe6,
-	0x51, 0x2d, 0xd3, 0x8b, 0x7e, 0xbc, 0x12, 0x56, 0xe3, 0xd0, 0xf5, 0x1b, 0xdc, 0xc9, 0xb9, 0x2c,
-	0xc9, 0x60, 0x4d, 0xd1, 0xfe, 0xbc, 0x95, 0x56, 0x52, 0x6a, 0x76, 0x42, 0x27, 0x26, 0x8d, 0x0e,
-	0x7a, 0x1f, 0x94, 0xe8, 0xbe, 0x51, 0xce, 0xca, 0xf5, 0x3c, 0x35, 0xa7, 0xf1, 0x26, 0xb4, 0x12,
-	0xa5, 0xff, 0x22, 0xcc, 0x99, 0xda, 0x5f, 0xa8, 0xa4, 0x8d, 0x05, 0x76, 0x36, 0x7f, 0x16, 0xa0,
-	0x11, 0xac, 0x91, 0x66, 0xcb, 0xa3, 0xd3, 0x62, 0xb1, 0x03, 0x1e, 0xe5, 0x2a, 0xb9, 0xa0, 0x20,
-	0xd8, 0xc0, 0x42, 0x3f, 0x6f, 0x01, 0x34, 0xe4, 0x9a, 0x97, 0x86, 0xc0, 0xd5, 0x3c, 0x1f, 0x47,
-	0x7f, 0x51, 0x7a, 0x2c, 0x8a, 0x21, 0x36, 0x98, 0xa3, 0x9f, 0xb1, 0xa0, 0x1c, 0xcb, 0xe1, 0x73,
-	0xd5, 0xb8, 0x96, 0xe7, 0x48, 0xe4, 0x43, 0x6b, 0x9b, 0x48, 0x4d, 0x89, 0xe2, 0x8b, 0x7e, 0xd6,
-	0x02, 0x88, 0x3a, 0x7e, 0x6d, 0x35, 0xf0, 0xdc, 0x5a, 0x47, 0x68, 0xcc, 0x6b, 0xb9, 0xba, 0x73,
-	0x14, 0xf5, 0xb9, 0x31, 0x3a, 0x1b, 0xfa, 0x3f, 0x36, 0x38, 0xa3, 0x0f, 0x40, 0x39, 0x12, 0xcb,
-	0x4d, 0xe8, 0xc8, 0xb5, 0x7c, 0x9d, 0x4a, 0x9c, 0xb6, 0x10, 0xaf, 0xe2, 0x1f, 0x56, 0x3c, 0xd1,
-	0x67, 0x2d, 0x18, 0x6f, 0x25, 0xdd, 0x84, 0x42, 0x1d, 0xe6, 0x27, 0x03, 0x52, 0x6e, 0x48, 0xee,
-	0x6d, 0x49, 0x35, 0xe2, 0xf4, 0x28, 0xa8, 0x04, 0xd4, 0x2b, 0x78, 0xa5, 0xc5, 0x5d, 0x96, 0x43,
-	0x5a, 0x02, 0x5e, 0x48, 0x03, 0x71, 0x37, 0x3e, 0x5a, 0x85, 0x13, 0x74, 0x74, 0x1d, 0x6e, 0x7e,
-	0x4a, 0xf5, 0x12, 0x31, 0x65, 0x58, 0x9e, 0x7b, 0x58, 0xac, 0x10, 0x76, 0xd6, 0x91, 0xc6, 0xc1,
-	0x99, 0x3d, 0xd1, 0x1f, 0x58, 0xf0, 0xb0, 0xcb, 0xd4, 0x80, 0xe9, 0xb0, 0xd7, 0x1a, 0x41, 0x1c,
-	0xb4, 0x93, 0x5c, 0x65, 0x45, 0x2f, 0xf5, 0x33, 0xf7, 0x56, 0xf1, 0x04, 0x0f, 0x2f, 0xee, 0x31,
-	0x24, 0xbc, 0xe7, 0x80, 0xd1, 0x0f, 0xc1, 0xa8, 0xfc, 0x2e, 0x56, 0xa9, 0x08, 0x66, 0x8a, 0xb6,
-	0x32, 0x37, 0x71, 0x6b, 0x77, 0x6a, 0x74, 0xcd, 0x04, 0xe0, 0x24, 0x9e, 0xfd, 0x2f, 0x8b, 0x89,
-	0x53, 0x22, 0xe5, 0xc3, 0x64, 0xe2, 0xa6, 0x26, 0xfd, 0x3f, 0x52, 0x7a, 0xe6, 0x2a, 0x6e, 0x94,
-	0x77, 0x49, 0x8b, 0x1b, 0xd5, 0x14, 0x61, 0x83, 0x39, 0x35, 0x4a, 0x27, 0x9c, 0xb4, 0xa7, 0x54,
-	0x48, 0xc0, 0x97, 0xf3, 0x1c, 0x52, 0xf7, 0x99, 0xde, 0x29, 0x31, 0xb4, 0x89, 0x2e, 0x10, 0xee,
-	0x1e, 0x12, 0x7a, 0x3f, 0x54, 0x42, 0x15, 0xd9, 0x52, 0xcc, 0x63, 0xab, 0x26, 0x97, 0x8d, 0x18,
-	0x8e, 0x3a, 0x00, 0xd2, 0x31, 0x2c, 0x9a, 0xa3, 0xfd, 0xb1, 0x42, 0xe2, 0x60, 0xcc, 0x90, 0x1d,
-	0x7d, 0x1c, 0xfa, 0x7d, 0xca, 0x82, 0xe1, 0x30, 0xf0, 0x3c, 0xd7, 0x6f, 0x50, 0x39, 0x27, 0x94,
-	0xf5, 0xbb, 0x8f, 0x44, 0x5f, 0x0a, 0x81, 0xc6, 0x2c, 0x6b, 0xac, 0x79, 0x62, 0x73, 0x00, 0xe8,
-	0x05, 0x18, 0xad, 0x13, 0x8f, 0xd0, 0xbe, 0x2b, 0x21, 0xdd, 0x13, 0x71, 0x27, 0xb3, 0x8a, 0x14,
-	0x59, 0x30, 0x81, 0x38, 0x89, 0x6b, 0x7f, 0xcb, 0x82, 0xc9, 0x5e, 0xc2, 0x1c, 0x11, 0x78, 0x48,
-	0x4a, 0x2a, 0x35, 0x8f, 0x2b, 0xbe, 0xa4, 0x27, 0xf4, 0xf1, 0x63, 0x82, 0xcf, 0x43, 0xab, 0xbd,
-	0x51, 0xf1, 0x5e, 0x74, 0xd0, 0x4b, 0x70, 0xcc, 0x98, 0x94, 0x48, 0xcd, 0x6a, 0x65, 0x6e, 0x9a,
-	0x5a, 0x4f, 0xb3, 0x29, 0xd8, 0xed, 0xdd, 0xa9, 0x07, 0xd2, 0x6d, 0x42, 0xdb, 0x74, 0xd1, 0xb1,
-	0x7f, 0xa5, 0xeb, 0x55, 0x2b, 0x43, 0xe1, 0x0d, 0xab, 0xcb, 0x15, 0xf1, 0x13, 0x47, 0xa1, 0x9c,
-	0x99, 0xd3, 0x42, 0xc5, 0x70, 0xf4, 0xc6, 0xb9, 0x87, 0x67, 0xfe, 0xf6, 0xbf, 0x1e, 0x80, 0x3d,
-	0x46, 0xd6, 0x87, 0xe5, 0x7f, 0xe0, 0x43, 0xd8, 0x4f, 0x58, 0xea, 0xb4, 0x8d, 0x0b, 0x80, 0xfa,
-	0x51, 0xcd, 0x3d, 0xdf, 0x7c, 0x45, 0x3c, 0xee, 0x44, 0xb9, 0xe0, 0x93, 0xe7, 0x7a, 0xe8, 0x8b,
-	0x56, 0xf2, 0xbc, 0x90, 0x47, 0x44, 0xba, 0x47, 0x36, 0x26, 0xe3, 0x10, 0x92, 0x0f, 0x4c, 0x1f,
-	0x5d, 0xf5, 0x3a, 0x9e, 0x9c, 0x06, 0xd8, 0x70, 0x7d, 0xc7, 0x73, 0x5f, 0xa3, 0x5b, 0xab, 0x12,
-	0xb3, 0x0e, 0x98, 0xb9, 0x75, 0x5e, 0xb5, 0x62, 0x03, 0xe3, 0xf4, 0xff, 0x0f, 0xc3, 0xc6, 0x93,
-	0x67, 0x84, 0xcb, 0x9c, 0x30, 0xc3, 0x65, 0x2a, 0x46, 0x94, 0xcb, 0xe9, 0x77, 0xc2, 0xb1, 0xf4,
-	0x00, 0x0f, 0xd2, 0xdf, 0xfe, 0x5f, 0x43, 0xe9, 0x03, 0xbc, 0x35, 0x12, 0x36, 0xe9, 0xd0, 0xde,
-	0xf4, 0x8a, 0xbd, 0xe9, 0x15, 0x7b, 0xd3, 0x2b, 0x66, 0x1e, 0x6c, 0x08, 0x8f, 0xcf, 0xd0, 0x5d,
-	0xf2, 0xf8, 0x24, 0x7c, 0x58, 0xe5, 0xdc, 0x7d, 0x58, 0xf6, 0x47, 0xbb, 0xdc, 0xfe, 0x6b, 0x21,
-	0x21, 0x28, 0x80, 0x92, 0x1f, 0xd4, 0x89, 0x34, 0x90, 0x2f, 0xe5, 0x63, 0xed, 0x5d, 0x09, 0xea,
-	0x46, 0xac, 0x39, 0xfd, 0x17, 0x61, 0xce, 0xc7, 0xfe, 0xc8, 0x20, 0x24, 0x6c, 0x51, 0xfe, 0xde,
-	0x7f, 0x00, 0x86, 0x42, 0xd2, 0x0a, 0xae, 0xe2, 0x25, 0xa1, 0xcb, 0x74, 0xaa, 0x0e, 0x6f, 0xc6,
-	0x12, 0x4e, 0x75, 0x5e, 0xcb, 0x89, 0x37, 0x85, 0x32, 0x53, 0x3a, 0x6f, 0xd5, 0x89, 0x37, 0x31,
-	0x83, 0xa0, 0x77, 0xc2, 0x58, 0x9c, 0x38, 0x47, 0x17, 0xe7, 0xc5, 0x0f, 0x08, 0xdc, 0xb1, 0xe4,
-	0x29, 0x3b, 0x4e, 0x61, 0xa3, 0x57, 0x61, 0x60, 0x93, 0x78, 0x4d, 0xf1, 0xea, 0xab, 0xf9, 0xe9,
-	0x1a, 0xf6, 0xac, 0x17, 0x89, 0xd7, 0xe4, 0x92, 0x90, 0xfe, 0xc2, 0x8c, 0x15, 0x5d, 0xf7, 0x95,
-	0xad, 0x76, 0x14, 0x07, 0x4d, 0xf7, 0x35, 0xe9, 0x26, 0xfd, 0x89, 0x9c, 0x19, 0x5f, 0x96, 0xf4,
-	0xb9, 0x3f, 0x4a, 0xfd, 0xc5, 0x9a, 0x33, 0x1b, 0x47, 0xdd, 0x0d, 0xd9, 0x92, 0xe9, 0x08, 0x6f,
-	0x67, 0xde, 0xe3, 0x58, 0x90, 0xf4, 0xf9, 0x38, 0xd4, 0x5f, 0xac, 0x39, 0xa3, 0x8e, 0xfa, 0xfe,
-	0x86, 0xd9, 0x18, 0xae, 0xe6, 0x3c, 0x06, 0xfe, 0xed, 0x65, 0x7e, 0x87, 0x8f, 0x41, 0xa9, 0xb6,
-	0xe9, 0x84, 0xf1, 0xe4, 0x08, 0x5b, 0x34, 0x6a, 0x15, 0xcf, 0xd3, 0x46, 0xcc, 0x61, 0xe8, 0x11,
-	0x28, 0x86, 0x64, 0x83, 0x85, 0x36, 0x1b, 0x41, 0x55, 0x98, 0x6c, 0x60, 0xda, 0xae, 0xec, 0xb2,
-	0xb1, 0x9e, 0xd1, 0x76, 0xbf, 0x54, 0x48, 0x1a, 0x76, 0xc9, 0x99, 0xe1, 0xdf, 0x43, 0xad, 0x1d,
-	0x46, 0xd2, 0xbb, 0x66, 0x7c, 0x0f, 0xac, 0x19, 0x4b, 0x38, 0xfa, 0x90, 0x05, 0x43, 0x37, 0xa2,
-	0xc0, 0xf7, 0x49, 0x2c, 0x94, 0xe8, 0xb5, 0x9c, 0x27, 0xeb, 0x12, 0xa7, 0xae, 0xc7, 0x20, 0x1a,
-	0xb0, 0xe4, 0x4b, 0x87, 0x4b, 0x76, 0x6a, 0x5e, 0xbb, 0xde, 0x15, 0x49, 0x73, 0x8e, 0x37, 0x63,
-	0x09, 0xa7, 0xa8, 0xae, 0xcf, 0x51, 0x07, 0x92, 0xa8, 0x8b, 0xbe, 0x40, 0x15, 0x70, 0xfb, 0xd7,
-	0xca, 0x70, 0x32, 0xf3, 0xf3, 0xa1, 0x26, 0x17, 0x33, 0x6a, 0xce, 0xbb, 0x1e, 0x91, 0x31, 0x64,
-	0xcc, 0xe4, 0xba, 0xa6, 0x5a, 0xb1, 0x81, 0x81, 0x7e, 0x1a, 0xa0, 0xe5, 0x84, 0x4e, 0x93, 0x28,
-	0xef, 0xf7, 0xa1, 0x2d, 0x1b, 0x3a, 0x8e, 0x55, 0x49, 0x53, 0x7b, 0x00, 0x54, 0x53, 0x84, 0x0d,
-	0x96, 0xe8, 0x39, 0x18, 0x0e, 0x89, 0x47, 0x9c, 0x88, 0xc5, 0xce, 0xa7, 0x13, 0x81, 0xb0, 0x06,
-	0x61, 0x13, 0x0f, 0x3d, 0xae, 0xc2, 0xed, 0x52, 0x61, 0x47, 0xc9, 0x90, 0x3b, 0xf4, 0x69, 0x0b,
-	0xc6, 0x36, 0x5c, 0x8f, 0x68, 0xee, 0x22, 0x6d, 0x67, 0xe5, 0xf0, 0x0f, 0x79, 0xde, 0xa4, 0xab,
-	0x65, 0x68, 0xa2, 0x39, 0xc2, 0x29, 0xf6, 0xf4, 0x35, 0x6f, 0x93, 0x90, 0x09, 0xdf, 0xc1, 0xe4,
-	0x6b, 0xbe, 0xc6, 0x9b, 0xb1, 0x84, 0xa3, 0x59, 0x18, 0x6f, 0x39, 0x51, 0x34, 0x1f, 0x92, 0x3a,
-	0xf1, 0x63, 0xd7, 0xf1, 0x78, 0x52, 0x4d, 0x59, 0xc7, 0xa2, 0xaf, 0x26, 0xc1, 0x38, 0x8d, 0x8f,
-	0xde, 0x05, 0x0f, 0x72, 0xf7, 0xd2, 0xb2, 0x1b, 0x45, 0xae, 0xdf, 0xd0, 0xcb, 0x40, 0x78, 0xd9,
-	0xa6, 0x04, 0xa9, 0x07, 0x17, 0xb3, 0xd1, 0x70, 0xaf, 0xfe, 0xe8, 0x49, 0x28, 0x47, 0x5b, 0x6e,
-	0x6b, 0x3e, 0xac, 0x47, 0xec, 0x68, 0xa9, 0xac, 0x7d, 0xba, 0x55, 0xd1, 0x8e, 0x15, 0x06, 0xaa,
-	0xc1, 0x08, 0x7f, 0x25, 0x3c, 0x5e, 0x50, 0x48, 0xd0, 0xa7, 0x7a, 0x2a, 0x72, 0x91, 0x3f, 0x3b,
-	0x8d, 0x9d, 0x9b, 0xe7, 0xe4, 0x41, 0x17, 0x3f, 0x97, 0xb9, 0x66, 0x90, 0xc1, 0x09, 0xa2, 0xc9,
-	0x3d, 0xdd, 0x70, 0x1f, 0x7b, 0xba, 0xe7, 0x60, 0x78, 0xab, 0xbd, 0x4e, 0xc4, 0xcc, 0x0b, 0xc1,
-	0xa6, 0x56, 0xdf, 0x65, 0x0d, 0xc2, 0x26, 0x1e, 0x0b, 0xd5, 0x6c, 0xb9, 0xe2, 0x5f, 0x34, 0x39,
-	0x6a, 0x84, 0x6a, 0xae, 0x2e, 0xca, 0x66, 0x6c, 0xe2, 0xd0, 0xa1, 0xd1, 0xb9, 0x58, 0x23, 0x11,
-	0xcb, 0xc4, 0xa0, 0xd3, 0xa5, 0x86, 0x56, 0x95, 0x00, 0xac, 0x71, 0xd0, 0x2a, 0x9c, 0xa0, 0x7f,
-	0xaa, 0x2c, 0x7f, 0xf8, 0x9a, 0xe3, 0xb9, 0x75, 0x1e, 0x37, 0x38, 0x9e, 0x74, 0x8e, 0x56, 0x33,
-	0x70, 0x70, 0x66, 0x4f, 0xfb, 0x73, 0x85, 0xa4, 0xe7, 0xc4, 0x14, 0x61, 0x28, 0xa2, 0x82, 0x2a,
-	0xbe, 0xe6, 0x84, 0xd2, 0xe0, 0x39, 0x64, 0x66, 0x94, 0xa0, 0x7b, 0xcd, 0x09, 0x4d, 0x91, 0xc7,
-	0x18, 0x60, 0xc9, 0x09, 0xdd, 0x80, 0x81, 0xd8, 0x73, 0x72, 0x4a, 0xa5, 0x34, 0x38, 0x6a, 0x2f,
-	0xd8, 0xd2, 0x6c, 0x84, 0x19, 0x0f, 0xf4, 0x30, 0xdd, 0xbd, 0xad, 0xcb, 0x63, 0x3a, 0xb1, 0xe1,
-	0x5a, 0x8f, 0x30, 0x6b, 0xb5, 0xff, 0xe6, 0x68, 0x86, 0xd6, 0x51, 0x86, 0x00, 0x3a, 0x0b, 0x40,
-	0x17, 0xcd, 0x6a, 0x48, 0x36, 0xdc, 0x1d, 0x61, 0x88, 0x29, 0xc9, 0x76, 0x45, 0x41, 0xb0, 0x81,
-	0x25, 0xfb, 0x54, 0xdb, 0x1b, 0xb4, 0x4f, 0xa1, 0xbb, 0x0f, 0x87, 0x60, 0x03, 0x0b, 0x3d, 0x0b,
-	0x83, 0x6e, 0xd3, 0x69, 0xa8, 0x28, 0xe2, 0x87, 0xa9, 0x48, 0x5b, 0x64, 0x2d, 0xb7, 0x77, 0xa7,
-	0xc6, 0xd4, 0x80, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0x57, 0x2c, 0x18, 0xa9, 0x05, 0xcd, 0x66, 0xe0,
-	0xf3, 0xed, 0xb3, 0xf0, 0x05, 0xdc, 0x38, 0x2a, 0x33, 0x69, 0x7a, 0xde, 0x60, 0xc6, 0x9d, 0x01,
-	0x2a, 0xe7, 0xd3, 0x04, 0xe1, 0xc4, 0xa8, 0x4c, 0xc9, 0x57, 0xda, 0x47, 0xf2, 0xfd, 0xba, 0x05,
-	0x13, 0xbc, 0xaf, 0xb1, 0xab, 0x17, 0xe9, 0x8d, 0xc1, 0x11, 0x3f, 0x56, 0x97, 0xa3, 0x43, 0x79,
-	0x8a, 0xbb, 0xe0, 0xb8, 0x7b, 0x90, 0xe8, 0x02, 0x4c, 0x6c, 0x04, 0x61, 0x8d, 0x98, 0x13, 0x21,
-	0xc4, 0xb6, 0x22, 0x74, 0x3e, 0x8d, 0x80, 0xbb, 0xfb, 0xa0, 0x6b, 0xf0, 0x80, 0xd1, 0x68, 0xce,
-	0x03, 0x97, 0xdc, 0x8f, 0x0a, 0x6a, 0x0f, 0x9c, 0xcf, 0xc4, 0xc2, 0x3d, 0x7a, 0x27, 0x85, 0x64,
-	0xa5, 0x0f, 0x21, 0xf9, 0x0a, 0x9c, 0xaa, 0x75, 0xcf, 0xcc, 0x76, 0xd4, 0x5e, 0x8f, 0xb8, 0x1c,
-	0x2f, 0xcf, 0x7d, 0x9f, 0x20, 0x70, 0x6a, 0xbe, 0x17, 0x22, 0xee, 0x4d, 0x03, 0xbd, 0x0f, 0xca,
-	0x21, 0x61, 0x6f, 0x25, 0x12, 0xb9, 0x7e, 0x87, 0xf4, 0x76, 0x68, 0x0b, 0x9e, 0x93, 0xd5, 0x9a,
-	0x49, 0x34, 0x44, 0x58, 0x71, 0x44, 0x37, 0x61, 0xa8, 0xe5, 0xc4, 0xb5, 0x4d, 0x91, 0xe1, 0x77,
-	0x68, 0xc7, 0xbe, 0x62, 0xce, 0xce, 0x61, 0x8c, 0x7a, 0x09, 0x9c, 0x09, 0x96, 0xdc, 0xa8, 0xad,
-	0x56, 0x0b, 0x9a, 0xad, 0xc0, 0x27, 0x7e, 0x2c, 0x95, 0xc8, 0x18, 0x3f, 0x2c, 0x91, 0xad, 0xd8,
-	0xc0, 0xe8, 0xd2, 0xe5, 0x1a, 0x6d, 0x72, 0x62, 0x0f, 0x5d, 0x6e, 0x50, 0xeb, 0xd5, 0x9f, 0x2a,
-	0x1b, 0xe6, 0x56, 0xbc, 0xee, 0xc6, 0x9b, 0x41, 0x3b, 0x96, 0xbb, 0x64, 0xa1, 0xa8, 0x94, 0xb2,
-	0x59, 0xca, 0xc0, 0xc1, 0x99, 0x3d, 0xd3, 0x9a, 0x75, 0xfc, 0xce, 0x34, 0xeb, 0xb1, 0x3e, 0x34,
-	0x6b, 0x15, 0x4e, 0xb2, 0x11, 0x08, 0x2b, 0x59, 0x3a, 0x2d, 0xa3, 0x49, 0xc4, 0x06, 0xaf, 0x92,
-	0x63, 0x96, 0xb2, 0x90, 0x70, 0x76, 0xdf, 0xd3, 0x3f, 0x06, 0x13, 0x5d, 0x42, 0xee, 0x40, 0x0e,
-	0xc9, 0x05, 0x78, 0x20, 0x5b, 0x9c, 0x1c, 0xc8, 0x2d, 0xf9, 0x6b, 0xa9, 0xa0, 0x76, 0x63, 0x8b,
-	0xd6, 0x87, 0x8b, 0xdb, 0x81, 0x22, 0xf1, 0xb7, 0x85, 0x76, 0x3d, 0x7f, 0xb8, 0x55, 0x7d, 0xce,
-	0xdf, 0xe6, 0xd2, 0x90, 0xf9, 0xf1, 0xce, 0xf9, 0xdb, 0x98, 0xd2, 0x46, 0xbf, 0x68, 0x25, 0x36,
-	0x10, 0xdc, 0x31, 0xfe, 0x9e, 0x23, 0xd9, 0x93, 0xf6, 0xbd, 0xa7, 0xb0, 0xff, 0x4d, 0x01, 0xce,
-	0xec, 0x47, 0xa4, 0x8f, 0xe9, 0x7b, 0x0c, 0x06, 0x23, 0x16, 0xa6, 0x22, 0xd4, 0xd5, 0x30, 0xfd,
-	0x8a, 0x79, 0xe0, 0xca, 0x2b, 0x58, 0x80, 0x90, 0x07, 0xc5, 0xa6, 0xd3, 0x12, 0xfe, 0xd2, 0xc5,
-	0xc3, 0x26, 0xff, 0xd1, 0xff, 0x8e, 0xb7, 0xec, 0xb4, 0xf8, 0x9a, 0x37, 0x1a, 0x30, 0x65, 0x83,
-	0x62, 0x28, 0x39, 0x61, 0xe8, 0xc8, 0x98, 0x88, 0xcb, 0xf9, 0xf0, 0x9b, 0xa5, 0x24, 0xf9, 0x91,
-	0x72, 0xa2, 0x09, 0x73, 0x66, 0xf6, 0x67, 0xcb, 0x89, 0x4c, 0x31, 0x16, 0xe8, 0x12, 0xc1, 0xa0,
-	0x70, 0x93, 0x5a, 0x79, 0xe7, 0x5c, 0xf2, 0x54, 0x6c, 0xe6, 0x81, 0x10, 0x05, 0x2d, 0x04, 0x2b,
-	0xf4, 0x71, 0x8b, 0x95, 0x8d, 0x90, 0xe9, 0x77, 0x62, 0x57, 0x7f, 0x34, 0x55, 0x2c, 0xcc, 0x62,
-	0x14, 0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x69, 0x1c, 0xb6, 0x9b, 0xe9, 0x2e, 0x8d, 0xc3, 0x76, 0x27,
-	0x12, 0x8e, 0x76, 0x32, 0x02, 0x5a, 0x72, 0x28, 0x3d, 0xd0, 0x47, 0x08, 0xcb, 0x17, 0x2d, 0x98,
-	0x70, 0xd3, 0x91, 0x09, 0x62, 0x0f, 0x7c, 0x3d, 0x1f, 0x9f, 0x66, 0x77, 0xe0, 0x83, 0x32, 0x74,
-	0xba, 0x40, 0xb8, 0x7b, 0x30, 0xa8, 0x0e, 0x03, 0xae, 0xbf, 0x11, 0x08, 0xf3, 0x6e, 0xee, 0x70,
-	0x83, 0x5a, 0xf4, 0x37, 0x02, 0xfd, 0x35, 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x4b, 0x70, 0x42, 0x26,
-	0x0b, 0x5d, 0x74, 0xa3, 0x38, 0x08, 0x3b, 0x4b, 0x6e, 0xd3, 0x8d, 0x99, 0x69, 0x56, 0x9c, 0x9b,
-	0xa4, 0xea, 0x0d, 0x67, 0xc0, 0x71, 0x66, 0x2f, 0xf4, 0x1a, 0x0c, 0xc9, 0x68, 0x80, 0x72, 0x1e,
-	0xfe, 0x84, 0xee, 0xf5, 0xaf, 0x16, 0x53, 0x55, 0x84, 0x03, 0x48, 0x86, 0xe8, 0x63, 0x16, 0x8c,
-	0xf1, 0xdf, 0x17, 0x3b, 0x75, 0x9e, 0x9f, 0x58, 0xc9, 0x23, 0xe4, 0xbf, 0x9a, 0xa0, 0x39, 0x87,
-	0x6e, 0xed, 0x4e, 0x8d, 0x25, 0xdb, 0x70, 0x8a, 0xaf, 0xfd, 0x8f, 0x46, 0xa0, 0x3b, 0x7e, 0x22,
-	0x19, 0x2c, 0x61, 0xdd, 0xed, 0x60, 0x09, 0xba, 0xab, 0x8c, 0x74, 0x9c, 0x43, 0x0e, 0x9f, 0x99,
-	0xe0, 0xaa, 0x8f, 0xa1, 0x3b, 0x7e, 0x0d, 0x33, 0x1e, 0xa8, 0x0d, 0x83, 0xbc, 0x32, 0x95, 0xd0,
-	0x00, 0x87, 0x3f, 0xf9, 0x36, 0x2b, 0x5c, 0x69, 0xb7, 0x16, 0x6f, 0xc5, 0x82, 0x19, 0xda, 0x81,
-	0xa1, 0x4d, 0xbe, 0x1c, 0xc5, 0x5e, 0x6f, 0xf9, 0xb0, 0xf3, 0x9b, 0x58, 0xe3, 0x7a, 0xf1, 0x89,
-	0x06, 0x2c, 0xd9, 0xb1, 0xd8, 0x3c, 0x23, 0x7a, 0x88, 0x0b, 0x92, 0xfc, 0x52, 0x2d, 0xfb, 0x0f,
-	0x1d, 0x7a, 0x2f, 0x8c, 0x84, 0xa4, 0x16, 0xf8, 0x35, 0xd7, 0x23, 0xf5, 0x59, 0x79, 0x20, 0x76,
-	0x90, 0x0c, 0x3b, 0xe6, 0x4d, 0xc2, 0x06, 0x0d, 0x9c, 0xa0, 0xc8, 0xbe, 0x33, 0x95, 0x75, 0x4f,
-	0x5f, 0x08, 0x11, 0x07, 0x1f, 0x4b, 0x39, 0xe5, 0xf8, 0x33, 0x9a, 0xfc, 0x3b, 0x4b, 0xb6, 0xe1,
-	0x14, 0x5f, 0xf4, 0x12, 0x40, 0xb0, 0xce, 0x03, 0xf0, 0x66, 0x63, 0x71, 0x0a, 0x72, 0x90, 0x47,
-	0x1d, 0xe3, 0x99, 0xba, 0x92, 0x02, 0x36, 0xa8, 0xa1, 0xcb, 0x00, 0xfc, 0xcb, 0x59, 0xeb, 0xb4,
-	0xe4, 0x86, 0x50, 0xa6, 0x48, 0x42, 0x55, 0x41, 0x6e, 0xef, 0x4e, 0x75, 0xfb, 0x9c, 0x59, 0x94,
-	0x91, 0xd1, 0x1d, 0xfd, 0x14, 0x0c, 0x45, 0xed, 0x66, 0xd3, 0x51, 0x67, 0x24, 0x39, 0xe6, 0xfe,
-	0x72, 0xba, 0x86, 0x60, 0xe4, 0x0d, 0x58, 0x72, 0x44, 0x37, 0xa8, 0x88, 0x17, 0x12, 0x8a, 0x7f,
-	0x45, 0xdc, 0x42, 0xe1, 0x9e, 0xc0, 0x77, 0xc8, 0x5d, 0x0c, 0xce, 0xc0, 0xb9, 0xbd, 0x3b, 0xf5,
-	0x40, 0xb2, 0x7d, 0x29, 0x10, 0xd9, 0xb8, 0x99, 0x34, 0xd1, 0x25, 0x59, 0x84, 0x8b, 0x3e, 0xb6,
-	0xac, 0x0d, 0xf3, 0x84, 0x2e, 0xc2, 0xc5, 0x9a, 0x7b, 0xcf, 0x99, 0xd9, 0x19, 0x2d, 0xc3, 0xf1,
-	0x5a, 0xe0, 0xc7, 0x61, 0xe0, 0x79, 0xbc, 0x40, 0x1f, 0xdf, 0x9b, 0xf3, 0x33, 0x94, 0x87, 0xc4,
-	0xb0, 0x8f, 0xcf, 0x77, 0xa3, 0xe0, 0xac, 0x7e, 0xd4, 0x26, 0x4f, 0xeb, 0x87, 0xb1, 0x5c, 0x8e,
-	0xd7, 0x13, 0x34, 0x85, 0x84, 0x52, 0x6e, 0xef, 0x7d, 0x34, 0x85, 0x9f, 0x3c, 0x64, 0x15, 0x6f,
-	0xec, 0x59, 0x18, 0x21, 0x3b, 0x31, 0x09, 0x7d, 0xc7, 0xbb, 0x8a, 0x97, 0xe4, 0x81, 0x05, 0xfb,
-	0x30, 0xcf, 0x19, 0xed, 0x38, 0x81, 0x85, 0x6c, 0xe5, 0x25, 0x33, 0xd2, 0xde, 0xb9, 0x97, 0x4c,
-	0xfa, 0xc4, 0xec, 0x2f, 0x17, 0x13, 0x36, 0xeb, 0x3d, 0x39, 0xd2, 0x65, 0xf5, 0x95, 0x64, 0x21,
-	0x2a, 0x06, 0x10, 0x7b, 0xb1, 0x3c, 0x39, 0xab, 0xa8, 0xb9, 0x15, 0x93, 0x11, 0x4e, 0xf2, 0x45,
-	0x5b, 0x50, 0xda, 0x0c, 0xa2, 0x58, 0xee, 0xd0, 0x0e, 0xb9, 0x19, 0xbc, 0x18, 0x44, 0x31, 0x33,
-	0xb4, 0xd4, 0x63, 0xd3, 0x96, 0x08, 0x73, 0x1e, 0x74, 0xef, 0x1f, 0x6d, 0x3a, 0x61, 0x3d, 0x9a,
-	0x67, 0x45, 0x2a, 0x06, 0x98, 0x85, 0xa5, 0xec, 0xe9, 0xaa, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x33,
-	0x2b, 0x71, 0xaa, 0x75, 0x9d, 0x65, 0x1c, 0x6c, 0x13, 0x9f, 0x8a, 0x28, 0x33, 0xc6, 0xf1, 0x87,
-	0x52, 0xf9, 0xdb, 0x6f, 0xeb, 0x55, 0x4b, 0xf3, 0x26, 0xa5, 0x30, 0xcd, 0x48, 0x18, 0xe1, 0x90,
-	0x1f, 0xb4, 0x92, 0x89, 0xf8, 0x85, 0x3c, 0xb6, 0x6e, 0x66, 0x31, 0x8a, 0x7d, 0x73, 0xfa, 0xed,
-	0x5f, 0xb4, 0x60, 0x68, 0xce, 0xa9, 0x6d, 0x05, 0x1b, 0x1b, 0xe8, 0x49, 0x28, 0xd7, 0xdb, 0xa1,
-	0x59, 0x13, 0x40, 0x39, 0xab, 0x16, 0x44, 0x3b, 0x56, 0x18, 0x74, 0xe9, 0x6f, 0x38, 0x35, 0x59,
-	0x92, 0xa2, 0xc8, 0x97, 0xfe, 0x79, 0xd6, 0x82, 0x05, 0x84, 0x4e, 0x7f, 0xd3, 0xd9, 0x91, 0x9d,
-	0xd3, 0x47, 0x6a, 0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xf7, 0x2c, 0x98, 0x9c, 0x73, 0x22, 0xb7,
-	0x36, 0xdb, 0x8e, 0x37, 0xe7, 0xdc, 0x78, 0xbd, 0x5d, 0xdb, 0x22, 0x31, 0x2f, 0x5d, 0x42, 0x47,
-	0xd9, 0x8e, 0xe8, 0x17, 0xa8, 0x76, 0xcc, 0x6a, 0x94, 0x57, 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x35,
-	0x18, 0x6e, 0x39, 0x51, 0x74, 0x33, 0x08, 0xeb, 0x98, 0x6c, 0xe4, 0x53, 0xdc, 0xa8, 0x4a, 0x6a,
-	0x21, 0x89, 0x31, 0xd9, 0x10, 0x01, 0x2a, 0x9a, 0x3e, 0x36, 0x99, 0xd9, 0x3f, 0x6f, 0xc1, 0x89,
-	0x39, 0xe2, 0x84, 0x24, 0x64, 0xb5, 0x90, 0xd4, 0x83, 0xa0, 0x57, 0xa1, 0x1c, 0xd3, 0x16, 0x3a,
-	0x22, 0x2b, 0xdf, 0x11, 0xb1, 0xd0, 0x92, 0x35, 0x41, 0x1c, 0x2b, 0x36, 0xf6, 0xa7, 0x2c, 0x38,
-	0x95, 0x35, 0x96, 0x79, 0x2f, 0x68, 0xd7, 0xef, 0xc5, 0x80, 0xfe, 0xb6, 0x05, 0x23, 0xec, 0xb8,
-	0x7e, 0x81, 0xc4, 0x8e, 0xeb, 0x75, 0xd5, 0x61, 0xb4, 0xfa, 0xac, 0xc3, 0x78, 0x06, 0x06, 0x36,
-	0x83, 0x26, 0x49, 0x87, 0x9a, 0x5c, 0x0c, 0x9a, 0x04, 0x33, 0x08, 0x7a, 0x9a, 0x2e, 0x42, 0xd7,
-	0x8f, 0x1d, 0xfa, 0x39, 0xca, 0xe3, 0x8c, 0x71, 0xbe, 0x00, 0x55, 0x33, 0x36, 0x71, 0xec, 0xdf,
-	0xae, 0xc0, 0x90, 0x88, 0x8b, 0xea, 0xbb, 0x94, 0x8e, 0xf4, 0xe2, 0x14, 0x7a, 0x7a, 0x71, 0x22,
-	0x18, 0xac, 0xb1, 0x62, 0xb9, 0xc2, 0x42, 0xbf, 0x9c, 0x4b, 0x20, 0x1d, 0xaf, 0xbf, 0xab, 0x87,
-	0xc5, 0xff, 0x63, 0xc1, 0x0a, 0xbd, 0x6e, 0xc1, 0x78, 0x2d, 0xf0, 0x7d, 0x52, 0xd3, 0xb6, 0xe3,
-	0x40, 0x1e, 0x1b, 0x84, 0xf9, 0x24, 0x51, 0x7d, 0x12, 0x9c, 0x02, 0xe0, 0x34, 0x7b, 0xf4, 0x02,
-	0x8c, 0xf2, 0x39, 0xbb, 0x96, 0x38, 0x83, 0xd1, 0xe5, 0xf9, 0x4c, 0x20, 0x4e, 0xe2, 0xa2, 0x69,
-	0x7e, 0x96, 0x25, 0x0a, 0xe1, 0x0d, 0x6a, 0x57, 0xb5, 0x51, 0x02, 0xcf, 0xc0, 0x40, 0x21, 0xa0,
-	0x90, 0x6c, 0x84, 0x24, 0xda, 0x14, 0x71, 0x63, 0xcc, 0x6e, 0x1d, 0xba, 0xb3, 0x22, 0x18, 0xb8,
-	0x8b, 0x12, 0xce, 0xa0, 0x8e, 0xb6, 0x84, 0x1b, 0xa1, 0x9c, 0x87, 0x3c, 0x17, 0xaf, 0xb9, 0xa7,
-	0x37, 0x61, 0x0a, 0x4a, 0x4c, 0x75, 0x31, 0x7b, 0xb9, 0xc8, 0x13, 0x2f, 0x99, 0x62, 0xc3, 0xbc,
-	0x1d, 0x2d, 0xc0, 0xb1, 0x54, 0x71, 0xc1, 0x48, 0x9c, 0x95, 0xa8, 0x24, 0xbb, 0x54, 0x59, 0xc2,
-	0x08, 0x77, 0xf5, 0x30, 0x5d, 0x4c, 0xc3, 0xfb, 0xb8, 0x98, 0x3a, 0x2a, 0x3a, 0x99, 0x9f, 0x62,
-	0xbc, 0x98, 0xcb, 0x04, 0xf4, 0x15, 0x8a, 0xfc, 0xc9, 0x54, 0x28, 0xf2, 0x28, 0x1b, 0xc0, 0xb5,
-	0x7c, 0x06, 0x70, 0xf0, 0xb8, 0xe3, 0x7b, 0x19, 0x47, 0xfc, 0x3f, 0x2d, 0x90, 0xef, 0x75, 0xde,
-	0xa9, 0x6d, 0x12, 0xba, 0x64, 0xd0, 0x3b, 0x61, 0x4c, 0x79, 0x27, 0xb8, 0x49, 0x64, 0xb1, 0x55,
-	0xa3, 0x6c, 0x67, 0x9c, 0x80, 0xe2, 0x14, 0x36, 0x9a, 0x81, 0x0a, 0x9d, 0x27, 0xde, 0x95, 0xeb,
-	0x7d, 0xe5, 0x01, 0x99, 0x5d, 0x5d, 0x14, 0xbd, 0x34, 0x0e, 0x0a, 0x60, 0xc2, 0x73, 0xa2, 0x98,
-	0x8d, 0xa0, 0xda, 0xf1, 0x6b, 0x77, 0x58, 0x82, 0x86, 0x65, 0x72, 0x2d, 0xa5, 0x09, 0xe1, 0x6e,
-	0xda, 0xf6, 0xbf, 0x2b, 0xc1, 0x68, 0x42, 0x32, 0x1e, 0xd0, 0x60, 0x78, 0x12, 0xca, 0x52, 0x87,
-	0xa7, 0x6b, 0x6d, 0x29, 0x45, 0xaf, 0x30, 0xa8, 0xd2, 0x5a, 0xd7, 0x5a, 0x35, 0x6d, 0xe0, 0x18,
-	0x0a, 0x17, 0x9b, 0x78, 0x4c, 0x28, 0xc7, 0x5e, 0x34, 0xef, 0xb9, 0xc4, 0x8f, 0xf9, 0x30, 0xf3,
-	0x11, 0xca, 0x6b, 0x4b, 0x55, 0x93, 0xa8, 0x16, 0xca, 0x29, 0x00, 0x4e, 0xb3, 0x47, 0x1f, 0xb1,
-	0x60, 0xd4, 0xb9, 0x19, 0xe9, 0x8a, 0xee, 0x22, 0xe8, 0xf8, 0x90, 0x4a, 0x2a, 0x51, 0x24, 0x9e,
-	0x3b, 0xf6, 0x13, 0x4d, 0x38, 0xc9, 0x14, 0xbd, 0x61, 0x01, 0x22, 0x3b, 0xa4, 0x26, 0xc3, 0xa2,
-	0xc5, 0x58, 0x06, 0xf3, 0xd8, 0xc1, 0x9f, 0xeb, 0xa2, 0xcb, 0xa5, 0x7a, 0x77, 0x3b, 0xce, 0x18,
-	0x03, 0xba, 0x04, 0xa8, 0xee, 0x46, 0xce, 0xba, 0x47, 0xe6, 0x83, 0xa6, 0xcc, 0x3e, 0x16, 0xe7,
-	0xe9, 0xa7, 0xc5, 0x3c, 0xa3, 0x85, 0x2e, 0x0c, 0x9c, 0xd1, 0x8b, 0xad, 0xb2, 0x30, 0xd8, 0xe9,
-	0x5c, 0x0d, 0x3d, 0xa6, 0x25, 0xcc, 0x55, 0x26, 0xda, 0xb1, 0xc2, 0xb0, 0xff, 0xbc, 0xa8, 0x3e,
-	0x65, 0x9d, 0x03, 0xe0, 0x18, 0xb1, 0xc8, 0xd6, 0x9d, 0xc7, 0x22, 0xeb, 0x48, 0xa9, 0xee, 0x9c,
-	0xfa, 0x44, 0x0a, 0x6e, 0xe1, 0x1e, 0xa5, 0xe0, 0xfe, 0x8c, 0x95, 0xa8, 0x67, 0x37, 0x7c, 0xf6,
-	0xa5, 0x7c, 0xf3, 0x0f, 0xa6, 0x79, 0x14, 0x57, 0x4a, 0xaf, 0xa4, 0x82, 0xf7, 0x9e, 0x84, 0xf2,
-	0x86, 0xe7, 0xb0, 0x2a, 0x2c, 0xec, 0x43, 0x35, 0x22, 0xcc, 0xce, 0x8b, 0x76, 0xac, 0x30, 0xa8,
-	0xd4, 0x37, 0x88, 0x1e, 0x48, 0x6a, 0xff, 0xc7, 0x22, 0x0c, 0x1b, 0x1a, 0x3f, 0xd3, 0x7c, 0xb3,
-	0xee, 0x33, 0xf3, 0xad, 0x70, 0x00, 0xf3, 0xed, 0xa7, 0xa1, 0x52, 0x93, 0xda, 0x28, 0x9f, 0xfa,
-	0xfc, 0x69, 0x1d, 0xa7, 0x15, 0x92, 0x6a, 0xc2, 0x9a, 0x27, 0xba, 0x90, 0x48, 0xf3, 0x4c, 0xf8,
-	0x05, 0xb2, 0xf2, 0x30, 0x85, 0x46, 0xeb, 0xee, 0x93, 0x8e, 0x0f, 0x28, 0xed, 0x1f, 0x1f, 0x60,
-	0x7f, 0xd3, 0x52, 0x2f, 0xf7, 0x2e, 0xd4, 0xf3, 0xb9, 0x91, 0xac, 0xe7, 0x73, 0x2e, 0x97, 0x69,
-	0xee, 0x51, 0xc8, 0xe7, 0x0a, 0x0c, 0xcd, 0x07, 0xcd, 0xa6, 0xe3, 0xd7, 0xd1, 0xf7, 0xc3, 0x50,
-	0x8d, 0xff, 0x14, 0x3e, 0x34, 0x76, 0x58, 0x2d, 0xa0, 0x58, 0xc2, 0xd0, 0xc3, 0x30, 0xe0, 0x84,
-	0x0d, 0xe9, 0x37, 0x63, 0x41, 0x70, 0xb3, 0x61, 0x23, 0xc2, 0xac, 0xd5, 0xfe, 0x4b, 0x0b, 0xc6,
-	0x68, 0x17, 0x97, 0x3d, 0x14, 0x7b, 0x9c, 0xc7, 0x61, 0xd0, 0x69, 0xc7, 0x9b, 0x41, 0xd7, 0x3e,
-	0x6c, 0x96, 0xb5, 0x62, 0x01, 0xa5, 0xfb, 0x30, 0x55, 0x08, 0xc2, 0xd8, 0x87, 0x2d, 0xd0, 0xb5,
-	0xcc, 0x20, 0xd4, 0x94, 0x8d, 0xda, 0xeb, 0x59, 0xa7, 0xa5, 0x55, 0xde, 0x8c, 0x25, 0x9c, 0x12,
-	0x5b, 0x0f, 0xea, 0x1d, 0x11, 0xda, 0xab, 0x88, 0xcd, 0x05, 0xf5, 0x0e, 0x66, 0x10, 0xf4, 0x08,
-	0x14, 0xa3, 0x4d, 0x47, 0x9e, 0xcb, 0xcb, 0x28, 0xf3, 0xea, 0xc5, 0x59, 0x4c, 0xdb, 0x55, 0xd2,
-	0x44, 0xe8, 0xa5, 0x63, 0x6c, 0x93, 0x49, 0x13, 0xa1, 0x67, 0xff, 0xf3, 0x01, 0x60, 0xf1, 0x36,
-	0x4e, 0x48, 0xea, 0x6b, 0x01, 0x2b, 0x25, 0x7c, 0xa4, 0xc7, 0xda, 0x7a, 0x23, 0x7b, 0x3f, 0x1f,
-	0x6d, 0x1b, 0xc7, 0x9b, 0xc5, 0xbb, 0x7d, 0xbc, 0x99, 0x7d, 0x62, 0x3d, 0x70, 0x1f, 0x9d, 0x58,
-	0xdb, 0x9f, 0xb0, 0x00, 0xa9, 0xe8, 0x29, 0x1d, 0x52, 0x32, 0x03, 0x15, 0x15, 0xae, 0x25, 0xbe,
-	0x17, 0x2d, 0x16, 0x25, 0x00, 0x6b, 0x9c, 0x3e, 0xbc, 0x17, 0x8f, 0x49, 0x9d, 0x55, 0x4c, 0xe6,
-	0x5c, 0x30, 0x4d, 0x27, 0x54, 0x98, 0xfd, 0x3b, 0x05, 0x78, 0x80, 0x9b, 0x4b, 0xcb, 0x8e, 0xef,
-	0x34, 0x48, 0x93, 0x8e, 0xaa, 0xdf, 0x20, 0xa1, 0x1a, 0xdd, 0x36, 0xbb, 0x32, 0x43, 0xe2, 0xb0,
-	0xf2, 0x8a, 0xcb, 0x19, 0x2e, 0x59, 0x16, 0x7d, 0x37, 0xc6, 0x8c, 0x38, 0x8a, 0xa0, 0x2c, 0x2f,
-	0x33, 0x12, 0xfa, 0x27, 0x27, 0x46, 0x4a, 0x14, 0x0b, 0xcb, 0x82, 0x60, 0xc5, 0x88, 0x9a, 0x0f,
-	0x5e, 0x50, 0xdb, 0xa2, 0x9f, 0x7c, 0xda, 0x7c, 0x58, 0x12, 0xed, 0x58, 0x61, 0xd8, 0x4d, 0x18,
-	0x97, 0x73, 0xd8, 0xba, 0x4c, 0x3a, 0x98, 0x6c, 0x50, 0x9d, 0x5b, 0x93, 0x4d, 0xc6, 0xfd, 0x4a,
-	0x4a, 0xe7, 0xce, 0x9b, 0x40, 0x9c, 0xc4, 0x95, 0xd5, 0x85, 0x0b, 0xd9, 0xd5, 0x85, 0xed, 0xdf,
-	0xb1, 0x20, 0xad, 0xf4, 0x8d, 0x5a, 0xaa, 0xd6, 0x9e, 0xb5, 0x54, 0x0f, 0x50, 0x8d, 0xf4, 0x27,
-	0x61, 0xd8, 0x89, 0xa9, 0x55, 0xc7, 0x3d, 0x30, 0xc5, 0x3b, 0x3b, 0x39, 0x5c, 0x0e, 0xea, 0xee,
-	0x86, 0xcb, 0x3c, 0x2f, 0x26, 0x39, 0xfb, 0x0d, 0x0b, 0x2a, 0x0b, 0x61, 0xe7, 0xe0, 0xa9, 0x6a,
-	0xdd, 0x89, 0x68, 0x85, 0x03, 0x25, 0xa2, 0xc9, 0x54, 0xb7, 0x62, 0xaf, 0x54, 0x37, 0xfb, 0xaf,
-	0x06, 0x60, 0xa2, 0x2b, 0xf7, 0x12, 0x3d, 0x0f, 0x23, 0xea, 0x2d, 0x49, 0xb7, 0x6b, 0xc5, 0x0c,
-	0x5e, 0xd6, 0x30, 0x9c, 0xc0, 0xec, 0xe3, 0x53, 0x5d, 0x84, 0xe3, 0x21, 0x79, 0xb5, 0x4d, 0xda,
-	0x64, 0x76, 0x23, 0x26, 0x61, 0x95, 0xd4, 0x02, 0xbf, 0xce, 0x8b, 0x11, 0x17, 0xe7, 0x1e, 0xbc,
-	0xb5, 0x3b, 0x75, 0x1c, 0x77, 0x83, 0x71, 0x56, 0x1f, 0xd4, 0x82, 0x51, 0xcf, 0xdc, 0x2f, 0x88,
-	0x6d, 0xea, 0x1d, 0x6d, 0x35, 0xd4, 0x6a, 0x4d, 0x34, 0xe3, 0x24, 0x83, 0xe4, 0xa6, 0xa3, 0x74,
-	0x8f, 0x36, 0x1d, 0x1f, 0xd6, 0x9b, 0x0e, 0x1e, 0x0b, 0xf4, 0xee, 0x9c, 0x73, 0x6f, 0xfb, 0xd9,
-	0x75, 0x1c, 0x66, 0x1f, 0xf1, 0x22, 0x94, 0x65, 0x9c, 0x64, 0x5f, 0xf1, 0x85, 0x26, 0x9d, 0x1e,
-	0xb2, 0xfd, 0x71, 0x78, 0xeb, 0xb9, 0x30, 0x34, 0x26, 0xf3, 0x4a, 0x10, 0xcf, 0x7a, 0x5e, 0x70,
-	0x93, 0x9a, 0x2b, 0x57, 0x23, 0x22, 0xfc, 0x80, 0xf6, 0xed, 0x02, 0x64, 0x6c, 0xa9, 0xe9, 0x37,
-	0xa9, 0xed, 0xc2, 0xc4, 0x37, 0x79, 0x30, 0xdb, 0x10, 0xed, 0xf0, 0x58, 0x52, 0x6e, 0x0d, 0xbc,
-	0x2b, 0x6f, 0x97, 0x80, 0x0e, 0x2f, 0x55, 0x92, 0x52, 0x85, 0x98, 0x9e, 0x05, 0xd0, 0xe6, 0xbc,
-	0xb0, 0x09, 0x55, 0x70, 0x88, 0xb6, 0xfa, 0xb1, 0x81, 0x85, 0x9e, 0x83, 0x61, 0xd7, 0x8f, 0x62,
-	0xc7, 0xf3, 0x2e, 0xba, 0x7e, 0x2c, 0xec, 0x44, 0x65, 0xf6, 0x2c, 0x6a, 0x10, 0x36, 0xf1, 0x4e,
-	0xbf, 0xc3, 0x78, 0x7f, 0x07, 0x79, 0xef, 0x9b, 0x70, 0xea, 0x82, 0x1b, 0xab, 0x24, 0x45, 0xb5,
-	0xde, 0xa8, 0xb5, 0xae, 0x64, 0x95, 0xd5, 0x33, 0x2d, 0xd7, 0x48, 0x12, 0x2c, 0x24, 0x73, 0x1a,
-	0xd3, 0x49, 0x82, 0x76, 0x0d, 0x4e, 0x5c, 0x70, 0xe3, 0xf3, 0xae, 0x47, 0x8e, 0x90, 0xc9, 0x57,
-	0x06, 0x61, 0xc4, 0xcc, 0xdd, 0x3f, 0x88, 0x64, 0xff, 0x14, 0xb5, 0x63, 0xc5, 0x44, 0xb8, 0xea,
-	0xc0, 0xfb, 0xfa, 0xa1, 0x0b, 0x09, 0x64, 0x4f, 0xae, 0x61, 0xca, 0x6a, 0x9e, 0xd8, 0x1c, 0x00,
-	0xba, 0x09, 0xa5, 0x0d, 0x96, 0xef, 0x56, 0xcc, 0x23, 0x54, 0x29, 0x6b, 0xf2, 0xf5, 0x97, 0xcb,
-	0x33, 0xe6, 0x38, 0x3f, 0x6a, 0x7e, 0x84, 0xc9, 0x34, 0x6b, 0x23, 0x0b, 0x41, 0xe8, 0x35, 0x85,
-	0xd1, 0x4b, 0x7b, 0x94, 0xee, 0x40, 0x7b, 0x24, 0x64, 0xf9, 0xe0, 0x3d, 0x92, 0xe5, 0x2c, 0x77,
-	0x31, 0xde, 0x64, 0xc6, 0xb1, 0x48, 0x9b, 0x1a, 0x62, 0x93, 0x60, 0xe4, 0x2e, 0x26, 0xc0, 0x38,
-	0x8d, 0x8f, 0x3e, 0xa0, 0xb4, 0x41, 0x39, 0x8f, 0x03, 0x05, 0x73, 0x45, 0x1f, 0xb5, 0x22, 0xf8,
-	0x44, 0x01, 0xc6, 0x2e, 0xf8, 0xed, 0xd5, 0x0b, 0xab, 0xed, 0x75, 0xcf, 0xad, 0x5d, 0x26, 0x1d,
-	0x2a, 0xed, 0xb7, 0x48, 0x67, 0x71, 0x41, 0x7c, 0x41, 0x6a, 0xcd, 0x5c, 0xa6, 0x8d, 0x98, 0xc3,
-	0xa8, 0xdc, 0xda, 0x70, 0xfd, 0x06, 0x09, 0x5b, 0xa1, 0x2b, 0x7c, 0xfd, 0x86, 0xdc, 0x3a, 0xaf,
-	0x41, 0xd8, 0xc4, 0xa3, 0xb4, 0x83, 0x9b, 0xbe, 0x2a, 0xa4, 0xa4, 0x68, 0xaf, 0xd0, 0x46, 0xcc,
-	0x61, 0x14, 0x29, 0x0e, 0xdb, 0xc2, 0x95, 0x66, 0x20, 0xad, 0xd1, 0x46, 0xcc, 0x61, 0x62, 0x97,
-	0xce, 0x22, 0xc1, 0x4a, 0x5d, 0xbb, 0x74, 0x16, 0x44, 0x21, 0xe1, 0x14, 0x75, 0x8b, 0x74, 0x16,
-	0x9c, 0xd8, 0x49, 0x6f, 0xb2, 0x2f, 0xf3, 0x66, 0x2c, 0xe1, 0xac, 0xb2, 0x72, 0x72, 0x3a, 0xbe,
-	0xeb, 0x2a, 0x2b, 0x27, 0x87, 0xdf, 0xc3, 0x21, 0xf3, 0xb7, 0x0a, 0x30, 0xf2, 0xe6, 0xf5, 0xa7,
-	0x19, 0x17, 0xfb, 0x5c, 0x87, 0x89, 0xae, 0x8c, 0xe9, 0x3e, 0x2c, 0xa4, 0x7d, 0x2b, 0x5a, 0xd8,
-	0x18, 0x86, 0x29, 0x61, 0x59, 0x51, 0x70, 0x1e, 0x26, 0xf8, 0xc7, 0x4b, 0x39, 0xb1, 0x04, 0x58,
-	0x95, 0x05, 0xcf, 0x0e, 0xb3, 0xae, 0xa5, 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xa4, 0x05, 0xa3, 0x89,
-	0x24, 0xf6, 0x9c, 0x6c, 0x39, 0xf6, 0x75, 0x07, 0x2c, 0x8a, 0x99, 0x65, 0x95, 0x14, 0x99, 0x1a,
-	0xd6, 0x5f, 0xb7, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0xfd, 0x22, 0x94, 0x65, 0xc4, 0x55, 0x1f, 0x43,
-	0xf9, 0xb8, 0x05, 0xa3, 0xea, 0x00, 0x91, 0x79, 0x7c, 0x0b, 0x79, 0xe4, 0xd4, 0xd1, 0x11, 0x28,
-	0xff, 0x89, 0xbf, 0x11, 0xe8, 0x8d, 0x05, 0x36, 0x99, 0xe1, 0x24, 0x6f, 0x74, 0x0d, 0x20, 0xea,
-	0x44, 0x31, 0x69, 0x1a, 0xbe, 0x67, 0xdb, 0x58, 0x65, 0xd3, 0xb5, 0x20, 0x24, 0x74, 0x4d, 0x5d,
-	0x09, 0xea, 0xa4, 0xaa, 0x30, 0xb5, 0x85, 0xa7, 0xdb, 0xb0, 0x41, 0x09, 0xbd, 0xa6, 0x8e, 0xbb,
-	0x07, 0xf2, 0xd0, 0xeb, 0x72, 0x7e, 0xfb, 0x39, 0xef, 0x3e, 0xc4, 0xf9, 0xb2, 0xfd, 0xab, 0x05,
-	0x38, 0x96, 0x9e, 0x49, 0xf4, 0x6e, 0x18, 0x91, 0x93, 0x66, 0xb8, 0x19, 0x64, 0x98, 0xdb, 0x08,
-	0x36, 0x60, 0xb7, 0x77, 0xa7, 0xa6, 0xba, 0xef, 0xd1, 0x9e, 0x36, 0x51, 0x70, 0x82, 0x18, 0x3f,
-	0x7c, 0x16, 0x51, 0x12, 0x73, 0x9d, 0xd9, 0x56, 0x4b, 0x9c, 0x20, 0x1b, 0x87, 0xcf, 0x26, 0x14,
-	0xa7, 0xb0, 0xd1, 0x2a, 0x9c, 0x30, 0x5a, 0xae, 0x10, 0xb7, 0xb1, 0xb9, 0x1e, 0x84, 0x72, 0x5f,
-	0xfb, 0xb0, 0x0e, 0xaa, 0xed, 0xc6, 0xc1, 0x99, 0x3d, 0xa9, 0x61, 0x54, 0x73, 0x5a, 0x4e, 0xcd,
-	0x8d, 0x3b, 0xe2, 0x0c, 0x40, 0x89, 0xf1, 0x79, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0xf7, 0x07, 0xe0,
-	0x18, 0x8f, 0x22, 0x25, 0x2a, 0x48, 0x1a, 0xbd, 0x1b, 0x2a, 0x51, 0xec, 0x84, 0xdc, 0xa9, 0x61,
-	0x1d, 0x58, 0x74, 0xe9, 0xcc, 0x7b, 0x49, 0x04, 0x6b, 0x7a, 0xe8, 0x25, 0x56, 0xb6, 0xcc, 0x8d,
-	0x36, 0x19, 0xf5, 0xc2, 0x9d, 0xb9, 0x4c, 0xce, 0x2b, 0x0a, 0xd8, 0xa0, 0x86, 0x7e, 0x04, 0x4a,
-	0xad, 0x4d, 0x27, 0x92, 0xfe, 0xbc, 0xc7, 0xa5, 0x9c, 0x58, 0xa5, 0x8d, 0xb7, 0x77, 0xa7, 0x4e,
-	0xa6, 0x1f, 0x95, 0x01, 0x30, 0xef, 0x64, 0x4a, 0xf9, 0x81, 0xfd, 0xef, 0xe5, 0xa9, 0x87, 0x9d,
-	0xea, 0xc5, 0xd9, 0xf4, 0x4d, 0x2e, 0x0b, 0xac, 0x15, 0x0b, 0x28, 0x95, 0x49, 0x9b, 0x9c, 0x65,
-	0x9d, 0x22, 0x0f, 0x26, 0x2d, 0x8e, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x89, 0xee, 0x18, 0xe3,
-	0xa1, 0x23, 0xc8, 0x41, 0xe9, 0x37, 0xba, 0xf8, 0x1c, 0x54, 0xc4, 0x50, 0xd7, 0x02, 0xf4, 0x3c,
-	0x8c, 0x70, 0x77, 0xd1, 0x5c, 0xe8, 0xf8, 0xb5, 0xcd, 0xb4, 0x93, 0x67, 0xcd, 0x80, 0xe1, 0x04,
-	0xa6, 0xbd, 0x0c, 0x03, 0x7d, 0x0a, 0xd9, 0xbe, 0xf6, 0xee, 0x2f, 0x42, 0x99, 0x92, 0x93, 0x1b,
-	0xb4, 0x3c, 0x48, 0x06, 0x50, 0x96, 0xb7, 0x3c, 0x22, 0x1b, 0x8a, 0xae, 0x23, 0x63, 0x49, 0xd4,
-	0x27, 0xb4, 0x18, 0x45, 0x6d, 0xb6, 0xec, 0x28, 0x10, 0x3d, 0x06, 0x45, 0xb2, 0xd3, 0x4a, 0x07,
-	0x8d, 0x9c, 0xdb, 0x69, 0xb9, 0x21, 0x89, 0x28, 0x12, 0xd9, 0x69, 0xa1, 0xd3, 0x50, 0x70, 0xeb,
-	0x62, 0x45, 0x82, 0xc0, 0x29, 0x2c, 0x2e, 0xe0, 0x82, 0x5b, 0xb7, 0x77, 0xa0, 0xa2, 0xae, 0x95,
-	0x44, 0x5b, 0xd2, 0xa4, 0xb2, 0xf2, 0x88, 0x22, 0x96, 0x74, 0x7b, 0x18, 0x53, 0x6d, 0x00, 0x5d,
-	0xd2, 0x21, 0x2f, 0x15, 0x7c, 0x06, 0x06, 0x6a, 0x81, 0x28, 0xc6, 0x53, 0xd6, 0x64, 0x98, 0x2d,
-	0xc5, 0x20, 0xf6, 0x75, 0x18, 0xbb, 0xec, 0x07, 0x37, 0xd9, 0xed, 0x4f, 0xac, 0xd8, 0x31, 0x25,
-	0xbc, 0x41, 0x7f, 0xa4, 0x2d, 0x77, 0x06, 0xc5, 0x1c, 0xa6, 0xca, 0xb0, 0x16, 0x7a, 0x95, 0x61,
-	0xb5, 0x3f, 0x68, 0xc1, 0x88, 0xca, 0x0d, 0xbf, 0xb0, 0xbd, 0x45, 0xe9, 0x36, 0xc2, 0xa0, 0xdd,
-	0x4a, 0xd3, 0x65, 0x37, 0xd8, 0x62, 0x0e, 0x33, 0x8b, 0x26, 0x14, 0xf6, 0x29, 0x9a, 0x70, 0x06,
-	0x06, 0xb6, 0x5c, 0xbf, 0x9e, 0x76, 0x8a, 0x5e, 0x76, 0xfd, 0x3a, 0x66, 0x10, 0x3a, 0x84, 0x63,
-	0x6a, 0x08, 0xd2, 0x66, 0x7a, 0x1e, 0x46, 0xd6, 0xdb, 0xae, 0x57, 0x97, 0x55, 0x9c, 0x53, 0x9f,
-	0xcb, 0x9c, 0x01, 0xc3, 0x09, 0x4c, 0x74, 0x16, 0x60, 0xdd, 0xf5, 0x9d, 0xb0, 0xb3, 0xaa, 0x8d,
-	0x34, 0xa5, 0xb7, 0xe7, 0x14, 0x04, 0x1b, 0x58, 0xf6, 0xa7, 0x8b, 0x30, 0x96, 0xcc, 0x90, 0xef,
-	0xc3, 0x77, 0xf1, 0x18, 0x94, 0x58, 0xd2, 0x7c, 0xfa, 0xd5, 0xf2, 0xc2, 0xc7, 0x1c, 0x86, 0x22,
-	0x18, 0xe4, 0x1f, 0x73, 0x3e, 0xb7, 0x80, 0xaa, 0x41, 0x2a, 0x4f, 0x2a, 0x8b, 0xb5, 0x16, 0x8e,
-	0x69, 0xc1, 0x0a, 0x7d, 0xc4, 0x82, 0xa1, 0xa0, 0x65, 0x56, 0xe0, 0x7c, 0x57, 0x9e, 0xd5, 0x03,
-	0x44, 0x8a, 0xae, 0xb0, 0x47, 0xd4, 0xab, 0x97, 0xaf, 0x43, 0xb2, 0x3e, 0xfd, 0xc3, 0x30, 0x62,
-	0x62, 0xee, 0x67, 0x92, 0x94, 0x4d, 0x93, 0xe4, 0xe3, 0xe6, 0xa2, 0x10, 0xf5, 0x11, 0xfa, 0xf8,
-	0xdc, 0xae, 0x42, 0xa9, 0xa6, 0x02, 0xd2, 0xee, 0xa8, 0xf6, 0xbf, 0xaa, 0x1f, 0xc6, 0x0e, 0xfb,
-	0x39, 0x35, 0xfb, 0x9b, 0x96, 0xb1, 0x3e, 0x30, 0x89, 0x16, 0xeb, 0x28, 0x84, 0x62, 0x63, 0x7b,
-	0x4b, 0xa8, 0xf9, 0x4b, 0x39, 0x4d, 0xef, 0x85, 0xed, 0x2d, 0xbd, 0xc6, 0xcd, 0x56, 0x4c, 0x99,
-	0xf5, 0xe1, 0xee, 0x4f, 0x94, 0xd1, 0x28, 0xee, 0x5f, 0x46, 0xc3, 0x7e, 0xa3, 0x00, 0x13, 0x5d,
-	0x8b, 0x0a, 0xbd, 0x06, 0xa5, 0x90, 0x3e, 0xa5, 0x78, 0xbc, 0xa5, 0xdc, 0x0a, 0x5f, 0x44, 0x8b,
-	0x75, 0xad, 0x3e, 0x93, 0xed, 0x98, 0xb3, 0x44, 0x97, 0x00, 0xe9, 0xb0, 0x49, 0x75, 0xd6, 0xc0,
-	0x1f, 0x59, 0xc5, 0x56, 0xcd, 0x76, 0x61, 0xe0, 0x8c, 0x5e, 0xe8, 0x85, 0xf4, 0x91, 0x45, 0xaa,
-	0xa6, 0xf3, 0x5e, 0xa7, 0x0f, 0xf6, 0x6f, 0x16, 0x60, 0x34, 0x51, 0x10, 0x15, 0x79, 0x50, 0x26,
-	0x1e, 0x3b, 0xc8, 0x94, 0xca, 0xe6, 0xb0, 0x77, 0xa3, 0x28, 0x05, 0x79, 0x4e, 0xd0, 0xc5, 0x8a,
-	0xc3, 0xfd, 0x11, 0x72, 0xf5, 0x3c, 0x8c, 0xc8, 0x01, 0xbd, 0xcb, 0x69, 0x7a, 0x62, 0x02, 0xd5,
-	0x1a, 0x3d, 0x67, 0xc0, 0x70, 0x02, 0xd3, 0xfe, 0xdd, 0x22, 0x4c, 0xf2, 0x93, 0xdf, 0xba, 0x5a,
-	0x79, 0x2a, 0x82, 0xe3, 0x17, 0x74, 0xd9, 0x62, 0x2b, 0x8f, 0x0b, 0xc0, 0x7b, 0x31, 0xea, 0x2b,
-	0x52, 0xf8, 0x0b, 0xa9, 0x48, 0x61, 0xbe, 0x33, 0x6d, 0x1c, 0xd1, 0x88, 0xbe, 0xbb, 0x42, 0x87,
-	0xff, 0x71, 0x01, 0xc6, 0x53, 0xf7, 0xbc, 0xa1, 0x4f, 0x27, 0xaf, 0x06, 0xb1, 0xf2, 0x38, 0x15,
-	0xdb, 0xf3, 0xea, 0xaf, 0x83, 0x5d, 0x10, 0x72, 0x8f, 0x3e, 0x15, 0xfb, 0x1b, 0x05, 0x18, 0x4b,
-	0x5e, 0x50, 0x77, 0x1f, 0xce, 0xd4, 0xdb, 0xa1, 0xc2, 0xee, 0x60, 0xba, 0x4c, 0x3a, 0xf2, 0x50,
-	0x8d, 0x5f, 0x77, 0x23, 0x1b, 0xb1, 0x86, 0xdf, 0x17, 0xf7, 0xae, 0xd8, 0xff, 0xd4, 0x82, 0x93,
-	0xfc, 0x29, 0xd3, 0xeb, 0xf0, 0x6f, 0x64, 0xcd, 0xee, 0xcb, 0xf9, 0x0e, 0x30, 0x55, 0x6e, 0x7b,
-	0xbf, 0xf9, 0x65, 0xd7, 0xa0, 0x8b, 0xd1, 0x26, 0x97, 0xc2, 0x7d, 0x38, 0xd8, 0x03, 0x2d, 0x06,
-	0xfb, 0xdf, 0x17, 0x60, 0x78, 0x65, 0x7e, 0x51, 0x89, 0xf0, 0x19, 0xa8, 0xd4, 0x42, 0xe2, 0x68,
-	0x6f, 0x87, 0x19, 0x57, 0x24, 0x01, 0x58, 0xe3, 0xd0, 0x4d, 0x03, 0x8f, 0xcb, 0x8b, 0xd2, 0x9b,
-	0x06, 0x1e, 0xb6, 0x17, 0x61, 0x09, 0x47, 0x4f, 0x42, 0x99, 0x65, 0xcc, 0x5e, 0x0d, 0xa5, 0xc6,
-	0xd1, 0x3b, 0x49, 0xd6, 0x8e, 0x97, 0xb0, 0xc2, 0xa0, 0x84, 0xeb, 0x41, 0x2d, 0xa2, 0xc8, 0x29,
-	0x07, 0xc4, 0x02, 0x6d, 0xc6, 0x4b, 0x58, 0xc2, 0x59, 0xc1, 0x43, 0xb6, 0x49, 0xa7, 0xc8, 0xa5,
-	0xe4, 0xa0, 0xf9, 0x6e, 0x9e, 0xa2, 0x6b, 0x9c, 0x83, 0x14, 0xc6, 0x4c, 0x65, 0xad, 0x0d, 0xf5,
-	0x97, 0xb5, 0x66, 0x7f, 0xa3, 0x08, 0xfa, 0x46, 0x7d, 0xe4, 0x8a, 0x32, 0x11, 0xb9, 0x94, 0x73,
-	0xaf, 0x76, 0xfc, 0x9a, 0xbe, 0xbb, 0xbf, 0x9c, 0xaa, 0x12, 0xf1, 0x73, 0x16, 0x0c, 0xbb, 0xbe,
-	0x1b, 0xbb, 0x0e, 0x73, 0x85, 0xe5, 0x73, 0x2d, 0xb6, 0x62, 0xb7, 0xc8, 0x29, 0x07, 0xa1, 0x79,
-	0xc2, 0xad, 0x98, 0x61, 0x93, 0x33, 0x7a, 0xaf, 0x48, 0x92, 0x2a, 0xe6, 0x56, 0x6b, 0xa5, 0x9c,
-	0xca, 0x8c, 0x6a, 0x51, 0x83, 0x36, 0x0e, 0x73, 0x2a, 0x51, 0x84, 0x29, 0x29, 0x75, 0xad, 0x88,
-	0xda, 0x32, 0xb0, 0x66, 0xcc, 0x19, 0xd9, 0x11, 0xa0, 0xee, 0xb9, 0x38, 0x60, 0x02, 0xca, 0x0c,
-	0x54, 0x9c, 0x76, 0x1c, 0x34, 0xe9, 0x34, 0x89, 0xf3, 0x71, 0x9d, 0x62, 0x23, 0x01, 0x58, 0xe3,
-	0xd8, 0x9f, 0x2e, 0x41, 0xaa, 0x68, 0x03, 0xda, 0x81, 0x8a, 0x2a, 0xdb, 0x90, 0x4f, 0x42, 0xa7,
-	0x5e, 0x51, 0x6a, 0x30, 0xaa, 0x09, 0x6b, 0x66, 0xa8, 0x21, 0xbd, 0x8a, 0xfc, 0x6b, 0x7f, 0x31,
-	0xed, 0x55, 0xfc, 0xf1, 0xfe, 0x0e, 0x99, 0xe8, 0x5a, 0x9d, 0xe1, 0x65, 0xfa, 0xa6, 0xf7, 0x75,
-	0x40, 0xee, 0x77, 0x31, 0xf8, 0x87, 0xc4, 0x25, 0x5e, 0x98, 0x44, 0x6d, 0x2f, 0x16, 0xab, 0xe1,
-	0xc5, 0x1c, 0xbf, 0x32, 0x4e, 0x58, 0x17, 0x3f, 0xe2, 0xff, 0xb1, 0xc1, 0x34, 0xe9, 0x26, 0x1e,
-	0x3c, 0x52, 0x37, 0xf1, 0x50, 0xae, 0x6e, 0xe2, 0xb3, 0x00, 0x6c, 0x6d, 0xf3, 0x40, 0xf9, 0x32,
-	0xf3, 0xde, 0x29, 0x15, 0x83, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x0f, 0x42, 0xb2, 0x7a, 0x17, 0x9a,
-	0x92, 0xc5, 0xc2, 0xf8, 0x01, 0x18, 0xcb, 0x51, 0x4c, 0xd4, 0xf5, 0xfa, 0x75, 0x0b, 0xcc, 0x12,
-	0x63, 0xe8, 0x55, 0x5e, 0xcb, 0xcc, 0xca, 0xe3, 0x40, 0xc5, 0xa0, 0x3b, 0xbd, 0xec, 0xb4, 0x52,
-	0xc1, 0x3d, 0xb2, 0xa0, 0xd9, 0xe9, 0x77, 0x40, 0x59, 0x42, 0x0f, 0x64, 0x2c, 0x7f, 0x00, 0x8e,
-	0xcb, 0x7a, 0x07, 0xf2, 0xec, 0x43, 0x1c, 0xb2, 0xef, 0xef, 0x52, 0x93, 0x7e, 0xb2, 0x42, 0x2f,
-	0x3f, 0x99, 0xda, 0xfd, 0x17, 0x7b, 0x56, 0x29, 0xff, 0x0d, 0x0b, 0xce, 0xa4, 0x07, 0x10, 0x2d,
-	0x07, 0xbe, 0x1b, 0x07, 0x61, 0x95, 0xc4, 0xb1, 0xeb, 0x37, 0x58, 0xc9, 0xd9, 0x9b, 0x4e, 0x28,
-	0xaf, 0x1d, 0x62, 0x82, 0xf2, 0xba, 0x13, 0xfa, 0x98, 0xb5, 0xa2, 0x0e, 0x0c, 0xf2, 0xc8, 0x62,
-	0xb1, 0x0b, 0x3a, 0xe4, 0xb7, 0x91, 0x31, 0x1d, 0x7a, 0x1b, 0xc6, 0xa3, 0x9a, 0xb1, 0x60, 0x68,
-	0x7f, 0xdb, 0x02, 0xb4, 0xb2, 0x4d, 0xc2, 0xd0, 0xad, 0x1b, 0xb1, 0xd0, 0xec, 0x32, 0x4c, 0xe3,
-	0xd2, 0x4b, 0xb3, 0x1a, 0x47, 0xea, 0x32, 0x4c, 0xe3, 0x5f, 0xf6, 0x65, 0x98, 0x85, 0x83, 0x5d,
-	0x86, 0x89, 0x56, 0xe0, 0x64, 0x93, 0x6f, 0xe3, 0xf8, 0x05, 0x73, 0x7c, 0x4f, 0xa7, 0x12, 0xc7,
-	0x4f, 0xdd, 0xda, 0x9d, 0x3a, 0xb9, 0x9c, 0x85, 0x80, 0xb3, 0xfb, 0xd9, 0xef, 0x00, 0xc4, 0x43,
-	0xa0, 0xe7, 0xb3, 0xa2, 0x38, 0x7b, 0xba, 0xb5, 0xec, 0xcf, 0x97, 0x60, 0x3c, 0x75, 0x29, 0x05,
-	0xdd, 0x42, 0x77, 0x87, 0x8d, 0x1e, 0x5a, 0x7f, 0x77, 0x0f, 0xaf, 0xaf, 0x40, 0x54, 0x1f, 0x4a,
-	0xae, 0xdf, 0x6a, 0xc7, 0xf9, 0xd4, 0xad, 0xe0, 0x83, 0x58, 0xa4, 0x04, 0x0d, 0x37, 0x3c, 0xfd,
-	0x8b, 0x39, 0x9b, 0x3c, 0xc3, 0x5a, 0x13, 0x9b, 0x9c, 0x81, 0x7b, 0xe4, 0x66, 0xf9, 0x90, 0x0e,
-	0x32, 0x2d, 0xe5, 0xe1, 0xb0, 0x4d, 0x2d, 0x96, 0xa3, 0x8e, 0x2c, 0xfa, 0x72, 0x01, 0x86, 0x8d,
-	0x97, 0x86, 0x7e, 0x29, 0x59, 0x80, 0xd3, 0xca, 0xef, 0x91, 0x18, 0xfd, 0x69, 0x5d, 0x62, 0x93,
-	0x3f, 0xd2, 0xe3, 0xdd, 0xb5, 0x37, 0x6f, 0xef, 0x4e, 0x1d, 0x4b, 0x55, 0xd7, 0x4c, 0xd4, 0xe3,
-	0x3c, 0xfd, 0x7e, 0x18, 0x4f, 0x91, 0xc9, 0x78, 0xe4, 0x35, 0xf3, 0x91, 0x0f, 0xed, 0xee, 0x33,
-	0xa7, 0xec, 0x4b, 0x74, 0xca, 0x44, 0xba, 0x7c, 0xe0, 0x91, 0x3e, 0x7c, 0xdb, 0xa9, 0xfd, 0x45,
-	0xa1, 0xcf, 0xaa, 0x18, 0x4f, 0x40, 0xb9, 0x15, 0x78, 0x6e, 0xcd, 0x55, 0xf5, 0xbb, 0x59, 0x1d,
-	0x8e, 0x55, 0xd1, 0x86, 0x15, 0x14, 0xdd, 0x84, 0xca, 0x8d, 0x9b, 0x31, 0x3f, 0x55, 0x13, 0xe7,
-	0x06, 0x79, 0x1d, 0xa6, 0x29, 0xa3, 0x45, 0x1d, 0xdb, 0x61, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, 0x94,
-	0xa0, 0x4c, 0x9d, 0x63, 0x67, 0x1a, 0x4c, 0x3b, 0x46, 0x58, 0x40, 0xec, 0x7f, 0x3b, 0x0c, 0x27,
-	0xb2, 0x6e, 0x06, 0x42, 0xef, 0x83, 0x41, 0x3e, 0xc6, 0x7c, 0x2e, 0x9f, 0xcb, 0xe2, 0x71, 0x81,
-	0x11, 0x14, 0xc3, 0x62, 0xbf, 0xb1, 0xe0, 0x29, 0xb8, 0x7b, 0xce, 0xba, 0x58, 0x21, 0x47, 0xc3,
-	0x7d, 0xc9, 0xd1, 0xdc, 0x97, 0x1c, 0xce, 0xdd, 0x73, 0xd6, 0xd1, 0x0e, 0x94, 0x1a, 0x6e, 0x4c,
-	0x1c, 0xe1, 0x9c, 0xb9, 0x7e, 0x24, 0xcc, 0x89, 0xc3, 0xad, 0x34, 0xf6, 0x13, 0x73, 0x86, 0xe8,
-	0x8b, 0x16, 0x8c, 0xaf, 0x27, 0xcb, 0xf1, 0x08, 0xe1, 0xe9, 0x1c, 0xc1, 0xed, 0x4f, 0x49, 0x46,
-	0xfc, 0x36, 0xd8, 0x54, 0x23, 0x4e, 0x0f, 0x07, 0x7d, 0xd8, 0x82, 0xa1, 0x0d, 0xd7, 0x33, 0xae,
-	0xd7, 0x38, 0x82, 0x97, 0x73, 0x9e, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc2, 0x92, 0x73, 0x2f,
-	0x4d, 0x35, 0x78, 0x58, 0x4d, 0x35, 0x74, 0x8f, 0x34, 0xd5, 0xc7, 0x2c, 0xa8, 0xa8, 0x99, 0x16,
-	0x65, 0x4d, 0xde, 0x7d, 0x84, 0xaf, 0x9c, 0x7b, 0xa4, 0xd4, 0x5f, 0xac, 0x99, 0xa3, 0xd7, 0x2d,
-	0x18, 0x76, 0x5e, 0x6b, 0x87, 0xa4, 0x4e, 0xb6, 0x83, 0x56, 0x24, 0xea, 0x8d, 0xbe, 0x9c, 0xff,
-	0x60, 0x66, 0x29, 0x93, 0x05, 0xb2, 0xbd, 0xd2, 0x8a, 0x44, 0x5a, 0xaf, 0x6e, 0xc0, 0xe6, 0x10,
-	0xd0, 0xcf, 0x6a, 0x3d, 0x0e, 0x79, 0x54, 0x9d, 0xce, 0x1a, 0x4d, 0x5f, 0x59, 0xea, 0x04, 0x1e,
-	0xaa, 0x05, 0x7e, 0xec, 0xfa, 0x6d, 0xb2, 0xe2, 0x63, 0xd2, 0x0a, 0xae, 0x04, 0xf1, 0xf9, 0xa0,
-	0xed, 0xd7, 0xcf, 0x85, 0x61, 0x10, 0xb2, 0xba, 0x2d, 0xc6, 0x9d, 0xa3, 0xf3, 0xbd, 0x51, 0xf1,
-	0x5e, 0x74, 0x0e, 0x63, 0x33, 0xec, 0x16, 0x60, 0x6a, 0x9f, 0xc9, 0x46, 0xcf, 0xc3, 0x48, 0x10,
-	0x36, 0x1c, 0xdf, 0x7d, 0xcd, 0x2c, 0x45, 0xa6, 0x0c, 0xd2, 0x15, 0x03, 0x86, 0x13, 0x98, 0x66,
-	0x8d, 0x9a, 0xc2, 0x3e, 0x35, 0x6a, 0xce, 0xc0, 0x40, 0x48, 0x5a, 0x41, 0x7a, 0x5f, 0xc5, 0x32,
-	0xf1, 0x18, 0x04, 0x3d, 0x02, 0x45, 0xa7, 0xe5, 0x0a, 0xe7, 0xa2, 0xda, 0x2e, 0xce, 0xae, 0x2e,
-	0x62, 0xda, 0x9e, 0x28, 0x99, 0x55, 0xba, 0x2b, 0x25, 0xb3, 0xa8, 0xc6, 0x14, 0xc7, 0x67, 0x83,
-	0x5a, 0x63, 0x26, 0x8f, 0xb5, 0xec, 0x37, 0x8a, 0xf0, 0xc8, 0x9e, 0x9f, 0x96, 0x8e, 0xd0, 0xb6,
-	0xf6, 0x88, 0xd0, 0x96, 0xd3, 0x53, 0xd8, 0x6f, 0x7a, 0x8a, 0x3d, 0xa6, 0xe7, 0xc3, 0x54, 0x62,
-	0xc8, 0x12, 0x6e, 0xf9, 0xdc, 0x9b, 0xde, 0xab, 0x22, 0x9c, 0x10, 0x16, 0x12, 0x8a, 0x35, 0x5f,
-	0xba, 0x5d, 0x4a, 0xd4, 0x67, 0x29, 0xe5, 0xa1, 0x31, 0x7b, 0x96, 0x51, 0xe3, 0x62, 0xa2, 0x57,
-	0xd1, 0x17, 0xfb, 0xb7, 0x06, 0xe0, 0xb1, 0x3e, 0x14, 0x9d, 0xb9, 0x8a, 0xad, 0x3e, 0x57, 0xf1,
-	0x77, 0xf9, 0x6b, 0xfa, 0x68, 0xe6, 0x6b, 0xc2, 0xf9, 0xbf, 0xa6, 0xbd, 0xdf, 0x10, 0x3b, 0x81,
-	0xf0, 0x23, 0x52, 0x6b, 0x87, 0x3c, 0x5b, 0xc5, 0x48, 0xd3, 0x5d, 0x14, 0xed, 0x58, 0x61, 0xd0,
-	0xed, 0x6f, 0xcd, 0xa1, 0x9f, 0xff, 0x50, 0x4e, 0xf5, 0x38, 0xcc, 0x8c, 0x5f, 0x6e, 0x7d, 0xcd,
-	0xcf, 0x52, 0x09, 0xc0, 0xd9, 0xd8, 0xbf, 0x67, 0xc1, 0xe9, 0xde, 0xd6, 0x08, 0x7a, 0x1a, 0x86,
-	0xd7, 0x59, 0xec, 0xe0, 0x32, 0x8b, 0x4f, 0x12, 0x4b, 0x87, 0x3d, 0xaf, 0x6e, 0xc6, 0x26, 0x0e,
-	0x9a, 0x87, 0x09, 0x33, 0xe8, 0x70, 0xd9, 0x08, 0x6c, 0x62, 0xfe, 0x92, 0xb5, 0x34, 0x10, 0x77,
-	0xe3, 0xa3, 0x69, 0x80, 0xd8, 0x8d, 0x3d, 0xc2, 0x7b, 0xf3, 0x85, 0xc6, 0x1c, 0x8a, 0x6b, 0xaa,
-	0x15, 0x1b, 0x18, 0xf6, 0x77, 0x8a, 0xd9, 0x8f, 0xc1, 0xad, 0xdc, 0x83, 0xac, 0x7e, 0xb1, 0xb6,
-	0x0b, 0x7d, 0x48, 0xe8, 0xe2, 0xdd, 0x96, 0xd0, 0x03, 0xbd, 0x24, 0x34, 0x5a, 0x80, 0x63, 0xc6,
-	0x2d, 0xa6, 0xbc, 0xa2, 0x0b, 0x3f, 0x94, 0x52, 0xe5, 0xd8, 0x56, 0x53, 0x70, 0xdc, 0xd5, 0xe3,
-	0x3e, 0x5f, 0xaa, 0x5f, 0x2d, 0xc0, 0xa9, 0x9e, 0x1b, 0x8b, 0xbb, 0xa4, 0x81, 0xcc, 0xd7, 0x3f,
-	0x70, 0x77, 0x5e, 0xbf, 0xf9, 0x52, 0x4a, 0xfb, 0xbe, 0x94, 0x7e, 0xd4, 0xf9, 0x1f, 0x15, 0x7a,
-	0x7e, 0x2c, 0x74, 0x23, 0xfa, 0x3d, 0x3b, 0x93, 0x2f, 0xc0, 0xa8, 0xd3, 0x6a, 0x71, 0x3c, 0x96,
-	0x88, 0x90, 0x2a, 0x11, 0x39, 0x6b, 0x02, 0x71, 0x12, 0xb7, 0xaf, 0x89, 0xfd, 0x53, 0x0b, 0x2a,
-	0x98, 0x6c, 0x70, 0x09, 0x87, 0x6e, 0x88, 0x29, 0xb2, 0xf2, 0xa8, 0xd3, 0x4f, 0x27, 0x36, 0x72,
-	0x59, 0xf1, 0xfa, 0xac, 0xc9, 0x3e, 0x6c, 0xc1, 0x01, 0x75, 0xf7, 0x69, 0xb1, 0xf7, 0xdd, 0xa7,
-	0xf6, 0x57, 0x2a, 0xf4, 0xf1, 0x5a, 0xc1, 0x7c, 0x48, 0xea, 0x11, 0x7d, 0xbf, 0xed, 0xd0, 0x13,
-	0x8b, 0x44, 0xbd, 0xdf, 0xab, 0x78, 0x09, 0xd3, 0xf6, 0xc4, 0xf9, 0x64, 0xe1, 0x40, 0x05, 0xf2,
-	0x8a, 0xfb, 0x16, 0xc8, 0x7b, 0x01, 0x46, 0xa3, 0x68, 0x73, 0x35, 0x74, 0xb7, 0x9d, 0x98, 0x5c,
-	0x26, 0xb2, 0x92, 0x8e, 0x2e, 0x16, 0x55, 0xbd, 0xa8, 0x81, 0x38, 0x89, 0x8b, 0x2e, 0xc0, 0x84,
-	0x2e, 0x53, 0x47, 0xc2, 0x98, 0x65, 0xf8, 0xf1, 0x95, 0xa0, 0xaa, 0xa4, 0xe8, 0xc2, 0x76, 0x02,
-	0x01, 0x77, 0xf7, 0xa1, 0x32, 0x37, 0xd1, 0x48, 0x07, 0x32, 0x98, 0x94, 0xb9, 0x09, 0x3a, 0x74,
-	0x2c, 0x5d, 0x3d, 0xd0, 0x32, 0x1c, 0xe7, 0x0b, 0x63, 0xb6, 0xd5, 0x32, 0x9e, 0x68, 0x28, 0x59,
-	0x1c, 0xfd, 0x42, 0x37, 0x0a, 0xce, 0xea, 0x87, 0x9e, 0x83, 0x61, 0xd5, 0xbc, 0xb8, 0x20, 0x8e,
-	0xd6, 0x94, 0x6b, 0x4f, 0x91, 0x59, 0xac, 0x63, 0x13, 0x0f, 0xbd, 0x0b, 0x1e, 0xd4, 0x7f, 0x79,
-	0xc6, 0x38, 0x3f, 0x6f, 0x5e, 0x10, 0x15, 0x40, 0xd5, 0xdd, 0x5b, 0x17, 0x32, 0xd1, 0xea, 0xb8,
-	0x57, 0x7f, 0xb4, 0x0e, 0xa7, 0x15, 0xe8, 0x9c, 0x1f, 0xb3, 0x9c, 0xce, 0x88, 0xcc, 0x39, 0x11,
-	0x8b, 0x9c, 0x00, 0xf6, 0x9c, 0xb6, 0xa0, 0x7e, 0xfa, 0x82, 0x1b, 0x5f, 0xcc, 0xc2, 0xc4, 0x4b,
-	0x78, 0x0f, 0x2a, 0x68, 0x06, 0x2a, 0xc4, 0x77, 0xd6, 0x3d, 0xb2, 0x32, 0xbf, 0x28, 0x76, 0xa4,
-	0x3a, 0x19, 0x40, 0x02, 0xb0, 0xc6, 0x51, 0xe1, 0xec, 0x23, 0xbd, 0xc2, 0xd9, 0xd1, 0x2a, 0x9c,
-	0x68, 0xd4, 0x5a, 0xd4, 0xca, 0x74, 0x6b, 0x64, 0xb6, 0xc6, 0xa2, 0x77, 0xe9, 0x8b, 0xe1, 0x55,
-	0xeb, 0x55, 0x5e, 0xd0, 0x85, 0xf9, 0xd5, 0x2e, 0x1c, 0x9c, 0xd9, 0x93, 0x45, 0x79, 0x87, 0xc1,
-	0x4e, 0x67, 0xf2, 0x78, 0x2a, 0xca, 0x9b, 0x36, 0x62, 0x0e, 0x43, 0x97, 0x00, 0xb1, 0xdc, 0xb8,
-	0x8b, 0x71, 0xdc, 0x52, 0x66, 0xed, 0xe4, 0x89, 0x64, 0x3d, 0xc0, 0xf3, 0x5d, 0x18, 0x38, 0xa3,
-	0x17, 0xb5, 0x7a, 0xfc, 0x80, 0x51, 0x9f, 0x7c, 0x30, 0x69, 0xf5, 0x5c, 0xe1, 0xcd, 0x58, 0xc2,
-	0xd1, 0x4f, 0xc2, 0x64, 0x3b, 0x22, 0x6c, 0xc3, 0x7c, 0x3d, 0x08, 0xb7, 0xbc, 0xc0, 0xa9, 0x2f,
-	0xb2, 0x4b, 0x56, 0xe3, 0xce, 0xe4, 0x24, 0x63, 0x7e, 0x46, 0xf4, 0x9d, 0xbc, 0xda, 0x03, 0x0f,
-	0xf7, 0xa4, 0x90, 0x2e, 0x68, 0x79, 0xaa, 0xcf, 0x82, 0x96, 0xab, 0x70, 0x42, 0xea, 0xb5, 0x95,
-	0xf9, 0x45, 0xf5, 0xd0, 0x93, 0xa7, 0x93, 0xb7, 0xb6, 0x2d, 0x66, 0xe0, 0xe0, 0xcc, 0x9e, 0xf6,
-	0x9f, 0x58, 0x30, 0xaa, 0x24, 0xd8, 0x5d, 0xc8, 0xd1, 0xf5, 0x92, 0x39, 0xba, 0x17, 0x0e, 0xaf,
-	0x03, 0xd8, 0xc8, 0x7b, 0x64, 0x94, 0x7c, 0x76, 0x14, 0x40, 0xeb, 0x09, 0xa5, 0xa2, 0xad, 0x9e,
-	0x2a, 0xfa, 0xbe, 0x95, 0xd1, 0x59, 0x05, 0x0a, 0x4b, 0xf7, 0xb6, 0x40, 0x61, 0x15, 0x4e, 0xca,
-	0x25, 0xc5, 0x8f, 0x94, 0x2f, 0x06, 0x91, 0x12, 0xf9, 0xc6, 0x35, 0x7c, 0x8b, 0x59, 0x48, 0x38,
-	0xbb, 0x6f, 0xc2, 0xb6, 0x1b, 0xda, 0xd7, 0xb6, 0x53, 0x52, 0x6e, 0x69, 0x43, 0x5e, 0x92, 0x99,
-	0x92, 0x72, 0x4b, 0xe7, 0xab, 0x58, 0xe3, 0x64, 0xab, 0xba, 0x4a, 0x4e, 0xaa, 0x0e, 0x0e, 0xac,
-	0xea, 0xa4, 0xd0, 0x1d, 0xee, 0x29, 0x74, 0xe5, 0xd1, 0xd5, 0x48, 0xcf, 0xa3, 0xab, 0x77, 0xc2,
-	0x98, 0xeb, 0x6f, 0x92, 0xd0, 0x8d, 0x49, 0x9d, 0x7d, 0x0b, 0x4c, 0x20, 0x97, 0xb5, 0xa1, 0xb3,
-	0x98, 0x80, 0xe2, 0x14, 0x76, 0x52, 0x53, 0x8c, 0xf5, 0xa1, 0x29, 0x7a, 0xe8, 0xe7, 0xf1, 0x7c,
-	0xf4, 0xf3, 0xb1, 0xc3, 0xeb, 0xe7, 0x89, 0x23, 0xd5, 0xcf, 0x28, 0x17, 0xfd, 0xdc, 0x97, 0xea,
-	0x33, 0x36, 0xe9, 0x27, 0xf6, 0xd9, 0xa4, 0xf7, 0x52, 0xce, 0x27, 0xef, 0x58, 0x39, 0x67, 0xeb,
-	0xdd, 0x07, 0xde, 0xd4, 0xbb, 0xb9, 0xe8, 0xdd, 0x8f, 0x15, 0xe0, 0xa4, 0xd6, 0x4c, 0x54, 0x1e,
-	0xb8, 0x1b, 0x54, 0x36, 0xb3, 0x9b, 0xa7, 0xf9, 0x81, 0xb7, 0x91, 0x19, 0xae, 0x73, 0xe3, 0x15,
-	0x04, 0x1b, 0x58, 0x2c, 0xc1, 0x9a, 0x84, 0xec, 0xce, 0x93, 0xb4, 0xda, 0x9a, 0x17, 0xed, 0x58,
-	0x61, 0xd0, 0x49, 0xa0, 0xbf, 0x45, 0x7d, 0x8f, 0x74, 0x35, 0xed, 0x79, 0x0d, 0xc2, 0x26, 0x1e,
-	0x7a, 0x82, 0x33, 0x61, 0x22, 0x93, 0xaa, 0xae, 0x11, 0xbe, 0xad, 0x54, 0x52, 0x52, 0x41, 0xe5,
-	0x70, 0x58, 0x01, 0x80, 0x52, 0xf7, 0x70, 0x58, 0xec, 0xa8, 0xc2, 0xb0, 0xff, 0x87, 0x05, 0xa7,
-	0x32, 0xa7, 0xe2, 0x2e, 0x98, 0x23, 0x3b, 0x49, 0x73, 0xa4, 0x9a, 0xd7, 0x96, 0xd4, 0x78, 0x8a,
-	0x1e, 0xa6, 0xc9, 0x7f, 0xb0, 0x60, 0x4c, 0xe3, 0xdf, 0x85, 0x47, 0x75, 0x93, 0x8f, 0x9a, 0xdf,
-	0xee, 0xbb, 0xd2, 0xf5, 0x6c, 0xbf, 0x5b, 0x00, 0x55, 0xe1, 0x7e, 0xb6, 0x26, 0xef, 0x0f, 0xd9,
-	0x27, 0x04, 0xa3, 0x03, 0x83, 0x2c, 0x82, 0x24, 0xca, 0x27, 0x3a, 0x2e, 0xc9, 0x9f, 0x45, 0xa3,
-	0xe8, 0x03, 0x3d, 0xf6, 0x37, 0xc2, 0x82, 0x21, 0xbb, 0x91, 0x87, 0x17, 0x0f, 0xaf, 0x8b, 0x3c,
-	0x61, 0x7d, 0x23, 0x8f, 0x68, 0xc7, 0x0a, 0x83, 0x2a, 0x4c, 0xb7, 0x16, 0xf8, 0xf3, 0x9e, 0x13,
-	0x45, 0xc2, 0x86, 0x53, 0x0a, 0x73, 0x51, 0x02, 0xb0, 0xc6, 0x61, 0xc1, 0x25, 0x6e, 0xd4, 0xf2,
-	0x9c, 0x8e, 0xe1, 0x63, 0x31, 0xea, 0x58, 0x29, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0x26, 0x1f,
-	0x62, 0x81, 0x6c, 0xb0, 0xc8, 0xee, 0xbe, 0xa6, 0x73, 0x06, 0x2a, 0x0e, 0xeb, 0xb5, 0xd4, 0x76,
-	0x84, 0x4c, 0xd0, 0xf1, 0xcd, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0x4f, 0x2c, 0x38, 0x9e, 0x31, 0x69,
-	0x39, 0xe6, 0x61, 0xc7, 0x5a, 0xda, 0x64, 0x99, 0x3a, 0x3f, 0x00, 0x43, 0x75, 0xb2, 0xe1, 0xc8,
-	0xd8, 0x61, 0x33, 0xd5, 0x80, 0x37, 0x63, 0x09, 0xb7, 0x7f, 0xb3, 0x00, 0xe3, 0xc9, 0xb1, 0x46,
-	0x2c, 0xb7, 0x91, 0x4f, 0x93, 0x1b, 0xd5, 0x82, 0x6d, 0x12, 0x76, 0xe8, 0x93, 0x5b, 0xa9, 0xdc,
-	0xc6, 0x2e, 0x0c, 0x9c, 0xd1, 0x8b, 0xdd, 0x6f, 0x51, 0x57, 0xb3, 0x2d, 0x57, 0xe4, 0xb5, 0x3c,
-	0x57, 0xa4, 0x7e, 0x99, 0x66, 0x9c, 0x91, 0x62, 0x89, 0x4d, 0xfe, 0xd4, 0xe4, 0x62, 0xc9, 0x22,
-	0x73, 0x6d, 0xd7, 0x8b, 0x5d, 0x5f, 0x3c, 0xb2, 0x58, 0xab, 0xca, 0xe4, 0x5a, 0xee, 0x46, 0xc1,
-	0x59, 0xfd, 0xec, 0x6f, 0x0f, 0x80, 0xaa, 0x31, 0xc2, 0xe2, 0x40, 0x73, 0x8a, 0xa2, 0x3d, 0x68,
-	0x86, 0xac, 0x5a, 0x5b, 0x03, 0x7b, 0x05, 0x66, 0x71, 0xc7, 0x9c, 0xe9, 0xc1, 0x57, 0x13, 0xb6,
-	0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x23, 0xf1, 0xdc, 0x6d, 0xc2, 0x3b, 0x0d, 0x26, 0x47, 0xb2, 0x24,
-	0x01, 0x58, 0xe3, 0xb0, 0x72, 0xd6, 0xee, 0xc6, 0x86, 0xf0, 0x32, 0xe9, 0x72, 0xd6, 0xee, 0xc6,
-	0x06, 0x66, 0x10, 0x7e, 0x03, 0x52, 0xb0, 0x25, 0xb6, 0x19, 0xc6, 0x0d, 0x48, 0xc1, 0x16, 0x66,
-	0x10, 0xfa, 0x96, 0xfc, 0x20, 0x6c, 0x3a, 0x9e, 0xfb, 0x1a, 0xa9, 0x2b, 0x2e, 0x62, 0x7b, 0xa1,
-	0xde, 0xd2, 0x95, 0x6e, 0x14, 0x9c, 0xd5, 0x8f, 0x2e, 0xe8, 0x56, 0x48, 0xea, 0x6e, 0x2d, 0x36,
-	0xa9, 0x41, 0x72, 0x41, 0xaf, 0x76, 0x61, 0xe0, 0x8c, 0x5e, 0x68, 0x16, 0xc6, 0x65, 0x8d, 0x18,
-	0x59, 0x57, 0x71, 0x38, 0x59, 0x9c, 0x0d, 0x27, 0xc1, 0x38, 0x8d, 0x4f, 0x85, 0x64, 0x53, 0x54,
-	0x85, 0x65, 0xbb, 0x11, 0x43, 0x48, 0xca, 0x6a, 0xb1, 0x58, 0x61, 0xd8, 0x1f, 0x2a, 0x52, 0xa5,
-	0xde, 0xa3, 0xf8, 0xf2, 0x5d, 0x8b, 0xda, 0x4e, 0xae, 0xc8, 0x81, 0x3e, 0x56, 0xe4, 0xb3, 0x30,
-	0x72, 0x23, 0x0a, 0x7c, 0x15, 0x11, 0x5d, 0xea, 0x19, 0x11, 0x6d, 0x60, 0x65, 0x47, 0x44, 0x0f,
-	0xe6, 0x15, 0x11, 0x3d, 0x74, 0x87, 0x11, 0xd1, 0xff, 0xaa, 0x04, 0xea, 0x8a, 0xcb, 0x2b, 0x24,
-	0xbe, 0x19, 0x84, 0x5b, 0xae, 0xdf, 0x60, 0xf5, 0x4e, 0xbe, 0x68, 0xc9, 0x92, 0x29, 0x4b, 0x66,
-	0xa6, 0xf0, 0x46, 0x4e, 0xd7, 0x14, 0x26, 0x98, 0x4d, 0xaf, 0x19, 0x8c, 0x78, 0x64, 0x4d, 0xaa,
-	0x34, 0x8b, 0x38, 0x34, 0x48, 0x8c, 0x08, 0xbd, 0x1f, 0x40, 0xba, 0xe4, 0x37, 0xa4, 0x04, 0x5e,
-	0xcc, 0x67, 0x7c, 0x98, 0x6c, 0x68, 0x93, 0x7a, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0x31, 0x9d,
-	0x45, 0xcd, 0x53, 0xa7, 0xde, 0x7b, 0x24, 0x73, 0xd3, 0x4f, 0x0e, 0x35, 0x86, 0x21, 0xd7, 0x6f,
-	0xd0, 0x75, 0x22, 0x22, 0x47, 0xdf, 0x96, 0x55, 0x4e, 0x6b, 0x29, 0x70, 0xea, 0x73, 0x8e, 0xe7,
-	0xf8, 0x35, 0x12, 0x2e, 0x72, 0x74, 0xad, 0x41, 0x45, 0x03, 0x96, 0x84, 0xba, 0xee, 0xe1, 0x2c,
-	0xf5, 0x73, 0x0f, 0xe7, 0xe9, 0x1f, 0x83, 0x89, 0xae, 0x97, 0x79, 0xa0, 0x94, 0xe9, 0x43, 0x14,
-	0xd2, 0xfa, 0xad, 0x41, 0xad, 0xb4, 0xae, 0x04, 0x75, 0x7e, 0xad, 0x63, 0xa8, 0xdf, 0xa8, 0x30,
-	0x99, 0x73, 0x5c, 0x22, 0x4a, 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xd7, 0x68, 0xcb, 0x09, 0x89,
-	0x7f, 0xd4, 0x6b, 0x74, 0x55, 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x99, 0xc8, 0xed, 0x3b, 0x7f, 0xf8,
-	0xdc, 0x3e, 0x56, 0xdc, 0x34, 0xeb, 0xf6, 0xb3, 0xd7, 0x2d, 0x18, 0xf3, 0x13, 0x2b, 0x37, 0x9f,
-	0x70, 0xfe, 0xec, 0xaf, 0x82, 0xdf, 0x90, 0x9c, 0x6c, 0xc3, 0x29, 0xfe, 0x59, 0x2a, 0xad, 0x74,
-	0x40, 0x95, 0xa6, 0xaf, 0x95, 0x1d, 0xec, 0x75, 0xad, 0x2c, 0xf2, 0xd5, 0x7d, 0xdf, 0x43, 0x79,
-	0x94, 0x23, 0x49, 0x5c, 0xf6, 0x0d, 0x19, 0x17, 0x7d, 0x5f, 0x37, 0x53, 0x7f, 0x0f, 0x7e, 0xef,
-	0xf3, 0x68, 0xaf, 0x14, 0x61, 0xfb, 0x7f, 0x0f, 0xc0, 0x31, 0x39, 0x23, 0x32, 0x15, 0x88, 0xea,
-	0x47, 0xce, 0x57, 0xdb, 0xca, 0x4a, 0x3f, 0x5e, 0x94, 0x00, 0xac, 0x71, 0xa8, 0x3d, 0xd6, 0x8e,
-	0xc8, 0x4a, 0x8b, 0xf8, 0x4b, 0xee, 0x7a, 0x24, 0x8e, 0xdf, 0xd5, 0x87, 0x72, 0x55, 0x83, 0xb0,
-	0x89, 0xc7, 0xf2, 0x93, 0x0d, 0xa3, 0xd5, 0xcc, 0x4f, 0x16, 0x86, 0xaa, 0x84, 0xa3, 0xcf, 0x65,
-	0xde, 0x06, 0x91, 0x4f, 0x02, 0x6d, 0x57, 0x06, 0xd4, 0xc1, 0xae, 0x81, 0x40, 0xff, 0xc0, 0x82,
-	0x93, 0xbc, 0x55, 0xce, 0xe4, 0xd5, 0x56, 0xdd, 0x89, 0x49, 0x94, 0xcf, 0xcd, 0x59, 0x19, 0xe3,
-	0xd3, 0x5e, 0xf4, 0x2c, 0xb6, 0x38, 0x7b, 0x34, 0xe8, 0xd3, 0x16, 0x8c, 0x6f, 0x25, 0x6a, 0x5a,
-	0x49, 0xd5, 0x71, 0xd8, 0x72, 0x33, 0x09, 0xa2, 0xfa, 0x53, 0x4b, 0xb6, 0x47, 0x38, 0xcd, 0xdd,
-	0xfe, 0x4b, 0x0b, 0x4c, 0x31, 0x7a, 0xf7, 0x4b, 0x61, 0x1d, 0xdc, 0x14, 0x94, 0xd6, 0x65, 0xa9,
-	0xa7, 0x75, 0xf9, 0x08, 0x14, 0xdb, 0x6e, 0x5d, 0xec, 0x2f, 0xf4, 0x81, 0xff, 0xe2, 0x02, 0xa6,
-	0xed, 0xf6, 0xb7, 0x4a, 0xda, 0x0d, 0x22, 0xf2, 0x53, 0xbf, 0x27, 0x1e, 0x7b, 0x43, 0xd5, 0xb8,
-	0xe5, 0x4f, 0x7e, 0xa5, 0xab, 0xc6, 0xed, 0x8f, 0x1c, 0x3c, 0xfd, 0x98, 0x4f, 0x50, 0xaf, 0x12,
-	0xb7, 0x43, 0xfb, 0xe4, 0x1e, 0xdf, 0x80, 0x32, 0xdd, 0x82, 0x31, 0x7f, 0x66, 0x39, 0x31, 0xa8,
-	0xf2, 0x45, 0xd1, 0x7e, 0x7b, 0x77, 0xea, 0x87, 0x0f, 0x3e, 0x2c, 0xd9, 0x1b, 0x2b, 0xfa, 0x28,
-	0x82, 0x0a, 0xfd, 0xcd, 0xd2, 0xa4, 0xc5, 0xe6, 0xee, 0xaa, 0x92, 0x99, 0x12, 0x90, 0x4b, 0x0e,
-	0xb6, 0xe6, 0x83, 0x7c, 0xa8, 0x50, 0x44, 0xce, 0x94, 0xef, 0x01, 0x57, 0x55, 0xb2, 0xb2, 0x04,
-	0xdc, 0xde, 0x9d, 0x7a, 0xe1, 0xe0, 0x4c, 0x55, 0x77, 0xac, 0x59, 0x18, 0xaa, 0x71, 0xb8, 0xe7,
-	0x8d, 0xeb, 0xff, 0x67, 0x40, 0xaf, 0x6f, 0x51, 0xfe, 0xf8, 0x7b, 0x62, 0x7d, 0x3f, 0x9f, 0x5a,
-	0xdf, 0x67, 0xba, 0xd6, 0xf7, 0x18, 0x9d, 0xb3, 0x8c, 0xa2, 0xcc, 0x77, 0xdb, 0x58, 0xd8, 0xdf,
-	0x27, 0xc1, 0xac, 0xa4, 0x57, 0xdb, 0x6e, 0x48, 0xa2, 0xd5, 0xb0, 0xed, 0xbb, 0x7e, 0x83, 0x2d,
-	0xd9, 0xb2, 0x69, 0x25, 0x25, 0xc0, 0x38, 0x8d, 0x4f, 0x37, 0xfe, 0x74, 0x5d, 0x5c, 0x77, 0xb6,
-	0xf9, 0xca, 0x33, 0x4a, 0x4f, 0x56, 0x45, 0x3b, 0x56, 0x18, 0x68, 0x13, 0x1e, 0x96, 0x04, 0x16,
-	0x88, 0x47, 0xe8, 0x03, 0xb1, 0x40, 0xc6, 0xb0, 0xc9, 0xd3, 0x0c, 0x78, 0x2c, 0xca, 0x5b, 0x05,
-	0x85, 0x87, 0xf1, 0x1e, 0xb8, 0x78, 0x4f, 0x4a, 0xf6, 0x97, 0x58, 0xe8, 0x82, 0x51, 0x2d, 0x82,
-	0xae, 0x3e, 0xcf, 0x6d, 0xba, 0xb2, 0x42, 0xa6, 0x5a, 0x7d, 0x4b, 0xb4, 0x11, 0x73, 0x18, 0xba,
-	0x09, 0x43, 0xeb, 0xfc, 0x26, 0xf6, 0x7c, 0x6e, 0x40, 0x12, 0xd7, 0xba, 0xb3, 0xea, 0xd8, 0xf2,
-	0x8e, 0xf7, 0xdb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xaf, 0x97, 0x60, 0x5c, 0x86, 0x97, 0x5d, 0x74,
-	0x23, 0x16, 0x91, 0x60, 0x5e, 0x19, 0x50, 0xd8, 0xf7, 0xca, 0x80, 0xf7, 0x00, 0xd4, 0x49, 0xcb,
-	0x0b, 0x3a, 0xcc, 0x38, 0x1c, 0x38, 0xb0, 0x71, 0xa8, 0xf6, 0x13, 0x0b, 0x8a, 0x0a, 0x36, 0x28,
-	0x8a, 0xb2, 0xa0, 0xfc, 0x06, 0x82, 0x54, 0x59, 0x50, 0xe3, 0x9e, 0xb4, 0xc1, 0xbb, 0x7b, 0x4f,
-	0x9a, 0x0b, 0xe3, 0x7c, 0x88, 0xaa, 0x26, 0xc3, 0x1d, 0x94, 0x5e, 0x60, 0x59, 0x6d, 0x0b, 0x49,
-	0x32, 0x38, 0x4d, 0xd7, 0xbc, 0x04, 0xad, 0x7c, 0xb7, 0x2f, 0x41, 0x7b, 0x3b, 0x54, 0xe4, 0x7b,
-	0x8e, 0x26, 0x2b, 0xba, 0x5e, 0x90, 0x5c, 0x06, 0x11, 0xd6, 0xf0, 0xae, 0xf2, 0x32, 0x70, 0xaf,
-	0xca, 0xcb, 0xd8, 0xaf, 0x17, 0xe9, 0xae, 0x82, 0x8f, 0xeb, 0xc0, 0x77, 0x08, 0x5e, 0x34, 0xee,
-	0x10, 0x3c, 0xd8, 0xfb, 0x2c, 0xa7, 0xee, 0x1a, 0x7c, 0x18, 0x06, 0x62, 0xa7, 0x21, 0x93, 0x70,
-	0x19, 0x74, 0xcd, 0x69, 0x44, 0x98, 0xb5, 0x1e, 0xa4, 0x8a, 0xf2, 0x0b, 0x30, 0x1a, 0xb9, 0x0d,
-	0xdf, 0x89, 0xdb, 0x21, 0x31, 0xce, 0x2f, 0x75, 0x90, 0x8e, 0x09, 0xc4, 0x49, 0x5c, 0xf4, 0x61,
-	0x0b, 0x20, 0x24, 0x6a, 0xcf, 0x32, 0x98, 0xc7, 0x1a, 0x52, 0x62, 0x40, 0xd2, 0x35, 0xcb, 0x82,
-	0xa8, 0xbd, 0x8a, 0xc1, 0xd6, 0xfe, 0xa8, 0x05, 0x13, 0x5d, 0xbd, 0x50, 0x0b, 0x06, 0x6b, 0xec,
-	0xa6, 0xc7, 0x7c, 0xea, 0x4e, 0x26, 0x6f, 0x8d, 0xe4, 0xca, 0x89, 0xb7, 0x61, 0xc1, 0xc7, 0xfe,
-	0xca, 0x08, 0x9c, 0xa8, 0xce, 0x2f, 0xcb, 0x7b, 0x7f, 0x8e, 0x2c, 0xab, 0x38, 0x8b, 0xc7, 0xdd,
-	0xcb, 0x2a, 0xee, 0xc1, 0xdd, 0x33, 0xb2, 0x8a, 0x3d, 0x23, 0xab, 0x38, 0x99, 0xe2, 0x59, 0xcc,
-	0x23, 0xc5, 0x33, 0x6b, 0x04, 0xfd, 0xa4, 0x78, 0x1e, 0x59, 0x9a, 0xf1, 0x9e, 0x03, 0x3a, 0x50,
-	0x9a, 0xb1, 0xca, 0xc1, 0xce, 0x25, 0xa3, 0xac, 0xc7, 0xab, 0xca, 0xcc, 0xc1, 0x56, 0xf9, 0xaf,
-	0x3c, 0x5b, 0x52, 0x28, 0xbd, 0x97, 0xf3, 0x1f, 0x40, 0x1f, 0xf9, 0xaf, 0x22, 0x61, 0xd3, 0xcc,
-	0xb9, 0x1e, 0xca, 0x23, 0xe7, 0x3a, 0x6b, 0x38, 0xfb, 0xe6, 0x5c, 0xbf, 0x00, 0xa3, 0x35, 0x2f,
-	0xf0, 0xc9, 0x6a, 0x18, 0xc4, 0x41, 0x2d, 0x90, 0xf7, 0x6a, 0xeb, 0x2b, 0x12, 0x4d, 0x20, 0x4e,
-	0xe2, 0xf6, 0x4a, 0xd8, 0xae, 0x1c, 0x36, 0x61, 0x1b, 0xee, 0x51, 0xc2, 0xb6, 0x91, 0x92, 0x3c,
-	0x9c, 0x47, 0x4a, 0x72, 0xd6, 0x1b, 0xe9, 0x2b, 0x25, 0xf9, 0x0d, 0x7e, 0xad, 0x3c, 0xdd, 0x8c,
-	0x70, 0x29, 0xcc, 0x8e, 0xe8, 0x86, 0xcf, 0xbe, 0x72, 0x04, 0x0b, 0xf6, 0x7a, 0x55, 0xb3, 0x51,
-	0x57, 0xcd, 0xeb, 0x26, 0x9c, 0x1c, 0xc8, 0x61, 0xd2, 0x98, 0x3f, 0x5f, 0x80, 0xef, 0xdb, 0x77,
-	0x08, 0xe8, 0x26, 0x40, 0xec, 0x34, 0xc4, 0x42, 0x15, 0x07, 0x59, 0x87, 0x8c, 0x2b, 0x5e, 0x93,
-	0xf4, 0x44, 0x8a, 0x9d, 0x22, 0x8f, 0x0d, 0x56, 0x2c, 0x9c, 0x38, 0xf0, 0xba, 0x4a, 0x46, 0xe3,
-	0xc0, 0x23, 0x98, 0x41, 0xa8, 0x21, 0x14, 0x92, 0x06, 0x35, 0xee, 0x8b, 0x49, 0x43, 0x08, 0xb3,
-	0x56, 0x2c, 0xa0, 0xe8, 0x39, 0x18, 0x76, 0x3c, 0x8f, 0xa7, 0xfb, 0x91, 0x48, 0xdc, 0x5d, 0xaa,
-	0x6b, 0xd7, 0x6a, 0x10, 0x36, 0xf1, 0xec, 0xbf, 0x28, 0xc0, 0xd4, 0x3e, 0x32, 0xa5, 0x2b, 0xcd,
-	0xbb, 0xd4, 0x77, 0x9a, 0xb7, 0x48, 0x57, 0x1a, 0xec, 0x91, 0xae, 0xf4, 0x1c, 0x0c, 0xc7, 0xc4,
-	0x69, 0x8a, 0x48, 0xc4, 0x74, 0x49, 0xc6, 0x35, 0x0d, 0xc2, 0x26, 0x1e, 0x95, 0x62, 0x63, 0x4e,
-	0xad, 0x46, 0xa2, 0x48, 0xe6, 0x23, 0x09, 0x2f, 0x77, 0x6e, 0xc9, 0x4e, 0xec, 0xf0, 0x60, 0x36,
-	0xc1, 0x02, 0xa7, 0x58, 0xa6, 0x27, 0xbc, 0xd2, 0xe7, 0x84, 0xff, 0x72, 0x01, 0x1e, 0xd9, 0x53,
-	0xbb, 0xf5, 0x9d, 0x2a, 0xd6, 0x8e, 0x48, 0x98, 0x5e, 0x38, 0x57, 0x23, 0x12, 0x62, 0x06, 0xe1,
-	0xb3, 0xd4, 0x6a, 0xa9, 0x28, 0xf2, 0xfc, 0x73, 0x2b, 0xf9, 0x2c, 0x25, 0x58, 0xe0, 0x14, 0xcb,
-	0x3b, 0x5d, 0x96, 0x5f, 0x1f, 0x80, 0xc7, 0xfa, 0xb0, 0x01, 0x72, 0xcc, 0x41, 0x4d, 0xe6, 0x57,
-	0x17, 0xef, 0x51, 0x7e, 0xf5, 0x9d, 0x4d, 0xd7, 0x9b, 0x69, 0xd9, 0x7d, 0xe5, 0xba, 0x7e, 0xa9,
-	0x00, 0xa7, 0x7b, 0x1b, 0x2c, 0xe8, 0x47, 0x61, 0x3c, 0x54, 0x21, 0x89, 0x66, 0x6a, 0xf6, 0x71,
-	0xee, 0xe3, 0x4a, 0x80, 0x70, 0x1a, 0x17, 0x4d, 0x03, 0xb4, 0x9c, 0x78, 0x33, 0x3a, 0xb7, 0xe3,
-	0x46, 0xb1, 0xa8, 0x65, 0x37, 0xc6, 0x4f, 0x5e, 0x65, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f,
-	0x21, 0xb8, 0x12, 0xc4, 0xbc, 0x13, 0xdf, 0x7a, 0x1e, 0x97, 0x17, 0x1d, 0x1a, 0x20, 0x9c, 0xc6,
-	0xa5, 0xec, 0xd8, 0xd9, 0x3e, 0x1f, 0xe8, 0x80, 0x4e, 0xe6, 0x5e, 0x52, 0xad, 0xd8, 0xc0, 0x48,
-	0x27, 0x9d, 0x97, 0xf6, 0x4f, 0x3a, 0xb7, 0xff, 0x45, 0x01, 0x4e, 0xf5, 0x34, 0x78, 0xfb, 0x13,
-	0x53, 0xf7, 0x5f, 0xe2, 0xf7, 0x1d, 0x7e, 0x61, 0x07, 0x4a, 0x18, 0xb6, 0xff, 0xb4, 0xc7, 0x4a,
-	0x13, 0xc9, 0xc0, 0x77, 0x5e, 0x37, 0xe5, 0xfe, 0x9b, 0xcf, 0xae, 0xfc, 0xdf, 0x81, 0x03, 0xe4,
-	0xff, 0xa6, 0x5e, 0x46, 0xa9, 0x4f, 0xed, 0xf0, 0x5f, 0x06, 0x7a, 0x4e, 0x2f, 0xdd, 0x20, 0xf7,
-	0x75, 0x82, 0xb0, 0x00, 0xc7, 0x5c, 0x9f, 0x5d, 0x5d, 0x5b, 0x6d, 0xaf, 0x8b, 0xf2, 0x66, 0xbc,
-	0x86, 0xaf, 0xca, 0xbe, 0x59, 0x4c, 0xc1, 0x71, 0x57, 0x8f, 0xfb, 0x30, 0x1f, 0xfb, 0xce, 0xa6,
-	0xf4, 0x80, 0x92, 0x7b, 0x05, 0x4e, 0xca, 0xa9, 0xd8, 0x74, 0x42, 0x52, 0x17, 0xca, 0x36, 0x12,
-	0xf9, 0x56, 0xa7, 0x78, 0xce, 0x56, 0x06, 0x02, 0xce, 0xee, 0xc7, 0xee, 0x19, 0x0d, 0x5a, 0x6e,
-	0x4d, 0x6c, 0x05, 0xf5, 0x3d, 0xa3, 0xb4, 0x11, 0x73, 0x98, 0xd6, 0x17, 0x95, 0xbb, 0xa3, 0x2f,
-	0xde, 0x03, 0x15, 0x35, 0xdf, 0x3c, 0xa7, 0x42, 0x2d, 0xf2, 0xae, 0x9c, 0x0a, 0xb5, 0xc2, 0x0d,
-	0xac, 0xfd, 0xae, 0xf3, 0x7f, 0x06, 0x46, 0x94, 0x2f, 0xb0, 0xdf, 0xdb, 0x5e, 0xed, 0xff, 0x5b,
-	0x80, 0xd4, 0xc5, 0x66, 0x68, 0x07, 0x2a, 0x75, 0x79, 0xa1, 0x7e, 0x3e, 0x35, 0xa4, 0xd5, 0xfd,
-	0xfc, 0xfa, 0x20, 0x4c, 0x35, 0x61, 0xcd, 0x0c, 0xbd, 0x8f, 0x97, 0x6b, 0x16, 0xac, 0x0b, 0x79,
-	0xe4, 0xe4, 0x57, 0x15, 0x3d, 0xf3, 0x3a, 0x47, 0xd9, 0x86, 0x0d, 0x7e, 0x28, 0x86, 0xca, 0xa6,
-	0xbc, 0xc0, 0x2d, 0x1f, 0x71, 0xa7, 0xee, 0x83, 0xe3, 0x26, 0x9a, 0xfa, 0x8b, 0x35, 0x23, 0xfb,
-	0x4f, 0x0a, 0x70, 0x22, 0xf9, 0x02, 0xc4, 0xc1, 0xe5, 0xaf, 0x5a, 0xf0, 0xa0, 0xe7, 0x44, 0x71,
-	0xb5, 0xcd, 0x36, 0x0a, 0x1b, 0x6d, 0x6f, 0x25, 0x55, 0xd9, 0xfb, 0xb0, 0xce, 0x16, 0x45, 0x38,
-	0x7d, 0xe1, 0xdf, 0xdc, 0x43, 0xb7, 0x76, 0xa7, 0x1e, 0x5c, 0xca, 0x66, 0x8e, 0x7b, 0x8d, 0x0a,
-	0xbd, 0x6e, 0xc1, 0xb1, 0x5a, 0x3b, 0x0c, 0x89, 0x1f, 0xeb, 0xa1, 0xf2, 0xb7, 0x78, 0x25, 0x97,
-	0x89, 0xd4, 0x03, 0x3c, 0x41, 0x05, 0xea, 0x7c, 0x8a, 0x17, 0xee, 0xe2, 0x6e, 0xff, 0x02, 0xd5,
-	0x9c, 0x3d, 0x9f, 0xf3, 0xaf, 0xd9, 0x0d, 0x85, 0x7f, 0x36, 0x08, 0xa3, 0x89, 0xf2, 0xe5, 0x89,
-	0xc3, 0x3e, 0x6b, 0xdf, 0xc3, 0x3e, 0x96, 0x21, 0xd8, 0xf6, 0xe5, 0xe5, 0xed, 0x46, 0x86, 0x60,
-	0xdb, 0x27, 0x98, 0xc3, 0xc4, 0x94, 0xe2, 0xb6, 0x2f, 0x72, 0x01, 0xcc, 0x29, 0xc5, 0x6d, 0x1f,
-	0x0b, 0x28, 0xfa, 0xa0, 0x05, 0x23, 0xec, 0xe3, 0x13, 0x47, 0xa5, 0x42, 0xa1, 0x5d, 0xca, 0xe1,
-	0x73, 0x97, 0xa5, 0xfa, 0x59, 0xec, 0xa8, 0xd9, 0x82, 0x13, 0x1c, 0xd1, 0x47, 0x2c, 0xa8, 0xa8,
-	0x9b, 0x62, 0xc5, 0xd9, 0x48, 0x35, 0xdf, 0xea, 0xf0, 0x29, 0xa9, 0xa7, 0xca, 0x74, 0x63, 0xcd,
-	0x18, 0x45, 0xea, 0x1c, 0x73, 0xe8, 0x68, 0xce, 0x31, 0x21, 0xe3, 0x0c, 0xf3, 0xed, 0x50, 0x69,
-	0x3a, 0xbe, 0xbb, 0x41, 0xa2, 0x98, 0x1f, 0x2d, 0xca, 0xcb, 0x40, 0x64, 0x23, 0xd6, 0x70, 0x6a,
-	0xec, 0x47, 0xec, 0xc1, 0x62, 0xe3, 0x2c, 0x90, 0x19, 0xfb, 0x55, 0xdd, 0x8c, 0x4d, 0x1c, 0xf3,
-	0xe0, 0x12, 0xee, 0xe9, 0xc1, 0xe5, 0xf0, 0x3e, 0x07, 0x97, 0x55, 0x38, 0xe9, 0xb4, 0xe3, 0xe0,
-	0x22, 0x71, 0xbc, 0xd9, 0x38, 0x26, 0xcd, 0x56, 0x1c, 0xf1, 0x8a, 0xf7, 0x23, 0xcc, 0x05, 0xac,
-	0xa2, 0xdd, 0xaa, 0xc4, 0xdb, 0xe8, 0x42, 0xc2, 0xd9, 0x7d, 0xed, 0x7f, 0x66, 0xc1, 0xc9, 0xcc,
-	0xa5, 0x70, 0xff, 0xe6, 0x19, 0xd8, 0x9f, 0x29, 0xc1, 0xf1, 0x8c, 0xcb, 0x0d, 0x50, 0xc7, 0xfc,
-	0x48, 0xac, 0x3c, 0x42, 0xf6, 0x92, 0x11, 0x68, 0xf2, 0xdd, 0x64, 0x7c, 0x19, 0x07, 0x8b, 0x45,
-	0xd0, 0xf1, 0x00, 0xc5, 0xbb, 0x1b, 0x0f, 0x60, 0xac, 0xf5, 0x81, 0x7b, 0xba, 0xd6, 0x4b, 0xfb,
-	0xac, 0xf5, 0x2f, 0x5b, 0x30, 0xd9, 0xec, 0x71, 0x53, 0x99, 0x38, 0x4f, 0xba, 0x76, 0x34, 0xf7,
-	0xa0, 0xcd, 0x3d, 0x7c, 0x6b, 0x77, 0xaa, 0xe7, 0x05, 0x71, 0xb8, 0xe7, 0xa8, 0xec, 0x6f, 0x17,
-	0x81, 0xd9, 0x6b, 0xac, 0x80, 0x75, 0x07, 0x7d, 0xc0, 0xbc, 0x23, 0xc5, 0xca, 0xeb, 0x3e, 0x0f,
-	0x4e, 0x5c, 0xdd, 0xb1, 0xc2, 0x67, 0x30, 0xeb, 0xca, 0x95, 0xb4, 0x24, 0x2c, 0xf4, 0x21, 0x09,
-	0x3d, 0x79, 0x19, 0x4d, 0x31, 0xff, 0xcb, 0x68, 0x2a, 0xe9, 0x8b, 0x68, 0xf6, 0x7e, 0xc5, 0x03,
-	0xf7, 0xe5, 0x2b, 0xfe, 0x6d, 0x8b, 0x0b, 0x9e, 0xd4, 0x5b, 0xd0, 0xe6, 0x86, 0xb5, 0x87, 0xb9,
-	0xf1, 0x24, 0x94, 0x23, 0x21, 0x99, 0x85, 0x59, 0xa2, 0x43, 0xc1, 0x44, 0x3b, 0x56, 0x18, 0x74,
-	0xd7, 0xe5, 0x78, 0x5e, 0x70, 0xf3, 0x5c, 0xb3, 0x15, 0x77, 0x84, 0x81, 0xa2, 0xb6, 0x05, 0xb3,
-	0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x18, 0x0c, 0xf2, 0x4a, 0x13, 0xc2, 0xb9, 0x33, 0x4c, 0xbf, 0x43,
-	0x5e, 0x86, 0xa2, 0x8e, 0x05, 0xc8, 0xde, 0x04, 0x63, 0x57, 0x71, 0xe7, 0xb7, 0x3f, 0xab, 0x7b,
-	0x68, 0x0b, 0xbd, 0xee, 0xa1, 0xb5, 0xff, 0x5e, 0x41, 0xb0, 0xe2, 0xbb, 0x04, 0x1d, 0x19, 0x68,
-	0x1d, 0x30, 0x32, 0xf0, 0x7d, 0x00, 0xb5, 0xa0, 0xd9, 0xa2, 0xfb, 0xe6, 0xb5, 0x20, 0x9f, 0xcd,
-	0xd6, 0xbc, 0xa2, 0xa7, 0x67, 0x55, 0xb7, 0x61, 0x83, 0x5f, 0x42, 0xb4, 0x17, 0xf7, 0x15, 0xed,
-	0x09, 0x29, 0x37, 0xb0, 0xb7, 0x94, 0xb3, 0xff, 0xc2, 0x82, 0x84, 0xd5, 0x87, 0x5a, 0x50, 0xa2,
-	0xc3, 0xed, 0x08, 0x81, 0xb1, 0x92, 0x9f, 0x89, 0x49, 0x25, 0xb5, 0xf8, 0x0a, 0xd9, 0x4f, 0xcc,
-	0x19, 0x21, 0x4f, 0x44, 0x41, 0xe6, 0xb2, 0xf9, 0x31, 0x19, 0x5e, 0x0c, 0x82, 0x2d, 0x1e, 0x4c,
-	0xa4, 0x23, 0x2a, 0xed, 0xe7, 0x61, 0xa2, 0x6b, 0x50, 0xec, 0xc6, 0xe8, 0x40, 0xee, 0xe0, 0x8d,
-	0xaf, 0x87, 0x15, 0x7c, 0xc0, 0x1c, 0x66, 0x7f, 0xc9, 0x82, 0x63, 0x69, 0xf2, 0xe8, 0x0d, 0x0b,
-	0x26, 0xa2, 0x34, 0xbd, 0xa3, 0x9a, 0x3b, 0x95, 0xed, 0xd0, 0x05, 0xc2, 0xdd, 0x83, 0xb0, 0xff,
-	0xbb, 0xd0, 0x06, 0xd7, 0x5d, 0xbf, 0x1e, 0xdc, 0x54, 0x76, 0x92, 0xd5, 0xd3, 0x4e, 0xa2, 0xe2,
-	0xa1, 0xb6, 0x49, 0xea, 0x6d, 0xaf, 0xab, 0x0c, 0x45, 0x55, 0xb4, 0x63, 0x85, 0xc1, 0xb2, 0xee,
-	0xdb, 0x62, 0xdf, 0x9a, 0x5a, 0x94, 0x0b, 0xa2, 0x1d, 0x2b, 0x0c, 0xf4, 0x2c, 0x8c, 0x18, 0x0f,
-	0x29, 0xd7, 0x25, 0xdb, 0x74, 0x18, 0x1a, 0x3c, 0xc2, 0x09, 0x2c, 0x34, 0x0d, 0xa0, 0x6c, 0x2e,
-	0xa9, 0xb1, 0x99, 0xa3, 0x5d, 0x09, 0xc6, 0x08, 0x1b, 0x18, 0xac, 0xc6, 0x85, 0xd7, 0x8e, 0xd8,
-	0x49, 0xf2, 0xa0, 0xbe, 0xd0, 0x61, 0x5e, 0xb4, 0x61, 0x05, 0xa5, 0xc2, 0xad, 0xe9, 0xf8, 0x6d,
-	0xc7, 0xa3, 0x33, 0x24, 0x5c, 0x67, 0xea, 0x33, 0x5c, 0x56, 0x10, 0x6c, 0x60, 0xd1, 0x27, 0x8e,
-	0xdd, 0x26, 0x79, 0x29, 0xf0, 0x65, 0x94, 0xba, 0x0e, 0x2e, 0x10, 0xed, 0x58, 0x61, 0xa0, 0xe7,
-	0x61, 0xd8, 0xf1, 0xeb, 0xdc, 0x40, 0x0c, 0x42, 0x71, 0x46, 0xa9, 0x76, 0x9f, 0x57, 0x23, 0x32,
-	0xab, 0xa1, 0xd8, 0x44, 0x4d, 0xdf, 0x66, 0x01, 0x7d, 0xde, 0x96, 0xf7, 0xe7, 0x16, 0x8c, 0xeb,
-	0xa2, 0x45, 0xcc, 0xc3, 0x96, 0x70, 0x2d, 0x5a, 0xfb, 0xba, 0x16, 0x93, 0xb5, 0x4b, 0x0a, 0x7d,
-	0xd5, 0x2e, 0x31, 0xcb, 0x8a, 0x14, 0xf7, 0x2c, 0x2b, 0xf2, 0xfd, 0x30, 0xb4, 0x45, 0x3a, 0x46,
-	0xfd, 0x11, 0xa6, 0x1c, 0x2e, 0xf3, 0x26, 0x2c, 0x61, 0xc8, 0x86, 0xc1, 0x9a, 0xa3, 0x6a, 0x18,
-	0x8e, 0x88, 0xd8, 0xb4, 0x59, 0x86, 0x24, 0x20, 0xf6, 0x0a, 0x54, 0xd4, 0xa1, 0xbe, 0xf4, 0xf4,
-	0x59, 0xd9, 0x9e, 0xbe, 0xbe, 0xca, 0x1b, 0xcc, 0xad, 0x7f, 0xed, 0x3b, 0x8f, 0xbe, 0xe5, 0x0f,
-	0xbf, 0xf3, 0xe8, 0x5b, 0xfe, 0xf8, 0x3b, 0x8f, 0xbe, 0xe5, 0x83, 0xb7, 0x1e, 0xb5, 0xbe, 0x76,
-	0xeb, 0x51, 0xeb, 0x0f, 0x6f, 0x3d, 0x6a, 0xfd, 0xf1, 0xad, 0x47, 0xad, 0x6f, 0xdf, 0x7a, 0xd4,
-	0x7a, 0xfd, 0x3f, 0x3f, 0xfa, 0x96, 0x97, 0x32, 0xf3, 0x22, 0xe8, 0x8f, 0xa7, 0x6a, 0xf5, 0x99,
-	0xed, 0x67, 0x58, 0x68, 0x3e, 0xfd, 0x9e, 0x67, 0x8c, 0x45, 0x3c, 0x23, 0xbf, 0xe7, 0xff, 0x17,
-	0x00, 0x00, 0xff, 0xff, 0x4c, 0x7a, 0x03, 0x43, 0x0b, 0x00, 0x01, 0x00,
+	// 12403 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0x49,
+	0x56, 0xd8, 0x55, 0xb7, 0x5a, 0xea, 0x7e, 0xfa, 0x1a, 0xe5, 0xcc, 0xec, 0x6a, 0x66, 0x3f, 0x34,
+	0xd4, 0x1e, 0x7b, 0x87, 0x6f, 0x4f, 0x62, 0x67, 0x77, 0x8f, 0x35, 0x0b, 0x07, 0xfa, 0x98, 0x0f,
+	0xcd, 0x48, 0x23, 0x6d, 0xb6, 0x66, 0x86, 0xdb, 0x63, 0x6f, 0xaf, 0x54, 0x9d, 0x92, 0x6a, 0x54,
+	0x5d, 0xd5, 0x5b, 0x55, 0xad, 0x51, 0x2f, 0xcb, 0x71, 0xc7, 0xdd, 0xc1, 0xc1, 0x7d, 0xad, 0xc1,
+	0x61, 0x16, 0xdb, 0xe0, 0xc3, 0xe0, 0xaf, 0x70, 0x5c, 0x80, 0xcd, 0x0f, 0x13, 0x01, 0x04, 0xc1,
+	0x47, 0x10, 0xe0, 0x2f, 0x30, 0x81, 0x01, 0x1b, 0x90, 0xef, 0xc6, 0x76, 0x40, 0x38, 0xc2, 0x44,
+	0x80, 0xfd, 0xc3, 0x31, 0x76, 0x10, 0x8e, 0xfc, 0xce, 0xaa, 0xae, 0x96, 0x5a, 0xa3, 0xd2, 0xcc,
+	0x1c, 0xec, 0xbf, 0xee, 0x7c, 0xaf, 0xde, 0xcb, 0xca, 0xca, 0x7c, 0xef, 0xe5, 0xcb, 0xf7, 0x5e,
+	0xc2, 0xd2, 0xa6, 0x97, 0x6c, 0xb5, 0xd7, 0xa7, 0xdd, 0xb0, 0x39, 0xe3, 0x44, 0x9b, 0x61, 0x2b,
+	0x0a, 0x6f, 0xb1, 0x1f, 0xef, 0x77, 0x1b, 0x33, 0x3b, 0xcf, 0xcd, 0xb4, 0xb6, 0x37, 0x67, 0x9c,
+	0x96, 0x17, 0xcf, 0x38, 0xad, 0x96, 0xef, 0xb9, 0x4e, 0xe2, 0x85, 0xc1, 0xcc, 0xce, 0xb3, 0x8e,
+	0xdf, 0xda, 0x72, 0x9e, 0x9d, 0xd9, 0x24, 0x01, 0x89, 0x9c, 0x84, 0x34, 0xa6, 0x5b, 0x51, 0x98,
+	0x84, 0xe8, 0x5b, 0x34, 0xb5, 0x69, 0x49, 0x8d, 0xfd, 0x78, 0xcd, 0x6d, 0x4c, 0xef, 0x3c, 0x37,
+	0xdd, 0xda, 0xde, 0x9c, 0xa6, 0xd4, 0xa6, 0x0d, 0x6a, 0xd3, 0x92, 0xda, 0xd9, 0xf7, 0x1b, 0x7d,
+	0xd9, 0x0c, 0x37, 0xc3, 0x19, 0x46, 0x74, 0xbd, 0xbd, 0xc1, 0xfe, 0xb1, 0x3f, 0xec, 0x17, 0x67,
+	0x76, 0xd6, 0xde, 0x7e, 0x31, 0x9e, 0xf6, 0x42, 0xda, 0xbd, 0x19, 0x37, 0x8c, 0xc8, 0xcc, 0x4e,
+	0x57, 0x87, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x37, 0x21, 0x41, 0xec, 0x85, 0x41, 0xfc, 0x7e, 0xda,
+	0x05, 0x12, 0xed, 0x90, 0xc8, 0x7c, 0x3d, 0x03, 0x21, 0x8f, 0xd2, 0xf3, 0x9a, 0x52, 0xd3, 0x71,
+	0xb7, 0xbc, 0x80, 0x44, 0x1d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xde, 0x53, 0x33, 0xbd, 0x9e, 0x8a,
+	0xda, 0x41, 0xe2, 0x35, 0x49, 0xd7, 0x03, 0x1f, 0x38, 0xe8, 0x81, 0xd8, 0xdd, 0x22, 0x4d, 0xa7,
+	0xeb, 0xb9, 0xe7, 0x7a, 0x3d, 0xd7, 0x4e, 0x3c, 0x7f, 0xc6, 0x0b, 0x92, 0x38, 0x89, 0xb2, 0x0f,
+	0xd9, 0x7f, 0xdf, 0x82, 0xd1, 0xd9, 0x9b, 0xf5, 0xd9, 0x76, 0xb2, 0x35, 0x1f, 0x06, 0x1b, 0xde,
+	0x26, 0x7a, 0x01, 0x86, 0x5d, 0xbf, 0x1d, 0x27, 0x24, 0xba, 0xe6, 0x34, 0xc9, 0xa4, 0x75, 0xce,
+	0x7a, 0x6f, 0x6d, 0xee, 0xe4, 0x6f, 0xec, 0x4d, 0xbd, 0xeb, 0xce, 0xde, 0xd4, 0xf0, 0xbc, 0x06,
+	0x61, 0x13, 0x0f, 0x7d, 0x03, 0x0c, 0x45, 0xa1, 0x4f, 0x66, 0xf1, 0xb5, 0xc9, 0x12, 0x7b, 0x64,
+	0x5c, 0x3c, 0x32, 0x84, 0x79, 0x33, 0x96, 0x70, 0x8a, 0xda, 0x8a, 0xc2, 0x0d, 0xcf, 0x27, 0x93,
+	0xe5, 0x34, 0xea, 0x2a, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x68, 0x09, 0xc6, 0x67, 0x5b, 0xad, 0xcb,
+	0xc4, 0xf1, 0x93, 0xad, 0x7a, 0xe2, 0x24, 0xed, 0x18, 0x6d, 0xc2, 0x60, 0xcc, 0x7e, 0x89, 0xbe,
+	0xad, 0x88, 0xa7, 0x07, 0x39, 0xfc, 0xee, 0xde, 0xd4, 0xb7, 0xe6, 0xcd, 0xe8, 0x4d, 0x2f, 0x09,
+	0x5b, 0xf1, 0xfb, 0x49, 0xb0, 0xe9, 0x05, 0x84, 0x8d, 0xcb, 0x16, 0xa3, 0x3a, 0x6d, 0x12, 0x9f,
+	0x0f, 0x1b, 0x04, 0x0b, 0xf2, 0xb4, 0x9f, 0x4d, 0x12, 0xc7, 0xce, 0x26, 0xc9, 0xbe, 0xd2, 0x32,
+	0x6f, 0xc6, 0x12, 0x8e, 0x22, 0x40, 0xbe, 0x13, 0x27, 0x6b, 0x91, 0x13, 0xc4, 0x1e, 0x9d, 0xd2,
+	0x6b, 0x5e, 0x93, 0xbf, 0xdd, 0xf0, 0xf9, 0xbf, 0x31, 0xcd, 0x3f, 0xcc, 0xb4, 0xf9, 0x61, 0xf4,
+	0x3a, 0xa0, 0xf3, 0x66, 0x7a, 0xe7, 0xd9, 0x69, 0xfa, 0xc4, 0xdc, 0x23, 0x77, 0xf6, 0xa6, 0xd0,
+	0x52, 0x17, 0x25, 0x9c, 0x43, 0xdd, 0xfe, 0xbd, 0x12, 0xc0, 0x6c, 0xab, 0xb5, 0x1a, 0x85, 0xb7,
+	0x88, 0x9b, 0xa0, 0x8f, 0x42, 0x95, 0x92, 0x6a, 0x38, 0x89, 0xc3, 0x06, 0x66, 0xf8, 0xfc, 0x37,
+	0xf6, 0xc7, 0x78, 0x65, 0x9d, 0x3e, 0xbf, 0x4c, 0x12, 0x67, 0x0e, 0x89, 0x17, 0x04, 0xdd, 0x86,
+	0x15, 0x55, 0x14, 0xc0, 0x40, 0xdc, 0x22, 0x2e, 0x1b, 0x8c, 0xe1, 0xf3, 0x4b, 0xd3, 0x47, 0x59,
+	0xe9, 0xd3, 0xba, 0xe7, 0xf5, 0x16, 0x71, 0xe7, 0x46, 0x04, 0xe7, 0x01, 0xfa, 0x0f, 0x33, 0x3e,
+	0x68, 0x47, 0x7d, 0x68, 0x3e, 0x90, 0xd7, 0x0a, 0xe3, 0xc8, 0xa8, 0xce, 0x8d, 0xa5, 0x27, 0x8e,
+	0xfc, 0xee, 0xf6, 0x1f, 0x5b, 0x30, 0xa6, 0x91, 0x97, 0xbc, 0x38, 0x41, 0xdf, 0xd9, 0x35, 0xb8,
+	0xd3, 0xfd, 0x0d, 0x2e, 0x7d, 0x9a, 0x0d, 0xed, 0x09, 0xc1, 0xac, 0x2a, 0x5b, 0x8c, 0x81, 0x6d,
+	0x42, 0xc5, 0x4b, 0x48, 0x33, 0x9e, 0x2c, 0x9d, 0x2b, 0xbf, 0x77, 0xf8, 0xfc, 0xe5, 0xa2, 0xde,
+	0x73, 0x6e, 0x54, 0x30, 0xad, 0x2c, 0x52, 0xf2, 0x98, 0x73, 0xb1, 0xff, 0x62, 0xd4, 0x7c, 0x3f,
+	0x3a, 0xe0, 0xe8, 0x59, 0x18, 0x8e, 0xc3, 0x76, 0xe4, 0x12, 0x4c, 0x5a, 0x21, 0x5d, 0x58, 0x65,
+	0x3a, 0xdd, 0xe9, 0x82, 0xaf, 0xeb, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x58, 0x30, 0xd2, 0x20, 0x71,
+	0xe2, 0x05, 0x8c, 0xbf, 0xec, 0xfc, 0xda, 0x91, 0x3b, 0x2f, 0x1b, 0x17, 0x34, 0xf1, 0xb9, 0x53,
+	0xe2, 0x45, 0x46, 0x8c, 0xc6, 0x18, 0xa7, 0xf8, 0x53, 0xc1, 0xd5, 0x20, 0xb1, 0x1b, 0x79, 0x2d,
+	0xfa, 0x5f, 0x88, 0x16, 0x25, 0xb8, 0x16, 0x34, 0x08, 0x9b, 0x78, 0x28, 0x80, 0x0a, 0x15, 0x4c,
+	0xf1, 0xe4, 0x00, 0xeb, 0xff, 0xe2, 0xd1, 0xfa, 0x2f, 0x06, 0x95, 0xca, 0x3c, 0x3d, 0xfa, 0xf4,
+	0x5f, 0x8c, 0x39, 0x1b, 0xf4, 0x79, 0x0b, 0x26, 0x85, 0xe0, 0xc4, 0x84, 0x0f, 0xe8, 0xcd, 0x2d,
+	0x2f, 0x21, 0xbe, 0x17, 0x27, 0x93, 0x15, 0xd6, 0x87, 0x99, 0xfe, 0xe6, 0xd6, 0xa5, 0x28, 0x6c,
+	0xb7, 0xae, 0x7a, 0x41, 0x63, 0xee, 0x9c, 0xe0, 0x34, 0x39, 0xdf, 0x83, 0x30, 0xee, 0xc9, 0x12,
+	0xfd, 0xb0, 0x05, 0x67, 0x03, 0xa7, 0x49, 0xe2, 0x96, 0x43, 0x3f, 0x2d, 0x07, 0xcf, 0xf9, 0x8e,
+	0xbb, 0xcd, 0x7a, 0x34, 0x78, 0x6f, 0x3d, 0xb2, 0x45, 0x8f, 0xce, 0x5e, 0xeb, 0x49, 0x1a, 0xef,
+	0xc3, 0x16, 0xfd, 0xa4, 0x05, 0x13, 0x61, 0xd4, 0xda, 0x72, 0x02, 0xd2, 0x90, 0xd0, 0x78, 0x72,
+	0x88, 0x2d, 0xbd, 0x8f, 0x1c, 0xed, 0x13, 0xad, 0x64, 0xc9, 0x2e, 0x87, 0x81, 0x97, 0x84, 0x51,
+	0x9d, 0x24, 0x89, 0x17, 0x6c, 0xc6, 0x73, 0xa7, 0xef, 0xec, 0x4d, 0x4d, 0x74, 0x61, 0xe1, 0xee,
+	0xfe, 0xa0, 0xef, 0x82, 0xe1, 0xb8, 0x13, 0xb8, 0x37, 0xbd, 0xa0, 0x11, 0xde, 0x8e, 0x27, 0xab,
+	0x45, 0x2c, 0xdf, 0xba, 0x22, 0x28, 0x16, 0xa0, 0x66, 0x80, 0x4d, 0x6e, 0xf9, 0x1f, 0x4e, 0x4f,
+	0xa5, 0x5a, 0xd1, 0x1f, 0x4e, 0x4f, 0xa6, 0x7d, 0xd8, 0xa2, 0xef, 0xb7, 0x60, 0x34, 0xf6, 0x36,
+	0x03, 0x27, 0x69, 0x47, 0xe4, 0x2a, 0xe9, 0xc4, 0x93, 0xc0, 0x3a, 0x72, 0xe5, 0x88, 0xa3, 0x62,
+	0x90, 0x9c, 0x3b, 0x2d, 0xfa, 0x38, 0x6a, 0xb6, 0xc6, 0x38, 0xcd, 0x37, 0x6f, 0xa1, 0xe9, 0x69,
+	0x3d, 0x5c, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, 0xed, 0x70, 0x82, 0x37, 0xa9, 0x91,
+	0x8d, 0x27, 0x47, 0x98, 0xa0, 0x3d, 0x75, 0x67, 0x6f, 0xea, 0x44, 0x3d, 0x03, 0xc3, 0x5d, 0xd8,
+	0xe8, 0x75, 0x98, 0x6a, 0x91, 0xa8, 0xe9, 0x25, 0x2b, 0x81, 0xdf, 0x91, 0xe2, 0xdb, 0x0d, 0x5b,
+	0xa4, 0x21, 0xba, 0x13, 0x4f, 0x8e, 0x9e, 0xb3, 0xde, 0x5b, 0x9d, 0x7b, 0x8f, 0xe8, 0xe6, 0xd4,
+	0xea, 0xfe, 0xe8, 0xf8, 0x20, 0x7a, 0xe8, 0xd7, 0x2d, 0x38, 0x6b, 0x48, 0xd9, 0x3a, 0x89, 0x76,
+	0x3c, 0x97, 0xcc, 0xba, 0x6e, 0xd8, 0x0e, 0x92, 0x78, 0x72, 0x8c, 0x0d, 0xe3, 0xfa, 0x71, 0xc8,
+	0xfc, 0x34, 0x2b, 0x3d, 0x2f, 0x7b, 0xa2, 0xc4, 0x78, 0x9f, 0x9e, 0xda, 0xbf, 0x59, 0x82, 0x13,
+	0x59, 0x0b, 0x00, 0xfd, 0x63, 0x0b, 0xc6, 0x6f, 0xdd, 0x4e, 0xd6, 0xc2, 0x6d, 0x12, 0xc4, 0x73,
+	0x1d, 0x2a, 0xa7, 0x99, 0xee, 0x1b, 0x3e, 0xef, 0x16, 0x6b, 0x6b, 0x4c, 0x5f, 0x49, 0x73, 0xb9,
+	0x10, 0x24, 0x51, 0x67, 0xee, 0x51, 0xf1, 0x4e, 0xe3, 0x57, 0x6e, 0xae, 0x99, 0x50, 0x9c, 0xed,
+	0xd4, 0xd9, 0xcf, 0x5a, 0x70, 0x2a, 0x8f, 0x04, 0x3a, 0x01, 0xe5, 0x6d, 0xd2, 0xe1, 0x96, 0x30,
+	0xa6, 0x3f, 0xd1, 0xab, 0x50, 0xd9, 0x71, 0xfc, 0x36, 0x11, 0x66, 0xda, 0xa5, 0xa3, 0xbd, 0x88,
+	0xea, 0x19, 0xe6, 0x54, 0xbf, 0xb9, 0xf4, 0xa2, 0x65, 0xff, 0x56, 0x19, 0x86, 0x8d, 0x8f, 0x76,
+	0x1f, 0x4c, 0xcf, 0x30, 0x65, 0x7a, 0x2e, 0x17, 0x36, 0xdf, 0x7a, 0xda, 0x9e, 0xb7, 0x33, 0xb6,
+	0xe7, 0x4a, 0x71, 0x2c, 0xf7, 0x35, 0x3e, 0x51, 0x02, 0xb5, 0xb0, 0x45, 0xb7, 0x68, 0xd4, 0x86,
+	0x19, 0x28, 0xe2, 0x13, 0xae, 0x48, 0x72, 0x73, 0xa3, 0x77, 0xf6, 0xa6, 0x6a, 0xea, 0x2f, 0xd6,
+	0x8c, 0xec, 0xdf, 0xb7, 0xe0, 0x94, 0xd1, 0xc7, 0xf9, 0x30, 0x68, 0xb0, 0x8d, 0x06, 0x3a, 0x07,
+	0x03, 0x49, 0xa7, 0x25, 0xb7, 0x81, 0x6a, 0xa4, 0xd6, 0x3a, 0x2d, 0x82, 0x19, 0xe4, 0x61, 0xdf,
+	0x25, 0xfd, 0xb0, 0x05, 0x8f, 0xe4, 0x0b, 0x18, 0xf4, 0x34, 0x0c, 0x72, 0x1f, 0x80, 0x78, 0x3b,
+	0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x03, 0x35, 0xa5, 0xf0, 0xc4, 0x3b, 0x4e, 0x08, 0xd4,
+	0x9a, 0xd6, 0x92, 0x1a, 0x87, 0x0e, 0x1a, 0xfd, 0x23, 0x4c, 0x50, 0x35, 0x68, 0x6c, 0xd3, 0xcc,
+	0x20, 0xf6, 0xef, 0x5a, 0xf0, 0xee, 0x7e, 0xc4, 0xde, 0xf1, 0xf5, 0xb1, 0x0e, 0xa7, 0x1b, 0x64,
+	0xc3, 0x69, 0xfb, 0x49, 0x9a, 0xa3, 0xe8, 0xf4, 0x13, 0xe2, 0xe1, 0xd3, 0x0b, 0x79, 0x48, 0x38,
+	0xff, 0x59, 0xfb, 0xbf, 0x58, 0x6c, 0xbb, 0x2e, 0x5f, 0xeb, 0x3e, 0x6c, 0x9d, 0x82, 0xf4, 0xd6,
+	0x69, 0xb1, 0xb0, 0x65, 0xda, 0x63, 0xef, 0xf4, 0x79, 0x0b, 0xce, 0x1a, 0x58, 0xcb, 0x4e, 0xe2,
+	0x6e, 0x5d, 0xd8, 0x6d, 0x45, 0x24, 0x8e, 0xe9, 0x94, 0x7a, 0xc2, 0x10, 0xc7, 0x73, 0xc3, 0x82,
+	0x42, 0xf9, 0x2a, 0xe9, 0x70, 0xd9, 0xfc, 0x0c, 0x54, 0xf9, 0x9a, 0x0b, 0x23, 0xf1, 0x91, 0xd4,
+	0xbb, 0xad, 0x88, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0xe6, 0x52, 0x19, 0x44, 0xcd, 0x04,
+	0xa0, 0xdf, 0xfd, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0xac, 0x46, 0x84, 0xcd, 0x87,
+	0xc6, 0x45, 0x8f, 0xf8, 0x8d, 0x98, 0x6e, 0xeb, 0x9c, 0x20, 0x08, 0x13, 0xb1, 0x43, 0x33, 0xb6,
+	0x75, 0xb3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xef, 0xac, 0x13, 0x9f, 0x8f, 0xa8, 0x60, 0xba,
+	0xc4, 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x03, 0xa9, 0x24, 0x1a, 0xb9, 0x1f, 0xde, 0x87,
+	0x28, 0xa5, 0x02, 0x56, 0x8b, 0x93, 0xc7, 0xa4, 0xb7, 0x07, 0xe2, 0x8d, 0x8c, 0x16, 0xc0, 0x85,
+	0x72, 0xdd, 0xdf, 0x0b, 0xf1, 0xf1, 0x32, 0x4c, 0xa5, 0x1f, 0xe8, 0x52, 0x22, 0x74, 0xcb, 0x6b,
+	0x30, 0xca, 0xfa, 0xea, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x90, 0xc3, 0xa5, 0xe3, 0x94, 0xc3, 0xa6,
+	0x9a, 0x28, 0x1f, 0xa0, 0x26, 0x9e, 0x56, 0xa3, 0x3e, 0x90, 0x91, 0x79, 0x69, 0x55, 0x79, 0x0e,
+	0x06, 0xe2, 0x84, 0xb4, 0x26, 0x2b, 0x69, 0x31, 0x5b, 0x4f, 0x48, 0x0b, 0x33, 0x08, 0xfa, 0x56,
+	0x18, 0x4f, 0x9c, 0x68, 0x93, 0x24, 0x11, 0xd9, 0xf1, 0x98, 0x5f, 0x97, 0xed, 0x67, 0x6b, 0x73,
+	0x27, 0xa9, 0xd5, 0xb5, 0xc6, 0x40, 0x58, 0x82, 0x70, 0x16, 0xd7, 0xfe, 0x1f, 0x25, 0x78, 0x34,
+	0xfd, 0x09, 0xb4, 0x62, 0xfc, 0xb6, 0x94, 0x62, 0x7c, 0x9f, 0xa9, 0x18, 0xef, 0xee, 0x4d, 0x3d,
+	0xd6, 0xe3, 0xb1, 0xaf, 0x19, 0xbd, 0x89, 0x2e, 0x65, 0x3e, 0xc2, 0x4c, 0x97, 0x97, 0xf5, 0x89,
+	0x1e, 0xef, 0x98, 0xf9, 0x4a, 0x4f, 0xc3, 0x60, 0x44, 0x9c, 0x38, 0x0c, 0xc4, 0x77, 0x52, 0x5f,
+	0x13, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xef, 0xd4, 0xb2, 0x83, 0x7d, 0x89, 0xfb, 0xaa, 0xc3, 0x08,
+	0x79, 0x30, 0xc0, 0x76, 0x6d, 0x5c, 0xb2, 0x5c, 0x3d, 0xda, 0x2a, 0xa4, 0x5a, 0x44, 0x91, 0x9e,
+	0xab, 0xd2, 0xaf, 0x46, 0x9b, 0x30, 0x63, 0x81, 0x76, 0xa1, 0xea, 0xca, 0xcd, 0x54, 0xa9, 0x08,
+	0xb7, 0xa3, 0xd8, 0x4a, 0x69, 0x8e, 0x23, 0x54, 0xdc, 0xab, 0x1d, 0x98, 0xe2, 0x86, 0x08, 0x94,
+	0x37, 0xbd, 0x44, 0x7c, 0xd6, 0x23, 0x6e, 0x97, 0x2f, 0x79, 0xc6, 0x2b, 0x0e, 0x51, 0x1d, 0x74,
+	0xc9, 0x4b, 0x30, 0xa5, 0x8f, 0x3e, 0x6d, 0xc1, 0x70, 0xec, 0x36, 0x57, 0xa3, 0x70, 0xc7, 0x6b,
+	0x90, 0x48, 0xd8, 0x98, 0x47, 0x94, 0x6c, 0xf5, 0xf9, 0x65, 0x49, 0x50, 0xf3, 0xe5, 0xee, 0x0b,
+	0x0d, 0xc1, 0x26, 0x5f, 0xba, 0xf7, 0x7a, 0x54, 0xbc, 0xfb, 0x02, 0x71, 0xd9, 0x8a, 0x93, 0x7b,
+	0x66, 0x36, 0x53, 0x8e, 0x6c, 0x73, 0x2f, 0xb4, 0xdd, 0x6d, 0xba, 0xde, 0x74, 0x87, 0x1e, 0xbb,
+	0xb3, 0x37, 0xf5, 0xe8, 0x7c, 0x3e, 0x4f, 0xdc, 0xab, 0x33, 0x6c, 0xc0, 0x5a, 0x6d, 0xdf, 0xc7,
+	0xe4, 0xf5, 0x36, 0x61, 0x1e, 0xb1, 0x02, 0x06, 0x6c, 0x55, 0x13, 0xcc, 0x0c, 0x98, 0x01, 0xc1,
+	0x26, 0x5f, 0xf4, 0x3a, 0x0c, 0x36, 0x9d, 0x24, 0xf2, 0x76, 0x85, 0x1b, 0xec, 0x88, 0xbb, 0xa0,
+	0x65, 0x46, 0x4b, 0x33, 0x67, 0x8a, 0x9e, 0x37, 0x62, 0xc1, 0x08, 0x35, 0xa1, 0xd2, 0x24, 0xd1,
+	0x26, 0x99, 0xac, 0x16, 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x1a, 0x35, 0xae, 0x58, 0x1b,
+	0xe6, 0x5c, 0xd0, 0xab, 0x50, 0x8d, 0x89, 0x4f, 0x5c, 0x6a, 0x1e, 0xd5, 0x18, 0xc7, 0xe7, 0xfa,
+	0x34, 0x15, 0xa9, 0x5d, 0x52, 0x17, 0x8f, 0xf2, 0x05, 0x26, 0xff, 0x61, 0x45, 0x92, 0x0e, 0x60,
+	0xcb, 0x6f, 0x6f, 0x7a, 0xc1, 0x24, 0x14, 0x31, 0x80, 0xab, 0x8c, 0x56, 0x66, 0x00, 0x79, 0x23,
+	0x16, 0x8c, 0xec, 0xff, 0x6e, 0x01, 0x4a, 0x0b, 0xb5, 0xfb, 0x60, 0x13, 0xbf, 0x9e, 0xb6, 0x89,
+	0x97, 0x8a, 0x34, 0x5a, 0x7a, 0x98, 0xc5, 0x3f, 0x5f, 0x83, 0x8c, 0x3a, 0xb8, 0x46, 0xe2, 0x84,
+	0x34, 0xde, 0x11, 0xe1, 0xef, 0x88, 0xf0, 0x77, 0x44, 0xb8, 0x12, 0xe1, 0xeb, 0x19, 0x11, 0xfe,
+	0x41, 0x63, 0xd5, 0xeb, 0xd8, 0x83, 0xd7, 0x54, 0x70, 0x82, 0xd9, 0x03, 0x03, 0x81, 0x4a, 0x82,
+	0x2b, 0xf5, 0x95, 0x6b, 0xb9, 0x32, 0xfb, 0xb5, 0xb4, 0xcc, 0x3e, 0x2a, 0x8b, 0xbf, 0x0e, 0x52,
+	0xfa, 0xd7, 0x2d, 0x78, 0x4f, 0x5a, 0x7a, 0xc9, 0x99, 0xb3, 0xb8, 0x19, 0x84, 0x11, 0x59, 0xf0,
+	0x36, 0x36, 0x48, 0x44, 0x02, 0x97, 0xc4, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0, 0xe7, 0x61,
+	0xe4, 0x56, 0x1c, 0x06, 0xab, 0xa1, 0x17, 0x08, 0x11, 0x44, 0x77, 0x1c, 0x27, 0xee, 0xec, 0x4d,
+	0x8d, 0xd0, 0x11, 0x95, 0xed, 0x38, 0x85, 0x85, 0xe6, 0x61, 0xe2, 0xd6, 0xeb, 0xab, 0x4e, 0x62,
+	0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x79, 0x39, 0x03, 0xc4, 0xdd, 0xf8, 0xf6, 0xdf,
+	0x2b, 0xc1, 0x99, 0xcc, 0x8b, 0x84, 0xbe, 0x1f, 0xb6, 0x13, 0xba, 0x27, 0x42, 0x3f, 0x6e, 0xc1,
+	0x89, 0x66, 0xda, 0x61, 0x11, 0x0b, 0x77, 0xf7, 0x77, 0x14, 0xa6, 0x23, 0x32, 0x1e, 0x91, 0xb9,
+	0x49, 0x31, 0x42, 0x27, 0x32, 0x80, 0x18, 0x77, 0xf5, 0x05, 0xbd, 0x0a, 0xb5, 0xa6, 0xb3, 0x7b,
+	0xbd, 0xd5, 0x70, 0x12, 0xb9, 0x1d, 0xed, 0xed, 0x45, 0x68, 0x27, 0x9e, 0x3f, 0xcd, 0xa3, 0x5a,
+	0xa6, 0x17, 0x83, 0x64, 0x25, 0xaa, 0x27, 0x91, 0x17, 0x6c, 0x72, 0x27, 0xe7, 0xb2, 0x24, 0x83,
+	0x35, 0x45, 0xfb, 0xc7, 0xac, 0xac, 0x92, 0x52, 0xa3, 0x13, 0x39, 0x09, 0xd9, 0xec, 0xa0, 0x37,
+	0xa1, 0x42, 0xf7, 0x8d, 0x72, 0x54, 0x6e, 0x16, 0xa9, 0x39, 0x8d, 0x2f, 0xa1, 0x95, 0x28, 0xfd,
+	0x17, 0x63, 0xce, 0xd4, 0xfe, 0xf1, 0x5a, 0xd6, 0x58, 0x60, 0x67, 0xf3, 0xe7, 0x01, 0x36, 0xc3,
+	0x35, 0xd2, 0x6c, 0xf9, 0x74, 0x58, 0x2c, 0x76, 0xc0, 0xa3, 0x5c, 0x25, 0x97, 0x14, 0x04, 0x1b,
+	0x58, 0xe8, 0x07, 0x2c, 0x80, 0x4d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, 0xc8, 0xd7, 0xd1, 0x2b,
+	0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0xbd, 0x16, 0x54, 0x13, 0xd9, 0x7d, 0xae, 0x1a,
+	0xd7, 0x8a, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, 0xd1, 0xf7, 0x59, 0x00,
+	0x71, 0x27, 0x70, 0x57, 0x43, 0xdf, 0x73, 0x3b, 0x42, 0x63, 0xde, 0x28, 0xd4, 0x9d, 0xa3, 0xa8,
+	0xcf, 0x8d, 0xd1, 0xd1, 0xd0, 0xff, 0xb1, 0xc1, 0x19, 0x7d, 0x0c, 0xaa, 0xb1, 0x98, 0x6e, 0x42,
+	0x47, 0xae, 0x15, 0xeb, 0x54, 0xe2, 0xb4, 0x85, 0x78, 0x15, 0xff, 0xb0, 0xe2, 0x89, 0x7e, 0xc4,
+	0x82, 0xf1, 0x56, 0xda, 0x4d, 0x28, 0xd4, 0x61, 0x71, 0x32, 0x20, 0xe3, 0x86, 0xe4, 0xde, 0x96,
+	0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, 0x83, 0x57, 0x5a, 0xdc, 0x65, 0x39, 0xa4, 0x25,
+	0xe0, 0xa5, 0x2c, 0x10, 0x77, 0xe3, 0xa3, 0x55, 0x38, 0x45, 0x7b, 0xd7, 0xe1, 0xe6, 0xa7, 0x54,
+	0x2f, 0x31, 0x53, 0x86, 0xd5, 0xb9, 0xc7, 0xc5, 0x0c, 0x61, 0x67, 0x1d, 0x59, 0x1c, 0x9c, 0xfb,
+	0x24, 0xfa, 0x2d, 0x0b, 0x1e, 0xf7, 0x98, 0x1a, 0x30, 0x1d, 0xf6, 0x5a, 0x23, 0x88, 0x83, 0x76,
+	0x52, 0xa8, 0xac, 0xe8, 0xa5, 0x7e, 0xe6, 0xde, 0x2d, 0xde, 0xe0, 0xf1, 0xc5, 0x7d, 0xba, 0x84,
+	0xf7, 0xed, 0x30, 0xfa, 0x26, 0x18, 0x95, 0xeb, 0x62, 0x95, 0x8a, 0x60, 0xa6, 0x68, 0x6b, 0x73,
+	0x13, 0x77, 0xf6, 0xa6, 0x46, 0xd7, 0x4c, 0x00, 0x4e, 0xe3, 0xd9, 0xff, 0xba, 0x9c, 0x3a, 0x25,
+	0x52, 0x3e, 0x4c, 0x26, 0x6e, 0x5c, 0xe9, 0xff, 0x91, 0xd2, 0xb3, 0x50, 0x71, 0xa3, 0xbc, 0x4b,
+	0x5a, 0xdc, 0xa8, 0xa6, 0x18, 0x1b, 0xcc, 0xa9, 0x51, 0x3a, 0xe1, 0x64, 0x3d, 0xa5, 0x42, 0x02,
+	0xbe, 0x5a, 0x64, 0x97, 0xba, 0xcf, 0xf4, 0xce, 0x88, 0xae, 0x4d, 0x74, 0x81, 0x70, 0x77, 0x97,
+	0xd0, 0x77, 0x43, 0x2d, 0x52, 0x91, 0x2d, 0xe5, 0x22, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8,
+	0x03, 0x20, 0x1d, 0xc3, 0xa2, 0x39, 0xda, 0x9f, 0x29, 0xa5, 0x0e, 0xc6, 0x0c, 0xd9, 0xd1, 0xc7,
+	0xa1, 0xdf, 0x17, 0x2c, 0x18, 0x8e, 0x42, 0xdf, 0xf7, 0x82, 0x4d, 0x2a, 0xe7, 0x84, 0xb2, 0xfe,
+	0xf0, 0xb1, 0xe8, 0x4b, 0x21, 0xd0, 0x98, 0x65, 0x8d, 0x35, 0x4f, 0x6c, 0x76, 0x00, 0xbd, 0x04,
+	0xa3, 0x0d, 0xe2, 0x13, 0xfa, 0xec, 0x4a, 0x44, 0xf7, 0x44, 0xdc, 0xc9, 0xac, 0x22, 0x45, 0x16,
+	0x4c, 0x20, 0x4e, 0xe3, 0xda, 0x7f, 0x6c, 0xc1, 0x64, 0x2f, 0x61, 0x8e, 0x08, 0x3c, 0x26, 0x25,
+	0x95, 0x1a, 0xc7, 0x95, 0x40, 0xd2, 0x13, 0xfa, 0xf8, 0x29, 0xc1, 0xe7, 0xb1, 0xd5, 0xde, 0xa8,
+	0x78, 0x3f, 0x3a, 0xe8, 0x15, 0x38, 0x61, 0x0c, 0x4a, 0xac, 0x46, 0xb5, 0x36, 0x37, 0x4d, 0xad,
+	0xa7, 0xd9, 0x0c, 0xec, 0xee, 0xde, 0xd4, 0x23, 0xd9, 0x36, 0xa1, 0x6d, 0xba, 0xe8, 0xd8, 0x3f,
+	0xd5, 0xf5, 0xa9, 0x95, 0xa1, 0xf0, 0xb6, 0xd5, 0xe5, 0x8a, 0xf8, 0x8e, 0xe3, 0x50, 0xce, 0xcc,
+	0x69, 0xa1, 0x62, 0x38, 0x7a, 0xe3, 0x3c, 0xc0, 0x33, 0x7f, 0xfb, 0xdf, 0x0e, 0xc0, 0x3e, 0x3d,
+	0xeb, 0xc3, 0xf2, 0x3f, 0xf4, 0x21, 0xec, 0xe7, 0x2c, 0x75, 0xda, 0xc6, 0x05, 0x40, 0xe3, 0xb8,
+	0xc6, 0x9e, 0x6f, 0xbe, 0x62, 0x1e, 0x77, 0xa2, 0x5c, 0xf0, 0xe9, 0x73, 0x3d, 0xf4, 0x25, 0x2b,
+	0x7d, 0x5e, 0xc8, 0x23, 0x22, 0xbd, 0x63, 0xeb, 0x93, 0x71, 0x08, 0xc9, 0x3b, 0xa6, 0x8f, 0xae,
+	0x7a, 0x1d, 0x4f, 0x4e, 0x03, 0x6c, 0x78, 0x81, 0xe3, 0x7b, 0x6f, 0xd0, 0xad, 0x55, 0x85, 0x59,
+	0x07, 0xcc, 0xdc, 0xba, 0xa8, 0x5a, 0xb1, 0x81, 0x71, 0xf6, 0x6f, 0xc2, 0xb0, 0xf1, 0xe6, 0x39,
+	0xe1, 0x32, 0xa7, 0xcc, 0x70, 0x99, 0x9a, 0x11, 0xe5, 0x72, 0xf6, 0x83, 0x70, 0x22, 0xdb, 0xc1,
+	0xc3, 0x3c, 0x6f, 0xff, 0x9f, 0xa1, 0xec, 0x01, 0xde, 0x1a, 0x89, 0x9a, 0xb4, 0x6b, 0xef, 0x78,
+	0xc5, 0xde, 0xf1, 0x8a, 0xbd, 0xe3, 0x15, 0x33, 0x0f, 0x36, 0x84, 0xc7, 0x67, 0xe8, 0x3e, 0x79,
+	0x7c, 0x52, 0x3e, 0xac, 0x6a, 0xe1, 0x3e, 0x2c, 0xfb, 0xd3, 0x5d, 0x6e, 0xff, 0xb5, 0x88, 0x10,
+	0x14, 0x42, 0x25, 0x08, 0x1b, 0x44, 0x1a, 0xc8, 0x57, 0x8a, 0xb1, 0xf6, 0xae, 0x85, 0x0d, 0x23,
+	0xd6, 0x9c, 0xfe, 0x8b, 0x31, 0xe7, 0x63, 0x7f, 0x6a, 0x10, 0x52, 0xb6, 0x28, 0xff, 0xee, 0xdf,
+	0x00, 0x43, 0x11, 0x69, 0x85, 0xd7, 0xf1, 0x92, 0xd0, 0x65, 0x3a, 0x55, 0x87, 0x37, 0x63, 0x09,
+	0xa7, 0x3a, 0xaf, 0xe5, 0x24, 0x5b, 0x42, 0x99, 0x29, 0x9d, 0xb7, 0xea, 0x24, 0x5b, 0x98, 0x41,
+	0xd0, 0x07, 0x61, 0x2c, 0x49, 0x9d, 0xa3, 0x8b, 0xf3, 0xe2, 0x47, 0x04, 0xee, 0x58, 0xfa, 0x94,
+	0x1d, 0x67, 0xb0, 0xd1, 0xeb, 0x30, 0xb0, 0x45, 0xfc, 0xa6, 0xf8, 0xf4, 0xf5, 0xe2, 0x74, 0x0d,
+	0x7b, 0xd7, 0xcb, 0xc4, 0x6f, 0x72, 0x49, 0x48, 0x7f, 0x61, 0xc6, 0x8a, 0xce, 0xfb, 0xda, 0x76,
+	0x3b, 0x4e, 0xc2, 0xa6, 0xf7, 0x86, 0x74, 0x93, 0x7e, 0x47, 0xc1, 0x8c, 0xaf, 0x4a, 0xfa, 0xdc,
+	0x1f, 0xa5, 0xfe, 0x62, 0xcd, 0x99, 0xf5, 0xa3, 0xe1, 0x45, 0x6c, 0xca, 0x74, 0x84, 0xb7, 0xb3,
+	0xe8, 0x7e, 0x2c, 0x48, 0xfa, 0xbc, 0x1f, 0xea, 0x2f, 0xd6, 0x9c, 0x51, 0x47, 0xad, 0xbf, 0x61,
+	0xd6, 0x87, 0xeb, 0x05, 0xf7, 0x81, 0xaf, 0xbd, 0xdc, 0x75, 0xf8, 0x14, 0x54, 0xdc, 0x2d, 0x27,
+	0x4a, 0x26, 0x47, 0xd8, 0xa4, 0x51, 0xb3, 0x78, 0x9e, 0x36, 0x62, 0x0e, 0x43, 0x4f, 0x40, 0x39,
+	0x22, 0x1b, 0x2c, 0xb4, 0xd9, 0x08, 0xaa, 0xc2, 0x64, 0x03, 0xd3, 0x76, 0x65, 0x97, 0x8d, 0xf5,
+	0x8c, 0xb6, 0xfb, 0x89, 0x52, 0xda, 0xb0, 0x4b, 0x8f, 0x0c, 0x5f, 0x0f, 0x6e, 0x3b, 0x8a, 0xa5,
+	0x77, 0xcd, 0x58, 0x0f, 0xac, 0x19, 0x4b, 0x38, 0xfa, 0x84, 0x05, 0x43, 0xb7, 0xe2, 0x30, 0x08,
+	0x48, 0x22, 0x94, 0xe8, 0x8d, 0x82, 0x07, 0xeb, 0x0a, 0xa7, 0xae, 0xfb, 0x20, 0x1a, 0xb0, 0xe4,
+	0x4b, 0xbb, 0x4b, 0x76, 0x5d, 0xbf, 0xdd, 0xe8, 0x8a, 0xa4, 0xb9, 0xc0, 0x9b, 0xb1, 0x84, 0x53,
+	0x54, 0x2f, 0xe0, 0xa8, 0x03, 0x69, 0xd4, 0xc5, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xb3, 0x55, 0x38,
+	0x9d, 0xbb, 0x7c, 0xa8, 0xc9, 0xc5, 0x8c, 0x9a, 0x8b, 0x9e, 0x4f, 0x64, 0x0c, 0x19, 0x33, 0xb9,
+	0x6e, 0xa8, 0x56, 0x6c, 0x60, 0xa0, 0xef, 0x01, 0x68, 0x39, 0x91, 0xd3, 0x24, 0xca, 0xfb, 0x7d,
+	0x64, 0xcb, 0x86, 0xf6, 0x63, 0x55, 0xd2, 0xd4, 0x1e, 0x00, 0xd5, 0x14, 0x63, 0x83, 0x25, 0x7a,
+	0x01, 0x86, 0x23, 0xe2, 0x13, 0x27, 0x66, 0xb1, 0xf3, 0xd9, 0x44, 0x20, 0xac, 0x41, 0xd8, 0xc4,
+	0x43, 0x4f, 0xab, 0x70, 0xbb, 0x4c, 0xd8, 0x51, 0x3a, 0xe4, 0x0e, 0x7d, 0xd1, 0x82, 0xb1, 0x0d,
+	0xcf, 0x27, 0x9a, 0xbb, 0x48, 0xdb, 0x59, 0x39, 0xfa, 0x4b, 0x5e, 0x34, 0xe9, 0x6a, 0x19, 0x9a,
+	0x6a, 0x8e, 0x71, 0x86, 0x3d, 0xfd, 0xcc, 0x3b, 0x24, 0x62, 0xc2, 0x77, 0x30, 0xfd, 0x99, 0x6f,
+	0xf0, 0x66, 0x2c, 0xe1, 0x68, 0x16, 0xc6, 0x5b, 0x4e, 0x1c, 0xcf, 0x47, 0xa4, 0x41, 0x82, 0xc4,
+	0x73, 0x7c, 0x9e, 0x54, 0x53, 0xd5, 0xb1, 0xe8, 0xab, 0x69, 0x30, 0xce, 0xe2, 0xa3, 0x0f, 0xc1,
+	0xa3, 0xdc, 0xbd, 0xb4, 0xec, 0xc5, 0xb1, 0x17, 0x6c, 0xea, 0x69, 0x20, 0xbc, 0x6c, 0x53, 0x82,
+	0xd4, 0xa3, 0x8b, 0xf9, 0x68, 0xb8, 0xd7, 0xf3, 0xe8, 0x19, 0xa8, 0xc6, 0xdb, 0x5e, 0x6b, 0x3e,
+	0x6a, 0xc4, 0xec, 0x68, 0xa9, 0xaa, 0x7d, 0xba, 0x75, 0xd1, 0x8e, 0x15, 0x06, 0x72, 0x61, 0x84,
+	0x7f, 0x12, 0x1e, 0x2f, 0x28, 0x24, 0xe8, 0xfb, 0x7b, 0x2a, 0x72, 0x91, 0x3f, 0x3b, 0x8d, 0x9d,
+	0xdb, 0x17, 0xe4, 0x41, 0x17, 0x3f, 0x97, 0xb9, 0x61, 0x90, 0xc1, 0x29, 0xa2, 0xe9, 0x3d, 0xdd,
+	0x70, 0x1f, 0x7b, 0xba, 0x17, 0x60, 0x78, 0xbb, 0xbd, 0x4e, 0xc4, 0xc8, 0x0b, 0xc1, 0xa6, 0x66,
+	0xdf, 0x55, 0x0d, 0xc2, 0x26, 0x1e, 0x0b, 0xd5, 0x6c, 0x79, 0xe2, 0x5f, 0x3c, 0x39, 0x6a, 0x84,
+	0x6a, 0xae, 0x2e, 0xca, 0x66, 0x6c, 0xe2, 0xd0, 0xae, 0xd1, 0xb1, 0x58, 0x23, 0x31, 0xcb, 0xc4,
+	0xa0, 0xc3, 0xa5, 0xba, 0x56, 0x97, 0x00, 0xac, 0x71, 0xd0, 0x2a, 0x9c, 0xa2, 0x7f, 0xea, 0x2c,
+	0x7f, 0xf8, 0x86, 0xe3, 0x7b, 0x0d, 0x1e, 0x37, 0x38, 0x9e, 0x76, 0x8e, 0xd6, 0x73, 0x70, 0x70,
+	0xee, 0x93, 0xf6, 0x8f, 0x96, 0xd2, 0x9e, 0x13, 0x53, 0x84, 0xa1, 0x98, 0x0a, 0xaa, 0xe4, 0x86,
+	0x13, 0x49, 0x83, 0xe7, 0x88, 0x99, 0x51, 0x82, 0xee, 0x0d, 0x27, 0x32, 0x45, 0x1e, 0x63, 0x80,
+	0x25, 0x27, 0x74, 0x0b, 0x06, 0x12, 0xdf, 0x29, 0x28, 0x95, 0xd2, 0xe0, 0xa8, 0xbd, 0x60, 0x4b,
+	0xb3, 0x31, 0x66, 0x3c, 0xd0, 0xe3, 0x74, 0xf7, 0xb6, 0x2e, 0x8f, 0xe9, 0xc4, 0x86, 0x6b, 0x3d,
+	0xc6, 0xac, 0xd5, 0xfe, 0xdb, 0xa3, 0x39, 0x5a, 0x47, 0x19, 0x02, 0xe8, 0x3c, 0x00, 0x9d, 0x34,
+	0xab, 0x11, 0xd9, 0xf0, 0x76, 0x85, 0x21, 0xa6, 0x24, 0xdb, 0x35, 0x05, 0xc1, 0x06, 0x96, 0x7c,
+	0xa6, 0xde, 0xde, 0xa0, 0xcf, 0x94, 0xba, 0x9f, 0xe1, 0x10, 0x6c, 0x60, 0xa1, 0xe7, 0x61, 0xd0,
+	0x6b, 0x3a, 0x9b, 0x2a, 0x8a, 0xf8, 0x71, 0x2a, 0xd2, 0x16, 0x59, 0xcb, 0xdd, 0xbd, 0xa9, 0x31,
+	0xd5, 0x21, 0xd6, 0x84, 0x05, 0x2e, 0xfa, 0x29, 0x0b, 0x46, 0xdc, 0xb0, 0xd9, 0x0c, 0x03, 0xbe,
+	0x7d, 0x16, 0xbe, 0x80, 0x5b, 0xc7, 0x65, 0x26, 0x4d, 0xcf, 0x1b, 0xcc, 0xb8, 0x33, 0x40, 0xe5,
+	0x7c, 0x9a, 0x20, 0x9c, 0xea, 0x95, 0x29, 0xf9, 0x2a, 0x07, 0x48, 0xbe, 0x9f, 0xb3, 0x60, 0x82,
+	0x3f, 0x6b, 0xec, 0xea, 0x45, 0x7a, 0x63, 0x78, 0xcc, 0xaf, 0xd5, 0xe5, 0xe8, 0x50, 0x9e, 0xe2,
+	0x2e, 0x38, 0xee, 0xee, 0x24, 0xba, 0x04, 0x13, 0x1b, 0x61, 0xe4, 0x12, 0x73, 0x20, 0x84, 0xd8,
+	0x56, 0x84, 0x2e, 0x66, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x06, 0x3c, 0x62, 0x34, 0x9a, 0xe3, 0xc0,
+	0x25, 0xf7, 0x93, 0x82, 0xda, 0x23, 0x17, 0x73, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x42, 0xb2, 0xd6,
+	0x87, 0x90, 0x7c, 0x0d, 0xce, 0xb8, 0xdd, 0x23, 0xb3, 0x13, 0xb7, 0xd7, 0x63, 0x2e, 0xc7, 0xab,
+	0x73, 0x5f, 0x27, 0x08, 0x9c, 0x99, 0xef, 0x85, 0x88, 0x7b, 0xd3, 0x40, 0x6f, 0x42, 0x35, 0x22,
+	0xec, 0xab, 0xc4, 0x22, 0xd7, 0xef, 0x88, 0xde, 0x0e, 0x6d, 0xc1, 0x73, 0xb2, 0x5a, 0x33, 0x89,
+	0x86, 0x18, 0x2b, 0x8e, 0xe8, 0x36, 0x0c, 0xb5, 0x9c, 0xc4, 0xdd, 0x12, 0x19, 0x7e, 0x47, 0x76,
+	0xec, 0x2b, 0xe6, 0xec, 0x1c, 0xc6, 0xa8, 0x97, 0xc0, 0x99, 0x60, 0xc9, 0x8d, 0xda, 0x6a, 0x6e,
+	0xd8, 0x6c, 0x85, 0x01, 0x09, 0x12, 0xa9, 0x44, 0xc6, 0xf8, 0x61, 0x89, 0x6c, 0xc5, 0x06, 0x46,
+	0x97, 0x2e, 0xd7, 0x68, 0x93, 0x13, 0xfb, 0xe8, 0x72, 0x83, 0x5a, 0xaf, 0xe7, 0xa9, 0xb2, 0x61,
+	0x6e, 0xc5, 0x9b, 0x5e, 0xb2, 0x15, 0xb6, 0x13, 0xb9, 0x4b, 0x16, 0x8a, 0x4a, 0x29, 0x9b, 0xa5,
+	0x1c, 0x1c, 0x9c, 0xfb, 0x64, 0x56, 0xb3, 0x8e, 0xdf, 0x9b, 0x66, 0x3d, 0xd1, 0x87, 0x66, 0xad,
+	0xc3, 0x69, 0xd6, 0x03, 0x61, 0x25, 0x4b, 0xa7, 0x65, 0x3c, 0x89, 0x58, 0xe7, 0x55, 0x72, 0xcc,
+	0x52, 0x1e, 0x12, 0xce, 0x7f, 0xf6, 0xec, 0xb7, 0xc1, 0x44, 0x97, 0x90, 0x3b, 0x94, 0x43, 0x72,
+	0x01, 0x1e, 0xc9, 0x17, 0x27, 0x87, 0x72, 0x4b, 0xfe, 0x6c, 0x26, 0xa8, 0xdd, 0xd8, 0xa2, 0xf5,
+	0xe1, 0xe2, 0x76, 0xa0, 0x4c, 0x82, 0x1d, 0xa1, 0x5d, 0x2f, 0x1e, 0x6d, 0x56, 0x5f, 0x08, 0x76,
+	0xb8, 0x34, 0x64, 0x7e, 0xbc, 0x0b, 0xc1, 0x0e, 0xa6, 0xb4, 0xd1, 0x0f, 0x59, 0xa9, 0x0d, 0x04,
+	0x77, 0x8c, 0x7f, 0xe4, 0x58, 0xf6, 0xa4, 0x7d, 0xef, 0x29, 0xec, 0x7f, 0x57, 0x82, 0x73, 0x07,
+	0x11, 0xe9, 0x63, 0xf8, 0x9e, 0x82, 0xc1, 0x98, 0x85, 0xa9, 0x08, 0x75, 0x35, 0x4c, 0x57, 0x31,
+	0x0f, 0x5c, 0x79, 0x0d, 0x0b, 0x10, 0xf2, 0xa1, 0xdc, 0x74, 0x5a, 0xc2, 0x5f, 0xba, 0x78, 0xd4,
+	0xe4, 0x3f, 0xfa, 0xdf, 0xf1, 0x97, 0x9d, 0x16, 0x9f, 0xf3, 0x46, 0x03, 0xa6, 0x6c, 0x50, 0x02,
+	0x15, 0x27, 0x8a, 0x1c, 0x19, 0x13, 0x71, 0xb5, 0x18, 0x7e, 0xb3, 0x94, 0x24, 0x3f, 0x52, 0x4e,
+	0x35, 0x61, 0xce, 0xcc, 0xfe, 0x91, 0x6a, 0x2a, 0x53, 0x8c, 0x05, 0xba, 0xc4, 0x30, 0x28, 0xdc,
+	0xa4, 0x56, 0xd1, 0x39, 0x97, 0x3c, 0x15, 0x9b, 0x79, 0x20, 0x44, 0x41, 0x0b, 0xc1, 0x0a, 0x7d,
+	0xd6, 0x62, 0x65, 0x23, 0x64, 0xfa, 0x9d, 0xd8, 0xd5, 0x1f, 0x4f, 0x15, 0x0b, 0xb3, 0x18, 0x85,
+	0x6c, 0xc4, 0x26, 0x77, 0x51, 0x1a, 0x87, 0xed, 0x66, 0xba, 0x4b, 0xe3, 0xb0, 0xdd, 0x89, 0x84,
+	0xa3, 0xdd, 0x9c, 0x80, 0x96, 0x02, 0x4a, 0x0f, 0xf4, 0x11, 0xc2, 0xf2, 0x25, 0x0b, 0x26, 0xbc,
+	0x6c, 0x64, 0x82, 0xd8, 0x03, 0xdf, 0x2c, 0xc6, 0xa7, 0xd9, 0x1d, 0xf8, 0xa0, 0x0c, 0x9d, 0x2e,
+	0x10, 0xee, 0xee, 0x0c, 0x6a, 0xc0, 0x80, 0x17, 0x6c, 0x84, 0xc2, 0xbc, 0x9b, 0x3b, 0x5a, 0xa7,
+	0x16, 0x83, 0x8d, 0x50, 0xaf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x09, 0x4e, 0xc9, 0x64, 0xa1,
+	0xcb, 0x5e, 0x9c, 0x84, 0x51, 0x67, 0xc9, 0x6b, 0x7a, 0x09, 0x33, 0xcd, 0xca, 0x73, 0x93, 0x54,
+	0xbd, 0xe1, 0x1c, 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x01, 0x43, 0x32, 0x1a, 0xa0, 0x5a, 0x84, 0x3f,
+	0xa1, 0x7b, 0xfe, 0xab, 0xc9, 0x54, 0x17, 0xe1, 0x00, 0x92, 0x21, 0xfa, 0x8c, 0x05, 0x63, 0xfc,
+	0xf7, 0xe5, 0x4e, 0x83, 0xe7, 0x27, 0xd6, 0x8a, 0x08, 0xf9, 0xaf, 0xa7, 0x68, 0xce, 0xa1, 0x3b,
+	0x7b, 0x53, 0x63, 0xe9, 0x36, 0x9c, 0xe1, 0x6b, 0xff, 0x93, 0x11, 0xe8, 0x8e, 0x9f, 0x48, 0x07,
+	0x4b, 0x58, 0xf7, 0x3b, 0x58, 0x82, 0xee, 0x2a, 0x63, 0x1d, 0xe7, 0x50, 0xc0, 0x32, 0x13, 0x5c,
+	0xf5, 0x31, 0x74, 0x27, 0x70, 0x31, 0xe3, 0x81, 0xda, 0x30, 0xc8, 0x2b, 0x53, 0x09, 0x0d, 0x70,
+	0xf4, 0x93, 0x6f, 0xb3, 0xc2, 0x95, 0x76, 0x6b, 0xf1, 0x56, 0x2c, 0x98, 0xa1, 0x5d, 0x18, 0xda,
+	0xe2, 0xd3, 0x51, 0xec, 0xf5, 0x96, 0x8f, 0x3a, 0xbe, 0xa9, 0x39, 0xae, 0x27, 0x9f, 0x68, 0xc0,
+	0x92, 0x1d, 0x8b, 0xcd, 0x33, 0xa2, 0x87, 0xb8, 0x20, 0x29, 0x2e, 0xd5, 0xb2, 0xff, 0xd0, 0xa1,
+	0x8f, 0xc2, 0x48, 0x44, 0xdc, 0x30, 0x70, 0x3d, 0x9f, 0x34, 0x66, 0xe5, 0x81, 0xd8, 0x61, 0x32,
+	0xec, 0x98, 0x37, 0x09, 0x1b, 0x34, 0x70, 0x8a, 0x22, 0x5b, 0x67, 0x2a, 0xeb, 0x9e, 0x7e, 0x10,
+	0x22, 0x0e, 0x3e, 0x96, 0x0a, 0xca, 0xf1, 0x67, 0x34, 0xf9, 0x3a, 0x4b, 0xb7, 0xe1, 0x0c, 0x5f,
+	0xf4, 0x0a, 0x40, 0xb8, 0xce, 0x03, 0xf0, 0x66, 0x13, 0x71, 0x0a, 0x72, 0x98, 0x57, 0x1d, 0xe3,
+	0x99, 0xba, 0x92, 0x02, 0x36, 0xa8, 0xa1, 0xab, 0x00, 0x7c, 0xe5, 0xac, 0x75, 0x5a, 0x72, 0x43,
+	0x28, 0x53, 0x24, 0xa1, 0xae, 0x20, 0x77, 0xf7, 0xa6, 0xba, 0x7d, 0xce, 0x2c, 0xca, 0xc8, 0x78,
+	0x1c, 0x7d, 0x17, 0x0c, 0xc5, 0xed, 0x66, 0xd3, 0x51, 0x67, 0x24, 0x05, 0xe6, 0xfe, 0x72, 0xba,
+	0x86, 0x60, 0xe4, 0x0d, 0x58, 0x72, 0x44, 0xb7, 0xa8, 0x88, 0x17, 0x12, 0x8a, 0xaf, 0x22, 0x6e,
+	0xa1, 0x70, 0x4f, 0xe0, 0x07, 0xe4, 0x2e, 0x06, 0xe7, 0xe0, 0xdc, 0xdd, 0x9b, 0x7a, 0x24, 0xdd,
+	0xbe, 0x14, 0x8a, 0x6c, 0xdc, 0x5c, 0x9a, 0xe8, 0x8a, 0x2c, 0xc2, 0x45, 0x5f, 0x5b, 0xd6, 0x86,
+	0x79, 0xaf, 0x2e, 0xc2, 0xc5, 0x9a, 0x7b, 0x8f, 0x99, 0xf9, 0x30, 0x5a, 0x86, 0x93, 0x6e, 0x18,
+	0x24, 0x51, 0xe8, 0xfb, 0xbc, 0x40, 0x1f, 0xdf, 0x9b, 0xf3, 0x33, 0x94, 0xc7, 0x44, 0xb7, 0x4f,
+	0xce, 0x77, 0xa3, 0xe0, 0xbc, 0xe7, 0xa8, 0x4d, 0x9e, 0xd5, 0x0f, 0x63, 0x85, 0x1c, 0xaf, 0xa7,
+	0x68, 0x0a, 0x09, 0xa5, 0xdc, 0xde, 0x07, 0x68, 0x8a, 0x20, 0x7d, 0xc8, 0x2a, 0xbe, 0xd8, 0xf3,
+	0x30, 0x42, 0x76, 0x13, 0x12, 0x05, 0x8e, 0x7f, 0x1d, 0x2f, 0xc9, 0x03, 0x0b, 0xb6, 0x30, 0x2f,
+	0x18, 0xed, 0x38, 0x85, 0x85, 0x6c, 0xe5, 0x25, 0x33, 0xd2, 0xde, 0xb9, 0x97, 0x4c, 0xfa, 0xc4,
+	0xec, 0x9f, 0x29, 0xa7, 0x6c, 0xd6, 0x07, 0x72, 0xa4, 0xcb, 0xea, 0x2b, 0xc9, 0x42, 0x54, 0x0c,
+	0x20, 0xf6, 0x62, 0x45, 0x72, 0x56, 0x51, 0x73, 0x2b, 0x26, 0x23, 0x9c, 0xe6, 0x8b, 0xb6, 0xa1,
+	0xb2, 0x15, 0xc6, 0x89, 0xdc, 0xa1, 0x1d, 0x71, 0x33, 0x78, 0x39, 0x8c, 0x13, 0x66, 0x68, 0xa9,
+	0xd7, 0xa6, 0x2d, 0x31, 0xe6, 0x3c, 0xe8, 0xde, 0x3f, 0xde, 0x72, 0xa2, 0x46, 0x3c, 0xcf, 0x8a,
+	0x54, 0x0c, 0x30, 0x0b, 0x4b, 0xd9, 0xd3, 0x75, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0x27, 0x56, 0xea,
+	0x54, 0xeb, 0x26, 0xcb, 0x38, 0xd8, 0x21, 0x01, 0x15, 0x51, 0x66, 0x8c, 0xe3, 0x37, 0x65, 0xf2,
+	0xb7, 0xdf, 0xd3, 0xab, 0x96, 0xe6, 0x6d, 0x4a, 0x61, 0x9a, 0x91, 0x30, 0xc2, 0x21, 0x3f, 0x6e,
+	0xa5, 0x13, 0xf1, 0x4b, 0x45, 0x6c, 0xdd, 0xcc, 0x62, 0x14, 0x07, 0xe6, 0xf4, 0xdb, 0x3f, 0x64,
+	0xc1, 0xd0, 0x9c, 0xe3, 0x6e, 0x87, 0x1b, 0x1b, 0xe8, 0x19, 0xa8, 0x36, 0xda, 0x91, 0x59, 0x13,
+	0x40, 0x39, 0xab, 0x16, 0x44, 0x3b, 0x56, 0x18, 0x74, 0xea, 0x6f, 0x38, 0xae, 0x2c, 0x49, 0x51,
+	0xe6, 0x53, 0xff, 0x22, 0x6b, 0xc1, 0x02, 0x42, 0x87, 0xbf, 0xe9, 0xec, 0xca, 0x87, 0xb3, 0x47,
+	0x6a, 0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xd7, 0x2c, 0x98, 0x9c, 0x73, 0x62, 0xcf, 0x9d, 0x6d,
+	0x27, 0x5b, 0x73, 0x5e, 0xb2, 0xde, 0x76, 0xb7, 0x49, 0xc2, 0x4b, 0x97, 0xd0, 0x5e, 0xb6, 0x63,
+	0xba, 0x02, 0xd5, 0x8e, 0x59, 0xf5, 0xf2, 0xba, 0x68, 0xc7, 0x0a, 0x03, 0xbd, 0x01, 0xc3, 0x2d,
+	0x27, 0x8e, 0x6f, 0x87, 0x51, 0x03, 0x93, 0x8d, 0x62, 0x8a, 0x1b, 0xd5, 0x89, 0x1b, 0x91, 0x04,
+	0x93, 0x0d, 0x11, 0xa0, 0xa2, 0xe9, 0x63, 0x93, 0x99, 0xfd, 0x03, 0x16, 0x9c, 0x9a, 0x23, 0x4e,
+	0x44, 0x22, 0x56, 0x0b, 0x49, 0xbd, 0x08, 0x7a, 0x1d, 0xaa, 0x09, 0x6d, 0xa1, 0x3d, 0xb2, 0x8a,
+	0xed, 0x11, 0x0b, 0x2d, 0x59, 0x13, 0xc4, 0xb1, 0x62, 0x63, 0x7f, 0xc1, 0x82, 0x33, 0x79, 0x7d,
+	0x99, 0xf7, 0xc3, 0x76, 0xe3, 0x41, 0x74, 0xe8, 0xef, 0x5a, 0x30, 0xc2, 0x8e, 0xeb, 0x17, 0x48,
+	0xe2, 0x78, 0x7e, 0x57, 0x1d, 0x46, 0xab, 0xcf, 0x3a, 0x8c, 0xe7, 0x60, 0x60, 0x2b, 0x6c, 0x92,
+	0x6c, 0xa8, 0xc9, 0xe5, 0xb0, 0x49, 0x30, 0x83, 0xa0, 0x67, 0xe9, 0x24, 0xf4, 0x82, 0xc4, 0xa1,
+	0xcb, 0x51, 0x1e, 0x67, 0x8c, 0xf3, 0x09, 0xa8, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x72, 0x0d, 0x86,
+	0x44, 0x5c, 0x54, 0xdf, 0xa5, 0x74, 0xa4, 0x17, 0xa7, 0xd4, 0xd3, 0x8b, 0x13, 0xc3, 0xa0, 0xcb,
+	0x8a, 0xe5, 0x0a, 0x0b, 0xfd, 0x6a, 0x21, 0x81, 0x74, 0xbc, 0xfe, 0xae, 0xee, 0x16, 0xff, 0x8f,
+	0x05, 0x2b, 0xf4, 0x96, 0x05, 0xe3, 0x6e, 0x18, 0x04, 0xc4, 0xd5, 0xb6, 0xe3, 0x40, 0x11, 0x1b,
+	0x84, 0xf9, 0x34, 0x51, 0x7d, 0x12, 0x9c, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x12, 0x8c, 0xf2, 0x31,
+	0xbb, 0x91, 0x3a, 0x83, 0xd1, 0xe5, 0xf9, 0x4c, 0x20, 0x4e, 0xe3, 0xa2, 0x69, 0x7e, 0x96, 0x25,
+	0x0a, 0xe1, 0x0d, 0x6a, 0x57, 0xb5, 0x51, 0x02, 0xcf, 0xc0, 0x40, 0x11, 0xa0, 0x88, 0x6c, 0x44,
+	0x24, 0xde, 0x12, 0x71, 0x63, 0xcc, 0x6e, 0x1d, 0xba, 0xb7, 0x22, 0x18, 0xb8, 0x8b, 0x12, 0xce,
+	0xa1, 0x8e, 0xb6, 0x85, 0x1b, 0xa1, 0x5a, 0x84, 0x3c, 0x17, 0x9f, 0xb9, 0xa7, 0x37, 0x61, 0x0a,
+	0x2a, 0x4c, 0x75, 0x31, 0x7b, 0xb9, 0xcc, 0x13, 0x2f, 0x99, 0x62, 0xc3, 0xbc, 0x1d, 0x2d, 0xc0,
+	0x89, 0x4c, 0x71, 0xc1, 0x58, 0x9c, 0x95, 0xa8, 0x24, 0xbb, 0x4c, 0x59, 0xc2, 0x18, 0x77, 0x3d,
+	0x61, 0xba, 0x98, 0x86, 0x0f, 0x70, 0x31, 0x75, 0x54, 0x74, 0x32, 0x3f, 0xc5, 0x78, 0xb9, 0x90,
+	0x01, 0xe8, 0x2b, 0x14, 0xf9, 0xf3, 0x99, 0x50, 0xe4, 0x51, 0xd6, 0x81, 0x1b, 0xc5, 0x74, 0xe0,
+	0xf0, 0x71, 0xc7, 0x0f, 0x32, 0x8e, 0xf8, 0x7f, 0x5b, 0x20, 0xbf, 0xeb, 0xbc, 0xe3, 0x6e, 0x11,
+	0x3a, 0x65, 0xd0, 0x07, 0x61, 0x4c, 0x79, 0x27, 0xb8, 0x49, 0x64, 0xb1, 0x59, 0xa3, 0x6c, 0x67,
+	0x9c, 0x82, 0xe2, 0x0c, 0x36, 0x9a, 0x81, 0x1a, 0x1d, 0x27, 0xfe, 0x28, 0xd7, 0xfb, 0xca, 0x03,
+	0x32, 0xbb, 0xba, 0x28, 0x9e, 0xd2, 0x38, 0x28, 0x84, 0x09, 0xdf, 0x89, 0x13, 0xd6, 0x83, 0x7a,
+	0x27, 0x70, 0xef, 0xb1, 0x04, 0x0d, 0xcb, 0xe4, 0x5a, 0xca, 0x12, 0xc2, 0xdd, 0xb4, 0xed, 0xff,
+	0x50, 0x81, 0xd1, 0x94, 0x64, 0x3c, 0xa4, 0xc1, 0xf0, 0x0c, 0x54, 0xa5, 0x0e, 0xcf, 0xd6, 0xda,
+	0x52, 0x8a, 0x5e, 0x61, 0x50, 0xa5, 0xb5, 0xae, 0xb5, 0x6a, 0xd6, 0xc0, 0x31, 0x14, 0x2e, 0x36,
+	0xf1, 0x98, 0x50, 0x4e, 0xfc, 0x78, 0xde, 0xf7, 0x48, 0x90, 0xf0, 0x6e, 0x16, 0x23, 0x94, 0xd7,
+	0x96, 0xea, 0x26, 0x51, 0x2d, 0x94, 0x33, 0x00, 0x9c, 0x65, 0x8f, 0x3e, 0x65, 0xc1, 0xa8, 0x73,
+	0x3b, 0xd6, 0x15, 0xdd, 0x45, 0xd0, 0xf1, 0x11, 0x95, 0x54, 0xaa, 0x48, 0x3c, 0x77, 0xec, 0xa7,
+	0x9a, 0x70, 0x9a, 0x29, 0x7a, 0xdb, 0x02, 0x44, 0x76, 0x89, 0x2b, 0xc3, 0xa2, 0x45, 0x5f, 0x06,
+	0x8b, 0xd8, 0xc1, 0x5f, 0xe8, 0xa2, 0xcb, 0xa5, 0x7a, 0x77, 0x3b, 0xce, 0xe9, 0x03, 0xba, 0x02,
+	0xa8, 0xe1, 0xc5, 0xce, 0xba, 0x4f, 0xe6, 0xc3, 0xa6, 0xcc, 0x3e, 0x16, 0xe7, 0xe9, 0x67, 0xc5,
+	0x38, 0xa3, 0x85, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x9b, 0x65, 0x51, 0xb8, 0xdb, 0xb9, 0x1e, 0xf9,
+	0x4c, 0x4b, 0x98, 0xb3, 0x4c, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x69, 0x59, 0x2d, 0x65, 0x9d, 0x03,
+	0xe0, 0x18, 0xb1, 0xc8, 0xd6, 0xbd, 0xc7, 0x22, 0xeb, 0x48, 0xa9, 0xee, 0x9c, 0xfa, 0x54, 0x0a,
+	0x6e, 0xe9, 0x01, 0xa5, 0xe0, 0x7e, 0xaf, 0x95, 0xaa, 0x67, 0x37, 0x7c, 0xfe, 0x95, 0x62, 0xf3,
+	0x0f, 0xa6, 0x79, 0x14, 0x57, 0x46, 0xaf, 0x64, 0x82, 0xf7, 0x9e, 0x81, 0xea, 0x86, 0xef, 0xb0,
+	0x2a, 0x2c, 0x6c, 0xa1, 0x1a, 0x11, 0x66, 0x17, 0x45, 0x3b, 0x56, 0x18, 0x54, 0xea, 0x1b, 0x44,
+	0x0f, 0x25, 0xb5, 0xff, 0x73, 0x19, 0x86, 0x0d, 0x8d, 0x9f, 0x6b, 0xbe, 0x59, 0x0f, 0x99, 0xf9,
+	0x56, 0x3a, 0x84, 0xf9, 0xf6, 0x3d, 0x50, 0x73, 0xa5, 0x36, 0x2a, 0xa6, 0x3e, 0x7f, 0x56, 0xc7,
+	0x69, 0x85, 0xa4, 0x9a, 0xb0, 0xe6, 0x89, 0x2e, 0xa5, 0xd2, 0x3c, 0x53, 0x7e, 0x81, 0xbc, 0x3c,
+	0x4c, 0xa1, 0xd1, 0xba, 0x9f, 0xc9, 0xc6, 0x07, 0x54, 0x0e, 0x8e, 0x0f, 0xb0, 0x7f, 0xdf, 0x52,
+	0x1f, 0xf7, 0x3e, 0xd4, 0xf3, 0xb9, 0x95, 0xae, 0xe7, 0x73, 0xa1, 0x90, 0x61, 0xee, 0x51, 0xc8,
+	0xe7, 0x1a, 0x0c, 0xcd, 0x87, 0xcd, 0xa6, 0x13, 0x34, 0xd0, 0xd7, 0xc3, 0x90, 0xcb, 0x7f, 0x0a,
+	0x1f, 0x1a, 0x3b, 0xac, 0x16, 0x50, 0x2c, 0x61, 0xe8, 0x71, 0x18, 0x70, 0xa2, 0x4d, 0xe9, 0x37,
+	0x63, 0x41, 0x70, 0xb3, 0xd1, 0x66, 0x8c, 0x59, 0xab, 0xfd, 0xe7, 0x16, 0x8c, 0xd1, 0x47, 0x3c,
+	0xf6, 0x52, 0xec, 0x75, 0x9e, 0x86, 0x41, 0xa7, 0x9d, 0x6c, 0x85, 0x5d, 0xfb, 0xb0, 0x59, 0xd6,
+	0x8a, 0x05, 0x94, 0xee, 0xc3, 0x54, 0x21, 0x08, 0x63, 0x1f, 0xb6, 0x40, 0xe7, 0x32, 0x83, 0x50,
+	0x53, 0x36, 0x6e, 0xaf, 0xe7, 0x9d, 0x96, 0xd6, 0x79, 0x33, 0x96, 0x70, 0x4a, 0x6c, 0x3d, 0x6c,
+	0x74, 0x44, 0x68, 0xaf, 0x22, 0x36, 0x17, 0x36, 0x3a, 0x98, 0x41, 0xd0, 0x13, 0x50, 0x8e, 0xb7,
+	0x1c, 0x79, 0x2e, 0x2f, 0xa3, 0xcc, 0xeb, 0x97, 0x67, 0x31, 0x6d, 0x57, 0x49, 0x13, 0x91, 0x9f,
+	0x8d, 0xb1, 0x4d, 0x27, 0x4d, 0x44, 0xbe, 0xfd, 0x2f, 0x07, 0x80, 0xc5, 0xdb, 0x38, 0x11, 0x69,
+	0xac, 0x85, 0xac, 0x94, 0xf0, 0xb1, 0x1e, 0x6b, 0xeb, 0x8d, 0xec, 0xc3, 0x7c, 0xb4, 0x6d, 0x1c,
+	0x6f, 0x96, 0xef, 0xf7, 0xf1, 0x66, 0xfe, 0x89, 0xf5, 0xc0, 0x43, 0x74, 0x62, 0x6d, 0x7f, 0xce,
+	0x02, 0xa4, 0xa2, 0xa7, 0x74, 0x48, 0xc9, 0x0c, 0xd4, 0x54, 0xb8, 0x96, 0x58, 0x2f, 0x5a, 0x2c,
+	0x4a, 0x00, 0xd6, 0x38, 0x7d, 0x78, 0x2f, 0x9e, 0x92, 0x3a, 0xab, 0x9c, 0xce, 0xb9, 0x60, 0x9a,
+	0x4e, 0xa8, 0x30, 0xfb, 0x57, 0x4a, 0xf0, 0x08, 0x37, 0x97, 0x96, 0x9d, 0xc0, 0xd9, 0x24, 0x4d,
+	0xda, 0xab, 0x7e, 0x83, 0x84, 0x5c, 0xba, 0x6d, 0xf6, 0x64, 0x86, 0xc4, 0x51, 0xe5, 0x15, 0x97,
+	0x33, 0x5c, 0xb2, 0x2c, 0x06, 0x5e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0x5e, 0x66, 0x24, 0xf4,
+	0x4f, 0x41, 0x8c, 0x94, 0x28, 0x16, 0x96, 0x05, 0xc1, 0x8a, 0x11, 0x35, 0x1f, 0xfc, 0xd0, 0xdd,
+	0xa6, 0x4b, 0x3e, 0x6b, 0x3e, 0x2c, 0x89, 0x76, 0xac, 0x30, 0xec, 0x26, 0x8c, 0xcb, 0x31, 0x6c,
+	0x5d, 0x25, 0x1d, 0x4c, 0x36, 0xa8, 0xce, 0x75, 0x65, 0x93, 0x71, 0xbf, 0x92, 0xd2, 0xb9, 0xf3,
+	0x26, 0x10, 0xa7, 0x71, 0x65, 0x75, 0xe1, 0x52, 0x7e, 0x75, 0x61, 0xfb, 0x57, 0x2c, 0xc8, 0x2a,
+	0x7d, 0xa3, 0x96, 0xaa, 0xb5, 0x6f, 0x2d, 0xd5, 0x43, 0x54, 0x23, 0xfd, 0x4e, 0x18, 0x76, 0x12,
+	0x6a, 0xd5, 0x71, 0x0f, 0x4c, 0xf9, 0xde, 0x4e, 0x0e, 0x97, 0xc3, 0x86, 0xb7, 0xe1, 0x31, 0xcf,
+	0x8b, 0x49, 0xce, 0x7e, 0xdb, 0x82, 0xda, 0x42, 0xd4, 0x39, 0x7c, 0xaa, 0x5a, 0x77, 0x22, 0x5a,
+	0xe9, 0x50, 0x89, 0x68, 0x32, 0xd5, 0xad, 0xdc, 0x2b, 0xd5, 0xcd, 0xfe, 0x8b, 0x01, 0x98, 0xe8,
+	0xca, 0xbd, 0x44, 0x2f, 0xc2, 0x88, 0xfa, 0x4a, 0xd2, 0xed, 0x5a, 0x33, 0x83, 0x97, 0x35, 0x0c,
+	0xa7, 0x30, 0xfb, 0x58, 0xaa, 0x8b, 0x70, 0x32, 0x22, 0xaf, 0xb7, 0x49, 0x9b, 0xcc, 0x6e, 0x24,
+	0x24, 0xaa, 0x13, 0x37, 0x0c, 0x1a, 0xbc, 0x18, 0x71, 0x79, 0xee, 0xd1, 0x3b, 0x7b, 0x53, 0x27,
+	0x71, 0x37, 0x18, 0xe7, 0x3d, 0x83, 0x5a, 0x30, 0xea, 0x9b, 0xfb, 0x05, 0xb1, 0x4d, 0xbd, 0xa7,
+	0xad, 0x86, 0x9a, 0xad, 0xa9, 0x66, 0x9c, 0x66, 0x90, 0xde, 0x74, 0x54, 0x1e, 0xd0, 0xa6, 0xe3,
+	0x93, 0x7a, 0xd3, 0xc1, 0x63, 0x81, 0x3e, 0x5c, 0x70, 0xee, 0x6d, 0x3f, 0xbb, 0x8e, 0xa3, 0xec,
+	0x23, 0x5e, 0x86, 0xaa, 0x8c, 0x93, 0xec, 0x2b, 0xbe, 0xd0, 0xa4, 0xd3, 0x43, 0xb6, 0x3f, 0x0d,
+	0xef, 0xbe, 0x10, 0x45, 0xc6, 0x60, 0x5e, 0x0b, 0x93, 0x59, 0xdf, 0x0f, 0x6f, 0x53, 0x73, 0xe5,
+	0x7a, 0x4c, 0x84, 0x1f, 0xd0, 0xbe, 0x5b, 0x82, 0x9c, 0x2d, 0x35, 0x5d, 0x93, 0xda, 0x2e, 0x4c,
+	0xad, 0xc9, 0xc3, 0xd9, 0x86, 0x68, 0x97, 0xc7, 0x92, 0x72, 0x6b, 0xe0, 0x43, 0x45, 0xbb, 0x04,
+	0x74, 0x78, 0xa9, 0x92, 0x94, 0x2a, 0xc4, 0xf4, 0x3c, 0x80, 0x36, 0xe7, 0x85, 0x4d, 0xa8, 0x82,
+	0x43, 0xb4, 0xd5, 0x8f, 0x0d, 0x2c, 0xf4, 0x02, 0x0c, 0x7b, 0x41, 0x9c, 0x38, 0xbe, 0x7f, 0xd9,
+	0x0b, 0x12, 0x61, 0x27, 0x2a, 0xb3, 0x67, 0x51, 0x83, 0xb0, 0x89, 0x77, 0xf6, 0x03, 0xc6, 0xf7,
+	0x3b, 0xcc, 0x77, 0xdf, 0x82, 0x33, 0x97, 0xbc, 0x44, 0x25, 0x29, 0xaa, 0xf9, 0x46, 0xad, 0x75,
+	0x25, 0xab, 0xac, 0x9e, 0x69, 0xb9, 0x46, 0x92, 0x60, 0x29, 0x9d, 0xd3, 0x98, 0x4d, 0x12, 0xb4,
+	0x5d, 0x38, 0x75, 0xc9, 0x4b, 0x2e, 0x7a, 0x3e, 0x39, 0x46, 0x26, 0xbf, 0x34, 0x08, 0x23, 0x66,
+	0xee, 0xfe, 0x61, 0x24, 0xfb, 0x17, 0xa8, 0x1d, 0x2b, 0x06, 0xc2, 0x53, 0x07, 0xde, 0x37, 0x8f,
+	0x5c, 0x48, 0x20, 0x7f, 0x70, 0x0d, 0x53, 0x56, 0xf3, 0xc4, 0x66, 0x07, 0xd0, 0x6d, 0xa8, 0x6c,
+	0xb0, 0x7c, 0xb7, 0x72, 0x11, 0xa1, 0x4a, 0x79, 0x83, 0xaf, 0x57, 0x2e, 0xcf, 0x98, 0xe3, 0xfc,
+	0xa8, 0xf9, 0x11, 0xa5, 0xd3, 0xac, 0x8d, 0x2c, 0x04, 0xa1, 0xd7, 0x14, 0x46, 0x2f, 0xed, 0x51,
+	0xb9, 0x07, 0xed, 0x91, 0x92, 0xe5, 0x83, 0x0f, 0x48, 0x96, 0xb3, 0xdc, 0xc5, 0x64, 0x8b, 0x19,
+	0xc7, 0x22, 0x6d, 0x6a, 0x88, 0x0d, 0x82, 0x91, 0xbb, 0x98, 0x02, 0xe3, 0x2c, 0x3e, 0xfa, 0x98,
+	0xd2, 0x06, 0xd5, 0x22, 0x0e, 0x14, 0xcc, 0x19, 0x7d, 0xdc, 0x8a, 0xe0, 0x73, 0x25, 0x18, 0xbb,
+	0x14, 0xb4, 0x57, 0x2f, 0xad, 0xb6, 0xd7, 0x7d, 0xcf, 0xbd, 0x4a, 0x3a, 0x54, 0xda, 0x6f, 0x93,
+	0xce, 0xe2, 0x82, 0x58, 0x41, 0x6a, 0xce, 0x5c, 0xa5, 0x8d, 0x98, 0xc3, 0xa8, 0xdc, 0xda, 0xf0,
+	0x82, 0x4d, 0x12, 0xb5, 0x22, 0x4f, 0xf8, 0xfa, 0x0d, 0xb9, 0x75, 0x51, 0x83, 0xb0, 0x89, 0x47,
+	0x69, 0x87, 0xb7, 0x03, 0x55, 0x48, 0x49, 0xd1, 0x5e, 0xa1, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12,
+	0xb5, 0x85, 0x2b, 0xcd, 0x40, 0x5a, 0xa3, 0x8d, 0x98, 0xc3, 0xc4, 0x2e, 0x9d, 0x45, 0x82, 0x55,
+	0xba, 0x76, 0xe9, 0x2c, 0x88, 0x42, 0xc2, 0x29, 0xea, 0x36, 0xe9, 0x2c, 0x38, 0x89, 0x93, 0xdd,
+	0x64, 0x5f, 0xe5, 0xcd, 0x58, 0xc2, 0x59, 0x65, 0xe5, 0xf4, 0x70, 0x7c, 0xcd, 0x55, 0x56, 0x4e,
+	0x77, 0xbf, 0x87, 0x43, 0xe6, 0xef, 0x94, 0x60, 0xe4, 0x9d, 0xeb, 0x4f, 0x73, 0x2e, 0xf6, 0xb9,
+	0x09, 0x13, 0x5d, 0x19, 0xd3, 0x7d, 0x58, 0x48, 0x07, 0x56, 0xb4, 0xb0, 0x31, 0x0c, 0x53, 0xc2,
+	0xb2, 0xa2, 0xe0, 0x3c, 0x4c, 0xf0, 0xc5, 0x4b, 0x39, 0xb1, 0x04, 0x58, 0x95, 0x05, 0xcf, 0x0e,
+	0xb3, 0x6e, 0x64, 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xbc, 0x05, 0xa3, 0xa9, 0x24, 0xf6, 0x82, 0x6c,
+	0x39, 0xb6, 0xba, 0x43, 0x16, 0xc5, 0xcc, 0xb2, 0x4a, 0xca, 0x4c, 0x0d, 0xeb, 0xd5, 0xad, 0x41,
+	0xd8, 0xc4, 0xb3, 0x7f, 0xb3, 0x0c, 0x55, 0x19, 0x71, 0xd5, 0x47, 0x57, 0x3e, 0x6b, 0xc1, 0xa8,
+	0x3a, 0x40, 0x64, 0x1e, 0xdf, 0x52, 0x11, 0x39, 0x75, 0xb4, 0x07, 0xca, 0x7f, 0x12, 0x6c, 0x84,
+	0x7a, 0x63, 0x81, 0x4d, 0x66, 0x38, 0xcd, 0x1b, 0xdd, 0x00, 0x88, 0x3b, 0x71, 0x42, 0x9a, 0x86,
+	0xef, 0xd9, 0x36, 0x66, 0xd9, 0xb4, 0x1b, 0x46, 0x84, 0xce, 0xa9, 0x6b, 0x61, 0x83, 0xd4, 0x15,
+	0xa6, 0xb6, 0xf0, 0x74, 0x1b, 0x36, 0x28, 0xa1, 0x37, 0xd4, 0x71, 0xf7, 0x40, 0x11, 0x7a, 0x5d,
+	0x8e, 0x6f, 0x3f, 0xe7, 0xdd, 0x47, 0x38, 0x5f, 0xb6, 0x7f, 0xba, 0x04, 0x27, 0xb2, 0x23, 0x89,
+	0x3e, 0x0c, 0x23, 0x72, 0xd0, 0x0c, 0x37, 0x83, 0x0c, 0x73, 0x1b, 0xc1, 0x06, 0xec, 0xee, 0xde,
+	0xd4, 0x54, 0xf7, 0x3d, 0xda, 0xd3, 0x26, 0x0a, 0x4e, 0x11, 0xe3, 0x87, 0xcf, 0x22, 0x4a, 0x62,
+	0xae, 0x33, 0xdb, 0x6a, 0x89, 0x13, 0x64, 0xe3, 0xf0, 0xd9, 0x84, 0xe2, 0x0c, 0x36, 0x5a, 0x85,
+	0x53, 0x46, 0xcb, 0x35, 0xe2, 0x6d, 0x6e, 0xad, 0x87, 0x91, 0xdc, 0xd7, 0x3e, 0xae, 0x83, 0x6a,
+	0xbb, 0x71, 0x70, 0xee, 0x93, 0xd4, 0x30, 0x72, 0x9d, 0x96, 0xe3, 0x7a, 0x49, 0x47, 0x9c, 0x01,
+	0x28, 0x31, 0x3e, 0x2f, 0xda, 0xb1, 0xc2, 0xb0, 0xff, 0xe1, 0x00, 0x9c, 0xe0, 0x51, 0xa4, 0x44,
+	0x05, 0x49, 0xa3, 0x0f, 0x43, 0x2d, 0x4e, 0x9c, 0x88, 0x3b, 0x35, 0xac, 0x43, 0x8b, 0x2e, 0x9d,
+	0x79, 0x2f, 0x89, 0x60, 0x4d, 0x0f, 0xbd, 0xc2, 0xca, 0x96, 0x79, 0xf1, 0x16, 0xa3, 0x5e, 0xba,
+	0x37, 0x97, 0xc9, 0x45, 0x45, 0x01, 0x1b, 0xd4, 0xd0, 0xb7, 0x40, 0xa5, 0xb5, 0xe5, 0xc4, 0xd2,
+	0x9f, 0xf7, 0xb4, 0x94, 0x13, 0xab, 0xb4, 0xf1, 0xee, 0xde, 0xd4, 0xe9, 0xec, 0xab, 0x32, 0x00,
+	0xe6, 0x0f, 0x99, 0x52, 0x7e, 0xe0, 0xe0, 0x7b, 0x79, 0x1a, 0x51, 0xa7, 0x7e, 0x79, 0x36, 0x7b,
+	0x93, 0xcb, 0x02, 0x6b, 0xc5, 0x02, 0x4a, 0x65, 0xd2, 0x16, 0x67, 0xd9, 0xa0, 0xc8, 0x83, 0x69,
+	0x8b, 0xe3, 0xb2, 0x06, 0x61, 0x13, 0x0f, 0x7d, 0xae, 0x3b, 0xc6, 0x78, 0xe8, 0x18, 0x72, 0x50,
+	0xfa, 0x8d, 0x2e, 0xbe, 0x00, 0x35, 0xd1, 0xd5, 0xb5, 0x10, 0xbd, 0x08, 0x23, 0xdc, 0x5d, 0x34,
+	0x17, 0x39, 0x81, 0xbb, 0x95, 0x75, 0xf2, 0xac, 0x19, 0x30, 0x9c, 0xc2, 0xb4, 0x97, 0x61, 0xa0,
+	0x4f, 0x21, 0xdb, 0xd7, 0xde, 0xfd, 0x65, 0xa8, 0x52, 0x72, 0x72, 0x83, 0x56, 0x04, 0xc9, 0x10,
+	0xaa, 0xf2, 0x96, 0x47, 0x64, 0x43, 0xd9, 0x73, 0x64, 0x2c, 0x89, 0x5a, 0x42, 0x8b, 0x71, 0xdc,
+	0x66, 0xd3, 0x8e, 0x02, 0xd1, 0x53, 0x50, 0x26, 0xbb, 0xad, 0x6c, 0xd0, 0xc8, 0x85, 0xdd, 0x96,
+	0x17, 0x91, 0x98, 0x22, 0x91, 0xdd, 0x16, 0x3a, 0x0b, 0x25, 0xaf, 0x21, 0x66, 0x24, 0x08, 0x9c,
+	0xd2, 0xe2, 0x02, 0x2e, 0x79, 0x0d, 0x7b, 0x17, 0x6a, 0xea, 0x5a, 0x49, 0xb4, 0x2d, 0x4d, 0x2a,
+	0xab, 0x88, 0x28, 0x62, 0x49, 0xb7, 0x87, 0x31, 0xd5, 0x06, 0xd0, 0x25, 0x1d, 0x8a, 0x52, 0xc1,
+	0xe7, 0x60, 0xc0, 0x0d, 0x45, 0x31, 0x9e, 0xaa, 0x26, 0xc3, 0x6c, 0x29, 0x06, 0xb1, 0x6f, 0xc2,
+	0xd8, 0xd5, 0x20, 0xbc, 0xcd, 0x6e, 0x7f, 0x62, 0xc5, 0x8e, 0x29, 0xe1, 0x0d, 0xfa, 0x23, 0x6b,
+	0xb9, 0x33, 0x28, 0xe6, 0x30, 0x55, 0x86, 0xb5, 0xd4, 0xab, 0x0c, 0xab, 0xfd, 0x71, 0x0b, 0x46,
+	0x54, 0x6e, 0xf8, 0xa5, 0x9d, 0x6d, 0x4a, 0x77, 0x33, 0x0a, 0xdb, 0xad, 0x2c, 0x5d, 0x76, 0x83,
+	0x2d, 0xe6, 0x30, 0xb3, 0x68, 0x42, 0xe9, 0x80, 0xa2, 0x09, 0xe7, 0x60, 0x60, 0xdb, 0x0b, 0x1a,
+	0x59, 0xa7, 0xe8, 0x55, 0x2f, 0x68, 0x60, 0x06, 0xb1, 0xff, 0xd2, 0x82, 0x13, 0xaa, 0x0b, 0xd2,
+	0x66, 0x7a, 0x11, 0x46, 0xd6, 0xdb, 0x9e, 0xdf, 0x90, 0x55, 0x9c, 0x33, 0xcb, 0x65, 0xce, 0x80,
+	0xe1, 0x14, 0x26, 0x3a, 0x0f, 0xb0, 0xee, 0x05, 0x4e, 0xd4, 0x59, 0xd5, 0x46, 0x9a, 0xd2, 0xdb,
+	0x73, 0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x26, 0x54, 0x77, 0xe4, 0xe9, 0x6d, 0xb9, 0xd0, 0x5c, 0x7f,
+	0x31, 0x1e, 0x7a, 0x25, 0xa8, 0xe3, 0x60, 0xc5, 0xd1, 0xfe, 0x62, 0x19, 0xc6, 0xd2, 0xf9, 0xf9,
+	0x7d, 0x78, 0x4e, 0x9e, 0x82, 0x0a, 0x4b, 0xd9, 0xcf, 0x4e, 0x2c, 0x5e, 0x76, 0x99, 0xc3, 0x50,
+	0x0c, 0x83, 0x5c, 0x94, 0x14, 0x73, 0x07, 0xa9, 0xea, 0xa4, 0xf2, 0xe3, 0xb2, 0x48, 0x6f, 0xe1,
+	0x16, 0x17, 0xac, 0xd0, 0xa7, 0x2c, 0x18, 0x0a, 0x5b, 0x66, 0xfd, 0xcf, 0x0f, 0x15, 0x59, 0xbb,
+	0x40, 0x24, 0x08, 0x0b, 0x6b, 0x48, 0x4d, 0x3c, 0x39, 0x19, 0x24, 0xeb, 0xb3, 0xdf, 0x0c, 0x23,
+	0x26, 0xe6, 0x41, 0x06, 0x51, 0xd5, 0x34, 0x88, 0x3e, 0x6b, 0x4e, 0x49, 0x51, 0x9d, 0xa1, 0x8f,
+	0xc5, 0x7e, 0x1d, 0x2a, 0xae, 0x0a, 0x87, 0xbb, 0xa7, 0x9b, 0x07, 0x54, 0xf5, 0x32, 0x16, 0x6a,
+	0xc0, 0xa9, 0xd9, 0xbf, 0x6f, 0x19, 0xf3, 0x03, 0x93, 0x78, 0xb1, 0x81, 0x22, 0x28, 0x6f, 0xee,
+	0x6c, 0x0b, 0x23, 0xe3, 0x4a, 0x41, 0xc3, 0x7b, 0x69, 0x67, 0x5b, 0xaf, 0x30, 0xb3, 0x15, 0x53,
+	0x66, 0x7d, 0x1c, 0x36, 0xa4, 0x8a, 0x78, 0x94, 0x0f, 0x2e, 0xe2, 0x61, 0xbf, 0x5d, 0x82, 0x89,
+	0xae, 0x49, 0x85, 0xde, 0x80, 0x4a, 0x44, 0xdf, 0x52, 0xbc, 0xde, 0x52, 0x61, 0x65, 0x37, 0xe2,
+	0xc5, 0x86, 0x56, 0xde, 0xe9, 0x76, 0xcc, 0x59, 0xa2, 0x2b, 0x80, 0x74, 0xd0, 0xa6, 0x3a, 0xe9,
+	0xe0, 0xaf, 0xac, 0x22, 0xbb, 0x66, 0xbb, 0x30, 0x70, 0xce, 0x53, 0xe8, 0xa5, 0xec, 0x81, 0x49,
+	0xa6, 0xa2, 0xf4, 0x7e, 0x67, 0x1f, 0xf6, 0x5b, 0xe6, 0x14, 0xbc, 0xa1, 0x85, 0xe9, 0x51, 0x37,
+	0xa7, 0x5d, 0x92, 0xb5, 0xdc, 0xaf, 0x64, 0xb5, 0x7f, 0xa1, 0x04, 0xa3, 0xa9, 0x0a, 0xb1, 0xc8,
+	0x87, 0x2a, 0xf1, 0xd9, 0xc9, 0xae, 0xd4, 0xbe, 0x47, 0xbd, 0x2c, 0x46, 0xc9, 0xc9, 0x0b, 0x82,
+	0x2e, 0x56, 0x1c, 0x1e, 0x8e, 0x18, 0xb4, 0x17, 0x61, 0x44, 0x76, 0xe8, 0x43, 0x4e, 0xd3, 0xcf,
+	0x0e, 0xdf, 0x05, 0x03, 0x86, 0x53, 0x98, 0xf6, 0xaf, 0x96, 0x61, 0x92, 0x1f, 0x85, 0x37, 0xd4,
+	0x62, 0x50, 0x21, 0x2d, 0x3f, 0xa8, 0xeb, 0x38, 0x5b, 0x45, 0xdc, 0x88, 0xde, 0x8b, 0x51, 0x5f,
+	0xa1, 0xd3, 0x3f, 0x9e, 0x09, 0x9d, 0xe6, 0x5b, 0xf5, 0xcd, 0x63, 0xea, 0xd1, 0xd7, 0x56, 0x2c,
+	0xf5, 0x3f, 0x2d, 0xc1, 0x78, 0xe6, 0xe2, 0x3b, 0xf4, 0xc5, 0xf4, 0x5d, 0x29, 0x56, 0x11, 0xc7,
+	0x84, 0xfb, 0xde, 0x85, 0x76, 0xb8, 0x1b, 0x53, 0x1e, 0xd0, 0x52, 0xb1, 0x7f, 0xb7, 0x04, 0x63,
+	0xe9, 0x1b, 0xfb, 0x1e, 0xc2, 0x91, 0x7a, 0x1f, 0xd4, 0xd8, 0xa5, 0x54, 0x57, 0x49, 0x47, 0x9e,
+	0x32, 0xf2, 0xfb, 0x7f, 0x64, 0x23, 0xd6, 0xf0, 0x87, 0xe2, 0x22, 0x1a, 0xfb, 0x9f, 0x5b, 0x70,
+	0x9a, 0xbf, 0x65, 0x76, 0x1e, 0xfe, 0xad, 0xbc, 0xd1, 0x7d, 0xb5, 0xd8, 0x0e, 0x66, 0xea, 0x8f,
+	0x1f, 0x34, 0xbe, 0xec, 0x5e, 0x78, 0xd1, 0xdb, 0xf4, 0x54, 0x78, 0x08, 0x3b, 0x7b, 0xa8, 0xc9,
+	0x60, 0xff, 0xc7, 0x12, 0x0c, 0xaf, 0xcc, 0x2f, 0x2a, 0x11, 0x3e, 0x03, 0x35, 0x37, 0x22, 0x8e,
+	0x76, 0xff, 0x98, 0x81, 0x56, 0x12, 0x80, 0x35, 0x0e, 0xdd, 0x45, 0xf1, 0x40, 0xc5, 0x38, 0xbb,
+	0x8b, 0xe2, 0x71, 0x8c, 0x31, 0x96, 0x70, 0xf4, 0x0c, 0x54, 0x59, 0x0a, 0xf1, 0xf5, 0x48, 0x6a,
+	0x1c, 0xbd, 0xb5, 0x66, 0xed, 0x78, 0x09, 0x2b, 0x0c, 0x4a, 0xb8, 0x11, 0xba, 0x31, 0x45, 0xce,
+	0x78, 0x64, 0x16, 0x68, 0x33, 0x5e, 0xc2, 0x12, 0xce, 0x2a, 0x40, 0x32, 0xaf, 0x05, 0x45, 0xae,
+	0xa4, 0x3b, 0xcd, 0xdd, 0x1b, 0x14, 0x5d, 0xe3, 0x1c, 0xa6, 0x52, 0x68, 0x26, 0x8d, 0x6f, 0xa8,
+	0xbf, 0x34, 0x3e, 0xfb, 0x77, 0xcb, 0x50, 0xd3, 0x4e, 0x35, 0x4f, 0xd4, 0xcd, 0x28, 0xa4, 0xbe,
+	0x7d, 0xbd, 0x13, 0xb8, 0x8a, 0x34, 0x8f, 0x26, 0x30, 0xca, 0x66, 0x7c, 0xbf, 0x05, 0xc3, 0x5e,
+	0xe0, 0x25, 0x9e, 0xc3, 0x7c, 0x83, 0xc5, 0xdc, 0x13, 0xae, 0xd8, 0x2d, 0x72, 0xca, 0x61, 0x64,
+	0x1e, 0xf9, 0x2b, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x2a, 0xb2, 0xc6, 0xca, 0x85, 0x15, 0x9f, 0xa9,
+	0x66, 0x52, 0xc5, 0x5a, 0xd4, 0xc6, 0x4e, 0xa2, 0x82, 0x6a, 0x36, 0x61, 0x4a, 0x4a, 0xdd, 0xb3,
+	0xa2, 0x76, 0x31, 0xac, 0x19, 0x73, 0x46, 0x76, 0x0c, 0xa8, 0x7b, 0x2c, 0x0e, 0x99, 0x91, 0x33,
+	0x03, 0x35, 0xa7, 0x9d, 0x84, 0x4d, 0x3a, 0x4c, 0x22, 0x60, 0x40, 0xe7, 0x1c, 0x49, 0x00, 0xd6,
+	0x38, 0xf6, 0x17, 0x2b, 0x90, 0xa9, 0x62, 0x81, 0x76, 0xa1, 0xa6, 0xea, 0x58, 0x14, 0x93, 0xe1,
+	0xaa, 0x67, 0x94, 0xea, 0x8c, 0x6a, 0xc2, 0x9a, 0x19, 0xda, 0x94, 0x6e, 0x56, 0xbe, 0xda, 0x5f,
+	0xce, 0xba, 0x59, 0xbf, 0xbd, 0xbf, 0x53, 0x37, 0x3a, 0x57, 0x67, 0x78, 0xdd, 0xc2, 0xe9, 0x03,
+	0x3d, 0xb2, 0x07, 0xdd, 0x94, 0xfe, 0x09, 0x71, 0xab, 0x19, 0x26, 0x71, 0xdb, 0x4f, 0xc4, 0x6c,
+	0x78, 0xb9, 0xc0, 0x55, 0xc6, 0x09, 0xeb, 0x6a, 0x50, 0xfc, 0x3f, 0x36, 0x98, 0xa6, 0xfd, 0xe6,
+	0x83, 0xc7, 0xea, 0x37, 0x1f, 0x2a, 0xd4, 0x6f, 0x7e, 0x1e, 0x80, 0xcd, 0x6d, 0x9e, 0x39, 0x50,
+	0x65, 0xee, 0x4c, 0xa5, 0x62, 0xb0, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x46, 0x48, 0x97, 0x33, 0x43,
+	0x53, 0xb2, 0x7a, 0x1a, 0x3f, 0x11, 0x64, 0x49, 0x9b, 0xa9, 0x42, 0x67, 0x3f, 0x67, 0x81, 0x59,
+	0x73, 0x0d, 0xbd, 0xce, 0x8b, 0xbb, 0x59, 0x45, 0x9c, 0x30, 0x19, 0x74, 0xa7, 0x97, 0x9d, 0x56,
+	0x26, 0xda, 0x49, 0x56, 0x78, 0x3b, 0xfb, 0x01, 0xa8, 0x4a, 0xe8, 0xa1, 0x8c, 0xe5, 0x8f, 0xc1,
+	0x49, 0x59, 0x00, 0x42, 0x1e, 0x06, 0x89, 0xa8, 0x83, 0x83, 0x7d, 0x8c, 0xd2, 0x71, 0x58, 0xea,
+	0xe5, 0x38, 0x54, 0xbb, 0xe1, 0x72, 0xcf, 0xb2, 0xed, 0x3f, 0x6f, 0xc1, 0xb9, 0x6c, 0x07, 0xe2,
+	0xe5, 0x30, 0xf0, 0x92, 0x30, 0xaa, 0x93, 0x24, 0xf1, 0x82, 0x4d, 0x56, 0x83, 0xf7, 0xb6, 0x13,
+	0xc9, 0x7b, 0x98, 0x98, 0xa0, 0xbc, 0xe9, 0x44, 0x01, 0x66, 0xad, 0xa8, 0x03, 0x83, 0x3c, 0xd4,
+	0x5a, 0xec, 0x82, 0x8e, 0xb8, 0x36, 0x72, 0x86, 0x43, 0x6f, 0xc3, 0x78, 0x98, 0x37, 0x16, 0x0c,
+	0xed, 0xaf, 0x58, 0x80, 0x56, 0x76, 0x48, 0x14, 0x79, 0x0d, 0x23, 0x38, 0x9c, 0xdd, 0x0e, 0x6a,
+	0xdc, 0x02, 0x6a, 0x96, 0x27, 0xc9, 0xdc, 0x0e, 0x6a, 0xfc, 0xcb, 0xbf, 0x1d, 0xb4, 0x74, 0xb8,
+	0xdb, 0x41, 0xd1, 0x0a, 0x9c, 0x6e, 0xf2, 0x6d, 0x1c, 0xbf, 0x71, 0x8f, 0xef, 0xe9, 0x54, 0x26,
+	0xfd, 0x99, 0x3b, 0x7b, 0x53, 0xa7, 0x97, 0xf3, 0x10, 0x70, 0xfe, 0x73, 0xf6, 0x07, 0x00, 0xf1,
+	0x98, 0xf0, 0xf9, 0xbc, 0xb0, 0xd6, 0x9e, 0x6e, 0x0e, 0xfb, 0xc7, 0x2a, 0x30, 0x9e, 0xb9, 0xa5,
+	0x83, 0x6e, 0xa1, 0xbb, 0xe3, 0x68, 0x8f, 0xac, 0xbf, 0xbb, 0xbb, 0xd7, 0x57, 0x64, 0x6e, 0x00,
+	0x15, 0x2f, 0x68, 0xb5, 0x93, 0x62, 0x0a, 0x79, 0xf0, 0x4e, 0x2c, 0x52, 0x82, 0xc6, 0xb9, 0x04,
+	0xfd, 0x8b, 0x39, 0x9b, 0x22, 0xe3, 0x7c, 0x53, 0x9b, 0x9c, 0x81, 0x07, 0xe4, 0x66, 0xf9, 0x84,
+	0x8e, 0xba, 0xad, 0x14, 0xe1, 0x43, 0xce, 0x4c, 0x96, 0xe3, 0x0e, 0xb5, 0xfa, 0x99, 0x12, 0x0c,
+	0x1b, 0x1f, 0x0d, 0xfd, 0x44, 0xba, 0x22, 0xa9, 0x55, 0xdc, 0x2b, 0x31, 0xfa, 0xd3, 0xba, 0xe6,
+	0x28, 0x7f, 0xa5, 0xa7, 0xbb, 0x8b, 0x91, 0xde, 0xdd, 0x9b, 0x3a, 0x91, 0x29, 0x37, 0x9a, 0x2a,
+	0x50, 0x7a, 0xf6, 0xbb, 0x61, 0x3c, 0x43, 0x26, 0xe7, 0x95, 0xd7, 0xcc, 0x57, 0x3e, 0xb2, 0xbb,
+	0xcf, 0x1c, 0xb2, 0x2f, 0xd3, 0x21, 0x13, 0xf5, 0x03, 0x42, 0x9f, 0xf4, 0xe1, 0xeb, 0xcc, 0xec,
+	0x2f, 0x4a, 0x7d, 0x96, 0x09, 0x79, 0x2f, 0x54, 0x5b, 0xa1, 0xef, 0xb9, 0x9e, 0x2a, 0x68, 0xce,
+	0x0a, 0x93, 0xac, 0x8a, 0x36, 0xac, 0xa0, 0xe8, 0x36, 0xd4, 0x6e, 0xdd, 0x4e, 0xf8, 0x31, 0xa3,
+	0x38, 0xca, 0x28, 0xea, 0x74, 0x51, 0x19, 0x2d, 0xea, 0x1c, 0x13, 0x6b, 0x5e, 0xc8, 0x86, 0x41,
+	0xa6, 0x04, 0x65, 0x2e, 0x21, 0x3b, 0x66, 0x61, 0xda, 0x31, 0xc6, 0x02, 0x62, 0xff, 0xfb, 0x61,
+	0x38, 0x95, 0x77, 0x55, 0x12, 0x7a, 0x13, 0x06, 0x79, 0x1f, 0x8b, 0xb9, 0x8d, 0x2f, 0x8f, 0xc7,
+	0x25, 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x3b, 0xeb, 0x62, 0x86, 0x1c,
+	0x0f, 0xf7, 0x25, 0x47, 0x73, 0x5f, 0x72, 0x38, 0x77, 0xdf, 0x59, 0x47, 0xbb, 0x50, 0xd9, 0xf4,
+	0x12, 0xe2, 0x08, 0xe7, 0xcc, 0xcd, 0x63, 0x61, 0x4e, 0x1c, 0x6e, 0xa5, 0xb1, 0x9f, 0x98, 0x33,
+	0x44, 0x5f, 0xb2, 0x60, 0x7c, 0x3d, 0x5d, 0x9f, 0x48, 0x08, 0x4f, 0xe7, 0x18, 0xae, 0xc3, 0x4a,
+	0x33, 0xe2, 0xd7, 0xe3, 0x66, 0x1a, 0x71, 0xb6, 0x3b, 0xe8, 0x93, 0x16, 0x0c, 0x6d, 0x78, 0xbe,
+	0x71, 0xdf, 0xc8, 0x31, 0x7c, 0x9c, 0x8b, 0x8c, 0x81, 0xde, 0x71, 0xf0, 0xff, 0x31, 0x96, 0x9c,
+	0x7b, 0x69, 0xaa, 0xc1, 0xa3, 0x6a, 0xaa, 0xa1, 0x07, 0xa4, 0xa9, 0x3e, 0x63, 0x41, 0x4d, 0x8d,
+	0xb4, 0xa8, 0xf3, 0xf2, 0xe1, 0x63, 0xfc, 0xe4, 0xdc, 0x23, 0xa5, 0xfe, 0x62, 0xcd, 0x1c, 0xbd,
+	0x65, 0xc1, 0xb0, 0xf3, 0x46, 0x3b, 0x22, 0x0d, 0xb2, 0x13, 0xb6, 0x62, 0x51, 0x80, 0xf5, 0xd5,
+	0xe2, 0x3b, 0x33, 0x4b, 0x99, 0x2c, 0x90, 0x9d, 0x95, 0x56, 0x2c, 0xf2, 0x9c, 0x75, 0x03, 0x36,
+	0xbb, 0x80, 0xbe, 0x4f, 0xeb, 0x71, 0x28, 0xa2, 0x0c, 0x77, 0x5e, 0x6f, 0xfa, 0x4a, 0xdb, 0x27,
+	0xf0, 0x98, 0x1b, 0x06, 0x89, 0x17, 0xb4, 0xc9, 0x4a, 0x80, 0x49, 0x2b, 0xbc, 0x16, 0x26, 0x17,
+	0xc3, 0x76, 0xd0, 0xb8, 0x10, 0x45, 0x61, 0xc4, 0x0a, 0xd9, 0x18, 0x97, 0xb0, 0xce, 0xf7, 0x46,
+	0xc5, 0xfb, 0xd1, 0x39, 0x8a, 0xcd, 0xb0, 0x57, 0x82, 0xa9, 0x03, 0x06, 0x1b, 0xbd, 0x08, 0x23,
+	0x61, 0xb4, 0xe9, 0x04, 0xde, 0x1b, 0x66, 0x6d, 0x36, 0x65, 0x90, 0xae, 0x18, 0x30, 0x9c, 0xc2,
+	0x34, 0x8b, 0xf6, 0x94, 0x0e, 0x28, 0xda, 0x73, 0x0e, 0x06, 0x22, 0xd2, 0x0a, 0xb3, 0xfb, 0x2a,
+	0x96, 0x9a, 0xc8, 0x20, 0xe8, 0x09, 0x28, 0x3b, 0x2d, 0x4f, 0x38, 0x17, 0xd5, 0x76, 0x71, 0x76,
+	0x75, 0x11, 0xd3, 0xf6, 0x54, 0x0d, 0xb1, 0xca, 0x7d, 0xa9, 0x21, 0x46, 0x35, 0xa6, 0x38, 0x3e,
+	0x1b, 0xd4, 0x1a, 0x33, 0x7d, 0xac, 0x65, 0xbf, 0x5d, 0x86, 0x27, 0xf6, 0x5d, 0x5a, 0x3a, 0x64,
+	0xdd, 0xda, 0x27, 0x64, 0x5d, 0x0e, 0x4f, 0xe9, 0xa0, 0xe1, 0x29, 0xf7, 0x18, 0x9e, 0x4f, 0x52,
+	0x89, 0x21, 0x6b, 0xda, 0x15, 0x73, 0x91, 0x7c, 0xaf, 0x12, 0x79, 0x42, 0x58, 0x48, 0x28, 0xd6,
+	0x7c, 0xe9, 0x76, 0x29, 0x55, 0xb0, 0xa6, 0x52, 0x84, 0xc6, 0xec, 0x59, 0x57, 0x8e, 0x8b, 0x89,
+	0x5e, 0x55, 0x70, 0xec, 0x5f, 0x1c, 0x80, 0xa7, 0xfa, 0x50, 0x74, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c,
+	0xc5, 0x5f, 0xe3, 0x9f, 0xe9, 0xd3, 0xb9, 0x9f, 0x09, 0x17, 0xff, 0x99, 0xf6, 0xff, 0x42, 0xec,
+	0x04, 0x22, 0x88, 0x89, 0xdb, 0x8e, 0x78, 0xfa, 0x8e, 0x91, 0xb7, 0xbc, 0x28, 0xda, 0xb1, 0xc2,
+	0xa0, 0xdb, 0x5f, 0xd7, 0xa1, 0xcb, 0x7f, 0xa8, 0xa0, 0x02, 0x25, 0x66, 0x0a, 0x34, 0xb7, 0xbe,
+	0xe6, 0x67, 0xa9, 0x04, 0xe0, 0x6c, 0xec, 0x5f, 0xb3, 0xe0, 0x6c, 0x6f, 0x6b, 0x04, 0x3d, 0x0b,
+	0xc3, 0xeb, 0x2c, 0x98, 0x72, 0x99, 0x85, 0x4c, 0x89, 0xa9, 0xc3, 0xde, 0x57, 0x37, 0x63, 0x13,
+	0x07, 0xcd, 0xc3, 0x84, 0x19, 0x85, 0xb9, 0x6c, 0xc4, 0x5a, 0x31, 0x7f, 0xc9, 0x5a, 0x16, 0x88,
+	0xbb, 0xf1, 0xd1, 0x34, 0x40, 0xe2, 0x25, 0x3e, 0xe1, 0x4f, 0xf3, 0x89, 0xc6, 0x1c, 0x8a, 0x6b,
+	0xaa, 0x15, 0x1b, 0x18, 0xf6, 0x57, 0xcb, 0xf9, 0xaf, 0xc1, 0xad, 0xdc, 0xc3, 0xcc, 0x7e, 0x31,
+	0xb7, 0x4b, 0x7d, 0x48, 0xe8, 0xf2, 0xfd, 0x96, 0xd0, 0x03, 0xbd, 0x24, 0x34, 0x5a, 0x80, 0x13,
+	0xc6, 0xb5, 0xae, 0xbc, 0xc4, 0x0d, 0x3f, 0x94, 0x52, 0xf5, 0xe9, 0x56, 0x33, 0x70, 0xdc, 0xf5,
+	0xc4, 0x43, 0x3e, 0x55, 0x7f, 0xbd, 0x04, 0x67, 0x7a, 0x6e, 0x2c, 0xee, 0x93, 0x06, 0x32, 0x3f,
+	0xff, 0xc0, 0xfd, 0xf9, 0xfc, 0xe6, 0x47, 0xa9, 0x1c, 0xf8, 0x51, 0xfa, 0x51, 0xe7, 0xbf, 0x57,
+	0xea, 0xb9, 0x58, 0xe8, 0x46, 0xf4, 0xaf, 0xec, 0x48, 0xbe, 0x04, 0xa3, 0x4e, 0xab, 0xc5, 0xf1,
+	0x58, 0x66, 0x46, 0xa6, 0x66, 0xe6, 0xac, 0x09, 0xc4, 0x69, 0xdc, 0xbe, 0x06, 0xf6, 0x8f, 0x2c,
+	0xa8, 0x61, 0xb2, 0xc1, 0x25, 0x1c, 0xba, 0x25, 0x86, 0xc8, 0x2a, 0xe2, 0xe2, 0x02, 0x3a, 0xb0,
+	0xb1, 0xc7, 0xaa, 0xf9, 0xe7, 0x0d, 0xf6, 0x51, 0x2b, 0x30, 0xa8, 0xcb, 0x60, 0xcb, 0xbd, 0x2f,
+	0x83, 0xb5, 0x7f, 0xa9, 0x46, 0x5f, 0xaf, 0x15, 0xce, 0x47, 0xa4, 0x11, 0xd3, 0xef, 0xdb, 0x8e,
+	0x7c, 0x31, 0x49, 0xd4, 0xf7, 0xbd, 0x8e, 0x97, 0x30, 0x6d, 0x4f, 0x9d, 0x4f, 0x96, 0x0e, 0x55,
+	0x31, 0xb0, 0x7c, 0x60, 0xc5, 0xc0, 0x97, 0x60, 0x34, 0x8e, 0xb7, 0x56, 0x23, 0x6f, 0xc7, 0x49,
+	0xc8, 0x55, 0x22, 0x4b, 0x0b, 0xe9, 0xea, 0x59, 0xf5, 0xcb, 0x1a, 0x88, 0xd3, 0xb8, 0xe8, 0x12,
+	0x4c, 0xe8, 0xba, 0x7d, 0x24, 0x4a, 0x58, 0xca, 0x23, 0x9f, 0x09, 0xaa, 0x6c, 0x8c, 0xae, 0xf4,
+	0x27, 0x10, 0x70, 0xf7, 0x33, 0x54, 0xe6, 0xa6, 0x1a, 0x69, 0x47, 0x06, 0xd3, 0x32, 0x37, 0x45,
+	0x87, 0xf6, 0xa5, 0xeb, 0x09, 0xb4, 0x0c, 0x27, 0xf9, 0xc4, 0x98, 0x6d, 0xb5, 0x8c, 0x37, 0x1a,
+	0x4a, 0x57, 0x8b, 0xbf, 0xd4, 0x8d, 0x82, 0xf3, 0x9e, 0x43, 0x2f, 0xc0, 0xb0, 0x6a, 0x5e, 0x5c,
+	0x10, 0x47, 0x6b, 0xca, 0xb5, 0xa7, 0xc8, 0x2c, 0x36, 0xb0, 0x89, 0x87, 0x3e, 0x04, 0x8f, 0xea,
+	0xbf, 0x3c, 0x85, 0x9e, 0x9f, 0x37, 0x2f, 0x88, 0x92, 0xa8, 0xea, 0x32, 0xb2, 0x4b, 0xb9, 0x68,
+	0x0d, 0xdc, 0xeb, 0x79, 0xb4, 0x0e, 0x67, 0x15, 0xe8, 0x42, 0x90, 0xb0, 0x24, 0xd7, 0x98, 0xcc,
+	0x39, 0x31, 0x8b, 0x9c, 0x00, 0xf6, 0x9e, 0xb6, 0xa0, 0x7e, 0xf6, 0x92, 0x97, 0x5c, 0xce, 0xc3,
+	0xc4, 0x4b, 0x78, 0x1f, 0x2a, 0x68, 0x06, 0x6a, 0x24, 0x70, 0xd6, 0x7d, 0xb2, 0x32, 0xbf, 0x28,
+	0x76, 0xa4, 0x3a, 0x3b, 0x42, 0x02, 0xb0, 0xc6, 0x51, 0xf1, 0xfd, 0x23, 0xbd, 0xe2, 0xfb, 0xd1,
+	0x2a, 0x9c, 0xda, 0x74, 0x5b, 0xd4, 0xca, 0xf4, 0x5c, 0x32, 0xeb, 0xb2, 0x80, 0x62, 0xfa, 0x61,
+	0x78, 0x19, 0x7f, 0x95, 0x28, 0x75, 0x69, 0x7e, 0xb5, 0x0b, 0x07, 0xe7, 0x3e, 0xc9, 0x02, 0xcf,
+	0xa3, 0x70, 0xb7, 0x33, 0x79, 0x32, 0x13, 0x78, 0x4e, 0x1b, 0x31, 0x87, 0xa1, 0x2b, 0x80, 0x58,
+	0xb2, 0xe0, 0xe5, 0x24, 0x69, 0x29, 0xb3, 0x76, 0xf2, 0x54, 0xba, 0x40, 0xe2, 0xc5, 0x2e, 0x0c,
+	0x9c, 0xf3, 0x14, 0xb5, 0x7a, 0x82, 0x90, 0x51, 0x9f, 0x7c, 0x34, 0x6d, 0xf5, 0x5c, 0xe3, 0xcd,
+	0x58, 0xc2, 0xd1, 0x77, 0xc2, 0x64, 0x3b, 0x26, 0x6c, 0xc3, 0x7c, 0x33, 0x8c, 0xb6, 0xfd, 0xd0,
+	0x69, 0x2c, 0xb2, 0x5b, 0x67, 0x93, 0xce, 0xe4, 0x24, 0x63, 0x7e, 0x4e, 0x3c, 0x3b, 0x79, 0xbd,
+	0x07, 0x1e, 0xee, 0x49, 0x21, 0x5b, 0xe1, 0xf3, 0x4c, 0x9f, 0x15, 0x3e, 0x57, 0xe1, 0x94, 0xd4,
+	0x6b, 0x2b, 0xf3, 0x8b, 0xea, 0xa5, 0x27, 0xcf, 0xa6, 0xaf, 0xb1, 0x5b, 0xcc, 0xc1, 0xc1, 0xb9,
+	0x4f, 0xda, 0x7f, 0x68, 0xc1, 0xa8, 0x92, 0x60, 0xf7, 0x21, 0x69, 0xd9, 0x4f, 0x27, 0x2d, 0x5f,
+	0x3a, 0xba, 0x0e, 0x60, 0x3d, 0xef, 0x91, 0x62, 0xf3, 0x23, 0xa3, 0x00, 0x5a, 0x4f, 0x28, 0x15,
+	0x6d, 0xf5, 0x54, 0xd1, 0x0f, 0xad, 0x8c, 0xce, 0xab, 0xd8, 0x58, 0x79, 0xb0, 0x15, 0x1b, 0xeb,
+	0x70, 0x5a, 0x4e, 0x29, 0x7e, 0xa4, 0x7c, 0x39, 0x8c, 0x95, 0xc8, 0x37, 0xee, 0x25, 0x5c, 0xcc,
+	0x43, 0xc2, 0xf9, 0xcf, 0xa6, 0x6c, 0xbb, 0xa1, 0x03, 0x6d, 0x3b, 0x25, 0xe5, 0x96, 0x36, 0xe4,
+	0xad, 0xa1, 0x19, 0x29, 0xb7, 0x74, 0xb1, 0x8e, 0x35, 0x4e, 0xbe, 0xaa, 0xab, 0x15, 0xa4, 0xea,
+	0xe0, 0xd0, 0xaa, 0x4e, 0x0a, 0xdd, 0xe1, 0x9e, 0x42, 0x57, 0x1e, 0x5d, 0x8d, 0xf4, 0x3c, 0xba,
+	0xfa, 0x20, 0x8c, 0x79, 0xc1, 0x16, 0x89, 0xbc, 0x84, 0x34, 0xd8, 0x5a, 0x60, 0x02, 0xb9, 0xaa,
+	0x0d, 0x9d, 0xc5, 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x9a, 0x62, 0xac, 0x0f, 0x4d, 0xd1, 0x43, 0x3f,
+	0x8f, 0x17, 0xa3, 0x9f, 0x4f, 0x1c, 0x5d, 0x3f, 0x4f, 0x1c, 0xab, 0x7e, 0x46, 0x85, 0xe8, 0xe7,
+	0xbe, 0x54, 0x9f, 0xb1, 0x49, 0x3f, 0x75, 0xc0, 0x26, 0xbd, 0x97, 0x72, 0x3e, 0x7d, 0xcf, 0xca,
+	0x39, 0x5f, 0xef, 0x3e, 0xf2, 0x8e, 0xde, 0x2d, 0x44, 0xef, 0x7e, 0xa6, 0x04, 0xa7, 0xb5, 0x66,
+	0xa2, 0xf2, 0xc0, 0xdb, 0xa0, 0xb2, 0x99, 0x5d, 0xc5, 0xcd, 0x0f, 0xbc, 0x8d, 0x54, 0x79, 0x5d,
+	0x2c, 0x40, 0x41, 0xb0, 0x81, 0xc5, 0x32, 0xce, 0x49, 0xc4, 0x2e, 0x81, 0xc9, 0xaa, 0xad, 0x79,
+	0xd1, 0x8e, 0x15, 0x06, 0x1d, 0x04, 0xfa, 0x5b, 0x14, 0x3c, 0xc9, 0x96, 0x17, 0x9f, 0xd7, 0x20,
+	0x6c, 0xe2, 0xa1, 0xf7, 0x72, 0x26, 0x4c, 0x64, 0x52, 0xd5, 0x35, 0xc2, 0xb7, 0x95, 0x4a, 0x4a,
+	0x2a, 0xa8, 0xec, 0x0e, 0xab, 0x88, 0x50, 0xe9, 0xee, 0x0e, 0x8b, 0x1d, 0x55, 0x18, 0xf6, 0xff,
+	0xb2, 0xe0, 0x4c, 0xee, 0x50, 0xdc, 0x07, 0x73, 0x64, 0x37, 0x6d, 0x8e, 0xd4, 0x8b, 0xda, 0x92,
+	0x1a, 0x6f, 0xd1, 0xc3, 0x34, 0xf9, 0x4f, 0x16, 0x8c, 0x69, 0xfc, 0xfb, 0xf0, 0xaa, 0x5e, 0xfa,
+	0x55, 0x8b, 0xdb, 0x7d, 0xd7, 0xba, 0xde, 0xed, 0x57, 0x4b, 0xa0, 0x4a, 0xfe, 0xcf, 0xba, 0x49,
+	0x7f, 0xe9, 0x66, 0x1d, 0x18, 0x64, 0x11, 0x24, 0x71, 0x31, 0xd1, 0x71, 0x69, 0xfe, 0x2c, 0x1a,
+	0x45, 0x1f, 0xe8, 0xb1, 0xbf, 0x31, 0x16, 0x0c, 0xd9, 0x15, 0x45, 0xbc, 0x9a, 0x7a, 0x43, 0x24,
+	0x4e, 0xeb, 0x2b, 0x8a, 0x44, 0x3b, 0x56, 0x18, 0x54, 0x61, 0x7a, 0x6e, 0x18, 0xcc, 0xfb, 0x4e,
+	0x1c, 0x0b, 0x1b, 0x4e, 0x29, 0xcc, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x05, 0x97, 0x78, 0x71, 0xcb,
+	0x77, 0x3a, 0x86, 0x8f, 0xc5, 0x28, 0xec, 0xa5, 0x40, 0xd8, 0xc4, 0xb3, 0x9b, 0x30, 0x99, 0x7e,
+	0x89, 0x05, 0xb2, 0xc1, 0x22, 0xbb, 0xfb, 0x1a, 0xce, 0x19, 0xa8, 0x39, 0xec, 0xa9, 0xa5, 0xb6,
+	0x23, 0x64, 0x82, 0x8e, 0x6f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x7f, 0x66, 0xc1, 0xc9, 0x9c, 0x41,
+	0x2b, 0x30, 0x31, 0x3d, 0xd1, 0xd2, 0x26, 0xcf, 0xd4, 0xf9, 0x06, 0x18, 0x6a, 0x90, 0x0d, 0x47,
+	0xc6, 0x0e, 0x9b, 0xa9, 0x06, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x0b, 0x25, 0x18, 0x4f, 0xf7, 0x35,
+	0x66, 0xe9, 0x96, 0x7c, 0x98, 0xbc, 0xd8, 0x0d, 0x77, 0x48, 0xd4, 0xa1, 0x6f, 0x6e, 0x65, 0xd2,
+	0x2d, 0xbb, 0x30, 0x70, 0xce, 0x53, 0xec, 0xc2, 0x8f, 0x86, 0x1a, 0x6d, 0x39, 0x23, 0x6f, 0x14,
+	0x39, 0x23, 0xf5, 0xc7, 0x34, 0xe3, 0x8c, 0x14, 0x4b, 0x6c, 0xf2, 0xa7, 0x26, 0x17, 0x4b, 0x16,
+	0x99, 0x6b, 0x7b, 0x7e, 0xe2, 0x05, 0xe2, 0x95, 0xc5, 0x5c, 0x55, 0x26, 0xd7, 0x72, 0x37, 0x0a,
+	0xce, 0x7b, 0xce, 0xfe, 0xca, 0x00, 0xa8, 0xa2, 0x2b, 0x2c, 0x0e, 0xb4, 0xa0, 0x28, 0xda, 0xc3,
+	0x26, 0xed, 0xaa, 0xb9, 0x35, 0xb0, 0x5f, 0x60, 0x16, 0x77, 0xcc, 0x99, 0x1e, 0x7c, 0x35, 0x60,
+	0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0xda, 0x13, 0xdf, 0xdb, 0x21, 0xfc, 0xa1, 0xc1, 0x74, 0x4f, 0x96,
+	0x24, 0x00, 0x6b, 0x1c, 0x56, 0xdf, 0xdb, 0xdb, 0xd8, 0x10, 0x5e, 0x26, 0x5d, 0xdf, 0xdb, 0xdb,
+	0xd8, 0xc0, 0x0c, 0xc2, 0xaf, 0x84, 0x0a, 0xb7, 0xc5, 0x36, 0xc3, 0xb8, 0x12, 0x2a, 0xdc, 0xc6,
+	0x0c, 0x42, 0xbf, 0x52, 0x10, 0x46, 0x4d, 0xc7, 0xf7, 0xde, 0x20, 0x0d, 0xc5, 0x45, 0x6c, 0x2f,
+	0xd4, 0x57, 0xba, 0xd6, 0x8d, 0x82, 0xf3, 0x9e, 0xa3, 0x13, 0xba, 0x15, 0x91, 0x86, 0xe7, 0x26,
+	0x26, 0x35, 0x48, 0x4f, 0xe8, 0xd5, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x9a, 0x85, 0x71, 0x59, 0x34,
+	0x47, 0x16, 0x9a, 0x1c, 0x4e, 0x57, 0xab, 0xc3, 0x69, 0x30, 0xce, 0xe2, 0x53, 0x21, 0xd9, 0x14,
+	0x65, 0x72, 0xd9, 0x6e, 0xc4, 0x10, 0x92, 0xb2, 0x7c, 0x2e, 0x56, 0x18, 0xf6, 0x27, 0xca, 0x54,
+	0xa9, 0xf7, 0xa8, 0x46, 0x7d, 0xdf, 0xa2, 0xb6, 0xd3, 0x33, 0x72, 0xa0, 0x8f, 0x19, 0xf9, 0x3c,
+	0x8c, 0xdc, 0x8a, 0xc3, 0x40, 0x45, 0x44, 0x57, 0x7a, 0x46, 0x44, 0x1b, 0x58, 0xf9, 0x11, 0xd1,
+	0x83, 0x45, 0x45, 0x44, 0x0f, 0xdd, 0x63, 0x44, 0xf4, 0xbf, 0xa9, 0x80, 0xba, 0xf3, 0xf3, 0x1a,
+	0x49, 0x6e, 0x87, 0xd1, 0xb6, 0x17, 0x6c, 0xb2, 0x02, 0x30, 0x5f, 0xb2, 0x64, 0x0d, 0x99, 0x25,
+	0x33, 0x53, 0x78, 0xa3, 0xa0, 0x7b, 0x1b, 0x53, 0xcc, 0xa6, 0xd7, 0x0c, 0x46, 0x3c, 0xb2, 0x26,
+	0x53, 0xab, 0x46, 0x1c, 0x1a, 0xa4, 0x7a, 0x84, 0xbe, 0x1b, 0x40, 0xba, 0xe4, 0x37, 0xa4, 0x04,
+	0x5e, 0x2c, 0xa6, 0x7f, 0x98, 0x6c, 0x68, 0x93, 0x7a, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0x19,
+	0x9d, 0x45, 0xcd, 0x53, 0xa7, 0x3e, 0x7a, 0x2c, 0x63, 0xd3, 0x4f, 0x0e, 0x35, 0x86, 0x21, 0x2f,
+	0xd8, 0xa4, 0xf3, 0x44, 0x44, 0x8e, 0xbe, 0x27, 0xaf, 0xbe, 0xd8, 0x52, 0xe8, 0x34, 0xe6, 0x1c,
+	0xdf, 0x09, 0x5c, 0x12, 0x2d, 0x72, 0x74, 0xad, 0x41, 0x45, 0x03, 0x96, 0x84, 0xba, 0x2e, 0x26,
+	0xad, 0xf4, 0x73, 0x31, 0xe9, 0xd9, 0x6f, 0x83, 0x89, 0xae, 0x8f, 0x79, 0xa8, 0x94, 0xe9, 0x23,
+	0x54, 0x16, 0xfb, 0xc5, 0x41, 0xad, 0xb4, 0xae, 0x85, 0x0d, 0x7e, 0xcf, 0x65, 0xa4, 0xbf, 0xa8,
+	0x30, 0x99, 0x0b, 0x9c, 0x22, 0x4a, 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xe7, 0x68, 0xcb, 0x89,
+	0x48, 0x70, 0xdc, 0x73, 0x74, 0x55, 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x95, 0xca, 0xed, 0xbb, 0x78,
+	0xf4, 0xdc, 0x3e, 0x56, 0xed, 0x35, 0xef, 0x3a, 0xb8, 0xb7, 0x2c, 0x18, 0x0b, 0x52, 0x33, 0xb7,
+	0x98, 0x70, 0xfe, 0xfc, 0x55, 0xc1, 0xaf, 0x8c, 0x4e, 0xb7, 0xe1, 0x0c, 0xff, 0x3c, 0x95, 0x56,
+	0x39, 0xa4, 0x4a, 0xd3, 0xf7, 0xec, 0x0e, 0xf6, 0xba, 0x67, 0x17, 0x05, 0xea, 0x02, 0xf4, 0xa1,
+	0x22, 0x2a, 0xa4, 0xa4, 0x6e, 0x3f, 0x87, 0x9c, 0x9b, 0xcf, 0x6f, 0x9a, 0xa9, 0xbf, 0x87, 0xbf,
+	0x08, 0x7b, 0xb4, 0x57, 0x8a, 0xb0, 0xfd, 0x7f, 0x07, 0xe0, 0x84, 0x1c, 0x11, 0x99, 0x0a, 0x44,
+	0xf5, 0x23, 0xe7, 0xab, 0x6d, 0x65, 0xa5, 0x1f, 0x2f, 0x4b, 0x00, 0xd6, 0x38, 0xd4, 0x1e, 0x6b,
+	0xc7, 0x64, 0xa5, 0x45, 0x82, 0x25, 0x6f, 0x3d, 0x16, 0xc7, 0xef, 0x6a, 0xa1, 0x5c, 0xd7, 0x20,
+	0x6c, 0xe2, 0xb1, 0xfc, 0x64, 0xd7, 0x2c, 0x12, 0xa2, 0xf3, 0x93, 0x85, 0xa1, 0x2a, 0xe1, 0xe8,
+	0x47, 0x73, 0xaf, 0xc7, 0x28, 0x26, 0x81, 0xb6, 0x2b, 0x03, 0xea, 0x70, 0xf7, 0x62, 0xa0, 0x7f,
+	0x64, 0xc1, 0x69, 0xde, 0x2a, 0x47, 0xf2, 0x7a, 0xab, 0xe1, 0x24, 0x24, 0x2e, 0xe6, 0x2a, 0xb1,
+	0x9c, 0xfe, 0x69, 0x2f, 0x7a, 0x1e, 0x5b, 0x9c, 0xdf, 0x1b, 0xf4, 0x45, 0x0b, 0xc6, 0xb7, 0x53,
+	0x45, 0xbe, 0xa4, 0xea, 0x38, 0x6a, 0x05, 0x9c, 0x14, 0x51, 0xbd, 0xd4, 0xd2, 0xed, 0x31, 0xce,
+	0x72, 0xb7, 0xff, 0xdc, 0x02, 0x53, 0x8c, 0xde, 0xff, 0xda, 0x60, 0x87, 0x37, 0x05, 0xa5, 0x75,
+	0x59, 0xe9, 0x69, 0x5d, 0x3e, 0x01, 0xe5, 0xb6, 0xd7, 0x10, 0xfb, 0x0b, 0x7d, 0xe0, 0xbf, 0xb8,
+	0x80, 0x69, 0xbb, 0xfd, 0xc7, 0x15, 0xed, 0x06, 0x11, 0xf9, 0xa9, 0x7f, 0x25, 0x5e, 0x7b, 0x43,
+	0x15, 0xfd, 0xe5, 0x6f, 0x7e, 0xad, 0xab, 0xe8, 0xef, 0xb7, 0x1c, 0x3e, 0xfd, 0x98, 0x0f, 0x50,
+	0xaf, 0x9a, 0xbf, 0x43, 0x07, 0xe4, 0x1e, 0xdf, 0x82, 0x2a, 0xdd, 0x82, 0x31, 0x7f, 0x66, 0x35,
+	0xd5, 0xa9, 0xea, 0x65, 0xd1, 0x7e, 0x77, 0x6f, 0xea, 0x9b, 0x0f, 0xdf, 0x2d, 0xf9, 0x34, 0x56,
+	0xf4, 0x51, 0x0c, 0x35, 0xfa, 0x9b, 0xa5, 0x49, 0x8b, 0xcd, 0xdd, 0x75, 0x25, 0x33, 0x25, 0xa0,
+	0x90, 0x1c, 0x6c, 0xcd, 0x07, 0x05, 0x50, 0xa3, 0x88, 0x9c, 0x29, 0xdf, 0x03, 0xae, 0xaa, 0x64,
+	0x65, 0x09, 0xb8, 0xbb, 0x37, 0xf5, 0xd2, 0xe1, 0x99, 0xaa, 0xc7, 0xb1, 0x66, 0x61, 0xa8, 0xc6,
+	0xe1, 0x9e, 0x57, 0xd0, 0xff, 0xbf, 0x01, 0x3d, 0xbf, 0x45, 0x3d, 0xe8, 0xbf, 0x12, 0xf3, 0xfb,
+	0xc5, 0xcc, 0xfc, 0x3e, 0xd7, 0x35, 0xbf, 0xc7, 0xe8, 0x98, 0xe5, 0x54, 0xa9, 0xbe, 0xdf, 0xc6,
+	0xc2, 0xc1, 0x3e, 0x09, 0x66, 0x25, 0xbd, 0xde, 0xf6, 0x22, 0x12, 0xaf, 0x46, 0xed, 0xc0, 0x0b,
+	0x36, 0xd9, 0x94, 0xad, 0x9a, 0x56, 0x52, 0x0a, 0x8c, 0xb3, 0xf8, 0x74, 0xe3, 0x4f, 0xe7, 0xc5,
+	0x4d, 0x67, 0x87, 0xcf, 0x3c, 0xa3, 0x16, 0x67, 0x5d, 0xb4, 0x63, 0x85, 0x81, 0xb6, 0xe0, 0x71,
+	0x49, 0x60, 0x81, 0xf8, 0x84, 0xbe, 0x10, 0x0b, 0x64, 0x8c, 0x9a, 0x3c, 0xcd, 0x80, 0xc7, 0xa2,
+	0xbc, 0x5b, 0x50, 0x78, 0x1c, 0xef, 0x83, 0x8b, 0xf7, 0xa5, 0x64, 0x7f, 0x99, 0x85, 0x2e, 0x18,
+	0xd5, 0x22, 0xe8, 0xec, 0xf3, 0xbd, 0xa6, 0x27, 0x4b, 0x86, 0xaa, 0xd9, 0xb7, 0x44, 0x1b, 0x31,
+	0x87, 0xa1, 0xdb, 0x30, 0xb4, 0xce, 0xaf, 0xa6, 0x2f, 0xe6, 0x4a, 0x28, 0x71, 0xcf, 0x3d, 0x2b,
+	0x17, 0x2e, 0x2f, 0xbd, 0xbf, 0xab, 0x7f, 0x62, 0xc9, 0xcd, 0xfe, 0x9d, 0x0a, 0x8c, 0xcb, 0xf0,
+	0xb2, 0xcb, 0x5e, 0xcc, 0x22, 0x12, 0xcc, 0x3b, 0x14, 0x4a, 0x07, 0xde, 0xa1, 0xf0, 0x11, 0x80,
+	0x06, 0x69, 0xf9, 0x61, 0x87, 0x19, 0x87, 0x03, 0x87, 0x36, 0x0e, 0xd5, 0x7e, 0x62, 0x41, 0x51,
+	0xc1, 0x06, 0x45, 0x51, 0x27, 0x95, 0x5f, 0xc9, 0x90, 0xa9, 0x93, 0x6a, 0x5c, 0x1c, 0x37, 0x78,
+	0x7f, 0x2f, 0x8e, 0xf3, 0x60, 0x9c, 0x77, 0x51, 0xd5, 0x64, 0xb8, 0x87, 0xd2, 0x0b, 0x2c, 0xab,
+	0x6d, 0x21, 0x4d, 0x06, 0x67, 0xe9, 0x9a, 0xb7, 0xc2, 0x55, 0xef, 0xf7, 0xad, 0x70, 0xef, 0x83,
+	0x9a, 0xfc, 0xce, 0xf1, 0x64, 0x4d, 0xd7, 0x0b, 0x92, 0xd3, 0x20, 0xc6, 0x1a, 0xde, 0x55, 0x5e,
+	0x06, 0x1e, 0x54, 0x79, 0x19, 0xfb, 0xad, 0x32, 0xdd, 0x55, 0xf0, 0x7e, 0x1d, 0xfa, 0x52, 0xc5,
+	0xcb, 0xc6, 0xa5, 0x8a, 0x87, 0xfb, 0x9e, 0xd5, 0xcc, 0xe5, 0x8b, 0x8f, 0xc3, 0x40, 0xe2, 0x6c,
+	0xca, 0x24, 0x5c, 0x06, 0x5d, 0x73, 0x36, 0x63, 0xcc, 0x5a, 0x0f, 0x53, 0x56, 0xfa, 0x25, 0x18,
+	0x8d, 0xbd, 0xcd, 0xc0, 0x49, 0xda, 0x11, 0x31, 0xce, 0x2f, 0x75, 0x90, 0x8e, 0x09, 0xc4, 0x69,
+	0x5c, 0xf4, 0x49, 0x0b, 0x20, 0x22, 0x6a, 0xcf, 0x32, 0x58, 0xc4, 0x1c, 0x52, 0x62, 0x40, 0xd2,
+	0x35, 0xcb, 0x82, 0xa8, 0xbd, 0x8a, 0xc1, 0xd6, 0xfe, 0xb4, 0x05, 0x13, 0x5d, 0x4f, 0xa1, 0x16,
+	0x0c, 0xba, 0xec, 0xea, 0xcb, 0x62, 0x4a, 0x61, 0xa6, 0xaf, 0xd1, 0xe4, 0xca, 0x89, 0xb7, 0x61,
+	0xc1, 0xc7, 0xfe, 0xa5, 0x11, 0x38, 0x55, 0x9f, 0x5f, 0x96, 0x17, 0x21, 0x1d, 0x5b, 0x56, 0x71,
+	0x1e, 0x8f, 0xfb, 0x97, 0x55, 0xdc, 0x83, 0xbb, 0x6f, 0x64, 0x15, 0xfb, 0x46, 0x56, 0x71, 0x3a,
+	0xc5, 0xb3, 0x5c, 0x44, 0x8a, 0x67, 0x5e, 0x0f, 0xfa, 0x49, 0xf1, 0x3c, 0xb6, 0x34, 0xe3, 0x7d,
+	0x3b, 0x74, 0xa8, 0x34, 0x63, 0x95, 0x83, 0x5d, 0x48, 0x46, 0x59, 0x8f, 0x4f, 0x95, 0x9b, 0x83,
+	0xad, 0xf2, 0x5f, 0x79, 0xb6, 0xa4, 0x50, 0x7a, 0xaf, 0x16, 0xdf, 0x81, 0x3e, 0xf2, 0x5f, 0x45,
+	0xc2, 0xa6, 0x99, 0x73, 0x3d, 0x54, 0x44, 0xce, 0x75, 0x5e, 0x77, 0x0e, 0xcc, 0xb9, 0x7e, 0x09,
+	0x46, 0x5d, 0x3f, 0x0c, 0xc8, 0x6a, 0x14, 0x26, 0xa1, 0x1b, 0xca, 0x8b, 0xc6, 0xf5, 0x9d, 0x91,
+	0x26, 0x10, 0xa7, 0x71, 0x7b, 0x25, 0x6c, 0xd7, 0x8e, 0x9a, 0xb0, 0x0d, 0x0f, 0x28, 0x61, 0xdb,
+	0x48, 0x49, 0x1e, 0x2e, 0x22, 0x25, 0x39, 0xef, 0x8b, 0xf4, 0x95, 0x92, 0xfc, 0x36, 0xbf, 0x67,
+	0x9f, 0x6e, 0x46, 0xb8, 0x14, 0x66, 0x47, 0x74, 0xc3, 0xe7, 0x5f, 0x3b, 0x86, 0x09, 0x7b, 0xb3,
+	0xae, 0xd9, 0xa8, 0xbb, 0xf7, 0x75, 0x13, 0x4e, 0x77, 0xe4, 0x28, 0x69, 0xcc, 0x3f, 0x56, 0x82,
+	0xaf, 0x3b, 0xb0, 0x0b, 0xe8, 0x36, 0x40, 0xe2, 0x6c, 0x8a, 0x89, 0x2a, 0x0e, 0xb2, 0x8e, 0x18,
+	0x57, 0xbc, 0x26, 0xe9, 0x89, 0x14, 0x3b, 0x45, 0x1e, 0x1b, 0xac, 0x58, 0x38, 0x71, 0xe8, 0x77,
+	0x55, 0xb1, 0xc6, 0xa1, 0x4f, 0x30, 0x83, 0x50, 0x43, 0x28, 0x22, 0x9b, 0xd4, 0xb8, 0x2f, 0xa7,
+	0x0d, 0x21, 0xcc, 0x5a, 0xb1, 0x80, 0xa2, 0x17, 0x60, 0xd8, 0xf1, 0x7d, 0x9e, 0xee, 0x47, 0x62,
+	0x71, 0x99, 0xab, 0xae, 0x5d, 0xab, 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0xac, 0x04, 0x53, 0x07, 0xc8,
+	0x94, 0xae, 0x34, 0xef, 0x4a, 0xdf, 0x69, 0xde, 0x22, 0x5d, 0x69, 0xb0, 0x47, 0xba, 0xd2, 0x0b,
+	0x30, 0x9c, 0x10, 0xa7, 0x29, 0x22, 0x11, 0xb3, 0x25, 0x19, 0xd7, 0x34, 0x08, 0x9b, 0x78, 0x54,
+	0x8a, 0x8d, 0x39, 0xae, 0x4b, 0xe2, 0x58, 0xe6, 0x23, 0x09, 0x2f, 0x77, 0x61, 0xc9, 0x4e, 0xec,
+	0xf0, 0x60, 0x36, 0xc5, 0x02, 0x67, 0x58, 0x66, 0x07, 0xbc, 0xd6, 0xe7, 0x80, 0xff, 0x64, 0x09,
+	0x9e, 0xd8, 0x57, 0xbb, 0xf5, 0x9d, 0x2a, 0xd6, 0x8e, 0x49, 0x94, 0x9d, 0x38, 0xd7, 0x63, 0x12,
+	0x61, 0x06, 0xe1, 0xa3, 0xd4, 0x6a, 0xa9, 0x28, 0xf2, 0xe2, 0x73, 0x2b, 0xf9, 0x28, 0xa5, 0x58,
+	0xe0, 0x0c, 0xcb, 0x7b, 0x9d, 0x96, 0xbf, 0x33, 0x00, 0x4f, 0xf5, 0x61, 0x03, 0x14, 0x98, 0x83,
+	0x9a, 0xce, 0xaf, 0x2e, 0x3f, 0xa0, 0xfc, 0xea, 0x7b, 0x1b, 0xae, 0x77, 0xd2, 0xb2, 0xfb, 0xca,
+	0x75, 0xfd, 0x72, 0x09, 0xce, 0xf6, 0x36, 0x58, 0xd0, 0xb7, 0xc2, 0x78, 0xa4, 0x42, 0x12, 0xcd,
+	0xd4, 0xec, 0x93, 0xdc, 0xc7, 0x95, 0x02, 0xe1, 0x2c, 0x2e, 0x9a, 0x06, 0x68, 0x39, 0xc9, 0x56,
+	0x7c, 0x61, 0xd7, 0x8b, 0x13, 0x51, 0xcb, 0x6e, 0x8c, 0x9f, 0xbc, 0xca, 0x56, 0x6c, 0x60, 0x50,
+	0x76, 0xec, 0xdf, 0x42, 0x78, 0x2d, 0x4c, 0xf8, 0x43, 0x7c, 0xeb, 0x79, 0x52, 0xde, 0xfc, 0x68,
+	0x80, 0x70, 0x16, 0x97, 0xb2, 0x63, 0x67, 0xfb, 0xbc, 0xa3, 0x03, 0x3a, 0x99, 0x7b, 0x49, 0xb5,
+	0x62, 0x03, 0x23, 0x9b, 0x74, 0x5e, 0x39, 0x38, 0xe9, 0xdc, 0xfe, 0x57, 0x25, 0x38, 0xd3, 0xd3,
+	0xe0, 0xed, 0x4f, 0x4c, 0x3d, 0x7c, 0x89, 0xdf, 0xf7, 0xb8, 0xc2, 0x0e, 0x95, 0x30, 0x6c, 0xff,
+	0x51, 0x8f, 0x99, 0x26, 0x92, 0x81, 0xef, 0xbd, 0x6e, 0xca, 0xc3, 0x37, 0x9e, 0x5d, 0xf9, 0xbf,
+	0x03, 0x87, 0xc8, 0xff, 0xcd, 0x7c, 0x8c, 0x4a, 0x9f, 0xda, 0xe1, 0xbf, 0x0d, 0xf4, 0x1c, 0x5e,
+	0xba, 0x41, 0xee, 0xeb, 0x04, 0x61, 0x01, 0x4e, 0x78, 0x01, 0xbb, 0xcb, 0xb7, 0xde, 0x5e, 0x17,
+	0xe5, 0xcd, 0x78, 0x0d, 0x5f, 0x95, 0x7d, 0xb3, 0x98, 0x81, 0xe3, 0xae, 0x27, 0x1e, 0xc2, 0x7c,
+	0xec, 0x7b, 0x1b, 0xd2, 0x43, 0x4a, 0xee, 0x15, 0x38, 0x2d, 0x87, 0x62, 0xcb, 0x89, 0x48, 0x43,
+	0x28, 0xdb, 0x58, 0xe4, 0x5b, 0x9d, 0xe1, 0x39, 0x5b, 0x39, 0x08, 0x38, 0xff, 0x39, 0x76, 0xf1,
+	0x6a, 0xd8, 0xf2, 0x5c, 0xb1, 0x15, 0xd4, 0x17, 0xaf, 0xd2, 0x46, 0xcc, 0x61, 0x5a, 0x5f, 0xd4,
+	0xee, 0x8f, 0xbe, 0xf8, 0x08, 0xd4, 0xd4, 0x78, 0xf3, 0x9c, 0x0a, 0x35, 0xc9, 0xbb, 0x72, 0x2a,
+	0xd4, 0x0c, 0x37, 0xb0, 0xe8, 0xec, 0xa0, 0x1b, 0x95, 0xcc, 0x6a, 0xa5, 0xfc, 0x68, 0xbb, 0xfd,
+	0x1c, 0x8c, 0x28, 0x5f, 0x60, 0xbf, 0xd7, 0xdf, 0xda, 0x7f, 0x59, 0x82, 0xcc, 0x4d, 0x6f, 0x68,
+	0x17, 0x6a, 0x8d, 0xa8, 0xc3, 0x1b, 0x8b, 0xa9, 0x21, 0xbd, 0x20, 0xc9, 0xe9, 0x83, 0x30, 0xd5,
+	0x84, 0x35, 0x33, 0xf4, 0x26, 0x2f, 0xd7, 0x2c, 0x58, 0x97, 0x8a, 0xc8, 0xc9, 0xaf, 0x2b, 0x7a,
+	0xe6, 0xfd, 0x96, 0xb2, 0x0d, 0x1b, 0xfc, 0x50, 0x02, 0xb5, 0x2d, 0x79, 0xa3, 0x5d, 0x31, 0xe2,
+	0x4e, 0x5d, 0x90, 0xc7, 0x4d, 0x34, 0xf5, 0x17, 0x6b, 0x46, 0xf6, 0x1f, 0x96, 0xe0, 0x54, 0xfa,
+	0x03, 0x88, 0x83, 0xcb, 0x9f, 0xb6, 0xe0, 0x51, 0xdf, 0x89, 0x93, 0x7a, 0x9b, 0x6d, 0x14, 0x36,
+	0xda, 0xfe, 0x4a, 0xa6, 0xb2, 0xf7, 0x51, 0x9d, 0x2d, 0x8a, 0x70, 0xf6, 0x06, 0xc4, 0xb9, 0xc7,
+	0xee, 0xec, 0x4d, 0x3d, 0xba, 0x94, 0xcf, 0x1c, 0xf7, 0xea, 0x15, 0x7a, 0xcb, 0x82, 0x13, 0x6e,
+	0x3b, 0x8a, 0x48, 0x90, 0xe8, 0xae, 0xf2, 0xaf, 0x78, 0xad, 0x90, 0x81, 0xd4, 0x1d, 0x3c, 0x45,
+	0x05, 0xea, 0x7c, 0x86, 0x17, 0xee, 0xe2, 0x6e, 0xff, 0x20, 0xd5, 0x9c, 0x3d, 0xdf, 0xf3, 0xaf,
+	0xd9, 0x95, 0x8d, 0x7f, 0x32, 0x08, 0xa3, 0xa9, 0xf2, 0xe5, 0xa9, 0xc3, 0x3e, 0xeb, 0xc0, 0xc3,
+	0x3e, 0x96, 0x21, 0xd8, 0x0e, 0xe4, 0x6d, 0xf6, 0x46, 0x86, 0x60, 0x3b, 0x20, 0x98, 0xc3, 0xc4,
+	0x90, 0xe2, 0x76, 0x20, 0x72, 0x01, 0xcc, 0x21, 0xc5, 0xed, 0x00, 0x0b, 0x28, 0xfa, 0xb8, 0x05,
+	0x23, 0x6c, 0xf1, 0x89, 0xa3, 0x52, 0xa1, 0xd0, 0xae, 0x14, 0xb0, 0xdc, 0x65, 0xa9, 0x7e, 0x16,
+	0x3b, 0x6a, 0xb6, 0xe0, 0x14, 0x47, 0xf4, 0x29, 0x0b, 0x6a, 0xea, 0xea, 0x5c, 0x71, 0x36, 0x52,
+	0x2f, 0xb6, 0x3a, 0x7c, 0x46, 0xea, 0xa9, 0x32, 0xdd, 0x58, 0x33, 0x46, 0xb1, 0x3a, 0xc7, 0x1c,
+	0x3a, 0x9e, 0x73, 0x4c, 0xc8, 0x39, 0xc3, 0x7c, 0x1f, 0xd4, 0x9a, 0x4e, 0xe0, 0x6d, 0x90, 0x38,
+	0xe1, 0x47, 0x8b, 0xf2, 0x32, 0x10, 0xd9, 0x88, 0x35, 0x9c, 0x1a, 0xfb, 0x31, 0x7b, 0xb1, 0xc4,
+	0x38, 0x0b, 0x64, 0xc6, 0x7e, 0x5d, 0x37, 0x63, 0x13, 0xc7, 0x3c, 0xb8, 0x84, 0x07, 0x7a, 0x70,
+	0x39, 0x7c, 0xc0, 0xc1, 0x65, 0x1d, 0x4e, 0x3b, 0xed, 0x24, 0xbc, 0x4c, 0x1c, 0x7f, 0x36, 0x49,
+	0x48, 0xb3, 0x95, 0xc4, 0xbc, 0xe2, 0xfd, 0x08, 0x73, 0x01, 0xab, 0x68, 0xb7, 0x3a, 0xf1, 0x37,
+	0xba, 0x90, 0x70, 0xfe, 0xb3, 0xf6, 0xbf, 0xb0, 0xe0, 0x74, 0xee, 0x54, 0x78, 0x78, 0xf3, 0x0c,
+	0xec, 0x1f, 0xae, 0xc0, 0xc9, 0x9c, 0xcb, 0x0d, 0x50, 0xc7, 0x5c, 0x24, 0x56, 0x11, 0x21, 0x7b,
+	0xe9, 0x08, 0x34, 0xf9, 0x6d, 0x72, 0x56, 0xc6, 0xe1, 0x62, 0x11, 0x74, 0x3c, 0x40, 0xf9, 0xfe,
+	0xc6, 0x03, 0x18, 0x73, 0x7d, 0xe0, 0x81, 0xce, 0xf5, 0xca, 0x01, 0x73, 0xfd, 0x67, 0x2c, 0x98,
+	0x6c, 0xf6, 0xb8, 0xa9, 0x4c, 0x9c, 0x27, 0xdd, 0x38, 0x9e, 0x7b, 0xd0, 0xe6, 0x1e, 0xbf, 0xb3,
+	0x37, 0xd5, 0xf3, 0x82, 0x38, 0xdc, 0xb3, 0x57, 0xf6, 0x57, 0xca, 0xc0, 0xec, 0x35, 0x56, 0xc0,
+	0xba, 0x83, 0x3e, 0x66, 0xde, 0x91, 0x62, 0x15, 0x75, 0x9f, 0x07, 0x27, 0xae, 0xee, 0x58, 0xe1,
+	0x23, 0x98, 0x77, 0xe5, 0x4a, 0x56, 0x12, 0x96, 0xfa, 0x90, 0x84, 0xbe, 0xbc, 0x8c, 0xa6, 0x5c,
+	0xfc, 0x65, 0x34, 0xb5, 0xec, 0x45, 0x34, 0xfb, 0x7f, 0xe2, 0x81, 0x87, 0xf2, 0x13, 0xff, 0xb2,
+	0xc5, 0x05, 0x4f, 0xe6, 0x2b, 0x68, 0x73, 0xc3, 0xda, 0xc7, 0xdc, 0x78, 0x06, 0xaa, 0xb1, 0x90,
+	0xcc, 0xc2, 0x2c, 0xd1, 0xa1, 0x60, 0xa2, 0x1d, 0x2b, 0x0c, 0xba, 0xeb, 0x72, 0x7c, 0x3f, 0xbc,
+	0x7d, 0xa1, 0xd9, 0x4a, 0x3a, 0xc2, 0x40, 0x51, 0xdb, 0x82, 0x59, 0x05, 0xc1, 0x06, 0x16, 0x7a,
+	0x0a, 0x06, 0x79, 0xa5, 0x09, 0xe1, 0xdc, 0x19, 0xa6, 0xeb, 0x90, 0x97, 0xa1, 0x68, 0x60, 0x01,
+	0xb2, 0xb7, 0xc0, 0xd8, 0x55, 0xdc, 0xfb, 0x75, 0xd8, 0x07, 0xdf, 0x70, 0x69, 0xff, 0x83, 0x92,
+	0x60, 0xc5, 0x77, 0x09, 0x3a, 0x32, 0xd0, 0x3a, 0x64, 0x64, 0xe0, 0x9b, 0x00, 0x6e, 0xd8, 0x6c,
+	0xd1, 0x7d, 0xf3, 0x5a, 0x58, 0xcc, 0x66, 0x6b, 0x5e, 0xd1, 0xd3, 0xa3, 0xaa, 0xdb, 0xb0, 0xc1,
+	0x2f, 0x25, 0xda, 0xcb, 0x07, 0x8a, 0xf6, 0x94, 0x94, 0x1b, 0xd8, 0x5f, 0xca, 0xd9, 0x7f, 0x66,
+	0x41, 0xca, 0xea, 0x43, 0x2d, 0xa8, 0xd0, 0xee, 0x76, 0x84, 0xc0, 0x58, 0x29, 0xce, 0xc4, 0xa4,
+	0x92, 0x5a, 0xac, 0x42, 0xf6, 0x13, 0x73, 0x46, 0xc8, 0x17, 0x51, 0x90, 0x85, 0x6c, 0x7e, 0x4c,
+	0x86, 0x97, 0xc3, 0x70, 0x9b, 0x07, 0x13, 0xe9, 0x88, 0x4a, 0xfb, 0x45, 0x98, 0xe8, 0xea, 0x14,
+	0xbb, 0x42, 0x3b, 0x94, 0x3b, 0x78, 0x63, 0xf5, 0xb0, 0x82, 0x0f, 0x98, 0xc3, 0xec, 0x2f, 0x5b,
+	0x70, 0x22, 0x4b, 0x1e, 0xbd, 0x6d, 0xc1, 0x44, 0x9c, 0xa5, 0x77, 0x5c, 0x63, 0xa7, 0xb2, 0x1d,
+	0xba, 0x40, 0xb8, 0xbb, 0x13, 0xf6, 0xff, 0x14, 0xda, 0xe0, 0xa6, 0x17, 0x34, 0xc2, 0xdb, 0xca,
+	0x4e, 0xb2, 0x7a, 0xda, 0x49, 0x54, 0x3c, 0xb8, 0x5b, 0xa4, 0xd1, 0xf6, 0xbb, 0xca, 0x50, 0xd4,
+	0x45, 0x3b, 0x56, 0x18, 0x2c, 0xeb, 0xbe, 0x2d, 0xf6, 0xad, 0x99, 0x49, 0xb9, 0x20, 0xda, 0xb1,
+	0xc2, 0x40, 0xcf, 0xc3, 0x88, 0xf1, 0x92, 0x72, 0x5e, 0xb2, 0x4d, 0x87, 0xa1, 0xc1, 0x63, 0x9c,
+	0xc2, 0x42, 0xd3, 0x00, 0xca, 0xe6, 0x92, 0x1a, 0x9b, 0x39, 0xda, 0x95, 0x60, 0x8c, 0xb1, 0x81,
+	0xc1, 0x6a, 0x5c, 0xf8, 0xed, 0x98, 0x9d, 0x24, 0x0f, 0xea, 0x0b, 0x1d, 0xe6, 0x45, 0x1b, 0x56,
+	0x50, 0x2a, 0xdc, 0x9a, 0x4e, 0xd0, 0x76, 0x7c, 0x3a, 0x42, 0xc2, 0x75, 0xa6, 0x96, 0xe1, 0xb2,
+	0x82, 0x60, 0x03, 0x8b, 0xbe, 0x71, 0xe2, 0x35, 0xc9, 0x2b, 0x61, 0x20, 0xa3, 0xd4, 0x75, 0x70,
+	0x81, 0x68, 0xc7, 0x0a, 0x03, 0xbd, 0x08, 0xc3, 0x4e, 0xd0, 0xe0, 0x06, 0x62, 0x18, 0x89, 0x33,
+	0x4a, 0xb5, 0xfb, 0xbc, 0x1e, 0x93, 0x59, 0x0d, 0xc5, 0x26, 0x6a, 0xf6, 0x36, 0x0b, 0xe8, 0xf3,
+	0xb6, 0xbc, 0x3f, 0xb5, 0x60, 0x5c, 0x17, 0x2d, 0x62, 0x1e, 0xb6, 0x94, 0x6b, 0xd1, 0x3a, 0xd0,
+	0xb5, 0x98, 0xae, 0x5d, 0x52, 0xea, 0xab, 0x76, 0x89, 0x59, 0x56, 0xa4, 0xbc, 0x6f, 0x59, 0x91,
+	0xaf, 0x87, 0xa1, 0x6d, 0xd2, 0x31, 0xea, 0x8f, 0x30, 0xe5, 0x70, 0x95, 0x37, 0x61, 0x09, 0x43,
+	0x36, 0x0c, 0xba, 0x8e, 0xaa, 0x61, 0x38, 0x22, 0x62, 0xd3, 0x66, 0x19, 0x92, 0x80, 0xd8, 0x2b,
+	0x50, 0x53, 0x87, 0xfa, 0xd2, 0xd3, 0x67, 0xe5, 0x7b, 0xfa, 0xfa, 0x2a, 0x6f, 0x30, 0xb7, 0xfe,
+	0x1b, 0x5f, 0x7d, 0xf2, 0x5d, 0xbf, 0xfd, 0xd5, 0x27, 0xdf, 0xf5, 0x07, 0x5f, 0x7d, 0xf2, 0x5d,
+	0x1f, 0xbf, 0xf3, 0xa4, 0xf5, 0x1b, 0x77, 0x9e, 0xb4, 0x7e, 0xfb, 0xce, 0x93, 0xd6, 0x1f, 0xdc,
+	0x79, 0xd2, 0xfa, 0xca, 0x9d, 0x27, 0xad, 0xb7, 0xfe, 0xeb, 0x93, 0xef, 0x7a, 0x25, 0x37, 0x2f,
+	0x82, 0xfe, 0x78, 0xbf, 0xdb, 0x98, 0xd9, 0x79, 0x8e, 0x85, 0xe6, 0xd3, 0xf5, 0x3c, 0x63, 0x4c,
+	0xe2, 0x19, 0xb9, 0x9e, 0xff, 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x87, 0xd1, 0xb1, 0x14, 0x1c,
+	0x01, 0x01, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
@@ -10899,6 +10931,20 @@ func (m *KustomizeOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.Versions) > 0 {
+		for iNdEx := len(m.Versions) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Versions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintGenerated(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x1a
+		}
+	}
 	i -= len(m.BinaryPath)
 	copy(dAtA[i:], m.BinaryPath)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.BinaryPath)))
@@ -11108,6 +11154,44 @@ func (m *KustomizeSelector) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
+func (m *KustomizeVersion) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *KustomizeVersion) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *KustomizeVersion) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	i -= len(m.BuildOptions)
+	copy(dAtA[i:], m.BuildOptions)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.BuildOptions)))
+	i--
+	dAtA[i] = 0x1a
+	i -= len(m.Path)
+	copy(dAtA[i:], m.Path)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Path)))
+	i--
+	dAtA[i] = 0x12
+	i -= len(m.Name)
+	copy(dAtA[i:], m.Name)
+	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
+	i--
+	dAtA[i] = 0xa
+	return len(dAtA) - i, nil
+}
+
 func (m *ListGenerator) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -18015,6 +18099,12 @@ func (m *KustomizeOptions) Size() (n int) {
 	n += 1 + l + sovGenerated(uint64(l))
 	l = len(m.BinaryPath)
 	n += 1 + l + sovGenerated(uint64(l))
+	if len(m.Versions) > 0 {
+		for _, e := range m.Versions {
+			l = e.Size()
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }
 
@@ -18086,6 +18176,21 @@ func (m *KustomizeSelector) Size() (n int) {
 	return n
 }
 
+func (m *KustomizeVersion) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	l = len(m.Name)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.Path)
+	n += 1 + l + sovGenerated(uint64(l))
+	l = len(m.BuildOptions)
+	n += 1 + l + sovGenerated(uint64(l))
+	return n
+}
+
 func (m *ListGenerator) Size() (n int) {
 	if m == nil {
 		return 0
@@ -21392,9 +21497,15 @@ func (this *KustomizeOptions) String() string {
 	if this == nil {
 		return "nil"
 	}
+	repeatedStringForVersions := "[]KustomizeVersion{"
+	for _, f := range this.Versions {
+		repeatedStringForVersions += strings.Replace(strings.Replace(f.String(), "KustomizeVersion", "KustomizeVersion", 1), `&`, ``, 1) + ","
+	}
+	repeatedStringForVersions += "}"
 	s := strings.Join([]string{`&KustomizeOptions{`,
 		`BuildOptions:` + fmt.Sprintf("%v", this.BuildOptions) + `,`,
 		`BinaryPath:` + fmt.Sprintf("%v", this.BinaryPath) + `,`,
+		`Versions:` + repeatedStringForVersions + `,`,
 		`}`,
 	}, "")
 	return s
@@ -21457,6 +21568,18 @@ func (this *KustomizeSelector) String() string {
 	}, "")
 	return s
 }
+func (this *KustomizeVersion) String() string {
+	if this == nil {
+		return "nil"
+	}
+	s := strings.Join([]string{`&KustomizeVersion{`,
+		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
+		`Path:` + fmt.Sprintf("%v", this.Path) + `,`,
+		`BuildOptions:` + fmt.Sprintf("%v", this.BuildOptions) + `,`,
+		`}`,
+	}, "")
+	return s
+}
 func (this *ListGenerator) String() string {
 	if this == nil {
 		return "nil"
@@ -39566,6 +39689,40 @@ func (m *KustomizeOptions) Unmarshal(dAtA []byte) error {
 			}
 			m.BinaryPath = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Versions", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Versions = append(m.Versions, KustomizeVersion{})
+			if err := m.Versions[len(m.Versions)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -40261,6 +40418,152 @@ func (m *KustomizeSelector) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *KustomizeVersion) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowGenerated
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: KustomizeVersion: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: KustomizeVersion: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Name = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Path = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field BuildOptions", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.BuildOptions = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipGenerated(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *ListGenerator) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index 87389dc4d6d9e..88bb8a53d2d33 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -1312,7 +1312,14 @@ message KustomizeOptions {
   optional string buildOptions = 1;
 
   // BinaryPath holds optional path to kustomize binary
+  //
+  // Deprecated: Use settings.Settings instead. See: settings.Settings.KustomizeVersions.
+  // If this field is set, it will be used as the Kustomize binary path.
+  // Otherwise, Versions is used.
   optional string binaryPath = 2;
+
+  // Versions is a list of Kustomize versions and their corresponding binary paths and build options.
+  repeated KustomizeVersion versions = 3;
 }
 
 message KustomizePatch {
@@ -1349,6 +1356,18 @@ message KustomizeSelector {
   optional string labelSelector = 3;
 }
 
+// KustomizeVersion holds information about additional Kustomize versions
+message KustomizeVersion {
+  // Name holds Kustomize version name
+  optional string name = 1;
+
+  // Path holds the corresponding binary path
+  optional string path = 2;
+
+  // BuildOptions that are specific to a Kustomize version
+  optional string buildOptions = 3;
+}
+
 // ListGenerator include items info
 message ListGenerator {
   // +kubebuilder:validation:Optional
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index 8a3cbb516aa6e..85fb9eafe68cb 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -3181,12 +3181,30 @@ type HelmOptions struct {
 	ValuesFileSchemes []string `protobuf:"bytes,1,opt,name=valuesFileSchemes"`
 }
 
+// KustomizeVersion holds information about additional Kustomize versions
+type KustomizeVersion struct {
+	// Name holds Kustomize version name
+	Name string `protobuf:"bytes,1,opt,name=name"`
+	// Path holds the corresponding binary path
+	Path string `protobuf:"bytes,2,opt,name=path"`
+	// BuildOptions that are specific to a Kustomize version
+	BuildOptions string `protobuf:"bytes,3,opt,name=buildOptions"`
+}
+
 // KustomizeOptions are options for kustomize to use when building manifests
 type KustomizeOptions struct {
 	// BuildOptions is a string of build parameters to use when calling `kustomize build`
 	BuildOptions string `protobuf:"bytes,1,opt,name=buildOptions"`
+
 	// BinaryPath holds optional path to kustomize binary
+	//
+	// Deprecated: Use settings.Settings instead. See: settings.Settings.KustomizeVersions.
+	// If this field is set, it will be used as the Kustomize binary path.
+	// Otherwise, Versions is used.
 	BinaryPath string `protobuf:"bytes,2,opt,name=binaryPath"`
+
+	// Versions is a list of Kustomize versions and their corresponding binary paths and build options.
+	Versions []KustomizeVersion `protobuf:"bytes,3,rep,name=versions"`
 }
 
 // ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation.
diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
index c70479b70ff1c..d1727af27dfc5 100644
--- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
@@ -2507,6 +2507,11 @@ func (in KustomizeImages) DeepCopy() KustomizeImages {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *KustomizeOptions) DeepCopyInto(out *KustomizeOptions) {
 	*out = *in
+	if in.Versions != nil {
+		in, out := &in.Versions, &out.Versions
+		*out = make([]KustomizeVersion, len(*in))
+		copy(*out, *in)
+	}
 	return
 }
 
@@ -2641,6 +2646,22 @@ func (in *KustomizeSelector) DeepCopy() *KustomizeSelector {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KustomizeVersion) DeepCopyInto(out *KustomizeVersion) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KustomizeVersion.
+func (in *KustomizeVersion) DeepCopy() *KustomizeVersion {
+	if in == nil {
+		return nil
+	}
+	out := new(KustomizeVersion)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ListGenerator) DeepCopyInto(out *ListGenerator) {
 	*out = *in
diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go
index aa5526e14d842..24d0f8fe89818 100644
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -62,6 +62,7 @@ import (
 	pathutil "github.com/argoproj/argo-cd/v3/util/io/path"
 	"github.com/argoproj/argo-cd/v3/util/kustomize"
 	"github.com/argoproj/argo-cd/v3/util/manifeststream"
+	"github.com/argoproj/argo-cd/v3/util/settings"
 	"github.com/argoproj/argo-cd/v3/util/versions"
 )
 
@@ -1498,9 +1499,10 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string,
 		targetObjs, command, err = helmTemplate(appPath, repoRoot, env, q, isLocal, gitRepoPaths)
 		commands = append(commands, command)
 	case v1alpha1.ApplicationSourceTypeKustomize:
-		kustomizeBinary := ""
-		if q.KustomizeOptions != nil {
-			kustomizeBinary = q.KustomizeOptions.BinaryPath
+		var kustomizeBinary string
+		kustomizeBinary, err = settings.GetKustomizeBinaryPath(q.KustomizeOptions, *q.ApplicationSource)
+		if err != nil {
+			return nil, fmt.Errorf("error getting kustomize binary path: %w", err)
 		}
 		k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(gitCredsStore), repoURL, kustomizeBinary, q.Repo.Proxy, q.Repo.NoProxy)
 		targetObjs, _, commands, err = k.Build(q.ApplicationSource.Kustomize, q.KustomizeOptions, env, &kustomize.BuildOpts{
@@ -1669,7 +1671,8 @@ func mergeSourceParameters(source *v1alpha1.ApplicationSource, path, appName str
 	return nil
 }
 
-// GetAppSourceType returns explicit application source type or examines a directory and determines its application source type
+// GetAppSourceType returns explicit application source type or examines a directory and determines its application source type.
+// Overrides are applied as a side effect on the given source.
 func GetAppSourceType(ctx context.Context, source *v1alpha1.ApplicationSource, appPath, repoPath, appName string, enableGenerateManifests map[string]bool, tarExcludedGlobs []string, env []string) (v1alpha1.ApplicationSourceType, error) {
 	err := mergeSourceParameters(source, appPath, appName)
 	if err != nil {
@@ -2300,9 +2303,9 @@ func walkHelmValueFilesInPath(root string, valueFiles *[]string) filepath.WalkFu
 
 func populateKustomizeAppDetails(res *apiclient.RepoAppDetailsResponse, q *apiclient.RepoServerAppDetailsQuery, repoRoot string, appPath string, reversion string, credsStore git.CredsStore) error {
 	res.Kustomize = &apiclient.KustomizeAppSpec{}
-	kustomizeBinary := ""
-	if q.KustomizeOptions != nil {
-		kustomizeBinary = q.KustomizeOptions.BinaryPath
+	kustomizeBinary, err := settings.GetKustomizeBinaryPath(q.KustomizeOptions, *q.Source)
+	if err != nil {
+		return fmt.Errorf("failed to get kustomize binary path: %w", err)
 	}
 	k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(credsStore), q.Repo.Repo, kustomizeBinary, q.Repo.Proxy, q.Repo.NoProxy)
 	fakeManifestRequest := apiclient.ManifestRequest{
diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go
index a6caece858e56..db7ab383012a1 100644
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -52,6 +52,7 @@ import (
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 	iomocks "github.com/argoproj/argo-cd/v3/util/io/mocks"
 	ocimocks "github.com/argoproj/argo-cd/v3/util/oci/mocks"
+	"github.com/argoproj/argo-cd/v3/util/settings"
 )
 
 const testSignature = `gpg: Signature made Wed Feb 26 23:22:34 2020 CET
@@ -239,6 +240,37 @@ func TestGenerateYamlManifestInDir(t *testing.T) {
 	assert.Len(t, res2.Manifests, 3)
 }
 
+func Test_GenerateManifest_KustomizeWithVersionOverride(t *testing.T) {
+	t.Parallel()
+
+	service := newService(t, "../../util/kustomize/testdata/kustomize-with-version-override")
+
+	src := v1alpha1.ApplicationSource{Path: "."}
+	q := apiclient.ManifestRequest{
+		Repo:               &v1alpha1.Repository{},
+		ApplicationSource:  &src,
+		ProjectName:        "something",
+		ProjectSourceRepos: []string{"*"},
+		KustomizeOptions: &v1alpha1.KustomizeOptions{
+			Versions: []v1alpha1.KustomizeVersion{},
+		},
+	}
+
+	_, err := service.GenerateManifest(t.Context(), &q)
+	require.ErrorAs(t, err, &settings.KustomizeVersionNotRegisteredError{Version: "v1.2.3"})
+
+	q.KustomizeOptions.Versions = []v1alpha1.KustomizeVersion{
+		{
+			Name: "v1.2.3",
+			Path: "kustomize",
+		},
+	}
+
+	res, err := service.GenerateManifest(t.Context(), &q)
+	require.NoError(t, err)
+	assert.NotNil(t, res)
+}
+
 func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) {
 	t.Parallel()
 
@@ -1674,6 +1706,32 @@ func TestGetAppDetailsKustomize(t *testing.T) {
 	assert.Equal(t, []string{"nginx:1.15.4", "registry.k8s.io/nginx-slim:0.8"}, res.Kustomize.Images)
 }
 
+func TestGetAppDetailsKustomize_CustomVersion(t *testing.T) {
+	service := newService(t, "../../util/kustomize/testdata/kustomize-with-version-override")
+
+	q := &apiclient.RepoServerAppDetailsQuery{
+		Repo: &v1alpha1.Repository{},
+		Source: &v1alpha1.ApplicationSource{
+			Path: ".",
+		},
+		KustomizeOptions: &v1alpha1.KustomizeOptions{},
+	}
+
+	_, err := service.GetAppDetails(t.Context(), q)
+	require.ErrorAs(t, err, &settings.KustomizeVersionNotRegisteredError{Version: "v1.2.3"})
+
+	q.KustomizeOptions.Versions = []v1alpha1.KustomizeVersion{
+		{
+			Name: "v1.2.3",
+			Path: "kustomize",
+		},
+	}
+
+	res, err := service.GetAppDetails(t.Context(), q)
+	require.NoError(t, err)
+	assert.Equal(t, "Kustomize", res.Type)
+}
+
 func TestGetHelmCharts(t *testing.T) {
 	service := newService(t, "../..")
 	res, err := service.GetHelmCharts(t.Context(), &apiclient.HelmChartsRequest{Repo: &v1alpha1.Repository{}})
diff --git a/server/application/application.go b/server/application/application.go
index 4285d791329d2..a1b907cb2bbc5 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -541,10 +541,6 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan
 				return fmt.Errorf("error getting kustomize settings: %w", err)
 			}
 
-			kustomizeOptions, err := kustomizeSettings.GetOptions(source)
-			if err != nil {
-				return fmt.Errorf("error getting kustomize settings options: %w", err)
-			}
 			installationID, err := s.settingsMgr.GetInstallationID()
 			if err != nil {
 				return fmt.Errorf("error getting installation ID: %w", err)
@@ -574,7 +570,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan
 				Namespace:                       a.Spec.Destination.Namespace,
 				ApplicationSource:               &source,
 				Repos:                           repos,
-				KustomizeOptions:                kustomizeOptions,
+				KustomizeOptions:                kustomizeSettings,
 				KubeVersion:                     serverVersion,
 				ApiVersions:                     argo.APIResourcesToStrings(apiResources, true),
 				HelmRepoCreds:                   helmRepoCreds,
@@ -686,10 +682,6 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get
 		if err != nil {
 			return fmt.Errorf("error getting kustomize settings: %w", err)
 		}
-		kustomizeOptions, err := kustomizeSettings.GetOptions(a.Spec.GetSource())
-		if err != nil {
-			return fmt.Errorf("error getting kustomize settings options: %w", err)
-		}
 
 		req := &apiclient.ManifestRequest{
 			Repo:                            repo,
@@ -699,7 +691,7 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get
 			Namespace:                       a.Spec.Destination.Namespace,
 			ApplicationSource:               &source,
 			Repos:                           helmRepos,
-			KustomizeOptions:                kustomizeOptions,
+			KustomizeOptions:                kustomizeSettings,
 			KubeVersion:                     serverVersion,
 			ApiVersions:                     argo.APIResourcesToStrings(apiResources, true),
 			HelmRepoCreds:                   helmCreds,
@@ -825,15 +817,11 @@ func (s *Server) Get(ctx context.Context, q *application.ApplicationQuery) (*v1a
 			if err != nil {
 				return fmt.Errorf("error getting trackingMethod from settings: %w", err)
 			}
-			kustomizeOptions, err := kustomizeSettings.GetOptions(a.Spec.GetSource())
-			if err != nil {
-				return fmt.Errorf("error getting kustomize settings options: %w", err)
-			}
 			_, err = client.GetAppDetails(ctx, &apiclient.RepoServerAppDetailsQuery{
 				Repo:               repo,
 				Source:             &source,
 				AppName:            appName,
-				KustomizeOptions:   kustomizeOptions,
+				KustomizeOptions:   kustomizeSettings,
 				Repos:              helmRepos,
 				NoCache:            true,
 				TrackingMethod:     trackingMethod,
diff --git a/server/repository/repository.go b/server/repository/repository.go
index edecd5fe26e76..e7bbe177633b9 100644
--- a/server/repository/repository.go
+++ b/server/repository/repository.go
@@ -382,10 +382,6 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta
 	if err != nil {
 		return nil, err
 	}
-	kustomizeOptions, err := kustomizeSettings.GetOptions(*q.Source)
-	if err != nil {
-		return nil, err
-	}
 	helmOptions, err := s.settings.GetHelmSettings()
 	if err != nil {
 		return nil, err
@@ -404,7 +400,7 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta
 		Repo:             repo,
 		Source:           q.Source,
 		Repos:            helmRepos,
-		KustomizeOptions: kustomizeOptions,
+		KustomizeOptions: kustomizeSettings,
 		HelmOptions:      helmOptions,
 		AppName:          q.AppName,
 		RefSources:       refSources,
diff --git a/test/e2e/fixture/app/context.go b/test/e2e/fixture/app/context.go
index 605bcdbda74a7..59370d67161d6 100644
--- a/test/e2e/fixture/app/context.go
+++ b/test/e2e/fixture/app/context.go
@@ -464,3 +464,9 @@ func (c *Context) Sources(sources []v1alpha1.ApplicationSource) *Context {
 	c.sources = sources
 	return c
 }
+
+func (c *Context) RegisterKustomizeVersion(version, path string) *Context {
+	c.t.Helper()
+	require.NoError(c.t, fixture.RegisterKustomizeVersion(version, path))
+	return c
+}
diff --git a/test/e2e/fixture/app/expectation.go b/test/e2e/fixture/app/expectation.go
index 56cf7f32e6d80..0ca0b67b4de1c 100644
--- a/test/e2e/fixture/app/expectation.go
+++ b/test/e2e/fixture/app/expectation.go
@@ -64,6 +64,13 @@ func SyncStatusIs(expected v1alpha1.SyncStatusCode) Expectation {
 	}
 }
 
+func HydrationPhaseIs(expected v1alpha1.HydrateOperationPhase) Expectation {
+	return func(c *Consequences) (state, string) {
+		actual := c.app().Status.SourceHydrator.CurrentOperation.Phase
+		return simple(actual == expected, fmt.Sprintf("hydration phase to be %s, is %s", expected, actual))
+	}
+}
+
 func Condition(conditionType v1alpha1.ApplicationConditionType, conditionMessage string) Expectation {
 	return func(c *Consequences) (state, string) {
 		got := c.app().Status.Conditions
diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go
index e9bfd86945de3..a75b5e418ab54 100644
--- a/test/e2e/fixture/fixture.go
+++ b/test/e2e/fixture/fixture.go
@@ -414,6 +414,13 @@ func updateGenericConfigMap(name string, updater func(cm *corev1.ConfigMap) erro
 	return nil
 }
 
+func RegisterKustomizeVersion(version, path string) error {
+	return updateSettingConfigMap(func(cm *corev1.ConfigMap) error {
+		cm.Data["kustomize.version."+version] = path
+		return nil
+	})
+}
+
 func SetEnableManifestGeneration(val map[v1alpha1.ApplicationSourceType]bool) error {
 	return updateSettingConfigMap(func(cm *corev1.ConfigMap) error {
 		for k, v := range val {
diff --git a/test/e2e/hydrator_test.go b/test/e2e/hydrator_test.go
index 6274bcb7fad36..2ba1c42ebbe10 100644
--- a/test/e2e/hydrator_test.go
+++ b/test/e2e/hydrator_test.go
@@ -100,3 +100,30 @@ func TestAddingApp(t *testing.T) {
 		Then().
 		Expect(DoesNotExist())
 }
+
+func TestKustomizeVersionOverride(t *testing.T) {
+	Given(t).
+		Name("test-kustomize-version-override").
+		DrySourcePath("kustomize-with-version-override").
+		DrySourceRevision("HEAD").
+		SyncSourcePath("kustomize-with-version-override").
+		SyncSourceBranch("env/test").
+		When().
+		// Skip validation, otherwise app creation will fail on the unsupported kustomize version.
+		CreateApp("--validate=false").
+		Refresh(RefreshTypeNormal).
+		Then().
+		// Expect a failure at first because the kustomize version is not supported.
+		Expect(HydrationPhaseIs(HydrateOperationPhaseFailed)).
+		// Now register the kustomize version override and try again.
+		Given().
+		RegisterKustomizeVersion("v1.2.3", "kustomize").
+		When().
+		// Hard refresh so we don't use the cached error.
+		Refresh(RefreshTypeHard).
+		Wait("--hydrated").
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(SyncStatusIs(SyncStatusCodeSynced))
+}
diff --git a/test/e2e/testdata/kustomize-with-version-override/.argocd-source.yaml b/test/e2e/testdata/kustomize-with-version-override/.argocd-source.yaml
new file mode 100644
index 0000000000000..2974be63f8e7c
--- /dev/null
+++ b/test/e2e/testdata/kustomize-with-version-override/.argocd-source.yaml
@@ -0,0 +1,2 @@
+kustomize:
+  version: v1.2.3
diff --git a/test/e2e/testdata/kustomize-with-version-override/deployment.yaml b/test/e2e/testdata/kustomize-with-version-override/deployment.yaml
new file mode 100644
index 0000000000000..3cc7118b4d8ec
--- /dev/null
+++ b/test/e2e/testdata/kustomize-with-version-override/deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-deployment
+spec:
+  selector:
+    matchLabels:
+      app: my-app
+  template:
+    metadata:
+      labels:
+        app: my-app
+    spec:
+      containers:
+        - name: my-container
+          image: my-image:latest
+          ports:
+            - containerPort: 80
+      imagePullSecrets:
+        - name: my-registry-secret
diff --git a/test/e2e/testdata/kustomize-with-version-override/kustomization.yml b/test/e2e/testdata/kustomize-with-version-override/kustomization.yml
new file mode 100644
index 0000000000000..ff6d7ee7eca54
--- /dev/null
+++ b/test/e2e/testdata/kustomize-with-version-override/kustomization.yml
@@ -0,0 +1,2 @@
+resources:
+  - deployment.yaml
\ No newline at end of file
diff --git a/util/argo/argo.go b/util/argo/argo.go
index f6d699f92fde8..ad00e2f4cc13d 100644
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -774,14 +774,6 @@ func verifyGenerateManifests(
 			})
 			continue
 		}
-		kustomizeOptions, err := kustomizeSettings.GetOptions(source)
-		if err != nil {
-			conditions = append(conditions, argoappv1.ApplicationCondition{
-				Type:    argoappv1.ApplicationConditionInvalidSpecError,
-				Message: fmt.Sprintf("Error getting Kustomize options: %v", err),
-			})
-			continue
-		}
 		installationID, err := settingsMgr.GetInstallationID()
 		if err != nil {
 			conditions = append(conditions, argoappv1.ApplicationCondition{
@@ -841,7 +833,7 @@ func verifyGenerateManifests(
 			Namespace:                       app.Spec.Destination.Namespace,
 			ApplicationSource:               &source,
 			AppLabelKey:                     appLabelKey,
-			KustomizeOptions:                kustomizeOptions,
+			KustomizeOptions:                kustomizeSettings,
 			KubeVersion:                     kubeVersion,
 			ApiVersions:                     apiVersions,
 			HelmOptions:                     helmOptions,
diff --git a/util/kustomize/testdata/kustomize-with-version-override/.argocd-source.yaml b/util/kustomize/testdata/kustomize-with-version-override/.argocd-source.yaml
new file mode 100644
index 0000000000000..2974be63f8e7c
--- /dev/null
+++ b/util/kustomize/testdata/kustomize-with-version-override/.argocd-source.yaml
@@ -0,0 +1,2 @@
+kustomize:
+  version: v1.2.3
diff --git a/util/kustomize/testdata/kustomize-with-version-override/deployment.yaml b/util/kustomize/testdata/kustomize-with-version-override/deployment.yaml
new file mode 100644
index 0000000000000..3cc7118b4d8ec
--- /dev/null
+++ b/util/kustomize/testdata/kustomize-with-version-override/deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: my-deployment
+spec:
+  selector:
+    matchLabels:
+      app: my-app
+  template:
+    metadata:
+      labels:
+        app: my-app
+    spec:
+      containers:
+        - name: my-container
+          image: my-image:latest
+          ports:
+            - containerPort: 80
+      imagePullSecrets:
+        - name: my-registry-secret
diff --git a/util/kustomize/testdata/kustomize-with-version-override/kustomization.yml b/util/kustomize/testdata/kustomize-with-version-override/kustomization.yml
new file mode 100644
index 0000000000000..ff6d7ee7eca54
--- /dev/null
+++ b/util/kustomize/testdata/kustomize-with-version-override/kustomization.yml
@@ -0,0 +1,2 @@
+resources:
+  - deployment.yaml
\ No newline at end of file
diff --git a/util/notification/argocd/service.go b/util/notification/argocd/service.go
index 81082052602e1..6df3e4176b373 100644
--- a/util/notification/argocd/service.go
+++ b/util/notification/argocd/service.go
@@ -66,14 +66,6 @@ func (svc *argoCDService) GetCommitMetadata(ctx context.Context, repoURL string,
 	}, nil
 }
 
-func (svc *argoCDService) getKustomizeOptions(source *v1alpha1.ApplicationSource) (*v1alpha1.KustomizeOptions, error) {
-	kustomizeSettings, err := svc.settingsMgr.GetKustomizeSettings()
-	if err != nil {
-		return nil, err
-	}
-	return kustomizeSettings.GetOptions(*source)
-}
-
 func (svc *argoCDService) GetAppDetails(ctx context.Context, app *v1alpha1.Application) (*shared.AppDetail, error) {
 	appSource := app.Spec.GetSourcePtrByIndex(0)
 
@@ -86,7 +78,7 @@ func (svc *argoCDService) GetAppDetails(ctx context.Context, app *v1alpha1.Appli
 	if err != nil {
 		return nil, err
 	}
-	kustomizeOptions, err := svc.getKustomizeOptions(appSource)
+	kustomizeOptions, err := svc.settingsMgr.GetKustomizeSettings()
 	if err != nil {
 		return nil, err
 	}
diff --git a/util/settings/settings.go b/util/settings/settings.go
index e5dc5b0030a59..f252d9d0613ee 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -216,22 +216,6 @@ type HelmRepoCredentials struct {
 	KeySecret      *corev1.SecretKeySelector `json:"keySecret,omitempty"`
 }
 
-// KustomizeVersion holds information about additional Kustomize version
-type KustomizeVersion struct {
-	// Name holds Kustomize version name
-	Name string
-	// Path holds corresponding binary path
-	Path string
-	// BuildOptions that are specific to Kustomize version
-	BuildOptions string
-}
-
-// KustomizeSettings holds kustomize settings
-type KustomizeSettings struct {
-	BuildOptions string
-	Versions     []KustomizeVersion
-}
-
 var (
 	ByClusterURLIndexer     = "byClusterURL"
 	byClusterURLIndexerFunc = func(obj any) ([]string, error) {
@@ -290,29 +274,39 @@ var (
 	}
 )
 
-func (ks *KustomizeSettings) GetOptions(source v1alpha1.ApplicationSource) (*v1alpha1.KustomizeOptions, error) {
-	binaryPath := ""
-	buildOptions := ""
+// KustomizeVersionNotRegisteredError is an error type that indicates a requested Kustomize version is not registered in
+// the Kustomize options in argocd-cm.
+type KustomizeVersionNotRegisteredError struct {
+	// Version is the Kustomize version that is not registered
+	Version string
+}
+
+func (e KustomizeVersionNotRegisteredError) Error() string {
+	return fmt.Sprintf("kustomize version %s is not registered", e.Version)
+}
+
+// GetKustomizeBinaryPath returns the path to the kustomize binary based on the provided KustomizeOptions and ApplicationSource.
+func GetKustomizeBinaryPath(ks *v1alpha1.KustomizeOptions, source v1alpha1.ApplicationSource) (string, error) {
+	if ks == nil {
+		// No versions or binary path specified, stick with defaults.
+		return "", nil
+	}
+
+	if ks.BinaryPath != "" { // nolint:staticcheck // BinaryPath is deprecated, but still supported for backward compatibility
+		log.Warn("kustomizeOptions.binaryPath is deprecated, use KustomizeOptions.versions instead")
+		// nolint:staticcheck // BinaryPath is deprecated, but if it's set, we'll use it to ensure backward compatibility
+		return ks.BinaryPath, nil
+	}
+
 	if source.Kustomize != nil && source.Kustomize.Version != "" {
 		for _, ver := range ks.Versions {
 			if ver.Name == source.Kustomize.Version {
-				// add version specific path and build options
-				binaryPath = ver.Path
-				buildOptions = ver.BuildOptions
-				break
+				return ver.Path, nil
 			}
 		}
-		if binaryPath == "" {
-			return nil, fmt.Errorf("kustomize version %s is not registered", source.Kustomize.Version)
-		}
-	} else {
-		// add build options for the default version
-		buildOptions = ks.BuildOptions
+		return "", KustomizeVersionNotRegisteredError{Version: source.Kustomize.Version}
 	}
-	return &v1alpha1.KustomizeOptions{
-		BuildOptions: buildOptions,
-		BinaryPath:   binaryPath,
-	}, nil
+	return "", nil
 }
 
 // Credentials for accessing a Git repository
@@ -1153,14 +1147,14 @@ func (mgr *SettingsManager) GetHelmSettings() (*v1alpha1.HelmOptions, error) {
 }
 
 // GetKustomizeSettings loads the kustomize settings from argocd-cm ConfigMap
-func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error) {
+func (mgr *SettingsManager) GetKustomizeSettings() (*v1alpha1.KustomizeOptions, error) {
 	argoCDCM, err := mgr.getConfigMap()
 	if err != nil {
 		return nil, fmt.Errorf("error retrieving argocd-cm: %w", err)
 	}
-	kustomizeVersionsMap := map[string]KustomizeVersion{}
+	kustomizeVersionsMap := map[string]v1alpha1.KustomizeVersion{}
 	buildOptions := map[string]string{}
-	settings := &KustomizeSettings{}
+	settings := &v1alpha1.KustomizeOptions{}
 
 	// extract build options for the default version
 	if options, ok := argoCDCM.Data[kustomizeBuildOptionsKey]; ok {
@@ -1200,12 +1194,12 @@ func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error) {
 	return settings, nil
 }
 
-func addKustomizeVersion(prefix, name, path string, kvMap map[string]KustomizeVersion) error {
+func addKustomizeVersion(prefix, name, path string, kvMap map[string]v1alpha1.KustomizeVersion) error {
 	version := name[len(prefix)+1:]
 	if _, ok := kvMap[version]; ok {
 		return fmt.Errorf("found duplicate kustomize version: %s", version)
 	}
-	kvMap[version] = KustomizeVersion{
+	kvMap[version] = v1alpha1.KustomizeVersion{
 		Name: version,
 		Path: path,
 	}
diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go
index 4e362df8ad803..775c1d86b0807 100644
--- a/util/settings/settings_test.go
+++ b/util/settings/settings_test.go
@@ -713,7 +713,7 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
 
 		require.NoError(t, err)
 		assert.Equal(t, "foo", options.BuildOptions)
-		assert.Equal(t, []KustomizeVersion{{Name: "v3.2.1", Path: "somePath"}}, options.Versions)
+		assert.Equal(t, []v1alpha1.KustomizeVersion{{Name: "v3.2.1", Path: "somePath"}}, options.Versions)
 	})
 
 	t.Run("Kustomize settings per-version", func(t *testing.T) {
@@ -731,15 +731,15 @@ func TestSettingsManager_GetKustomizeBuildOptions(t *testing.T) {
 
 		require.NoError(t, err)
 		assert.Equal(t, "--global true", got.BuildOptions)
-		want := &KustomizeSettings{
+		want := &v1alpha1.KustomizeOptions{
 			BuildOptions: "--global true",
-			Versions: []KustomizeVersion{
+			Versions: []v1alpha1.KustomizeVersion{
 				{Name: "v3.2.1", Path: "/path_3.2.1"},
 				{Name: "v3.2.3", Path: "/path_3.2.3", BuildOptions: "--options v3.2.3"},
 				{Name: "v3.2.4", Path: "/path_3.2.4", BuildOptions: "--options v3.2.4"},
 			},
 		}
-		sortVersionsByName := func(versions []KustomizeVersion) {
+		sortVersionsByName := func(versions []v1alpha1.KustomizeVersion) {
 			sort.Slice(versions, func(i, j int) bool {
 				return versions[i].Name > versions[j].Name
 			})
@@ -814,10 +814,10 @@ func TestSettingsManager_GetEventLabelKeys(t *testing.T) {
 	}
 }
 
-func TestKustomizeSettings_GetOptions(t *testing.T) {
-	settings := KustomizeSettings{
+func Test_GetKustomizeBinaryPath(t *testing.T) {
+	ko := &v1alpha1.KustomizeOptions{
 		BuildOptions: "--opt1 val1",
-		Versions: []KustomizeVersion{
+		Versions: []v1alpha1.KustomizeVersion{
 			{Name: "v1", Path: "path_v1"},
 			{Name: "v2", Path: "path_v2"},
 			{Name: "v3", Path: "path_v3", BuildOptions: "--opt2 val2"},
@@ -825,35 +825,42 @@ func TestKustomizeSettings_GetOptions(t *testing.T) {
 	}
 
 	t.Run("VersionDoesNotExist", func(t *testing.T) {
-		_, err := settings.GetOptions(v1alpha1.ApplicationSource{
+		_, err := GetKustomizeBinaryPath(ko, v1alpha1.ApplicationSource{
 			Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v4"},
 		})
 		require.Error(t, err)
 	})
 
 	t.Run("DefaultBuildOptions", func(t *testing.T) {
-		ver, err := settings.GetOptions(v1alpha1.ApplicationSource{})
+		ver, err := GetKustomizeBinaryPath(ko, v1alpha1.ApplicationSource{})
 		require.NoError(t, err)
-		assert.Empty(t, ver.BinaryPath)
-		assert.Equal(t, "--opt1 val1", ver.BuildOptions)
+		assert.Empty(t, ver)
 	})
 
 	t.Run("VersionExists", func(t *testing.T) {
-		ver, err := settings.GetOptions(v1alpha1.ApplicationSource{
+		ver, err := GetKustomizeBinaryPath(ko, v1alpha1.ApplicationSource{
 			Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v2"},
 		})
 		require.NoError(t, err)
-		assert.Equal(t, "path_v2", ver.BinaryPath)
-		assert.Empty(t, ver.BuildOptions)
+		assert.Equal(t, "path_v2", ver)
 	})
 
 	t.Run("VersionExistsWithBuildOption", func(t *testing.T) {
-		ver, err := settings.GetOptions(v1alpha1.ApplicationSource{
+		ver, err := GetKustomizeBinaryPath(ko, v1alpha1.ApplicationSource{
 			Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v3"},
 		})
 		require.NoError(t, err)
-		assert.Equal(t, "path_v3", ver.BinaryPath)
-		assert.Equal(t, "--opt2 val2", ver.BuildOptions)
+		assert.Equal(t, "path_v3", ver)
+	})
+
+	t.Run("ExplicitVersionSet", func(t *testing.T) {
+		// nolint:staticcheck // test for backwards compatibility with deprecated field
+		ko.BinaryPath = "custom_path"
+		ver, err := GetKustomizeBinaryPath(ko, v1alpha1.ApplicationSource{
+			Kustomize: &v1alpha1.ApplicationSourceKustomize{Version: "v3"},
+		})
+		require.NoError(t, err)
+		assert.Equal(t, "custom_path", ver)
 	})
 }
 

From 8c0bf7fbfc32a221177c42dc0bcfe66513dd3a79 Mon Sep 17 00:00:00 2001
From: Bittrance <bittrance@gmail.com>
Date: Wed, 16 Jul 2025 18:02:10 +0200
Subject: [PATCH 149/383] docs: intersection of apps-in-any-namespace and
 parameter overrides clarification (#23810) (#23816)

Signed-off-by: Bittrance <bittrance@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/parameters.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/user-guide/parameters.md b/docs/user-guide/parameters.md
index 54ff471beadf3..749bc81d09da1 100644
--- a/docs/user-guide/parameters.md
+++ b/docs/user-guide/parameters.md
@@ -80,6 +80,9 @@ are sourcing multiple applications from a single path in your repository.
 
 The application specific file must be named `.argocd-source-<appname>.yaml`,
 where `<appname>` is the name of the application the overrides are valid for.
+When combined with the [apps-in-any-namespace](../operator-manual/app-any-namespace.md)
+feature, filename is expected to include the namespace name as a prefix, i.e.
+`.argocd-source-<namespace>_<appname>.yaml`.
 
 If there exists a non-application specific `.argocd-source.yaml`, parameters
 included in that file will be merged first, and then the application specific

From c70b35e190fc8af2b93ab39a6d0de4631a13dec4 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 16 Jul 2025 13:39:30 -0400
Subject: [PATCH 150/383] fix(sync): operations in errors without status cause
 infinite auto-sync loop  (#23356)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go |  23 +++----
 controller/state.go         |  81 +++++++++-------------
 controller/sync.go          | 132 ++++++++++++++----------------------
 3 files changed, 96 insertions(+), 140 deletions(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index 154fe596465b0..0a924e3c98a83 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1396,12 +1396,12 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 	if isOperationInProgress(app) {
 		state = app.Status.OperationState.DeepCopy()
 		terminating = state.Phase == synccommon.OperationTerminating
-		// Failed  operation with retry strategy might have be in-progress and has completion time
 		switch {
 		case state.FinishedAt != nil && !terminating:
+			// Failed operation with retry strategy might be in-progress and has completion time
 			retryAt, err := app.Status.OperationState.Operation.Retry.NextRetryAt(state.FinishedAt.Time, state.RetryCount)
 			if err != nil {
-				state.Phase = synccommon.OperationFailed
+				state.Phase = synccommon.OperationError
 				state.Message = err.Error()
 				ctrl.setOperationState(app, state)
 				return
@@ -1412,12 +1412,11 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 				ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), &retryAfter)
 				return
 			}
-			// retrying operation. remove previous failure time in app since it is used as a trigger
-			// that previous failed and operation should be retried
-			state.FinishedAt = nil
-			ctrl.setOperationState(app, state)
 			// Get rid of sync results and null out previous operation completion time
+			// This will start the retry attempt
+			state.FinishedAt = nil
 			state.SyncResult = nil
+			ctrl.setOperationState(app, state)
 		case ctrl.syncTimeout != time.Duration(0) && time.Now().After(state.StartedAt.Add(ctrl.syncTimeout)) && !terminating:
 			state.Phase = synccommon.OperationTerminating
 			state.Message = "operation is terminating due to timeout"
@@ -1427,7 +1426,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 			logCtx.Infof("Resuming in-progress operation. phase: %s, message: %s", state.Phase, state.Message)
 		}
 	} else {
-		state = &appv1.OperationState{Phase: synccommon.OperationRunning, Operation: *app.Operation, StartedAt: metav1.Now()}
+		state = NewOperationState(*app.Operation)
 		ctrl.setOperationState(app, state)
 		if ctrl.syncTimeout != time.Duration(0) {
 			// Schedule a check during which the timeout would be checked.
@@ -1438,12 +1437,12 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 	ts.AddCheckpoint("initial_operation_stage_ms")
 
 	project, err := ctrl.getAppProj(app)
-	if err != nil {
-		state.Phase = synccommon.OperationError
-		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
-	} else {
+	if err == nil {
 		// Start or resume the sync
 		ctrl.appStateManager.SyncAppState(app, project, state)
+	} else {
+		state.Phase = synccommon.OperationError
+		state.Message = fmt.Sprintf("Failed to load application project: %v", err)
 	}
 	ts.AddCheckpoint("sync_app_state_ms")
 
@@ -2212,7 +2211,7 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *
 	ctrl.writeBackToInformer(updatedApp)
 	ts.AddCheckpoint("write_back_to_informer_ms")
 
-	message := fmt.Sprintf("Initiated automated sync to '%s'", desiredRevisions)
+	message := fmt.Sprintf("Initiated automated sync to %s", desiredRevisions)
 	ctrl.logAppEvent(context.TODO(), app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: corev1.EventTypeNormal}, message)
 	logCtx.Info(message)
 	return nil, setOpTime
diff --git a/controller/state.go b/controller/state.go
index 63df4566466da..e0d09f1bf4504 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -531,30 +531,35 @@ func isManagedNamespace(ns *unstructured.Unstructured, app *v1alpha1.Application
 // revision and overrides in the app spec.
 func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) (*comparisonResult, error) {
 	ts := stats.NewTimingStats()
-	appLabelKey, resourceOverrides, resFilter, installationID, trackingMethod, err := m.getComparisonSettings()
+	logCtx := log.WithFields(applog.GetAppLogFields(app))
 
-	ts.AddCheckpoint("settings_ms")
+	// Build initial sync status
+	syncStatus := &v1alpha1.SyncStatus{
+		ComparedTo: v1alpha1.ComparedTo{
+			Destination:       app.Spec.Destination,
+			IgnoreDifferences: app.Spec.IgnoreDifferences,
+		},
+		Status: v1alpha1.SyncStatusCodeUnknown,
+	}
+	if hasMultipleSources {
+		syncStatus.ComparedTo.Sources = sources
+		syncStatus.Revisions = revisions
+	} else {
+		if len(sources) > 0 {
+			syncStatus.ComparedTo.Source = sources[0]
+		} else {
+			logCtx.Warn("CompareAppState: sources should not be empty")
+		}
+		if len(revisions) > 0 {
+			syncStatus.Revision = revisions[0]
+		}
+	}
 
-	// return unknown comparison result if basic comparison settings cannot be loaded
+	appLabelKey, resourceOverrides, resFilter, installationID, trackingMethod, err := m.getComparisonSettings()
+	ts.AddCheckpoint("settings_ms")
 	if err != nil {
-		if hasMultipleSources {
-			return &comparisonResult{
-				syncStatus: &v1alpha1.SyncStatus{
-					ComparedTo: app.Spec.BuildComparedToStatus(sources),
-					Status:     v1alpha1.SyncStatusCodeUnknown,
-					Revisions:  revisions,
-				},
-				healthStatus: health.HealthStatusUnknown,
-			}, nil
-		}
-		return &comparisonResult{
-			syncStatus: &v1alpha1.SyncStatus{
-				ComparedTo: app.Spec.BuildComparedToStatus(sources),
-				Status:     v1alpha1.SyncStatusCodeUnknown,
-				Revision:   revisions[0],
-			},
-			healthStatus: health.HealthStatusUnknown,
-		}, nil
+		// return unknown comparison result if basic comparison settings cannot be loaded
+		return &comparisonResult{syncStatus: syncStatus, healthStatus: health.HealthStatusUnknown}, nil
 	}
 
 	// When signature keys are defined in the project spec, we need to verify the signature on the Git revision
@@ -569,7 +574,6 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 		return nil, err
 	}
 
-	logCtx := log.WithFields(applog.GetAppLogFields(app))
 	logCtx.Infof("Comparing app state (cluster: %s, namespace: %s)", app.Spec.Destination.Server, app.Spec.Destination.Namespace)
 
 	var targetObjs []*unstructured.Unstructured
@@ -578,7 +582,6 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 	var manifestInfos []*apiclient.ManifestResponse
 	targetNsExists := false
 
-	// revisionsMayHaveChanges if there are any possibilities that the revisions contain changes
 	var revisionsMayHaveChanges bool
 
 	if len(localManifests) == 0 {
@@ -939,32 +942,14 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 	} else if app.HasChangedManagedNamespaceMetadata() {
 		syncCode = v1alpha1.SyncStatusCodeOutOfSync
 	}
-	var revision string
 
-	if !hasMultipleSources && len(manifestRevisions) > 0 {
-		revision = manifestRevisions[0]
-	}
-	var syncStatus v1alpha1.SyncStatus
+	syncStatus.Status = syncCode
+
+	// Update the initial revision to the resolved manifest SHA
 	if hasMultipleSources {
-		syncStatus = v1alpha1.SyncStatus{
-			ComparedTo: v1alpha1.ComparedTo{
-				Destination:       app.Spec.Destination,
-				Sources:           sources,
-				IgnoreDifferences: app.Spec.IgnoreDifferences,
-			},
-			Status:    syncCode,
-			Revisions: manifestRevisions,
-		}
-	} else {
-		syncStatus = v1alpha1.SyncStatus{
-			ComparedTo: v1alpha1.ComparedTo{
-				Destination:       app.Spec.Destination,
-				Source:            app.Spec.GetSource(),
-				IgnoreDifferences: app.Spec.IgnoreDifferences,
-			},
-			Status:   syncCode,
-			Revision: revision,
-		}
+		syncStatus.Revisions = manifestRevisions
+	} else if len(manifestRevisions) > 0 {
+		syncStatus.Revision = manifestRevisions[0]
 	}
 
 	ts.AddCheckpoint("sync_ms")
@@ -984,7 +969,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 	}
 
 	compRes := comparisonResult{
-		syncStatus:              &syncStatus,
+		syncStatus:              syncStatus,
 		healthStatus:            healthStatus,
 		resources:               resourceSummaries,
 		managedResources:        managedResources,
diff --git a/controller/sync.go b/controller/sync.go
index 6c39cd4ce7441..398c0e4ed644e 100644
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -86,12 +86,38 @@ func (m *appStateManager) getServerSideDiffDryRunApplier(cluster *v1alpha1.Clust
 	return ops, cleanup, nil
 }
 
-func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, state *v1alpha1.OperationState) {
+func NewOperationState(operation v1alpha1.Operation) *v1alpha1.OperationState {
+	return &v1alpha1.OperationState{
+		Phase:     common.OperationRunning,
+		Operation: operation,
+		StartedAt: metav1.Now(),
+	}
+}
+
+func newSyncOperationResult(app *v1alpha1.Application, op v1alpha1.SyncOperation) *v1alpha1.SyncOperationResult {
+	syncRes := &v1alpha1.SyncOperationResult{}
+
+	if len(op.Sources) > 0 || op.Source != nil {
+		// specific source specified in the SyncOperation
+		if op.Source != nil {
+			syncRes.Source = *op.Source
+		}
+		syncRes.Sources = op.Sources
+	} else {
+		// normal sync case, get sources from the spec
+		syncRes.Sources = app.Spec.Sources
+		syncRes.Source = app.Spec.GetSource()
+	}
+
 	// Sync requests might be requested with ambiguous revisions (e.g. master, HEAD, v1.2.3).
 	// This can change meaning when resuming operations (e.g a hook sync). After calculating a
-	// concrete git commit SHA, the SHA is remembered in the status.operationState.syncResult field.
-	// This ensures that when resuming an operation, we sync to the same revision that we initially
-	// started with.
+	// concrete git commit SHA, the revision of the SyncOperationResult will be updated with the SHA
+	syncRes.Revision = op.Revision
+	syncRes.Revisions = op.Revisions
+	return syncRes
+}
+
+func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, state *v1alpha1.OperationState) {
 	syncId, err := syncid.Generate()
 	if err != nil {
 		state.Phase = common.OperationError
@@ -100,75 +126,19 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alp
 	}
 	logEntry := log.WithFields(applog.GetAppLogFields(app)).WithField("syncId", syncId)
 
-	var revision string
-	var syncOp v1alpha1.SyncOperation
-	var syncRes *v1alpha1.SyncOperationResult
-	var source v1alpha1.ApplicationSource
-	var sources []v1alpha1.ApplicationSource
-	revisions := make([]string, 0)
-
 	if state.Operation.Sync == nil {
-		state.Phase = common.OperationFailed
+		state.Phase = common.OperationError
 		state.Message = "Invalid operation request: no operation specified"
 		return
 	}
-	syncOp = *state.Operation.Sync
 
-	isMultiSourceRevision := app.Spec.HasMultipleSources()
-	rollback := len(syncOp.Sources) > 0 || syncOp.Source != nil
-	if rollback {
-		// rollback case
-		if len(state.Operation.Sync.Sources) > 0 {
-			sources = state.Operation.Sync.Sources
-			isMultiSourceRevision = true
-		} else {
-			source = *state.Operation.Sync.Source
-			sources = make([]v1alpha1.ApplicationSource, 0)
-			isMultiSourceRevision = false
-		}
-	} else {
-		// normal sync case (where source is taken from app.spec.sources)
-		if app.Spec.HasMultipleSources() {
-			sources = app.Spec.Sources
-		} else {
-			// normal sync case (where source is taken from app.spec.source)
-			source = app.Spec.GetSource()
-			sources = make([]v1alpha1.ApplicationSource, 0)
-		}
-	}
+	syncOp := *state.Operation.Sync
 
-	if state.SyncResult != nil {
-		syncRes = state.SyncResult
-		revision = state.SyncResult.Revision
-		revisions = append(revisions, state.SyncResult.Revisions...)
-	} else {
-		syncRes = &v1alpha1.SyncOperationResult{}
-		// status.operationState.syncResult.source. must be set properly since auto-sync relies
-		// on this information to decide if it should sync (if source is different than the last
-		// sync attempt)
-		if isMultiSourceRevision {
-			syncRes.Sources = sources
-		} else {
-			syncRes.Source = source
-		}
-		state.SyncResult = syncRes
+	if state.SyncResult == nil {
+		state.SyncResult = newSyncOperationResult(app, syncOp)
 	}
 
-	// if we get here, it means we did not remember a commit SHA which we should be syncing to.
-	// This typically indicates we are just about to begin a brand new sync/rollback operation.
-	// Take the value in the requested operation. We will resolve this to a SHA later.
-	if isMultiSourceRevision {
-		if len(revisions) != len(sources) {
-			revisions = syncOp.Revisions
-		}
-	} else {
-		if revision == "" {
-			revision = syncOp.Revision
-		}
-	}
-
-	isBlocked, err := syncWindowPreventsSync(app, project)
-	if isBlocked {
+	if isBlocked, err := syncWindowPreventsSync(app, project); isBlocked {
 		// If the operation is currently running, simply let the user know the sync is blocked by a current sync window
 		if state.Phase == common.OperationRunning {
 			state.Message = "Sync operation blocked by sync window"
@@ -179,30 +149,32 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alp
 		return
 	}
 
-	if !isMultiSourceRevision {
-		sources = []v1alpha1.ApplicationSource{source}
-		revisions = []string{revision}
+	revisions := state.SyncResult.Revisions
+	sources := state.SyncResult.Sources
+	isMultiSourceSync := len(sources) > 0
+	if !isMultiSourceSync {
+		sources = []v1alpha1.ApplicationSource{state.SyncResult.Source}
+		revisions = []string{state.SyncResult.Revision}
 	}
 
 	// ignore error if CompareStateRepoError, this shouldn't happen as noRevisionCache is true
-	compareResult, err := m.CompareAppState(app, project, revisions, sources, false, true, syncOp.Manifests, isMultiSourceRevision)
+	compareResult, err := m.CompareAppState(app, project, revisions, sources, false, true, syncOp.Manifests, isMultiSourceSync)
 	if err != nil && !stderrors.Is(err, ErrCompareStateRepo) {
 		state.Phase = common.OperationError
 		state.Message = err.Error()
 		return
 	}
-	// We now have a concrete commit SHA. Save this in the sync result revision so that we remember
-	// what we should be syncing to when resuming operations.
 
-	syncRes.Revision = compareResult.syncStatus.Revision
-	syncRes.Revisions = compareResult.syncStatus.Revisions
+	// We are now guaranteed to have a concrete commit SHA. Save this in the sync result revision so that we remember
+	// what we should be syncing to when resuming operations.
+	state.SyncResult.Revision = compareResult.syncStatus.Revision
+	state.SyncResult.Revisions = compareResult.syncStatus.Revisions
 
-	// validates if it should fail the sync if it finds shared resources
+	// validates if it should fail the sync on that revision if it finds shared resources
 	hasSharedResource, sharedResourceMessage := hasSharedResourceCondition(app)
-	if syncOp.SyncOptions.HasOption("FailOnSharedResource=true") &&
-		hasSharedResource {
+	if syncOp.SyncOptions.HasOption("FailOnSharedResource=true") && hasSharedResource {
 		state.Phase = common.OperationFailed
-		state.Message = "Shared resource found: %s" + sharedResourceMessage
+		state.Message = "Shared resource found: " + sharedResourceMessage
 		return
 	}
 
@@ -245,8 +217,8 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alp
 		return
 	}
 
-	initialResourcesRes := make([]common.ResourceSyncResult, len(syncRes.Resources))
-	for i, res := range syncRes.Resources {
+	initialResourcesRes := make([]common.ResourceSyncResult, len(state.SyncResult.Resources))
+	for i, res := range state.SyncResult.Resources {
 		key := kube.ResourceKey{Group: res.Group, Kind: res.Kind, Namespace: res.Namespace, Name: res.Name}
 		initialResourcesRes[i] = common.ResourceSyncResult{
 			ResourceKey: key,
@@ -450,7 +422,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, project *v1alp
 	logEntry.WithField("duration", time.Since(start)).Info("sync/terminate complete")
 
 	if !syncOp.DryRun && len(syncOp.Resources) == 0 && state.Phase.Successful() {
-		err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, isMultiSourceRevision, state.StartedAt, state.Operation.InitiatedBy)
+		err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, compareResult.syncStatus.ComparedTo.Source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, isMultiSourceSync, state.StartedAt, state.Operation.InitiatedBy)
 		if err != nil {
 			state.Phase = common.OperationError
 			state.Message = fmt.Sprintf("failed to record sync to history: %v", err)

From badcd947132867066ed729dbc45273c3073a7d82 Mon Sep 17 00:00:00 2001
From: Jemin Seo <jemin9812@gmail.com>
Date: Thu, 17 Jul 2025 20:41:43 +0900
Subject: [PATCH 151/383] docs(cli): add `argocd repo list` example (#23822)

Signed-off-by: Jemin <jemin9812@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/repo.go                  | 19 ++++++++++++++++
 docs/user-guide/commands/argocd_repo_list.md | 24 ++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go
index 6dace0a4b7b59..da482e8f1365f 100644
--- a/cmd/argocd/commands/repo.go
+++ b/cmd/argocd/commands/repo.go
@@ -330,6 +330,25 @@ func NewRepoListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	command := &cobra.Command{
 		Use:   "list",
 		Short: "List configured repositories",
+		Example: `
+  # List all repositories
+  argocd repo list
+
+  # List repositories in wide format
+  argocd repo list -o wide
+
+  # List repositories in YAML format
+  argocd repo list -o yaml
+
+  # List repositories in JSON format
+  argocd repo list -o json
+
+  # List urls of repositories
+  argocd repo list -o url
+
+  # Force refresh of cached repository connection status
+  argocd repo list --refresh hard
+`,
 		Run: func(c *cobra.Command, _ []string) {
 			ctx := c.Context()
 
diff --git a/docs/user-guide/commands/argocd_repo_list.md b/docs/user-guide/commands/argocd_repo_list.md
index b2d620ec28549..4e4a5d9e7f559 100644
--- a/docs/user-guide/commands/argocd_repo_list.md
+++ b/docs/user-guide/commands/argocd_repo_list.md
@@ -8,6 +8,30 @@ List configured repositories
 argocd repo list [flags]
 ```
 
+### Examples
+
+```
+
+  # List all repositories
+  argocd repo list
+
+  # List repositories in wide format
+  argocd repo list -o wide
+
+  # List repositories in YAML format
+  argocd repo list -o yaml
+
+  # List repositories in JSON format
+  argocd repo list -o json
+
+  # List urls of repositories
+  argocd repo list -o url
+
+  # Force refresh of cached repository connection status
+  argocd repo list --refresh hard
+
+```
+
 ### Options
 
 ```

From fe31cc88061586b7fe8363f3da7933075494e222 Mon Sep 17 00:00:00 2001
From: sangeer <86688098+sangdammad@users.noreply.github.com>
Date: Thu, 17 Jul 2025 06:44:02 -0500
Subject: [PATCH 152/383] fix(appset): When Appset is deleted, the controller
 should reconcile applicationset #23723 (#23823)

Signed-off-by: Sangeetha Madamanchi <smadamanchi@expediagroup.com>
Co-authored-by: Sangeetha Madamanchi <smadamanchi@expediagroup.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../controllers/applicationset_controller.go  |  9 ++----
 .../applicationset_controller_test.go         | 32 ++++++++++++++++++-
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go
index 9b2473bbfd3b5..13ce12e09a228 100644
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -1696,24 +1696,21 @@ func shouldRequeueForApplicationSet(appSetOld, appSetNew *argov1alpha1.Applicati
 	}
 
 	// Requeue if any ApplicationStatus.Status changed for Progressive sync strategy
-	// Requeue if deletionTimestamp added
 	if enableProgressiveSyncs {
 		if !cmp.Equal(appSetOld.Status.ApplicationStatus, appSetNew.Status.ApplicationStatus, cmpopts.EquateEmpty()) {
 			return true
 		}
-		if !cmp.Equal(appSetOld.DeletionTimestamp, appSetNew.DeletionTimestamp, cmpopts.EquateEmpty()) {
-			return true
-		}
 	}
 
-	// only compare the applicationset spec, annotations, labels and finalizers, specifically avoiding
+	// only compare the applicationset spec, annotations, labels and finalizers, deletionTimestamp, specifically avoiding
 	// the status field. status is owned by the applicationset controller,
 	// and we do not need to requeue when it does bookkeeping
 	// NB: the ApplicationDestination comes from the ApplicationSpec being embedded
 	// in the ApplicationSetTemplate from the generators
 	if !cmp.Equal(appSetOld.Spec, appSetNew.Spec, cmpopts.EquateEmpty(), cmpopts.EquateComparable(argov1alpha1.ApplicationDestination{})) ||
 		!cmp.Equal(appSetOld.GetLabels(), appSetNew.GetLabels(), cmpopts.EquateEmpty()) ||
-		!cmp.Equal(appSetOld.GetFinalizers(), appSetNew.GetFinalizers(), cmpopts.EquateEmpty()) {
+		!cmp.Equal(appSetOld.GetFinalizers(), appSetNew.GetFinalizers(), cmpopts.EquateEmpty()) ||
+		!cmp.Equal(appSetOld.DeletionTimestamp, appSetNew.DeletionTimestamp, cmpopts.EquateEmpty()) {
 		return true
 	}
 
diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go
index 575ef7e399913..3023d0b4c966c 100644
--- a/applicationset/controllers/applicationset_controller_test.go
+++ b/applicationset/controllers/applicationset_controller_test.go
@@ -7126,7 +7126,7 @@ func TestApplicationSetOwnsHandlerUpdate(t *testing.T) {
 				},
 			},
 			enableProgressiveSyncs: false,
-			want:                   false,
+			want:                   true,
 		},
 	}
 
@@ -7276,6 +7276,36 @@ func TestShouldRequeueForApplicationSet(t *testing.T) {
 			},
 			want: true,
 		},
+		{
+			name: "ApplicationSetWithDeletionTimestamp",
+			args: args{
+				appSetOld: &v1alpha1.ApplicationSet{
+					Status: v1alpha1.ApplicationSetStatus{
+						ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{
+							{
+								Application: "app1",
+								Status:      "Healthy",
+							},
+						},
+					},
+				},
+				appSetNew: &v1alpha1.ApplicationSet{
+					ObjectMeta: metav1.ObjectMeta{
+						DeletionTimestamp: &metav1.Time{Time: time.Now()},
+					},
+					Status: v1alpha1.ApplicationSetStatus{
+						ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{
+							{
+								Application: "app1",
+								Status:      "Waiting",
+							},
+						},
+					},
+				},
+				enableProgressiveSyncs: false,
+			},
+			want: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

From d9693a076b015bc266d85956e2846a8ddf92e873 Mon Sep 17 00:00:00 2001
From: rumstead <37445536+rumstead@users.noreply.github.com>
Date: Thu, 17 Jul 2025 11:56:09 -0400
Subject: [PATCH 153/383] feat(appset): increase concurrent reconcile maximum
 to max int64 (#23721)

Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../commands/applicationset_controller.go                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
index dbe6515bf2eda..6156b6d113547 100644
--- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
+++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go
@@ -268,7 +268,7 @@ func NewCommand() *cobra.Command {
 	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server")
 	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server")
 	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60, 0, math.MaxInt64), "Repo server RPC call timeout seconds.")
-	command.Flags().IntVar(&maxConcurrentReconciliations, "concurrent-reconciliations", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS", 10, 1, 100), "Max concurrent reconciliations limit for the controller")
+	command.Flags().IntVar(&maxConcurrentReconciliations, "concurrent-reconciliations", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS", 10, 1, math.MaxInt), "Max concurrent reconciliations limit for the controller")
 	command.Flags().StringVar(&scmRootCAPath, "scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates")
 	command.Flags().StringSliceVar(&globalPreservedAnnotations, "preserved-annotations", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS", []string{}, ","), "Sets global preserved field values for annotations")
 	command.Flags().StringSliceVar(&globalPreservedLabels, "preserved-labels", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS", []string{}, ","), "Sets global preserved field values for labels")

From 883dd22eeb993615801635f8757beabe7c288402 Mon Sep 17 00:00:00 2001
From: Donghyun Kang <49312806+augustkang@users.noreply.github.com>
Date: Fri, 18 Jul 2025 01:01:49 +0900
Subject: [PATCH 154/383] fix: correct misleading log and linter directive
 (#23824)

Signed-off-by: augustkang <iamaugustkang@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/env/env.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/util/env/env.go b/util/env/env.go
index 436ad5557394a..ed4a943fbda2f 100644
--- a/util/env/env.go
+++ b/util/env/env.go
@@ -99,7 +99,7 @@ func ParseFloat64FromEnv(env string, defaultValue, minimum, maximum float64) flo
 
 	num, err := strconv.ParseFloat(str, 64)
 	if err != nil {
-		log.Warnf("Could not parse '%s' as a float32 from environment %s", str, env)
+		log.Warnf("Could not parse '%s' as a float64 from environment %s", str, env)
 		return defaultValue
 	}
 	if num < minimum {
@@ -117,7 +117,7 @@ func ParseFloat64FromEnv(env string, defaultValue, minimum, maximum float64) flo
 // default if env is not set, is not parseable to a duration, exceeds maximum (if
 // maximum is greater than 0) or is less than minimum.
 //
-// nolinit:unparam
+// nolint:unparam
 func ParseDurationFromEnv(env string, defaultValue, minimum, maximum time.Duration) time.Duration {
 	str := os.Getenv(env)
 	if str == "" {
@@ -173,7 +173,7 @@ func StringsFromEnv(env string, defaultValue []string, separator string) []strin
 // ParseBoolFromEnv retrieves a boolean value from given environment envVar.
 // Returns default value if envVar is not set.
 //
-// nolinit:unparam
+// nolint:unparam
 func ParseBoolFromEnv(envVar string, defaultValue bool) bool {
 	if val := os.Getenv(envVar); val != "" {
 		if strings.EqualFold(val, "true") {

From 9183c4838479d100541a874115b6880fa8ffa655 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 10 Sep 2025 14:26:45 +0530
Subject: [PATCH 155/383] run go.mod

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 12 ++++++------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index b462e4c7944a3..b6a6c36e3e303 100644
--- a/go.mod
+++ b/go.mod
@@ -97,8 +97,8 @@ require (
 	golang.org/x/sync v0.16.0
 	golang.org/x/term v0.33.0
 	golang.org/x/time v0.12.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237
-	google.golang.org/grpc v1.73.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a
+	google.golang.org/grpc v1.74.0
 	google.golang.org/protobuf v1.36.6
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -121,7 +121,7 @@ require (
 require (
 	cloud.google.com/go/auth v0.15.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
-	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/compute/metadata v0.7.0 // indirect
 	github.com/42wim/httpsig v1.2.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
@@ -190,7 +190,7 @@ require (
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
-	github.com/golang/glog v1.2.4 // indirect
+	github.com/golang/glog v1.2.5 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-github/v72 v72.0.0 // indirect
@@ -275,8 +275,8 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	gomodules.xyz/notify v0.1.1 // indirect
 	google.golang.org/api v0.223.0 // indirect
-	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 // indirect
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
diff --git a/go.sum b/go.sum
index 49c603cee4611..ae9dfacf1016e 100644
--- a/go.sum
+++ b/go.sum
@@ -24,8 +24,8 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
-cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
-cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
+cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU=
+cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
@@ -398,8 +398,8 @@ github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w
 github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
 github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc=
-github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
+github.com/golang/glog v1.2.5 h1:DrW6hGnjIhtvhOIiAKT6Psh/Kd/ldepEa81DKeiRJ5I=
+github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -928,8 +928,8 @@ go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCRE
 go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs=
 go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
 go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
-go.opentelemetry.io/otel/sdk/metric v1.35.0 h1:1RriWBmCKgkeHEhM7a2uMjMUfP7MsOF5JpUCaEqEI9o=
-go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w=
+go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
+go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
 go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w=
 go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA=
 go.opentelemetry.io/proto/otlp v1.6.0 h1:jQjP+AQyTf+Fe7OKj/MfkDrmK4MNVtw2NpXsf9fefDI=
@@ -1408,12 +1408,12 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
-google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
-google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237 h1:Kog3KlB4xevJlAcbbbzPfRG0+X9fdoGM+UBRKVz6Wr0=
-google.golang.org/genproto/googleapis/api v0.0.0-20250519155744-55703ea1f237/go.mod h1:ezi0AVyMKDWy5xAncvjLWH7UcLBB5n7y2fQ8MzjJcto=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237 h1:cJfm9zPbe1e873mHJzmQ1nwVEeRDU/T1wXDK2kUSU34=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a h1:SGktgSolFCo75dnHJF2yMvnns6jCmHFJ0vE4Vn2JKvQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a h1:v2PbRU4K3llS09c7zodFpNePeamkAwG3mPrAery9VeE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1428,8 +1428,8 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok=
-google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc=
+google.golang.org/grpc v1.74.0 h1:sxRSkyLxlceWQiqDofxDot3d4u7DyoHPc7SBXMj8gGY=
+google.golang.org/grpc v1.74.0/go.mod h1:NZUaK8dAMUfzhK6uxZ+9511LtOrk73UGWOFoNvz7z+s=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=

From b1f276b51156b8622b5cca9457cd3b06ca4f331b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Jul 2025 12:03:48 -0400
Subject: [PATCH 156/383] chore(deps): bump github.com/spf13/pflag from 1.0.6
 to 1.0.7 (#23826)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index b6a6c36e3e303..39663d5c2f666 100644
--- a/go.mod
+++ b/go.mod
@@ -81,7 +81,7 @@ require (
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/soheilhy/cmux v0.1.5
 	github.com/spf13/cobra v1.9.1
-	github.com/spf13/pflag v1.0.6
+	github.com/spf13/pflag v1.0.7
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
diff --git a/go.sum b/go.sum
index ae9dfacf1016e..24e572c62f6ac 100644
--- a/go.sum
+++ b/go.sum
@@ -849,8 +849,9 @@ github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
 github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
 github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M=
+github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

From 86f8c62380a88b821c4626b4ec67201249f19fa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20Gond=C5=BEa?= <ogondza@gmail.com>
Date: Fri, 18 Jul 2025 13:38:27 +0200
Subject: [PATCH 157/383] fix: Address shellcheck detected shell warnings
 (#22686)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Oliver Gondža <ogondza@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml               |  2 +-
 entrypoint.sh                                 |  2 +-
 hack/bump-major-version.sh                    | 16 +++++----
 hack/generate-actions-list.sh                 |  7 ++--
 hack/generate-mock.sh                         |  2 +-
 hack/goreman-start.sh                         | 15 ++++----
 hack/gpg-wrapper.sh                           |  9 +++--
 hack/install.sh                               |  4 +--
 .../checksums/add-helm-checksums.sh           |  6 ++--
 .../checksums/add-kustomize-checksums.sh      |  2 +-
 .../checksums/add-oras-checksums.sh           |  6 ++--
 hack/installers/compare-chksum.sh             |  6 ++--
 hack/installers/install-codegen-go-tools.sh   | 11 +++---
 hack/installers/install-codegen-tools.sh      |  2 +-
 hack/installers/install-gotestsum.sh          | 16 ++++-----
 hack/installers/install-helm.sh               | 10 +++---
 hack/installers/install-kustomize.sh          | 34 ++++++++++---------
 hack/installers/install-protoc.sh             | 30 +++++++++-------
 hack/snyk-container-tests.sh                  |  6 ++--
 hack/snyk-report.sh                           |  6 ++--
 hack/test.sh                                  |  9 +++--
 hack/trigger-release.sh                       |  8 ++---
 hack/update-codegen.sh                        |  7 ++--
 hack/update-kubernetes-version.sh             | 11 +++---
 hack/update-manifests.sh                      | 16 ++++-----
 hack/update-openapi.sh                        |  6 ++--
 hack/update-ssh-known-hosts.sh                | 14 ++++----
 hack/update-supported-versions.sh             |  2 +-
 test/container/entrypoint.sh                  |  4 +--
 test/container/reaper.sh                      |  6 ++--
 .../generate.sh                               |  4 +--
 test/e2e/testdata/cmp-gitsshcreds/generate.sh |  4 +--
 .../start-authenticated-helm-registry.sh      |  4 +--
 test/fixture/testrepos/start-git.sh           |  2 +-
 test/remote/entrypoint.sh                     |  6 ++--
 test/remote/generate-permissions.sh           |  6 ++--
 test/remote/run-e2e-remote.sh                 | 14 ++++----
 ui/scripts/build_docker.sh                    |  4 +--
 38 files changed, 170 insertions(+), 149 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 07daaca425dbf..74d73012fe332 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -339,7 +339,7 @@ jobs:
       - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - run: |
           sudo apt-get install shellcheck
-          shellcheck -e SC2086 -e SC2046 -e SC2068 -e SC2206 -e SC2048 -e SC2059 -e SC2154 -e SC2034 -e SC2016 -e SC2128 -e SC1091 -e SC2207  $(find . -type f -name '*.sh') | tee sc.log
+          shellcheck -e SC2059 -e SC2154 -e SC2034 -e SC2016 -e SC1091 $(find . -type f -name '*.sh' | grep -v './ui/node_modules') | tee sc.log
           test ! -s sc.log
 
   analyze:
diff --git a/entrypoint.sh b/entrypoint.sh
index 24862aca2172d..d3a9651f456c1 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -3,7 +3,7 @@
 # If we're started as PID 1, we should wrap command execution through tini to
 # prevent leakage of orphaned processes ("zombies").
 if test "$$" = "1"; then
-	exec tini -- $@
+	exec tini -- "$@"
 else
 	exec "$@"
 fi
diff --git a/hack/bump-major-version.sh b/hack/bump-major-version.sh
index 931bb57ef5b9b..20ca03edbedcc 100755
--- a/hack/bump-major-version.sh
+++ b/hack/bump-major-version.sh
@@ -4,29 +4,31 @@
 
 # Get the current version from go.mod.
 CURRENT_VERSION=$(grep 'module github.com/argoproj/argo-cd' go.mod | awk '{print $2}' | sed 's/.*\/v//')
+NEXT_VERSION=$((CURRENT_VERSION + 1))
 
-echo "Upgrading from v${CURRENT_VERSION} to v$((CURRENT_VERSION + 1))..."
+echo "Upgrading from v${CURRENT_VERSION} to v${NEXT_VERSION}..."
 
 # sed commands in this script use -i.bak for compatibility with both GNU sed and BSD sed.
 
 for file in .golangci.yaml .goreleaser.yaml .mockery.yaml Makefile Procfile; do
   echo "Incrementing the major version in $file..."
-  sed -i.bak "s/github\.com\/argoproj\/argo-cd\/v${CURRENT_VERSION}/github\.com\/argoproj\/argo-cd\/v$((CURRENT_VERSION + 1))/g" "$file" && echo "  Updated $file" && rm "$file.bak"
+  sed -i.bak "s~github\.com/argoproj/argo-cd/v${CURRENT_VERSION}~github\.com/argoproj/argo-cd/v${NEXT_VERSION}~g" "$file" && echo "  Updated $file" && rm "$file.bak"
 done
 
 for file in hack/generate-proto.sh hack/update-codegen.sh hack/update-openapi.sh; do
   echo "Incrementing the major version in $file..."
-  sed -i.bak "s/v${CURRENT_VERSION}/v$((CURRENT_VERSION + 1))/g" "$file" && echo "  Update $file" && rm "$file.bak"
+  sed -i.bak "s~v${CURRENT_VERSION}~v${NEXT_VERSION}~g" "$file" && echo "  Update $file" && rm "$file.bak"
 done
 
 echo "Incrementing the major version in proto files..."
-find . -name '*.proto' -not -path "./vendor/*" -not -path "./dist/*" -exec sed -i.bak "s/github\.com\/argoproj\/argo-cd\/v${CURRENT_VERSION}/github\.com\/argoproj\/argo-cd\/v$((CURRENT_VERSION + 1))/g" {} \; -exec echo "  Updated" {} \; -exec rm {}.bak \;
-find . -name '*.proto' -not -path "./vendor/*" -not -path "./dist/*" -exec sed -i.bak "s/github\.com\.argoproj\.argo_cd\.v${CURRENT_VERSION}/github\.com\.argoproj\.argo_cd\.v$((CURRENT_VERSION + 1))/g" {} \; -exec echo "  Updated" {} \; -exec rm {}.bak \;
+find . -name '*.proto' -not -path "./vendor/*" -not -path "./dist/*" -exec sed -i.bak "s~github\.com/argoproj/argo-cd/v${CURRENT_VERSION}~github\.com/argoproj/argo-cd/v${NEXT_VERSION}~g" {} \; -exec echo "  Updated" {} \; -exec rm {}.bak \;
+find . -name '*.proto' -not -path "./vendor/*" -not -path "./dist/*" -exec sed -i.bak "s~github\.com\.argoproj\.argo_cd\.v${CURRENT_VERSION}~github\.com\.argoproj\.argo_cd\.v${NEXT_VERSION}~g" {} \; -exec echo "  Updated" {} \; -exec rm {}.bak \;
 
 echo "Incrementing the major version in go files..."
-find . -name '*.go' -not -path "./vendor/*" -not -path "./dist/*" -exec sed -i.bak "s/github\.com\/argoproj\/argo-cd\/v${CURRENT_VERSION}/github\.com\/argoproj\/argo-cd\/v$((CURRENT_VERSION + 1))/g" {} \; -exec echo "  Updated" {} \; -exec rm {}.bak \;
+find . -name '*.go' -not -path "./vendor/*" -not -path "./dist/*" -exec sed -i.bak "s~github\.com/argoproj/argo-cd/v${CURRENT_VERSION}~github\.com/argoproj/argo-cd/v${NEXT_VERSION}~g" {} \; -exec echo "  Updated" {} \; -exec rm {}.bak \;
 
 echo "Incrementing the major version in go.mod..."
-sed -i.bak "s/github\.com\/argoproj\/argo-cd\/v${CURRENT_VERSION}/github\.com\/argoproj\/argo-cd\/v$((CURRENT_VERSION + 1))/g" go.mod && echo "  Updated go.mod" && rm go.mod.bak
+sed -i.bak "s~github\.com/argoproj/argo-cd/v${CURRENT_VERSION}~github\.com/argoproj/argo-cd/v${NEXT_VERSION}~g" go.mod && echo "  Updated go.mod" && rm go.mod.bak
 
+# shellcheck disable=SC2016
 echo 'Finished! Now run `make codegen-local && make lint-local && make test-local` to ensure everything is working as expected.'
diff --git a/hack/generate-actions-list.sh b/hack/generate-actions-list.sh
index 207be27efe597..9cbc36cb778ac 100755
--- a/hack/generate-actions-list.sh
+++ b/hack/generate-actions-list.sh
@@ -1,3 +1,6 @@
 #!/usr/bin/env bash
-
-find resource_customizations -name action.lua | sed 's/resource_customizations\/\(.*\)\/actions\/\(.*\)\/action.lua/- [\1\/\2](https:\/\/github.com\/argoproj\/argo-cd\/blob\/master\/resource_customizations\/\1\/actions\/\2\/action.lua)/' | sort | uniq > docs/operator-manual/resource_actions_builtin.md
+find resource_customizations -name action.lua \
+    | sed 's~resource_customizations/\(.*\)/actions/\(.*\)/action.lua~- [\1/\2](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/\1/actions/\2/action.lua)~' \
+    | sort \
+    | uniq \
+    > docs/operator-manual/resource_actions_builtin.md
diff --git a/hack/generate-mock.sh b/hack/generate-mock.sh
index f05061141e445..8a89b87738c9e 100755
--- a/hack/generate-mock.sh
+++ b/hack/generate-mock.sh
@@ -15,4 +15,4 @@ PATH="${PROJECT_ROOT}/dist:${PATH}"
 # output tool versions
 mockery version
 
-mockery --config ${PROJECT_ROOT}/.mockery.yaml
\ No newline at end of file
+mockery --config "${PROJECT_ROOT}"/.mockery.yaml
diff --git a/hack/goreman-start.sh b/hack/goreman-start.sh
index 5b7b75b1a6344..81263eab1ba06 100644
--- a/hack/goreman-start.sh
+++ b/hack/goreman-start.sh
@@ -2,13 +2,13 @@
 
 declare -a services=("controller" "api-server" "redis" "repo-server" "cmp-server" "ui" "applicationset-controller" "commit-server" "notification" "dex" "git-server" "helm-registry" "dev-mounter")
 
-EXCLUDE=$exclude
+EXCLUDE="$exclude"
 
 declare -a servicesToRun=()
 
 if [ "$EXCLUDE" != "" ]; then
-    # Parse services list by ',' character
-    servicesToExclude=($(echo "$EXCLUDE" | tr ',' '\n'))
+    # Split services list by ',' character
+    readarray -t servicesToExclude < <(tr ',' '\n' <<< "$EXCLUDE")
 
     # Find subset of items from services array that not include servicesToExclude items
     for element in "${services[@]}"
@@ -21,17 +21,16 @@ if [ "$EXCLUDE" != "" ]; then
           fi
         done
         if [[ "$found" == false ]]; then
-          servicesToRun+=($element)
+          servicesToRun+=("$element")
         fi
     done
 fi
 
-command="goreman start "
+command=("goreman" "start")
 
 for element in "${servicesToRun[@]}"
 do
-  command+=$element
-  command+=" "
+  command+=("$element")
 done
 
-eval $command
\ No newline at end of file
+"${command[@]}"
diff --git a/hack/gpg-wrapper.sh b/hack/gpg-wrapper.sh
index 38112284813ef..499bc1b19a036 100755
--- a/hack/gpg-wrapper.sh
+++ b/hack/gpg-wrapper.sh
@@ -1,19 +1,18 @@
 #!/bin/sh
 # Simple wrapper around gpg to prevent exit code != 0
-ARGS=$*
-OUTPUT=$(gpg $ARGS 2>&1)
+OUTPUT=$(gpg "$@" 2>&1)
 IFS=''
 RET=$?
 case "$RET" in
 0)
-	echo $OUTPUT
+	echo "$OUTPUT"
 	;;
 1)
-	echo $OUTPUT
+	echo "$OUTPUT"
 	RET=0
 	;;
 *)
-	echo $OUTPUT >&2
+	echo "$OUTPUT" >&2
 	;;
 esac
 exit $RET
diff --git a/hack/install.sh b/hack/install.sh
index 38d166087d251..a077a4c653ccc 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -22,6 +22,6 @@ case "${unameOut}" in
     Darwin*)    INSTALL_OS=darwin;;
 esac
 
-for product in $*; do
-  ARCHITECTURE=$ARCHITECTURE INSTALL_OS=$INSTALL_OS "$(dirname $0)/installers/install-${product}.sh"
+for product in "$@"; do
+  ARCHITECTURE=$ARCHITECTURE INSTALL_OS=$INSTALL_OS "$(dirname "$0")/installers/install-${product}.sh"
 done
diff --git a/hack/installers/checksums/add-helm-checksums.sh b/hack/installers/checksums/add-helm-checksums.sh
index 26fb4ee090708..feb5b349e1aa8 100755
--- a/hack/installers/checksums/add-helm-checksums.sh
+++ b/hack/installers/checksums/add-helm-checksums.sh
@@ -8,12 +8,12 @@ for arch in amd64 arm64 ppc64le s390x; do
   checksumfile="helm-v$1-linux-$arch.tar.gz.sha256"
   wget "https://get.helm.sh/helm-v$1-linux-$arch.tar.gz.sha256sum" -O "$checksumfile"
   outname="$(git rev-parse --show-toplevel)/hack/installers/checksums/helm-v$1-linux-$arch.tar.gz.sha256"
-  mv $checksumfile  $outname
+  mv "$checksumfile" "$outname"
 done
 
 for arch in amd64 arm64; do
   checksumfile="helm-v$1-darwin-$arch.tar.gz.sha256"
   wget "https://get.helm.sh/helm-v$1-darwin-$arch.tar.gz.sha256sum" -O "$checksumfile"
   outname="$(git rev-parse --show-toplevel)/hack/installers/checksums/helm-v$1-darwin-$arch.tar.gz.sha256"
-  mv $checksumfile  $outname
-done
\ No newline at end of file
+  mv "$checksumfile" "$outname"
+done
diff --git a/hack/installers/checksums/add-kustomize-checksums.sh b/hack/installers/checksums/add-kustomize-checksums.sh
index 57282c426d332..4ccfeb2357e90 100755
--- a/hack/installers/checksums/add-kustomize-checksums.sh
+++ b/hack/installers/checksums/add-kustomize-checksums.sh
@@ -9,7 +9,7 @@ wget "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2
 while IFS="" read -r line || [ -n "$line" ]
 do
   filename=$(echo "$line" | awk -F ' ' '{print $2}' | sed "s#v$1#$1#")
-  test "${line#*windows}" == "$line" && echo "$line" | sed "s#v$1#$1#" > "$filename.sha256"
+  test "${line#*windows}" = "$line" && echo "$line" | sed "s#v$1#$1#" > "$filename.sha256"
 done < checksums.txt
 
 rm checksums.txt
diff --git a/hack/installers/checksums/add-oras-checksums.sh b/hack/installers/checksums/add-oras-checksums.sh
index 6be2eb3527c66..eb53115b1359d 100755
--- a/hack/installers/checksums/add-oras-checksums.sh
+++ b/hack/installers/checksums/add-oras-checksums.sh
@@ -7,7 +7,7 @@ wget "https://github.com/oras-project/oras/releases/download/v$1/oras_$1_checksu
 while IFS="" read -r line || [ -n "$line" ]
 do
   filename=$(echo "$line" | awk -F ' ' '{print $2}' | sed "s#v$1#$1#")
-  test "${line#*windows}" == "$line" && echo "$line" | sed "s#v$1#$1#" > "$filename.sha256"
-done < oras_$1_checksums.txt
+  test "${line#*windows}" = "$line" && echo "$line" | sed "s#v$1#$1#" > "$filename.sha256"
+done < "oras_$1_checksums.txt"
 
-rm oras_$1_checksums.txt
+rm "oras_$1_checksums.txt"
diff --git a/hack/installers/compare-chksum.sh b/hack/installers/compare-chksum.sh
index 74d0ade2468b3..bbe09123646b2 100755
--- a/hack/installers/compare-chksum.sh
+++ b/hack/installers/compare-chksum.sh
@@ -6,7 +6,7 @@ if test "${TARGET_FILE}" = ""; then
 	exit 1
 fi
 
-CHKSUM_FILE=$(cd "$(dirname "$0")" && pwd)/checksums/${TARGET_FILE}.sha256
+CHKSUM_FILE="$(cd "$(dirname "$0")" && pwd)/checksums/${TARGET_FILE}.sha256"
 
 cd "${DOWNLOADS}" || (
 	echo "Can't change directory to ${DOWNLOAD}" >&2
@@ -18,9 +18,9 @@ if ! test -f "${TARGET_FILE}"; then
 	exit 1
 fi
 
-if ! grep -q "${TARGET_FILE}" ${CHKSUM_FILE}; then
+if ! grep -q "${TARGET_FILE}" "${CHKSUM_FILE}"; then
 	echo "No checksum for ${TARGET_FILE} in ${CHKSUM_FILE}" >&2
 	exit 1
 fi
 
-shasum -a 256 -c ${CHKSUM_FILE}
+shasum -a 256 -c "${CHKSUM_FILE}"
diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh
index a2041b8fbeda5..76d1b084115b8 100755
--- a/hack/installers/install-codegen-go-tools.sh
+++ b/hack/installers/install-codegen-go-tools.sh
@@ -6,20 +6,20 @@ SRCROOT="$( CDPATH='' cd -- "$(dirname "$0")/../.." && pwd -P )"
 # This script installs all our golang-based codegen utility CLIs necessary for codegen.
 # Some dependencies are vendored in go.mod (ones which are actually imported in our codebase).
 # Other dependencies are only used as a CLI and do not need vendoring in go.mod (doing so adds
-# unecessary dependencies to go.mod). We want to maintain a single source of truth for versioning
+# unnecessary dependencies to go.mod). We want to maintain a single source of truth for versioning
 # our binaries (either go.mod or go install <pkg>@<version>), so we use two techniques to install
 # our CLIs:
 # 1. For CLIs which are NOT vendored in go.mod, we can run `go install <pkg>@<version>` with an explicit version
 # 2. For packages which we *do* vendor in go.mod, we determine version from go.mod followed by `go install` with that version
 go_mod_install() {
-    module=$(go list -f '{{.Module}}' $1 | awk '{print $1}')
-    module_version=$(go list -m $module | awk '{print $NF}' | head -1)
-    go install $1@$module_version
+    module=$(go list -f '{{.Module}}' "$1" | awk '{print $1}')
+    module_version=$(go list -m "$module" | awk '{print $NF}' | head -1)
+    go install "$1@$module_version"
 }
 
 # All binaries are compiled into the argo-cd/dist directory, which is added to the PATH during codegen
 export GOBIN="${SRCROOT}/dist"
-mkdir -p $GOBIN
+mkdir -p "$GOBIN"
 
 # protoc-gen-go* is used to generate <service>.pb.go from .proto files
 # go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.0
@@ -53,6 +53,7 @@ go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0
 # goimports is used to auto-format generated code
 go install golang.org/x/tools/cmd/goimports@v0.1.8
 
+# mockery is used to generate mock
 # renovate: datasource=go packageName=github.com/vektra/mockery/v3
 MOCKERY_VERSION=3.5.0
 go install github.com/vektra/mockery/v3@v${MOCKERY_VERSION}
diff --git a/hack/installers/install-codegen-tools.sh b/hack/installers/install-codegen-tools.sh
index 28ac6288a7d31..1f3094768ad80 100755
--- a/hack/installers/install-codegen-tools.sh
+++ b/hack/installers/install-codegen-tools.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 set -eux -o pipefail
 
-KUSTOMIZE_VERSION=5.4.3 "$(dirname $0)/../install.sh" helm kustomize protoc
+KUSTOMIZE_VERSION=5.4.3 "$(dirname "$0")/../install.sh" helm kustomize protoc
diff --git a/hack/installers/install-gotestsum.sh b/hack/installers/install-gotestsum.sh
index 6afd1a61b15ee..588dcf2b910ef 100755
--- a/hack/installers/install-gotestsum.sh
+++ b/hack/installers/install-gotestsum.sh
@@ -3,11 +3,11 @@ set -eux -o pipefail
 
 # Code from: https://github.com/argoproj/argo-rollouts/blob/f650a1fd0ba7beb2125e1598410515edd572776f/hack/installers/install-dev-tools.sh
 
-PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/../..; pwd)
+PROJECT_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/../..; pwd)
 INSTALL_PATH="${BIN:-$INSTALL_PATH}"
 INSTALL_PATH="${INSTALL_PATH:-$PROJECT_ROOT/dist}"
 PATH="${INSTALL_PATH}:${PATH}"
-[ -d $INSTALL_PATH ] || mkdir -p $INSTALL_PATH
+[ -d "$INSTALL_PATH" ] || mkdir -p "$INSTALL_PATH"
 
 # renovate: datasource=github-releases depName=gotestyourself/gotestsum packageName=gotestyourself/gotestsum
 GOTESTSUM_VERSION=1.12.3
@@ -15,13 +15,13 @@ GOTESTSUM_VERSION=1.12.3
 OS=$(go env GOOS)
 ARCH=$(go env GOARCH)
 
-export TARGET_FILE=gotestsum_${GOTESTSUM_VERSION}_${OS}_${ARCH}.tar.gz
+export TARGET_FILE="gotestsum_${GOTESTSUM_VERSION}_${OS}_${ARCH}.tar.gz"
 temp_path="/tmp/${TARGET_FILE}"
-url=https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_${ARCH}.tar.gz
-[ -e ${temp_path} ] || curl -sLf --retry 3 -o ${temp_path} ${url}
+url="https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_${ARCH}.tar.gz"
+[ -e "${temp_path}" ] || curl -sLf --retry 3 -o "${temp_path}" "${url}"
 
 mkdir -p /tmp/gotestsum-${GOTESTSUM_VERSION}
-tar -xvzf ${temp_path} -C /tmp/gotestsum-${GOTESTSUM_VERSION}
-sudo cp /tmp/gotestsum-${GOTESTSUM_VERSION}/gotestsum ${INSTALL_PATH}/gotestsum
-sudo chmod +x ${INSTALL_PATH}/gotestsum
+tar -xvzf "${temp_path}" -C /tmp/gotestsum-${GOTESTSUM_VERSION}
+sudo cp /tmp/gotestsum-${GOTESTSUM_VERSION}/gotestsum "${INSTALL_PATH}/gotestsum"
+sudo chmod +x "${INSTALL_PATH}/gotestsum"
 gotestsum --version
diff --git a/hack/installers/install-helm.sh b/hack/installers/install-helm.sh
index ef3882fdaf688..b171bc52c7456 100755
--- a/hack/installers/install-helm.sh
+++ b/hack/installers/install-helm.sh
@@ -1,12 +1,12 @@
 #!/bin/bash
 set -eux -o pipefail
 
-. $(dirname $0)/../tool-versions.sh
+. "$(dirname "$0")"/../tool-versions.sh
 
 export TARGET_FILE=helm-v${helm3_version}-${INSTALL_OS}-${ARCHITECTURE}.tar.gz
 
-[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} https://get.helm.sh/helm-v${helm3_version}-$INSTALL_OS-$ARCHITECTURE.tar.gz
-$(dirname $0)/compare-chksum.sh
-mkdir -p /tmp/helm && tar -C /tmp/helm -xf $DOWNLOADS/${TARGET_FILE}
-sudo install -m 0755 /tmp/helm/$INSTALL_OS-$ARCHITECTURE/helm $BIN/helm
+[ -e "$DOWNLOADS/${TARGET_FILE}" ] || curl -sLf --retry 3 -o "$DOWNLOADS/${TARGET_FILE}" "https://get.helm.sh/helm-v${helm3_version}-$INSTALL_OS-$ARCHITECTURE.tar.gz"
+"$(dirname "$0")"/compare-chksum.sh
+mkdir -p /tmp/helm && tar -C /tmp/helm -xf "$DOWNLOADS/${TARGET_FILE}"
+sudo install -m 0755 "/tmp/helm/$INSTALL_OS-$ARCHITECTURE/helm" "$BIN/helm"
 helm version --client
diff --git a/hack/installers/install-kustomize.sh b/hack/installers/install-kustomize.sh
index c4118aea72aaf..cdddcbf324cf6 100755
--- a/hack/installers/install-kustomize.sh
+++ b/hack/installers/install-kustomize.sh
@@ -1,17 +1,19 @@
 #!/bin/bash
 set -eux -o pipefail
 
-. $(dirname $0)/../tool-versions.sh
+PROJECT_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/../..; pwd)
+INSTALLERS=$(cd "$(dirname "${BASH_SOURCE[0]}")"; pwd)
+
+. "$INSTALLERS/../tool-versions.sh"
 
-PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/../..; pwd)
 INSTALL_PATH="${BIN:-$INSTALL_PATH}"
 INSTALL_PATH="${INSTALL_PATH:-$PROJECT_ROOT/dist}"
 PATH="${INSTALL_PATH}:${PATH}"
-[ -d $INSTALL_PATH ] || mkdir -p $INSTALL_PATH
+[ -d "$INSTALL_PATH" ] || mkdir -p "$INSTALL_PATH"
 
 KUSTOMIZE_VERSION=${KUSTOMIZE_VERSION:-$kustomize5_version}
 
-if [ -z $INSTALL_OS ]; then
+if [ -z "$INSTALL_OS" ]; then
     echo "install kustomize error: unsupported operating system"
     exit 1
 fi
@@ -27,10 +29,10 @@ case $ARCHITECTURE in
       export TARGET_FILE=kustomize_${KUSTOMIZE_VERSION}_${INSTALL_OS}_${ARCHITECTURE}.tar.gz
       URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${INSTALL_OS}_$ARCHITECTURE.tar.gz
       BINNAME=kustomize
-      [ -e ${DOWNLOADS}/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} "$URL"
-      $(dirname $0)/compare-chksum.sh
-      tar -C /tmp -xf ${DOWNLOADS}/${TARGET_FILE}
-      sudo install -m 0755 /tmp/kustomize $INSTALL_PATH/$BINNAME
+      [ -e "${DOWNLOADS}/${TARGET_FILE}" ] || curl -sLf --retry 3 -o "${DOWNLOADS}/${TARGET_FILE}" "$URL"
+      "$INSTALLERS/compare-chksum.sh"
+      tar -C /tmp -xf "${DOWNLOADS}/${TARGET_FILE}"
+      sudo install -m 0755 /tmp/kustomize "$INSTALL_PATH/$BINNAME"
       ;;
   *)
     case $KUSTOMIZE_VERSION in
@@ -38,21 +40,21 @@ case $ARCHITECTURE in
         export TARGET_FILE=kustomize_${KUSTOMIZE_VERSION}_${INSTALL_OS}_${ARCHITECTURE}
         URL=https://github.com/kubernetes-sigs/kustomize/releases/download/v${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_${INSTALL_OS}_$ARCHITECTURE
         BINNAME=kustomize2
-        [ -e ${DOWNLOADS}/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} "$URL"
-        $(dirname $0)/compare-chksum.sh
-        sudo install -m 0755 ${DOWNLOADS}/${TARGET_FILE} $INSTALL_PATH/$BINNAME
+        [ -e "${DOWNLOADS}/${TARGET_FILE}" ] || curl -sLf --retry 3 -o "${DOWNLOADS}/${TARGET_FILE}" "$URL"
+        "$INSTALLERS/compare-chksum.sh"
+        sudo install -m 0755 "${DOWNLOADS}/${TARGET_FILE}" "$INSTALL_PATH/$BINNAME"
         ;;
       *)
         export TARGET_FILE=kustomize_${KUSTOMIZE_VERSION}_${INSTALL_OS}_${ARCHITECTURE}.tar.gz
         URL=https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${INSTALL_OS}_$ARCHITECTURE.tar.gz
         BINNAME=kustomize
-        [ -e ${DOWNLOADS}/${TARGET_FILE} ] || curl -sLf --retry 3 -o ${DOWNLOADS}/${TARGET_FILE} "$URL"
-        $(dirname $0)/compare-chksum.sh
-        tar -C /tmp -xf ${DOWNLOADS}/${TARGET_FILE}
-        sudo install -m 0755 /tmp/kustomize $INSTALL_PATH/$BINNAME
+        [ -e "${DOWNLOADS}/${TARGET_FILE}" ] || curl -sLf --retry 3 -o "${DOWNLOADS}/${TARGET_FILE}" "$URL"
+        "$INSTALLERS/compare-chksum.sh"
+        tar -C /tmp -xf "${DOWNLOADS}/${TARGET_FILE}"
+        sudo install -m 0755 /tmp/kustomize "$INSTALL_PATH/$BINNAME"
         ;;
     esac
     ;;
 esac
 
-$BINNAME version
+"$BINNAME" version
diff --git a/hack/installers/install-protoc.sh b/hack/installers/install-protoc.sh
index 1128bc8b92c0a..1c4fbe32baa03 100755
--- a/hack/installers/install-protoc.sh
+++ b/hack/installers/install-protoc.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 set -eux -o pipefail
 
-PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/../..; pwd)
+PROJECT_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/../..; pwd)
 DIST_PATH="${PROJECT_ROOT}/dist"
 PATH="${DIST_PATH}:${PATH}"
 
-. $(dirname $0)/../tool-versions.sh
+. "$(dirname "$0")"/../tool-versions.sh
 
 OS=$(go env GOOS)
 case $OS in
@@ -34,14 +34,20 @@ case $OS in
     ;;
 esac
 
-export TARGET_FILE=protoc-${protoc_version}-${protoc_os}-${protoc_arch}.zip
-url=https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-${protoc_os}-${protoc_arch}.zip
-[ -e $DOWNLOADS/${TARGET_FILE} ] || curl -sLf --retry 3 -o $DOWNLOADS/${TARGET_FILE} ${url}
-$(dirname $0)/compare-chksum.sh
-mkdir -p /tmp/protoc-${protoc_version}
-unzip -o $DOWNLOADS/${TARGET_FILE} -d /tmp/protoc-${protoc_version}
-mkdir -p ${DIST_PATH}/protoc-include
-sudo install -m 0755 /tmp/protoc-${protoc_version}/bin/protoc ${DIST_PATH}/protoc
-(cd /tmp/protoc-${protoc_version}/include/ && find -- * -type d -exec install -m 0755 -d "${DIST_PATH}/protoc-include/{}" \;)
-(cd /tmp/protoc-${protoc_version}/include/ && find -- * -type f -exec install -m 0644 "/tmp/protoc-${protoc_version}/include/{}" "${DIST_PATH}/protoc-include/{}" \;)
+export TARGET_FILE="protoc-${protoc_version}-${protoc_os}-${protoc_arch}.zip"
+url="https://github.com/protocolbuffers/protobuf/releases/download/v${protoc_version}/protoc-${protoc_version}-${protoc_os}-${protoc_arch}.zip"
+[ -e "$DOWNLOADS/${TARGET_FILE}" ] || curl -sLf --retry 3 -o "$DOWNLOADS/${TARGET_FILE}" "${url}"
+"$(dirname "$0")"/compare-chksum.sh
+mkdir -p "/tmp/protoc-${protoc_version}"
+unzip -o "$DOWNLOADS/${TARGET_FILE}" -d "/tmp/protoc-${protoc_version}"
+mkdir -p "${DIST_PATH}/protoc-include"
+sudo install -m 0755 "/tmp/protoc-${protoc_version}/bin/protoc" "${DIST_PATH}/protoc"
+(
+    cd "/tmp/protoc-${protoc_version}/include/"
+    find -- * -type d -exec install -m 0755 -d "${DIST_PATH}/protoc-include/{}" \;
+)
+(
+    cd "/tmp/protoc-${protoc_version}/include/"
+    find -- * -type f -exec install -m 0644 "/tmp/protoc-${protoc_version}/include/{}" "${DIST_PATH}/protoc-include/{}" \;
+)
 protoc --version
diff --git a/hack/snyk-container-tests.sh b/hack/snyk-container-tests.sh
index 71440d4d22772..aec147e9c35eb 100755
--- a/hack/snyk-container-tests.sh
+++ b/hack/snyk-container-tests.sh
@@ -7,14 +7,14 @@ images=$(grep 'image: ' manifests/install.yaml manifests/namespace-install.yaml
 
 failed=false
 while IFS= read -r image; do
-  extra_args=""
+  extra_args=()
   if echo "$image" | grep "argocd"; then
     # Pass the file arg only for the Argo CD image. The file arg also gives us access to sarif output.
-    extra_args="--file=Dockerfile --sarif-file-output=/tmp/argocd-image.sarif"
+    extra_args+=("--file=Dockerfile" "--sarif-file-output=/tmp/argocd-image.sarif")
   fi
 
   set -x
-  if ! snyk container test "$image" --org=argoproj --severity-threshold=high $extra_args; then
+  if ! snyk container test "$image" --org=argoproj --severity-threshold=high "${extra_args[@]}"; then
     failed=true
   fi
   set +x
diff --git a/hack/snyk-report.sh b/hack/snyk-report.sh
index 5aae45ccd4096..02552f58df8ae 100755
--- a/hack/snyk-report.sh
+++ b/hack/snyk-report.sh
@@ -107,15 +107,15 @@ for version in $versions; do
   images=$(grep 'image: ' manifests/install.yaml manifests/namespace-install.yaml manifests/ha/install.yaml | sed 's/.*image: //' | sort | uniq)
 
   while IFS= read -r image; do
-    extra_args=""
+    extra_args=()
     if echo "$image" | grep "argocd"; then
       # Pass the file arg only for the Argo CD image. The file arg also gives us access to sarif output.
-      extra_args="--file=Dockerfile --sarif-file-output=/tmp/${image//[\/:]/_}.sarif "
+      extra_args+=("--file=Dockerfile" "--sarif-file-output=/tmp/${image//[\/:]/_}.sarif")
     fi
 
     set -x
     # || [ $? == 1 ] ignores errors due to vulnerabilities.
-    snyk container test "$image" --org=argoproj "--json-file-output=/tmp/${image//[\/:]/_}.json" $extra_args || [ $? == 1 ]
+    snyk container test "$image" --org=argoproj "--json-file-output=/tmp/${image//[\/:]/_}.json" "${extra_args[@]}" || [ $? == 1 ]
     set +x
 
     snyk-to-html -i "/tmp/${image//[\/:]/_}.json" -o "$argocd_dir/docs/snyk/$version/${image//[\/:]/_}.html"
diff --git a/hack/test.sh b/hack/test.sh
index 1b9b92c0c4ea4..45a07c2750745 100755
--- a/hack/test.sh
+++ b/hack/test.sh
@@ -13,6 +13,11 @@ if test "${ARGOCD_TEST_VERBOSE:-}" != ""; then
 	TEST_FLAGS="$TEST_FLAGS -v"
 fi
 
-mkdir -p $TEST_RESULTS
+mkdir -p "$TEST_RESULTS"
 
-GODEBUG="tarinsecurepath=0,zipinsecurepath=0" gotestsum --rerun-fails-report=rerunreport.txt --junitfile=$TEST_RESULTS/junit.xml --format=testname --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- -cover $TEST_FLAGS $*
+# `TEST_FLAGS` cannot be quoted as empty needs to evaluate to 0 arguments.
+# `TEST_FLAGS` cannot be turned into array without backward incompatible change of script input
+# shellcheck disable=SC2086
+GODEBUG="tarinsecurepath=0,zipinsecurepath=0" \
+    gotestsum --rerun-fails-report=rerunreport.txt --junitfile="$TEST_RESULTS/junit.xml" --format=testname \
+    --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- -cover $TEST_FLAGS "$@"
diff --git a/hack/trigger-release.sh b/hack/trigger-release.sh
index b226e43603d48..2f2ba054d6a09 100755
--- a/hack/trigger-release.sh
+++ b/hack/trigger-release.sh
@@ -33,7 +33,7 @@ echo ">> Working in release branch '${RELEASE_BRANCH}'"
 
 echo ">> Ensuring release branch is up to date."
 # make sure release branch is up to date
-git pull ${GIT_REMOTE} ${RELEASE_BRANCH}
+git pull "${GIT_REMOTE}" "${RELEASE_BRANCH}"
 
 # Check for target (version) tag in local repo
 if git tag -l | grep -q -E "^${NEW_TAG}$"; then
@@ -42,7 +42,7 @@ if git tag -l | grep -q -E "^${NEW_TAG}$"; then
 fi
 
 # Check for target (version) tag in remote repo
-if git ls-remote ${GIT_REMOTE} refs/tags/${NEW_TAG} | grep -q -E "${NEW_TAG}$"; then
+if git ls-remote "${GIT_REMOTE}" "refs/tags/${NEW_TAG}" | grep -q -E "${NEW_TAG}$"; then
 	echo "!! Target version tag '${NEW_TAG}' already exists in remote '${GIT_REMOTE}'" >&2
 	exit 1
 fi
@@ -50,7 +50,7 @@ fi
 echo ">> Creating new release '${NEW_TAG}' by pushing '${NEW_TAG}' to '${GIT_REMOTE}'"
 
 # Create new tag in local repository
-git tag ${NEW_TAG}
+git tag "${NEW_TAG}"
 
 # Push the new tag to remote repository
-git push ${GIT_REMOTE} ${NEW_TAG}
+git push "${GIT_REMOTE}" "${NEW_TAG}"
diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh
index 8926ed394a9c9..faa14917ecedc 100755
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@@ -20,7 +20,7 @@ set -o nounset
 set -o pipefail
 
 PROJECT_ROOT=$(
-  cd $(dirname ${BASH_SOURCE})/..
+  cd "$(dirname "${BASH_SOURCE[0]}")"/..
   pwd
 )
 PATH="${PROJECT_ROOT}/dist:${PATH}"
@@ -29,11 +29,12 @@ GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"
 
 TARGET_SCRIPT=kube_codegen.sh
 
-# codegen utilities are installed outside of kube_codegen.sh so remove the `go install` step in the script.
-sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/kube_codegen.sh >${TARGET_SCRIPT}
+# codegen utilities are installed outside kube_codegen.sh so remove the `go install` step in the script.
+sed -e '/go install/d' "${PROJECT_ROOT}/vendor/k8s.io/code-generator/kube_codegen.sh" > ${TARGET_SCRIPT}
 
 # generate-groups.sh assumes codegen utilities are installed to GOBIN, but we just ensure the CLIs
 # are in the path and invoke them without assumption of their location
+# shellcheck disable=SC2016
 sed -i.bak -e 's#${gobin}/##g' ${TARGET_SCRIPT}
 
 [ -e ./v3 ] || ln -s . v3
diff --git a/hack/update-kubernetes-version.sh b/hack/update-kubernetes-version.sh
index 8d52033a601fc..7f6e78392c99f 100755
--- a/hack/update-kubernetes-version.sh
+++ b/hack/update-kubernetes-version.sh
@@ -5,11 +5,14 @@ if [ -z "${1:-}" ]; then
   echo "Example usage: ./hack/update-kubernetes-version.sh v1.26.11"
   exit 1
 fi
-VERSION=${1#"v"}
-MODS=($(
-  curl -sS https://raw.githubusercontent.com/kubernetes/kubernetes/v${VERSION}/go.mod |
+
+function fetch_mods() {
+  curl -sS "https://raw.githubusercontent.com/kubernetes/kubernetes/v${VERSION}/go.mod" |
     sed -n 's|.*k8s.io/\(.*\) => ./staging/src/k8s.io/.*|k8s.io/\1|p'
-))
+}
+
+VERSION=${1#"v"}
+readarray -t MODS < <(fetch_mods)
 for MOD in "${MODS[@]}"; do
   echo "Updating $MOD..." >&2
   V=$(
diff --git a/hack/update-manifests.sh b/hack/update-manifests.sh
index 44cff36120eec..4f36336c81b1b 100755
--- a/hack/update-manifests.sh
+++ b/hack/update-manifests.sh
@@ -10,7 +10,7 @@ AUTOGENMSG="# This is an auto-generated file. DO NOT EDIT"
 KUSTOMIZE=kustomize
 [ -f "$SRCROOT/dist/kustomize" ] && KUSTOMIZE="$SRCROOT/dist/kustomize"
 
-cd ${SRCROOT}/manifests/ha/base/redis-ha && ./generate.sh
+cd "${SRCROOT}/manifests/ha/base/redis-ha" && ./generate.sh
 
 IMAGE_NAMESPACE="${IMAGE_NAMESPACE:-quay.io/argoproj}"
 IMAGE_TAG="${IMAGE_TAG:-}"
@@ -20,7 +20,7 @@ if [ "$IMAGE_TAG" = "" ]; then
   branch=$(git rev-parse --abbrev-ref HEAD)
   if [[ $branch = release-* ]]; then
     pwd
-    IMAGE_TAG=v$(cat $SRCROOT/VERSION)
+    IMAGE_TAG=v$(cat "$SRCROOT/VERSION")
   fi
 fi
 # otherwise, use latest
@@ -29,15 +29,15 @@ if [ "$IMAGE_TAG" = "" ]; then
 fi
 
 $KUSTOMIZE version
-which $KUSTOMIZE
+which "$KUSTOMIZE"
 
-cd ${SRCROOT}/manifests/base && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
-cd ${SRCROOT}/manifests/ha/base && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
-cd ${SRCROOT}/manifests/core-install && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+cd "${SRCROOT}/manifests/base" && $KUSTOMIZE edit set image "quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}"
+cd "${SRCROOT}/manifests/ha/base" && $KUSTOMIZE edit set image "quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}"
+cd "${SRCROOT}/manifests/core-install" && $KUSTOMIZE edit set image "quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}"
 
 # Because commit-server is added as a resource outside the base, we have to explicitly set the image override here.
 # If/when commit-server is added to the base, this can be removed.
-cd ${SRCROOT}/manifests/base/commit-server && $KUSTOMIZE edit set image quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}
+cd "${SRCROOT}/manifests/base/commit-server" && $KUSTOMIZE edit set image "quay.io/argoproj/argocd=${IMAGE_NAMESPACE}/argocd:${IMAGE_TAG}"
 
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/install.yaml"
 $KUSTOMIZE build "${SRCROOT}/manifests/cluster-install" >> "${SRCROOT}/manifests/install.yaml"
@@ -54,7 +54,7 @@ $KUSTOMIZE build "${SRCROOT}/manifests/ha/namespace-install" >> "${SRCROOT}/mani
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/core-install.yaml"
 $KUSTOMIZE build "${SRCROOT}/manifests/core-install" >> "${SRCROOT}/manifests/core-install.yaml"
 
-# Copies enabling manifest hydrator. These can be removed once the manifest hydrator is either removed or enabled by 
+# Copies enabling manifest hydrator. These can be removed once the manifest hydrator is either removed or enabled by
 # default.
 
 echo "${AUTOGENMSG}" > "${SRCROOT}/manifests/install-with-hydrator.yaml"
diff --git a/hack/update-openapi.sh b/hack/update-openapi.sh
index 292b89c29c577..e374b6a53fe57 100755
--- a/hack/update-openapi.sh
+++ b/hack/update-openapi.sh
@@ -6,7 +6,7 @@ set -o nounset
 set -o pipefail
 
 PROJECT_ROOT=$(
-  cd $(dirname "$0")/..
+  cd "$(dirname "$0")/.."
   pwd
 )
 PATH="${PROJECT_ROOT}/dist:${PATH}"
@@ -19,11 +19,11 @@ VERSION="v1alpha1"
 [ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
 
 openapi-gen \
-  --go-header-file ${PROJECT_ROOT}/hack/custom-boilerplate.go.txt \
+  --go-header-file "${PROJECT_ROOT}/hack/custom-boilerplate.go.txt" \
   --output-pkg github.com/argoproj/argo-cd/v3/pkg/apis/application/${VERSION} \
   --report-filename pkg/apis/api-rules/violation_exceptions.list \
   --output-dir "${GOPATH}/src" \
-  $@
+  "$@"
 
 [ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
 [ -L ./v3 ] && rm -rf v3
diff --git a/hack/update-ssh-known-hosts.sh b/hack/update-ssh-known-hosts.sh
index 5f2bedeb5b8ff..a6df4019d99fa 100755
--- a/hack/update-ssh-known-hosts.sh
+++ b/hack/update-ssh-known-hosts.sh
@@ -4,12 +4,12 @@ set -e
 
 KNOWN_HOSTS_FILE=$(dirname "$0")/ssh_known_hosts
 HEADER="# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT"
-echo "$HEADER" > $KNOWN_HOSTS_FILE
-{ \
-  ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com && \
-  ssh-keyscan -p 443 ssh.github.com ; \
-} | sort -u >> $KNOWN_HOSTS_FILE
-chmod 0644 $KNOWN_HOSTS_FILE
+echo "$HEADER" > "$KNOWN_HOSTS_FILE"
+{
+    ssh-keyscan github.com gitlab.com bitbucket.org ssh.dev.azure.com vs-ssh.visualstudio.com
+    ssh-keyscan -p 443 ssh.github.com
+} | sort -u >> "$KNOWN_HOSTS_FILE"
+chmod 0644 "$KNOWN_HOSTS_FILE"
 
 # Public SSH keys can be verified at the following URLs:
 # - github.com: https://help.github.com/articles/github-s-ssh-key-fingerprints/
@@ -17,7 +17,7 @@ chmod 0644 $KNOWN_HOSTS_FILE
 # - gitlab.com: https://docs.gitlab.com/ee/user/gitlab_com/#ssh-host-keys-fingerprints
 # - bitbucket.org: https://confluence.atlassian.com/bitbucket/ssh-keys-935365775.html
 # - ssh.dev.azure.com, vs-ssh.visualstudio.com: https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops
-diff - <(ssh-keygen -l -f $KNOWN_HOSTS_FILE | sort -k 3) <<EOF
+diff - <(ssh-keygen -l -f "$KNOWN_HOSTS_FILE" | sort -k 3) <<EOF
 256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM [ssh.github.com]:443 (ECDSA)
 256 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU [ssh.github.com]:443 (ED25519)
 3072 SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s [ssh.github.com]:443 (RSA)
diff --git a/hack/update-supported-versions.sh b/hack/update-supported-versions.sh
index ae25b598c35be..db31ea92b205a 100755
--- a/hack/update-supported-versions.sh
+++ b/hack/update-supported-versions.sh
@@ -33,4 +33,4 @@ done
 
 git checkout "release-$argocd_current_version"
 
-printf "$out" > docs/operator-manual/tested-kubernetes-versions.md
+echo -en "$out" > docs/operator-manual/tested-kubernetes-versions.md
diff --git a/test/container/entrypoint.sh b/test/container/entrypoint.sh
index f8f8f59d7db67..981eb982061e1 100755
--- a/test/container/entrypoint.sh
+++ b/test/container/entrypoint.sh
@@ -2,8 +2,8 @@
 set -e
 
 if test "$(id -u)" == "0" -a "${USER_ID}" != ""; then
-  useradd -u ${USER_ID} -d /home/user -s /bin/bash ${USER_NAME:-default}
-  chown -R "${USER_NAME:-default}" ${GOCACHE}
+  useradd -u "${USER_ID}" -d /home/user -s /bin/bash "${USER_NAME:-default}"
+  chown -R "${USER_NAME:-default}" "${GOCACHE}"
 fi
 
 export PATH=$PATH:/usr/local/go/bin:/go/bin
diff --git a/test/container/reaper.sh b/test/container/reaper.sh
index 777bdcba96af3..c9c49887d0d0b 100755
--- a/test/container/reaper.sh
+++ b/test/container/reaper.sh
@@ -1,12 +1,12 @@
 #!/bin/sh
 
 # Simple helper script to kill all running processes in the container that
-# have belong to the root user.
+# belong to the root user.
 
 # DO NOT RUN OUTSIDE THE DOCKER CONTAINER EXECUTING ARGO CD TESTS.
 # YOU HAVE BEEN WARNED.
 
-somefunc() {
+cleanup() {
 	echo "Killing all processes"
 	sudo pkill -u root
 }
@@ -16,7 +16,7 @@ if test "${PWD}" != "/go/src/github.com/argoproj/argo-cd"; then
 	echo "ERROR: We don't seem to be in Docker container. Exit." >&2
 	exit 1
 fi
-trap somefunc 2 15
+trap cleanup 2 15
 while :; do
 	sleep 1
 done
diff --git a/test/e2e/testdata/cmp-gitsshcreds-disable-provide/generate.sh b/test/e2e/testdata/cmp-gitsshcreds-disable-provide/generate.sh
index 0d6257f02478a..f0c1f722b5c0d 100644
--- a/test/e2e/testdata/cmp-gitsshcreds-disable-provide/generate.sh
+++ b/test/e2e/testdata/cmp-gitsshcreds-disable-provide/generate.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 
 FILE=$(echo "$GIT_SSH_COMMAND" | grep -oP '\-i \K[/\w]+')
-GIT_SSH_CRED_FILE_SHA=$(sha256sum ${FILE})
-echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitSSHCommand\":\"$GIT_SSH_COMMAND\", \"GitSSHCredsFileSHA\":\"$GIT_SSH_CRED_FILE_SHA\"}}}"
\ No newline at end of file
+GIT_SSH_CRED_FILE_SHA=$(sha256sum "${FILE}")
+echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitSSHCommand\":\"$GIT_SSH_COMMAND\", \"GitSSHCredsFileSHA\":\"$GIT_SSH_CRED_FILE_SHA\"}}}"
diff --git a/test/e2e/testdata/cmp-gitsshcreds/generate.sh b/test/e2e/testdata/cmp-gitsshcreds/generate.sh
index dfb5a285a0b84..2cfd4bf605759 100644
--- a/test/e2e/testdata/cmp-gitsshcreds/generate.sh
+++ b/test/e2e/testdata/cmp-gitsshcreds/generate.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 set -e
 FILE=$(echo "$GIT_SSH_COMMAND" | grep -oP '\-i \K[/\w]+')
-GIT_SSH_CRED_FILE_SHA=$(sha256sum ${FILE})
-echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitSSHCommand\":\"$GIT_SSH_COMMAND\", \"GitSSHCredsFileSHA\":\"$GIT_SSH_CRED_FILE_SHA\"}}}"
\ No newline at end of file
+GIT_SSH_CRED_FILE_SHA=$(sha256sum "${FILE}")
+echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"GitSSHCommand\":\"$GIT_SSH_COMMAND\", \"GitSSHCredsFileSHA\":\"$GIT_SSH_CRED_FILE_SHA\"}}}"
diff --git a/test/fixture/testrepos/start-authenticated-helm-registry.sh b/test/fixture/testrepos/start-authenticated-helm-registry.sh
index 3ae34863edd45..d969679a3fd92 100755
--- a/test/fixture/testrepos/start-authenticated-helm-registry.sh
+++ b/test/fixture/testrepos/start-authenticated-helm-registry.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
 export HELM_EXPERIMENTAL_OCI=1
-docker run -p 5001:5000 --rm --name authed-registry -v $(pwd)/test/fixture/testrepos/.oci-htpasswd:/etc/docker/registry/auth.htpasswd \
+docker run -p 5001:5000 --rm --name authed-registry -v "$(pwd)"/test/fixture/testrepos/.oci-htpasswd:/etc/docker/registry/auth.htpasswd \
 -e REGISTRY_AUTH="{htpasswd: {realm: localhost, path: /etc/docker/registry/auth.htpasswd}}" \
-registry
\ No newline at end of file
+registry
diff --git a/test/fixture/testrepos/start-git.sh b/test/fixture/testrepos/start-git.sh
index 4a660c29a7575..d9037285107f0 100755
--- a/test/fixture/testrepos/start-git.sh
+++ b/test/fixture/testrepos/start-git.sh
@@ -2,5 +2,5 @@
 
 docker run --name e2e-git --rm -i \
     -p 2222:2222 -p 9080:9080 -p 9443:9443 -p 9444:9444 -p 9445:9445 \
-    -w /go/src/github.com/argoproj/argo-cd -v $(pwd):/go/src/github.com/argoproj/argo-cd -v /tmp:/tmp docker.io/argoproj/argo-cd-ci-builder:v1.0.0 \
+    -w /go/src/github.com/argoproj/argo-cd -v "$(pwd)":/go/src/github.com/argoproj/argo-cd -v /tmp:/tmp docker.io/argoproj/argo-cd-ci-builder:v1.0.0 \
     bash -c "goreman -f ./test/fixture/testrepos/Procfile start"
diff --git a/test/remote/entrypoint.sh b/test/remote/entrypoint.sh
index ad2a3482d5811..3ddce37c9861d 100755
--- a/test/remote/entrypoint.sh
+++ b/test/remote/entrypoint.sh
@@ -2,11 +2,11 @@
 set -e
 
 if test "$(id -u)" == "0" -a "${USER_ID}" != ""; then
-  useradd -u ${USER_ID} -d /home/user -s /bin/bash ${USER_NAME:-default}
-  chown -R "${USER_NAME:-default}" ${GOCACHE}
+  useradd -u "${USER_ID}" -d /home/user -s /bin/bash "${USER_NAME:-default}"
+  chown -R "${USER_NAME:-default}" "${GOCACHE}"
 fi
 
 export PATH=$PATH:/usr/local/go/bin:/go/bin
 export GOROOT=/usr/local/go
 
-"$@"
\ No newline at end of file
+"$@"
diff --git a/test/remote/generate-permissions.sh b/test/remote/generate-permissions.sh
index f76b78f98eb0c..c4d9f1ba2ec90 100755
--- a/test/remote/generate-permissions.sh
+++ b/test/remote/generate-permissions.sh
@@ -1,8 +1,8 @@
 #!/bin/sh
 
-BASEPATH=$(dirname $0)
+BASEPATH=$(dirname "$0")
 PERMFILE=${BASEPATH}/argocd-remote-permissions.yaml
-if ! test -f ${PERMFILE}; then
+if ! test -f "${PERMFILE}"; then
 	echo "ERROR: $PERMFILE does not exist." >&2
 	exit 1
 fi
@@ -27,4 +27,4 @@ sed \
 	-e "s/##CONTROLLERSANAME##/${CONTROLLERSANAME}/g" \
 	-e "s/##SERVERSANAME##/${SERVERSANAME}/g" \
 	-e "s/##NAMESPACE##/${NAMESPACE}/g" \
-	$PERMFILE 
+	"$PERMFILE"
diff --git a/test/remote/run-e2e-remote.sh b/test/remote/run-e2e-remote.sh
index 04d3b990265d9..758a52e598aaa 100755
--- a/test/remote/run-e2e-remote.sh
+++ b/test/remote/run-e2e-remote.sh
@@ -17,7 +17,7 @@ export ARGOCD_E2E_DEFAULT_TIMEOUT=30
 
 # Set ARGOCD_E2E_NAMESPACE to the namespace the Argo CD we're testing against is
 # running in. Defaults to "argocd-e2e"
-export ARGOCD_E2E_NAMESPACE=${ARGOCD_E2E_NAMESPACE:-argocd-e2e}
+export ARGOCD_E2E_NAMESPACE="${ARGOCD_E2E_NAMESPACE:-argocd-e2e}"
 
 # Name prefix the operator sets on resources created for Argo CD instance. This
 # is usually also the name of the instance itself.
@@ -29,13 +29,13 @@ export ARGOCD_E2E_K3S=true
 # Configuration for skipping certain classes of tests
 
 # GnuPG features not yet available with GitOps Operator
-export ARGOCD_E2E_SKIP_GPG=${ARGOCD_E2E_SKIP_GPG:-false}
+export ARGOCD_E2E_SKIP_GPG="${ARGOCD_E2E_SKIP_GPG:-false}"
 # Some tests do not work OOTB with OpenShift
-export ARGOCD_E2E_SKIP_OPENSHIFT=${ARGOCD_E2E_SKIP_OPENSHIFT:-false}
+export ARGOCD_E2E_SKIP_OPENSHIFT="${ARGOCD_E2E_SKIP_OPENSHIFT:-false}"
 # Skip Helm tests
-export ARGOCD_E2E_SKIP_HELM=${ARGOCD_E2E_SKIP_HELM:-false}
+export ARGOCD_E2E_SKIP_HELM="${ARGOCD_E2E_SKIP_HELM:-false}"
 # Skip Ksonnet tests
-export ARGOCD_E2E_SKIP_KSONNET=${ARGOCD_E2E_SKIP_KSONNET:-false}
+export ARGOCD_E2E_SKIP_KSONNET="${ARGOCD_E2E_SKIP_KSONNET:-false}"
 
 ## ====================================================
 # no changes below this line required
@@ -50,7 +50,7 @@ export ARGOCD_E2E_HELM_SERVICE="http://127.0.0.1:9081/helm-repo"
 export ARGOCD_E2E_GIT_SERVICE_SUBMODULE="http://127.0.0.1:9081/argo-e2e/submodule.git"
 export ARGOCD_E2E_GIT_SERVICE_SUBMODULE_PARENT="http://127.0.0.1:9081/argo-e2e/submoduleParent.git"
 
-# URLs used during testing - usually no need to change thos
+# URLs used during testing - usually no need to change those
 export ARGOCD_E2E_REPO_SSH="ssh://root@argocd-e2e-server:2222/tmp/argo-e2e/testdata.git"
 export ARGOCD_E2E_REPO_SSH_SUBMODULE="ssh://root@argocd-e2e-server:2222/tmp/argo-e2e/submodule.git"
 export ARGOCD_E2E_REPO_SSH_SUBMODULE_PARENT="ssh://root@argocd-e2e-server:2222/tmp/argo-e2e/submoduleParent.git"
@@ -61,4 +61,4 @@ export ARGOCD_E2E_REPO_HTTPS_SUBMODULE_PARENT="https://argocd-e2e-server:9443/ar
 export ARGOCD_E2E_REPO_HELM="https://argocd-e2e-server:9444/helm-repo"
 export ARGOCD_E2E_REPO_DEFAULT="http://argocd-e2e-server:9081/argo-e2e/testdata.git"
 
-$*
+"$@"
diff --git a/ui/scripts/build_docker.sh b/ui/scripts/build_docker.sh
index 68c0ed1fffb91..a8fb4a1c19eac 100755
--- a/ui/scripts/build_docker.sh
+++ b/ui/scripts/build_docker.sh
@@ -4,9 +4,9 @@ set -e
 
 TAG=${IMAGE_TAG:-'latest'}
 
-docker build --build-arg ARGO_VERSION=${TAG} -t ${IMAGE_NAMESPACE:-$(whoami)}/argocd-ui:${TAG} .
+docker build --build-arg ARGO_VERSION="${TAG}" -t "${IMAGE_NAMESPACE:-$(whoami)}/argocd-ui:${TAG}" .
 
 if [ "$DOCKER_PUSH" == "true" ]
 then
-    docker push ${IMAGE_NAMESPACE:-$(whoami)}/argocd-ui:${TAG}
+    docker push "${IMAGE_NAMESPACE:-$(whoami)}/argocd-ui:${TAG}"
 fi

From 79668bd3051de7c41d3421de764b10e86b6a1e94 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 18 Jul 2025 09:13:37 -0400
Subject: [PATCH 158/383] chore(deps): bump library/registry from `45fbac2` to
 `3725021` in /test/container (#23842)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index ed96fa7e14cf7..1a6aad25f10ff 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -10,7 +10,7 @@ FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f3
 
 FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS golang
 
-FROM docker.io/library/registry:3.0@sha256:45fbac229389d0ee0d2ba80c92df8a2bd5896f51950b6070b6f92e8009955268 AS registry
+FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439b3f7c958c9c2fb941049ea6531d AS registry
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 

From d7b861dd7ea0e6cbb3433c4cca20503f11af9b4b Mon Sep 17 00:00:00 2001
From: JT <facing-russet0p@icloud.com>
Date: Sat, 19 Jul 2025 00:56:58 +1000
Subject: [PATCH 159/383] docs: Update Kustomize script in Custom Namespace
 Instructions (#23803)

Signed-off-by: JT <justin.taylor@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/installation.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/operator-manual/installation.md b/docs/operator-manual/installation.md
index 35e4d6bb07187..ed556be2205a1 100644
--- a/docs/operator-manual/installation.md
+++ b/docs/operator-manual/installation.md
@@ -79,7 +79,7 @@ kind: Kustomization
 
 namespace: argocd
 resources:
-- https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml
+- https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
 ```
 
 For an example of this, see the [kustomization.yaml](https://github.com/argoproj/argoproj-deployments/blob/master/argocd/kustomization.yaml)
@@ -95,7 +95,8 @@ kind: Kustomization
 
 namespace: <your-custom-namespace>
 resources:
-  - https://raw.githubusercontent.com/argoproj/argo-cd/v2.7.2/manifests/install.yaml
+  - https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+
 
 patches:
   - patch: |-

From db5682684ddc9a1a9090b55fd6c006350012c191 Mon Sep 17 00:00:00 2001
From: Keith Chong <kykchong@redhat.com>
Date: Fri, 18 Jul 2025 14:23:52 -0400
Subject: [PATCH 160/383] fix: Selecting repoType in dropdown doesn't do
 anything (#23747) (#23750)

Signed-off-by: Keith Chong <kykchong@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-create-panel.tsx              | 39 +++++++++++++++++--
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
index f9a5d20ecdb68..46d00db570e32 100644
--- a/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
+++ b/ui/src/app/applications/components/application-create-panel/application-create-panel.tsx
@@ -117,6 +117,9 @@ export const ApplicationCreatePanel = (props: {
     const debouncedOnAppChanged = debounce(props.onAppChanged, 800);
     const [destinationFieldChanges, setDestinationFieldChanges] = React.useState({destFormat: 'URL', destFormatChanged: null});
     const comboSwitchedFromPanel = React.useRef(false);
+    const currentRepoType = React.useRef(undefined);
+    const lastGitOrHelmUrl = React.useRef('');
+    const lastOciUrl = React.useRef('');
     let destinationComboValue = destinationFieldChanges.destFormat;
 
     React.useEffect(() => {
@@ -198,7 +201,7 @@ export const ApplicationCreatePanel = (props: {
                 const repos = reposInfo.map(info => info.repo).sort();
                 const repoInfo = reposInfo.find(info => info.repo === app.spec.source.repoURL);
                 if (repoInfo) {
-                    normalizeAppSource(app, repoInfo.type || 'git');
+                    normalizeAppSource(app, repoInfo.type || currentRepoType.current || 'git');
                 }
                 return (
                     <div className='application-create-panel'>
@@ -334,9 +337,39 @@ export const ApplicationCreatePanel = (props: {
                                                                     action: () => {
                                                                         if (repoType !== type) {
                                                                             const updatedApp = api.getFormState().values as models.Application;
-                                                                            if (normalizeAppSource(updatedApp, type)) {
-                                                                                api.setAllValues(updatedApp);
+                                                                            const source = getAppDefaultSource(updatedApp);
+                                                                            // Save the previous URL value for later use
+                                                                            if (repoType === 'git' || repoType === 'helm') {
+                                                                                lastGitOrHelmUrl.current = source.repoURL;
+                                                                            } else {
+                                                                                lastOciUrl.current = source.repoURL;
                                                                             }
+                                                                            currentRepoType.current = type;
+                                                                            switch (type) {
+                                                                                case 'git':
+                                                                                case 'oci':
+                                                                                    if (source.hasOwnProperty('chart')) {
+                                                                                        source.path = source.chart;
+                                                                                        delete source.chart;
+                                                                                    }
+                                                                                    source.targetRevision = 'HEAD';
+                                                                                    source.repoURL =
+                                                                                        type === 'git'
+                                                                                            ? lastGitOrHelmUrl.current
+                                                                                            : lastOciUrl.current === ''
+                                                                                              ? 'oci://'
+                                                                                              : lastOciUrl.current;
+                                                                                    break;
+                                                                                case 'helm':
+                                                                                    if (source.hasOwnProperty('path')) {
+                                                                                        source.chart = source.path;
+                                                                                        delete source.path;
+                                                                                    }
+                                                                                    source.targetRevision = '';
+                                                                                    source.repoURL = lastGitOrHelmUrl.current;
+                                                                                    break;
+                                                                            }
+                                                                            api.setAllValues(updatedApp);
                                                                         }
                                                                     }
                                                                 }))}

From b235c5da2a76138d86b33e569666915084773c87 Mon Sep 17 00:00:00 2001
From: gyu-young-park <44598664+gyu-young-park@users.noreply.github.com>
Date: Sat, 19 Jul 2025 22:40:42 +0900
Subject: [PATCH 161/383] fix(cli): correct typo in bcrypt error message
 (#23849)

Signed-off-by: gyu-young-park <gyoue200125@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/bcrypt.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/argocd/commands/bcrypt.go b/cmd/argocd/commands/bcrypt.go
index 7b0b1a75afb73..b1e5bcac65f10 100644
--- a/cmd/argocd/commands/bcrypt.go
+++ b/cmd/argocd/commands/bcrypt.go
@@ -21,7 +21,7 @@ argocd account bcrypt --password YOUR_PASSWORD`,
 			// Hashing the password
 			hash, err := bcrypt.GenerateFromPassword(bytePassword, bcrypt.DefaultCost)
 			if err != nil {
-				log.Fatalf("Failed to genarate bcrypt hash: %v", err)
+				log.Fatalf("Failed to generate bcrypt hash: %v", err)
 			}
 			fmt.Fprint(cmd.OutOrStdout(), string(hash))
 		},

From b52600a6f69472e5aca4f0db8e1f13cb565b3f96 Mon Sep 17 00:00:00 2001
From: dmgress <dmgress@users.noreply.github.com>
Date: Mon, 21 Jul 2025 01:22:59 +0200
Subject: [PATCH 162/383] docs: rewrite section on self-heal and autosync for
 clarity (#23812)

Signed-off-by: dmgress <dmgress@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/auto_sync.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/user-guide/auto_sync.md b/docs/user-guide/auto_sync.md
index 7da2cc5be4cf4..7ff526da6996e 100644
--- a/docs/user-guide/auto_sync.md
+++ b/docs/user-guide/auto_sync.md
@@ -91,7 +91,8 @@ spec:
       selfHeal: true
 ```
 
-Disabling self-heal does not guarantee that live cluster changes won't be reverted in multi-source applications. Even if a resource's source remains unchanged, changes in one of the sources can trigger `autosync`. To handle such cases, consider disabling `autosync`.
+!!!note 
+    Disabling self-heal does not guarantee that live cluster changes in multi-source applications will persist. Although one of the resource's sources remains unchanged, changes in another can trigger `autosync`. To handle such cases, consider disabling `autosync`.
 
 ## Automated Sync Semantics
 

From 941c30f37194e4c6eeae909b121f3102ba6abf6b Mon Sep 17 00:00:00 2001
From: downfa11 <124482256+downfa11@users.noreply.github.com>
Date: Mon, 21 Jul 2025 08:26:04 +0900
Subject: [PATCH 163/383] docs(cli): add command `argocd repo get` examples
 (#23843)

Signed-off-by: downfa11 <downfa11@naver.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/repo.go                 | 21 +++++++++++++++++++--
 docs/user-guide/commands/argocd_repo_get.md | 18 ++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go
index da482e8f1365f..e138ddcd1c495 100644
--- a/cmd/argocd/commands/repo.go
+++ b/cmd/argocd/commands/repo.go
@@ -391,9 +391,26 @@ func NewRepoGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 		refresh string
 		project string
 	)
+
+	// For better readability and easier formatting
+	repoGetExamples := `
+  # Get Git or Helm repository details in wide format (default, '-o wide')
+  argocd repo get https://git.example.com/repos/repo
+
+  # Get repository details in YAML format
+  argocd repo get https://git.example.com/repos/repo -o yaml
+
+  # Get repository details in JSON format
+  argocd repo get https://git.example.com/repos/repo -o json
+
+  # Get repository URL
+  argocd repo get https://git.example.com/repos/repo -o url
+`
+
 	command := &cobra.Command{
-		Use:   "get REPO",
-		Short: "Get a configured repository by URL",
+		Use:     "get REPO",
+		Short:   "Get a configured repository by URL",
+		Example: repoGetExamples,
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 
diff --git a/docs/user-guide/commands/argocd_repo_get.md b/docs/user-guide/commands/argocd_repo_get.md
index 51a89ac08fb5d..36a783af5a20e 100644
--- a/docs/user-guide/commands/argocd_repo_get.md
+++ b/docs/user-guide/commands/argocd_repo_get.md
@@ -8,6 +8,24 @@ Get a configured repository by URL
 argocd repo get REPO [flags]
 ```
 
+### Examples
+
+```
+
+  # Get Git or Helm repository details in wide format (default, '-o wide')
+  argocd repo get https://git.example.com/repos/repo
+
+  # Get repository details in YAML format
+  argocd repo get https://git.example.com/repos/repo -o yaml
+
+  # Get repository details in JSON format
+  argocd repo get https://git.example.com/repos/repo -o json
+
+  # Get repository URL
+  argocd repo get https://git.example.com/repos/repo -o url
+
+```
+
 ### Options
 
 ```

From ca2a302f42b8aa9f170607f133d3e979462b286c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 20 Jul 2025 19:26:21 -0400
Subject: [PATCH 164/383] chore(deps): bump sigstore/cosign-installer from
 3.9.1 to 3.9.2 (#23841)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/image-reuse.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index 031efb9de7625..26a35fc1e09da 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -73,7 +73,7 @@ jobs:
           cache: false
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+        uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
 
       - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
       - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

From 8bf4e14fc5600b73284f5021114aae4d681421d1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 20 Jul 2025 19:30:41 -0400
Subject: [PATCH 165/383] chore(deps): bump github.com/golang-jwt/jwt/v5 from
 5.2.2 to 5.2.3 (#23802)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 39663d5c2f666..962111e39550d 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/gogits/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/gogo/protobuf v1.3.2
-	github.com/golang-jwt/jwt/v5 v5.2.2
+	github.com/golang-jwt/jwt/v5 v5.2.3
 	github.com/golang/protobuf v1.5.4
 	github.com/google/btree v1.1.3
 	github.com/google/go-cmp v0.7.0
diff --git a/go.sum b/go.sum
index 24e572c62f6ac..b17b35514df53 100644
--- a/go.sum
+++ b/go.sum
@@ -395,8 +395,8 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
-github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.3 h1:kkGXqQOBSDDWRhWNXTFpqGSCMyh/PLnqUvMGJPDJDs0=
+github.com/golang-jwt/jwt/v5 v5.2.3/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.2.5 h1:DrW6hGnjIhtvhOIiAKT6Psh/Kd/ldepEa81DKeiRJ5I=
 github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=

From 1b7917ebc690cb64b816861ace95655757b94eb9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 21 Jul 2025 13:50:49 +0000
Subject: [PATCH 166/383] [Bot] docs: Update Snyk report (#23852)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   8 +-
 docs/snyk/master/argocd-iac-install.html      |   2 +-
 .../master/argocd-iac-namespace-install.html  |   2 +-
 docs/snyk/master/argocd-test.html             |   2 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    |   2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |   2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_latest.html       | 229 ++++++++----------
 docs/snyk/v2.13.8/argocd-iac-install.html     |   2 +-
 .../v2.13.8/argocd-iac-namespace-install.html |   2 +-
 docs/snyk/v2.13.8/argocd-test.html            |   2 +-
 .../v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html   |   2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |   2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v2.13.8.html      |  99 +++++++-
 docs/snyk/v2.13.8/redis_7.0.15-alpine.html    |   2 +-
 docs/snyk/v2.14.15/argocd-iac-install.html    |   2 +-
 .../argocd-iac-namespace-install.html         |   2 +-
 docs/snyk/v2.14.15/argocd-test.html           |   2 +-
 .../v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html  |   2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |   2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v2.14.15.html     |  99 +++++++-
 docs/snyk/v2.14.15/redis_7.0.15-alpine.html   |   2 +-
 docs/snyk/v3.0.11/argocd-iac-install.html     |   2 +-
 .../v3.0.11/argocd-iac-namespace-install.html |   2 +-
 docs/snyk/v3.0.11/argocd-test.html            |   2 +-
 .../v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html   |   2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |   2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v3.0.11.html      |  98 +++++++-
 docs/snyk/v3.0.11/redis_7.2.7-alpine.html     |   2 +-
 docs/snyk/v3.1.0-rc3/argocd-iac-install.html  |   2 +-
 .../argocd-iac-namespace-install.html         |   2 +-
 docs/snyk/v3.1.0-rc3/argocd-test.html         |   2 +-
 .../ghcr.io_dexidp_dex_v2.43.0.html           |   2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |   2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |   2 +-
 .../quay.io_argoproj_argocd_v3.1.0-rc3.html   |  98 +++++++-
 39 files changed, 512 insertions(+), 185 deletions(-)

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index 66e06c33da2c8..32f885822338f 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -31,7 +31,7 @@ recent minor releases.
 | [dex:v2.43.0](v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
 | [haproxy:3.0.8-alpine](v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.1.0-rc3](v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html) | 0 | 0 | 8 | 9 |
+| [argocd:v3.1.0-rc3](v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html) | 0 | 0 | 9 | 9 |
 | [install.yaml](v3.1.0-rc3/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v3.1.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - |
 
@@ -44,7 +44,7 @@ recent minor releases.
 | [dex:v2.41.1](v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:3.0.8-alpine](v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.0.11](v3.0.11/quay.io_argoproj_argocd_v3.0.11.html) | 0 | 0 | 8 | 9 |
+| [argocd:v3.0.11](v3.0.11/quay.io_argoproj_argocd_v3.0.11.html) | 0 | 0 | 9 | 9 |
 | [redis:7.2.7-alpine](v3.0.11/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](v3.0.11/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v3.0.11/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -58,7 +58,7 @@ recent minor releases.
 | [dex:v2.41.1](v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 21 | 9 |
+| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 22 | 9 |
 | [redis:7.0.15-alpine](v2.14.15/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.14.15/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.14.15/argocd-iac-namespace-install.html) | - | - | - | - |
@@ -72,7 +72,7 @@ recent minor releases.
 | [dex:v2.41.1](v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 23 | 9 |
+| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 24 | 9 |
 | [redis:7.0.15-alpine](v2.13.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.13.8/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.13.8/argocd-iac-namespace-install.html) | - | - | - | - |
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index 805b6241dd6d8..178339053add1 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:26:39 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:26:55 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index 154e1e4a4ed00..bca59c9e254d2 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:26:49 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:27:05 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index 406197b7e75ba..0065617e1482b 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:24:27 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:24:46 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index 81d4015bc4492..39104bfb03cd2 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:24:38 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:24:55 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index f03466157ddce..f0f650e6b27b9 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:24:43 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:25:00 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 8cb9f5b9dbf5b..95a7cfb773041 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:24:48 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:25:05 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index dda4d6e08b527..e34acb785369b 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="22 known vulnerabilities found in 82 vulnerable dependency paths.">
+  <meta name="description" content="22 known vulnerabilities found in 81 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:25:07 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:25:24 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -502,7 +502,7 @@ <h1 class="project__header__title">Snyk test report</h1>
     
               <div class="meta-counts">
                 <div class="meta-count"><span>22</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>82 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>81 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2322</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -511,6 +511,90 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:25.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            tar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and tar@1.35+dfsg-3.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dpkg@1.22.18ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>tar</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
+        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
+        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-TAR-10769054">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Improper Authentication</h2>
             <div class="card__section">
@@ -1039,109 +1123,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795712">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">NULL Pointer Dereference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691374">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Double Free</h2>
@@ -1187,7 +1168,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1200,7 +1181,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1215,7 +1196,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1291,7 +1272,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1304,7 +1285,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1319,7 +1300,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1394,7 +1375,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu23.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1407,7 +1388,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1422,7 +1403,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3
+                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
                                         
                                 </span>
         
@@ -1480,7 +1461,7 @@ <h2 class="card__title">CVE-2025-5745</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1
+                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1.1
         
                     </li>
                 </ul>
@@ -1495,7 +1476,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.41-6ubuntu1
+                                        glibc/libc-bin@2.41-6ubuntu1.1
                                         
                                 </span>
         
@@ -1504,7 +1485,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.41-6ubuntu1
+                                        glibc/libc6@2.41-6ubuntu1.1
                                         
                                 </span>
         
@@ -1561,7 +1542,7 @@ <h2 class="card__title">CVE-2025-5702</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1
+                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1.1
         
                     </li>
                 </ul>
@@ -1576,7 +1557,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.41-6ubuntu1
+                                        glibc/libc-bin@2.41-6ubuntu1.1
                                         
                                 </span>
         
@@ -1585,7 +1566,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.41-6ubuntu1
+                                        glibc/libc6@2.41-6ubuntu1.1
                                         
                                 </span>
         
@@ -2675,7 +2656,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1
+                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1.1
         
                     </li>
                 </ul>
@@ -2690,7 +2671,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.41-6ubuntu1
+                                        glibc/libc-bin@2.41-6ubuntu1.1
                                         
                                 </span>
         
@@ -2699,7 +2680,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         docker-image|quay.io/argoproj/argocd@latest
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.41-6ubuntu1
+                                        glibc/libc6@2.41-6ubuntu1.1
                                         
                                 </span>
         
diff --git a/docs/snyk/v2.13.8/argocd-iac-install.html b/docs/snyk/v2.13.8/argocd-iac-install.html
index 5f055bb21a6f0..c6f3b94de8828 100644
--- a/docs/snyk/v2.13.8/argocd-iac-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:37:15 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:37:23 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
index 07a65ec792944..f15d7a561871d 100644
--- a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:37:25 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:37:32 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/argocd-test.html b/docs/snyk/v2.13.8/argocd-test.html
index f3cc29348bcf2..9b49cb2bb5047 100644
--- a/docs/snyk/v2.13.8/argocd-test.html
+++ b/docs/snyk/v2.13.8/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:35:08 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:20 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
index cc66cca72ab41..b02f33b2b4584 100644
--- a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:35:17 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:28 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index fca34e6eaed06..62d9ae59eca3f 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:35:20 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:32 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index f1a60f771f0c4..1a9ae8965600e 100644
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:35:25 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:35 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
index 6a71c617b1612..1cb0f06498772 100644
--- a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
+++ b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="48 known vulnerabilities found in 172 vulnerable dependency paths.">
+  <meta name="description" content="49 known vulnerabilities found in 174 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:35:45 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:55 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>48</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>172 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>49</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>174 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2361</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -813,6 +813,92 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            tar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.13.8 and tar@1.35+dfsg-3build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.13.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dash@0.5.12-6ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dpkg@1.22.6ubuntu6.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
+        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
+        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Race Condition</h2>
@@ -1281,6 +1367,7 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10362">https://access.redhat.com/errata/RHSA-2025:10362</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:11386">https://access.redhat.com/errata/RHSA-2025:11386</a></li>
         </ul>
         
               <hr/>
@@ -2763,9 +2850,9 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
diff --git a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
index 2869e6e91304e..975b6d96b9d64 100644
--- a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:35:49 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:59 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-install.html b/docs/snyk/v2.14.15/argocd-iac-install.html
index de74f6a16b81a..b9c8517f44ed5 100644
--- a/docs/snyk/v2.14.15/argocd-iac-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:34:43 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:34:55 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
index 4139f7aeea695..6253d028695e9 100644
--- a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:34:53 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:35:06 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-test.html b/docs/snyk/v2.14.15/argocd-test.html
index d6f581f6f99fa..68f31fd8408b0 100644
--- a/docs/snyk/v2.14.15/argocd-test.html
+++ b/docs/snyk/v2.14.15/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:32:25 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:32:35 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
index f4c7a2b22c474..bdef23ec03032 100644
--- a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:32:33 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:32:42 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index d31dd2e0e6324..d34da200ae183 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:32:39 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:32:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index e8764352162f2..74d2e03ea7b68 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:32:45 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:32:53 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
index 56aa16f5d1516..59c8e996e488f 100644
--- a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
+++ b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="41 known vulnerabilities found in 143 vulnerable dependency paths.">
+  <meta name="description" content="42 known vulnerabilities found in 145 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:33:05 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:33:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>41</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>143 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>42</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>145 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -668,6 +668,92 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            tar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.15 and tar@1.35+dfsg-3build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dash@0.5.12-6ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dpkg@1.22.6ubuntu6.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
+        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
+        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
@@ -911,6 +997,7 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10362">https://access.redhat.com/errata/RHSA-2025:10362</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:11386">https://access.redhat.com/errata/RHSA-2025:11386</a></li>
         </ul>
         
               <hr/>
@@ -2170,9 +2257,9 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
diff --git a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
index 25d9c35a928b7..b46113d7b3350 100644
--- a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:33:11 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:33:26 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/argocd-iac-install.html b/docs/snyk/v3.0.11/argocd-iac-install.html
index 03766898fd36a..f0e9ab1f84be6 100644
--- a/docs/snyk/v3.0.11/argocd-iac-install.html
+++ b/docs/snyk/v3.0.11/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:31:53 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:32:02 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.11/argocd-iac-namespace-install.html b/docs/snyk/v3.0.11/argocd-iac-namespace-install.html
index 50adba9563d12..463aac4b71a77 100644
--- a/docs/snyk/v3.0.11/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.11/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:32:03 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:32:13 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.11/argocd-test.html b/docs/snyk/v3.0.11/argocd-test.html
index 696b673e4d2c3..40acfe388904b 100644
--- a/docs/snyk/v3.0.11/argocd-test.html
+++ b/docs/snyk/v3.0.11/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:29:39 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:29:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
index 8cd1fa4ee0fa9..204722e1ede8a 100644
--- a/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:29:48 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:30:00 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 1ea80e08a60f1..336bd8f2340d9 100644
--- a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:29:51 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:30:04 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 372650c6a5e56..83f4ed67f14ef 100644
--- a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:29:56 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:30:08 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html b/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
index 785b09182c511..f166b27a16413 100644
--- a/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
+++ b/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="27 known vulnerabilities found in 104 vulnerable dependency paths.">
+  <meta name="description" content="28 known vulnerabilities found in 106 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:30:15 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:30:27 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>27</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>104 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>28</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>106 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -726,6 +726,92 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            tar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.0.11 and tar@1.35+dfsg-3build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dash@0.5.12-6ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dpkg@1.22.6ubuntu6.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
+        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
+        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
@@ -1460,9 +1546,9 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
diff --git a/docs/snyk/v3.0.11/redis_7.2.7-alpine.html b/docs/snyk/v3.0.11/redis_7.2.7-alpine.html
index 8819c046dc7fd..3e2a3ed3ebea4 100644
--- a/docs/snyk/v3.0.11/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.11/redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:30:21 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:30:32 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/argocd-iac-install.html b/docs/snyk/v3.1.0-rc3/argocd-iac-install.html
index 8dbccfc48fed1..20680afac1134 100644
--- a/docs/snyk/v3.1.0-rc3/argocd-iac-install.html
+++ b/docs/snyk/v3.1.0-rc3/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:29:09 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:29:21 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
index 14e6dc7774433..2a53df8da0281 100644
--- a/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:29:19 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:29:33 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc3/argocd-test.html b/docs/snyk/v3.1.0-rc3/argocd-test.html
index 1480ac2f7768a..1927e090265d4 100644
--- a/docs/snyk/v3.1.0-rc3/argocd-test.html
+++ b/docs/snyk/v3.1.0-rc3/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:27:02 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:27:17 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
index 8e03f84aa0add..c5295012bb1b4 100644
--- a/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:27:08 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:27:23 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 9b52a3d266027..ae1728a0524dd 100644
--- a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:27:11 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:27:27 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 888fbd5fd82a8..553a1ecb1c853 100644
--- a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:27:15 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:27:31 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html b/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
index 5af9c990c7cfc..ca0a53b5e0ba4 100644
--- a/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
+++ b/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="23 known vulnerabilities found in 100 vulnerable dependency paths.">
+  <meta name="description" content="24 known vulnerabilities found in 102 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 13th 2025, 12:27:38 am (UTC+00:00)</p>
+                <p class="timestamp">July 20th 2025, 12:27:51 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>23</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>100 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>102 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2319</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -511,6 +511,92 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            tar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and tar@1.35+dfsg-3build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dash@0.5.12-6ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dpkg@1.22.6ubuntu6.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
+        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
+        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
             <div class="card__section">
@@ -1117,9 +1203,9 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.</p>
+        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>

From 553d551ff1351afdb14343617847ef6bc5f3b81b Mon Sep 17 00:00:00 2001
From: Linghao Su <linghao.su@daocloud.io>
Date: Mon, 21 Jul 2025 21:54:12 +0800
Subject: [PATCH 167/383] fix(ui): fix filter header label wrap (#23560)

Signed-off-by: linghaoSu <linghao.su@daocloud.io>
Signed-off-by: choejwoo <jaewoo45@gmail.com>
Co-authored-by: Jaewoo Choi <jaewoo45@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../components/filter/filter.scss             | 19 ++++++++++++++++++-
 .../applications/components/filter/filter.tsx |  4 +++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/ui/src/app/applications/components/filter/filter.scss b/ui/src/app/applications/components/filter/filter.scss
index 9aa48bb91e06c..4eeb9fd3dd820 100644
--- a/ui/src/app/applications/components/filter/filter.scss
+++ b/ui/src/app/applications/components/filter/filter.scss
@@ -22,17 +22,33 @@ $slate: #191826;
         display: flex;
         align-items: center;
 
+        &__label {
+            overflow: hidden;
+            text-overflow: ellipsis;
+            white-space: nowrap;
+        }
+
         .argo-button {
+            flex: none;
             margin-left: auto;
             background: $slate;
             font-size: 10px;
             font-weight: bold;
 
+            width: 35px;
+            overflow: hidden;
+            height: 25px;
+            line-height: 25px;
+            padding: 0 2px;
+            min-width: unset;
+
             i {
                 margin-right: 2px;
             }
 
             &:hover {
+                padding: 0 14px;
+                width: unset;
                 background: $sidebar-color !important;
             }
         }
@@ -99,6 +115,7 @@ $slate: #191826;
     display: flex;
     flex-wrap: wrap;
     margin-top: 2em;
+    
     &__toggle {
         display: none;
         cursor: pointer;
@@ -132,7 +149,7 @@ $slate: #191826;
         align-items: center;
         height: 1.5em;
         margin-bottom: 0em;
-        margin-top: -1.5em;
+        margin-top: -3.5em;
 
         .argo-button {
             margin-left: auto;
diff --git a/ui/src/app/applications/components/filter/filter.tsx b/ui/src/app/applications/components/filter/filter.tsx
index cf3b2be9e0d12..b9cb625653d34 100644
--- a/ui/src/app/applications/components/filter/filter.tsx
+++ b/ui/src/app/applications/components/filter/filter.tsx
@@ -121,7 +121,9 @@ export const Filter = (props: FilterProps) => {
     return (
         <div className='filter' key={totalCount + props.label}>
             <div className='filter__header'>
-                {props.label || 'FILTER'}
+                <span className='filter__header__label' title={props.label || 'FILTER'}>
+                    {props.label || 'FILTER'}
+                </span>
                 {(props.selected || []).length > 0 || (props.field && Object.keys(values).length > 0) ? (
                     <button
                         className='argo-button argo-button--base argo-button--sm argo-button--right'

From 65f7708eb9d1fde92905a6e03c803d0264e6fbd6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Jul 2025 07:50:02 -0400
Subject: [PATCH 168/383] chore(deps): bump form-data from 4.0.0 to 4.0.4 in
 /ui (#23876)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/yarn.lock | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/ui/yarn.lock b/ui/yarn.lock
index 68c7a8bac40e1..bd41868aad4a1 100644
--- a/ui/yarn.lock
+++ b/ui/yarn.lock
@@ -3957,6 +3957,16 @@ es-set-tostringtag@^2.0.3:
     has-tostringtag "^1.0.2"
     hasown "^2.0.1"
 
+es-set-tostringtag@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz#f31dbbe0c183b00a6d26eb6325c810c0fd18bd4d"
+  integrity sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
+  dependencies:
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.6"
+    has-tostringtag "^1.0.2"
+    hasown "^2.0.2"
+
 es-shim-unscopables@^1.0.0, es-shim-unscopables@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/es-shim-unscopables/-/es-shim-unscopables-1.0.2.tgz#1f6942e71ecc7835ed1c8a83006d8771a63a3763"
@@ -4654,12 +4664,14 @@ foreach@^2.0.4:
   integrity sha1-C+4AUBiusmDQo6865ljdATbsG5k=
 
 form-data@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
-  integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4"
+  integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==
   dependencies:
     asynckit "^0.4.0"
     combined-stream "^1.0.8"
+    es-set-tostringtag "^2.1.0"
+    hasown "^2.0.2"
     mime-types "^2.1.12"
 
 formidable@^2.1.2:

From a4a14f101265432f85957171ec6db1acbdd76994 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 22 Jul 2025 07:50:27 -0400
Subject: [PATCH 169/383] chore(deps): bump form-data from 4.0.0 to 4.0.4 in
 /ui-test (#23875)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui-test/yarn.lock | 95 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 91 insertions(+), 4 deletions(-)

diff --git a/ui-test/yarn.lock b/ui-test/yarn.lock
index b69f90bde2f14..36007a048e8fe 100644
--- a/ui-test/yarn.lock
+++ b/ui-test/yarn.lock
@@ -221,6 +221,14 @@ builtin-modules@^1.1.1:
   resolved "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz"
   integrity sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8=
 
+call-bind-apply-helpers@^1.0.1, call-bind-apply-helpers@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz#4b5428c222be985d79c3d82657479dbe0b59b2d6"
+  integrity sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==
+  dependencies:
+    es-errors "^1.3.0"
+    function-bind "^1.1.2"
+
 call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.7:
   version "1.0.7"
   resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.7.tgz#06016599c40c56498c18769d2730be242b6fa3b9"
@@ -426,6 +434,15 @@ dotenv@^16.5.0:
   resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.5.0.tgz#092b49f25f808f020050051d1ff258e404c78692"
   integrity sha512-m/C+AwOAr9/W1UOIZUo232ejMNnJAJtYQjUbHoNTBNTJSvqzzDh7vnrei3o3r3m9blf6ZoDkvcw0VmozNRFJxg==
 
+dunder-proto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/dunder-proto/-/dunder-proto-1.0.1.tgz#d7ae667e1dc83482f8b70fd0f6eefc50da30f58a"
+  integrity sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==
+  dependencies:
+    call-bind-apply-helpers "^1.0.1"
+    es-errors "^1.3.0"
+    gopd "^1.2.0"
+
 eastasianwidth@^0.2.0:
   version "0.2.0"
   resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb"
@@ -473,11 +490,33 @@ es-define-property@^1.0.0:
   dependencies:
     get-intrinsic "^1.2.4"
 
+es-define-property@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.1.tgz#983eb2f9a6724e9303f61addf011c72e09e0b0fa"
+  integrity sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==
+
 es-errors@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f"
   integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
 
+es-object-atoms@^1.0.0, es-object-atoms@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz#1c4f2c4837327597ce69d2ca190a7fdd172338c1"
+  integrity sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==
+  dependencies:
+    es-errors "^1.3.0"
+
+es-set-tostringtag@^2.1.0:
+  version "2.1.0"
+  resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz#f31dbbe0c183b00a6d26eb6325c810c0fd18bd4d"
+  integrity sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
+  dependencies:
+    es-errors "^1.3.0"
+    get-intrinsic "^1.2.6"
+    has-tostringtag "^1.0.2"
+    hasown "^2.0.2"
+
 es-to-primitive@^1.2.1:
   version "1.2.1"
   resolved "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz"
@@ -591,12 +630,14 @@ foreground-child@^3.1.0:
     signal-exit "^4.0.1"
 
 form-data@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452"
-  integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4"
+  integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==
   dependencies:
     asynckit "^0.4.0"
     combined-stream "^1.0.8"
+    es-set-tostringtag "^2.1.0"
+    hasown "^2.0.2"
     mime-types "^2.1.12"
 
 fs-extra@^11.2.0:
@@ -639,6 +680,30 @@ get-intrinsic@^1.1.3, get-intrinsic@^1.2.4:
     has-symbols "^1.0.3"
     hasown "^2.0.0"
 
+get-intrinsic@^1.2.6:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01"
+  integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
+  dependencies:
+    call-bind-apply-helpers "^1.0.2"
+    es-define-property "^1.0.1"
+    es-errors "^1.3.0"
+    es-object-atoms "^1.1.1"
+    function-bind "^1.1.2"
+    get-proto "^1.0.1"
+    gopd "^1.2.0"
+    has-symbols "^1.1.0"
+    hasown "^2.0.2"
+    math-intrinsics "^1.1.0"
+
+get-proto@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/get-proto/-/get-proto-1.0.1.tgz#150b3f2743869ef3e851ec0c49d15b1d14d00ee1"
+  integrity sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==
+  dependencies:
+    dunder-proto "^1.0.1"
+    es-object-atoms "^1.0.0"
+
 get-stream@^5.1.0:
   version "5.2.0"
   resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-5.2.0.tgz#4966a1795ee5ace65e706c4b7beb71257d6e22d3"
@@ -687,6 +752,11 @@ gopd@^1.0.1:
   dependencies:
     get-intrinsic "^1.1.3"
 
+gopd@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1"
+  integrity sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==
+
 graceful-fs@^4.1.6, graceful-fs@^4.2.0:
   version "4.2.11"
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
@@ -724,6 +794,18 @@ has-symbols@^1.0.3:
   resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8"
   integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==
 
+has-symbols@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338"
+  integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
+
+has-tostringtag@^1.0.2:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc"
+  integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
+  dependencies:
+    has-symbols "^1.0.3"
+
 has@^1.0.3:
   version "1.0.3"
   resolved "https://registry.npmjs.org/has/-/has-1.0.3.tgz"
@@ -731,7 +813,7 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
-hasown@^2.0.0:
+hasown@^2.0.0, hasown@^2.0.2:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003"
   integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==
@@ -991,6 +1073,11 @@ lru-cache@^7.14.1:
   resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.18.3.tgz#f793896e0fd0e954a59dfdd82f0773808df6aa89"
   integrity sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==
 
+math-intrinsics@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz#a0dd74be81e2aa5c2f27e65ce283605ee4e2b7f9"
+  integrity sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==
+
 mime-db@1.52.0:
   version "1.52.0"
   resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70"

From 7cc5ecf8962248c88c48ec12f72fdfa7f3bb51cf Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 22 Jul 2025 07:55:59 -0400
Subject: [PATCH 170/383] chore(deps): update module
 github.com/golangci/golangci-lint to v2.3.0 (#23874)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml       | 2 +-
 hack/installers/install-lint-tools.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 74d73012fe332..7bff5adfa9231 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -112,7 +112,7 @@ jobs:
         uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
         with:
           # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
-          version: v2.2.2
+          version: v2.3.0
           args: --verbose
 
   test-go:
diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh
index 3032b5e51f4a5..c727cc2c4fb9f 100755
--- a/hack/installers/install-lint-tools.sh
+++ b/hack/installers/install-lint-tools.sh
@@ -2,6 +2,6 @@
 set -eux -o pipefail
 
 # renovate: datasource=go packageName=github.com/golangci/golangci-lint
-GOLANGCI_LINT_VERSION=2.2.2
+GOLANGCI_LINT_VERSION=2.3.0
 
 GO111MODULE=on go install "github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v${GOLANGCI_LINT_VERSION}"

From 6c958865db85a67899317621b6fb1eafbdf9a90b Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 22 Jul 2025 08:04:57 -0700
Subject: [PATCH 171/383] feat(health): add health checks for GitOps Promoter
 (#23663)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../ArgoCDCommitStatus/health.lua             |  50 ++++++
 .../ArgoCDCommitStatus/health_test.yaml       |  29 +++
 .../testdata/all-healthy.yaml                 |  20 +++
 .../ArgoCDCommitStatus/testdata/deleting.yaml |   5 +
 .../testdata/no-applications.yaml             |  12 ++
 .../testdata/no-ready-condition.yaml          |  11 ++
 .../testdata/no-status.yaml                   |   4 +
 .../observed-generation-outdated.yaml         |  11 ++
 .../testdata/reconcile-error.yaml             |  12 ++
 .../ChangeTransferPolicy/health.lua           | 121 +++++++++++++
 .../ChangeTransferPolicy/health_test.yaml     |  37 ++++
 .../testdata/active-dry-sha-missing.yaml      |  18 ++
 .../testdata/all-healthy.yaml                 |  19 ++
 .../testdata/deleting.yaml                    |   5 +
 .../testdata/no-ready-condition.yaml          |  10 ++
 .../testdata/no-status.yaml                   |   4 +
 .../observed-generation-outdated.yaml         |  13 ++
 .../testdata/progressing-failed-pending.yaml  |  22 +++
 .../testdata/proposed-dry-sha-missing.yaml    |  18 ++
 .../testdata/reconcile-error.yaml             |  13 ++
 .../CommitStatus/health.lua                   |  50 ++++++
 .../CommitStatus/health_test.yaml             |  33 ++++
 .../CommitStatus/testdata/deleting.yaml       |   5 +
 .../CommitStatus/testdata/failure.yaml        |  14 ++
 .../testdata/no-ready-condition.yaml          |  13 ++
 .../CommitStatus/testdata/no-status.yaml      |   4 +
 .../observed-generation-outdated.yaml         |  12 ++
 .../CommitStatus/testdata/pending.yaml        |  14 ++
 .../testdata/reconcile-error.yaml             |  14 ++
 .../CommitStatus/testdata/success.yaml        |  13 ++
 .../PromotionStrategy/health.lua              | 168 ++++++++++++++++++
 .../PromotionStrategy/health_test.yaml        |  41 +++++
 .../testdata/active-dry-sha-missing.yaml      |  20 +++
 .../testdata/all-healthy.yaml                 |  31 ++++
 .../PromotionStrategy/testdata/deleting.yaml  |  22 +++
 .../testdata/no-environments.yaml             |  13 ++
 .../testdata/no-ready-condition.yaml          |   7 +
 .../PromotionStrategy/testdata/no-status.yaml |   7 +
 .../observed-generation-outdated.yaml         |  12 ++
 .../testdata/progressing-failed-pending.yaml  |  24 +++
 .../testdata/proposed-dry-sha-missing.yaml    |  20 +++
 .../testdata/reconciliation-error.yaml        |  14 ++
 .../PullRequest/health.lua                    |  52 ++++++
 .../PullRequest/health_test.yaml              |  29 +++
 .../PullRequest/testdata/deleting.yaml        |   7 +
 .../testdata/healthy-no-id-or-state.yaml      |  11 ++
 .../testdata/healthy-with-id-and-state.yaml   |  13 ++
 .../testdata/no-ready-condition.yaml          |  11 ++
 .../PullRequest/testdata/no-status.yaml       |   5 +
 .../observed-generation-outdated.yaml         |  11 ++
 .../PullRequest/testdata/reconcile-error.yaml |  13 ++
 util/lua/health_test.go                       |   2 +-
 52 files changed, 1138 insertions(+), 1 deletion(-)
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health.lua
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health_test.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/all-healthy.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/deleting.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-applications.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-ready-condition.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-status.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/observed-generation-outdated.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/reconcile-error.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/active-dry-sha-missing.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/all-healthy.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/deleting.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-ready-condition.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-status.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/observed-generation-outdated.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/progressing-failed-pending.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/proposed-dry-sha-missing.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/reconcile-error.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/health.lua
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/health_test.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/deleting.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/failure.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-ready-condition.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-status.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/observed-generation-outdated.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/pending.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/reconcile-error.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/CommitStatus/testdata/success.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/health.lua
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/health_test.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/active-dry-sha-missing.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/all-healthy.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/deleting.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-environments.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-ready-condition.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-status.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/observed-generation-outdated.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/progressing-failed-pending.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/proposed-dry-sha-missing.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/reconciliation-error.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/health.lua
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/health_test.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/deleting.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-no-id-or-state.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-with-id-and-state.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-ready-condition.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-status.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/observed-generation-outdated.yaml
 create mode 100644 resource_customizations/promoter.argoproj.io/PullRequest/testdata/reconcile-error.yaml

diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health.lua b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health.lua
new file mode 100644
index 0000000000000..1f8f8de686490
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health.lua
@@ -0,0 +1,50 @@
+local hs = {}
+hs.status = "Progressing"
+hs.message = "Initializing Argo CD commit status"
+
+-- Check for deletion timestamp
+if obj.metadata.deletionTimestamp then
+    hs.status = "Progressing"
+    hs.message = "Argo CD commit status is being deleted"
+    return hs
+end
+
+-- Check if status exists
+if not obj.status then
+    return hs
+end
+
+-- Check for reconciliation conditions
+local hasReadyCondition = false
+if obj.status.conditions then
+    for _, condition in ipairs(obj.status.conditions) do
+        if condition.type == "Ready" then
+            hasReadyCondition = true
+            if condition.observedGeneration and obj.metadata.generation and condition.observedGeneration ~= obj.metadata.generation then
+                hs.status = "Progressing"
+                hs.message = "Waiting for Argo CD commit status spec update to be observed"
+                return hs
+            end
+            if condition.status == "False" and condition.reason == "ReconciliationError" then
+                hs.status = "Degraded"
+                hs.message = "Argo CD commit status reconciliation failed: " .. (condition.message or "Unknown error")
+                return hs
+            end
+        end
+    end
+end
+if not hasReadyCondition then
+    hs.status = "Progressing"
+    hs.message = "Argo CD commit status is not ready yet"
+    return hs
+end
+
+if not obj.status.applicationsSelected or #obj.status.applicationsSelected == 0 then
+    hs.status = "Degraded"
+    hs.message = "Argo CD commit status has no applications configured"
+    return hs
+end
+
+hs.status = "Healthy"
+hs.message = "Argo CD commit status is healthy and is tracking " .. #obj.status.applicationsSelected .. " applications"
+return hs
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health_test.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health_test.yaml
new file mode 100644
index 0000000000000..c00c08b9561d9
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/health_test.yaml
@@ -0,0 +1,29 @@
+tests:
+- healthStatus:
+    status: Progressing
+    message: Initializing Argo CD commit status
+  inputPath: testdata/no-status.yaml
+- healthStatus:
+    status: Progressing
+    message: Argo CD commit status is being deleted
+  inputPath: testdata/deleting.yaml
+- healthStatus:
+    status: Progressing
+    message: Waiting for Argo CD commit status spec update to be observed
+  inputPath: testdata/observed-generation-outdated.yaml
+- healthStatus:
+    status: Degraded
+    message: "Argo CD commit status reconciliation failed: Something went wrong"
+  inputPath: testdata/reconcile-error.yaml
+- healthStatus:
+    status: Progressing
+    message: Argo CD commit status is not ready yet
+  inputPath: testdata/no-ready-condition.yaml
+- healthStatus:
+    status: Degraded
+    message: Argo CD commit status has no applications configured
+  inputPath: testdata/no-applications.yaml
+- healthStatus:
+    status: Healthy
+    message: Argo CD commit status is healthy and is tracking 2 applications
+  inputPath: testdata/all-healthy.yaml
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/all-healthy.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/all-healthy.yaml
new file mode 100644
index 0000000000000..5d2ef0f0e1495
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/all-healthy.yaml
@@ -0,0 +1,20 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  applicationsSelected:
+    - name: app1
+      namespace: default
+      phase: success
+      sha: abc1234
+    - name: app2
+      namespace: default
+      phase: success
+      sha: def5678
+
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/deleting.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/deleting.yaml
new file mode 100644
index 0000000000000..e190157ed6b81
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/deleting.yaml
@@ -0,0 +1,5 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
+  deletionTimestamp: "2025-07-04T12:00:00Z"
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-applications.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-applications.yaml
new file mode 100644
index 0000000000000..d8999a1edf3b9
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-applications.yaml
@@ -0,0 +1,12 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  applicationsSelected: []
+
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-ready-condition.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-ready-condition.yaml
new file mode 100644
index 0000000000000..88d5cda2ba90f
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-ready-condition.yaml
@@ -0,0 +1,11 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: SomeOtherCondition
+      status: True
+      observedGeneration: 2
+
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-status.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-status.yaml
new file mode 100644
index 0000000000000..cf06c6151354a
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/no-status.yaml
@@ -0,0 +1,4 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/observed-generation-outdated.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/observed-generation-outdated.yaml
new file mode 100644
index 0000000000000..68fa526adf45c
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/observed-generation-outdated.yaml
@@ -0,0 +1,11 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 1
+
diff --git a/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/reconcile-error.yaml b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/reconcile-error.yaml
new file mode 100644
index 0000000000000..27033a44ec30b
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ArgoCDCommitStatus/testdata/reconcile-error.yaml
@@ -0,0 +1,12 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ArgoCDCommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: "False"
+      reason: ReconciliationError
+      message: Something went wrong
+      observedGeneration: 2
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua
new file mode 100644
index 0000000000000..372f324672cae
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua
@@ -0,0 +1,121 @@
+local hs = {}
+hs.status = "Progressing"
+hs.message = "Initializing change transfer policy"
+
+-- Check for deletion timestamp
+if obj.metadata.deletionTimestamp then
+    hs.status = "Progressing"
+    hs.message = "Change transfer policy is being deleted"
+    return hs
+end
+
+-- Check if status exists
+if not obj.status then
+    return hs
+end
+
+-- Check for reconciliation conditions
+local hasReadyCondition = false
+if obj.status.conditions then
+    for _, condition in ipairs(obj.status.conditions) do
+        if condition.type == "Ready" then
+            hasReadyCondition = true
+            -- Check observedGeneration vs metadata.generation within the reconciliation condition
+            if condition.observedGeneration and obj.metadata.generation and condition.observedGeneration ~= obj.metadata.generation then
+                hs.status = "Progressing"
+                hs.message = "Waiting for change transfer policy spec update to be observed"
+                return hs
+            end
+            if condition.status == "False" and condition.reason == "ReconciliationError" then
+                hs.status = "Degraded"
+                hs.message = "Change transfer policy reconciliation failed: " .. (condition.message or "Unknown error")
+                return hs
+            end
+        end
+    end
+end
+if not hasReadyCondition then
+    hs.status = "Progressing"
+    hs.message = "Change transfer policy is not ready yet"
+    return hs
+end
+
+if not obj.status.active or not obj.status.active.dry or not obj.status.active.dry.sha or obj.status.active.dry.sha == "" then
+    hs.status = "Progressing"
+    hs.message = "The active commit DRY SHA is missing or empty."
+    return hs
+end
+if not obj.status.proposed or not obj.status.proposed.dry or not obj.status.proposed.dry.sha or obj.status.proposed.dry.sha == "" then
+    hs.status = "Progressing"
+    hs.message = "The proposed commit DRY SHA is missing or empty."
+    return hs
+end
+
+-- Helper function to get short SHA
+local function getShortSha(sha)
+    if not sha or sha == "" then
+        return ""
+    end
+    if string.len(sha) > 7 then
+        return string.sub(sha, 1, 7)
+    end
+    return sha
+end
+
+if obj.status.proposed.dry.sha ~= obj.status.active.dry.sha then
+    local pendingCount = 0
+    local successCount = 0
+    local failureCount = 0
+    local pendingKeys = {}
+    local failedKeys = {}
+
+    for _, status in ipairs(obj.status.proposed.commitStatuses or {}) do
+        if status.phase == "pending" then
+            pendingCount = pendingCount + 1
+            table.insert(pendingKeys, status.key)
+        elseif status.phase == "success" then
+            successCount = successCount + 1
+        elseif status.phase == "failure" then
+            failureCount = failureCount + 1
+            table.insert(failedKeys, status.key)
+        end
+    end
+
+    hs.status = "Progressing"
+    hs.message =
+        "Promotion in progress from '" .. getShortSha(obj.status.active.dry.sha) ..
+        "' to '" .. getShortSha(obj.status.proposed.dry.sha) .. "': " ..
+        pendingCount .. " pending, " .. successCount .. " successful, " .. failureCount .. " failed. "
+
+    if pendingCount > 0 then
+        hs.message = hs.message .. "Pending commit statuses: " .. table.concat(pendingKeys, ", ") .. ". "
+    end
+    if failureCount > 0 then
+        hs.message = hs.message .. "Failed commit statuses: " .. table.concat(failedKeys, ", ") .. ". "
+    end
+    return hs
+end
+
+local pendingCount = 0
+local failureCount = 0
+for _, status in ipairs(obj.status.active.commitStatuses or {}) do
+    if status.phase == "pending" then
+        pendingCount = pendingCount + 1
+    elseif status.phase == "failure" then
+        failureCount = failureCount + 1
+    end
+end
+if pendingCount > 0 or failureCount > 0 then
+    local envMessages = {}
+    for branch, counts in pairs(nonSuccessfulEnvironments) do
+        local msg = branch .. " (" .. counts.failure .. " failed, " .. counts.pending .. " pending)"
+        table.insert(envMessages, msg)
+    end
+    hs.status = "Healthy"
+    hs.message = "Environment is up-to-date, but there are non-successful commit statuses: " .. table.concat(envMessages, ", ") .. "."
+    return hs
+end
+
+hs.status = "Healthy"
+hs.message = "Environment is up-to-date on commit " .. getShortSha(obj.status.active.dry.sha) .. "."
+return hs
\ No newline at end of file
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml
new file mode 100644
index 0000000000000..f28ec4800b9e2
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml
@@ -0,0 +1,37 @@
+tests:
+- healthStatus:
+    status: Progressing
+    message: Initializing change transfer policy
+  inputPath: testdata/no-status.yaml
+- healthStatus:
+    status: Progressing
+    message: Change transfer policy is being deleted
+  inputPath: testdata/deleting.yaml
+- healthStatus:
+    status: Progressing
+    message: Waiting for change transfer policy spec update to be observed
+  inputPath: testdata/observed-generation-outdated.yaml
+- healthStatus:
+    status: Degraded
+    message: "Change transfer policy reconciliation failed: Something went wrong"
+  inputPath: testdata/reconcile-error.yaml
+- healthStatus:
+    status: Progressing
+    message: Change transfer policy is not ready yet
+  inputPath: testdata/no-ready-condition.yaml
+- healthStatus:
+    status: Progressing
+    message: The active commit DRY SHA is missing or empty.
+  inputPath: testdata/active-dry-sha-missing.yaml
+- healthStatus:
+    status: Progressing
+    message: The proposed commit DRY SHA is missing or empty.
+  inputPath: testdata/proposed-dry-sha-missing.yaml
+- healthStatus:
+    status: Progressing
+    message: "Promotion in progress from 'abc1234' to 'def5678': 1 pending, 0 successful, 1 failed. Pending commit statuses: test-pending. Failed commit statuses: test-failed. "
+  inputPath: testdata/progressing-failed-pending.yaml
+- healthStatus:
+    status: Healthy
+    message: "Environment is up-to-date on commit abc1234."
+  inputPath: testdata/all-healthy.yaml
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/active-dry-sha-missing.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/active-dry-sha-missing.yaml
new file mode 100644
index 0000000000000..6c7ba6c233bf5
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/active-dry-sha-missing.yaml
@@ -0,0 +1,18 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  active:
+    dry: {}
+    commitStatuses: []
+  proposed:
+    dry:
+      sha: abc1234
+    commitStatuses: []
+
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/all-healthy.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/all-healthy.yaml
new file mode 100644
index 0000000000000..65c21988a227a
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/all-healthy.yaml
@@ -0,0 +1,19 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  active:
+    dry:
+      sha: abc1234
+    commitStatuses: []
+  proposed:
+    dry:
+      sha: abc1234
+    commitStatuses: []
+
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/deleting.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/deleting.yaml
new file mode 100644
index 0000000000000..76e180fd77809
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/deleting.yaml
@@ -0,0 +1,5 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  deletionTimestamp: "2025-07-04T12:00:00Z"
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-ready-condition.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-ready-condition.yaml
new file mode 100644
index 0000000000000..511d0d2894f14
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-ready-condition.yaml
@@ -0,0 +1,10 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: SomeOtherCondition
+      status: True
+      observedGeneration: 2
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-status.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-status.yaml
new file mode 100644
index 0000000000000..4454a30b3c1b6
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/no-status.yaml
@@ -0,0 +1,4 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/observed-generation-outdated.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/observed-generation-outdated.yaml
new file mode 100644
index 0000000000000..c178b671ffdf9
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/observed-generation-outdated.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  branch: main
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 1
+
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/progressing-failed-pending.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/progressing-failed-pending.yaml
new file mode 100644
index 0000000000000..8e453a17c4314
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/progressing-failed-pending.yaml
@@ -0,0 +1,22 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  active:
+    dry:
+      sha: abc1234
+    commitStatuses: []
+  proposed:
+    dry:
+      sha: def5678
+    commitStatuses:
+      - key: test-pending
+        phase: pending
+      - key: test-failed
+        phase: failure
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/proposed-dry-sha-missing.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/proposed-dry-sha-missing.yaml
new file mode 100644
index 0000000000000..7ec061291fff0
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/proposed-dry-sha-missing.yaml
@@ -0,0 +1,18 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  active:
+    dry:
+      sha: abc1234
+    commitStatuses: []
+  proposed:
+    dry: {}
+    commitStatuses: []
+
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/reconcile-error.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/reconcile-error.yaml
new file mode 100644
index 0000000000000..4179051c80fe4
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/reconcile-error.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: "False"
+      reason: ReconciliationError
+      message: Something went wrong
+      observedGeneration: 2
+
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/health.lua b/resource_customizations/promoter.argoproj.io/CommitStatus/health.lua
new file mode 100644
index 0000000000000..0150d3de53e29
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/health.lua
@@ -0,0 +1,50 @@
+local hs = {}
+hs.status = "Progressing"
+hs.message = "Initializing commit status"
+
+-- Check for deletion timestamp
+if obj.metadata.deletionTimestamp then
+    hs.status = "Progressing"
+    hs.message = "Commit status is being deleted"
+    return hs
+end
+
+-- Check if status exists
+if not obj.status then
+    return hs
+end
+
+-- Check for reconciliation conditions
+local hasReadyCondition = false
+if obj.status.conditions then
+    for _, condition in ipairs(obj.status.conditions) do
+        if condition.type == "Ready" then
+            hasReadyCondition = true
+            if condition.observedGeneration and obj.metadata.generation and condition.observedGeneration ~= obj.metadata.generation then
+                hs.status = "Progressing"
+                hs.message = "Waiting for commit status spec update to be observed"
+                return hs
+            end
+            if condition.status == "False" and condition.reason == "ReconciliationError" then
+                hs.status = "Degraded"
+                hs.message = "Commit status reconciliation failed: " .. (condition.message or "Unknown error")
+                return hs
+            end
+        end
+    end
+end
+if not hasReadyCondition then
+    hs.status = "Progressing"
+    hs.message = "Commit status is not ready yet"
+    return hs
+end
+
+if not obj.status.sha or not obj.status.phase then
+    hs.status = "Healthy"
+    hs.message = "Commit status is healthy"
+    return hs
+end
+
+hs.status = "Healthy"
+hs.message = "Commit status for commit " .. obj.status.sha .. " reports " .. obj.status.phase
+return hs
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/health_test.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/health_test.yaml
new file mode 100644
index 0000000000000..f64d63703c589
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/health_test.yaml
@@ -0,0 +1,33 @@
+tests:
+- healthStatus:
+    status: Progressing
+    message: Initializing commit status
+  inputPath: testdata/no-status.yaml
+- healthStatus:
+    status: Progressing
+    message: Commit status is being deleted
+  inputPath: testdata/deleting.yaml
+- healthStatus:
+    status: Progressing
+    message: Waiting for commit status spec update to be observed
+  inputPath: testdata/observed-generation-outdated.yaml
+- healthStatus:
+    status: Degraded
+    message: "Commit status reconciliation failed: Something went wrong"
+  inputPath: testdata/reconcile-error.yaml
+- healthStatus:
+    status: Progressing
+    message: Commit status is not ready yet
+  inputPath: testdata/no-ready-condition.yaml
+- healthStatus:
+    status: Healthy
+    message: "Commit status for commit abc1234 reports success"
+  inputPath: testdata/success.yaml
+- healthStatus:
+    status: Healthy
+    message: "Commit status for commit abc1234 reports pending"
+  inputPath: testdata/pending.yaml
+- healthStatus:
+    status: Healthy
+    message: "Commit status for commit abc1234 reports failure"
+  inputPath: testdata/failure.yaml
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/deleting.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/deleting.yaml
new file mode 100644
index 0000000000000..8bccbaf446c6d
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/deleting.yaml
@@ -0,0 +1,5 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  deletionTimestamp: "2025-07-04T12:00:00Z"
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/failure.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/failure.yaml
new file mode 100644
index 0000000000000..9fd1bea05053d
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/failure.yaml
@@ -0,0 +1,14 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  id: test-2
+  sha: abc1234
+  phase: failure
+
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-ready-condition.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-ready-condition.yaml
new file mode 100644
index 0000000000000..fd3026b731fa0
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-ready-condition.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: SomeOtherCondition
+      status: True
+      observedGeneration: 2
+  id: test-2
+  sha: abc1234
+
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-status.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-status.yaml
new file mode 100644
index 0000000000000..999f3f974cc3c
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/no-status.yaml
@@ -0,0 +1,4 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/observed-generation-outdated.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/observed-generation-outdated.yaml
new file mode 100644
index 0000000000000..033a87e6bc1c4
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/observed-generation-outdated.yaml
@@ -0,0 +1,12 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 1
+  id: test-2
+  sha: abc1234
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/pending.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/pending.yaml
new file mode 100644
index 0000000000000..e03d2965140be
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/pending.yaml
@@ -0,0 +1,14 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  id: test-2
+  sha: abc1234
+  phase: pending
+
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/reconcile-error.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/reconcile-error.yaml
new file mode 100644
index 0000000000000..d05e0945a33b5
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/reconcile-error.yaml
@@ -0,0 +1,14 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: "False"
+      reason: ReconciliationError
+      message: Something went wrong
+      observedGeneration: 2
+  id: test-2
+  sha: abc1234
diff --git a/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/success.yaml b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/success.yaml
new file mode 100644
index 0000000000000..6daa7021a6549
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/CommitStatus/testdata/success.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: CommitStatus
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  id: test-2
+  sha: abc1234
+  phase: success
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/health.lua b/resource_customizations/promoter.argoproj.io/PromotionStrategy/health.lua
new file mode 100644
index 0000000000000..01ac190b5bba7
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/health.lua
@@ -0,0 +1,168 @@
+local hs = {}
+hs.status = "Progressing"
+hs.message = "Initializing promotion strategy"
+
+-- Check for deletion timestamp
+if obj.metadata.deletionTimestamp then
+    hs.status = "Progressing"
+    hs.message = "Promotion strategy is being deleted"
+    return hs
+end
+
+-- Check if status exists
+if not obj.status then
+    return hs
+end
+
+-- Check for reconciliation conditions
+local hasReadyCondition = false
+if obj.status.conditions then
+    for _, condition in ipairs(obj.status.conditions) do
+        if condition.type == "Ready" then
+            hasReadyCondition = true
+            -- Check observedGeneration vs metadata.generation within the reconciliation condition
+            if condition.observedGeneration and obj.metadata.generation and condition.observedGeneration ~= obj.metadata.generation then
+                hs.status = "Progressing"
+                hs.message = "Waiting for promotion strategy spec update to be observed"
+                return hs
+            end
+            if condition.status == "False" and condition.reason == "ReconciliationError" then
+                hs.status = "Degraded"
+                hs.message = "Promotion strategy reconciliation failed: " .. (condition.message or "Unknown error")
+                return hs
+            end
+        end
+    end
+end
+
+-- If no Ready condition is found, return Progressing status
+if not hasReadyCondition then
+    hs.status = "Progressing"
+    hs.message = "Promotion strategy is not ready yet"
+    return hs
+end
+
+if not obj.status.environments or #obj.status.environments == 0 then
+    hs.status = "Degraded"
+    hs.message = "Promotion strategy has no environments configured"
+    return hs
+end
+
+-- Make sure there's a fully-populated status for both active and proposed commits in all environments. If anything is
+-- missing or empty, return a Progressing status.
+for _, env in ipairs(obj.status.environments) do
+    if not env.active or not env.active.dry or not env.active.dry.sha or env.active.dry.sha == "" then
+        hs.status = "Progressing"
+        hs.message = "The active commit DRY SHA is missing or empty in environment '" .. env.branch .. "'."
+        return hs
+    end
+    if not env.proposed or not env.proposed.dry or not env.proposed.dry.sha or env.proposed.dry.sha == "" then
+        hs.status = "Progressing"
+        hs.message = "The proposed commit DRY SHA is missing or empty in environment '" .. env.branch .. "'."
+        return hs
+    end
+end
+
+-- Check if all the proposed environments have the same proposed commit dry sha. If not, return a Progressing status.
+local proposedSha = obj.status.environments[1].proposed.dry.sha  -- Don't panic, Lua is 1-indexed.
+for _, env in ipairs(obj.status.environments) do
+    if env.proposed.dry.sha ~= proposedSha then
+        hs.status = "Progressing"
+        hs.status = "Not all environments have the same proposed commit SHA. This likely means the hydrator has not run for all environments yet."
+        return hs
+    end
+end
+
+-- Helper function to get short SHA
+local function getShortSha(sha)
+    if not sha or sha == "" then
+        return ""
+    end
+    if string.len(sha) > 7 then
+        return string.sub(sha, 1, 7)
+    end
+    return sha
+end
+
+-- Find the first environment with a proposed commit dry sha that doesn't match the active one. Loop over its commit
+-- statuses and build a summary about how many are pending, successful, or failed. Return a Progressing status for this
+-- in-progress environment.
+for _, env in ipairs(obj.status.environments) do
+    if env.proposed.dry.sha ~= env.active.dry.sha then
+        local pendingCount = 0
+        local successCount = 0
+        local failureCount = 0
+        local pendingKeys = {}
+        local failedKeys = {}
+
+        -- pending, success, and failure are the only possible values
+        -- https://github.com/argoproj-labs/gitops-promoter/blob/c58d55ef52f86ff84e4f8fa35d2edba520886e3b/api/v1alpha1/commitstatus_types.go#L44
+        for _, status in ipairs(env.proposed.commitStatuses or {}) do
+            if status.phase == "pending" then
+                pendingCount = pendingCount + 1
+                table.insert(pendingKeys, status.key)
+            elseif status.phase == "success" then
+                successCount = successCount + 1
+            elseif status.phase == "failure" then
+                failureCount = failureCount + 1
+                table.insert(failedKeys, status.key)
+            end
+        end
+
+        hs.status = "Progressing"
+        hs.message =
+            "Promotion in progress for environment '" .. env.branch ..
+            "' from '" .. getShortSha(env.active.dry.sha) ..
+            "' to '" .. getShortSha(env.proposed.dry.sha) .. "': " ..
+            pendingCount .. " pending, " .. successCount .. " successful, " .. failureCount .. " failed. "
+
+        if pendingCount > 0 then
+            hs.message = hs.message .. "Pending commit statuses: " .. table.concat(pendingKeys, ", ") .. ". "
+        end
+        if failureCount > 0 then
+            hs.message = hs.message .. "Failed commit statuses: " .. table.concat(failedKeys, ", ") .. ". "
+        end
+        return hs
+    end
+end
+
+-- Check all environments for active commit statuses that aren't successful. For each environment with a non-successful
+-- commit status, get a count of how many aren't successful. Write a summary of non-successful environments.
+local nonSuccessfulEnvironments = {}
+for _, env in ipairs(obj.status.environments) do
+    local pendingCount = 0
+    local failureCount = 0
+
+    for _, status in ipairs(env.active.commitStatuses or {}) do
+        if status.phase == "pending" then
+            pendingCount = pendingCount + 1
+        elseif status.phase == "failure" then
+            failureCount = failureCount + 1
+        end
+    end
+
+    if pendingCount > 0 or failureCount > 0 then
+        nonSuccessfulEnvironments[env.branch] = {
+            pending = pendingCount,
+            failure = failureCount,
+        }
+    end
+end
+
+if next(nonSuccessfulEnvironments) then
+    local envMessages = {}
+    for branch, counts in pairs(nonSuccessfulEnvironments) do
+        local msg = branch .. " (" .. counts.failure .. " failed, " .. counts.pending .. " pending)"
+        table.insert(envMessages, msg)
+    end
+    hs.status = "Healthy"
+    hs.message = "Environments are up-to-date, but some environments have non-successful commit statuses: " .. table.concat(envMessages, ", ") .. "."
+    return hs
+end
+
+
+-- If all environments have the same proposed commit dry sha as the active one, we can consider the promotion strategy
+-- healthy. This means all environments are in sync and no further action is needed.
+hs.status = "Healthy"
+hs.message = "All environments are up-to-date on commit '" .. getShortSha(obj.status.environments[1].proposed.dry.sha) .. "'."
+return hs
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/health_test.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/health_test.yaml
new file mode 100644
index 0000000000000..3417947839250
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/health_test.yaml
@@ -0,0 +1,41 @@
+tests:
+- healthStatus:
+    status: Progressing
+    message: Initializing promotion strategy
+  inputPath: testdata/no-status.yaml
+- healthStatus:
+    status: Progressing
+    message: Promotion strategy is being deleted
+  inputPath: testdata/deleting.yaml
+- healthStatus:
+    status: Progressing
+    message: Promotion strategy is not ready yet
+  inputPath: testdata/no-ready-condition.yaml
+- healthStatus:
+    status: Progressing
+    message: Waiting for promotion strategy spec update to be observed
+  inputPath: testdata/observed-generation-outdated.yaml
+- healthStatus:
+    status: Degraded
+    message: "Promotion strategy reconciliation failed: Something went wrong"
+  inputPath: testdata/reconciliation-error.yaml
+- healthStatus:
+    status: Degraded
+    message: Promotion strategy has no environments configured
+  inputPath: testdata/no-environments.yaml
+- healthStatus:
+    status: Progressing
+    message: The active commit DRY SHA is missing or empty in environment 'dev'.
+  inputPath: testdata/active-dry-sha-missing.yaml
+- healthStatus:
+    status: Progressing
+    message: "The proposed commit DRY SHA is missing or empty in environment 'dev'."
+  inputPath: testdata/proposed-dry-sha-missing.yaml
+- healthStatus:
+    status: Progressing
+    message: "Promotion in progress for environment 'dev' from 'abc1234' to 'def5678': 1 pending, 0 successful, 1 failed. Pending commit statuses: test-pending. Failed commit statuses: test-failed. "
+  inputPath: testdata/progressing-failed-pending.yaml
+- healthStatus:
+    status: Healthy
+    message: All environments are up-to-date on commit 'abc1234'.
+  inputPath: testdata/all-healthy.yaml
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/active-dry-sha-missing.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/active-dry-sha-missing.yaml
new file mode 100644
index 0000000000000..1711ec6c468f2
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/active-dry-sha-missing.yaml
@@ -0,0 +1,20 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  environments:
+    - branch: dev
+      active:
+        dry: {}
+        commitStatuses: []
+      proposed:
+        dry:
+          sha: abc1234
+        commitStatuses: []
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/all-healthy.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/all-healthy.yaml
new file mode 100644
index 0000000000000..e65b9e0497574
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/all-healthy.yaml
@@ -0,0 +1,31 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  environments:
+    - branch: dev
+      active:
+        dry:
+          sha: abc1234
+        commitStatuses: []
+      proposed:
+        dry:
+          sha: abc1234
+        commitStatuses: []
+    - branch: prod
+      active:
+        dry:
+          sha: abc1234
+        commitStatuses: []
+      proposed:
+        dry:
+          sha: abc1234
+        commitStatuses: []
+
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/deleting.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/deleting.yaml
new file mode 100644
index 0000000000000..252023be26a1d
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/deleting.yaml
@@ -0,0 +1,22 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+  deletionTimestamp: "2025-07-04T12:00:00Z"
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  environments:
+    - branch: dev
+      active:
+        dry:
+          sha: abc1234
+        commitStatuses: []
+      proposed:
+        dry:
+          sha: abc1234
+        commitStatuses: []
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-environments.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-environments.yaml
new file mode 100644
index 0000000000000..95c96bc20df7f
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-environments.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  environments: []
+
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-ready-condition.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-ready-condition.yaml
new file mode 100644
index 0000000000000..b58b81815d059
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-ready-condition.yaml
@@ -0,0 +1,7 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status: {}
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-status.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-status.yaml
new file mode 100644
index 0000000000000..08e0b3b97afa7
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/no-status.yaml
@@ -0,0 +1,7 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/observed-generation-outdated.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/observed-generation-outdated.yaml
new file mode 100644
index 0000000000000..e600347414592
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/observed-generation-outdated.yaml
@@ -0,0 +1,12 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: Unknown
+      observedGeneration: 1
+
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/progressing-failed-pending.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/progressing-failed-pending.yaml
new file mode 100644
index 0000000000000..e0a021527b5d4
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/progressing-failed-pending.yaml
@@ -0,0 +1,24 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  environments:
+    - branch: dev
+      active:
+        dry:
+          sha: abc1234
+      proposed:
+        dry:
+          sha: def5678
+        commitStatuses:
+          - key: test-failed
+            phase: failure
+          - key: test-pending
+            phase: pending
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/proposed-dry-sha-missing.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/proposed-dry-sha-missing.yaml
new file mode 100644
index 0000000000000..ce536ce724e51
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/proposed-dry-sha-missing.yaml
@@ -0,0 +1,20 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  environments:
+    - branch: dev
+      active:
+        dry:
+          sha: abc1234
+        commitStatuses: []
+      proposed:
+        dry: {}
+        commitStatuses: []
diff --git a/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/reconciliation-error.yaml b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/reconciliation-error.yaml
new file mode 100644
index 0000000000000..9563408c99007
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PromotionStrategy/testdata/reconciliation-error.yaml
@@ -0,0 +1,14 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PromotionStrategy
+metadata:
+  name: test
+  generation: 2
+spec: {}
+status:
+  conditions:
+    - type: Ready
+      status: "False"
+      reason: ReconciliationError
+      message: Something went wrong
+      observedGeneration: 2
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/health.lua b/resource_customizations/promoter.argoproj.io/PullRequest/health.lua
new file mode 100644
index 0000000000000..33903483d5340
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/health.lua
@@ -0,0 +1,52 @@
+local hs = {}
+hs.status = "Progressing"
+hs.message = "Initializing pull request"
+
+-- Check for deletion timestamp
+if obj.metadata.deletionTimestamp then
+    hs.status = "Progressing"
+    hs.message = "Pull request is being deleted"
+    return hs
+end
+
+-- Check if status exists
+if not obj.status then
+    return hs
+end
+
+-- Check for reconciliation conditions
+local hasReadyCondition = false
+if obj.status.conditions then
+    for _, condition in ipairs(obj.status.conditions) do
+        if condition.type == "Reconciled" or condition.type == "Ready" then
+            hasReadyCondition = true
+            -- Check observedGeneration vs metadata.generation within the reconciliation condition
+            if condition.observedGeneration and obj.metadata.generation and condition.observedGeneration ~= obj.metadata.generation then
+                hs.status = "Progressing"
+                hs.message = "Waiting for pull request spec update to be observed"
+                return hs
+            end
+            if condition.status == "False" and (condition.reason == "ReconcileError" or condition.reason == "Failed") then
+                hs.status = "Degraded"
+                hs.message = "Pull request reconciliation failed: " .. (condition.message or "Unknown error")
+                return hs
+            end
+        end
+    end
+end
+if not hasReadyCondition then
+    hs.status = "Progressing"
+    hs.message = "Pull request is not ready yet"
+    return hs
+end
+
+-- This shouldn't happen, but if the condition says reconciliation succeeded, just trust it.
+if not obj.status.id or not obj.status.state then
+    hs.status = "Healthy"
+    hs.message = "Pull request is healthy"
+    return hs
+end
+
+hs.status = "Healthy"
+hs.message = "Pull request is " .. obj.status.state .. " as PR " .. obj.status.id
+return hs
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/health_test.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/health_test.yaml
new file mode 100644
index 0000000000000..f094118da7e2b
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/health_test.yaml
@@ -0,0 +1,29 @@
+tests:
+- healthStatus:
+    status: Progressing
+    message: Initializing pull request
+  inputPath: testdata/no-status.yaml
+- healthStatus:
+    status: Progressing
+    message: Pull request is being deleted
+  inputPath: testdata/deleting.yaml
+- healthStatus:
+    status: Progressing
+    message: Waiting for pull request spec update to be observed
+  inputPath: testdata/observed-generation-outdated.yaml
+- healthStatus:
+    status: Degraded
+    message: "Pull request reconciliation failed: Something went wrong"
+  inputPath: testdata/reconcile-error.yaml
+- healthStatus:
+    status: Progressing
+    message: Pull request is not ready yet
+  inputPath: testdata/no-ready-condition.yaml
+- healthStatus:
+    status: Healthy
+    message: Pull request is healthy
+  inputPath: testdata/healthy-no-id-or-state.yaml
+- healthStatus:
+    status: Healthy
+    message: Pull request is open as PR 123
+  inputPath: testdata/healthy-with-id-and-state.yaml
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/deleting.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/deleting.yaml
new file mode 100644
index 0000000000000..fb0c972d50ad4
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/deleting.yaml
@@ -0,0 +1,7 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+  deletionTimestamp: "2025-07-04T12:00:00Z"
+status: {}
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-no-id-or-state.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-no-id-or-state.yaml
new file mode 100644
index 0000000000000..b9d8f32a6bea7
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-no-id-or-state.yaml
@@ -0,0 +1,11 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-with-id-and-state.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-with-id-and-state.yaml
new file mode 100644
index 0000000000000..ab7fdc4b8f3c5
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/healthy-with-id-and-state.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 2
+  id: "123"
+  state: open
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-ready-condition.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-ready-condition.yaml
new file mode 100644
index 0000000000000..a555893840954
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-ready-condition.yaml
@@ -0,0 +1,11 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: SomeOtherCondition
+      status: True
+      observedGeneration: 2
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-status.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-status.yaml
new file mode 100644
index 0000000000000..266e49f17eb5e
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/no-status.yaml
@@ -0,0 +1,5 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/observed-generation-outdated.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/observed-generation-outdated.yaml
new file mode 100644
index 0000000000000..7920794a2c1e6
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/observed-generation-outdated.yaml
@@ -0,0 +1,11 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: True
+      observedGeneration: 1
+
diff --git a/resource_customizations/promoter.argoproj.io/PullRequest/testdata/reconcile-error.yaml b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/reconcile-error.yaml
new file mode 100644
index 0000000000000..780df2ad7f89d
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/PullRequest/testdata/reconcile-error.yaml
@@ -0,0 +1,13 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: PullRequest
+metadata:
+  name: test
+  generation: 2
+status:
+  conditions:
+    - type: Ready
+      status: "False"
+      reason: ReconcileError
+      message: Something went wrong
+      observedGeneration: 2
+
diff --git a/util/lua/health_test.go b/util/lua/health_test.go
index a546f80b84204..3f97da49c9bee 100644
--- a/util/lua/health_test.go
+++ b/util/lua/health_test.go
@@ -47,7 +47,7 @@ func TestLuaHealthScript(t *testing.T) {
 		require.NoError(t, err)
 		for i := range resourceTest.Tests {
 			test := resourceTest.Tests[i]
-			t.Run(test.InputPath, func(t *testing.T) {
+			t.Run(filepath.Join(strings.TrimPrefix(dir, "../../resource_customizations/"), test.InputPath), func(t *testing.T) {
 				vm := VM{
 					UseOpenLibs: true,
 				}

From d56a1337b55d5655d6a40c1cdd5e2ff111d15e62 Mon Sep 17 00:00:00 2001
From: Regina Voloshin <regina.voloshin@codefresh.io>
Date: Tue, 22 Jul 2025 19:09:00 +0300
Subject: [PATCH 172/383] docs: Improve developer guide (#23669)

Signed-off-by: reggie-k <regina.voloshin@codefresh.io>
Signed-off-by: Regina Voloshin <regina.voloshin@codefresh.io>
Co-authored-by: Dan Garfield <dan@codefresh.io>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../contributors-quickstart.md                | 214 ------------
 docs/developer-guide/debugging-locally.md     | 146 ++++++++
 docs/developer-guide/dependencies.md          |  62 +++-
 docs/developer-guide/development-cycle.md     | 119 +++++++
 .../development-environment.md                | 120 +++++++
 docs/developer-guide/index.md                 |  97 +++++-
 docs/developer-guide/mac-users.md             |  20 ++
 docs/developer-guide/running-locally.md       | 169 ++++-----
 docs/developer-guide/submit-your-pr.md        |  86 +++++
 docs/developer-guide/toolchain-guide.md       | 321 +++---------------
 docs/developer-guide/use-gitpod.md            |   2 +-
 mkdocs.yml                                    |   6 +-
 12 files changed, 781 insertions(+), 581 deletions(-)
 delete mode 100644 docs/developer-guide/contributors-quickstart.md
 create mode 100644 docs/developer-guide/debugging-locally.md
 create mode 100644 docs/developer-guide/development-cycle.md
 create mode 100644 docs/developer-guide/development-environment.md
 create mode 100644 docs/developer-guide/mac-users.md
 create mode 100644 docs/developer-guide/submit-your-pr.md

diff --git a/docs/developer-guide/contributors-quickstart.md b/docs/developer-guide/contributors-quickstart.md
deleted file mode 100644
index 3a9de03de88d1..0000000000000
--- a/docs/developer-guide/contributors-quickstart.md
+++ /dev/null
@@ -1,214 +0,0 @@
-# Contributors Quick-Start 
-
-This guide is a starting point for first-time contributors running Argo CD locally for the first time.
-
-It skips advanced topics such as codegen, which are covered in the [running locally guide](running-locally.md)
-and the [toolchain guide](toolchain-guide.md).
-
-## Getting Started
-
-### Prerequisites
-
-Before starting, ensure you have the following tools installed with the specified minimum versions:
-
-* Git (v2.0.0+)
-* Go (version specified in `go.mod` - check with `go version`)
-* Docker (v20.10.0+) Or Podman (v3.0.0+)
-* Kind (v0.11.0+) Or Minikube (v1.23.0+)
-* Yarn (v1.22.0+)
-* Goreman (latest version)
-
-### Fork and Clone the Repository
-
-1. Fork the Argo CD repository to your personal GitHub Account
-
-2. Clone the forked repository:
-```shell
-git clone https://github.com/YOUR-USERNAME/argo-cd.git
-```
-
-Please note that the local build process uses GOPATH and that path should not be used, unless the Argo CD repository was directly cloned in it.
-
-3. Add the upstream remote for rebasing:
-```shell
-cd argo-cd
-git remote add upstream https://github.com/argoproj/argo-cd.git
-```
-
-### Install Required Tools
-
-1. Install development tools:
-```shell
-make install-go-tools-local
-make install-codegen-tools-local
-```
-
-### Install Go
-
-<https://go.dev/doc/install/>
-
-Install Go with a version equal to or greater than the version listed in `go.mod` (verify go version with `go version`). 
-
-
-### Install Docker or Podman
-
-#### Installation guide for docker:
-
-<https://docs.docker.com/engine/install/>
-
-#### Installation guide for podman:
-
-<https://podman.io/docs/installation>
-
-### Install or Upgrade a Tool for Running Local Clusters (e.g. kind or minikube)
-
-#### Installation guide for kind:
-
-<https://kind.sigs.k8s.io/docs/user/quick-start/>
-
-#### Installation guide for minikube:
-
-<https://minikube.sigs.k8s.io/docs/start/>
-
-### Start Your Local Cluster
-
-For example, if you are using kind:
-```shell
-kind create cluster
-```
-
-Or, if you are using minikube:
-
-```shell
-minikube start
-```
-
-Or, if you are using minikube with podman driver:
-
-```shell
-minikube start --driver=podman
-```
-
-### Install Argo CD
-
-```shell
-kubectl create namespace argocd &&
-kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
-```
-
-Set kubectl config to avoid specifying the namespace in every kubectl command.  
-All following commands in this guide assume the namespace is already set.
-
-```shell
-kubectl config set-context --current --namespace=argocd
-```
-
-### Install `yarn`
-
-<https://classic.yarnpkg.com/lang/en/docs/install/>
-
-### Install `goreman`
-
-<https://github.com/mattn/goreman#getting-started>
-
-### Run Argo CD
-
-```shell
-cd argo-cd
-make start-local ARGOCD_GPG_ENABLED=false
-```
-
-By default, Argo CD uses Docker. To use Podman instead, set the `DOCKER` environment variable to `podman` before running the `make` command:
-
-```shell
-cd argo-cd
-DOCKER=podman make start-local ARGOCD_GPG_ENABLED=false
-```
-
-- Navigate to [localhost:4000](http://localhost:4000) in your browser to load the Argo CD UI
-- It may take a few minutes for the UI to be responsive
-
-!!! note
-    If the UI is not working, check the logs from `make start-local`. The logs are `DEBUG` level by default. If the logs are
-    too noisy to find the problem, try editing log levels for the commands in the `Procfile` in the root of the Argo CD repo.
-
-## Common Make Targets
-
-Here are some frequently used make targets (all will run on your machine):
-
-### Local Toolchain Make Targets
-
-* `make build-local` - Build Argo CD binaries
-* `make test-local` - Run unit tests
-* `make codegen-local` - Re-generate auto generated Swagger and Protobuf (after changing API code)
-* `make lint-local` - Run linting
-* `make pre-commit-local` - Run pre-commit checks
-* `make start-e2e-local` - Start server for end-to-end tests
-* `make test-e2e-local` - Run end-to-end tests
-* `make serve-docs-local` - Serve documentation
-* `make start-local` - Start Argo CD
-
-### Virtualized Toolchain Make Targets
-
-* `make build` - Build Argo CD binaries
-* `make test` - Run unit tests
-* `make codegen` - Re-generate auto generated Swagger and Protobuf (after changing API code)
-* `make lint` - Run linting
-* `make pre-commit` - Run pre-commit checks
-* `make start-e2e` - Start server for end-to-end tests
-* `make test-e2e` - Run end-to-end tests
-* `make serve-docs` - Serve documentation
-* `make start` - Start Argo CD
-
-## Making Changes
-
-### Before Submitting a PR
-
-1. Rebase your branch against upstream main:
-```shell
-git fetch upstream
-git rebase upstream/main
-```
-
-2. Run pre-commit checks:
-```shell
-make pre-commit-local
-```
-
-### Docs Changes
-
-Modifying the docs auto-reloads the changes on the [documentation website](https://argo-cd.readthedocs.io/) that can be locally built using `make serve-docs` command. 
-Once running, you can view your locally built documentation on port 8000.
-
-Read more about this [here](https://argo-cd.readthedocs.io/en/latest/developer-guide/docs-site/).
-
-### UI Changes
-
-Modifying the User-Interface (by editing .tsx or .scss files) auto-reloads the changes on port 4000.
-
-### Backend Changes
-
-Modifying the API server, repo server, or a controller requires restarting the current `make start-local` session to reflect the changes.
-
-### CLI Changes
-
-Modifying the CLI requires restarting the current `make start-local` session to reflect the changes.
-
-To test most CLI commands, you will need to log in.
-
-First, get the auto-generated secret:
-
-```shell
-kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
-```
-
-Then log in using that password and username `admin`:
-
-```shell
-dist/argocd login localhost:8080
-```
-
----
-Congrats on making it to the end of this runbook! 🚀
-
-For more on Argo CD, find us in Slack - <https://slack.cncf.io/> [#argo-contributors](https://cloud-native.slack.com/archives/C020XM04CUW)
diff --git a/docs/developer-guide/debugging-locally.md b/docs/developer-guide/debugging-locally.md
new file mode 100644
index 0000000000000..0f3aee52d9129
--- /dev/null
+++ b/docs/developer-guide/debugging-locally.md
@@ -0,0 +1,146 @@
+# Debugging a local Argo CD instance
+
+## Prerequisites
+1. [Development Environment](development-environment.md)   
+2. [Toolchain Guide](toolchain-guide.md)
+3. [Development Cycle](development-cycle.md)
+4. [Running Locally](running-locally.md)
+
+## Preface
+Please make sure you are familiar with running Argo CD locally using the [local toolchain](running-locally.md#start-local-services-local-toolchain).
+
+When running Argo CD locally for manual tests, the quickest way to do so is to run all the Argo CD components together, as described in [Running Locally](running-locally.md), 
+
+However, when you need to debug a single Argo CD component (for example, `api-server`, `repo-server`, etc), you will need to run this component separately in your IDE, using your IDE launch and debug configuration, while the other components will be running as described previously, using the local toolchain.
+
+For the next steps, we will use Argo CD `api-server` as an example of running a component in an IDE.
+
+## Configure your IDE
+
+### Locate your component configuration in `Procfile`
+The `Procfile` is used by Goreman when running Argo CD locally with the local toolchain. The file is located in the top-level directory in your cloned Argo CD repo folder, you can view it's latest version [here](https://github.com/argoproj/argo-cd/blob/master/Procfile). It contains all the needed component run configuration, and you will need to copy parts of this configuration to your IDE. 
+
+Example for `api-server` configuration in `Procfile`:
+``` text
+api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --hydrator-enabled=${ARGOCD_HYDRATOR_ENABLED:='false'}"
+```
+This configuration example will be used as the basis for the next steps.
+
+!!! note
+    The Procfile for a component may change with time. Please go through the Procfile and make sure you use the latest configuration for debugging.
+
+### Configure component env variables
+The component that you will run in your IDE for debugging (`api-server` in our case) will need env variables. Copy the env variables from `Procfile`, located in the `argo-cd` root folder of your development branch. The env variables are located before the `$COMMAND` section in the `sh -c` section of the component run command.
+You can keep them in `.env` file and then have the IDE launch configuration point to that file. Obviously, you can adjust the env variables to your needs when debugging a specific configuration.
+
+Example for an `api-server.env` file:
+``` bash
+ARGOCD_BINARY_NAME=argocd-server
+ARGOCD_FAKE_IN_CLUSTER=true
+ARGOCD_GNUPGHOME=/tmp/argocd-local/gpg/keys
+ARGOCD_GPG_DATA_PATH=/tmp/argocd-local/gpg/source
+ARGOCD_GPG_ENABLED=false
+ARGOCD_LOG_FORMAT_ENABLE_FULL_TIMESTAMP=1
+ARGOCD_SSH_DATA_PATH=/tmp/argocd-local/ssh
+ARGOCD_TLS_DATA_PATH=/tmp/argocd-local/tls
+ARGOCD_TRACING_ENABLED=1
+FORCE_LOG_COLORS=1
+KUBECONFIG=/Users/<YOUR_USERNAME>/.kube/config # Must be an absolute full path
+... 
+# and so on, for example: when you test the app-in-any-namespace feature, 
+# you'll need to add ARGOCD_APPLICATION_NAMESPACES to this list 
+# only for testing this functionality and remove it afterwards.
+```
+
+### Install DotENV / EnvFile plugin
+Using the market place / plugin manager of your IDE. The below example configurations require the plugin to be installed.
+
+
+### Configure component IDE launch configuration
+#### VSCode example
+Next, you will need to create a launch configuration, with the relevant args. Copy the args from `Procfile`, located in the `argo-cd` root folder of your development branch. The args are located after the `$COMMAND` section in the `sh -c` section of the component run command.
+Example for an `api-server` launch configuration, based on our above example for `api-server` configuration in `Procfile`: 
+``` json
+    {
+      "name": "api-server",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "YOUR_CLONED_ARGO_CD_REPO_PATH/argo-cd/cmd",
+      "args": [
+        "--loglevel",
+        "debug",
+        "--redis",
+        "localhost:6379",
+        "--repo-server",
+        "localhost:8081",
+        "--dex-server",
+        "http://localhost:5556",
+        "--port",
+        "8080",
+        "--insecure"
+      ],
+      "envFile": "YOUR_ENV_FILES_PATH/api-server.env", # Assuming you installed DotENV plugin
+    }
+```
+
+#### Goland example
+Next, you will need to create a launch configuration, with the relevant parameters. Copy the parameters from `Procfile`, located in the `argo-cd` root folder of your development branch. The parameters are located after the `$COMMAND` section in the `sh -c` section of the component run command.
+Example for an `api-server` launch configuration snippet, based on our above example for `api-server` configuration in `Procfile`: 
+``` xml 
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="api-server" type="GoApplicationRunConfiguration" factoryName="Go Application">
+    <module name="argo-cd" />
+    <working_directory value="$PROJECT_DIR$" />
+    <parameters value="--loglevel debug --redis localhost:6379 --insecure --dex-server http://localhost:5556 --repo-server localhost:8081 --port 8080" />
+    <EXTENSION ID="net.ashald.envfile"> <!-- Assuming you installed the EnvFile plugin-->
+      <option name="IS_ENABLED" value="true" />
+      <option name="IS_SUBST" value="false" />
+      <option name="IS_PATH_MACRO_SUPPORTED" value="false" />
+      <option name="IS_IGNORE_MISSING_FILES" value="false" />
+      <option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
+      <ENTRIES>
+        <ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
+        <ENTRY IS_ENABLED="true" PARSER="env" IS_EXECUTABLE="false" PATH="<YOUR_ENV_FILES_PATH>/api-server.env" />
+      </ENTRIES>
+    </EXTENSION>
+    <kind value="DIRECTORY" />
+    <directory value="$PROJECT_DIR$/cmd" />
+    <filePath value="$PROJECT_DIR$" />
+    <method v="2" />
+  </configuration>
+</component>
+```
+
+!!! note
+    As an alternative to importing the above file to Goland, you can create a Run/Debug Configuration using the official [Goland docs](https://www.jetbrains.com/help/go/go-build.html) and just copy the `parameters`, `directory` and `PATH` sections from the example above (specifying `Run kind` as `Directory` in the Run/Debug Configurations wizard)
+
+## Run Argo CD without the debugged component
+Next, we need to run all Argo CD components, except for the debugged component (cause we will run this component separately in the IDE).
+There is a mix-and-match approach to running the other components - you can run them in your K8s cluster or locally with the local toolchain.
+Below are the different options.
+
+### Run the other components locally
+#### Run with "make start-local"
+`make start-local` runs all the components by default, but it is also possible to run it with a whitelist of components, enabling the separation we need.
+
+So for the case of debugging the `api-server`, run:
+`make start-local ARGOCD_START="notification applicationset-controller repo-server redis dex controller ui"` 
+
+#### Run with "make run"
+`make run` runs all the components by default, but it is also possible to run it with a blacklist of components, enabling the separation we need.
+
+So for the case of debugging the `api-server`, run:
+`make run exclude=api-server` 
+
+#### Run with "goreman start"
+`goreman start` runs all the components by default, but it is also possible to run it with a whitelist of components, enabling separation as needed.
+
+To debug the `api-server`, run:
+`goreman start notification applicationset-controller repo-server redis dex controller ui` 
+
+## Run Argo CD debugged component from your IDE
+Finally, run the component you wish to debug from your IDE and make sure it does not have any errors.
+
+## Important
+When running Argo CD components separately, ensure components aren't creating conflicts - each component needs to be up exactly once, be it running locally with the local toolchain or running from your IDE. Otherwise you may get errors about ports not available or even debugging a process that does not contain your code changes. 
\ No newline at end of file
diff --git a/docs/developer-guide/dependencies.md b/docs/developer-guide/dependencies.md
index e609a23e16330..a4e0de4d0e335 100644
--- a/docs/developer-guide/dependencies.md
+++ b/docs/developer-guide/dependencies.md
@@ -33,21 +33,61 @@ After your GitOps Engine PR has been merged, ArgoCD needs to be updated to pull
 - See https://github.com/argoproj/argo-cd/pull/4434 as an example
 - The PR might require additional, dependent changes in ArgoCD that are directly impacted by the changes made in the engine.
 
-## Argo UI Components
+## Notifications Engine (`github.com/argoproj/notifications-engine`)
 
 ### Repository
 
-https://github.com/argoproj/argo-ui
+[notifications-engine](https://github.com/argoproj/notifications-engine)
 
-### Pulling changes from Argo UI into Argo CD
+### Pulling changes from `notifications-engine`
 
-If you make changes to the Argo UI component, and your Argo CD changes depend on those changes, follow these steps:
+After your Notifications Engine PR has been merged, ArgoCD needs to be updated to pull in the version of the notifications engine that contains your change. Here are the steps:
 
-1. Make changes to Argo UI and submit the PR request.
-2. Also, prepare your Argo CD changes, but don't create the PR just yet.
-3. **After** the Argo UI PR has been merged to master, then as part of your Argo CD changes:
-   - Run `yarn add git+https://github.com/argoproj/argo-ui.git` in the `ui/` directory, and then,
-   - Check in the regenerated `yarn.lock` file as part of your Argo CD commit
-4. Create the Argo CD PR when you are ready. The PR build and test checks should pass.
+- Retrieve the SHA hash for your commit. You will use this in the next step.
+- From the `argo-cd` folder, run the following command
+
+  `go get github.com/argoproj/notifications-engine@<git-commit-sha>`
+
+  If you get an error message `invalid version: unknown revision` then you got the wrong SHA hash
+
+- Run:
+
+  `go mod tidy`
+
+- The following files are changed:
+
+  - `go.mod`
+  - `go.sum`
+
+- If your notifications engine PR included docs changes, run `make codegen` or `make codegen-local`.
+
+- Create an ArgoCD PR with a `refactor:` type in its title for the above file changes.
+
+## Argo UI Components (`github.com/argoproj/argo-ui`)
+### Contributing to Argo CD UI
+
+Argo CD, along with Argo Workflows, uses shared React components from [Argo UI](https://github.com/argoproj/argo-ui). Examples of some of these components include buttons, containers, form controls, 
+and others. Although you can make changes to these files and run them locally, in order to have these changes added to the Argo CD repo, you will need to follow these steps. 
+
+1. Fork and clone the [Argo UI repository](https://github.com/argoproj/argo-ui).
+
+2. `cd` into your `argo-ui` directory, and then run `yarn install`. 
+
+3. Make your file changes.
+
+4. Run `yarn start` to start a [storybook](https://storybook.js.org/) dev server and view the components in your browser. Make sure all your changes work as expected. 
+
+5. Use [yarn link](https://classic.yarnpkg.com/en/docs/cli/link/) to link Argo UI package to your Argo CD repository. (Commands below assume that `argo-ui` and `argo-cd` are both located within the same parent folder)
+
+    * `cd argo-ui`
+    * `yarn link`
+    * `cd ../argo-cd/ui`
+    * `yarn link argo-ui`
+
+    Once the `argo-ui` package has been successfully linked, test changes in your local development environment. 
+
+6. Commit changes and open a PR to [Argo UI](https://github.com/argoproj/argo-ui). 
+
+7. Once your PR has been merged in Argo UI, `cd` into your `argo-cd/ui` folder and run `yarn add git+https://github.com/argoproj/argo-ui.git`. This will update the commit SHA in the `ui/yarn.lock` file to use the latest master commit for argo-ui. 
 
-If your Argo UI change is a 'stand-alone' fix, and you simply want Argo CD to pull in your change, then simply create an Argo CD PR with the `yarn.lock` file change.
+8. Submit changes to `ui/yarn.lock`in a PR to Argo CD. 
diff --git a/docs/developer-guide/development-cycle.md b/docs/developer-guide/development-cycle.md
new file mode 100644
index 0000000000000..2aa06321a2300
--- /dev/null
+++ b/docs/developer-guide/development-cycle.md
@@ -0,0 +1,119 @@
+# The Development Cycle
+
+## Prerequisites
+1. [Development Environment](development-environment.md)   
+2. [Toolchain Guide](toolchain-guide.md)
+
+## Preface 
+When you have developed and possibly manually tested the code you want to contribute, you should ensure that everything builds correctly. Commit your changes locally and perform the following steps, for each step the commands for both local and virtualized toolchain are listed. 
+
+### Docker priviliges for virtualized toolchain users
+[These instructions](toolchain-guide.md#docker-privileges) are relevant for most of the steps below 
+
+### Using Podman for virtualized toolchain users
+[These instructions](toolchain-guide.md#using-podman) are relevant for most of the steps below 
+
+## Development cycle steps
+### Set kubectl context to argocd namespace
+
+Setting kubectl config to the argocd namespace is required for these steps to succeed.
+All following commands in this guide assume the namespace is already set.
+
+```shell
+kubectl config set-context --current --namespace=argocd
+```
+
+### Pull in all build dependencies
+
+As build dependencies change over time, you have to synchronize your development environment with the current specification. In order to pull in all required dependencies, issue:
+
+* `make dep-ui` or `make dep-ui-local`
+
+Argo CD recently migrated to Go modules. Usually, dependencies will be downloaded at build time, but the Makefile provides two targets to download and vendor all dependencies:
+
+* `make mod-download` or `make mod-download-local` will download all required Go modules and
+* `make mod-vendor` or `make mod-vendor-local` will vendor those dependencies into the Argo CD source tree
+
+### Generate API glue code and other assets
+
+Argo CD relies on Google's [Protocol Buffers](https://developers.google.com/protocol-buffers) for its API, and this makes heavy use of auto-generated glue code and stubs. Whenever you touched parts of the API code, you must re-generate the auto generated code.
+
+* Run `make codegen` or `make codegen-local`, this might take a while
+* Check if something has changed by running `git status` or `git diff`
+* Commit any possible changes to your local Git branch, an appropriate commit message would be `Changes from codegen`, for example.
+
+!!!note
+    There are a few non-obvious assets that are auto-generated. You should not change the autogenerated assets, as they will be overwritten by a subsequent run of `make codegen`. Instead, change their source files. Prominent examples of non-obvious auto-generated code are `swagger.json` or the installation manifest YAMLs.
+
+### Build your code and run unit tests
+
+After the code glue has been generated, your code should build and the unit tests should run without any errors. Execute the following statements:
+
+* `make build` or `make build-local`
+* `make test` or `make test-local`
+
+These steps are non-modifying, so there's no need to check for changes afterward.
+
+### Lint your code base
+
+In order to keep a consistent code style in our source tree, your code must be well-formed in accordance to some widely accepted rules, which are applied by a Linter.
+
+The Linter might make some automatic changes to your code, such as indentation fixes. Some other errors reported by the Linter have to be fixed manually.
+
+* Run `make lint` or `make lint-local` and observe any errors reported by the Linter
+* Fix any of the errors reported and commit to your local branch
+* Finally, after the Linter reports no errors, run `git status` or `git diff` to check for any changes made automatically by Lint
+* If there were automatic changes, commit them to your local branch
+
+If you touched UI code, you should also run the Yarn linter on it:
+
+* Run `make lint-ui` or `make lint-ui-local`
+* Fix any of the errors reported by it
+
+### Run end-to-end tests
+
+The final step is running the End-to-End testsuite, which ensures that your Kubernetes dependencies are working properly. This will involve starting all the Argo CD components on your computer. The end-to-end tests consists of two parts: a server component, and a client component.
+
+* First, start the End-to-End server: `make start-e2e` or `make start-e2e-local`. This will spawn a number of processes and services on your system.
+* When all components have started, run `make test-e2e` or `make test-e2e-local` to run the end-to-end tests against your local services.
+
+To run a single test with a local toolchain, you can use `TEST_FLAGS="-run TestName" make test-e2e-local`.
+
+For more information about End-to-End tests, refer to the [End-to-End test documentation](test-e2e.md).
+
+## Common Make Targets
+
+Here are some frequently used make targets (all will run on your machine):
+
+### Local Toolchain Make Targets
+
+* `make install-tools-local` - Install testing and building tools for the local toolchain 
+* `make build-local` - Build Argo CD binaries
+* `make test-local` - Run unit tests
+* `make codegen-local` - Re-generate auto generated Swagger and Protobuf (after changing API code)
+* `make lint-local` - Run linting
+* `make pre-commit-local` - Run pre-commit checks
+* `make start-e2e-local` - Start server for end-to-end tests
+* `make test-e2e-local` - Run end-to-end tests
+* `make serve-docs-local` - Serve documentation
+* `make start-local` - Start Argo CD
+* `make cli-local` - Build Argo CD CLI binary
+
+### Virtualized Toolchain Make Targets
+
+* `make verify-kube-connect` - Test whether the virtualized toolchain has access to your K8s cluster
+* `make test-tools-image` - Prepare the environment of the virtualized chain
+* `make build` - Build Argo CD binaries
+* `make test` - Run unit tests
+* `make codegen` - Re-generate auto generated Swagger and Protobuf (after changing API code)
+* `make lint` - Run linting
+* `make pre-commit` - Run pre-commit checks
+* `make start-e2e` - Start server for end-to-end tests
+* `make test-e2e` - Run end-to-end tests
+* `make serve-docs` - Serve documentation
+* `make start` - Start Argo CD
+
+---
+Congrats on making it to the end of this runbook! 🚀
+
+For more on Argo CD, find us in Slack - <https://slack.cncf.io/> [#argo-contributors](https://cloud-native.slack.com/archives/C020XM04CUW)
diff --git a/docs/developer-guide/development-environment.md b/docs/developer-guide/development-environment.md
new file mode 100644
index 0000000000000..708f83b59dd74
--- /dev/null
+++ b/docs/developer-guide/development-environment.md
@@ -0,0 +1,120 @@
+# Setting Up the Development Environment
+
+## Required Tools Overview
+
+You will need to install the following tools with the specified minimum versions:
+
+* Git (v2.0.0+)
+* Go (version specified in `go.mod` - check with `go version`)
+* Docker (v20.10.0+) Or Podman (v3.0.0+)
+* Kind (v0.11.0+) Or Minikube (v1.23.0+) Or K3d (v5.7.3+)
+
+
+
+## Install Required Tools
+
+### Install Git
+
+Obviously, you will need a `git` client for pulling source code and pushing back your changes.
+
+<https://github.com/git-guides/install-git>
+
+
+### Install Go
+
+You will need a Go SDK and related tools (such as GNU `make`) installed and working on your development environment.
+
+<https://go.dev/doc/install/>
+
+Install Go with a version equal to or greater than the version listed in `go.mod` (verify go version with `go version`).  
+We will assume that your Go workspace is at `~/go`.
+
+Verify: run `go version`
+
+### Install Docker or Podman
+
+#### Installation guide for docker
+
+<https://docs.docker.com/engine/install/>
+
+You will need a working Docker runtime environment, to be able to build and run images. Argo CD is using multi-stage builds. 
+
+Verify: run `docker version`
+
+#### Installation guide for podman
+
+<https://podman.io/docs/installation>
+
+### Install a Local K8s Cluster
+
+You won't need a fully blown multi-master, multi-node cluster, but you will need something like K3S, K3d, Minikube, Kind or microk8s. You will also need a working Kubernetes client (`kubectl`) configuration in your development environment. The configuration must reside in `~/.kube/config`.
+
+#### Kind
+
+##### [Installation guide](https://kind.sigs.k8s.io/docs/user/quick-start)
+
+You can use `kind` to run Kubernetes inside Docker. But pointing to any other development cluster works fine as well as long as Argo CD can reach it.
+
+##### Start the Cluster
+```shell
+kind create cluster
+```
+
+#### Minikube
+
+##### [Installation guide](https://minikube.sigs.k8s.io/docs/start)
+
+##### Start the Cluster
+```shell
+minikube start
+```
+
+Or, if you are using minikube with podman driver:
+
+```shell
+minikube start --driver=podman
+```
+
+#### K3d
+
+##### [Installation guide](https://k3d.io/stable/#quick-start)
+
+### Verify cluster installation
+
+* Run `kubectl version` 
+
+## Fork and Clone the Repository
+1. Fork the Argo CD repository to your personal GitHub Account
+2. Clone the forked repository:
+```shell
+git clone https://github.com/YOUR-USERNAME/argo-cd.git
+```
+   Please note that the local build process uses GOPATH and that path should not be used, unless the Argo CD repository was directly cloned in it.
+
+3. While everyone has their own Git workflow, the author of this document recommends to create a remote called `upstream` in your local copy pointing to the original Argo CD repository. This way, you can easily keep your local branches up-to-date by merging in latest changes from the Argo CD repository, i.e. by doing a `git pull upstream master` in your locally checked out branch.
+   To create the remote, run:
+   ```shell
+   cd argo-cd
+   git remote add upstream https://github.com/argoproj/argo-cd.git
+   ```
+
+## Install Additional Required Development Tools
+
+```shell
+make install-go-tools-local
+make install-codegen-tools-local
+```
+
+## Install Latest Argo CD on Your Local Cluster
+
+```shell
+kubectl create namespace argocd &&
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
+```
+
+Set kubectl config to avoid specifying the namespace in every kubectl command.  
+
+```shell
+kubectl config set-context --current --namespace=argocd
+```
+
diff --git a/docs/developer-guide/index.md b/docs/developer-guide/index.md
index 08578c0fd0707..48746412d8a5f 100644
--- a/docs/developer-guide/index.md
+++ b/docs/developer-guide/index.md
@@ -1,25 +1,102 @@
 # Overview
 
-!!! warning "You probably don't want to be reading this section of the docs."
-    This part of the manual is aimed at helping people contribute to Argo CD, the documentation, or to develop third-party applications that interact with Argo CD, e.g.
+!!! warning "As an Argo CD user, you probably don't want to be reading this section of the docs."
+    This part of the manual is aimed at helping people contribute to Argo CD, documentation, or to develop third-party applications that interact with Argo CD, e.g.
     
     * A chat bot
     * A Slack integration
+
+## Preface
+#### Understand the [Code Contribution Guide](code-contributions.md)
+#### Understand the [Code Contribution Preface](submit-your-pr.md#preface)
     
+## Contributing to Argo CD documentation
+
+This guide will help you get started quickly with contributing documentation changes, performing the minimum setup you'll need.   
+For backend and frontend contributions, that require a full building-testing-running-locally cycle, please refer to [Contributing to Argo CD backend and frontend ](index.md#contributing-to-argo-cd-backend-and-frontend) 
+
+### Fork and clone Argo CD repository
+- [Fork and clone Argo CD repository](development-environment.md#fork-and-clone-the-repository)
+
+### Submit your PR
+- [Before submitting a PR](submit-your-pr.md#before-submitting-a-pr)
+- [Choose a correct title for your PR](submit-your-pr.md#choose-a-correct-title-for-your-pr)
+- [Perform the PR template checklist](submit-your-pr.md#perform-the-PR-template-checklist)
+
+## Contributing to Argo CD Notifications documentation
+
+This guide will help you get started quickly with contributing documentation changes, performing the minimum setup you'll need.
+The notificaions docs are located in [notifications-engine](https://github.com/argoproj/notifications-engine) Git repository and require 2 pull requests: one for the `notifications-engine` repo and one for the `argo-cd` repo.
+For backend and frontend contributions, that require a full building-testing-running-locally cycle, please refer to [Contributing to Argo CD backend and frontend ](index.md#contributing-to-argo-cd-backend-and-frontend) 
+
+### Fork and clone Argo CD repository
+- [Fork and clone Argo CD repository](development-environment.md#fork-and-clone-the-repository)
+
+### Submit your PR to notifications-engine
+- [Before submitting a PR](submit-your-pr.md#before-submitting-a-pr)
+- [Choose a correct title for your PR](submit-your-pr.md#choose-a-correct-title-for-your-pr)
+- [Perform the PR template checklist](submit-your-pr.md#perform-the-PR-template-checklist)
+
+### Install Go on your machine
+- [Install Go](development-environment.md#install-go)
+
+### Submit your PR to argo-cd
+- [Contributing to notifications-engine](dependencies.md#notifications-engine-githubcomargoprojnotifications-engine)
+- [Before submitting a PR](submit-your-pr.md#before-submitting-a-pr)
+- [Choose a correct title for your PR](submit-your-pr.md#choose-a-correct-title-for-your-pr)
+- [Perform the PR template checklist](submit-your-pr.md#perform-the-PR-template-checklist)
+
+## Contributing to Argo CD backend and frontend 
+
+This guide will help you set up your build & test environment, so that you can start developing and testing bug fixes and feature enhancements without having to make too much effort in setting up a local toolchain.
+
+As is the case with the development process, this document is under constant change. If you notice any error, or if you think this document is out-of-date, or if you think it is missing something: Feel free to submit a PR or submit a bug to our GitHub issue tracker.
+
+### Set up your development environment
+- [Install required tools (Git, Go, Docker, etc)](development-environment.md#install-required-tools)
+- [Install and start a local K8s cluster (Kind, Minikube or K3d)](development-environment.md#install-a-local-k8s-cluster)
+- [Fork and clone Argo CD repository](development-environment.md#fork-and-clone-the-repository)
+- [Install additional required development tools](development-environment.md#install-additional-required-development-tools)
+- [Install latest Argo CD on your local cluster](development-environment.md#install-latest-argo-cd-on-your-local-cluster)
+
+### Set up a development toolchain (local or virtualized)
+- [Understand the differences between the toolchains](toolchain-guide.md#local-vs-virtualized-toolchain)
+- Choose a development toolchain
+
+    - Either [set up a local toolchain](toolchain-guide.md#setting-up-a-local-toolchain)
+    - Or [set up a virtualized toolchain](toolchain-guide.md#setting-up-a-virtualized-toolchain)
+
+### Perform the development cycle 
+- [Set kubectl context to argocd namespace](development-cycle.md#set-kubectl-context-to-argocd-namespace)
+- [Pull in all build dependencies](development-cycle.md#pull-in-all-build-dependencies)
+- [Generate API glue code and other assets](development-cycle.md#generate-API-glue-code-and-other-assets)
+- [Build your code and run unit tests](development-cycle.md#build-your-code-and-run-unit-tests)
+- [Lint your code base](development-cycle.md#lint-your-code-base)
+- [Run e2e tests](development-cycle.md#run-end-to-end-tests)
+- How to contribute to documentation: [build and run documentation site](docs-site/) on your machine for manual testing
 
-## Contributing to Argo CD
-* [Code Contribution Guide](code-contributions/)
-* [Contributors Quickstart](contributors-quickstart/)
-* [Running Argo CD Locally](running-locally/)
+### Run and debug Argo CD locally
+- [Run Argo CD on your machine for manual testing](running-locally.md)
+- [Debug Argo CD in an IDE on your machine](debugging-locally.md)
+  
+### Submit your PR
+- [Before submitting a PR](submit-your-pr.md#before-submitting-a-pr)
+- [Understand the Continuous Integration process](submit-your-pr.md#understand-the-continuous-integration-process)
+- [Choose a correct title for your PR](submit-your-pr.md#choose-a-correct-title-for-your-pr)
+- [Perform the PR template checklist](submit-your-pr.md#perform-the-PR-template-checklist)
+- [Understand the CI automated builds & tests](submit-your-pr.md#automated-builds-&-tests)
+- [Understand & make sure your PR meets the CI code test coverage requirements](submit-your-pr.md#code-test-coverage)
 
 Need help? Start with the [Contributors FAQ](faq/)
 
-## Contributing to the Documentation
-* [Building and Running Documentation Site Locally](docs-site/)
+## Contributing to Argo CD dependencies
+- [Contributing to argo-ui](dependencies.md#argo-ui-components-githubcomargoprojargo-ui)
+- [Contributing to gitops-engine](dependencies.md#gitops-engine-githubcomargoprojgitops-engine)
+- [Contributing to notifications-engine](dependencies.md#notifications-engine-githubcomargoprojnotifications-engine)
 
 ## Extensions and Third-Party Applications
-* [UI Extensions](ui-extensions/)
-* [Proxy Extensions](proxy-extensions/)
+* [UI Extensions](extensions/ui-extensions.md)
+* [Proxy Extensions](extensions/proxy-extensions.md)
 * [Config Management Plugins](../operator-manual/config-management-plugins/)
 
 ## Contributing to Argo Website
diff --git a/docs/developer-guide/mac-users.md b/docs/developer-guide/mac-users.md
new file mode 100644
index 0000000000000..0bcf752e3ece2
--- /dev/null
+++ b/docs/developer-guide/mac-users.md
@@ -0,0 +1,20 @@
+# MacOS users
+Below are known issues specific to macOS
+
+## Port 5000
+
+You may get an error listening on port 5000 on macOS:
+
+```text
+docker: Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:5000 -> 0.0.0.0:0: listen tcp 0.0.0.0:5000: bind: address already in use.
+```
+
+In that case, you can disable "AirPlay Receiver" in macOS System Preferences.
+
+## Firewall dialogs
+If you get firewall dialogs, you can click "Deny", since no access from outside your computer is typically desired.
+
+## Exec format error for virtualized toolchain make targets
+If you get `/go/src/github.com/argoproj/argo-cd/dist/mockery: cannot execute binary file: Exec format error`, this typically means that you ran a virtualized `make` target after you ran the a local `make` target.   
+To fix this and continue with the virtualized toolchain, delete the contents of `argo-cd/dist` folder.   
+If later on you wish to run `make` targets of the local toolchain again, run `make install-tools-local` to re-populate the contents of the `argo-cd/dist` folder.
diff --git a/docs/developer-guide/running-locally.md b/docs/developer-guide/running-locally.md
index f1e6db9b88a43..dc6aba87e4e9c 100644
--- a/docs/developer-guide/running-locally.md
+++ b/docs/developer-guide/running-locally.md
@@ -1,14 +1,21 @@
 # Running Argo CD locally
 
-## Run Argo CD outside of Kubernetes
+## Prerequisites
+1. [Development Environment](development-environment.md)   
+2. [Toolchain Guide](toolchain-guide.md)
+3. [Development Cycle](development-cycle.md)
 
-During development, it might be viable to run Argo CD outside a Kubernetes cluster. This will greatly speed up development, as you don't have to constantly build, push and install new Argo CD Docker images with your latest changes.
+## Preface
+During development, it is recommended to start with Argo CD running locally (outside of a K8s cluster). This will greatly speed up development, as you don't have to constantly build, push and install new Argo CD Docker images with your latest changes.
 
-You will still need a working Kubernetes cluster, as described in the [Toolchain Guide](toolchain-guide.md), where Argo CD will store all of its resources and configuration.
+After you have tested locally, you can move to the second phase of building a docker image, running Argo CD in your cluster and testing further.
 
-If you followed the [Toolchain Guide](toolchain-guide.md) in setting up your toolchain, you can run Argo CD locally with these simple steps:
+For both cases, you will need a working K8s cluster, where Argo CD will store all of its resources and configuration.
 
-### Install Argo CD resources to your cluster
+In order to have all the required resources in your cluster, you will deploy Argo CD from your development branch and then scale down all it's instances.
+This will ensure you have all the relevant configuration (such as Argo CD Config Maps and CRDs) in the cluster while the instances themselves are stopped.
+
+### Deploy Argo CD resources to your cluster
 
 First push the installation manifest into argocd namespace:
 
@@ -17,6 +24,12 @@ kubectl create namespace argocd
 kubectl apply -n argocd --force -f manifests/install.yaml
 ```
 
+The services you will start later assume you are running in the namespace where Argo CD is installed. You can set the current context default namespace as follows:
+
+```bash
+kubectl config set-context --current --namespace=argocd
+```
+
 ### Scale down any Argo CD instance in your cluster
 
 Make sure that Argo CD is not running in your development cluster by scaling down the deployments:
@@ -31,18 +44,24 @@ kubectl -n argocd scale deployment/argocd-applicationset-controller --replicas 0
 kubectl -n argocd scale deployment/argocd-notifications-controller --replicas 0
 ```
 
-### Start local services (virtualized toolchain inside Docker)
+## Running Argo CD locally, outside of K8s cluster
+#### Prerequisites
+1. [Deploy Argo CD resources to your cluster](running-locally.md#deploy-argo-cd-resources-to-your-cluster)   
+2. [Scale down any Argo CD instance in your cluster](running-locally.md#scale-down-any-argo-cd-instance-in-your-cluster)
 
-The started services assume you are running in the namespace where Argo CD is installed. You can set the current context default namespace as follows:
+### Start local services (virtualized toolchain)
+When you use the virtualized toolchain, starting local services is as simple as running
 
 ```bash
-kubectl config set-context --current --namespace=argocd
+cd argo-cd
+make start
 ```
 
-When you use the virtualized toolchain, starting local services is as simple as running
+By default, Argo CD uses Docker. To use Podman instead, set the `DOCKER` environment variable to `podman` before running the `make` command:
 
-```bash
-make start
+```shell
+cd argo-cd
+DOCKER=podman make start
 ```
 
 This will start all Argo CD services and the UI in a Docker container and expose the following ports to your host:
@@ -51,14 +70,6 @@ This will start all Argo CD services and the UI in a Docker container and expose
 * The Argo CD UI server on port 4000
 * The Helm registry server on port 5000
 
-You may get an error listening on port 5000 on macOS:
-
-```text
-docker: Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:5000 -> 0.0.0.0:0: listen tcp 0.0.0.0:5000: bind: address already in use.
-```
-
-In that case, you can disable "AirPlay Receiver" in macOS System Preferences.
-
 You can now use either the web UI by pointing your browser to `http://localhost:4000` or use the CLI against the API at `http://localhost:8080`. Be sure to use the `--insecure` and `--plaintext` options to the CLI. Webpack will take a while to bundle resources initially, so the first page load can take several seconds or minutes.
 
 As an alternative to using the above command line parameters each time you call `argocd` CLI, you can set the following environment variables:
@@ -68,51 +79,33 @@ export ARGOCD_SERVER=127.0.0.1:8080
 export ARGOCD_OPTS="--plaintext --insecure"
 ```
 
-### Start local services (running on local machine)
-
-The `make start` command of the virtualized toolchain runs the build and programs inside a Docker container using the test tools image. That makes everything repeatable, but can slow down the development workflow. Particularly on macOS where Docker and the Linux kernel run inside a VM, you may want to try developing fully locally.
-
-Docker should be installed already. Assuming you manage installed software using [Homebrew](https://brew.sh/), you can install other prerequisites like this:
+### Start local services (local toolchain)
+When you use the local toolchain, starting local services can be performed in 3 ways:
 
-```sh
-# goreman is used to start all needed processes to get a working Argo CD development
-# environment (defined in `Procfile`)
-brew install goreman
-
-# You can use `kind` to run Kubernetes inside Docker. But pointing to any other
-# development cluster works fine as well as long as Argo CD can reach it.
-brew install kind
+#### With "make start-local"
+```shell
+cd argo-cd
+make start-local ARGOCD_GPG_ENABLED=false
 ```
 
-To set up Kubernetes, you can use kind:
-
-```sh
-kind create cluster --kubeconfig ~/.kube/config-kind
-
-# The started services assume you are running in the namespace where Argo CD is
-# installed. Set the current context default namespace.
-export KUBECONFIG=~/.kube/config-kind
-kubectl config set-context --current --namespace=argocd
+#### With "make run"
+```shell
+cd argo-cd
+make run ARGOCD_GPG_ENABLED=false
 ```
 
-Follow the above sections "Install Argo CD resources to your cluster" and "Scale down any Argo CD instance in your cluster" to deploy all needed manifests such as config maps.
-
-Start local services:
-
-```sh
-# Ensure you point to the correct Kubernetes cluster as shown above. For example:
-export KUBECONFIG=~/.kube/config-kind
-
-make start-local
+#### With "goreman start"
+```shell
+cd argo-cd
+ARGOCD_GPG_ENABLED=false && goreman start
 ```
 
-This will start all Argo CD services and the UI in a Docker container and expose the following ports to your host:
+Any of those options will start all Argo CD services and the UI:
 
 * The Argo CD API server on port 8080
 * The Argo CD UI server on port 4000
 * The Helm registry server on port 5000
 
-If you get firewall dialogs, for example on macOS, you can click "Deny", since no access from outside your computer is typically desired.
 
 Check that all programs have started:
 
@@ -123,61 +116,77 @@ $ goreman run status
 [...]
 ```
 
-If some of the processes fail to start (not marked with `*`), check logs to see why they are not running.
+If some of the processes fail to start (not marked with `*`), check logs to see why they are not running. The logs are on `DEBUG` level by default. If the logs are too noisy to find the problem, try editing log levels for the commands in the `Procfile` in the root of the Argo CD repo.
 
-In case of an error like `gpg: key generation failed: Unknown elliptic curve` (a [gnupg bug](https://dev.gnupg.org/T5444)), disable GPG verification before running `make start-local`:
+You can now use either use the web UI by pointing your browser to `http://localhost:4000` or use the CLI against the API at `http://localhost:8080`. Be sure to use the `--insecure` and `--plaintext` options to the CLI. Webpack will take a while to bundle resources initially, so the first page load can take several seconds or minutes.
 
-```sh
-export ARGOCD_GPG_ENABLED=false
+As an alternative to using the above command line parameters each time you call `argocd` CLI, you can set the following environment variables:
+
+```bash
+export ARGOCD_SERVER=127.0.0.1:8080
+export ARGOCD_OPTS="--plaintext --insecure"
 ```
+### Making code changes while Argo CD is running on your machine
 
-You may get an error listening on port 5000 on macOS:
+#### Docs Changes
 
-```text
-docker: Error response from daemon: Ports are not available: exposing port TCP 0.0.0.0:5000 -> 0.0.0.0:0: listen tcp 0.0.0.0:5000: bind: address already in use.
-```
+Modifying the docs auto-reloads the changes on the [documentation website](https://argo-cd.readthedocs.io/) that can be locally built using `make serve-docs-local` command. 
+Once running, you can view your locally built documentation on port 8000.
 
-In that case, you can disable "AirPlay Receiver" in macOS System Preferences.
+Read more about this [here](https://argo-cd.readthedocs.io/en/latest/developer-guide/docs-site/).
 
-You can now use either the web UI by pointing your browser to `http://localhost:4000` or use the CLI against the API at `http://localhost:8080`. Be sure to use the `--insecure` and `--plaintext` options to the CLI. Webpack will take a while to bundle resources initially, so the first page load can take several seconds or minutes.
+#### UI Changes
 
-As an alternative to using the above command line parameters each time you call `argocd` CLI, you can set the following environment variables:
+Modifying the User-Interface (by editing .tsx or .scss files) auto-reloads the changes on port 4000.
 
-```bash
-export ARGOCD_SERVER=127.0.0.1:8080
-export ARGOCD_OPTS="--plaintext --insecure"
-```
+#### Backend Changes
 
-After making a code change, ensure to rebuild and restart the respective service:
+Modifying the API server, repo server, or a controller requires restarting the current `make start` for virtualized toolchain.
+For `make start-local` with the local toolchain, it is enough to rebuild and restart only the respective service:
 
 ```sh
 # Example for working on the repo server Go code, see other service names in `Procfile`
 goreman run restart repo-server
 ```
 
-Clean up when you're done:
+#### CLI Changes
 
-```sh
-kind delete cluster; rm -f ~/.kube/config-kind
+Modifying the CLI requires restarting the current `make start` or `make start-local` session to reflect the changes. Those targets also rebuild the CLI.
+
+To test most CLI commands, you will need to log in.
+
+First, get the auto-generated secret:
+
+```shell
+kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
 ```
 
+Then log in using that password and username `admin`:
+
+```shell
+dist/argocd login localhost:8080
+```
+
+## Running Argo CD inside of K8s cluster
 ### Scale up Argo CD in your cluster
 
 Once you have finished testing your changes locally and want to bring back Argo CD in your development cluster, simply scale the deployments up again:
 
 ```bash
 kubectl -n argocd scale statefulset/argocd-application-controller --replicas 1
+kubectl -n argocd scale deployment/argocd-applicationset-controller --replicas 1
 kubectl -n argocd scale deployment/argocd-dex-server --replicas 1
 kubectl -n argocd scale deployment/argocd-repo-server --replicas 1
 kubectl -n argocd scale deployment/argocd-server --replicas 1
 kubectl -n argocd scale deployment/argocd-redis --replicas 1
+kubectl -n argocd scale deployment/argocd-notifications-controller --replicas 1
 ```
 
-## Run your own Argo CD images on your cluster
+### Run your own Argo CD images on your cluster
 
 For your final tests, it might be necessary to build your own images and run them in your development cluster.
 
-### Create Docker account and login
+#### Create Docker account and login
 
 You might need to create an account on [Docker Hub](https://hub.docker.com) if you don't have one already. Once you created your account, login from your development environment:
 
@@ -185,7 +194,7 @@ You might need to create an account on [Docker Hub](https://hub.docker.com) if y
 docker login
 ```
 
-### Create and push Docker images
+#### Create and push Docker images
 
 You will need to push the built images to your own Docker namespace:
 
@@ -205,7 +214,7 @@ Then you can build & push the image in one step:
 DOCKER_PUSH=true make image
 ```
 
-### Configure manifests for your image
+#### Configure manifests for your image
 
 With `IMAGE_NAMESPACE` and `IMAGE_TAG` still set, run:
 
@@ -213,12 +222,18 @@ With `IMAGE_NAMESPACE` and `IMAGE_TAG` still set, run:
 make manifests
 ```
 
-to build a new set of installation manifests which include your specific image reference.
+or 
+
+```bash
+make manifests-local
+```
+
+(depending on your toolchain) to build a new set of installation manifests which include your specific image reference.
 
 !!!note
     Do not commit these manifests to your repository. If you want to revert the changes, the easiest way is to unset `IMAGE_NAMESPACE` and `IMAGE_TAG` from your environment and run `make manifests` again. This will re-create the default manifests.
 
-### Configure your cluster with custom manifests
+#### Configure your cluster with custom manifests
 
 The final step is to push the manifests to your cluster, so it will pull and run your image:
 
diff --git a/docs/developer-guide/submit-your-pr.md b/docs/developer-guide/submit-your-pr.md
new file mode 100644
index 0000000000000..4657bddd4f96b
--- /dev/null
+++ b/docs/developer-guide/submit-your-pr.md
@@ -0,0 +1,86 @@
+# Submitting PRs
+
+## Prerequisites
+1. [Development Environment](development-environment.md)   
+2. [Toolchain Guide](toolchain-guide.md)
+3. [Development Cycle](development-cycle.md)
+
+## Preface
+
+!!!note "Before you start"
+    The Argo CD project continuously grows, both in terms of features and community size. It gets adopted by more and more organizations which entrust Argo CD to handle their critical production workloads. Thus, we need to take great care with any changes that affect compatibility, performance, scalability, stability and security of Argo CD. For this reason, every new feature or larger enhancement must be properly designed and discussed before it gets accepted into the code base.
+
+    We do welcome and encourage everyone to participate in the Argo CD project, but please understand that we can't accept each and every contribution from the community, for various reasons. If you want to submit code for a great new feature or enhancement, we kindly ask you to take a look at the
+    [code contribution guide](code-contributions.md#) before you start to write code or submit a PR.
+
+If you want to submit a PR, please read this document carefully, as it contains important information guiding you through our PR quality gates.
+
+If you need guidance with submitting a PR, or have any other questions regarding development of Argo CD, do not hesitate to [join our Slack](https://argoproj.github.io/community/join-slack) and get in touch with us in the `#argo-cd-contributors` channel!
+
+## Before Submitting a PR
+
+1. Rebase your branch against upstream main:
+```shell
+git fetch upstream
+git rebase upstream/main
+```
+
+2. Run pre-commit checks:
+```shell
+make pre-commit-local
+```
+
+## Continuous Integration process
+
+When you submit a PR against Argo CD's GitHub repository, a couple of CI checks will be run automatically to ensure your changes will build fine and meet certain quality standards. Your contribution needs to pass those checks in order to be merged into the repository.
+
+!!!note
+    Please make sure that you always create PRs from a branch that is up-to-date with the latest changes from Argo CD's master branch. Depending on how long it takes for the maintainers to review and merge your PR, it might be necessary to pull in latest changes into your branch again.
+
+Please understand that we, as an Open Source project, have limited capacities for reviewing and merging PRs to Argo CD. We will do our best to review your PR and give you feedback as soon as possible, but please bear with us if it takes a little longer as expected.
+
+The following read will help you to submit a PR that meets the standards of our CI tests:
+
+## Title of the PR
+
+Please use a meaningful and concise title for your PR. This will help us to pick PRs for review quickly, and the PR title will also end up in the Changelog.
+
+We use [PR title checker](https://github.com/marketplace/actions/pr-title-checker) to categorize your PR into one of the following categories:
+
+* `fix` - Your PR contains one or more code bug fixes
+* `feat` - Your PR contains a new feature
+* `docs` - Your PR improves the documentation
+* `chore` - Your PR improves any internals of Argo CD, such as the build process, unit tests, etc
+
+Please prefix the title of your PR with one of the valid categories. For example, if you chose the title your PR `Add documentation for GitHub SSO integration`, please use `docs: Add documentation for GitHub SSO integration` instead.
+
+## PR template checklist
+
+Upon opening a PR, the details will contain a checklist from a template. Please read the checklist, and tick those marks that apply to you.
+
+## Automated builds & tests
+
+After you have submitted your PR, and whenever you push new commits to that branch, GitHub will run a number of Continuous Integration checks against your code. It will execute the following actions, and each of them has to pass:
+
+* Build the Go code (`make build`)
+* Generate API glue code and manifests (`make codegen`)
+* Run a Go linter on the code (`make lint`)
+* Run the unit tests (`make test`)
+* Run the End-to-End tests (`make test-e2e`)
+* Build and lint the UI code (`make lint-ui`)
+* Build the `argocd` CLI (`make cli`)
+
+If any of these tests in the CI pipeline fail, it means that some of your contribution is considered faulty (or a test might be flaky, see below).
+
+## Code test coverage
+
+We use [CodeCov](https://codecov.io) in our CI pipeline to check for test coverage, and once you submit your PR, it will run and report on the coverage difference as a comment within your PR. If the difference is too high in the negative, i.e. your submission introduced a significant drop in code coverage, the CI check will fail.
+
+Whenever you develop a new feature or submit a bug fix, please also write appropriate unit tests for it. If you write a completely new module, please aim for at least 80% of coverage.
+If you want to see how much coverage just a specific module (i.e. your new one) has, you can set the `TEST_MODULE` to the (fully qualified) name of that module with `make test`, i.e.:
+
+```bash
+ make test TEST_MODULE=github.com/argoproj/argo-cd/server/cache
+...
+ok      github.com/argoproj/argo-cd/server/cache        0.029s  coverage: 89.3% of statements
+```
diff --git a/docs/developer-guide/toolchain-guide.md b/docs/developer-guide/toolchain-guide.md
index cc8a84ab0994d..002830bc51fd2 100644
--- a/docs/developer-guide/toolchain-guide.md
+++ b/docs/developer-guide/toolchain-guide.md
@@ -1,109 +1,22 @@
-# Development toolchain
+# Development Toolchain
 
-## Preface
+## Prerequisites
+[Development Environment](development-environment.md)
 
-!!!note "Before you start"
-    The Argo CD project continuously grows, both in terms of features and community size. It gets adopted by more and more organisations which entrust Argo CD to handle their critical production workloads. Thus, we need to take great care with any changes that affect compatibility, performance, scalability, stability and security of Argo CD. For this reason, every new feature or larger enhancement must be properly designed and discussed before it gets accepted into the code base.
-
-    We do welcome and encourage everyone to participate in the Argo CD project, but please understand that we can't accept each and every contribution from the community, for various reasons. If you want to submit code for a great new feature or enhancement, we kindly ask you to take a look at the
-    [code contribution guide](code-contributions.md#) before you start to write code or submit a PR.
-
-We want to make contributing to Argo CD as simple and smooth as possible.
-
-This guide shall help you in setting up your build & test environment, so that you can start developing and testing bug fixes and feature enhancements without having to make too much effort in setting up a local toolchain.
-
-If you want to submit a PR, please read this document carefully, as it contains important information guiding you through our PR quality gates.
-
-As is the case with the development process, this document is under constant change. If you notice any error, or if you think this document is out-of-date, or if you think it is missing something: Feel free to submit a PR or submit a bug to our GitHub issue tracker.
-
-If you need guidance with submitting a PR, or have any other questions regarding development of Argo CD, do not hesitate to [join our Slack](https://argoproj.github.io/community/join-slack) and get in touch with us in the `#argo-cd-contributors` channel!
-
-## Before you start
-
-You will need at least the following things in your toolchain in order to develop and test Argo CD locally:
-
-* A Kubernetes cluster. You won't need a fully blown multi-master, multi-node cluster, but you will need something like K3S, Minikube or microk8s. You will also need a working Kubernetes client (`kubectl`) configuration in your development environment. The configuration must reside in `~/.kube/config` and the API server URL must point to the IP address of your local machine (or VM), and **not** to `localhost` or `127.0.0.1` if you are using the virtualized development toolchain (see below)
-
-* You will also need a working Docker runtime environment, to be able to build and run images. The Docker version must be 17.05.0 or higher, to support multi-stage builds. 
-
-* Obviously, you will need a `git` client for pulling source code and pushing back your changes.
-
-* Last but not least, you will need a Go SDK and related tools (such as GNU `make`) installed and working on your development environment. The minimum required Go version for building and testing Argo CD is **v1.17**.
-
-* We will assume that your Go workspace is at `~/go`.
-
-!!! note
-    **Attention minikube users**: By default, minikube will create Kubernetes client configuration that uses authentication data from files. This is incompatible with the virtualized toolchain. So if you intend to use the virtualized toolchain, you have to embed this authentication data into the client configuration. To do so, start minikube using `minikube start --embed-certs`. Please also note that minikube using the Docker driver is currently not supported with the virtualized toolchain, because the Docker driver exposes the API server on 127.0.0.1 hard-coded. If in doubt, run `make verify-kube-connect` to find out.
-
-## Submitting PRs
-
-### Continuous Integration process
-
-When you submit a PR against Argo CD's GitHub repository, a couple of CI checks will be run automatically to ensure your changes will build fine and meet certain quality standards. Your contribution needs to pass those checks in order to be merged into the repository.
-
-!!!note
-    Please make sure that you always create PRs from a branch that is up-to-date with the latest changes from Argo CD's master branch. Depending on how long it takes for the maintainers to review and merge your PR, it might be necessary to pull in latest changes into your branch again.
-
-Please understand that we, as an Open Source project, have limited capacities for reviewing and merging PRs to Argo CD. We will do our best to review your PR and give you feedback as soon as possible, but please bear with us if it takes a little longer as expected.
-
-The following read will help you to submit a PR that meets the standards of our CI tests:
-
-### Title of the PR
-
-Please use a meaningful and concise title for your PR. This will help us to pick PRs for review quickly, and the PR title will also end up in the Changelog.
-
-We use [PR title checker](https://github.com/marketplace/actions/pr-title-checker) to categorize your PR into one of the following categories:
-
-* `fix` - Your PR contains one or more code bug fixes
-* `feat` - Your PR contains a new feature
-* `docs` - Your PR improves the documentation
-* `chore` - Your PR improves any internals of Argo CD, such as the build process, unit tests, etc
-
-Please prefix the title of your PR with one of the valid categories. For example, if you chose the title your PR `Add documentation for GitHub SSO integration`, please use `docs: Add documentation for GitHub SSO integration` instead.
-
-### PR template checklist
-
-Upon opening a PR, the details will contain a checklist from a template. Please read the checklist, and tick those marks that apply to you.
-
-### Automated builds & tests
-
-After you have submitted your PR, and whenever you push new commits to that branch, GitHub will run a number of Continuous Integration checks against your code. It will execute the following actions, and each of them has to pass:
-
-* Build the Go code (`make build`)
-* Generate API glue code and manifests (`make codegen`)
-* Run a Go linter on the code (`make lint`)
-* Run the unit tests (`make test`)
-* Run the End-to-End tests (`make test-e2e`)
-* Build and lint the UI code (`make lint-ui`)
-* Build the `argocd` CLI (`make cli`)
-
-If any of these tests in the CI pipeline fail, it means that some of your contribution is considered faulty (or a test might be flaky, see below).
-
-### Code test coverage
-
-We use [CodeCov](https://codecov.io) in our CI pipeline to check for test coverage, and once you submit your PR, it will run and report on the coverage difference as a comment within your PR. If the difference is too high in the negative, i.e. your submission introduced a significant drop in code coverage, the CI check will fail.
+## Local vs Virtualized toolchain
 
-Whenever you develop a new feature or submit a bug fix, please also write appropriate unit tests for it. If you write a completely new module, please aim for at least 80% of coverage.
-If you want to see how much coverage just a specific module (i.e. your new one) has, you can set the `TEST_MODULE` to the (fully qualified) name of that module with `make test`, i.e.:
+Argo CD provides a fully virtualized development and testing toolchain using Docker images. Those images provide the same runtime environment as the final product, and it is much easier to keep up-to-date with changes to the toolchain and dependencies. The virtualized toolchain runs the build and programs inside a Docker container using the test tools image. That makes everything repeatable. The dynamic nature of requirements is another reason to choose this toolchain. This setup may also require configuring the default K8s API URL that comes with installing a local K8s cluster.
 
-```bash
- make test TEST_MODULE=github.com/argoproj/argo-cd/server/cache
-...
-ok      github.com/argoproj/argo-cd/server/cache        0.029s  coverage: 89.3% of statements
-```
+The local toolchain results in a faster development and testing cycle. Particularly on macOS where Docker and the Linux kernel run inside a VM, you may want to try developing fully locally. Local toolchain also requires installing additional tools on your machine. This toolchain is a good choice for working with an IDE debugger. 
 
-## Local vs Virtualized toolchain
+Most relevant targets for the build & test cycles in the `Makefile` provide two variants, one of them suffixed with `-local`. For example, `make test` will run unit tests in the Docker container (virtualized toolchain), `make test-local` (local toolchain) will run it natively on your local system.
 
-Argo CD provides a fully virtualized development and testing toolchain using Docker images. It is recommended to use those images, as they provide the same runtime environment as the final product, and it is much easier to keep up-to-date with changes to the toolchain and dependencies. But as using Docker comes with a slight performance penalty, you might want to set up a local toolchain.
-
-Most relevant targets for the build & test cycles in the `Makefile` provide two variants, one of them suffixed with `-local`. For example, `make test` will run unit tests in the Docker container, `make test-local` will run it natively on your local system.
+### Setting up a virtualized toolchain
 
 If you are going to use the virtualized toolchain, please bear in mind the following things:
 
-* Your Kubernetes API server must listen on the interface of your local machine or VM, and not on `127.0.0.1` only.
-* Your Kubernetes client configuration (`~/.kube/config`) must not use an API URL that points to `localhost` or `127.0.0.1`.
-
-You can test whether the virtualized toolchain has access to your Kubernetes cluster by running `make verify-kube-connect` (*after* you have set up your development environment, as described below), which will run `kubectl version` inside the Docker container used for running all tests.
+* Your Kubernetes API server must listen on the interface of your local machine or VM, and not on `127.0.0.1` or  `localhost` only.
+* Your Kubernetes client configuration (`~/.kube/config`) must not use an API URL that points to `localhost`, `127.0.0.1` or `0.0.0.0`
 
 The Docker container for the virtualized toolchain will use the following local mounts from your workstation, and possibly modify its contents:
 
@@ -112,78 +25,43 @@ The Docker container for the virtualized toolchain will use the following local
 * `~/.kube` - Your Kubernetes client configuration (no modifications)
 * `/tmp` - Your system's temp directory (modifications expected)
 
-## Setting up your development environment
+#### Known issues on macOS
+[Known issues](mac-users.md)
 
-The following steps are required no matter whether you chose to use a virtualized or a local toolchain.
+#### Docker privileges
 
-!!!note "Docker privileges"
-    If you opt in to use the virtualized toolchain, you will need to have the
-    appropriate privileges to interact with the Docker daemon. It is not
-    recommended to work as the root user, and if your user does not have the
-    permissions to talk to the Docker user, but you have `sudo` setup on your
-    system, you can set the environment variable `SUDO` to `sudo` in order to
-    have the build scripts make any calls to the `docker` CLI using sudo,
-    without affecting the other parts of the build scripts (which should be
-    executed with your normal user privileges).
+If you opt in to use the virtualized toolchain, you will need to have the appropriate privileges to interact with the Docker daemon. It is not recommended to work as the root user, and if your user does not have the permissions to talk to the Docker user, but you have `sudo` setup on your system, you can set the environment variable `SUDO` to `sudo` in order to have the build scripts make any calls to the `docker` CLI using sudo, without affecting the other parts of the build scripts (which should be executed with your normal user privileges).
 
-    You can either set this before calling `make`, like so for example:
+You can either set this before calling `make`, like so for example:
 
-    ```
-    SUDO=sudo make sometarget
-    ```
-
-    Or you can opt to export this permanently to your environment, for example
-    ```
-    export SUDO=sudo
-    ```
-
-    If you have podman installed, you can also leverage its rootless mode. In
-    order to use podman for running and testing Argo CD locally, set the
-    `DOCKER` environment variable to `podman` before you run `make`, e.g.
-
-    ```
-    DOCKER=podman make start
-    ```
-
-### Clone the Argo CD repository from your personal fork on GitHub
-
-* `git clone https://github.com/YOUR-USERNAME/argo-cd`
-* `cd argo-cd`
-
-### Optional: Set up an additional Git remote
-
-While everyone has their own Git workflow, the author of this document recommends to create a remote called `upstream` in your local copy pointing to the original Argo CD repository. This way, you can easily keep your local branches up-to-date by merging in latest changes from the Argo CD repository, i.e. by doing a `git pull upstream master` in your locally checked out branch. To create the remote, run `git remote add upstream https://github.com/argoproj/argo-cd`
+```
+SUDO=sudo make sometarget
+```
 
-### Install the must-have requirements
+Or you can opt to export this permanently to your environment, for example
+```
+export SUDO=sudo
+```
 
-Make sure you fulfill the pre-requisites above and run some preliminary tests. Neither of them should report an error.
+#### Using Podman
+In order to use podman for running and testing Argo CD locally, set the `DOCKER` environment variable to `podman` before you run `make`, e.g:
 
-* Run `kubectl version`
-* Run `docker version`
-* Run `go version`
+```
+DOCKER=podman make start
+```
+If you have podman installed, you can leverage its rootless mode.
 
-### Build the required Docker image
+#### Build the required Docker image
 
 Build the required Docker image by running `make test-tools-image`. This image offers the environment of the virtualized toolchain.
 
 The `Dockerfile` used to build these images can be found at `test/container/Dockerfile`.
 
-### Test connection from build container to your K8s cluster
+#### Configure your K8s cluster for connection from the build container
+##### K3d
+K3d is a minimal Kubernetes distribution, in docker. Because it's running in a docker container, you're dealing with docker's internal networking rules when using k3d. A typical Kubernetes cluster running on your local machine is part of the same network that you're on, so you can access it using **kubectl**. However, a Kubernetes cluster running within a docker container (in this case, the one launched by make) cannot access 0.0.0.0 from inside the container itself, when 0.0.0.0 is a network resource outside the container itself (and/or the container's network). This is the cost of a fully self-contained, disposable Kubernetes cluster.
 
-Run `make verify-kube-connect`, it should execute without error.
-
-If you receive an error similar to the following:
-
-```
-The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
-make: *** [Makefile:386: verify-kube-connect] Error 1
-```
-
-you should edit your `~/.kube/config` and modify the `server` option to point to your correct K8s API (as described above).
-
-### Using k3d
-
-[k3d](https://github.com/rancher/k3d) is a lightweight wrapper to run [k3s](https://github.com/rancher/k3s), a minimal Kubernetes distribution, in docker. Because it's running in a docker container, you're dealing with docker's internal networking rules when using k3d. A typical Kubernetes cluster running on your local machine is part of the same network that you're on, so you can access it using **kubectl**. However, a Kubernetes cluster running within a docker container (in this case, the one launched by make) cannot access 0.0.0.0 from inside the container itself, when 0.0.0.0 is a network resource outside the container itself (and/or the container's network). This is the cost of a fully self-contained, disposable Kubernetes cluster. The following steps should help with a successful `make verify-kube-connect` execution.
+The configuration you will need for Argo CD virtualized toolchain:
 
 1. Find your host IP by executing `ifconfig` on Mac/Linux and `ipconfig` on Windows. For most users, the following command works to find the IP address.
 
@@ -203,103 +81,45 @@ you should edit your `~/.kube/config` and modify the `server` option to point to
 
     Keep in mind that this IP is dynamically assigned by the router so if your router restarts for any reason, your IP might change.
 
-2. Edit your ~/.kube/config and replace 0.0.0.0 with the above IP address.
-
-3. Execute a `kubectl version` to make sure you can still connect to the Kubernetes API server via this new IP. Run `make verify-kube-connect` and check if it works.
-
-4. Finally, so that you don't have to keep updating your kube-config whenever you spin up a new k3d cluster, add `--api-port $IP:6550` to your **k3d cluster create** command, where $IP is the value from step 1. An example command is provided here:
-
-```
-k3d cluster create my-cluster --wait --k3s-arg '--disable=traefik@server:*' --api-port $IP:6550 -p 443:443@loadbalancer
-```
-
-!!!note
-    For k3d versions less than v5.0.0, the example command flags `--k3s-arg` and `'--disable=traefik@server:*'` should change to `--k3s-server-arg` and `'--disable=traefik'`, respectively.
-
-## The development cycle
-
-When you have developed and possibly manually tested the code you want to contribute, you should ensure that everything will build correctly. Commit your changes to the local copy of your Git branch and perform the following steps:
-
-### Pull in all build dependencies
-
-As build dependencies change over time, you have to synchronize your development environment with the current specification. In order to pull in all required dependencies, issue:
-
-* `make dep-ui`
-
-Argo CD recently migrated to Go modules. Usually, dependencies will be downloaded on build time, but the Makefile provides two targets to download and vendor all dependencies:
-
-* `make mod-download` will download all required Go modules and
-* `make mod-vendor` will vendor those dependencies into the Argo CD source tree
-
-### Generate API glue code and other assets
-
-Argo CD relies on Google's [Protocol Buffers](https://developers.google.com/protocol-buffers) for its API, and this makes heavy use of auto-generated glue code and stubs. Whenever you touched parts of the API code, you must re-generate the auto generated code.
-
-* Run `make codegen`, this might take a while
-* Check if something has changed by running `git status` or `git diff`
-* Commit any possible changes to your local Git branch, an appropriate commit message would be `Changes from codegen`, for example.
-
-!!!note
-    There are a few non-obvious assets that are auto-generated. You should not change the autogenerated assets, as they will be overwritten by a subsequent run of `make codegen`. Instead, change their source files. Prominent examples of non-obvious auto-generated code are `swagger.json` or the installation manifest YAMLs.
-
-### Build your code and run unit tests
-
-After the code glue has been generated, your code should build and the unit tests should run without any errors. Execute the following statements:
-
-* `make build`
-* `make test`
-
-These steps are non-modifying, so there's no need to check for changes afterward.
-
-### Lint your code base
-
-In order to keep a consistent code style in our source tree, your code must be well-formed in accordance to some widely accepted rules, which are applied by a Linter.
-
-The Linter might make some automatic changes to your code, such as indentation fixes. Some other errors reported by the Linter have to be fixed manually.
+2. Edit your ~/.kube/config and replace 0.0.0.0 with the above IP address, delete the cluster cert and add `insecure-skip-tls-verify: true`
 
-* Run `make lint` and observe any errors reported by the Linter
-* Fix any of the errors reported and commit to your local branch
-* Finally, after the Linter reports no errors anymore, run `git status` or `git diff` to check for any changes made automatically by Lint
-* If there were automatic changes, commit them to your local branch
+3. Execute a `kubectl version` to make sure you can still connect to the Kubernetes API server via this new IP. 
 
-If you touched UI code, you should also run the Yarn linter on it:
+##### Minikube
 
-* Run `make lint-ui`
-* Fix any of the errors reported by it
+By default, minikube will create Kubernetes client configuration that uses authentication data from files. This is incompatible with the virtualized toolchain. So if you intend to use the virtualized toolchain, you have to embed this authentication data into the client configuration. To do so, start minikube using `minikube start --embed-certs`. Please also note that minikube using the Docker driver is currently not supported with the virtualized toolchain, because the Docker driver exposes the API server on 127.0.0.1 hard-coded.
 
-## Contributing to Argo CD UI
+#### Test connection from the build container to your K8s cluster
 
-Argo CD, along with Argo Workflows, uses shared React components from [Argo UI](https://github.com/argoproj/argo-ui). Examples of some of these components include buttons, containers, form controls, 
-and others. Although you can make changes to these files and run them locally, in order to have these changes added to the Argo CD repo, you will need to follow these steps. 
+You can test whether the virtualized toolchain has access to your Kubernetes cluster by running `make verify-kube-connect` which will run `kubectl version` inside the Docker container used for running all tests.
 
-1. Fork and clone the [Argo UI repository](https://github.com/argoproj/argo-ui).
 
-2. `cd` into your `argo-ui` directory, and then run `yarn install`. 
+If you receive an error similar to the following:
 
-3. Make your file changes.
+```
+The connection to the server 127.0.0.1:6443 was refused - did you specify the right host or port?
+make: *** [Makefile:386: verify-kube-connect] Error 1
+```
 
-4. Run `yarn start` to start a [storybook](https://storybook.js.org/) dev server and view the components in your browser. Make sure all your changes work as expected. 
+you should edit your `~/.kube/config` and modify the `server` option to point to your correct K8s API (as described above).
 
-5. Use [yarn link](https://classic.yarnpkg.com/en/docs/cli/link/) to link Argo UI package to your Argo CD repository. (Commands below assume that `argo-ui` and `argo-cd` are both located within the same parent folder)
+### Setting up a local toolchain
 
-    * `cd argo-ui`
-    * `yarn link`
-    * `cd ../argo-cd/ui`
-    * `yarn link argo-ui`
+#### Install `node`
 
-    Once `argo-ui` package has been successfully linked, test out changes in your local development environment. 
+<https://nodejs.org/en/download>
 
-6. Commit changes and open a PR to [Argo UI](https://github.com/argoproj/argo-ui). 
+#### Install `yarn`
 
-7. Once your PR has been merged in Argo UI, `cd` into your `argo-cd/ui` folder and run `yarn add git+https://github.com/argoproj/argo-ui.git`. This will update the commit SHA in the `ui/yarn.lock` file to use the latest master commit for argo-ui. 
+<https://classic.yarnpkg.com/lang/en/docs/install/>
 
-8. Submit changes to `ui/yarn.lock`in a PR to Argo CD. 
+#### Install `goreman`
 
-## Setting up a local toolchain
+<https://github.com/mattn/goreman#getting-started>
 
-For development, you can either use the fully virtualized toolchain provided as Docker images, or you can set up the toolchain on your local development machine. Due to the dynamic nature of requirements, you might want to stay with the virtualized environment.
+Goreman is used to start all needed processes to get a working Argo CD development environment (defined in `Procfile`)
 
-### Install required dependencies and build-tools
+#### Install required dependencies and build-tools
 
 !!!note
     The installations instructions are valid for Linux hosts only. Mac instructions will follow shortly.
@@ -316,36 +136,3 @@ Additionally, you have to install at least the following tools via your OS's pac
 
 * Git LFS plugin
 * GnuPG version 2
-
-### Install Go dependencies
-
-You need to pull in all required Go dependencies. To do so, run
-
-* `make mod-download-local`
-* `make mod-vendor-local`
-
-### Test your build toolchain
-
-The first thing you can do to test whether your build toolchain is set up correctly is by generating the glue code for the API and after that, run a normal build:
-
-* `make codegen-local`
-* `make build-local`
-
-This should return without any error.
-
-### Run unit-tests
-
-The next thing is to make sure that unit tests are running correctly on your system. These will require that all dependencies, such as Helm, Kustomize, Git, GnuPG, etc. are correctly installed and fully functioning:
-
-* `make test-local`
-
-### Run end-to-end tests
-
-The final step is running the End-to-End testsuite, which makes sure that your Kubernetes dependencies are working properly. This will involve starting all the Argo CD components locally on your computer. The end-to-end tests consists of two parts: a server component, and a client component.
-
-* First, start the End-to-End server: `make start-e2e-local`. This will spawn a number of processes and services on your system.
-* When all components have started, run `make test-e2e-local` to run the end-to-end tests against your local services.
-
-To run a single test, you can use `TEST_FLAGS="-run TestName" make test-e2e-local`.
-
-For more information about End-to-End tests, refer to the [End-to-End test documentation](test-e2e.md).
diff --git a/docs/developer-guide/use-gitpod.md b/docs/developer-guide/use-gitpod.md
index ff291dbe012eb..a76e9bb8e30a2 100644
--- a/docs/developer-guide/use-gitpod.md
+++ b/docs/developer-guide/use-gitpod.md
@@ -2,4 +2,4 @@
 
 Gitpod is not currently available for Argo CD development.
 
-See the [Contributors Quickstart](contributors-quickstart.md) guide to set up a minimal development environment.
+See the [Overview](index.md) guide to set up a development environment.
diff --git a/mkdocs.yml b/mkdocs.yml
index c91ff6e1ee15e..d90d0dcebf455 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -204,14 +204,18 @@ nav:
   - Application Specification Reference: user-guide/application-specification.md
 - Developer Guide:
   - developer-guide/index.md
+  - Development Environment: developer-guide/development-environment.md
+  - Development Cycle: developer-guide/development-cycle.md
+  - Submit Your PR: developer-guide/submit-your-pr.md
   - Architecture:
     - developer-guide/architecture/authz-authn.md
     - developer-guide/architecture/components.md
   - Code Contribution Guide: developer-guide/code-contributions.md
   - Toolchain Guide: developer-guide/toolchain-guide.md
-  - developer-guide/contributors-quickstart.md
+  - developer-guide/mac-users.md
   - developer-guide/release-process-and-cadence.md
   - developer-guide/running-locally.md
+  - developer-guide/debugging-locally.md
   - developer-guide/debugging-remote-environment.md
   - developer-guide/api-docs.md
   - developer-guide/test-e2e.md

From 1515c1980abfabfd3620d2a111df5fbedd5fade5 Mon Sep 17 00:00:00 2001
From: pbhatnagar-oss <pbhatifiwork@gmail.com>
Date: Tue, 22 Jul 2025 10:09:07 -0700
Subject: [PATCH 173/383] fix(metrics): grpc prometheus stats missing (#23877)
 (#23838)

Signed-off-by: pbhatnagar-oss <pbhatifiwork@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/metrics.md                       | 5 ++++-
 reposerver/metrics/metrics.go                         | 2 ++
 reposerver/server.go                                  | 4 +---
 server/metrics/metrics.go                             | 2 ++
 server/server.go                                      | 8 +++-----
 test/e2e/{kubectl_metrics_test.go => metrics_test.go} | 2 ++
 6 files changed, 14 insertions(+), 9 deletions(-)
 rename test/e2e/{kubectl_metrics_test.go => metrics_test.go} (94%)

diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md
index 8a28b3b00ddc3..95a87d9b23338 100644
--- a/docs/operator-manual/metrics.md
+++ b/docs/operator-manual/metrics.md
@@ -209,6 +209,7 @@ argocd_cluster_labels{label_environment="production",label_team_name="team3",nam
 
 Metrics about API Server API request and response activity (request totals, response codes, etc...).
 Scraped at the `argocd-server-metrics:8083/metrics` endpoint.
+For GRPC metrics to show up environment variable ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM must be set to true. 
 
 | Metric                                            |   Type    | Description                                                                        
 |---------------------------------------------------|:---------:|---------------------------------------------------------------------------------------------|
@@ -249,9 +250,11 @@ Scraped at the `argocd-server-metrics:8083/metrics` endpoint.
 
 ## Repo Server Metrics
 
-Metrics about the Repo Server.
+Metrics about the Repo Server. The gRPC metrics are not exposed by default.  Metrics can be enabled using
+`ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM=true` environment variable.  
 Scraped at the `argocd-repo-server:8084/metrics` endpoint.
 
+
 | Metric                                  |   Type    | Description                                                               |
 | --------------------------------------- | :-------: | ------------------------------------------------------------------------- |
 | `argocd_git_request_duration_seconds`   | histogram | Git requests duration seconds.                                            |
diff --git a/reposerver/metrics/metrics.go b/reposerver/metrics/metrics.go
index 4fd9cde3ba60a..52c8ac592a7d1 100644
--- a/reposerver/metrics/metrics.go
+++ b/reposerver/metrics/metrics.go
@@ -19,6 +19,7 @@ type MetricsServer struct {
 	repoPendingRequestsGauge *prometheus.GaugeVec
 	redisRequestCounter      *prometheus.CounterVec
 	redisRequestHistogram    *prometheus.HistogramVec
+	PrometheusRegistry       *prometheus.Registry
 }
 
 type GitRequestType string
@@ -108,6 +109,7 @@ func NewMetricsServer() *MetricsServer {
 		repoPendingRequestsGauge: repoPendingRequestsGauge,
 		redisRequestCounter:      redisRequestCounter,
 		redisRequestHistogram:    redisRequestHistogram,
+		PrometheusRegistry:       registry,
 	}
 }
 
diff --git a/reposerver/server.go b/reposerver/server.go
index 0495f518a1ec8..1c0ff668a2dd8 100644
--- a/reposerver/server.go
+++ b/reposerver/server.go
@@ -9,7 +9,6 @@ import (
 	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/logging"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/recovery"
-	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
 	"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
 	"google.golang.org/grpc"
@@ -63,8 +62,7 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach
 		serverMetricsOptions = append(serverMetricsOptions, grpc_prometheus.WithServerHandlingTimeHistogram())
 	}
 	serverMetrics := grpc_prometheus.NewServerMetrics(serverMetricsOptions...)
-	reg := prometheus.NewRegistry()
-	reg.MustRegister(serverMetrics)
+	metricsServer.PrometheusRegistry.MustRegister(serverMetrics)
 
 	serverLog := log.NewEntry(log.StandardLogger())
 	streamInterceptors := []grpc.StreamServerInterceptor{
diff --git a/server/metrics/metrics.go b/server/metrics/metrics.go
index dbae33767893d..95a4213c0f8ea 100644
--- a/server/metrics/metrics.go
+++ b/server/metrics/metrics.go
@@ -21,6 +21,7 @@ type MetricsServer struct {
 	extensionRequestCounter  *prometheus.CounterVec
 	extensionRequestDuration *prometheus.HistogramVec
 	loginRequestCounter      *prometheus.CounterVec
+	PrometheusRegistry       *prometheus.Registry
 }
 
 var (
@@ -102,6 +103,7 @@ func NewMetricsServer(host string, port int) *MetricsServer {
 		extensionRequestCounter:  extensionRequestCounter,
 		extensionRequestDuration: extensionRequestDuration,
 		loginRequestCounter:      loginRequestCounter,
+		PrometheusRegistry:       registry,
 	}
 }
 
diff --git a/server/server.go b/server/server.go
index 63335854e413e..3fb51deabc897 100644
--- a/server/server.go
+++ b/server/server.go
@@ -561,7 +561,6 @@ func (server *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) {
 			server.Shutdown()
 		}
 	}()
-
 	metricsServ := metrics.NewMetricsServer(server.MetricsHost, server.MetricsPort)
 	if server.RedisClient != nil {
 		cacheutil.CollectMetrics(server.RedisClient, metricsServ, server.userStateStorage.GetLockObject())
@@ -576,7 +575,7 @@ func (server *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) {
 		server.sessionMgr.CollectMetrics(metricsServ)
 	}
 	server.serviceSet = svcSet
-	grpcS, appResourceTreeFn := server.newGRPCServer()
+	grpcS, appResourceTreeFn := server.newGRPCServer(metricsServ.PrometheusRegistry)
 	grpcWebS := grpcweb.WrapServer(grpcS)
 	var httpS *http.Server
 	var httpsS *http.Server
@@ -899,14 +898,13 @@ func (server *ArgoCDServer) useTLS() bool {
 	return true
 }
 
-func (server *ArgoCDServer) newGRPCServer() (*grpc.Server, application.AppResourceTreeFn) {
+func (server *ArgoCDServer) newGRPCServer(prometheusRegistry *prometheus.Registry) (*grpc.Server, application.AppResourceTreeFn) {
 	var serverMetricsOptions []grpc_prometheus.ServerMetricsOption
 	if enableGRPCTimeHistogram {
 		serverMetricsOptions = append(serverMetricsOptions, grpc_prometheus.WithServerHandlingTimeHistogram())
 	}
 	serverMetrics := grpc_prometheus.NewServerMetrics(serverMetricsOptions...)
-	reg := prometheus.NewRegistry()
-	reg.MustRegister(serverMetrics)
+	prometheusRegistry.MustRegister(serverMetrics)
 
 	sOpts := []grpc.ServerOption{
 		// Set the both send and receive the bytes limit to be 100MB
diff --git a/test/e2e/kubectl_metrics_test.go b/test/e2e/metrics_test.go
similarity index 94%
rename from test/e2e/kubectl_metrics_test.go
rename to test/e2e/metrics_test.go
index a53605bdf9cca..cd5c4672c2587 100644
--- a/test/e2e/kubectl_metrics_test.go
+++ b/test/e2e/metrics_test.go
@@ -103,4 +103,6 @@ func TestKubectlMetrics(t *testing.T) {
 	assert.Contains(t, string(body), "argocd_kubectl_response_size_bytes", "metrics should have contained argocd_kubectl_response_size_bytes")
 	assert.Contains(t, string(body), "argocd_kubectl_rate_limiter_duration_seconds", "metrics should have contained argocd_kubectl_rate_limiter_duration_seconds")
 	assert.Contains(t, string(body), "argocd_kubectl_requests_total", "metrics should have contained argocd_kubectl_requests_total")
+	assert.Contains(t, string(body), "grpc_server_handled_total", "metrics should have contained grpc_server_handled_total for all the reflected methods")
+	assert.Contains(t, string(body), "grpc_server_msg_received_total", "metrics should have contained grpc_server_msg_received_total for all the reflected methods")
 }

From b48bc9874dd0145db242176b883044a031e4b0e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vicen=C3=A7=20Juan=20Tom=C3=A0s=20Montserrat?=
 <vicenc.monserrat@close.com>
Date: Wed, 23 Jul 2025 15:12:03 +0200
Subject: [PATCH 174/383] chore: add Close to USERS.md (#23904)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Vicenç Juan Tomàs Montserrat <vicenc.monserrat@close.com>
Signed-off-by: Vicens Juan Tomas Monserrat <vicenc.monserrat@close.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 25caf466d901d..83cd4d76066c9 100644
--- a/USERS.md
+++ b/USERS.md
@@ -71,6 +71,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Chime](https://www.chime.com)
 1. [Chronicle Labs](https://chroniclelabs.org)
 1. [Cisco ET&I](https://eti.cisco.com/)
+1. [Close](https://www.close.com/)
 1. [Cloud Posse](https://www.cloudposse.com/)
 1. [Cloud Scale](https://cloudscaleinc.com/)
 1. [CloudScript](https://www.cloudscript.com.br/)

From 425b3234cd8c2bfe066bfdfd424b5814dfb6f21a Mon Sep 17 00:00:00 2001
From: "Alexandre GV." <contact@alexandregv.fr>
Date: Wed, 23 Jul 2025 15:12:27 +0200
Subject: [PATCH 175/383] chore: add 42School to USERS.md (#23893)

Signed-off-by: Alexandre GV. <contact@alexandregv.fr>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 83cd4d76066c9..5868e68da0594 100644
--- a/USERS.md
+++ b/USERS.md
@@ -7,6 +7,7 @@ Currently, the following organizations are **officially** using Argo CD:
 
 1. [127Labs](https://127labs.com/)
 1. [3Rein](https://www.3rein.com/)
+1. [42 School](https://42.fr/)
 1. [4data](https://4data.ch/)
 1. [7shifts](https://www.7shifts.com/)
 1. [Adevinta](https://www.adevinta.com/)

From 0de5839c71434dadb3a00e7e2dd9b772c4f46fa8 Mon Sep 17 00:00:00 2001
From: "Alexandre GV." <contact@alexandregv.fr>
Date: Wed, 23 Jul 2025 15:13:56 +0200
Subject: [PATCH 176/383] docs: fix code block errors in web_based_terminal.md
 (#23892)

Signed-off-by: Alexandre GV. <contact@alexandregv.fr>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/web_based_terminal.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/operator-manual/web_based_terminal.md b/docs/operator-manual/web_based_terminal.md
index 3fc5807586be1..1cf89545dcc5c 100644
--- a/docs/operator-manual/web_based_terminal.md
+++ b/docs/operator-manual/web_based_terminal.md
@@ -38,11 +38,11 @@ to `exec` into pods
         
     - For namespaced Argo
          ```
-         kubectl patch role <argocd-server-role-name> -n argocd - type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]'
+         kubectl patch role <argocd-server-role-name> -n argocd --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]'
          ```
     - For clustered Argo
-         ````
-         kubectl patch clusterrole <argocd-server-clusterrole-name> - type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]'
+         ```
+         kubectl patch clusterrole <argocd-server-clusterrole-name> --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["*"], "resources": ["pods/exec"], "verbs": ["create"]}}]'
          ```
 
 3. Add RBAC rules to allow your users to `create` the `exec` resource i.e. 

From 4b92c37e2a7c90b259420101ed6d3b4e9bb3db23 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 09:14:10 -0400
Subject: [PATCH 177/383] chore(deps): bump library/golang from `14fd8a5` to
 `267159c` in /test/remote (#23898)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/remote/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index 0fa1f483ff9a7..ed6022ef5b10d 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
-FROM docker.io/library/golang:1.24.5@sha256:14fd8a55e59a560704e5fc44970b301d00d344e45d6b914dda228e09f359a088 AS go
+FROM docker.io/library/golang:1.24.5@sha256:267159cb984d1d034fce6e9db8641bf347f80e5f2e913561ea98c40d5051cb67 AS go
 
 RUN go install github.com/mattn/goreman@latest && \
     go install github.com/kisielk/godepgraph@latest

From ba9494f2e2f7d28d362b53c4b75f59e98fa923d9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 09:14:33 -0400
Subject: [PATCH 178/383] chore(deps): bump SonarSource/sonarqube-scan-action
 from 5.2.0 to 5.3.0 (#23897)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 7bff5adfa9231..2c0f1d9a0a716 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -402,7 +402,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
+        uses: SonarSource/sonarqube-scan-action@8c71dc039c2dd71d3821e89a2b58ecc7fee6ced9 # v5.3.0
         if: env.sonar_secret != ''
   test-e2e:
     name: Run end-to-end tests

From 43796ac49615f2675a15553e770f13498d3d65a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 09:14:51 -0400
Subject: [PATCH 179/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.134.0 to 0.137.0 (#23896)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 962111e39550d..83c83bc08f81d 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.134.0
+	gitlab.com/gitlab-org/api/client-go v0.137.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index b17b35514df53..11f921deb276a 100644
--- a/go.sum
+++ b/go.sum
@@ -904,8 +904,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.134.0 h1:J4i6qPN5hRLsqatPxVbe9w2C0A3JEItyCQrzsP52S2k=
-gitlab.com/gitlab-org/api/client-go v0.134.0/go.mod h1:crkp9sCwMQ8gDwuMLgk11sDT336t6U3kESBT0BGsOBo=
+gitlab.com/gitlab-org/api/client-go v0.137.0 h1:H26yL44qnb38Czl20pEINCJrcj63W6/BX8iKPVUKQP0=
+gitlab.com/gitlab-org/api/client-go v0.137.0/go.mod h1:AcAYES3lfkIS4zhso04S/wyUaWQmDYve2Fd9AF7C6qc=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 05064a178dcc0897d5190d4541b930b789d52da3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 23 Jul 2025 09:15:30 -0400
Subject: [PATCH 180/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.109.0 to 2.110.0 (#23895)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 83c83bc08f81d..9455de22d6129 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.0
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.109.0
+	github.com/casbin/casbin/v2 v2.110.0
 	github.com/casbin/govaluate v1.8.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index 11f921deb276a..f2a65b3492684 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.109.0 h1:/Rxcqa8V9t6/mMleX4laRtc/mduA+oYdZr449Rd1lD0=
-github.com/casbin/casbin/v2 v2.109.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.110.0 h1:ltBGXgtm5qKxWXHGQevvzFf92yHXic0GEcAj4t+RuRQ=
+github.com/casbin/casbin/v2 v2.110.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.8.0 h1:1dUaV/I0LFP2tcY1uNQEb6wBCbp8GMTcC/zhwQDWvZo=
 github.com/casbin/govaluate v1.8.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From 5c3f7b4374ce36bcb8f1f9e127dec0d42d07f144 Mon Sep 17 00:00:00 2001
From: Yusuke Abe <moonset20@gmail.com>
Date: Thu, 24 Jul 2025 06:18:27 +0900
Subject: [PATCH 181/383] fix(ui): convert RevisionFormField components to
 functional components (#23813)

Signed-off-by: chansuke <moonset20@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../revision-form-field.tsx                   | 132 +++++++++---------
 1 file changed, 64 insertions(+), 68 deletions(-)

diff --git a/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx b/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx
index f54dccb8ae80b..1e8cc24936fa2 100644
--- a/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx
+++ b/ui/src/app/applications/components/revision-form-field/revision-form-field.tsx
@@ -1,4 +1,5 @@
 import * as React from 'react';
+import {useState} from 'react';
 import {FormApi} from 'react-form';
 
 import {AutocompleteField, DataLoader, DropDownMenu, FormField} from 'argo-ui';
@@ -14,77 +15,72 @@ interface RevisionFormFieldProps {
     repoType?: string;
 }
 
-export class RevisionFormField extends React.PureComponent<RevisionFormFieldProps, {filterType: string}> {
-    constructor(props: RevisionFormFieldProps) {
-        super(props);
-        this.state = {filterType: 'Branches'};
-    }
+export function RevisionFormField(props: RevisionFormFieldProps) {
+    const [filterType, setFilterType] = useState('Branches');
 
-    public setFilter(newValue: string) {
-        this.setState({filterType: newValue});
-    }
+    const setFilter = (newValue: string) => {
+        setFilterType(newValue);
+    };
 
-    public render() {
-        const selectedFilter = this.state.filterType;
-        const extraPadding = this.props.hideLabel ? '0em' : '1.53em';
-        const rowClass = this.props.hideLabel ? '' : ' argo-form-row';
-        return (
-            <div className={'row' + rowClass}>
-                <div className='columns small-10'>
-                    <DataLoader
-                        input={{repoURL: this.props.repoURL, filterType: selectedFilter}}
-                        load={async (src: any): Promise<string[]> => {
-                            if (this.props.repoType === 'oci' && src.repoURL) {
-                                return services.repos
-                                    .ociTags(src.repoURL)
-                                    .then(revisionsRes => ['HEAD'].concat(revisionsRes.tags || []))
-                                    .catch(() => []);
-                            } else if (src.repoURL) {
-                                return services.repos
-                                    .revisions(src.repoURL)
-                                    .then(revisionsRes =>
-                                        ['HEAD']
-                                            .concat(selectedFilter === 'Branches' ? revisionsRes.branches || [] : [])
-                                            .concat(selectedFilter === 'Tags' ? revisionsRes.tags || [] : [])
-                                    )
-                                    .catch(() => []);
-                            }
-                            return [];
-                        }}>
-                        {(revisions: string[]) => (
-                            <FormField
-                                formApi={this.props.formApi}
-                                label={this.props.hideLabel ? undefined : 'Revision'}
-                                field={this.props.fieldValue ? this.props.fieldValue : 'spec.source.targetRevision'}
-                                component={AutocompleteField}
-                                componentProps={{
-                                    items: revisions,
-                                    filterSuggestions: true
-                                }}
-                            />
-                        )}
-                    </DataLoader>
-                    <RevisionHelpIcon type='git' top={this.props.helpIconTop} right='0em' />
-                </div>
-                <div style={{paddingTop: extraPadding}} className='columns small-2'>
-                    {this.props.repoType !== 'oci' && (
-                        <DropDownMenu
-                            anchor={() => (
-                                <p>
-                                    {this.state.filterType} <i className='fa fa-caret-down' />
-                                </p>
-                            )}
-                            qeId='application-create-dropdown-revision'
-                            items={['Branches', 'Tags'].map((type: 'Branches' | 'Tags') => ({
-                                title: type,
-                                action: () => {
-                                    this.setFilter(type);
-                                }
-                            }))}
+    const selectedFilter = filterType;
+    const extraPadding = props.hideLabel ? '0em' : '1.53em';
+    const rowClass = props.hideLabel ? '' : ' argo-form-row';
+    return (
+        <div className={'row' + rowClass}>
+            <div className='columns small-10'>
+                <DataLoader
+                    input={{repoURL: props.repoURL, filterType: selectedFilter}}
+                    load={async (src: any): Promise<string[]> => {
+                        if (props.repoType === 'oci' && src.repoURL) {
+                            return services.repos
+                                .ociTags(src.repoURL)
+                                .then(revisionsRes => ['HEAD'].concat(revisionsRes.tags || []))
+                                .catch(() => []);
+                        } else if (src.repoURL) {
+                            return services.repos
+                                .revisions(src.repoURL)
+                                .then(revisionsRes =>
+                                    ['HEAD']
+                                        .concat(selectedFilter === 'Branches' ? revisionsRes.branches || [] : [])
+                                        .concat(selectedFilter === 'Tags' ? revisionsRes.tags || [] : [])
+                                )
+                                .catch(() => []);
+                        }
+                        return [];
+                    }}>
+                    {(revisions: string[]) => (
+                        <FormField
+                            formApi={props.formApi}
+                            label={props.hideLabel ? undefined : 'Revision'}
+                            field={props.fieldValue ? props.fieldValue : 'spec.source.targetRevision'}
+                            component={AutocompleteField}
+                            componentProps={{
+                                items: revisions,
+                                filterSuggestions: true
+                            }}
                         />
                     )}
-                </div>
+                </DataLoader>
+                <RevisionHelpIcon type='git' top={props.helpIconTop} right='0em' />
+            </div>
+            <div style={{paddingTop: extraPadding}} className='columns small-2'>
+                {props.repoType !== 'oci' && (
+                    <DropDownMenu
+                        anchor={() => (
+                            <p>
+                                {filterType} <i className='fa fa-caret-down' />
+                            </p>
+                        )}
+                        qeId='application-create-dropdown-revision'
+                        items={['Branches', 'Tags'].map((type: 'Branches' | 'Tags') => ({
+                            title: type,
+                            action: () => {
+                                setFilter(type);
+                            }
+                        }))}
+                    />
+                )}
             </div>
-        );
-    }
+        </div>
+    );
 }

From 90aacce7cd6be4a301d377a03d930316052796a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Jul 2025 03:50:40 +0000
Subject: [PATCH 182/383] chore(deps): bump github.com/casbin/govaluate from
 1.8.0 to 1.9.0 (#23913)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9455de22d6129..c76a42a446eda 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
 	github.com/casbin/casbin/v2 v2.110.0
-	github.com/casbin/govaluate v1.8.0
+	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
 	github.com/coreos/go-oidc/v3 v3.14.1
diff --git a/go.sum b/go.sum
index f2a65b3492684..6cc8409a92ced 100644
--- a/go.sum
+++ b/go.sum
@@ -178,8 +178,8 @@ github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVO
 github.com/casbin/casbin/v2 v2.110.0 h1:ltBGXgtm5qKxWXHGQevvzFf92yHXic0GEcAj4t+RuRQ=
 github.com/casbin/casbin/v2 v2.110.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
-github.com/casbin/govaluate v1.8.0 h1:1dUaV/I0LFP2tcY1uNQEb6wBCbp8GMTcC/zhwQDWvZo=
-github.com/casbin/govaluate v1.8.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
+github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
+github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=

From 3c8f39acc89408af0f1604a8a2150dd2623a9ee8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 24 Jul 2025 11:11:40 +0300
Subject: [PATCH 183/383] chore(deps): bump library/golang from `267159c` to
 `ef5b4be` in /test/remote (#23914)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/remote/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index ed6022ef5b10d..06b9fd54a41a6 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
-FROM docker.io/library/golang:1.24.5@sha256:267159cb984d1d034fce6e9db8641bf347f80e5f2e913561ea98c40d5051cb67 AS go
+FROM docker.io/library/golang:1.24.5@sha256:ef5b4be1f94b36c90385abd9b6b4f201723ae28e71acacb76d00687333c17282 AS go
 
 RUN go install github.com/mattn/goreman@latest && \
     go install github.com/kisielk/godepgraph@latest

From e86f13ab3785bf1cd5dd33de0d123cbfedc8d297 Mon Sep 17 00:00:00 2001
From: Ruyut <a@ruyut.com>
Date: Thu, 24 Jul 2025 16:16:09 +0800
Subject: [PATCH 184/383] docs: fix TLS certificate installation guide link
 error (#23908)

Signed-off-by: ruyut <a@ruyut.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/faq.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/faq.md b/docs/faq.md
index be3202eec9b27..210df48a74566 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -190,7 +190,7 @@ argocd ... --grpc-web
 ## Why Am I Getting `x509: certificate signed by unknown authority` When Using The CLI?
 
 The certificate created by default by Argo CD is not automatically recognised by the Argo CD CLI, in order
-to create a secure system you must follow the instructions to [install a certificate](/operator-manual/tls/)
+to create a secure system you must follow the instructions to [install a certificate](operator-manual/tls.md)
 and configure your client OS to trust that certificate.
 
 If you're not running in a production system (e.g. you're testing Argo CD out), try the `--insecure` flag:

From bd0c714e584ab845ed7dc183279ecb3b71551cb6 Mon Sep 17 00:00:00 2001
From: gyu-young-park <44598664+gyu-young-park@users.noreply.github.com>
Date: Thu, 24 Jul 2025 17:35:29 +0900
Subject: [PATCH 185/383] feat(cli): support password prompt input when
 --password is not provided in bcrypt cli (#23906)

Signed-off-by: gyu-young-park <gyoue200125@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/bcrypt.go                 | 15 +++++++----
 cmd/argocd/commands/bcrypt_test.go            | 26 +++++++++++++++++++
 .../commands/argocd_account_bcrypt.md         |  6 +++++
 3 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/cmd/argocd/commands/bcrypt.go b/cmd/argocd/commands/bcrypt.go
index b1e5bcac65f10..168cc0befcb6c 100644
--- a/cmd/argocd/commands/bcrypt.go
+++ b/cmd/argocd/commands/bcrypt.go
@@ -6,6 +6,8 @@ import (
 
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/bcrypt"
+
+	"github.com/argoproj/argo-cd/v3/util/cli"
 )
 
 // NewBcryptCmd represents the bcrypt command
@@ -15,8 +17,15 @@ func NewBcryptCmd() *cobra.Command {
 		Use:   "bcrypt",
 		Short: "Generate bcrypt hash for any password",
 		Example: `# Generate bcrypt hash for any password 
-argocd account bcrypt --password YOUR_PASSWORD`,
+argocd account bcrypt --password YOUR_PASSWORD
+
+# Prompt for password input
+argocd account bcrypt
+
+# Read password from stdin
+echo -e "password" | argocd account bcrypt`,
 		Run: func(cmd *cobra.Command, _ []string) {
+			password = cli.PromptPassword(password)
 			bytePassword := []byte(password)
 			// Hashing the password
 			hash, err := bcrypt.GenerateFromPassword(bytePassword, bcrypt.DefaultCost)
@@ -28,9 +37,5 @@ argocd account bcrypt --password YOUR_PASSWORD`,
 	}
 
 	bcryptCmd.Flags().StringVar(&password, "password", "", "Password for which bcrypt hash is generated")
-	err := bcryptCmd.MarkFlagRequired("password")
-	if err != nil {
-		return nil
-	}
 	return bcryptCmd
 }
diff --git a/cmd/argocd/commands/bcrypt_test.go b/cmd/argocd/commands/bcrypt_test.go
index ec00a73b0dcba..1e5a6a9e951e2 100644
--- a/cmd/argocd/commands/bcrypt_test.go
+++ b/cmd/argocd/commands/bcrypt_test.go
@@ -2,9 +2,11 @@ package commands
 
 import (
 	"bytes"
+	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/bcrypt"
 )
 
@@ -20,3 +22,27 @@ func TestGeneratePassword(t *testing.T) {
 	err = bcrypt.CompareHashAndPassword(output.Bytes(), []byte("abc"))
 	assert.NoError(t, err)
 }
+
+func TestGeneratePasswordWithStdin(t *testing.T) {
+	oldStdin := os.Stdin
+	defer func() {
+		os.Stdin = oldStdin
+	}()
+
+	input := bytes.NewBufferString("abc\n")
+	r, w, _ := os.Pipe()
+	_, _ = w.Write(input.Bytes())
+	w.Close()
+	os.Stdin = r
+
+	bcryptCmd := NewBcryptCmd()
+	bcryptCmd.SetArgs([]string{})
+	output := new(bytes.Buffer)
+	bcryptCmd.SetOut(output)
+
+	err := bcryptCmd.Execute()
+	require.NoError(t, err)
+
+	err = bcrypt.CompareHashAndPassword(output.Bytes(), []byte("abc"))
+	assert.NoError(t, err)
+}
diff --git a/docs/user-guide/commands/argocd_account_bcrypt.md b/docs/user-guide/commands/argocd_account_bcrypt.md
index 301abaac1c125..dd4ac21e11fdc 100644
--- a/docs/user-guide/commands/argocd_account_bcrypt.md
+++ b/docs/user-guide/commands/argocd_account_bcrypt.md
@@ -13,6 +13,12 @@ argocd account bcrypt [flags]
 ```
 # Generate bcrypt hash for any password 
 argocd account bcrypt --password YOUR_PASSWORD
+
+# Prompt for password input
+argocd account bcrypt
+
+# Read password from stdin
+echo -e "password" | argocd account bcrypt
 ```
 
 ### Options

From d7db15daa7ef12e58015328d582a4c370e016250 Mon Sep 17 00:00:00 2001
From: SoMin Park <92261242+somln@users.noreply.github.com>
Date: Thu, 24 Jul 2025 18:20:42 +0900
Subject: [PATCH 186/383] fix(server): preserve webhook secret references on
 server restart (#22588) (#23905)

Signed-off-by: Somin Park <ps4708@naver.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/webhook/webhook.go |  6 ++--
 server/server.go                  | 20 ++++++------
 util/settings/settings.go         | 52 ++++++++++++++++++++++++++-----
 util/settings/settings_test.go    |  2 +-
 util/webhook/webhook.go           | 14 ++++-----
 5 files changed, 65 insertions(+), 29 deletions(-)

diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go
index a12ec95cf57e4..9027b34a5676d 100644
--- a/applicationset/webhook/webhook.go
+++ b/applicationset/webhook/webhook.go
@@ -74,15 +74,15 @@ func NewWebhookHandler(webhookParallelism int, argocdSettingsMgr *argosettings.S
 	if err != nil {
 		return nil, fmt.Errorf("failed to get argocd settings: %w", err)
 	}
-	githubHandler, err := github.New(github.Options.Secret(argocdSettings.WebhookGitHubSecret))
+	githubHandler, err := github.New(github.Options.Secret(argocdSettings.GetWebhookGitHubSecret()))
 	if err != nil {
 		return nil, fmt.Errorf("unable to init GitHub webhook: %w", err)
 	}
-	gitlabHandler, err := gitlab.New(gitlab.Options.Secret(argocdSettings.WebhookGitLabSecret))
+	gitlabHandler, err := gitlab.New(gitlab.Options.Secret(argocdSettings.GetWebhookGitLabSecret()))
 	if err != nil {
 		return nil, fmt.Errorf("unable to init GitLab webhook: %w", err)
 	}
-	azuredevopsHandler, err := azuredevops.New(azuredevops.Options.BasicAuth(argocdSettings.WebhookAzureDevOpsUsername, argocdSettings.WebhookAzureDevOpsPassword))
+	azuredevopsHandler, err := azuredevops.New(azuredevops.Options.BasicAuth(argocdSettings.GetWebhookAzureDevOpsUsername(), argocdSettings.GetWebhookAzureDevOpsPassword()))
 	if err != nil {
 		return nil, fmt.Errorf("unable to init Azure DevOps webhook: %w", err)
 	}
diff --git a/server/server.go b/server/server.go
index 3fb51deabc897..6ca36e453ec77 100644
--- a/server/server.go
+++ b/server/server.go
@@ -794,11 +794,11 @@ func (server *ArgoCDServer) watchSettings() {
 	prevOIDCConfig := server.settings.OIDCConfig()
 	prevDexCfgBytes, err := dexutil.GenerateDexConfigYAML(server.settings, server.DexTLSConfig == nil || server.DexTLSConfig.DisableTLS)
 	errorsutil.CheckError(err)
-	prevGitHubSecret := server.settings.WebhookGitHubSecret
-	prevGitLabSecret := server.settings.WebhookGitLabSecret
-	prevBitbucketUUID := server.settings.WebhookBitbucketUUID
-	prevBitbucketServerSecret := server.settings.WebhookBitbucketServerSecret
-	prevGogsSecret := server.settings.WebhookGogsSecret
+	prevGitHubSecret := server.settings.GetWebhookGitHubSecret()
+	prevGitLabSecret := server.settings.GetWebhookGitLabSecret()
+	prevBitbucketUUID := server.settings.GetWebhookBitbucketUUID()
+	prevBitbucketServerSecret := server.settings.GetWebhookBitbucketServerSecret()
+	prevGogsSecret := server.settings.GetWebhookGogsSecret()
 	prevExtConfig := server.settings.ExtensionConfig
 	var prevCert, prevCertKey string
 	if server.settings.Certificate != nil && !server.Insecure {
@@ -826,23 +826,23 @@ func (server *ArgoCDServer) watchSettings() {
 			log.Infof("additionalURLs modified. restarting")
 			break
 		}
-		if prevGitHubSecret != server.settings.WebhookGitHubSecret {
+		if prevGitHubSecret != server.settings.GetWebhookGitHubSecret() {
 			log.Infof("github secret modified. restarting")
 			break
 		}
-		if prevGitLabSecret != server.settings.WebhookGitLabSecret {
+		if prevGitLabSecret != server.settings.GetWebhookGitLabSecret() {
 			log.Infof("gitlab secret modified. restarting")
 			break
 		}
-		if prevBitbucketUUID != server.settings.WebhookBitbucketUUID {
+		if prevBitbucketUUID != server.settings.GetWebhookBitbucketUUID() {
 			log.Infof("bitbucket uuid modified. restarting")
 			break
 		}
-		if prevBitbucketServerSecret != server.settings.WebhookBitbucketServerSecret {
+		if prevBitbucketServerSecret != server.settings.GetWebhookBitbucketServerSecret() {
 			log.Infof("bitbucket server secret modified. restarting")
 			break
 		}
-		if prevGogsSecret != server.settings.WebhookGogsSecret {
+		if prevGogsSecret != server.settings.GetWebhookGogsSecret() {
 			log.Infof("gogs secret modified. restarting")
 			break
 		}
diff --git a/util/settings/settings.go b/util/settings/settings.go
index f252d9d0613ee..f71ec02b403a4 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -1517,18 +1517,19 @@ func (mgr *SettingsManager) updateSettingsFromSecret(settings *ArgoCDSettings, a
 		secretValues[k] = string(v)
 	}
 	settings.Secrets = secretValues
+
+	settings.WebhookGitHubSecret = string(argoCDSecret.Data[settingsWebhookGitHubSecretKey])
+	settings.WebhookGitLabSecret = string(argoCDSecret.Data[settingsWebhookGitLabSecretKey])
+	settings.WebhookBitbucketUUID = string(argoCDSecret.Data[settingsWebhookBitbucketUUIDKey])
+	settings.WebhookBitbucketServerSecret = string(argoCDSecret.Data[settingsWebhookBitbucketServerSecretKey])
+	settings.WebhookGogsSecret = string(argoCDSecret.Data[settingsWebhookGogsSecretKey])
+	settings.WebhookAzureDevOpsUsername = string(argoCDSecret.Data[settingsWebhookAzureDevOpsUsernameKey])
+	settings.WebhookAzureDevOpsPassword = string(argoCDSecret.Data[settingsWebhookAzureDevOpsPasswordKey])
+
 	if len(errs) > 0 {
 		return errors.Join(errs...)
 	}
 
-	settings.WebhookGitHubSecret = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookGitHubSecretKey]), settings.Secrets)
-	settings.WebhookGitLabSecret = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookGitLabSecretKey]), settings.Secrets)
-	settings.WebhookBitbucketUUID = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookBitbucketUUIDKey]), settings.Secrets)
-	settings.WebhookBitbucketServerSecret = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookBitbucketServerSecretKey]), settings.Secrets)
-	settings.WebhookGogsSecret = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookGogsSecretKey]), settings.Secrets)
-	settings.WebhookAzureDevOpsUsername = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookAzureDevOpsUsernameKey]), settings.Secrets)
-	settings.WebhookAzureDevOpsPassword = ReplaceStringSecret(string(argoCDSecret.Data[settingsWebhookAzureDevOpsPasswordKey]), settings.Secrets)
-
 	return nil
 }
 
@@ -1771,6 +1772,41 @@ func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig {
 	return config.toExported()
 }
 
+// GetWebhookGitHubSecret returns the resolved GitHub webhook secret
+func (a *ArgoCDSettings) GetWebhookGitHubSecret() string {
+	return ReplaceStringSecret(a.WebhookGitHubSecret, a.Secrets)
+}
+
+// GetWebhookGitLabSecret returns the resolved GitLab webhook secret
+func (a *ArgoCDSettings) GetWebhookGitLabSecret() string {
+	return ReplaceStringSecret(a.WebhookGitLabSecret, a.Secrets)
+}
+
+// GetWebhookBitbucketUUID returns the resolved Bitbucket webhook UUID
+func (a *ArgoCDSettings) GetWebhookBitbucketUUID() string {
+	return ReplaceStringSecret(a.WebhookBitbucketUUID, a.Secrets)
+}
+
+// GetWebhookBitbucketServerSecret returns the resolved Bitbucket Server webhook secret
+func (a *ArgoCDSettings) GetWebhookBitbucketServerSecret() string {
+	return ReplaceStringSecret(a.WebhookBitbucketServerSecret, a.Secrets)
+}
+
+// GetWebhookGogsSecret returns the resolved Gogs webhook secret
+func (a *ArgoCDSettings) GetWebhookGogsSecret() string {
+	return ReplaceStringSecret(a.WebhookGogsSecret, a.Secrets)
+}
+
+// GetWebhookAzureDevOpsUsername returns the resolved Azure DevOps webhook username
+func (a *ArgoCDSettings) GetWebhookAzureDevOpsUsername() string {
+	return ReplaceStringSecret(a.WebhookAzureDevOpsUsername, a.Secrets)
+}
+
+// GetWebhookAzureDevOpsPassword returns the resolved Azure DevOps webhook password
+func (a *ArgoCDSettings) GetWebhookAzureDevOpsPassword() string {
+	return ReplaceStringSecret(a.WebhookAzureDevOpsPassword, a.Secrets)
+}
+
 func unmarshalOIDCConfig(configStr string) (oidcConfig, error) {
 	var config oidcConfig
 	err := yaml.Unmarshal([]byte(configStr), &config)
diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go
index 775c1d86b0807..4a4d5d934ba8c 100644
--- a/util/settings/settings_test.go
+++ b/util/settings/settings_test.go
@@ -1394,7 +1394,7 @@ requestedIDTokenClaims: {"groups": {"essential": true}}`,
 
 	settings, err := settingsManager.GetSettings()
 	require.NoError(t, err)
-	assert.Equal(t, "mywebhooksecret", settings.WebhookGitHubSecret)
+	assert.Equal(t, "mywebhooksecret", settings.GetWebhookGitHubSecret())
 
 	oidcConfig := settings.OIDCConfig()
 	assert.Equal(t, "https://dev-123456.oktapreview.com", oidcConfig.Issuer)
diff --git a/util/webhook/webhook.go b/util/webhook/webhook.go
index 93ff42be7f42f..4143f03489243 100644
--- a/util/webhook/webhook.go
+++ b/util/webhook/webhook.go
@@ -73,27 +73,27 @@ type ArgoCDWebhookHandler struct {
 }
 
 func NewHandler(namespace string, applicationNamespaces []string, webhookParallelism int, appClientset appclientset.Interface, set *settings.ArgoCDSettings, settingsSrc settingsSource, repoCache *cache.Cache, serverCache *servercache.Cache, argoDB db.ArgoDB, maxWebhookPayloadSizeB int64) *ArgoCDWebhookHandler {
-	githubWebhook, err := github.New(github.Options.Secret(set.WebhookGitHubSecret))
+	githubWebhook, err := github.New(github.Options.Secret(set.GetWebhookGitHubSecret()))
 	if err != nil {
 		log.Warnf("Unable to init the GitHub webhook")
 	}
-	gitlabWebhook, err := gitlab.New(gitlab.Options.Secret(set.WebhookGitLabSecret))
+	gitlabWebhook, err := gitlab.New(gitlab.Options.Secret(set.GetWebhookGitLabSecret()))
 	if err != nil {
 		log.Warnf("Unable to init the GitLab webhook")
 	}
-	bitbucketWebhook, err := bitbucket.New(bitbucket.Options.UUID(set.WebhookBitbucketUUID))
+	bitbucketWebhook, err := bitbucket.New(bitbucket.Options.UUID(set.GetWebhookBitbucketUUID()))
 	if err != nil {
 		log.Warnf("Unable to init the Bitbucket webhook")
 	}
-	bitbucketserverWebhook, err := bitbucketserver.New(bitbucketserver.Options.Secret(set.WebhookBitbucketServerSecret))
+	bitbucketserverWebhook, err := bitbucketserver.New(bitbucketserver.Options.Secret(set.GetWebhookBitbucketServerSecret()))
 	if err != nil {
 		log.Warnf("Unable to init the Bitbucket Server webhook")
 	}
-	gogsWebhook, err := gogs.New(gogs.Options.Secret(set.WebhookGogsSecret))
+	gogsWebhook, err := gogs.New(gogs.Options.Secret(set.GetWebhookGogsSecret()))
 	if err != nil {
 		log.Warnf("Unable to init the Gogs webhook")
 	}
-	azuredevopsWebhook, err := azuredevops.New(azuredevops.Options.BasicAuth(set.WebhookAzureDevOpsUsername, set.WebhookAzureDevOpsPassword))
+	azuredevopsWebhook, err := azuredevops.New(azuredevops.Options.BasicAuth(set.GetWebhookAzureDevOpsUsername(), set.GetWebhookAzureDevOpsPassword()))
 	if err != nil {
 		log.Warnf("Unable to init the Azure DevOps webhook")
 	}
@@ -209,7 +209,7 @@ func (a *ArgoCDWebhookHandler) affectedRevisionInfo(payloadIf any) (webURLs []st
 		// Get DiffSet only for authenticated webhooks.
 		// when WebhookBitbucketUUID is set in argocd-secret, then the payload must be signed and
 		// signature is validated before payload is parsed.
-		if a.settings.WebhookBitbucketUUID != "" {
+		if a.settings.GetWebhookBitbucketUUID() != "" {
 			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 			defer cancel()
 			argoRepo, err := a.lookupRepository(ctx, webURLs[0])

From 484f15cfdaefc4c65b8afd309e8195c219b182c5 Mon Sep 17 00:00:00 2001
From: daniel-leinov <daniellei@jfrog.com>
Date: Thu, 24 Jul 2025 13:03:55 +0300
Subject: [PATCH 187/383] feat: Add health checks for Coralogix (#23853)

Signed-off-by: Daniel Leinov <daniellei@jfrog.com>
Co-authored-by: Pasha Kostohrys <pasha.kostohrys@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../coralogix.com/Alert/health.lua            | 21 +++++++
 .../coralogix.com/Alert/health_test.yaml      | 16 +++++
 .../Alert/testdata/degraded_alert.yaml        | 58 +++++++++++++++++++
 .../Alert/testdata/healthy_alert.yaml         | 53 +++++++++++++++++
 .../Alert/testdata/progressing_alert.yaml     | 46 +++++++++++++++
 .../RecordingRuleGroupSet/health.lua          | 21 +++++++
 .../RecordingRuleGroupSet/health_test.yaml    | 41 +++++++++++++
 .../testdata/degraded_recording_rule.yaml     | 47 +++++++++++++++
 .../testdata/healthy_recording_rule.yaml      | 21 +++++++
 .../testdata/progressing_recording_rule.yaml  | 13 +++++
 10 files changed, 337 insertions(+)
 create mode 100644 resource_customizations/coralogix.com/Alert/health.lua
 create mode 100644 resource_customizations/coralogix.com/Alert/health_test.yaml
 create mode 100644 resource_customizations/coralogix.com/Alert/testdata/degraded_alert.yaml
 create mode 100644 resource_customizations/coralogix.com/Alert/testdata/healthy_alert.yaml
 create mode 100644 resource_customizations/coralogix.com/Alert/testdata/progressing_alert.yaml
 create mode 100644 resource_customizations/coralogix.com/RecordingRuleGroupSet/health.lua
 create mode 100644 resource_customizations/coralogix.com/RecordingRuleGroupSet/health_test.yaml
 create mode 100644 resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/degraded_recording_rule.yaml
 create mode 100644 resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/healthy_recording_rule.yaml
 create mode 100644 resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/progressing_recording_rule.yaml

diff --git a/resource_customizations/coralogix.com/Alert/health.lua b/resource_customizations/coralogix.com/Alert/health.lua
new file mode 100644
index 0000000000000..6fa2ea308df13
--- /dev/null
+++ b/resource_customizations/coralogix.com/Alert/health.lua
@@ -0,0 +1,21 @@
+hs = {}
+
+hs.status = "Progressing"
+hs.message = "Waiting for status to be updated"
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+    for i, condition in ipairs(obj.status.conditions) do
+    if condition.type == "RemoteSynced" then
+        if condition.status == "True" then
+        hs.status = "Healthy"
+        hs.message = "Resource is ready"
+        return hs
+        elseif condition.status == "False" then
+        hs.status = "Degraded"
+        hs.message = condition.message
+        return hs
+        end
+    end
+    end
+end
+return hs
diff --git a/resource_customizations/coralogix.com/Alert/health_test.yaml b/resource_customizations/coralogix.com/Alert/health_test.yaml
new file mode 100644
index 0000000000000..6bc17b187e286
--- /dev/null
+++ b/resource_customizations/coralogix.com/Alert/health_test.yaml
@@ -0,0 +1,16 @@
+tests:
+- healthStatus:
+    status: Degraded
+    message: "error on extracting alert properties: failed to expand notification
+        group: failed to expand webhooks settings: failed to expand webhook
+        setting: failed to expand integration: failed to convert name to
+        integration ID: webhook critical-alerts-webhook not found"
+  inputPath: testdata/degraded_alert.yaml
+- healthStatus:
+    status: Progressing
+    message: "Waiting for status to be updated"
+  inputPath: testdata/progressing_alert.yaml
+- healthStatus:
+    status: Healthy
+    message: "Resource is ready"
+  inputPath: testdata/healthy_alert.yaml
\ No newline at end of file
diff --git a/resource_customizations/coralogix.com/Alert/testdata/degraded_alert.yaml b/resource_customizations/coralogix.com/Alert/testdata/degraded_alert.yaml
new file mode 100644
index 0000000000000..fd8b32c9a1872
--- /dev/null
+++ b/resource_customizations/coralogix.com/Alert/testdata/degraded_alert.yaml
@@ -0,0 +1,58 @@
+apiVersion: coralogix.com/v1beta1
+kind: Alert
+metadata:
+  name: bitbucketcontainernotrunning-test
+spec:
+  alertType:
+    metricThreshold:
+      metricFilter:
+        promql: >-
+          sum({namespace="bitbucket",pod=~"bitbucket-k8s-.*",condition="false"}) by (pod)
+      missingValues:
+        replaceWithZero: true
+      rules:
+        - condition:
+            conditionType: moreThan
+            forOverPct: 100
+            ofTheLast:
+              specificValue: 5m
+            threshold: 0
+          override:
+            priority: p1
+  description: >-
+    Bitbucket one of the container is not running
+  entityLabels:
+    app: bitbucket
+  name: Bitbucketcontainernotrunning-test
+  notificationGroup:
+    groupByKeys:
+      - pod
+    webhooks:
+      - integration:
+          integrationRef:
+            backendRef:
+              name: opsgenie-example
+        notifyOn: triggeredAndResolved
+        retriggeringPeriod:
+          minutes: 60
+      - integration:
+          integrationRef:
+            backendRef:
+              name: critical-alerts-webhook
+        notifyOn: triggeredAndResolved
+        retriggeringPeriod:
+          minutes: 60
+  priority: p1
+status:
+  conditions:
+    - lastTransitionTime: '2025-07-17T07:39:54Z'
+      message: >-
+        error on extracting alert properties: failed to expand notification
+        group: failed to expand webhooks settings: failed to expand webhook
+        setting: failed to expand integration: failed to convert name to
+        integration ID: webhook critical-alerts-webhook not found
+      observedGeneration: 1
+      reason: RemoteCreationFailed
+      status: 'False'
+      type: RemoteSynced
+
diff --git a/resource_customizations/coralogix.com/Alert/testdata/healthy_alert.yaml b/resource_customizations/coralogix.com/Alert/testdata/healthy_alert.yaml
new file mode 100644
index 0000000000000..74f3f0ca00437
--- /dev/null
+++ b/resource_customizations/coralogix.com/Alert/testdata/healthy_alert.yaml
@@ -0,0 +1,53 @@
+apiVersion: coralogix.com/v1beta1
+kind: Alert
+metadata:
+  name: bitbucketcontainernotrunning-test
+spec:
+  alertType:
+    metricThreshold:
+      metricFilter:
+        promql: >-
+          sum({namespace="bitbucket",pod=~"bitbucket-k8s-.*",condition="false"}) by (pod)
+      missingValues:
+        replaceWithZero: true
+      rules:
+        - condition:
+            conditionType: moreThan
+            forOverPct: 100
+            ofTheLast:
+              specificValue: 5m
+            threshold: 0
+          override:
+            priority: p1
+  description: >-
+    Bitbucket one of the container is not running
+  entityLabels:
+    app: bitbucket
+  name: Bitbucketcontainernotrunning-test
+  notificationGroup:
+    groupByKeys:
+      - pod
+    webhooks:
+      - integration:
+          integrationRef:
+            backendRef:
+              name: opsgenie-example
+        notifyOn: triggeredAndResolved
+        retriggeringPeriod:
+          minutes: 60
+      - integration:
+          integrationRef:
+            backendRef:
+              name: critical-alerts-webhook
+        notifyOn: triggeredAndResolved
+        retriggeringPeriod:
+          minutes: 60
+  priority: p1
+status:
+  conditions:
+    - lastTransitionTime: '2025-07-17T07:39:55Z'
+      message: Remote resource synced
+      observedGeneration: 3
+      reason: RemoteSyncedSuccessfully
+      status: 'True'
+      type: RemoteSynced
diff --git a/resource_customizations/coralogix.com/Alert/testdata/progressing_alert.yaml b/resource_customizations/coralogix.com/Alert/testdata/progressing_alert.yaml
new file mode 100644
index 0000000000000..2ce585636d02e
--- /dev/null
+++ b/resource_customizations/coralogix.com/Alert/testdata/progressing_alert.yaml
@@ -0,0 +1,46 @@
+apiVersion: coralogix.com/v1beta1
+kind: Alert
+metadata:
+  name: bitbucketcontainernotrunning-test
+spec:
+  alertType:
+    metricThreshold:
+      metricFilter:
+        promql: >-
+          sum({namespace="bitbucket",pod=~"bitbucket-k8s-.*",condition="false"}) by (pod)
+      missingValues:
+        replaceWithZero: true
+      rules:
+        - condition:
+            conditionType: moreThan
+            forOverPct: 100
+            ofTheLast:
+              specificValue: 5m
+            threshold: 0
+          override:
+            priority: p1
+  description: >-
+    Bitbucket one of the container is not running
+  entityLabels:
+    app: bitbucket
+  name: Bitbucketcontainernotrunning-test
+  notificationGroup:
+    groupByKeys:
+      - pod
+    webhooks:
+      - integration:
+          integrationRef:
+            backendRef:
+              name: opsgenie-example
+        notifyOn: triggeredAndResolved
+        retriggeringPeriod:
+          minutes: 60
+      - integration:
+          integrationRef:
+            backendRef:
+              name: critical-alerts-webhook
+        notifyOn: triggeredAndResolved
+        retriggeringPeriod:
+          minutes: 60
+  priority: p1
+
diff --git a/resource_customizations/coralogix.com/RecordingRuleGroupSet/health.lua b/resource_customizations/coralogix.com/RecordingRuleGroupSet/health.lua
new file mode 100644
index 0000000000000..6fa2ea308df13
--- /dev/null
+++ b/resource_customizations/coralogix.com/RecordingRuleGroupSet/health.lua
@@ -0,0 +1,21 @@
+hs = {}
+
+hs.status = "Progressing"
+hs.message = "Waiting for status to be updated"
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+    for i, condition in ipairs(obj.status.conditions) do
+    if condition.type == "RemoteSynced" then
+        if condition.status == "True" then
+        hs.status = "Healthy"
+        hs.message = "Resource is ready"
+        return hs
+        elseif condition.status == "False" then
+        hs.status = "Degraded"
+        hs.message = condition.message
+        return hs
+        end
+    end
+    end
+end
+return hs
diff --git a/resource_customizations/coralogix.com/RecordingRuleGroupSet/health_test.yaml b/resource_customizations/coralogix.com/RecordingRuleGroupSet/health_test.yaml
new file mode 100644
index 0000000000000..5507cdc778943
--- /dev/null
+++ b/resource_customizations/coralogix.com/RecordingRuleGroupSet/health_test.yaml
@@ -0,0 +1,41 @@
+tests:
+- healthStatus:
+    status: Degraded
+    message: >-
+      error on creating remote recordingRuleGroupSet: SDK API error from /com.coralogixapis.metrics_rule_manager.v1.RuleGroupSets/Create for feature group recording-rules: rpc error: code = InvalidArgument desc = {
+        "groups": {
+          "0": {
+            "rules": {
+              "0": {
+                "record": [
+                  {
+                    "code": "length",
+                    "message": null,
+                    "params": {
+                      "value": "",
+                      "min": 1
+                    }
+                  },
+                  {
+                    "code": "invalid_promql",
+                    "message": "SingleExpr: unexpected token ; want \"\"(\", \"{\", \"-\", \"+\"\"",
+                    "params": {
+                      "value": ""
+                    }
+                  }
+                ]
+              }
+            }
+          }
+        }
+      }
+
+  inputPath: testdata/degraded_recording_rule.yaml
+- healthStatus:
+    status: Progressing
+    message: "Waiting for status to be updated"
+  inputPath: testdata/progressing_recording_rule.yaml
+- healthStatus:
+    status: Healthy
+    message: "Resource is ready"
+  inputPath: testdata/healthy_recording_rule.yaml
\ No newline at end of file
diff --git a/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/degraded_recording_rule.yaml b/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/degraded_recording_rule.yaml
new file mode 100644
index 0000000000000..c24435837be2f
--- /dev/null
+++ b/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/degraded_recording_rule.yaml
@@ -0,0 +1,47 @@
+apiVersion: coralogix.com/v1alpha1
+kind: RecordingRuleGroupSet
+metadata:
+  name: rules
+spec:
+  groups:
+    - name: k8s_rules
+      rules:
+        - expr: >-
+            sum(rate(container_cpu_usage_seconds_total{job="kubelet",
+            metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]))
+            by (namespace)
+status:
+  conditions:
+  - lastTransitionTime: "2025-07-17T14:41:18Z"
+    message: |-
+      error on creating remote recordingRuleGroupSet: SDK API error from /com.coralogixapis.metrics_rule_manager.v1.RuleGroupSets/Create for feature group recording-rules: rpc error: code = InvalidArgument desc = {
+        "groups": {
+          "0": {
+            "rules": {
+              "0": {
+                "record": [
+                  {
+                    "code": "length",
+                    "message": null,
+                    "params": {
+                      "value": "",
+                      "min": 1
+                    }
+                  },
+                  {
+                    "code": "invalid_promql",
+                    "message": "SingleExpr: unexpected token ; want \"\"(\", \"{\", \"-\", \"+\"\"",
+                    "params": {
+                      "value": ""
+                    }
+                  }
+                ]
+              }
+            }
+          }
+        }
+      }
+    observedGeneration: 1
+    reason: RemoteCreationFailed
+    status: "False"
+    type: RemoteSynced
diff --git a/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/healthy_recording_rule.yaml b/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/healthy_recording_rule.yaml
new file mode 100644
index 0000000000000..843bcc47a6301
--- /dev/null
+++ b/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/healthy_recording_rule.yaml
@@ -0,0 +1,21 @@
+apiVersion: coralogix.com/v1alpha1
+kind: RecordingRuleGroupSet
+metadata:
+  name: rules
+spec:
+  groups:
+    - name: k8s_rules
+      rules:
+        - expr: >-
+            sum(rate(container_cpu_usage_seconds_total{job="kubelet",
+            metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]))
+            by (namespace)
+          record: 'namespace:container_cpu_usage_seconds_total:sum_rate'
+status:
+  conditions:
+    - lastTransitionTime: '2025-05-27T08:49:26Z'
+      message: Remote resource synced
+      observedGeneration: 3
+      reason: RemoteSyncedSuccessfully
+      status: 'True'
+      type: RemoteSynced
\ No newline at end of file
diff --git a/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/progressing_recording_rule.yaml b/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/progressing_recording_rule.yaml
new file mode 100644
index 0000000000000..10e54da3b237c
--- /dev/null
+++ b/resource_customizations/coralogix.com/RecordingRuleGroupSet/testdata/progressing_recording_rule.yaml
@@ -0,0 +1,13 @@
+apiVersion: coralogix.com/v1alpha1
+kind: RecordingRuleGroupSet
+metadata:
+  name: rules
+spec:
+  groups:
+    - name: k8s_rules
+      rules:
+        - expr: >-
+            sum(rate(container_cpu_usage_seconds_total{job="kubelet",
+            metrics_path="/metrics/cadvisor", image!="", container!="POD"}[5m]))
+            by (namespace)
+          record: 'namespace:container_cpu_usage_seconds_total:sum_rate'
\ No newline at end of file

From f1fb8b8fceed4138f0dbf0f0e60708c7de3c9913 Mon Sep 17 00:00:00 2001
From: SoMin Park <92261242+somln@users.noreply.github.com>
Date: Thu, 24 Jul 2025 19:12:25 +0900
Subject: [PATCH 188/383] docs(cli): Add example usage for 'argocd repo rm'
 command (#23833)

Signed-off-by: Somin Park <ps4708@naver.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/repo.go                | 13 +++++++++++++
 docs/user-guide/commands/argocd_repo_rm.md | 18 ++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go
index e138ddcd1c495..3e46ac72eae40 100644
--- a/cmd/argocd/commands/repo.go
+++ b/cmd/argocd/commands/repo.go
@@ -270,6 +270,19 @@ func NewRepoRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command
 	command := &cobra.Command{
 		Use:   "rm REPO ...",
 		Short: "Remove configured repositories",
+		Example: `
+  # Remove a single repository
+  argocd repo rm https://github.com/yourusername/your-repo.git
+
+  # Remove multiple repositories
+  argocd repo rm https://github.com/yourusername/your-repo.git https://git.example.com/repo2.git
+
+  # Remove repositories for a specific project
+  argocd repo rm https://github.com/yourusername/your-repo.git --project myproject
+
+  # Remove repository using SSH URL
+  argocd repo rm git@github.com:yourusername/your-repo.git
+`,
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()
 
diff --git a/docs/user-guide/commands/argocd_repo_rm.md b/docs/user-guide/commands/argocd_repo_rm.md
index 69d29f18a534e..235a5cbff92e4 100644
--- a/docs/user-guide/commands/argocd_repo_rm.md
+++ b/docs/user-guide/commands/argocd_repo_rm.md
@@ -8,6 +8,24 @@ Remove configured repositories
 argocd repo rm REPO ... [flags]
 ```
 
+### Examples
+
+```
+
+  # Remove a single repository
+  argocd repo rm https://github.com/yourusername/your-repo.git
+
+  # Remove multiple repositories
+  argocd repo rm https://github.com/yourusername/your-repo.git https://git.example.com/repo2.git
+
+  # Remove repositories for a specific project
+  argocd repo rm https://github.com/yourusername/your-repo.git --project myproject
+
+  # Remove repository using SSH URL
+  argocd repo rm git@github.com:yourusername/your-repo.git
+
+```
+
 ### Options
 
 ```

From 47a48d442fb6ddbd3873833e706f51832033afff Mon Sep 17 00:00:00 2001
From: Oleksandr Saulyak <oleksandr.saulyak@octopus.com>
Date: Thu, 24 Jul 2025 13:31:02 +0300
Subject: [PATCH 189/383] chore: improving e2e stability (#23587)

Signed-off-by: oleksandr-codefresh <oleksandr.saulyak@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/e2e/app_management_ns_test.go | 1 +
 test/e2e/app_management_test.go    | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go
index f28ede2660c7b..0ce3054cd660c 100644
--- a/test/e2e/app_management_ns_test.go
+++ b/test/e2e/app_management_ns_test.go
@@ -1134,6 +1134,7 @@ func TestNamespacedPermissions(t *testing.T) {
 		}).
 		CreateApp().
 		Sync().
+		Wait().
 		Then().
 		// make sure application resource actiions are successful
 		And(func(app *Application) {
diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go
index 6d4ff14849965..c7b38d5a54918 100644
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@@ -576,6 +576,7 @@ func TestTrackAppStateAndSyncApp(t *testing.T) {
 		When().
 		CreateApp().
 		Sync().
+		Wait().
 		Then().
 		Expect(OperationPhaseIs(OperationSucceeded)).
 		Expect(SyncStatusIs(SyncStatusCodeSynced)).
@@ -1175,6 +1176,7 @@ func TestNewStyleResourceActionPermitted(t *testing.T) {
 		When().
 		CreateApp().
 		Sync().
+		Wait().
 		Then().
 		And(func(app *Application) {
 			closer, client, err := fixture.ArgoCDClientset.NewApplicationClient()
@@ -1287,6 +1289,7 @@ func TestNewStyleResourceActionMixedOk(t *testing.T) {
 		When().
 		CreateApp().
 		Sync().
+		Wait().
 		Then().
 		And(func(app *Application) {
 			closer, client, err := fixture.ArgoCDClientset.NewApplicationClient()

From 40a7c8be7b32194b8c3a24984c4c1e54f59e01dd Mon Sep 17 00:00:00 2001
From: solomon-kibret <solomon.kibret@reddit.com>
Date: Thu, 24 Jul 2025 06:39:22 -0400
Subject: [PATCH 190/383] feat: Adding ExtensionService health-check (#23576)

Signed-off-by: Solomon Kibret <solomon.kibret@gmail.com>
Co-authored-by: Solomon Kibret <solomon.kibret@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../ExtensionService/health.lua               | 27 +++++++++++++++++
 .../ExtensionService/health_test.yaml         | 17 +++++++++++
 .../ExtensionService/testdata/degraded.yaml   | 30 +++++++++++++++++++
 .../ExtensionService/testdata/generation.yaml | 25 ++++++++++++++++
 .../ExtensionService/testdata/healthy.yaml    | 25 ++++++++++++++++
 .../testdata/progressing.yaml                 | 17 +++++++++++
 6 files changed, 141 insertions(+)
 create mode 100644 resource_customizations/projectcontour.io/ExtensionService/health.lua
 create mode 100644 resource_customizations/projectcontour.io/ExtensionService/health_test.yaml
 create mode 100644 resource_customizations/projectcontour.io/ExtensionService/testdata/degraded.yaml
 create mode 100644 resource_customizations/projectcontour.io/ExtensionService/testdata/generation.yaml
 create mode 100644 resource_customizations/projectcontour.io/ExtensionService/testdata/healthy.yaml
 create mode 100644 resource_customizations/projectcontour.io/ExtensionService/testdata/progressing.yaml

diff --git a/resource_customizations/projectcontour.io/ExtensionService/health.lua b/resource_customizations/projectcontour.io/ExtensionService/health.lua
new file mode 100644
index 0000000000000..1a2b105a1b5c8
--- /dev/null
+++ b/resource_customizations/projectcontour.io/ExtensionService/health.lua
@@ -0,0 +1,27 @@
+-- Status reporting information detailed here
+-- ExtensionService status conditions api information here: https://projectcontour.io/docs/v1.18.0/config/api/#projectcontour.io/v1alpha1.ExtensionServiceStatus
+
+hs = {
+  status = "Progressing",
+  message = "Waiting for status",
+}
+
+if obj.status then
+  if obj.status.conditions then
+    for _, cond in ipairs(obj.status.conditions) do
+      if obj.metadata.generation == cond.observedGeneration then -- This must match so that we don't report a resource as healthy even though its status is stale
+        if cond.type == "Valid" and cond.status == "True" then -- Contour will update a single condition, Valid, that is in normal-true polarity.
+          hs.status = "Healthy"
+          hs.message = cond.message
+          return hs
+        elseif cond.type == "Valid" and cond.status == "False" then
+          hs.status = "Degraded"
+          hs.message = cond.message
+          return hs
+        end
+      end
+    end
+  end
+end
+
+return hs
\ No newline at end of file
diff --git a/resource_customizations/projectcontour.io/ExtensionService/health_test.yaml b/resource_customizations/projectcontour.io/ExtensionService/health_test.yaml
new file mode 100644
index 0000000000000..c0827f0ca5e0f
--- /dev/null
+++ b/resource_customizations/projectcontour.io/ExtensionService/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+- healthStatus:
+    status: Healthy
+    message: "Valid ExtensionService"
+  inputPath: testdata/healthy.yaml
+- healthStatus:
+    status: Progressing
+    message: 'Waiting for status'
+  inputPath: testdata/progressing.yaml
+- healthStatus:
+    status: Degraded
+    message: 'At least one error present, see Errors for details'
+  inputPath: testdata/degraded.yaml
+- healthStatus:
+    status: Progressing
+    message: 'Waiting for status'
+  inputPath: testdata/generation.yaml
\ No newline at end of file
diff --git a/resource_customizations/projectcontour.io/ExtensionService/testdata/degraded.yaml b/resource_customizations/projectcontour.io/ExtensionService/testdata/degraded.yaml
new file mode 100644
index 0000000000000..5c920df0129ea
--- /dev/null
+++ b/resource_customizations/projectcontour.io/ExtensionService/testdata/degraded.yaml
@@ -0,0 +1,30 @@
+apiVersion: projectcontour.io/v1alpha1
+kind: ExtensionService
+metadata:
+  generation: 1
+  name: example
+spec:
+  circuitBreakerPolicy:
+    maxConnections: 102400
+    maxPendingRequests: 1024000
+    maxRequests: 102400
+    maxRetries: 102400
+  protocol: h2c
+  services:
+  - name: doesnt-exist
+    port: 9091
+  timeoutPolicy:
+    response: 1s
+status:
+  conditions:
+  - errors:
+      - message: 'Spec.Routes unresolved service reference: service "doesnt-exist" not found'
+        reason: ServiceUnresolvedReference
+        status: "True"
+        type: ServiceError
+    lastTransitionTime: '2024-08-08T16:53:29Z'
+    message: At least one error present, see Errors for details
+    observedGeneration: 1
+    reason: ErrorPresent
+    status: 'False'
+    type: Valid
\ No newline at end of file
diff --git a/resource_customizations/projectcontour.io/ExtensionService/testdata/generation.yaml b/resource_customizations/projectcontour.io/ExtensionService/testdata/generation.yaml
new file mode 100644
index 0000000000000..7d7a983d79c3f
--- /dev/null
+++ b/resource_customizations/projectcontour.io/ExtensionService/testdata/generation.yaml
@@ -0,0 +1,25 @@
+apiVersion: projectcontour.io/v1alpha1
+kind: ExtensionService
+metadata:
+  generation: 2
+  name: example
+spec:
+  circuitBreakerPolicy:
+    maxConnections: 102400
+    maxPendingRequests: 1024000
+    maxRequests: 102400
+    maxRetries: 102400
+  protocol: h2c
+  services:
+  - name: grpc-server
+    port: 9091
+  timeoutPolicy:
+    response: 1s
+status:
+  conditions:
+  - lastTransitionTime: '2024-08-08T16:53:29Z'
+    message: Valid ExtensionService
+    observedGeneration: 1
+    reason: Valid
+    status: 'True'
+    type: Valid
\ No newline at end of file
diff --git a/resource_customizations/projectcontour.io/ExtensionService/testdata/healthy.yaml b/resource_customizations/projectcontour.io/ExtensionService/testdata/healthy.yaml
new file mode 100644
index 0000000000000..b76792a516220
--- /dev/null
+++ b/resource_customizations/projectcontour.io/ExtensionService/testdata/healthy.yaml
@@ -0,0 +1,25 @@
+apiVersion: projectcontour.io/v1alpha1
+kind: ExtensionService
+metadata:
+  generation: 1
+  name: example
+spec:
+  circuitBreakerPolicy:
+    maxConnections: 102400
+    maxPendingRequests: 1024000
+    maxRequests: 102400
+    maxRetries: 102400
+  protocol: h2c
+  services:
+  - name: grpc-server
+    port: 9091
+  timeoutPolicy:
+    response: 1s
+status:
+  conditions:
+  - lastTransitionTime: '2024-08-08T16:53:29Z'
+    message: Valid ExtensionService
+    observedGeneration: 1
+    reason: Valid
+    status: 'True'
+    type: Valid
\ No newline at end of file
diff --git a/resource_customizations/projectcontour.io/ExtensionService/testdata/progressing.yaml b/resource_customizations/projectcontour.io/ExtensionService/testdata/progressing.yaml
new file mode 100644
index 0000000000000..c2c68b382e08a
--- /dev/null
+++ b/resource_customizations/projectcontour.io/ExtensionService/testdata/progressing.yaml
@@ -0,0 +1,17 @@
+apiVersion: projectcontour.io/v1alpha1
+kind: ExtensionService
+metadata:
+  generation: 1
+  name: example
+spec:
+  circuitBreakerPolicy:
+    maxConnections: 102400
+    maxPendingRequests: 1024000
+    maxRequests: 102400
+    maxRetries: 102400
+  protocol: h2c
+  services:
+  - name: grpc-server
+    port: 9091
+  timeoutPolicy:
+    response: 1s
\ No newline at end of file

From f0cd7de092826ed58ee767e401f5b5822b1310a5 Mon Sep 17 00:00:00 2001
From: Xinzhao Xu <z2d@jifangcheng.com>
Date: Thu, 24 Jul 2025 20:20:16 +0800
Subject: [PATCH 191/383] fix: the specified namespace is not taking effect in
 argocd-notifications (#23839)

Signed-off-by: Xinzhao Xu <z2d@jifangcheng.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd-notification/commands/controller.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go
index de29571fab616..778f2d4f7d387 100644
--- a/cmd/argocd-notification/commands/controller.go
+++ b/cmd/argocd-notification/commands/controller.go
@@ -50,7 +50,6 @@ func NewCommand() *cobra.Command {
 	var (
 		clientConfig                   clientcmd.ClientConfig
 		processorsCount                int
-		namespace                      string
 		appLabelSelector               string
 		logLevel                       string
 		logFormat                      string
@@ -178,7 +177,6 @@ func NewCommand() *cobra.Command {
 	clientConfig = addK8SFlagsToCmd(&command)
 	command.Flags().IntVar(&processorsCount, "processors-count", 1, "Processors count.")
 	command.Flags().StringVar(&appLabelSelector, "app-label-selector", "", "App label selector.")
-	command.Flags().StringVar(&namespace, "namespace", "", "Namespace which controller handles. Current namespace if empty.")
 	command.Flags().StringVar(&logLevel, "loglevel", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().StringVar(&logFormat, "logformat", env.StringFromEnv("ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT", "json"), "Set the logging format. One of: json|text")
 	command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port")

From 4ec0b18e401bbd9c44dcecd772460e9762ea3fea Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Thu, 24 Jul 2025 07:26:51 -0700
Subject: [PATCH 192/383] fix(health): undeclared var used in
 ChangeTransferPolicy check (#23912)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../ChangeTransferPolicy/health.lua           | 20 +++++--
 .../ChangeTransferPolicy/health_test.yaml     |  4 ++
 .../testdata/non-successful-environments.yaml | 59 +++++++++++++++++++
 3 files changed, 77 insertions(+), 6 deletions(-)
 create mode 100644 resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/non-successful-environments.yaml

diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua
index 372f324672cae..04fb63bc38419 100644
--- a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health.lua
@@ -98,21 +98,29 @@ end
 
 local pendingCount = 0
 local failureCount = 0
+local successCount = 0
+local pendingKeys = {}
+local failedKeys = {}
 for _, status in ipairs(obj.status.active.commitStatuses or {}) do
     if status.phase == "pending" then
         pendingCount = pendingCount + 1
+        table.insert(pendingKeys, status.key)
+    elseif status.phase == "success" then
+        successCount = successCount + 1
     elseif status.phase == "failure" then
         failureCount = failureCount + 1
+        table.insert(failedKeys, status.key)
     end
 end
 if pendingCount > 0 or failureCount > 0 then
-    local envMessages = {}
-    for branch, counts in pairs(nonSuccessfulEnvironments) do
-        local msg = branch .. " (" .. counts.failure .. " failed, " .. counts.pending .. " pending)"
-        table.insert(envMessages, msg)
-    end
     hs.status = "Healthy"
-    hs.message = "Environment is up-to-date, but there are non-successful commit statuses: " .. table.concat(envMessages, ", ") .. "."
+    hs.message = "Environment is up-to-date, but there are non-successful active commit statuses: " .. pendingCount .. " pending, " .. successCount .. " successful, " .. failureCount .. " failed. "
+    if pendingCount > 0 then
+        hs.message = hs.message .. "Pending commit statuses: " .. table.concat(pendingKeys, ", ") .. ". "
+    end
+    if failureCount > 0 then
+        hs.message = hs.message .. "Failed commit statuses: " .. table.concat(failedKeys, ", ") .. ". "
+    end
     return hs
 end
 
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml
index f28ec4800b9e2..0ea0bdf319418 100644
--- a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/health_test.yaml
@@ -35,3 +35,7 @@ tests:
     status: Healthy
     message: "Environment is up-to-date on commit abc1234."
   inputPath: testdata/all-healthy.yaml
+- healthStatus:
+    status: Healthy
+    message: "Environment is up-to-date, but there are non-successful active commit statuses: 1 pending, 0 successful, 0 failed. Pending commit statuses: argocd-health. "
+  inputPath: testdata/non-successful-environments.yaml
diff --git a/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/non-successful-environments.yaml b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/non-successful-environments.yaml
new file mode 100644
index 0000000000000..5875fa220feff
--- /dev/null
+++ b/resource_customizations/promoter.argoproj.io/ChangeTransferPolicy/testdata/non-successful-environments.yaml
@@ -0,0 +1,59 @@
+apiVersion: promoter.argoproj.io/v1alpha1
+kind: ChangeTransferPolicy
+metadata:
+  annotations:
+    promoter.argoproj.io/reconcile-at: '2025-07-23T15:49:33.901393-05:00'
+  creationTimestamp: '2025-07-07T20:10:43Z'
+  generation: 1
+  labels:
+    promoter.argoproj.io/environment: environments-development
+    promoter.argoproj.io/promotion-strategy: argocon-demo
+  name: argocon-demo-environments-development-eadabead
+  namespace: default
+  ownerReferences:
+    - apiVersion: promoter.argoproj.io/v1alpha1
+      blockOwnerDeletion: true
+      controller: true
+      kind: PromotionStrategy
+      name: argocon-demo
+      uid: a56ec0cc-7e96-4ced-a411-0f1695e84d54
+  resourceVersion: '10886193'
+  uid: 90374a1e-978c-4643-8631-6606d4248be3
+spec:
+  activeBranch: environments/development
+  activeCommitStatuses:
+    - key: argocd-health
+  autoMerge: false
+  gitRepositoryRef:
+    name: argocon-demo
+  proposedBranch: environments/development-next
+status:
+  active:
+    commitStatuses:
+      - key: argocd-health
+        phase: pending
+    dry:
+      repoURL: https://github.com/zachaller/argocon-gitops-promoter-hydrate-demo
+      sha: 7810fcb6e2143b9a85f3f5bb3e02754b48f63c56
+    hydrated:
+      author: argoproj-promoter[bot]
+      body: Promote 7810f to `environments/development`
+      commitTime: '2025-07-18T19:29:44Z'
+      sha: 273279e41e0684bdbe112b28c2ee65cae9123fca
+      subject: 'Merge pull request #791 from zachaller/environments/development-next'
+  conditions:
+    - lastTransitionTime: '2025-07-23T20:49:42Z'
+      message: Reconciliation succeeded
+      observedGeneration: 1
+      reason: ReconciliationSuccess
+      status: 'True'
+      type: Ready
+  proposed:
+    dry:
+      repoURL: https://github.com/zachaller/argocon-gitops-promoter-hydrate-demo
+      sha: 7810fcb6e2143b9a85f3f5bb3e02754b48f63c56
+    hydrated:
+      author: Argo CD
+      commitTime: '2025-07-14T18:11:24Z'
+      sha: 1c0432bb87f80f06fd16377fff184ad80f475313
+      subject: '[Argo CD Bot] hydrate 7810fcb6e2143b9a85f3f5bb3e02754b48f63c56'

From 403fceac9efc1c77ed2a7c6bbfd2d7d12d97c24c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 25 Jul 2025 07:45:04 -0400
Subject: [PATCH 193/383] chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to
 1.6.0 (#23931)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c76a42a446eda..6b35023cec975 100644
--- a/go.mod
+++ b/go.mod
@@ -115,7 +115,7 @@ require (
 	oras.land/oras-go/v2 v2.6.0
 	sigs.k8s.io/controller-runtime v0.21.0
 	sigs.k8s.io/structured-merge-diff/v4 v4.7.0
-	sigs.k8s.io/yaml v1.5.0
+	sigs.k8s.io/yaml v1.6.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 6cc8409a92ced..1d36c7e5b24a8 100644
--- a/go.sum
+++ b/go.sum
@@ -1547,5 +1547,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxg
 sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
-sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ=
-sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4=
+sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
+sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=

From 96a51f9f0cde85f31672f82a13b4351839560812 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 25 Jul 2025 07:45:29 -0400
Subject: [PATCH 194/383] chore(deps): bump library/golang from 1.24.4 to
 1.24.5 in /test/container (#23930)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 1a6aad25f10ff..8b0df5038bc06 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -8,7 +8,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu
 # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version
 FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f35285eaf037ebe627a65a5cdf52 AS node
 
-FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS golang
+FROM docker.io/library/golang:1.24.5@sha256:ef5b4be1f94b36c90385abd9b6b4f201723ae28e71acacb76d00687333c17282 AS golang
 
 FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439b3f7c958c9c2fb941049ea6531d AS registry
 

From 3bde5c8f49aca62d360451be4e1cd58e4cb5aa02 Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Fri, 25 Jul 2025 16:25:58 -0700
Subject: [PATCH 195/383] chore: bump gitops engine + remove IterateHierarchyv1
 (#23924)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/cache/cache.go                | 13 -----
 controller/cache/mocks/LiveStateCache.go | 63 ------------------------
 go.mod                                   |  2 +-
 go.sum                                   |  4 +-
 4 files changed, 3 insertions(+), 79 deletions(-)

diff --git a/controller/cache/cache.go b/controller/cache/cache.go
index 3a87c00c1a67d..985d7b40abeb1 100644
--- a/controller/cache/cache.go
+++ b/controller/cache/cache.go
@@ -137,8 +137,6 @@ type LiveStateCache interface {
 	IsNamespaced(server *appv1.Cluster, gk schema.GroupKind) (bool, error)
 	// Returns synced cluster cache
 	GetClusterCache(server *appv1.Cluster) (clustercache.ClusterCache, error)
-	// Executes give callback against resource specified by the key and all its children
-	IterateHierarchy(server *appv1.Cluster, key kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error
 	// Executes give callback against resources specified by the keys and all its children
 	IterateHierarchyV2(server *appv1.Cluster, keys []kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error
 	// Returns state of live nodes which correspond for target nodes of specified application.
@@ -669,17 +667,6 @@ func (c *liveStateCache) IsNamespaced(server *appv1.Cluster, gk schema.GroupKind
 	return clusterInfo.IsNamespaced(gk)
 }
 
-func (c *liveStateCache) IterateHierarchy(server *appv1.Cluster, key kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error {
-	clusterInfo, err := c.getSyncedCluster(server)
-	if err != nil {
-		return err
-	}
-	clusterInfo.IterateHierarchy(key, func(resource *clustercache.Resource, namespaceResources map[kube.ResourceKey]*clustercache.Resource) bool {
-		return action(asResourceNode(resource), getApp(resource, namespaceResources))
-	})
-	return nil
-}
-
 func (c *liveStateCache) IterateHierarchyV2(server *appv1.Cluster, keys []kube.ResourceKey, action func(child appv1.ResourceNode, appName string) bool) error {
 	clusterInfo, err := c.getSyncedCluster(server)
 	if err != nil {
diff --git a/controller/cache/mocks/LiveStateCache.go b/controller/cache/mocks/LiveStateCache.go
index b03f57dee0861..93b0260ba7dd9 100644
--- a/controller/cache/mocks/LiveStateCache.go
+++ b/controller/cache/mocks/LiveStateCache.go
@@ -471,69 +471,6 @@ func (_c *LiveStateCache_IsNamespaced_Call) RunAndReturn(run func(server *v1alph
 	return _c
 }
 
-// IterateHierarchy provides a mock function for the type LiveStateCache
-func (_mock *LiveStateCache) IterateHierarchy(server *v1alpha1.Cluster, key kube.ResourceKey, action func(child v1alpha1.ResourceNode, appName string) bool) error {
-	ret := _mock.Called(server, key, action)
-
-	if len(ret) == 0 {
-		panic("no return value specified for IterateHierarchy")
-	}
-
-	var r0 error
-	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Cluster, kube.ResourceKey, func(child v1alpha1.ResourceNode, appName string) bool) error); ok {
-		r0 = returnFunc(server, key, action)
-	} else {
-		r0 = ret.Error(0)
-	}
-	return r0
-}
-
-// LiveStateCache_IterateHierarchy_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'IterateHierarchy'
-type LiveStateCache_IterateHierarchy_Call struct {
-	*mock.Call
-}
-
-// IterateHierarchy is a helper method to define mock.On call
-//   - server *v1alpha1.Cluster
-//   - key kube.ResourceKey
-//   - action func(child v1alpha1.ResourceNode, appName string) bool
-func (_e *LiveStateCache_Expecter) IterateHierarchy(server interface{}, key interface{}, action interface{}) *LiveStateCache_IterateHierarchy_Call {
-	return &LiveStateCache_IterateHierarchy_Call{Call: _e.mock.On("IterateHierarchy", server, key, action)}
-}
-
-func (_c *LiveStateCache_IterateHierarchy_Call) Run(run func(server *v1alpha1.Cluster, key kube.ResourceKey, action func(child v1alpha1.ResourceNode, appName string) bool)) *LiveStateCache_IterateHierarchy_Call {
-	_c.Call.Run(func(args mock.Arguments) {
-		var arg0 *v1alpha1.Cluster
-		if args[0] != nil {
-			arg0 = args[0].(*v1alpha1.Cluster)
-		}
-		var arg1 kube.ResourceKey
-		if args[1] != nil {
-			arg1 = args[1].(kube.ResourceKey)
-		}
-		var arg2 func(child v1alpha1.ResourceNode, appName string) bool
-		if args[2] != nil {
-			arg2 = args[2].(func(child v1alpha1.ResourceNode, appName string) bool)
-		}
-		run(
-			arg0,
-			arg1,
-			arg2,
-		)
-	})
-	return _c
-}
-
-func (_c *LiveStateCache_IterateHierarchy_Call) Return(err error) *LiveStateCache_IterateHierarchy_Call {
-	_c.Call.Return(err)
-	return _c
-}
-
-func (_c *LiveStateCache_IterateHierarchy_Call) RunAndReturn(run func(server *v1alpha1.Cluster, key kube.ResourceKey, action func(child v1alpha1.ResourceNode, appName string) bool) error) *LiveStateCache_IterateHierarchy_Call {
-	_c.Call.Return(run)
-	return _c
-}
-
 // IterateHierarchyV2 provides a mock function for the type LiveStateCache
 func (_mock *LiveStateCache) IterateHierarchyV2(server *v1alpha1.Cluster, keys []kube.ResourceKey, action func(child v1alpha1.ResourceNode, appName string) bool) error {
 	ret := _mock.Called(server, keys, action)
diff --git a/go.mod b/go.mod
index 6b35023cec975..afb419ea1c85d 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
-	github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58
+	github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf
 	github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
diff --git a/go.sum b/go.sum
index 1d36c7e5b24a8..66fb09fb23bb6 100644
--- a/go.sum
+++ b/go.sum
@@ -113,8 +113,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
-github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58 h1:9ESamu44v3dR9j/I4/4Aa1Fx3QSIE8ElK1CR8Z285uk=
-github.com/argoproj/gitops-engine v0.7.1-0.20250617174952-093aef0dad58/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
+github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf h1:T6GGt8vYN2aRNnOwdY3DIzMX1AhGIEo+8SNhSlNBdvs=
+github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
 github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872 h1:ADGAdyN9ty0+RmTT/yn+xV9vwkqvLn9O1ccqeP0Zeas=
 github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
 github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM=

From 834cce794cc7b0141e7e4da84168c00cba645aca Mon Sep 17 00:00:00 2001
From: Matthew Clarke <matthewclarke47@gmail.com>
Date: Sat, 26 Jul 2025 18:02:10 -0400
Subject: [PATCH 196/383] fix: helm GetTags cache writing (#23865)

Signed-off-by: Matthew Clarke <mclarke@spotify.com>
Co-authored-by: Linghao Su <linghao.su@daocloud.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/helm/client.go      |  6 ++-
 util/helm/client_test.go | 92 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 1 deletion(-)

diff --git a/util/helm/client.go b/util/helm/client.go
index 44370bef19951..dc0a861a1f297 100644
--- a/util/helm/client.go
+++ b/util/helm/client.go
@@ -496,7 +496,11 @@ func (c *nativeHelmChart) GetTags(chart string, noCache bool) ([]string, error)
 		).Info("took to get tags")
 
 		if c.indexCache != nil {
-			if err := c.indexCache.SetHelmIndex(tagsURL, data); err != nil {
+			cacheData, err := json.Marshal(entries)
+			if err != nil {
+				return nil, fmt.Errorf("failed to encode tags: %w", err)
+			}
+			if err := c.indexCache.SetHelmIndex(tagsURL, cacheData); err != nil {
 				log.Warnf("Failed to store tags list cache for repo: %s: %v", tagsURL, err)
 			}
 		}
diff --git a/util/helm/client_test.go b/util/helm/client_test.go
index 21765b9270c94..95d10f32faf8a 100644
--- a/util/helm/client_test.go
+++ b/util/helm/client_test.go
@@ -481,3 +481,95 @@ func TestGetTagsFromURLEnvironmentAuthentication(t *testing.T) {
 		})
 	}
 }
+
+func TestGetTagsCaching(t *testing.T) {
+	requestCount := 0
+	server := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		requestCount++
+		t.Logf("request %d called %s", requestCount, r.URL.Path)
+
+		responseTags := fakeTagsList{
+			Tags: []string{
+				"1.0.0",
+				"1.1.0",
+				"2.0.0_beta",
+			},
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		require.NoError(t, json.NewEncoder(w).Encode(responseTags))
+	}))
+	t.Cleanup(server.Close)
+
+	serverURL, err := url.Parse(server.URL)
+	require.NoError(t, err)
+
+	t.Run("should cache tags correctly", func(t *testing.T) {
+		cache := &fakeIndexCache{}
+		client := NewClient(serverURL.Host, HelmCreds{
+			InsecureSkipVerify: true,
+		}, true, "", "", WithIndexCache(cache))
+
+		tags1, err := client.GetTags("mychart", false)
+		require.NoError(t, err)
+		assert.ElementsMatch(t, tags1, []string{
+			"1.0.0",
+			"1.1.0",
+			"2.0.0+beta",
+		})
+		assert.Equal(t, 1, requestCount)
+
+		requestCount = 0
+
+		tags2, err := client.GetTags("mychart", false)
+		require.NoError(t, err)
+		assert.ElementsMatch(t, tags2, []string{
+			"1.0.0",
+			"1.1.0",
+			"2.0.0+beta",
+		})
+		assert.Equal(t, 0, requestCount)
+
+		assert.NotEmpty(t, cache.data)
+
+		type entriesStruct struct {
+			Tags []string
+		}
+		var entries entriesStruct
+		err = json.Unmarshal(cache.data, &entries)
+		require.NoError(t, err)
+		assert.ElementsMatch(t, entries.Tags, []string{
+			"1.0.0",
+			"1.1.0",
+			"2.0.0+beta",
+		})
+	})
+
+	t.Run("should bypass cache when noCache is true", func(t *testing.T) {
+		cache := &fakeIndexCache{}
+		client := NewClient(serverURL.Host, HelmCreds{
+			InsecureSkipVerify: true,
+		}, true, "", "", WithIndexCache(cache))
+
+		requestCount = 0
+
+		tags1, err := client.GetTags("mychart", true)
+		require.NoError(t, err)
+		assert.ElementsMatch(t, tags1, []string{
+			"1.0.0",
+			"1.1.0",
+			"2.0.0+beta",
+		})
+		assert.Equal(t, 1, requestCount)
+
+		tags2, err := client.GetTags("mychart", true)
+		require.NoError(t, err)
+		assert.ElementsMatch(t, tags2, []string{
+			"1.0.0",
+			"1.1.0",
+			"2.0.0+beta",
+		})
+		assert.Equal(t, 2, requestCount)
+	})
+}

From e69267645c03a66d5e46f74ed84f62455a896521 Mon Sep 17 00:00:00 2001
From: Regina Voloshin <regina.voloshin@codefresh.io>
Date: Mon, 28 Jul 2025 00:32:07 +0300
Subject: [PATCH 197/383] docs: 3.0 migration - added remediation for
 explicitly syncing apps that use ApplyOutOfSyncOnly=true (#23918)

Signed-off-by: reggie-k <regina.voloshin@codefresh.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/2.14-3.0.md | 23 +++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/docs/operator-manual/upgrading/2.14-3.0.md b/docs/operator-manual/upgrading/2.14-3.0.md
index 9a6f79e1caa84..4d0000a2c31cf 100644
--- a/docs/operator-manual/upgrading/2.14-3.0.md
+++ b/docs/operator-manual/upgrading/2.14-3.0.md
@@ -246,16 +246,36 @@ external code copying tracking labels from one resource to another.
 
 #### Detection
 
-To detect if you are impacted, check the `argocd-cm` ConfigMap for the `application.resourceTrackingMethod` field. If it
+To detect if you are impacted, check the `argocd-cm` ConfigMap for the `application.resourceTrackingMethod` field. If it is
 unset or is set to `label`, you are using label-based tracking. If it is set to `annotation`, you are already using
 annotation-based tracking and are not impacted by this change.
 
 ```sh
 kubectl get cm argocd-cm -n argocd -o jsonpath='{.data.application\.resourceTrackingMethod}'
 ```
+If you are using label-based tracking, it is also important to detect whether you have Applications that use `ApplyOutOfSyncOnly=true` syncOptions, as such Applications are likely to have orphan resources after switching to `annotation` tracking method and need to be synced explicitly right after the upgrade.
+
+To detect whether you have such Applications, run:
+```sh
+kubectl get applications.argoproj.io -A -o json | jq -r '.items[] | select(.spec.syncPolicy.syncOptions[]? == "ApplyOutOfSyncOnly=true") | .metadata.name'
+```
 
 #### Remediation
 
+##### Users with ApplyOutOfSyncOnly=true syncOptions and label-based tracking
+
+For users with label-based tracking and Applications that have `ApplyOutOfSyncOnly=true` syncOptions, an explicit sync has to be run for those Applications after you upgrade.
+Here is an example command, that syncs such an Application, it can be run after you [obtain a token](../../developer-guide/api-docs.md#authorization) to Argo CD API:
+```sh
+curl -X POST -H "Authorization: Bearer $ARGOCD_TOKEN" -H "Content-Type: application/json" -d '{
+    "name": "$YOUR_APP_NAME"
+  }' "http://$YOUR_ARGOCD_URL/api/v1/applications/$YOUR_APP_NAME/sync"
+```
+
+It is also possible to sync such an Applicaton using the UI, with `ApplyOutOfSyncOnly` option unchecked. However, currently, performing a sync without `ApplyOutOfSyncOnly` option is not possible using the CLI.
+
+##### Other users
+
 For most users, it is safe to upgrade to Argo CD 3.0 and use annotation-based tracking. Labels will be replaced with
 annotations on the next sync. Applications will not be marked as out-of-sync if labels are not present on the
 resources.
@@ -268,6 +288,7 @@ resources.
     delete it. To avoid this edge case, it is recommended to perform a sync operation on your Applications, even if
     they are not out of sync, so that orphan resource detection will work as expected on the next sync.
 
+##### Users who rely on label-based for resources that are not managed by Argo CD
 Some users rely on label-based tracking to track resources that are not managed by Argo CD. They may set annotations
 to have Argo CD ignore the resource as extraneous or to disable pruning. If you are using label-based tracking to track
 resources that are not managed by Argo CD, you will need to construct tracking annotations instead of tracking labels

From 9d7db188bdacdae04f5c5b5e147e5effb2d9fd40 Mon Sep 17 00:00:00 2001
From: Xiaopeng Han <hanxiaop8@outlook.com>
Date: Mon, 28 Jul 2025 15:35:50 +0800
Subject: [PATCH 198/383] fix: resource tree endpoint doesn't have missing
 state (#23948)

Signed-off-by: xiaopeng <hanxiaop8@outlook.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go      | 3 +++
 controller/appcontroller_test.go | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index 0a924e3c98a83..1395c540b30ac 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -603,6 +603,9 @@ func (ctrl *ApplicationController) getResourceTree(destCluster *appv1.Cluster, a
 					Group:     managedResource.Group,
 					Namespace: managedResource.Namespace,
 				},
+				Health: &appv1.HealthStatus{
+					Status: health.HealthStatusMissing,
+				},
 			})
 		} else {
 			managedResourcesKeys = append(managedResourcesKeys, kube.GetResourceKey(live))
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index 17a6fa4784eb0..325ef1b56a31d 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -1373,6 +1373,9 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) {
 
 	managedDeploy := v1alpha1.ResourceNode{
 		ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "nginx-deployment", Version: "v1"},
+		Health: &v1alpha1.HealthStatus{
+			Status: health.HealthStatusMissing,
+		},
 	}
 	orphanedDeploy1 := v1alpha1.ResourceNode{
 		ResourceRef: v1alpha1.ResourceRef{Group: "apps", Kind: "Deployment", Namespace: "default", Name: "deploy1"},

From 3ab925fa4ebb194dca548185a5894621d92b54d4 Mon Sep 17 00:00:00 2001
From: Alain <alain.devcs@gmail.com>
Date: Mon, 28 Jul 2025 18:21:36 +0200
Subject: [PATCH 199/383] docs: update USERS.md adding Hotjar (#23971)

Signed-off-by: Alain <alain.devcs@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 5868e68da0594..70060f09b1049 100644
--- a/USERS.md
+++ b/USERS.md
@@ -162,6 +162,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Hiya](https://hiya.com)
 1. [Honestbank](https://honestbank.com)
 1. [Hostinger](https://www.hostinger.com)
+1. [Hotjar](https://www.hotjar.com)
 1. [IABAI](https://www.iab.ai)
 1. [IBM](https://www.ibm.com/)
 1. [Ibotta](https://home.ibotta.com)

From 5702a2d6eb83af4e814c9fb304b65fae430cee5d Mon Sep 17 00:00:00 2001
From: Fernando Carletti <fernandoccarletti@gmail.com>
Date: Mon, 28 Jul 2025 15:42:43 -0300
Subject: [PATCH 200/383] feat: log a warning instead of debug when repository
 webhook does not match an application (#23939)

Signed-off-by: Fernando Carletti <contato@fernandocarletti.net>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/webhook/webhook.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go
index 9027b34a5676d..2bbd055adf4d1 100644
--- a/applicationset/webhook/webhook.go
+++ b/applicationset/webhook/webhook.go
@@ -339,7 +339,7 @@ func genRevisionHasChanged(gen *v1alpha1.GitGenerator, revision string, touchedH
 
 func gitGeneratorUsesURL(gen *v1alpha1.GitGenerator, webURL string, repoRegexp *regexp.Regexp) bool {
 	if !repoRegexp.MatchString(gen.RepoURL) {
-		log.Debugf("%s does not match %s", gen.RepoURL, repoRegexp.String())
+		log.Warnf("%s does not match %s", gen.RepoURL, repoRegexp.String())
 		return false
 	}
 

From c6d74237f97ba345d293199fb4c2b0516436ea7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Jul 2025 15:17:21 -0700
Subject: [PATCH 201/383] chore(deps): bump github.com/bmatcuk/doublestar/v4
 from 4.9.0 to 4.9.1 (#23960)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index afb419ea1c85d..f3433cce8bc56 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
 	github.com/aws/aws-sdk-go v1.55.7
-	github.com/bmatcuk/doublestar/v4 v4.9.0
+	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
 	github.com/casbin/casbin/v2 v2.110.0
diff --git a/go.sum b/go.sum
index 66fb09fb23bb6..d9e351c6c0940 100644
--- a/go.sum
+++ b/go.sum
@@ -164,8 +164,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
-github.com/bmatcuk/doublestar/v4 v4.9.0 h1:DBvuZxjdKkRP/dr4GVV4w2fnmrk5Hxc90T51LZjv0JA=
-github.com/bmatcuk/doublestar/v4 v4.9.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
+github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE=
+github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bombsimon/logrusr/v4 v4.1.0 h1:uZNPbwusB0eUXlO8hIUwStE6Lr5bLN6IgYgG+75kuh4=
 github.com/bombsimon/logrusr/v4 v4.1.0/go.mod h1:pjfHC5e59CvjTBIU3V3sGhFWFAnsnhOR03TRc6im0l8=
 github.com/bradleyfalzon/ghinstallation/v2 v2.16.0 h1:B91r9bHtXp/+XRgS5aZm6ZzTdz3ahgJYmkt4xZkgDz8=

From fcb5dc4ad74ee662b7578a7ea0af53eaf4e8662c Mon Sep 17 00:00:00 2001
From: mikebordon <31316193+mikebordon@users.noreply.github.com>
Date: Mon, 28 Jul 2025 21:28:35 -0500
Subject: [PATCH 202/383] fix(server): Send Azure DevOps token via git extra
 headers (#23478) (#23631)

Signed-off-by: Mike Bordon <mikebordon@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/git/creds.go      | 1 +
 util/git/creds_test.go | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/util/git/creds.go b/util/git/creds.go
index b1103349935a5..0a7640b060458 100644
--- a/util/git/creds.go
+++ b/util/git/creds.go
@@ -710,6 +710,7 @@ func (creds AzureWorkloadIdentityCreds) Environ() (io.Closer, []string, error) {
 	}
 	nonce := creds.store.Add("", token)
 	env := creds.store.Environ(nonce)
+	env = append(env, fmt.Sprintf("%s=Authorization: Bearer %s", bearerAuthHeaderEnv, token))
 
 	return utilio.NewCloser(func() error {
 		creds.store.Remove(nonce)
diff --git a/util/git/creds_test.go b/util/git/creds_test.go
index 36f26e4d99c45..e369edb310283 100644
--- a/util/git/creds_test.go
+++ b/util/git/creds_test.go
@@ -428,7 +428,7 @@ func TestAzureWorkloadIdentityCreds_Environ(t *testing.T) {
 	workloadIdentityMock := new(mocks.TokenProvider)
 	workloadIdentityMock.On("GetToken", azureDevopsEntraResourceId).Return(&workloadidentity.Token{AccessToken: "accessToken", ExpiresOn: time.Now().Add(time.Minute)}, nil)
 	creds := AzureWorkloadIdentityCreds{store, workloadIdentityMock}
-	_, _, err := creds.Environ()
+	_, env, err := creds.Environ()
 	require.NoError(t, err)
 	assert.Len(t, store.creds, 1)
 
@@ -436,6 +436,9 @@ func TestAzureWorkloadIdentityCreds_Environ(t *testing.T) {
 		assert.Empty(t, value.username)
 		assert.Equal(t, "accessToken", value.password)
 	}
+
+	require.Len(t, env, 1)
+	assert.Equal(t, "ARGOCD_GIT_BEARER_AUTH_HEADER=Authorization: Bearer accessToken", env[0], "ARGOCD_GIT_BEARER_AUTH_HEADER env var must be set")
 }
 
 func TestAzureWorkloadIdentityCreds_Environ_cleanup(t *testing.T) {

From 47102824a0f80044ce28e9f9620689d7b268ba11 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jul 2025 05:52:06 -0400
Subject: [PATCH 203/383] chore(deps): bump library/busybox from `f64ff79` to
 `f9a104f` in /test/e2e/multiarch-container (#23980)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/e2e/multiarch-container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile
index ced1c930e6b03..e45936f1f37e1 100644
--- a/test/e2e/multiarch-container/Dockerfile
+++ b/test/e2e/multiarch-container/Dockerfile
@@ -1,2 +1,2 @@
-FROM docker.io/library/busybox@sha256:f64ff79725d0070955b368a4ef8dc729bd8f3d8667823904adcb299fe58fc3da
+FROM docker.io/library/busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f
 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null"

From 5117baeb6bac93a28a33aab2a9c3e29b2e2152f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jul 2025 13:08:08 +0300
Subject: [PATCH 204/383] chore(deps): bump github.com/olekukonko/tablewriter
 from 1.0.8 to 1.0.9 (#23982)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index f3433cce8bc56..c753e26ef7ec3 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/mattn/go-zglob v0.0.6
 	github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.1-0.20241014080628-3045bdf43455
 	github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1
-	github.com/olekukonko/tablewriter v1.0.8
+	github.com/olekukonko/tablewriter v1.0.9
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible
@@ -232,8 +232,8 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/olekukonko/errors v0.0.0-20250405072817-4e6d85265da6 // indirect
-	github.com/olekukonko/ll v0.0.8 // indirect
+	github.com/olekukonko/errors v1.1.0 // indirect
+	github.com/olekukonko/ll v0.0.9 // indirect
 	github.com/opsgenie/opsgenie-go-sdk-v2 v1.2.23 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pjbgf/sha1cd v0.3.2 // indirect
diff --git a/go.sum b/go.sum
index d9e351c6c0940..427bd5d7a4a5d 100644
--- a/go.sum
+++ b/go.sum
@@ -675,13 +675,13 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/errors v0.0.0-20250405072817-4e6d85265da6 h1:r3FaAI0NZK3hSmtTDrBVREhKULp8oUeqLT5Eyl2mSPo=
-github.com/olekukonko/errors v0.0.0-20250405072817-4e6d85265da6/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
-github.com/olekukonko/ll v0.0.8 h1:sbGZ1Fx4QxJXEqL/6IG8GEFnYojUSQ45dJVwN2FH2fc=
-github.com/olekukonko/ll v0.0.8/go.mod h1:En+sEW0JNETl26+K8eZ6/W4UQ7CYSrrgg/EdIYT2H8g=
+github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
+github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
+github.com/olekukonko/ll v0.0.9 h1:Y+1YqDfVkqMWuEQMclsF9HUR5+a82+dxJuL1HHSRpxI=
+github.com/olekukonko/ll v0.0.9/go.mod h1:En+sEW0JNETl26+K8eZ6/W4UQ7CYSrrgg/EdIYT2H8g=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
-github.com/olekukonko/tablewriter v1.0.8 h1:f6wJzHg4QUtJdvrVPKco4QTrAylgaU0+b9br/lJxEiQ=
-github.com/olekukonko/tablewriter v1.0.8/go.mod h1:H428M+HzoUXC6JU2Abj9IT9ooRmdq9CxuDmKMtrOCMs=
+github.com/olekukonko/tablewriter v1.0.9 h1:XGwRsYLC2bY7bNd93Dk51bcPZksWZmLYuaTHR0FqfL8=
+github.com/olekukonko/tablewriter v1.0.9/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo=
 github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852/go.mod h1:eqOVx5Vwu4gd2mmMZvVZsgIqNSaW3xxRThUJ0k/TPk4=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=

From 62c67aadc6a73232324391a180b45bf419d6550f Mon Sep 17 00:00:00 2001
From: Kevin Park <krapi0314@gmail.com>
Date: Tue, 29 Jul 2025 19:10:23 +0900
Subject: [PATCH 205/383] chore: Update PR title guide link in PR checklist
 (#23979)

Signed-off-by: Kevin Park <krapi0314@gmail.com>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/pull_request_template.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index c1a3f42508aaa..25564aef10acd 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -8,7 +8,7 @@ Checklist:
 
 * [ ] Either (a) I've created an [enhancement proposal](https://github.com/argoproj/argo-cd/issues/new/choose) and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
 * [ ] The title of the PR states what changed and the related issues number (used for the release note).
-* [ ] The title of the PR conforms to the [Toolchain Guide](https://argo-cd.readthedocs.io/en/latest/developer-guide/toolchain-guide/#title-of-the-pr)
+* [ ] The title of the PR conforms to the [Title of the PR](https://argo-cd.readthedocs.io/en/latest/developer-guide/submit-your-pr/#title-of-the-pr)
 * [ ] I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
 * [ ] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
 * [ ] Does this PR require documentation updates?

From a951df75b33c0dbe0c3ecdcab813b96187bf92fb Mon Sep 17 00:00:00 2001
From: JulesTriomphe <35426973+JulesTriomphe@users.noreply.github.com>
Date: Tue, 29 Jul 2025 14:34:13 +0200
Subject: [PATCH 206/383] fix: Allow metrics ingress for redis-ha-proxy
 (#23926) (#23928)

Signed-off-by: Jules Triomphe <35426973+JulesTriomphe@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml  | 5 +++++
 manifests/ha/install-with-hydrator.yaml                      | 5 +++++
 manifests/ha/install.yaml                                    | 5 +++++
 manifests/ha/namespace-install-with-hydrator.yaml            | 5 +++++
 manifests/ha/namespace-install.yaml                          | 5 +++++
 5 files changed, 25 insertions(+)

diff --git a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml
index 4b77a5f67858f..053b8e8a4dc93 100644
--- a/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml
+++ b/manifests/ha/base/redis-ha/argocd-redis-ha-proxy-network-policy.yaml
@@ -28,4 +28,9 @@ spec:
       protocol: TCP
     - port: 26379
       protocol: TCP
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: 9101
+      protocol: TCP
 
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 100f7748f39df..8a26184f5bead 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -28379,6 +28379,11 @@ spec:
       protocol: TCP
     - port: 26379
       protocol: TCP
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: 9101
+      protocol: TCP
   podSelector:
     matchLabels:
       app.kubernetes.io/name: argocd-redis-ha-haproxy
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index c622ccd7584fe..533c71065f007 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -28188,6 +28188,11 @@ spec:
       protocol: TCP
     - port: 26379
       protocol: TCP
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: 9101
+      protocol: TCP
   podSelector:
     matchLabels:
       app.kubernetes.io/name: argocd-redis-ha-haproxy
diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml
index d5a2b7e91e043..4d5f1e9dbd9fc 100644
--- a/manifests/ha/namespace-install-with-hydrator.yaml
+++ b/manifests/ha/namespace-install-with-hydrator.yaml
@@ -4168,6 +4168,11 @@ spec:
       protocol: TCP
     - port: 26379
       protocol: TCP
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: 9101
+      protocol: TCP
   podSelector:
     matchLabels:
       app.kubernetes.io/name: argocd-redis-ha-haproxy
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
index 7bd9765662b01..9699d9089bb58 100644
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -3977,6 +3977,11 @@ spec:
       protocol: TCP
     - port: 26379
       protocol: TCP
+  - from:
+    - namespaceSelector: {}
+    ports:
+    - port: 9101
+      protocol: TCP
   podSelector:
     matchLabels:
       app.kubernetes.io/name: argocd-redis-ha-haproxy

From 326e001cfe5cb86a7112598ef0c33858dfc1694c Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 29 Jul 2025 10:29:22 -0400
Subject: [PATCH 207/383] chore: remove ErrApplicationNotAllowedToUseProject
 from API (#23972)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application/v1alpha1/app_project_types.go |   18 -
 pkg/apis/application/v1alpha1/generated.pb.go | 1786 ++++++++---------
 pkg/apis/application/v1alpha1/generated.proto |    3 -
 .../application/v1alpha1/openapi_generated.go |   35 -
 .../v1alpha1/zz_generated.deepcopy.go         |   16 -
 server/application/application.go             |   11 +-
 util/argo/argo.go                             |    2 +-
 util/argo/types.go                            |   21 +
 8 files changed, 860 insertions(+), 1032 deletions(-)
 create mode 100644 util/argo/types.go

diff --git a/pkg/apis/application/v1alpha1/app_project_types.go b/pkg/apis/application/v1alpha1/app_project_types.go
index 097b2600eec84..1a93560ab0356 100644
--- a/pkg/apis/application/v1alpha1/app_project_types.go
+++ b/pkg/apis/application/v1alpha1/app_project_types.go
@@ -24,24 +24,6 @@ const (
 	serviceAccountDisallowedCharSet = "!*[]{}\\/"
 )
 
-type ErrApplicationNotAllowedToUseProject struct {
-	application string
-	namespace   string
-	project     string
-}
-
-func NewErrApplicationNotAllowedToUseProject(application, namespace, project string) error {
-	return &ErrApplicationNotAllowedToUseProject{
-		application: application,
-		namespace:   namespace,
-		project:     project,
-	}
-}
-
-func (err *ErrApplicationNotAllowedToUseProject) Error() string {
-	return fmt.Sprintf("application '%s' in namespace '%s' is not allowed to use project %s", err.application, err.namespace, err.project)
-}
-
 // AppProjectList is list of AppProject resources
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 type AppProjectList struct {
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index 7d8649b00a93b..3b91bfe187e75 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -1805,38 +1805,10 @@ func (m *EnvEntry) XXX_DiscardUnknown() {
 
 var xxx_messageInfo_EnvEntry proto.InternalMessageInfo
 
-func (m *ErrApplicationNotAllowedToUseProject) Reset()      { *m = ErrApplicationNotAllowedToUseProject{} }
-func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {}
-func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{63}
-}
-func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error {
-	return m.Unmarshal(b)
-}
-func (m *ErrApplicationNotAllowedToUseProject) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	b = b[:cap(b)]
-	n, err := m.MarshalToSizedBuffer(b)
-	if err != nil {
-		return nil, err
-	}
-	return b[:n], nil
-}
-func (m *ErrApplicationNotAllowedToUseProject) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ErrApplicationNotAllowedToUseProject.Merge(m, src)
-}
-func (m *ErrApplicationNotAllowedToUseProject) XXX_Size() int {
-	return m.Size()
-}
-func (m *ErrApplicationNotAllowedToUseProject) XXX_DiscardUnknown() {
-	xxx_messageInfo_ErrApplicationNotAllowedToUseProject.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageInfo
-
 func (m *ExecProviderConfig) Reset()      { *m = ExecProviderConfig{} }
 func (*ExecProviderConfig) ProtoMessage() {}
 func (*ExecProviderConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{64}
+	return fileDescriptor_c078c3c476799f44, []int{63}
 }
 func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1864,7 +1836,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo
 func (m *GitDirectoryGeneratorItem) Reset()      { *m = GitDirectoryGeneratorItem{} }
 func (*GitDirectoryGeneratorItem) ProtoMessage() {}
 func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{65}
+	return fileDescriptor_c078c3c476799f44, []int{64}
 }
 func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1892,7 +1864,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo
 func (m *GitFileGeneratorItem) Reset()      { *m = GitFileGeneratorItem{} }
 func (*GitFileGeneratorItem) ProtoMessage() {}
 func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{66}
+	return fileDescriptor_c078c3c476799f44, []int{65}
 }
 func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1920,7 +1892,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo
 func (m *GitGenerator) Reset()      { *m = GitGenerator{} }
 func (*GitGenerator) ProtoMessage() {}
 func (*GitGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{67}
+	return fileDescriptor_c078c3c476799f44, []int{66}
 }
 func (m *GitGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1948,7 +1920,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo
 func (m *GnuPGPublicKey) Reset()      { *m = GnuPGPublicKey{} }
 func (*GnuPGPublicKey) ProtoMessage() {}
 func (*GnuPGPublicKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{68}
+	return fileDescriptor_c078c3c476799f44, []int{67}
 }
 func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -1976,7 +1948,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo
 func (m *GnuPGPublicKeyList) Reset()      { *m = GnuPGPublicKeyList{} }
 func (*GnuPGPublicKeyList) ProtoMessage() {}
 func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{69}
+	return fileDescriptor_c078c3c476799f44, []int{68}
 }
 func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2004,7 +1976,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo
 func (m *HealthStatus) Reset()      { *m = HealthStatus{} }
 func (*HealthStatus) ProtoMessage() {}
 func (*HealthStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{70}
+	return fileDescriptor_c078c3c476799f44, []int{69}
 }
 func (m *HealthStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2032,7 +2004,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo
 func (m *HelmFileParameter) Reset()      { *m = HelmFileParameter{} }
 func (*HelmFileParameter) ProtoMessage() {}
 func (*HelmFileParameter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{71}
+	return fileDescriptor_c078c3c476799f44, []int{70}
 }
 func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2060,7 +2032,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo
 func (m *HelmOptions) Reset()      { *m = HelmOptions{} }
 func (*HelmOptions) ProtoMessage() {}
 func (*HelmOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{72}
+	return fileDescriptor_c078c3c476799f44, []int{71}
 }
 func (m *HelmOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2088,7 +2060,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo
 func (m *HelmParameter) Reset()      { *m = HelmParameter{} }
 func (*HelmParameter) ProtoMessage() {}
 func (*HelmParameter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{73}
+	return fileDescriptor_c078c3c476799f44, []int{72}
 }
 func (m *HelmParameter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2116,7 +2088,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo
 func (m *HostInfo) Reset()      { *m = HostInfo{} }
 func (*HostInfo) ProtoMessage() {}
 func (*HostInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{74}
+	return fileDescriptor_c078c3c476799f44, []int{73}
 }
 func (m *HostInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2144,7 +2116,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo
 func (m *HostResourceInfo) Reset()      { *m = HostResourceInfo{} }
 func (*HostResourceInfo) ProtoMessage() {}
 func (*HostResourceInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{75}
+	return fileDescriptor_c078c3c476799f44, []int{74}
 }
 func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2172,7 +2144,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo
 func (m *HydrateOperation) Reset()      { *m = HydrateOperation{} }
 func (*HydrateOperation) ProtoMessage() {}
 func (*HydrateOperation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{76}
+	return fileDescriptor_c078c3c476799f44, []int{75}
 }
 func (m *HydrateOperation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2200,7 +2172,7 @@ var xxx_messageInfo_HydrateOperation proto.InternalMessageInfo
 func (m *HydrateTo) Reset()      { *m = HydrateTo{} }
 func (*HydrateTo) ProtoMessage() {}
 func (*HydrateTo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{77}
+	return fileDescriptor_c078c3c476799f44, []int{76}
 }
 func (m *HydrateTo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2228,7 +2200,7 @@ var xxx_messageInfo_HydrateTo proto.InternalMessageInfo
 func (m *Info) Reset()      { *m = Info{} }
 func (*Info) ProtoMessage() {}
 func (*Info) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{78}
+	return fileDescriptor_c078c3c476799f44, []int{77}
 }
 func (m *Info) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2256,7 +2228,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo
 func (m *InfoItem) Reset()      { *m = InfoItem{} }
 func (*InfoItem) ProtoMessage() {}
 func (*InfoItem) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{79}
+	return fileDescriptor_c078c3c476799f44, []int{78}
 }
 func (m *InfoItem) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2284,7 +2256,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo
 func (m *JWTToken) Reset()      { *m = JWTToken{} }
 func (*JWTToken) ProtoMessage() {}
 func (*JWTToken) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{80}
+	return fileDescriptor_c078c3c476799f44, []int{79}
 }
 func (m *JWTToken) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2312,7 +2284,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo
 func (m *JWTTokens) Reset()      { *m = JWTTokens{} }
 func (*JWTTokens) ProtoMessage() {}
 func (*JWTTokens) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{81}
+	return fileDescriptor_c078c3c476799f44, []int{80}
 }
 func (m *JWTTokens) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2340,7 +2312,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo
 func (m *JsonnetVar) Reset()      { *m = JsonnetVar{} }
 func (*JsonnetVar) ProtoMessage() {}
 func (*JsonnetVar) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{82}
+	return fileDescriptor_c078c3c476799f44, []int{81}
 }
 func (m *JsonnetVar) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2368,7 +2340,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo
 func (m *KnownTypeField) Reset()      { *m = KnownTypeField{} }
 func (*KnownTypeField) ProtoMessage() {}
 func (*KnownTypeField) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{83}
+	return fileDescriptor_c078c3c476799f44, []int{82}
 }
 func (m *KnownTypeField) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2396,7 +2368,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo
 func (m *KustomizeGvk) Reset()      { *m = KustomizeGvk{} }
 func (*KustomizeGvk) ProtoMessage() {}
 func (*KustomizeGvk) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{84}
+	return fileDescriptor_c078c3c476799f44, []int{83}
 }
 func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2424,7 +2396,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo
 func (m *KustomizeOptions) Reset()      { *m = KustomizeOptions{} }
 func (*KustomizeOptions) ProtoMessage() {}
 func (*KustomizeOptions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{85}
+	return fileDescriptor_c078c3c476799f44, []int{84}
 }
 func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2452,7 +2424,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo
 func (m *KustomizePatch) Reset()      { *m = KustomizePatch{} }
 func (*KustomizePatch) ProtoMessage() {}
 func (*KustomizePatch) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{86}
+	return fileDescriptor_c078c3c476799f44, []int{85}
 }
 func (m *KustomizePatch) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2480,7 +2452,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo
 func (m *KustomizeReplica) Reset()      { *m = KustomizeReplica{} }
 func (*KustomizeReplica) ProtoMessage() {}
 func (*KustomizeReplica) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{87}
+	return fileDescriptor_c078c3c476799f44, []int{86}
 }
 func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2508,7 +2480,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo
 func (m *KustomizeResId) Reset()      { *m = KustomizeResId{} }
 func (*KustomizeResId) ProtoMessage() {}
 func (*KustomizeResId) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{88}
+	return fileDescriptor_c078c3c476799f44, []int{87}
 }
 func (m *KustomizeResId) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2536,7 +2508,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo
 func (m *KustomizeSelector) Reset()      { *m = KustomizeSelector{} }
 func (*KustomizeSelector) ProtoMessage() {}
 func (*KustomizeSelector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{89}
+	return fileDescriptor_c078c3c476799f44, []int{88}
 }
 func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2564,7 +2536,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo
 func (m *KustomizeVersion) Reset()      { *m = KustomizeVersion{} }
 func (*KustomizeVersion) ProtoMessage() {}
 func (*KustomizeVersion) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{90}
+	return fileDescriptor_c078c3c476799f44, []int{89}
 }
 func (m *KustomizeVersion) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2592,7 +2564,7 @@ var xxx_messageInfo_KustomizeVersion proto.InternalMessageInfo
 func (m *ListGenerator) Reset()      { *m = ListGenerator{} }
 func (*ListGenerator) ProtoMessage() {}
 func (*ListGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{91}
+	return fileDescriptor_c078c3c476799f44, []int{90}
 }
 func (m *ListGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2620,7 +2592,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo
 func (m *ManagedNamespaceMetadata) Reset()      { *m = ManagedNamespaceMetadata{} }
 func (*ManagedNamespaceMetadata) ProtoMessage() {}
 func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{92}
+	return fileDescriptor_c078c3c476799f44, []int{91}
 }
 func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2648,7 +2620,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo
 func (m *MatrixGenerator) Reset()      { *m = MatrixGenerator{} }
 func (*MatrixGenerator) ProtoMessage() {}
 func (*MatrixGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{93}
+	return fileDescriptor_c078c3c476799f44, []int{92}
 }
 func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2676,7 +2648,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo
 func (m *MergeGenerator) Reset()      { *m = MergeGenerator{} }
 func (*MergeGenerator) ProtoMessage() {}
 func (*MergeGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{94}
+	return fileDescriptor_c078c3c476799f44, []int{93}
 }
 func (m *MergeGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2704,7 +2676,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo
 func (m *NestedMatrixGenerator) Reset()      { *m = NestedMatrixGenerator{} }
 func (*NestedMatrixGenerator) ProtoMessage() {}
 func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{95}
+	return fileDescriptor_c078c3c476799f44, []int{94}
 }
 func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2732,7 +2704,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo
 func (m *NestedMergeGenerator) Reset()      { *m = NestedMergeGenerator{} }
 func (*NestedMergeGenerator) ProtoMessage() {}
 func (*NestedMergeGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{96}
+	return fileDescriptor_c078c3c476799f44, []int{95}
 }
 func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2760,7 +2732,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo
 func (m *OCIMetadata) Reset()      { *m = OCIMetadata{} }
 func (*OCIMetadata) ProtoMessage() {}
 func (*OCIMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{97}
+	return fileDescriptor_c078c3c476799f44, []int{96}
 }
 func (m *OCIMetadata) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2788,7 +2760,7 @@ var xxx_messageInfo_OCIMetadata proto.InternalMessageInfo
 func (m *Operation) Reset()      { *m = Operation{} }
 func (*Operation) ProtoMessage() {}
 func (*Operation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{98}
+	return fileDescriptor_c078c3c476799f44, []int{97}
 }
 func (m *Operation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2816,7 +2788,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo
 func (m *OperationInitiator) Reset()      { *m = OperationInitiator{} }
 func (*OperationInitiator) ProtoMessage() {}
 func (*OperationInitiator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{99}
+	return fileDescriptor_c078c3c476799f44, []int{98}
 }
 func (m *OperationInitiator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2844,7 +2816,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo
 func (m *OperationState) Reset()      { *m = OperationState{} }
 func (*OperationState) ProtoMessage() {}
 func (*OperationState) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{100}
+	return fileDescriptor_c078c3c476799f44, []int{99}
 }
 func (m *OperationState) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2872,7 +2844,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo
 func (m *OptionalArray) Reset()      { *m = OptionalArray{} }
 func (*OptionalArray) ProtoMessage() {}
 func (*OptionalArray) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{101}
+	return fileDescriptor_c078c3c476799f44, []int{100}
 }
 func (m *OptionalArray) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2900,7 +2872,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo
 func (m *OptionalMap) Reset()      { *m = OptionalMap{} }
 func (*OptionalMap) ProtoMessage() {}
 func (*OptionalMap) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{102}
+	return fileDescriptor_c078c3c476799f44, []int{101}
 }
 func (m *OptionalMap) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2928,7 +2900,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo
 func (m *OrphanedResourceKey) Reset()      { *m = OrphanedResourceKey{} }
 func (*OrphanedResourceKey) ProtoMessage() {}
 func (*OrphanedResourceKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{103}
+	return fileDescriptor_c078c3c476799f44, []int{102}
 }
 func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2956,7 +2928,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo
 func (m *OrphanedResourcesMonitorSettings) Reset()      { *m = OrphanedResourcesMonitorSettings{} }
 func (*OrphanedResourcesMonitorSettings) ProtoMessage() {}
 func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{104}
+	return fileDescriptor_c078c3c476799f44, []int{103}
 }
 func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2984,7 +2956,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo
 func (m *OverrideIgnoreDiff) Reset()      { *m = OverrideIgnoreDiff{} }
 func (*OverrideIgnoreDiff) ProtoMessage() {}
 func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{105}
+	return fileDescriptor_c078c3c476799f44, []int{104}
 }
 func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3012,7 +2984,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo
 func (m *PluginConfigMapRef) Reset()      { *m = PluginConfigMapRef{} }
 func (*PluginConfigMapRef) ProtoMessage() {}
 func (*PluginConfigMapRef) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{106}
+	return fileDescriptor_c078c3c476799f44, []int{105}
 }
 func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3040,7 +3012,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo
 func (m *PluginGenerator) Reset()      { *m = PluginGenerator{} }
 func (*PluginGenerator) ProtoMessage() {}
 func (*PluginGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{107}
+	return fileDescriptor_c078c3c476799f44, []int{106}
 }
 func (m *PluginGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3068,7 +3040,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo
 func (m *PluginInput) Reset()      { *m = PluginInput{} }
 func (*PluginInput) ProtoMessage() {}
 func (*PluginInput) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{108}
+	return fileDescriptor_c078c3c476799f44, []int{107}
 }
 func (m *PluginInput) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3096,7 +3068,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo
 func (m *ProjectRole) Reset()      { *m = ProjectRole{} }
 func (*ProjectRole) ProtoMessage() {}
 func (*ProjectRole) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{109}
+	return fileDescriptor_c078c3c476799f44, []int{108}
 }
 func (m *ProjectRole) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3124,7 +3096,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo
 func (m *PullRequestGenerator) Reset()      { *m = PullRequestGenerator{} }
 func (*PullRequestGenerator) ProtoMessage() {}
 func (*PullRequestGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{110}
+	return fileDescriptor_c078c3c476799f44, []int{109}
 }
 func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3152,7 +3124,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo
 func (m *PullRequestGeneratorAzureDevOps) Reset()      { *m = PullRequestGeneratorAzureDevOps{} }
 func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {}
 func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{111}
+	return fileDescriptor_c078c3c476799f44, []int{110}
 }
 func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3180,7 +3152,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo
 func (m *PullRequestGeneratorBitbucket) Reset()      { *m = PullRequestGeneratorBitbucket{} }
 func (*PullRequestGeneratorBitbucket) ProtoMessage() {}
 func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{112}
+	return fileDescriptor_c078c3c476799f44, []int{111}
 }
 func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3208,7 +3180,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo
 func (m *PullRequestGeneratorBitbucketServer) Reset()      { *m = PullRequestGeneratorBitbucketServer{} }
 func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {}
 func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{113}
+	return fileDescriptor_c078c3c476799f44, []int{112}
 }
 func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3236,7 +3208,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf
 func (m *PullRequestGeneratorFilter) Reset()      { *m = PullRequestGeneratorFilter{} }
 func (*PullRequestGeneratorFilter) ProtoMessage() {}
 func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{114}
+	return fileDescriptor_c078c3c476799f44, []int{113}
 }
 func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3264,7 +3236,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo
 func (m *PullRequestGeneratorGitLab) Reset()      { *m = PullRequestGeneratorGitLab{} }
 func (*PullRequestGeneratorGitLab) ProtoMessage() {}
 func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{115}
+	return fileDescriptor_c078c3c476799f44, []int{114}
 }
 func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3292,7 +3264,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo
 func (m *PullRequestGeneratorGitea) Reset()      { *m = PullRequestGeneratorGitea{} }
 func (*PullRequestGeneratorGitea) ProtoMessage() {}
 func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{116}
+	return fileDescriptor_c078c3c476799f44, []int{115}
 }
 func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3320,7 +3292,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo
 func (m *PullRequestGeneratorGithub) Reset()      { *m = PullRequestGeneratorGithub{} }
 func (*PullRequestGeneratorGithub) ProtoMessage() {}
 func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{117}
+	return fileDescriptor_c078c3c476799f44, []int{116}
 }
 func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3348,7 +3320,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo
 func (m *RefTarget) Reset()      { *m = RefTarget{} }
 func (*RefTarget) ProtoMessage() {}
 func (*RefTarget) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{118}
+	return fileDescriptor_c078c3c476799f44, []int{117}
 }
 func (m *RefTarget) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3376,7 +3348,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo
 func (m *RepoCreds) Reset()      { *m = RepoCreds{} }
 func (*RepoCreds) ProtoMessage() {}
 func (*RepoCreds) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{119}
+	return fileDescriptor_c078c3c476799f44, []int{118}
 }
 func (m *RepoCreds) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3404,7 +3376,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo
 func (m *RepoCredsList) Reset()      { *m = RepoCredsList{} }
 func (*RepoCredsList) ProtoMessage() {}
 func (*RepoCredsList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{120}
+	return fileDescriptor_c078c3c476799f44, []int{119}
 }
 func (m *RepoCredsList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3432,7 +3404,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo
 func (m *Repository) Reset()      { *m = Repository{} }
 func (*Repository) ProtoMessage() {}
 func (*Repository) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{121}
+	return fileDescriptor_c078c3c476799f44, []int{120}
 }
 func (m *Repository) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3460,7 +3432,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo
 func (m *RepositoryCertificate) Reset()      { *m = RepositoryCertificate{} }
 func (*RepositoryCertificate) ProtoMessage() {}
 func (*RepositoryCertificate) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{122}
+	return fileDescriptor_c078c3c476799f44, []int{121}
 }
 func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3488,7 +3460,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo
 func (m *RepositoryCertificateList) Reset()      { *m = RepositoryCertificateList{} }
 func (*RepositoryCertificateList) ProtoMessage() {}
 func (*RepositoryCertificateList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{123}
+	return fileDescriptor_c078c3c476799f44, []int{122}
 }
 func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3516,7 +3488,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo
 func (m *RepositoryList) Reset()      { *m = RepositoryList{} }
 func (*RepositoryList) ProtoMessage() {}
 func (*RepositoryList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{124}
+	return fileDescriptor_c078c3c476799f44, []int{123}
 }
 func (m *RepositoryList) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3544,7 +3516,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo
 func (m *ResourceAction) Reset()      { *m = ResourceAction{} }
 func (*ResourceAction) ProtoMessage() {}
 func (*ResourceAction) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{125}
+	return fileDescriptor_c078c3c476799f44, []int{124}
 }
 func (m *ResourceAction) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3572,7 +3544,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo
 func (m *ResourceActionDefinition) Reset()      { *m = ResourceActionDefinition{} }
 func (*ResourceActionDefinition) ProtoMessage() {}
 func (*ResourceActionDefinition) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{126}
+	return fileDescriptor_c078c3c476799f44, []int{125}
 }
 func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3600,7 +3572,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo
 func (m *ResourceActionParam) Reset()      { *m = ResourceActionParam{} }
 func (*ResourceActionParam) ProtoMessage() {}
 func (*ResourceActionParam) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{127}
+	return fileDescriptor_c078c3c476799f44, []int{126}
 }
 func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3628,7 +3600,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo
 func (m *ResourceActions) Reset()      { *m = ResourceActions{} }
 func (*ResourceActions) ProtoMessage() {}
 func (*ResourceActions) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{128}
+	return fileDescriptor_c078c3c476799f44, []int{127}
 }
 func (m *ResourceActions) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3656,7 +3628,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo
 func (m *ResourceDiff) Reset()      { *m = ResourceDiff{} }
 func (*ResourceDiff) ProtoMessage() {}
 func (*ResourceDiff) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{129}
+	return fileDescriptor_c078c3c476799f44, []int{128}
 }
 func (m *ResourceDiff) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3684,7 +3656,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo
 func (m *ResourceIgnoreDifferences) Reset()      { *m = ResourceIgnoreDifferences{} }
 func (*ResourceIgnoreDifferences) ProtoMessage() {}
 func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{130}
+	return fileDescriptor_c078c3c476799f44, []int{129}
 }
 func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3712,7 +3684,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo
 func (m *ResourceNetworkingInfo) Reset()      { *m = ResourceNetworkingInfo{} }
 func (*ResourceNetworkingInfo) ProtoMessage() {}
 func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{131}
+	return fileDescriptor_c078c3c476799f44, []int{130}
 }
 func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3740,7 +3712,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo
 func (m *ResourceNode) Reset()      { *m = ResourceNode{} }
 func (*ResourceNode) ProtoMessage() {}
 func (*ResourceNode) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{132}
+	return fileDescriptor_c078c3c476799f44, []int{131}
 }
 func (m *ResourceNode) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3768,7 +3740,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo
 func (m *ResourceOverride) Reset()      { *m = ResourceOverride{} }
 func (*ResourceOverride) ProtoMessage() {}
 func (*ResourceOverride) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{133}
+	return fileDescriptor_c078c3c476799f44, []int{132}
 }
 func (m *ResourceOverride) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3796,7 +3768,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo
 func (m *ResourceRef) Reset()      { *m = ResourceRef{} }
 func (*ResourceRef) ProtoMessage() {}
 func (*ResourceRef) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{134}
+	return fileDescriptor_c078c3c476799f44, []int{133}
 }
 func (m *ResourceRef) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3824,7 +3796,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo
 func (m *ResourceResult) Reset()      { *m = ResourceResult{} }
 func (*ResourceResult) ProtoMessage() {}
 func (*ResourceResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{135}
+	return fileDescriptor_c078c3c476799f44, []int{134}
 }
 func (m *ResourceResult) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3852,7 +3824,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo
 func (m *ResourceStatus) Reset()      { *m = ResourceStatus{} }
 func (*ResourceStatus) ProtoMessage() {}
 func (*ResourceStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{136}
+	return fileDescriptor_c078c3c476799f44, []int{135}
 }
 func (m *ResourceStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3880,7 +3852,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo
 func (m *RetryStrategy) Reset()      { *m = RetryStrategy{} }
 func (*RetryStrategy) ProtoMessage() {}
 func (*RetryStrategy) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{137}
+	return fileDescriptor_c078c3c476799f44, []int{136}
 }
 func (m *RetryStrategy) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3908,7 +3880,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo
 func (m *RevisionHistory) Reset()      { *m = RevisionHistory{} }
 func (*RevisionHistory) ProtoMessage() {}
 func (*RevisionHistory) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{138}
+	return fileDescriptor_c078c3c476799f44, []int{137}
 }
 func (m *RevisionHistory) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3936,7 +3908,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo
 func (m *RevisionMetadata) Reset()      { *m = RevisionMetadata{} }
 func (*RevisionMetadata) ProtoMessage() {}
 func (*RevisionMetadata) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{139}
+	return fileDescriptor_c078c3c476799f44, []int{138}
 }
 func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3964,7 +3936,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo
 func (m *RevisionReference) Reset()      { *m = RevisionReference{} }
 func (*RevisionReference) ProtoMessage() {}
 func (*RevisionReference) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{140}
+	return fileDescriptor_c078c3c476799f44, []int{139}
 }
 func (m *RevisionReference) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3992,7 +3964,7 @@ var xxx_messageInfo_RevisionReference proto.InternalMessageInfo
 func (m *SCMProviderGenerator) Reset()      { *m = SCMProviderGenerator{} }
 func (*SCMProviderGenerator) ProtoMessage() {}
 func (*SCMProviderGenerator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{141}
+	return fileDescriptor_c078c3c476799f44, []int{140}
 }
 func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4020,7 +3992,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo
 func (m *SCMProviderGeneratorAWSCodeCommit) Reset()      { *m = SCMProviderGeneratorAWSCodeCommit{} }
 func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {}
 func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{142}
+	return fileDescriptor_c078c3c476799f44, []int{141}
 }
 func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4048,7 +4020,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo
 func (m *SCMProviderGeneratorAzureDevOps) Reset()      { *m = SCMProviderGeneratorAzureDevOps{} }
 func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {}
 func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{143}
+	return fileDescriptor_c078c3c476799f44, []int{142}
 }
 func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4076,7 +4048,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo
 func (m *SCMProviderGeneratorBitbucket) Reset()      { *m = SCMProviderGeneratorBitbucket{} }
 func (*SCMProviderGeneratorBitbucket) ProtoMessage() {}
 func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{144}
+	return fileDescriptor_c078c3c476799f44, []int{143}
 }
 func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4104,7 +4076,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo
 func (m *SCMProviderGeneratorBitbucketServer) Reset()      { *m = SCMProviderGeneratorBitbucketServer{} }
 func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {}
 func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{145}
+	return fileDescriptor_c078c3c476799f44, []int{144}
 }
 func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4132,7 +4104,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf
 func (m *SCMProviderGeneratorFilter) Reset()      { *m = SCMProviderGeneratorFilter{} }
 func (*SCMProviderGeneratorFilter) ProtoMessage() {}
 func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{146}
+	return fileDescriptor_c078c3c476799f44, []int{145}
 }
 func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4160,7 +4132,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo
 func (m *SCMProviderGeneratorGitea) Reset()      { *m = SCMProviderGeneratorGitea{} }
 func (*SCMProviderGeneratorGitea) ProtoMessage() {}
 func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{147}
+	return fileDescriptor_c078c3c476799f44, []int{146}
 }
 func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4188,7 +4160,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo
 func (m *SCMProviderGeneratorGithub) Reset()      { *m = SCMProviderGeneratorGithub{} }
 func (*SCMProviderGeneratorGithub) ProtoMessage() {}
 func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{148}
+	return fileDescriptor_c078c3c476799f44, []int{147}
 }
 func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4216,7 +4188,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo
 func (m *SCMProviderGeneratorGitlab) Reset()      { *m = SCMProviderGeneratorGitlab{} }
 func (*SCMProviderGeneratorGitlab) ProtoMessage() {}
 func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{149}
+	return fileDescriptor_c078c3c476799f44, []int{148}
 }
 func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4244,7 +4216,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo
 func (m *SecretRef) Reset()      { *m = SecretRef{} }
 func (*SecretRef) ProtoMessage() {}
 func (*SecretRef) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{150}
+	return fileDescriptor_c078c3c476799f44, []int{149}
 }
 func (m *SecretRef) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4272,7 +4244,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo
 func (m *SignatureKey) Reset()      { *m = SignatureKey{} }
 func (*SignatureKey) ProtoMessage() {}
 func (*SignatureKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{151}
+	return fileDescriptor_c078c3c476799f44, []int{150}
 }
 func (m *SignatureKey) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4300,7 +4272,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo
 func (m *SourceHydrator) Reset()      { *m = SourceHydrator{} }
 func (*SourceHydrator) ProtoMessage() {}
 func (*SourceHydrator) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{152}
+	return fileDescriptor_c078c3c476799f44, []int{151}
 }
 func (m *SourceHydrator) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4328,7 +4300,7 @@ var xxx_messageInfo_SourceHydrator proto.InternalMessageInfo
 func (m *SourceHydratorStatus) Reset()      { *m = SourceHydratorStatus{} }
 func (*SourceHydratorStatus) ProtoMessage() {}
 func (*SourceHydratorStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{153}
+	return fileDescriptor_c078c3c476799f44, []int{152}
 }
 func (m *SourceHydratorStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4356,7 +4328,7 @@ var xxx_messageInfo_SourceHydratorStatus proto.InternalMessageInfo
 func (m *SuccessfulHydrateOperation) Reset()      { *m = SuccessfulHydrateOperation{} }
 func (*SuccessfulHydrateOperation) ProtoMessage() {}
 func (*SuccessfulHydrateOperation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{154}
+	return fileDescriptor_c078c3c476799f44, []int{153}
 }
 func (m *SuccessfulHydrateOperation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4384,7 +4356,7 @@ var xxx_messageInfo_SuccessfulHydrateOperation proto.InternalMessageInfo
 func (m *SyncOperation) Reset()      { *m = SyncOperation{} }
 func (*SyncOperation) ProtoMessage() {}
 func (*SyncOperation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{155}
+	return fileDescriptor_c078c3c476799f44, []int{154}
 }
 func (m *SyncOperation) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4412,7 +4384,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo
 func (m *SyncOperationResource) Reset()      { *m = SyncOperationResource{} }
 func (*SyncOperationResource) ProtoMessage() {}
 func (*SyncOperationResource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{156}
+	return fileDescriptor_c078c3c476799f44, []int{155}
 }
 func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4440,7 +4412,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo
 func (m *SyncOperationResult) Reset()      { *m = SyncOperationResult{} }
 func (*SyncOperationResult) ProtoMessage() {}
 func (*SyncOperationResult) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{157}
+	return fileDescriptor_c078c3c476799f44, []int{156}
 }
 func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4468,7 +4440,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo
 func (m *SyncPolicy) Reset()      { *m = SyncPolicy{} }
 func (*SyncPolicy) ProtoMessage() {}
 func (*SyncPolicy) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{158}
+	return fileDescriptor_c078c3c476799f44, []int{157}
 }
 func (m *SyncPolicy) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4496,7 +4468,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo
 func (m *SyncPolicyAutomated) Reset()      { *m = SyncPolicyAutomated{} }
 func (*SyncPolicyAutomated) ProtoMessage() {}
 func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{159}
+	return fileDescriptor_c078c3c476799f44, []int{158}
 }
 func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4524,7 +4496,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo
 func (m *SyncSource) Reset()      { *m = SyncSource{} }
 func (*SyncSource) ProtoMessage() {}
 func (*SyncSource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{160}
+	return fileDescriptor_c078c3c476799f44, []int{159}
 }
 func (m *SyncSource) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4552,7 +4524,7 @@ var xxx_messageInfo_SyncSource proto.InternalMessageInfo
 func (m *SyncStatus) Reset()      { *m = SyncStatus{} }
 func (*SyncStatus) ProtoMessage() {}
 func (*SyncStatus) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{161}
+	return fileDescriptor_c078c3c476799f44, []int{160}
 }
 func (m *SyncStatus) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4580,7 +4552,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo
 func (m *SyncStrategy) Reset()      { *m = SyncStrategy{} }
 func (*SyncStrategy) ProtoMessage() {}
 func (*SyncStrategy) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{162}
+	return fileDescriptor_c078c3c476799f44, []int{161}
 }
 func (m *SyncStrategy) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4608,7 +4580,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo
 func (m *SyncStrategyApply) Reset()      { *m = SyncStrategyApply{} }
 func (*SyncStrategyApply) ProtoMessage() {}
 func (*SyncStrategyApply) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{163}
+	return fileDescriptor_c078c3c476799f44, []int{162}
 }
 func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4636,7 +4608,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo
 func (m *SyncStrategyHook) Reset()      { *m = SyncStrategyHook{} }
 func (*SyncStrategyHook) ProtoMessage() {}
 func (*SyncStrategyHook) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{164}
+	return fileDescriptor_c078c3c476799f44, []int{163}
 }
 func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4664,7 +4636,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo
 func (m *SyncWindow) Reset()      { *m = SyncWindow{} }
 func (*SyncWindow) ProtoMessage() {}
 func (*SyncWindow) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{165}
+	return fileDescriptor_c078c3c476799f44, []int{164}
 }
 func (m *SyncWindow) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4692,7 +4664,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo
 func (m *TLSClientConfig) Reset()      { *m = TLSClientConfig{} }
 func (*TLSClientConfig) ProtoMessage() {}
 func (*TLSClientConfig) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{166}
+	return fileDescriptor_c078c3c476799f44, []int{165}
 }
 func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4720,7 +4692,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo
 func (m *TagFilter) Reset()      { *m = TagFilter{} }
 func (*TagFilter) ProtoMessage() {}
 func (*TagFilter) Descriptor() ([]byte, []int) {
-	return fileDescriptor_c078c3c476799f44, []int{167}
+	return fileDescriptor_c078c3c476799f44, []int{166}
 }
 func (m *TagFilter) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -4818,7 +4790,6 @@ func init() {
 	proto.RegisterType((*DuckTypeGenerator)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.DuckTypeGenerator")
 	proto.RegisterMapType((map[string]string)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.DuckTypeGenerator.ValuesEntry")
 	proto.RegisterType((*EnvEntry)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.EnvEntry")
-	proto.RegisterType((*ErrApplicationNotAllowedToUseProject)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ErrApplicationNotAllowedToUseProject")
 	proto.RegisterType((*ExecProviderConfig)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ExecProviderConfig")
 	proto.RegisterMapType((map[string]string)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ExecProviderConfig.EnvEntry")
 	proto.RegisterType((*GitDirectoryGeneratorItem)(nil), "github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.GitDirectoryGeneratorItem")
@@ -4943,783 +4914,781 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12403 bytes of a gzipped FileDescriptorProto
+	// 12379 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0x49,
 	0x56, 0xd8, 0x55, 0xb7, 0x5a, 0xea, 0x7e, 0xfa, 0x1a, 0xe5, 0xcc, 0xec, 0x6a, 0x66, 0x3f, 0x34,
-	0xd4, 0x1e, 0x7b, 0x87, 0x6f, 0x4f, 0x62, 0x67, 0x77, 0x8f, 0x35, 0x0b, 0x07, 0xfa, 0x98, 0x0f,
-	0xcd, 0x48, 0x23, 0x6d, 0xb6, 0x66, 0x86, 0xdb, 0x63, 0x6f, 0xaf, 0x54, 0x9d, 0x92, 0x6a, 0x54,
-	0x5d, 0xd5, 0x5b, 0x55, 0xad, 0x51, 0x2f, 0xcb, 0x71, 0xc7, 0xdd, 0xc1, 0xc1, 0x7d, 0xad, 0xc1,
-	0x61, 0x16, 0xdb, 0xe0, 0xc3, 0xe0, 0xaf, 0x70, 0x5c, 0x80, 0xcd, 0x0f, 0x13, 0x01, 0x04, 0xc1,
-	0x47, 0x10, 0xe0, 0x2f, 0x30, 0x81, 0x01, 0x1b, 0x90, 0xef, 0xc6, 0x76, 0x40, 0x38, 0xc2, 0x44,
-	0x80, 0xfd, 0xc3, 0x31, 0x76, 0x10, 0x8e, 0xfc, 0xce, 0xaa, 0xae, 0x96, 0x5a, 0xa3, 0xd2, 0xcc,
-	0x1c, 0xec, 0xbf, 0xee, 0x7c, 0xaf, 0xde, 0xcb, 0xca, 0xca, 0x7c, 0xef, 0xe5, 0xcb, 0xf7, 0x5e,
+	0xd4, 0xc2, 0xde, 0xe1, 0xdb, 0x93, 0xd8, 0xd9, 0xdd, 0x63, 0xcd, 0xc2, 0x81, 0x3e, 0xe6, 0x43,
+	0x33, 0xd2, 0x48, 0x9b, 0xad, 0x99, 0xe1, 0xf6, 0xd8, 0xdb, 0x2b, 0x55, 0xa7, 0xa4, 0x1a, 0x55,
+	0x57, 0xf5, 0x56, 0x55, 0x6b, 0xd4, 0xcb, 0x72, 0xdc, 0x71, 0x77, 0x70, 0x70, 0x5f, 0x6b, 0x70,
+	0x98, 0xc5, 0x36, 0xf8, 0x30, 0xf8, 0x2b, 0x1c, 0x17, 0x60, 0xf3, 0xc3, 0x44, 0x00, 0x41, 0xf0,
+	0x11, 0x04, 0xf8, 0x0b, 0x4c, 0x60, 0xc0, 0x06, 0xe4, 0xbb, 0xb1, 0x1d, 0x10, 0x8e, 0x30, 0x11,
+	0x60, 0xff, 0x70, 0x8c, 0x1d, 0x84, 0x23, 0xbf, 0xb3, 0xaa, 0xab, 0xa5, 0xd6, 0xa8, 0x34, 0x33,
+	0x77, 0xec, 0xbf, 0xee, 0x7c, 0xaf, 0xde, 0xcb, 0xca, 0xca, 0x7c, 0xef, 0xe5, 0xcb, 0xf7, 0x5e,
 	0xc2, 0xd2, 0xa6, 0x97, 0x6c, 0xb5, 0xd7, 0xa7, 0xdd, 0xb0, 0x39, 0xe3, 0x44, 0x9b, 0x61, 0x2b,
-	0x0a, 0x6f, 0xb1, 0x1f, 0xef, 0x77, 0x1b, 0x33, 0x3b, 0xcf, 0xcd, 0xb4, 0xb6, 0x37, 0x67, 0x9c,
+	0x0a, 0x6f, 0xb1, 0x1f, 0xef, 0x73, 0x1b, 0x33, 0x3b, 0xcf, 0xcd, 0xb4, 0xb6, 0x37, 0x67, 0x9c,
 	0x96, 0x17, 0xcf, 0x38, 0xad, 0x96, 0xef, 0xb9, 0x4e, 0xe2, 0x85, 0xc1, 0xcc, 0xce, 0xb3, 0x8e,
 	0xdf, 0xda, 0x72, 0x9e, 0x9d, 0xd9, 0x24, 0x01, 0x89, 0x9c, 0x84, 0x34, 0xa6, 0x5b, 0x51, 0x98,
-	0x84, 0xe8, 0x5b, 0x34, 0xb5, 0x69, 0x49, 0x8d, 0xfd, 0x78, 0xcd, 0x6d, 0x4c, 0xef, 0x3c, 0x37,
-	0xdd, 0xda, 0xde, 0x9c, 0xa6, 0xd4, 0xa6, 0x0d, 0x6a, 0xd3, 0x92, 0xda, 0xd9, 0xf7, 0x1b, 0x7d,
+	0x84, 0xe8, 0x5b, 0x35, 0xb5, 0x69, 0x49, 0x8d, 0xfd, 0x78, 0xcd, 0x6d, 0x4c, 0xef, 0x3c, 0x37,
+	0xdd, 0xda, 0xde, 0x9c, 0xa6, 0xd4, 0xa6, 0x0d, 0x6a, 0xd3, 0x92, 0xda, 0xd9, 0xf7, 0x19, 0x7d,
 	0xd9, 0x0c, 0x37, 0xc3, 0x19, 0x46, 0x74, 0xbd, 0xbd, 0xc1, 0xfe, 0xb1, 0x3f, 0xec, 0x17, 0x67,
 	0x76, 0xd6, 0xde, 0x7e, 0x31, 0x9e, 0xf6, 0x42, 0xda, 0xbd, 0x19, 0x37, 0x8c, 0xc8, 0xcc, 0x4e,
-	0x57, 0x87, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x37, 0x21, 0x41, 0xec, 0x85, 0x41, 0xfc, 0x7e, 0xda,
+	0x57, 0x87, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x37, 0x21, 0x41, 0xec, 0x85, 0x41, 0xfc, 0x3e, 0xda,
 	0x05, 0x12, 0xed, 0x90, 0xc8, 0x7c, 0x3d, 0x03, 0x21, 0x8f, 0xd2, 0xf3, 0x9a, 0x52, 0xd3, 0x71,
 	0xb7, 0xbc, 0x80, 0x44, 0x1d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xde, 0x53, 0x33, 0xbd, 0x9e, 0x8a,
-	0xda, 0x41, 0xe2, 0x35, 0x49, 0xd7, 0x03, 0x1f, 0x38, 0xe8, 0x81, 0xd8, 0xdd, 0x22, 0x4d, 0xa7,
+	0xda, 0x41, 0xe2, 0x35, 0x49, 0xd7, 0x03, 0xef, 0x3f, 0xe8, 0x81, 0xd8, 0xdd, 0x22, 0x4d, 0xa7,
 	0xeb, 0xb9, 0xe7, 0x7a, 0x3d, 0xd7, 0x4e, 0x3c, 0x7f, 0xc6, 0x0b, 0x92, 0x38, 0x89, 0xb2, 0x0f,
 	0xd9, 0x7f, 0xdf, 0x82, 0xd1, 0xd9, 0x9b, 0xf5, 0xd9, 0x76, 0xb2, 0x35, 0x1f, 0x06, 0x1b, 0xde,
 	0x26, 0x7a, 0x01, 0x86, 0x5d, 0xbf, 0x1d, 0x27, 0x24, 0xba, 0xe6, 0x34, 0xc9, 0xa4, 0x75, 0xce,
-	0x7a, 0x6f, 0x6d, 0xee, 0xe4, 0x6f, 0xec, 0x4d, 0xbd, 0xeb, 0xce, 0xde, 0xd4, 0xf0, 0xbc, 0x06,
-	0x61, 0x13, 0x0f, 0x7d, 0x03, 0x0c, 0x45, 0xa1, 0x4f, 0x66, 0xf1, 0xb5, 0xc9, 0x12, 0x7b, 0x64,
+	0x7a, 0x4f, 0x6d, 0xee, 0xe4, 0x6f, 0xee, 0x4d, 0xbd, 0xeb, 0xce, 0xde, 0xd4, 0xf0, 0xbc, 0x06,
+	0x61, 0x13, 0x0f, 0x7d, 0x23, 0x0c, 0x45, 0xa1, 0x4f, 0x66, 0xf1, 0xb5, 0xc9, 0x12, 0x7b, 0x64,
 	0x5c, 0x3c, 0x32, 0x84, 0x79, 0x33, 0x96, 0x70, 0x8a, 0xda, 0x8a, 0xc2, 0x0d, 0xcf, 0x27, 0x93,
-	0xe5, 0x34, 0xea, 0x2a, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x68, 0x09, 0xc6, 0x67, 0x5b, 0xad, 0xcb,
+	0xe5, 0x34, 0xea, 0x2a, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x58, 0x09, 0xc6, 0x67, 0x5b, 0xad, 0xcb,
 	0xc4, 0xf1, 0x93, 0xad, 0x7a, 0xe2, 0x24, 0xed, 0x18, 0x6d, 0xc2, 0x60, 0xcc, 0x7e, 0x89, 0xbe,
-	0xad, 0x88, 0xa7, 0x07, 0x39, 0xfc, 0xee, 0xde, 0xd4, 0xb7, 0xe6, 0xcd, 0xe8, 0x4d, 0x2f, 0x09,
-	0x5b, 0xf1, 0xfb, 0x49, 0xb0, 0xe9, 0x05, 0x84, 0x8d, 0xcb, 0x16, 0xa3, 0x3a, 0x6d, 0x12, 0x9f,
+	0xad, 0x88, 0xa7, 0x07, 0x39, 0xfc, 0xee, 0xde, 0xd4, 0xb7, 0xe5, 0xcd, 0xe8, 0x4d, 0x2f, 0x09,
+	0x5b, 0xf1, 0xfb, 0x48, 0xb0, 0xe9, 0x05, 0x84, 0x8d, 0xcb, 0x16, 0xa3, 0x3a, 0x6d, 0x12, 0x9f,
 	0x0f, 0x1b, 0x04, 0x0b, 0xf2, 0xb4, 0x9f, 0x4d, 0x12, 0xc7, 0xce, 0x26, 0xc9, 0xbe, 0xd2, 0x32,
 	0x6f, 0xc6, 0x12, 0x8e, 0x22, 0x40, 0xbe, 0x13, 0x27, 0x6b, 0x91, 0x13, 0xc4, 0x1e, 0x9d, 0xd2,
 	0x6b, 0x5e, 0x93, 0xbf, 0xdd, 0xf0, 0xf9, 0xbf, 0x31, 0xcd, 0x3f, 0xcc, 0xb4, 0xf9, 0x61, 0xf4,
 	0x3a, 0xa0, 0xf3, 0x66, 0x7a, 0xe7, 0xd9, 0x69, 0xfa, 0xc4, 0xdc, 0x23, 0x77, 0xf6, 0xa6, 0xd0,
-	0x52, 0x17, 0x25, 0x9c, 0x43, 0xdd, 0xfe, 0xbd, 0x12, 0xc0, 0x6c, 0xab, 0xb5, 0x1a, 0x85, 0xb7,
-	0x88, 0x9b, 0xa0, 0x8f, 0x42, 0x95, 0x92, 0x6a, 0x38, 0x89, 0xc3, 0x06, 0x66, 0xf8, 0xfc, 0x37,
-	0xf6, 0xc7, 0x78, 0x65, 0x9d, 0x3e, 0xbf, 0x4c, 0x12, 0x67, 0x0e, 0x89, 0x17, 0x04, 0xdd, 0x86,
+	0x52, 0x17, 0x25, 0x9c, 0x43, 0xdd, 0xfe, 0xfd, 0x12, 0xc0, 0x6c, 0xab, 0xb5, 0x1a, 0x85, 0xb7,
+	0x88, 0x9b, 0xa0, 0x8f, 0x40, 0x95, 0x92, 0x6a, 0x38, 0x89, 0xc3, 0x06, 0x66, 0xf8, 0xfc, 0x37,
+	0xf5, 0xc7, 0x78, 0x65, 0x9d, 0x3e, 0xbf, 0x4c, 0x12, 0x67, 0x0e, 0x89, 0x17, 0x04, 0xdd, 0x86,
 	0x15, 0x55, 0x14, 0xc0, 0x40, 0xdc, 0x22, 0x2e, 0x1b, 0x8c, 0xe1, 0xf3, 0x4b, 0xd3, 0x47, 0x59,
 	0xe9, 0xd3, 0xba, 0xe7, 0xf5, 0x16, 0x71, 0xe7, 0x46, 0x04, 0xe7, 0x01, 0xfa, 0x0f, 0x33, 0x3e,
 	0x68, 0x47, 0x7d, 0x68, 0x3e, 0x90, 0xd7, 0x0a, 0xe3, 0xc8, 0xa8, 0xce, 0x8d, 0xa5, 0x27, 0x8e,
-	0xfc, 0xee, 0xf6, 0x1f, 0x5b, 0x30, 0xa6, 0x91, 0x97, 0xbc, 0x38, 0x41, 0xdf, 0xd9, 0x35, 0xb8,
+	0xfc, 0xee, 0xf6, 0x9f, 0x58, 0x30, 0xa6, 0x91, 0x97, 0xbc, 0x38, 0x41, 0xdf, 0xd5, 0x35, 0xb8,
 	0xd3, 0xfd, 0x0d, 0x2e, 0x7d, 0x9a, 0x0d, 0xed, 0x09, 0xc1, 0xac, 0x2a, 0x5b, 0x8c, 0x81, 0x6d,
-	0x42, 0xc5, 0x4b, 0x48, 0x33, 0x9e, 0x2c, 0x9d, 0x2b, 0xbf, 0x77, 0xf8, 0xfc, 0xe5, 0xa2, 0xde,
-	0x73, 0x6e, 0x54, 0x30, 0xad, 0x2c, 0x52, 0xf2, 0x98, 0x73, 0xb1, 0xff, 0x62, 0xd4, 0x7c, 0x3f,
+	0x42, 0xc5, 0x4b, 0x48, 0x33, 0x9e, 0x2c, 0x9d, 0x2b, 0xbf, 0x67, 0xf8, 0xfc, 0xe5, 0xa2, 0xde,
+	0x73, 0x6e, 0x54, 0x30, 0xad, 0x2c, 0x52, 0xf2, 0x98, 0x73, 0xb1, 0xff, 0x72, 0xd4, 0x7c, 0x3f,
 	0x3a, 0xe0, 0xe8, 0x59, 0x18, 0x8e, 0xc3, 0x76, 0xe4, 0x12, 0x4c, 0x5a, 0x21, 0x5d, 0x58, 0x65,
-	0x3a, 0xdd, 0xe9, 0x82, 0xaf, 0xeb, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x58, 0x30, 0xd2, 0x20, 0x71,
+	0x3a, 0xdd, 0xe9, 0x82, 0xaf, 0xeb, 0x66, 0x6c, 0xe2, 0xa0, 0xcf, 0x5b, 0x30, 0xd2, 0x20, 0x71,
 	0xe2, 0x05, 0x8c, 0xbf, 0xec, 0xfc, 0xda, 0x91, 0x3b, 0x2f, 0x1b, 0x17, 0x34, 0xf1, 0xb9, 0x53,
 	0xe2, 0x45, 0x46, 0x8c, 0xc6, 0x18, 0xa7, 0xf8, 0x53, 0xc1, 0xd5, 0x20, 0xb1, 0x1b, 0x79, 0x2d,
 	0xfa, 0x5f, 0x88, 0x16, 0x25, 0xb8, 0x16, 0x34, 0x08, 0x9b, 0x78, 0x28, 0x80, 0x0a, 0x15, 0x4c,
 	0xf1, 0xe4, 0x00, 0xeb, 0xff, 0xe2, 0xd1, 0xfa, 0x2f, 0x06, 0x95, 0xca, 0x3c, 0x3d, 0xfa, 0xf4,
-	0x5f, 0x8c, 0x39, 0x1b, 0xf4, 0x79, 0x0b, 0x26, 0x85, 0xe0, 0xc4, 0x84, 0x0f, 0xe8, 0xcd, 0x2d,
+	0x5f, 0x8c, 0x39, 0x1b, 0xf4, 0x39, 0x0b, 0x26, 0x85, 0xe0, 0xc4, 0x84, 0x0f, 0xe8, 0xcd, 0x2d,
 	0x2f, 0x21, 0xbe, 0x17, 0x27, 0x93, 0x15, 0xd6, 0x87, 0x99, 0xfe, 0xe6, 0xd6, 0xa5, 0x28, 0x6c,
 	0xb7, 0xae, 0x7a, 0x41, 0x63, 0xee, 0x9c, 0xe0, 0x34, 0x39, 0xdf, 0x83, 0x30, 0xee, 0xc9, 0x12,
-	0xfd, 0xb0, 0x05, 0x67, 0x03, 0xa7, 0x49, 0xe2, 0x96, 0x43, 0x3f, 0x2d, 0x07, 0xcf, 0xf9, 0x8e,
+	0xfd, 0x88, 0x05, 0x67, 0x03, 0xa7, 0x49, 0xe2, 0x96, 0x43, 0x3f, 0x2d, 0x07, 0xcf, 0xf9, 0x8e,
 	0xbb, 0xcd, 0x7a, 0x34, 0x78, 0x6f, 0x3d, 0xb2, 0x45, 0x8f, 0xce, 0x5e, 0xeb, 0x49, 0x1a, 0xef,
-	0xc3, 0x16, 0xfd, 0xa4, 0x05, 0x13, 0x61, 0xd4, 0xda, 0x72, 0x02, 0xd2, 0x90, 0xd0, 0x78, 0x72,
-	0x88, 0x2d, 0xbd, 0x8f, 0x1c, 0xed, 0x13, 0xad, 0x64, 0xc9, 0x2e, 0x87, 0x81, 0x97, 0x84, 0x51,
+	0xc3, 0x16, 0xfd, 0x94, 0x05, 0x13, 0x61, 0xd4, 0xda, 0x72, 0x02, 0xd2, 0x90, 0xd0, 0x78, 0x72,
+	0x88, 0x2d, 0xbd, 0x0f, 0x1f, 0xed, 0x13, 0xad, 0x64, 0xc9, 0x2e, 0x87, 0x81, 0x97, 0x84, 0x51,
 	0x9d, 0x24, 0x89, 0x17, 0x6c, 0xc6, 0x73, 0xa7, 0xef, 0xec, 0x4d, 0x4d, 0x74, 0x61, 0xe1, 0xee,
-	0xfe, 0xa0, 0xef, 0x82, 0xe1, 0xb8, 0x13, 0xb8, 0x37, 0xbd, 0xa0, 0x11, 0xde, 0x8e, 0x27, 0xab,
+	0xfe, 0xa0, 0xef, 0x86, 0xe1, 0xb8, 0x13, 0xb8, 0x37, 0xbd, 0xa0, 0x11, 0xde, 0x8e, 0x27, 0xab,
 	0x45, 0x2c, 0xdf, 0xba, 0x22, 0x28, 0x16, 0xa0, 0x66, 0x80, 0x4d, 0x6e, 0xf9, 0x1f, 0x4e, 0x4f,
-	0xa5, 0x5a, 0xd1, 0x1f, 0x4e, 0x4f, 0xa6, 0x7d, 0xd8, 0xa2, 0xef, 0xb7, 0x60, 0x34, 0xf6, 0x36,
+	0xa5, 0x5a, 0xd1, 0x1f, 0x4e, 0x4f, 0xa6, 0x7d, 0xd8, 0xa2, 0x1f, 0xb0, 0x60, 0x34, 0xf6, 0x36,
 	0x03, 0x27, 0x69, 0x47, 0xe4, 0x2a, 0xe9, 0xc4, 0x93, 0xc0, 0x3a, 0x72, 0xe5, 0x88, 0xa3, 0x62,
 	0x90, 0x9c, 0x3b, 0x2d, 0xfa, 0x38, 0x6a, 0xb6, 0xc6, 0x38, 0xcd, 0x37, 0x6f, 0xa1, 0xe9, 0x69,
-	0x3d, 0x5c, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, 0xed, 0x70, 0x82, 0x37, 0xa9, 0x91,
+	0x3d, 0x5c, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, 0x1d, 0x70, 0x82, 0x37, 0xa9, 0x91,
 	0x8d, 0x27, 0x47, 0x98, 0xa0, 0x3d, 0x75, 0x67, 0x6f, 0xea, 0x44, 0x3d, 0x03, 0xc3, 0x5d, 0xd8,
 	0xe8, 0x75, 0x98, 0x6a, 0x91, 0xa8, 0xe9, 0x25, 0x2b, 0x81, 0xdf, 0x91, 0xe2, 0xdb, 0x0d, 0x5b,
-	0xa4, 0x21, 0xba, 0x13, 0x4f, 0x8e, 0x9e, 0xb3, 0xde, 0x5b, 0x9d, 0x7b, 0x8f, 0xe8, 0xe6, 0xd4,
-	0xea, 0xfe, 0xe8, 0xf8, 0x20, 0x7a, 0xe8, 0xd7, 0x2d, 0x38, 0x6b, 0x48, 0xd9, 0x3a, 0x89, 0x76,
+	0xa4, 0x21, 0xba, 0x13, 0x4f, 0x8e, 0x9e, 0xb3, 0xde, 0x53, 0x9d, 0x7b, 0xb7, 0xe8, 0xe6, 0xd4,
+	0xea, 0xfe, 0xe8, 0xf8, 0x20, 0x7a, 0xe8, 0x37, 0x2c, 0x38, 0x6b, 0x48, 0xd9, 0x3a, 0x89, 0x76,
 	0x3c, 0x97, 0xcc, 0xba, 0x6e, 0xd8, 0x0e, 0x92, 0x78, 0x72, 0x8c, 0x0d, 0xe3, 0xfa, 0x71, 0xc8,
-	0xfc, 0x34, 0x2b, 0x3d, 0x2f, 0x7b, 0xa2, 0xc4, 0x78, 0x9f, 0x9e, 0xda, 0xbf, 0x59, 0x82, 0x13,
+	0xfc, 0x34, 0x2b, 0x3d, 0x2f, 0x7b, 0xa2, 0xc4, 0x78, 0x9f, 0x9e, 0xda, 0xbf, 0x55, 0x82, 0x13,
 	0x59, 0x0b, 0x00, 0xfd, 0x63, 0x0b, 0xc6, 0x6f, 0xdd, 0x4e, 0xd6, 0xc2, 0x6d, 0x12, 0xc4, 0x73,
 	0x1d, 0x2a, 0xa7, 0x99, 0xee, 0x1b, 0x3e, 0xef, 0x16, 0x6b, 0x6b, 0x4c, 0x5f, 0x49, 0x73, 0xb9,
 	0x10, 0x24, 0x51, 0x67, 0xee, 0x51, 0xf1, 0x4e, 0xe3, 0x57, 0x6e, 0xae, 0x99, 0x50, 0x9c, 0xed,
-	0xd4, 0xd9, 0xcf, 0x5a, 0x70, 0x2a, 0x8f, 0x04, 0x3a, 0x01, 0xe5, 0x6d, 0xd2, 0xe1, 0x96, 0x30,
+	0xd4, 0xd9, 0xcf, 0x58, 0x70, 0x2a, 0x8f, 0x04, 0x3a, 0x01, 0xe5, 0x6d, 0xd2, 0xe1, 0x96, 0x30,
 	0xa6, 0x3f, 0xd1, 0xab, 0x50, 0xd9, 0x71, 0xfc, 0x36, 0x11, 0x66, 0xda, 0xa5, 0xa3, 0xbd, 0x88,
-	0xea, 0x19, 0xe6, 0x54, 0xbf, 0xb9, 0xf4, 0xa2, 0x65, 0xff, 0x56, 0x19, 0x86, 0x8d, 0x8f, 0x76,
+	0xea, 0x19, 0xe6, 0x54, 0xbf, 0xa5, 0xf4, 0xa2, 0x65, 0xff, 0x76, 0x19, 0x86, 0x8d, 0x8f, 0x76,
 	0x1f, 0x4c, 0xcf, 0x30, 0x65, 0x7a, 0x2e, 0x17, 0x36, 0xdf, 0x7a, 0xda, 0x9e, 0xb7, 0x33, 0xb6,
 	0xe7, 0x4a, 0x71, 0x2c, 0xf7, 0x35, 0x3e, 0x51, 0x02, 0xb5, 0xb0, 0x45, 0xb7, 0x68, 0xd4, 0x86,
 	0x19, 0x28, 0xe2, 0x13, 0xae, 0x48, 0x72, 0x73, 0xa3, 0x77, 0xf6, 0xa6, 0x6a, 0xea, 0x2f, 0xd6,
-	0x8c, 0xec, 0xdf, 0xb7, 0xe0, 0x94, 0xd1, 0xc7, 0xf9, 0x30, 0x68, 0xb0, 0x8d, 0x06, 0x3a, 0x07,
+	0x8c, 0xec, 0x3f, 0xb0, 0xe0, 0x94, 0xd1, 0xc7, 0xf9, 0x30, 0x68, 0xb0, 0x8d, 0x06, 0x3a, 0x07,
 	0x03, 0x49, 0xa7, 0x25, 0xb7, 0x81, 0x6a, 0xa4, 0xd6, 0x3a, 0x2d, 0x82, 0x19, 0xe4, 0x61, 0xdf,
-	0x25, 0xfd, 0xb0, 0x05, 0x8f, 0xe4, 0x0b, 0x18, 0xf4, 0x34, 0x0c, 0x72, 0x1f, 0x80, 0x78, 0x3b,
+	0x25, 0xfd, 0x88, 0x05, 0x8f, 0xe4, 0x0b, 0x18, 0xf4, 0x34, 0x0c, 0x72, 0x1f, 0x80, 0x78, 0x3b,
 	0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x03, 0x35, 0xa5, 0xf0, 0xc4, 0x3b, 0x4e, 0x08, 0xd4,
 	0x9a, 0xd6, 0x92, 0x1a, 0x87, 0x0e, 0x1a, 0xfd, 0x23, 0x4c, 0x50, 0x35, 0x68, 0x6c, 0xd3, 0xcc,
-	0x20, 0xf6, 0xef, 0x5a, 0xf0, 0xee, 0x7e, 0xc4, 0xde, 0xf1, 0xf5, 0xb1, 0x0e, 0xa7, 0x1b, 0x64,
-	0xc3, 0x69, 0xfb, 0x49, 0x9a, 0xa3, 0xe8, 0xf4, 0x13, 0xe2, 0xe1, 0xd3, 0x0b, 0x79, 0x48, 0x38,
-	0xff, 0x59, 0xfb, 0xbf, 0x58, 0x6c, 0xbb, 0x2e, 0x5f, 0xeb, 0x3e, 0x6c, 0x9d, 0x82, 0xf4, 0xd6,
-	0x69, 0xb1, 0xb0, 0x65, 0xda, 0x63, 0xef, 0xf4, 0x79, 0x0b, 0xce, 0x1a, 0x58, 0xcb, 0x4e, 0xe2,
-	0x6e, 0x5d, 0xd8, 0x6d, 0x45, 0x24, 0x8e, 0xe9, 0x94, 0x7a, 0xc2, 0x10, 0xc7, 0x73, 0xc3, 0x82,
-	0x42, 0xf9, 0x2a, 0xe9, 0x70, 0xd9, 0xfc, 0x0c, 0x54, 0xf9, 0x9a, 0x0b, 0x23, 0xf1, 0x91, 0xd4,
-	0xbb, 0xad, 0x88, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0xe6, 0x52, 0x19, 0x44, 0xcd, 0x04,
-	0xa0, 0xdf, 0xfd, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0xac, 0x46, 0x84, 0xcd, 0x87,
-	0xc6, 0x45, 0x8f, 0xf8, 0x8d, 0x98, 0x6e, 0xeb, 0x9c, 0x20, 0x08, 0x13, 0xb1, 0x43, 0x33, 0xb6,
-	0x75, 0xb3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xef, 0xac, 0x13, 0x9f, 0x8f, 0xa8, 0x60, 0xba,
-	0xc4, 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x03, 0xa9, 0x24, 0x1a, 0xb9, 0x1f, 0xde, 0x87,
-	0x28, 0xa5, 0x02, 0x56, 0x8b, 0x93, 0xc7, 0xa4, 0xb7, 0x07, 0xe2, 0x8d, 0x8c, 0x16, 0xc0, 0x85,
-	0x72, 0xdd, 0xdf, 0x0b, 0xf1, 0xf1, 0x32, 0x4c, 0xa5, 0x1f, 0xe8, 0x52, 0x22, 0x74, 0xcb, 0x6b,
-	0x30, 0xca, 0xfa, 0xea, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x90, 0xc3, 0xa5, 0xe3, 0x94, 0xc3, 0xa6,
-	0x9a, 0x28, 0x1f, 0xa0, 0x26, 0x9e, 0x56, 0xa3, 0x3e, 0x90, 0x91, 0x79, 0x69, 0x55, 0x79, 0x0e,
-	0x06, 0xe2, 0x84, 0xb4, 0x26, 0x2b, 0x69, 0x31, 0x5b, 0x4f, 0x48, 0x0b, 0x33, 0x08, 0xfa, 0x56,
-	0x18, 0x4f, 0x9c, 0x68, 0x93, 0x24, 0x11, 0xd9, 0xf1, 0x98, 0x5f, 0x97, 0xed, 0x67, 0x6b, 0x73,
-	0x27, 0xa9, 0xd5, 0xb5, 0xc6, 0x40, 0x58, 0x82, 0x70, 0x16, 0xd7, 0xfe, 0x1f, 0x25, 0x78, 0x34,
-	0xfd, 0x09, 0xb4, 0x62, 0xfc, 0xb6, 0x94, 0x62, 0x7c, 0x9f, 0xa9, 0x18, 0xef, 0xee, 0x4d, 0x3d,
-	0xd6, 0xe3, 0xb1, 0xaf, 0x19, 0xbd, 0x89, 0x2e, 0x65, 0x3e, 0xc2, 0x4c, 0x97, 0x97, 0xf5, 0x89,
-	0x1e, 0xef, 0x98, 0xf9, 0x4a, 0x4f, 0xc3, 0x60, 0x44, 0x9c, 0x38, 0x0c, 0xc4, 0x77, 0x52, 0x5f,
-	0x13, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xef, 0xd4, 0xb2, 0x83, 0x7d, 0x89, 0xfb, 0xaa, 0xc3, 0x08,
-	0x79, 0x30, 0xc0, 0x76, 0x6d, 0x5c, 0xb2, 0x5c, 0x3d, 0xda, 0x2a, 0xa4, 0x5a, 0x44, 0x91, 0x9e,
-	0xab, 0xd2, 0xaf, 0x46, 0x9b, 0x30, 0x63, 0x81, 0x76, 0xa1, 0xea, 0xca, 0xcd, 0x54, 0xa9, 0x08,
-	0xb7, 0xa3, 0xd8, 0x4a, 0x69, 0x8e, 0x23, 0x54, 0xdc, 0xab, 0x1d, 0x98, 0xe2, 0x86, 0x08, 0x94,
-	0x37, 0xbd, 0x44, 0x7c, 0xd6, 0x23, 0x6e, 0x97, 0x2f, 0x79, 0xc6, 0x2b, 0x0e, 0x51, 0x1d, 0x74,
-	0xc9, 0x4b, 0x30, 0xa5, 0x8f, 0x3e, 0x6d, 0xc1, 0x70, 0xec, 0x36, 0x57, 0xa3, 0x70, 0xc7, 0x6b,
-	0x90, 0x48, 0xd8, 0x98, 0x47, 0x94, 0x6c, 0xf5, 0xf9, 0x65, 0x49, 0x50, 0xf3, 0xe5, 0xee, 0x0b,
-	0x0d, 0xc1, 0x26, 0x5f, 0xba, 0xf7, 0x7a, 0x54, 0xbc, 0xfb, 0x02, 0x71, 0xd9, 0x8a, 0x93, 0x7b,
-	0x66, 0x36, 0x53, 0x8e, 0x6c, 0x73, 0x2f, 0xb4, 0xdd, 0x6d, 0xba, 0xde, 0x74, 0x87, 0x1e, 0xbb,
-	0xb3, 0x37, 0xf5, 0xe8, 0x7c, 0x3e, 0x4f, 0xdc, 0xab, 0x33, 0x6c, 0xc0, 0x5a, 0x6d, 0xdf, 0xc7,
-	0xe4, 0xf5, 0x36, 0x61, 0x1e, 0xb1, 0x02, 0x06, 0x6c, 0x55, 0x13, 0xcc, 0x0c, 0x98, 0x01, 0xc1,
-	0x26, 0x5f, 0xf4, 0x3a, 0x0c, 0x36, 0x9d, 0x24, 0xf2, 0x76, 0x85, 0x1b, 0xec, 0x88, 0xbb, 0xa0,
-	0x65, 0x46, 0x4b, 0x33, 0x67, 0x8a, 0x9e, 0x37, 0x62, 0xc1, 0x08, 0x35, 0xa1, 0xd2, 0x24, 0xd1,
-	0x26, 0x99, 0xac, 0x16, 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x1a, 0x35, 0xae, 0x58, 0x1b,
-	0xe6, 0x5c, 0xd0, 0xab, 0x50, 0x8d, 0x89, 0x4f, 0x5c, 0x6a, 0x1e, 0xd5, 0x18, 0xc7, 0xe7, 0xfa,
-	0x34, 0x15, 0xa9, 0x5d, 0x52, 0x17, 0x8f, 0xf2, 0x05, 0x26, 0xff, 0x61, 0x45, 0x92, 0x0e, 0x60,
-	0xcb, 0x6f, 0x6f, 0x7a, 0xc1, 0x24, 0x14, 0x31, 0x80, 0xab, 0x8c, 0x56, 0x66, 0x00, 0x79, 0x23,
-	0x16, 0x8c, 0xec, 0xff, 0x6e, 0x01, 0x4a, 0x0b, 0xb5, 0xfb, 0x60, 0x13, 0xbf, 0x9e, 0xb6, 0x89,
-	0x97, 0x8a, 0x34, 0x5a, 0x7a, 0x98, 0xc5, 0x3f, 0x5f, 0x83, 0x8c, 0x3a, 0xb8, 0x46, 0xe2, 0x84,
-	0x34, 0xde, 0x11, 0xe1, 0xef, 0x88, 0xf0, 0x77, 0x44, 0xb8, 0x12, 0xe1, 0xeb, 0x19, 0x11, 0xfe,
-	0x41, 0x63, 0xd5, 0xeb, 0xd8, 0x83, 0xd7, 0x54, 0x70, 0x82, 0xd9, 0x03, 0x03, 0x81, 0x4a, 0x82,
-	0x2b, 0xf5, 0x95, 0x6b, 0xb9, 0x32, 0xfb, 0xb5, 0xb4, 0xcc, 0x3e, 0x2a, 0x8b, 0xbf, 0x0e, 0x52,
-	0xfa, 0xd7, 0x2d, 0x78, 0x4f, 0x5a, 0x7a, 0xc9, 0x99, 0xb3, 0xb8, 0x19, 0x84, 0x11, 0x59, 0xf0,
-	0x36, 0x36, 0x48, 0x44, 0x02, 0x97, 0xc4, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0, 0xe7, 0x61,
-	0xe4, 0x56, 0x1c, 0x06, 0xab, 0xa1, 0x17, 0x08, 0x11, 0x44, 0x77, 0x1c, 0x27, 0xee, 0xec, 0x4d,
-	0x8d, 0xd0, 0x11, 0x95, 0xed, 0x38, 0x85, 0x85, 0xe6, 0x61, 0xe2, 0xd6, 0xeb, 0xab, 0x4e, 0x62,
-	0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x79, 0x39, 0x03, 0xc4, 0xdd, 0xf8, 0xf6, 0xdf,
-	0x2b, 0xc1, 0x99, 0xcc, 0x8b, 0x84, 0xbe, 0x1f, 0xb6, 0x13, 0xba, 0x27, 0x42, 0x3f, 0x6e, 0xc1,
-	0x89, 0x66, 0xda, 0x61, 0x11, 0x0b, 0x77, 0xf7, 0x77, 0x14, 0xa6, 0x23, 0x32, 0x1e, 0x91, 0xb9,
-	0x49, 0x31, 0x42, 0x27, 0x32, 0x80, 0x18, 0x77, 0xf5, 0x05, 0xbd, 0x0a, 0xb5, 0xa6, 0xb3, 0x7b,
-	0xbd, 0xd5, 0x70, 0x12, 0xb9, 0x1d, 0xed, 0xed, 0x45, 0x68, 0x27, 0x9e, 0x3f, 0xcd, 0xa3, 0x5a,
-	0xa6, 0x17, 0x83, 0x64, 0x25, 0xaa, 0x27, 0x91, 0x17, 0x6c, 0x72, 0x27, 0xe7, 0xb2, 0x24, 0x83,
-	0x35, 0x45, 0xfb, 0xc7, 0xac, 0xac, 0x92, 0x52, 0xa3, 0x13, 0x39, 0x09, 0xd9, 0xec, 0xa0, 0x37,
-	0xa1, 0x42, 0xf7, 0x8d, 0x72, 0x54, 0x6e, 0x16, 0xa9, 0x39, 0x8d, 0x2f, 0xa1, 0x95, 0x28, 0xfd,
-	0x17, 0x63, 0xce, 0xd4, 0xfe, 0xf1, 0x5a, 0xd6, 0x58, 0x60, 0x67, 0xf3, 0xe7, 0x01, 0x36, 0xc3,
-	0x35, 0xd2, 0x6c, 0xf9, 0x74, 0x58, 0x2c, 0x76, 0xc0, 0xa3, 0x5c, 0x25, 0x97, 0x14, 0x04, 0x1b,
-	0x58, 0xe8, 0x07, 0x2c, 0x80, 0x4d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, 0xc8, 0xd7, 0xd1, 0x2b,
-	0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0xbd, 0x16, 0x54, 0x13, 0xd9, 0x7d, 0xae, 0x1a,
-	0xd7, 0x8a, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, 0xd1, 0xf7, 0x59, 0x00,
-	0x71, 0x27, 0x70, 0x57, 0x43, 0xdf, 0x73, 0x3b, 0x42, 0x63, 0xde, 0x28, 0xd4, 0x9d, 0xa3, 0xa8,
-	0xcf, 0x8d, 0xd1, 0xd1, 0xd0, 0xff, 0xb1, 0xc1, 0x19, 0x7d, 0x0c, 0xaa, 0xb1, 0x98, 0x6e, 0x42,
-	0x47, 0xae, 0x15, 0xeb, 0x54, 0xe2, 0xb4, 0x85, 0x78, 0x15, 0xff, 0xb0, 0xe2, 0x89, 0x7e, 0xc4,
-	0x82, 0xf1, 0x56, 0xda, 0x4d, 0x28, 0xd4, 0x61, 0x71, 0x32, 0x20, 0xe3, 0x86, 0xe4, 0xde, 0x96,
-	0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, 0x83, 0x57, 0x5a, 0xdc, 0x65, 0x39, 0xa4, 0x25,
-	0xe0, 0xa5, 0x2c, 0x10, 0x77, 0xe3, 0xa3, 0x55, 0x38, 0x45, 0x7b, 0xd7, 0xe1, 0xe6, 0xa7, 0x54,
-	0x2f, 0x31, 0x53, 0x86, 0xd5, 0xb9, 0xc7, 0xc5, 0x0c, 0x61, 0x67, 0x1d, 0x59, 0x1c, 0x9c, 0xfb,
-	0x24, 0xfa, 0x2d, 0x0b, 0x1e, 0xf7, 0x98, 0x1a, 0x30, 0x1d, 0xf6, 0x5a, 0x23, 0x88, 0x83, 0x76,
-	0x52, 0xa8, 0xac, 0xe8, 0xa5, 0x7e, 0xe6, 0xde, 0x2d, 0xde, 0xe0, 0xf1, 0xc5, 0x7d, 0xba, 0x84,
-	0xf7, 0xed, 0x30, 0xfa, 0x26, 0x18, 0x95, 0xeb, 0x62, 0x95, 0x8a, 0x60, 0xa6, 0x68, 0x6b, 0x73,
-	0x13, 0x77, 0xf6, 0xa6, 0x46, 0xd7, 0x4c, 0x00, 0x4e, 0xe3, 0xd9, 0xff, 0xba, 0x9c, 0x3a, 0x25,
-	0x52, 0x3e, 0x4c, 0x26, 0x6e, 0x5c, 0xe9, 0xff, 0x91, 0xd2, 0xb3, 0x50, 0x71, 0xa3, 0xbc, 0x4b,
-	0x5a, 0xdc, 0xa8, 0xa6, 0x18, 0x1b, 0xcc, 0xa9, 0x51, 0x3a, 0xe1, 0x64, 0x3d, 0xa5, 0x42, 0x02,
-	0xbe, 0x5a, 0x64, 0x97, 0xba, 0xcf, 0xf4, 0xce, 0x88, 0xae, 0x4d, 0x74, 0x81, 0x70, 0x77, 0x97,
-	0xd0, 0x77, 0x43, 0x2d, 0x52, 0x91, 0x2d, 0xe5, 0x22, 0xb6, 0x6a, 0x72, 0xda, 0x88, 0xee, 0xa8,
-	0x03, 0x20, 0x1d, 0xc3, 0xa2, 0x39, 0xda, 0x9f, 0x29, 0xa5, 0x0e, 0xc6, 0x0c, 0xd9, 0xd1, 0xc7,
-	0xa1, 0xdf, 0x17, 0x2c, 0x18, 0x8e, 0x42, 0xdf, 0xf7, 0x82, 0x4d, 0x2a, 0xe7, 0x84, 0xb2, 0xfe,
-	0xf0, 0xb1, 0xe8, 0x4b, 0x21, 0xd0, 0x98, 0x65, 0x8d, 0x35, 0x4f, 0x6c, 0x76, 0x00, 0xbd, 0x04,
-	0xa3, 0x0d, 0xe2, 0x13, 0xfa, 0xec, 0x4a, 0x44, 0xf7, 0x44, 0xdc, 0xc9, 0xac, 0x22, 0x45, 0x16,
-	0x4c, 0x20, 0x4e, 0xe3, 0xda, 0x7f, 0x6c, 0xc1, 0x64, 0x2f, 0x61, 0x8e, 0x08, 0x3c, 0x26, 0x25,
-	0x95, 0x1a, 0xc7, 0x95, 0x40, 0xd2, 0x13, 0xfa, 0xf8, 0x29, 0xc1, 0xe7, 0xb1, 0xd5, 0xde, 0xa8,
-	0x78, 0x3f, 0x3a, 0xe8, 0x15, 0x38, 0x61, 0x0c, 0x4a, 0xac, 0x46, 0xb5, 0x36, 0x37, 0x4d, 0xad,
-	0xa7, 0xd9, 0x0c, 0xec, 0xee, 0xde, 0xd4, 0x23, 0xd9, 0x36, 0xa1, 0x6d, 0xba, 0xe8, 0xd8, 0x3f,
-	0xd5, 0xf5, 0xa9, 0x95, 0xa1, 0xf0, 0xb6, 0xd5, 0xe5, 0x8a, 0xf8, 0x8e, 0xe3, 0x50, 0xce, 0xcc,
-	0x69, 0xa1, 0x62, 0x38, 0x7a, 0xe3, 0x3c, 0xc0, 0x33, 0x7f, 0xfb, 0xdf, 0x0e, 0xc0, 0x3e, 0x3d,
-	0xeb, 0xc3, 0xf2, 0x3f, 0xf4, 0x21, 0xec, 0xe7, 0x2c, 0x75, 0xda, 0xc6, 0x05, 0x40, 0xe3, 0xb8,
-	0xc6, 0x9e, 0x6f, 0xbe, 0x62, 0x1e, 0x77, 0xa2, 0x5c, 0xf0, 0xe9, 0x73, 0x3d, 0xf4, 0x25, 0x2b,
-	0x7d, 0x5e, 0xc8, 0x23, 0x22, 0xbd, 0x63, 0xeb, 0x93, 0x71, 0x08, 0xc9, 0x3b, 0xa6, 0x8f, 0xae,
-	0x7a, 0x1d, 0x4f, 0x4e, 0x03, 0x6c, 0x78, 0x81, 0xe3, 0x7b, 0x6f, 0xd0, 0xad, 0x55, 0x85, 0x59,
-	0x07, 0xcc, 0xdc, 0xba, 0xa8, 0x5a, 0xb1, 0x81, 0x71, 0xf6, 0x6f, 0xc2, 0xb0, 0xf1, 0xe6, 0x39,
-	0xe1, 0x32, 0xa7, 0xcc, 0x70, 0x99, 0x9a, 0x11, 0xe5, 0x72, 0xf6, 0x83, 0x70, 0x22, 0xdb, 0xc1,
-	0xc3, 0x3c, 0x6f, 0xff, 0x9f, 0xa1, 0xec, 0x01, 0xde, 0x1a, 0x89, 0x9a, 0xb4, 0x6b, 0xef, 0x78,
-	0xc5, 0xde, 0xf1, 0x8a, 0xbd, 0xe3, 0x15, 0x33, 0x0f, 0x36, 0x84, 0xc7, 0x67, 0xe8, 0x3e, 0x79,
-	0x7c, 0x52, 0x3e, 0xac, 0x6a, 0xe1, 0x3e, 0x2c, 0xfb, 0xd3, 0x5d, 0x6e, 0xff, 0xb5, 0x88, 0x10,
-	0x14, 0x42, 0x25, 0x08, 0x1b, 0x44, 0x1a, 0xc8, 0x57, 0x8a, 0xb1, 0xf6, 0xae, 0x85, 0x0d, 0x23,
-	0xd6, 0x9c, 0xfe, 0x8b, 0x31, 0xe7, 0x63, 0x7f, 0x6a, 0x10, 0x52, 0xb6, 0x28, 0xff, 0xee, 0xdf,
-	0x00, 0x43, 0x11, 0x69, 0x85, 0xd7, 0xf1, 0x92, 0xd0, 0x65, 0x3a, 0x55, 0x87, 0x37, 0x63, 0x09,
-	0xa7, 0x3a, 0xaf, 0xe5, 0x24, 0x5b, 0x42, 0x99, 0x29, 0x9d, 0xb7, 0xea, 0x24, 0x5b, 0x98, 0x41,
-	0xd0, 0x07, 0x61, 0x2c, 0x49, 0x9d, 0xa3, 0x8b, 0xf3, 0xe2, 0x47, 0x04, 0xee, 0x58, 0xfa, 0x94,
-	0x1d, 0x67, 0xb0, 0xd1, 0xeb, 0x30, 0xb0, 0x45, 0xfc, 0xa6, 0xf8, 0xf4, 0xf5, 0xe2, 0x74, 0x0d,
-	0x7b, 0xd7, 0xcb, 0xc4, 0x6f, 0x72, 0x49, 0x48, 0x7f, 0x61, 0xc6, 0x8a, 0xce, 0xfb, 0xda, 0x76,
-	0x3b, 0x4e, 0xc2, 0xa6, 0xf7, 0x86, 0x74, 0x93, 0x7e, 0x47, 0xc1, 0x8c, 0xaf, 0x4a, 0xfa, 0xdc,
-	0x1f, 0xa5, 0xfe, 0x62, 0xcd, 0x99, 0xf5, 0xa3, 0xe1, 0x45, 0x6c, 0xca, 0x74, 0x84, 0xb7, 0xb3,
-	0xe8, 0x7e, 0x2c, 0x48, 0xfa, 0xbc, 0x1f, 0xea, 0x2f, 0xd6, 0x9c, 0x51, 0x47, 0xad, 0xbf, 0x61,
-	0xd6, 0x87, 0xeb, 0x05, 0xf7, 0x81, 0xaf, 0xbd, 0xdc, 0x75, 0xf8, 0x14, 0x54, 0xdc, 0x2d, 0x27,
-	0x4a, 0x26, 0x47, 0xd8, 0xa4, 0x51, 0xb3, 0x78, 0x9e, 0x36, 0x62, 0x0e, 0x43, 0x4f, 0x40, 0x39,
-	0x22, 0x1b, 0x2c, 0xb4, 0xd9, 0x08, 0xaa, 0xc2, 0x64, 0x03, 0xd3, 0x76, 0x65, 0x97, 0x8d, 0xf5,
-	0x8c, 0xb6, 0xfb, 0x89, 0x52, 0xda, 0xb0, 0x4b, 0x8f, 0x0c, 0x5f, 0x0f, 0x6e, 0x3b, 0x8a, 0xa5,
-	0x77, 0xcd, 0x58, 0x0f, 0xac, 0x19, 0x4b, 0x38, 0xfa, 0x84, 0x05, 0x43, 0xb7, 0xe2, 0x30, 0x08,
-	0x48, 0x22, 0x94, 0xe8, 0x8d, 0x82, 0x07, 0xeb, 0x0a, 0xa7, 0xae, 0xfb, 0x20, 0x1a, 0xb0, 0xe4,
-	0x4b, 0xbb, 0x4b, 0x76, 0x5d, 0xbf, 0xdd, 0xe8, 0x8a, 0xa4, 0xb9, 0xc0, 0x9b, 0xb1, 0x84, 0x53,
-	0x54, 0x2f, 0xe0, 0xa8, 0x03, 0x69, 0xd4, 0xc5, 0x40, 0xa0, 0x0a, 0xb8, 0xfd, 0xb3, 0x55, 0x38,
-	0x9d, 0xbb, 0x7c, 0xa8, 0xc9, 0xc5, 0x8c, 0x9a, 0x8b, 0x9e, 0x4f, 0x64, 0x0c, 0x19, 0x33, 0xb9,
-	0x6e, 0xa8, 0x56, 0x6c, 0x60, 0xa0, 0xef, 0x01, 0x68, 0x39, 0x91, 0xd3, 0x24, 0xca, 0xfb, 0x7d,
-	0x64, 0xcb, 0x86, 0xf6, 0x63, 0x55, 0xd2, 0xd4, 0x1e, 0x00, 0xd5, 0x14, 0x63, 0x83, 0x25, 0x7a,
-	0x01, 0x86, 0x23, 0xe2, 0x13, 0x27, 0x66, 0xb1, 0xf3, 0xd9, 0x44, 0x20, 0xac, 0x41, 0xd8, 0xc4,
-	0x43, 0x4f, 0xab, 0x70, 0xbb, 0x4c, 0xd8, 0x51, 0x3a, 0xe4, 0x0e, 0x7d, 0xd1, 0x82, 0xb1, 0x0d,
-	0xcf, 0x27, 0x9a, 0xbb, 0x48, 0xdb, 0x59, 0x39, 0xfa, 0x4b, 0x5e, 0x34, 0xe9, 0x6a, 0x19, 0x9a,
-	0x6a, 0x8e, 0x71, 0x86, 0x3d, 0xfd, 0xcc, 0x3b, 0x24, 0x62, 0xc2, 0x77, 0x30, 0xfd, 0x99, 0x6f,
-	0xf0, 0x66, 0x2c, 0xe1, 0x68, 0x16, 0xc6, 0x5b, 0x4e, 0x1c, 0xcf, 0x47, 0xa4, 0x41, 0x82, 0xc4,
-	0x73, 0x7c, 0x9e, 0x54, 0x53, 0xd5, 0xb1, 0xe8, 0xab, 0x69, 0x30, 0xce, 0xe2, 0xa3, 0x0f, 0xc1,
-	0xa3, 0xdc, 0xbd, 0xb4, 0xec, 0xc5, 0xb1, 0x17, 0x6c, 0xea, 0x69, 0x20, 0xbc, 0x6c, 0x53, 0x82,
-	0xd4, 0xa3, 0x8b, 0xf9, 0x68, 0xb8, 0xd7, 0xf3, 0xe8, 0x19, 0xa8, 0xc6, 0xdb, 0x5e, 0x6b, 0x3e,
-	0x6a, 0xc4, 0xec, 0x68, 0xa9, 0xaa, 0x7d, 0xba, 0x75, 0xd1, 0x8e, 0x15, 0x06, 0x72, 0x61, 0x84,
-	0x7f, 0x12, 0x1e, 0x2f, 0x28, 0x24, 0xe8, 0xfb, 0x7b, 0x2a, 0x72, 0x91, 0x3f, 0x3b, 0x8d, 0x9d,
-	0xdb, 0x17, 0xe4, 0x41, 0x17, 0x3f, 0x97, 0xb9, 0x61, 0x90, 0xc1, 0x29, 0xa2, 0xe9, 0x3d, 0xdd,
-	0x70, 0x1f, 0x7b, 0xba, 0x17, 0x60, 0x78, 0xbb, 0xbd, 0x4e, 0xc4, 0xc8, 0x0b, 0xc1, 0xa6, 0x66,
-	0xdf, 0x55, 0x0d, 0xc2, 0x26, 0x1e, 0x0b, 0xd5, 0x6c, 0x79, 0xe2, 0x5f, 0x3c, 0x39, 0x6a, 0x84,
-	0x6a, 0xae, 0x2e, 0xca, 0x66, 0x6c, 0xe2, 0xd0, 0xae, 0xd1, 0xb1, 0x58, 0x23, 0x31, 0xcb, 0xc4,
-	0xa0, 0xc3, 0xa5, 0xba, 0x56, 0x97, 0x00, 0xac, 0x71, 0xd0, 0x2a, 0x9c, 0xa2, 0x7f, 0xea, 0x2c,
-	0x7f, 0xf8, 0x86, 0xe3, 0x7b, 0x0d, 0x1e, 0x37, 0x38, 0x9e, 0x76, 0x8e, 0xd6, 0x73, 0x70, 0x70,
-	0xee, 0x93, 0xf6, 0x8f, 0x96, 0xd2, 0x9e, 0x13, 0x53, 0x84, 0xa1, 0x98, 0x0a, 0xaa, 0xe4, 0x86,
-	0x13, 0x49, 0x83, 0xe7, 0x88, 0x99, 0x51, 0x82, 0xee, 0x0d, 0x27, 0x32, 0x45, 0x1e, 0x63, 0x80,
-	0x25, 0x27, 0x74, 0x0b, 0x06, 0x12, 0xdf, 0x29, 0x28, 0x95, 0xd2, 0xe0, 0xa8, 0xbd, 0x60, 0x4b,
-	0xb3, 0x31, 0x66, 0x3c, 0xd0, 0xe3, 0x74, 0xf7, 0xb6, 0x2e, 0x8f, 0xe9, 0xc4, 0x86, 0x6b, 0x3d,
-	0xc6, 0xac, 0xd5, 0xfe, 0xdb, 0xa3, 0x39, 0x5a, 0x47, 0x19, 0x02, 0xe8, 0x3c, 0x00, 0x9d, 0x34,
-	0xab, 0x11, 0xd9, 0xf0, 0x76, 0x85, 0x21, 0xa6, 0x24, 0xdb, 0x35, 0x05, 0xc1, 0x06, 0x96, 0x7c,
-	0xa6, 0xde, 0xde, 0xa0, 0xcf, 0x94, 0xba, 0x9f, 0xe1, 0x10, 0x6c, 0x60, 0xa1, 0xe7, 0x61, 0xd0,
-	0x6b, 0x3a, 0x9b, 0x2a, 0x8a, 0xf8, 0x71, 0x2a, 0xd2, 0x16, 0x59, 0xcb, 0xdd, 0xbd, 0xa9, 0x31,
-	0xd5, 0x21, 0xd6, 0x84, 0x05, 0x2e, 0xfa, 0x29, 0x0b, 0x46, 0xdc, 0xb0, 0xd9, 0x0c, 0x03, 0xbe,
-	0x7d, 0x16, 0xbe, 0x80, 0x5b, 0xc7, 0x65, 0x26, 0x4d, 0xcf, 0x1b, 0xcc, 0xb8, 0x33, 0x40, 0xe5,
-	0x7c, 0x9a, 0x20, 0x9c, 0xea, 0x95, 0x29, 0xf9, 0x2a, 0x07, 0x48, 0xbe, 0x9f, 0xb3, 0x60, 0x82,
-	0x3f, 0x6b, 0xec, 0xea, 0x45, 0x7a, 0x63, 0x78, 0xcc, 0xaf, 0xd5, 0xe5, 0xe8, 0x50, 0x9e, 0xe2,
-	0x2e, 0x38, 0xee, 0xee, 0x24, 0xba, 0x04, 0x13, 0x1b, 0x61, 0xe4, 0x12, 0x73, 0x20, 0x84, 0xd8,
-	0x56, 0x84, 0x2e, 0x66, 0x11, 0x70, 0xf7, 0x33, 0xe8, 0x06, 0x3c, 0x62, 0x34, 0x9a, 0xe3, 0xc0,
-	0x25, 0xf7, 0x93, 0x82, 0xda, 0x23, 0x17, 0x73, 0xb1, 0x70, 0x8f, 0xa7, 0xd3, 0x42, 0xb2, 0xd6,
-	0x87, 0x90, 0x7c, 0x0d, 0xce, 0xb8, 0xdd, 0x23, 0xb3, 0x13, 0xb7, 0xd7, 0x63, 0x2e, 0xc7, 0xab,
-	0x73, 0x5f, 0x27, 0x08, 0x9c, 0x99, 0xef, 0x85, 0x88, 0x7b, 0xd3, 0x40, 0x6f, 0x42, 0x35, 0x22,
-	0xec, 0xab, 0xc4, 0x22, 0xd7, 0xef, 0x88, 0xde, 0x0e, 0x6d, 0xc1, 0x73, 0xb2, 0x5a, 0x33, 0x89,
-	0x86, 0x18, 0x2b, 0x8e, 0xe8, 0x36, 0x0c, 0xb5, 0x9c, 0xc4, 0xdd, 0x12, 0x19, 0x7e, 0x47, 0x76,
-	0xec, 0x2b, 0xe6, 0xec, 0x1c, 0xc6, 0xa8, 0x97, 0xc0, 0x99, 0x60, 0xc9, 0x8d, 0xda, 0x6a, 0x6e,
-	0xd8, 0x6c, 0x85, 0x01, 0x09, 0x12, 0xa9, 0x44, 0xc6, 0xf8, 0x61, 0x89, 0x6c, 0xc5, 0x06, 0x46,
-	0x97, 0x2e, 0xd7, 0x68, 0x93, 0x13, 0xfb, 0xe8, 0x72, 0x83, 0x5a, 0xaf, 0xe7, 0xa9, 0xb2, 0x61,
-	0x6e, 0xc5, 0x9b, 0x5e, 0xb2, 0x15, 0xb6, 0x13, 0xb9, 0x4b, 0x16, 0x8a, 0x4a, 0x29, 0x9b, 0xa5,
-	0x1c, 0x1c, 0x9c, 0xfb, 0x64, 0x56, 0xb3, 0x8e, 0xdf, 0x9b, 0x66, 0x3d, 0xd1, 0x87, 0x66, 0xad,
-	0xc3, 0x69, 0xd6, 0x03, 0x61, 0x25, 0x4b, 0xa7, 0x65, 0x3c, 0x89, 0x58, 0xe7, 0x55, 0x72, 0xcc,
-	0x52, 0x1e, 0x12, 0xce, 0x7f, 0xf6, 0xec, 0xb7, 0xc1, 0x44, 0x97, 0x90, 0x3b, 0x94, 0x43, 0x72,
-	0x01, 0x1e, 0xc9, 0x17, 0x27, 0x87, 0x72, 0x4b, 0xfe, 0x6c, 0x26, 0xa8, 0xdd, 0xd8, 0xa2, 0xf5,
-	0xe1, 0xe2, 0x76, 0xa0, 0x4c, 0x82, 0x1d, 0xa1, 0x5d, 0x2f, 0x1e, 0x6d, 0x56, 0x5f, 0x08, 0x76,
-	0xb8, 0x34, 0x64, 0x7e, 0xbc, 0x0b, 0xc1, 0x0e, 0xa6, 0xb4, 0xd1, 0x0f, 0x59, 0xa9, 0x0d, 0x04,
-	0x77, 0x8c, 0x7f, 0xe4, 0x58, 0xf6, 0xa4, 0x7d, 0xef, 0x29, 0xec, 0x7f, 0x57, 0x82, 0x73, 0x07,
-	0x11, 0xe9, 0x63, 0xf8, 0x9e, 0x82, 0xc1, 0x98, 0x85, 0xa9, 0x08, 0x75, 0x35, 0x4c, 0x57, 0x31,
-	0x0f, 0x5c, 0x79, 0x0d, 0x0b, 0x10, 0xf2, 0xa1, 0xdc, 0x74, 0x5a, 0xc2, 0x5f, 0xba, 0x78, 0xd4,
-	0xe4, 0x3f, 0xfa, 0xdf, 0xf1, 0x97, 0x9d, 0x16, 0x9f, 0xf3, 0x46, 0x03, 0xa6, 0x6c, 0x50, 0x02,
-	0x15, 0x27, 0x8a, 0x1c, 0x19, 0x13, 0x71, 0xb5, 0x18, 0x7e, 0xb3, 0x94, 0x24, 0x3f, 0x52, 0x4e,
-	0x35, 0x61, 0xce, 0xcc, 0xfe, 0x91, 0x6a, 0x2a, 0x53, 0x8c, 0x05, 0xba, 0xc4, 0x30, 0x28, 0xdc,
-	0xa4, 0x56, 0xd1, 0x39, 0x97, 0x3c, 0x15, 0x9b, 0x79, 0x20, 0x44, 0x41, 0x0b, 0xc1, 0x0a, 0x7d,
-	0xd6, 0x62, 0x65, 0x23, 0x64, 0xfa, 0x9d, 0xd8, 0xd5, 0x1f, 0x4f, 0x15, 0x0b, 0xb3, 0x18, 0x85,
-	0x6c, 0xc4, 0x26, 0x77, 0x51, 0x1a, 0x87, 0xed, 0x66, 0xba, 0x4b, 0xe3, 0xb0, 0xdd, 0x89, 0x84,
-	0xa3, 0xdd, 0x9c, 0x80, 0x96, 0x02, 0x4a, 0x0f, 0xf4, 0x11, 0xc2, 0xf2, 0x25, 0x0b, 0x26, 0xbc,
-	0x6c, 0x64, 0x82, 0xd8, 0x03, 0xdf, 0x2c, 0xc6, 0xa7, 0xd9, 0x1d, 0xf8, 0xa0, 0x0c, 0x9d, 0x2e,
-	0x10, 0xee, 0xee, 0x0c, 0x6a, 0xc0, 0x80, 0x17, 0x6c, 0x84, 0xc2, 0xbc, 0x9b, 0x3b, 0x5a, 0xa7,
-	0x16, 0x83, 0x8d, 0x50, 0xaf, 0x66, 0xfa, 0x0f, 0x33, 0xea, 0x68, 0x09, 0x4e, 0xc9, 0x64, 0xa1,
-	0xcb, 0x5e, 0x9c, 0x84, 0x51, 0x67, 0xc9, 0x6b, 0x7a, 0x09, 0x33, 0xcd, 0xca, 0x73, 0x93, 0x54,
-	0xbd, 0xe1, 0x1c, 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x01, 0x43, 0x32, 0x1a, 0xa0, 0x5a, 0x84, 0x3f,
-	0xa1, 0x7b, 0xfe, 0xab, 0xc9, 0x54, 0x17, 0xe1, 0x00, 0x92, 0x21, 0xfa, 0x8c, 0x05, 0x63, 0xfc,
-	0xf7, 0xe5, 0x4e, 0x83, 0xe7, 0x27, 0xd6, 0x8a, 0x08, 0xf9, 0xaf, 0xa7, 0x68, 0xce, 0xa1, 0x3b,
-	0x7b, 0x53, 0x63, 0xe9, 0x36, 0x9c, 0xe1, 0x6b, 0xff, 0x93, 0x11, 0xe8, 0x8e, 0x9f, 0x48, 0x07,
-	0x4b, 0x58, 0xf7, 0x3b, 0x58, 0x82, 0xee, 0x2a, 0x63, 0x1d, 0xe7, 0x50, 0xc0, 0x32, 0x13, 0x5c,
-	0xf5, 0x31, 0x74, 0x27, 0x70, 0x31, 0xe3, 0x81, 0xda, 0x30, 0xc8, 0x2b, 0x53, 0x09, 0x0d, 0x70,
-	0xf4, 0x93, 0x6f, 0xb3, 0xc2, 0x95, 0x76, 0x6b, 0xf1, 0x56, 0x2c, 0x98, 0xa1, 0x5d, 0x18, 0xda,
-	0xe2, 0xd3, 0x51, 0xec, 0xf5, 0x96, 0x8f, 0x3a, 0xbe, 0xa9, 0x39, 0xae, 0x27, 0x9f, 0x68, 0xc0,
-	0x92, 0x1d, 0x8b, 0xcd, 0x33, 0xa2, 0x87, 0xb8, 0x20, 0x29, 0x2e, 0xd5, 0xb2, 0xff, 0xd0, 0xa1,
-	0x8f, 0xc2, 0x48, 0x44, 0xdc, 0x30, 0x70, 0x3d, 0x9f, 0x34, 0x66, 0xe5, 0x81, 0xd8, 0x61, 0x32,
-	0xec, 0x98, 0x37, 0x09, 0x1b, 0x34, 0x70, 0x8a, 0x22, 0x5b, 0x67, 0x2a, 0xeb, 0x9e, 0x7e, 0x10,
-	0x22, 0x0e, 0x3e, 0x96, 0x0a, 0xca, 0xf1, 0x67, 0x34, 0xf9, 0x3a, 0x4b, 0xb7, 0xe1, 0x0c, 0x5f,
-	0xf4, 0x0a, 0x40, 0xb8, 0xce, 0x03, 0xf0, 0x66, 0x13, 0x71, 0x0a, 0x72, 0x98, 0x57, 0x1d, 0xe3,
-	0x99, 0xba, 0x92, 0x02, 0x36, 0xa8, 0xa1, 0xab, 0x00, 0x7c, 0xe5, 0xac, 0x75, 0x5a, 0x72, 0x43,
-	0x28, 0x53, 0x24, 0xa1, 0xae, 0x20, 0x77, 0xf7, 0xa6, 0xba, 0x7d, 0xce, 0x2c, 0xca, 0xc8, 0x78,
-	0x1c, 0x7d, 0x17, 0x0c, 0xc5, 0xed, 0x66, 0xd3, 0x51, 0x67, 0x24, 0x05, 0xe6, 0xfe, 0x72, 0xba,
-	0x86, 0x60, 0xe4, 0x0d, 0x58, 0x72, 0x44, 0xb7, 0xa8, 0x88, 0x17, 0x12, 0x8a, 0xaf, 0x22, 0x6e,
-	0xa1, 0x70, 0x4f, 0xe0, 0x07, 0xe4, 0x2e, 0x06, 0xe7, 0xe0, 0xdc, 0xdd, 0x9b, 0x7a, 0x24, 0xdd,
-	0xbe, 0x14, 0x8a, 0x6c, 0xdc, 0x5c, 0x9a, 0xe8, 0x8a, 0x2c, 0xc2, 0x45, 0x5f, 0x5b, 0xd6, 0x86,
-	0x79, 0xaf, 0x2e, 0xc2, 0xc5, 0x9a, 0x7b, 0x8f, 0x99, 0xf9, 0x30, 0x5a, 0x86, 0x93, 0x6e, 0x18,
-	0x24, 0x51, 0xe8, 0xfb, 0xbc, 0x40, 0x1f, 0xdf, 0x9b, 0xf3, 0x33, 0x94, 0xc7, 0x44, 0xb7, 0x4f,
-	0xce, 0x77, 0xa3, 0xe0, 0xbc, 0xe7, 0xa8, 0x4d, 0x9e, 0xd5, 0x0f, 0x63, 0x85, 0x1c, 0xaf, 0xa7,
-	0x68, 0x0a, 0x09, 0xa5, 0xdc, 0xde, 0x07, 0x68, 0x8a, 0x20, 0x7d, 0xc8, 0x2a, 0xbe, 0xd8, 0xf3,
-	0x30, 0x42, 0x76, 0x13, 0x12, 0x05, 0x8e, 0x7f, 0x1d, 0x2f, 0xc9, 0x03, 0x0b, 0xb6, 0x30, 0x2f,
-	0x18, 0xed, 0x38, 0x85, 0x85, 0x6c, 0xe5, 0x25, 0x33, 0xd2, 0xde, 0xb9, 0x97, 0x4c, 0xfa, 0xc4,
-	0xec, 0x9f, 0x29, 0xa7, 0x6c, 0xd6, 0x07, 0x72, 0xa4, 0xcb, 0xea, 0x2b, 0xc9, 0x42, 0x54, 0x0c,
-	0x20, 0xf6, 0x62, 0x45, 0x72, 0x56, 0x51, 0x73, 0x2b, 0x26, 0x23, 0x9c, 0xe6, 0x8b, 0xb6, 0xa1,
-	0xb2, 0x15, 0xc6, 0x89, 0xdc, 0xa1, 0x1d, 0x71, 0x33, 0x78, 0x39, 0x8c, 0x13, 0x66, 0x68, 0xa9,
-	0xd7, 0xa6, 0x2d, 0x31, 0xe6, 0x3c, 0xe8, 0xde, 0x3f, 0xde, 0x72, 0xa2, 0x46, 0x3c, 0xcf, 0x8a,
-	0x54, 0x0c, 0x30, 0x0b, 0x4b, 0xd9, 0xd3, 0x75, 0x0d, 0xc2, 0x26, 0x9e, 0xfd, 0x27, 0x56, 0xea,
-	0x54, 0xeb, 0x26, 0xcb, 0x38, 0xd8, 0x21, 0x01, 0x15, 0x51, 0x66, 0x8c, 0xe3, 0x37, 0x65, 0xf2,
-	0xb7, 0xdf, 0xd3, 0xab, 0x96, 0xe6, 0x6d, 0x4a, 0x61, 0x9a, 0x91, 0x30, 0xc2, 0x21, 0x3f, 0x6e,
-	0xa5, 0x13, 0xf1, 0x4b, 0x45, 0x6c, 0xdd, 0xcc, 0x62, 0x14, 0x07, 0xe6, 0xf4, 0xdb, 0x3f, 0x64,
-	0xc1, 0xd0, 0x9c, 0xe3, 0x6e, 0x87, 0x1b, 0x1b, 0xe8, 0x19, 0xa8, 0x36, 0xda, 0x91, 0x59, 0x13,
-	0x40, 0x39, 0xab, 0x16, 0x44, 0x3b, 0x56, 0x18, 0x74, 0xea, 0x6f, 0x38, 0xae, 0x2c, 0x49, 0x51,
-	0xe6, 0x53, 0xff, 0x22, 0x6b, 0xc1, 0x02, 0x42, 0x87, 0xbf, 0xe9, 0xec, 0xca, 0x87, 0xb3, 0x47,
-	0x6a, 0xcb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xd7, 0x2c, 0x98, 0x9c, 0x73, 0x62, 0xcf, 0x9d, 0x6d,
-	0x27, 0x5b, 0x73, 0x5e, 0xb2, 0xde, 0x76, 0xb7, 0x49, 0xc2, 0x4b, 0x97, 0xd0, 0x5e, 0xb6, 0x63,
-	0xba, 0x02, 0xd5, 0x8e, 0x59, 0xf5, 0xf2, 0xba, 0x68, 0xc7, 0x0a, 0x03, 0xbd, 0x01, 0xc3, 0x2d,
-	0x27, 0x8e, 0x6f, 0x87, 0x51, 0x03, 0x93, 0x8d, 0x62, 0x8a, 0x1b, 0xd5, 0x89, 0x1b, 0x91, 0x04,
-	0x93, 0x0d, 0x11, 0xa0, 0xa2, 0xe9, 0x63, 0x93, 0x99, 0xfd, 0x03, 0x16, 0x9c, 0x9a, 0x23, 0x4e,
-	0x44, 0x22, 0x56, 0x0b, 0x49, 0xbd, 0x08, 0x7a, 0x1d, 0xaa, 0x09, 0x6d, 0xa1, 0x3d, 0xb2, 0x8a,
-	0xed, 0x11, 0x0b, 0x2d, 0x59, 0x13, 0xc4, 0xb1, 0x62, 0x63, 0x7f, 0xc1, 0x82, 0x33, 0x79, 0x7d,
-	0x99, 0xf7, 0xc3, 0x76, 0xe3, 0x41, 0x74, 0xe8, 0xef, 0x5a, 0x30, 0xc2, 0x8e, 0xeb, 0x17, 0x48,
-	0xe2, 0x78, 0x7e, 0x57, 0x1d, 0x46, 0xab, 0xcf, 0x3a, 0x8c, 0xe7, 0x60, 0x60, 0x2b, 0x6c, 0x92,
-	0x6c, 0xa8, 0xc9, 0xe5, 0xb0, 0x49, 0x30, 0x83, 0xa0, 0x67, 0xe9, 0x24, 0xf4, 0x82, 0xc4, 0xa1,
-	0xcb, 0x51, 0x1e, 0x67, 0x8c, 0xf3, 0x09, 0xa8, 0x9a, 0xb1, 0x89, 0x63, 0xff, 0x72, 0x0d, 0x86,
-	0x44, 0x5c, 0x54, 0xdf, 0xa5, 0x74, 0xa4, 0x17, 0xa7, 0xd4, 0xd3, 0x8b, 0x13, 0xc3, 0xa0, 0xcb,
-	0x8a, 0xe5, 0x0a, 0x0b, 0xfd, 0x6a, 0x21, 0x81, 0x74, 0xbc, 0xfe, 0xae, 0xee, 0x16, 0xff, 0x8f,
-	0x05, 0x2b, 0xf4, 0x96, 0x05, 0xe3, 0x6e, 0x18, 0x04, 0xc4, 0xd5, 0xb6, 0xe3, 0x40, 0x11, 0x1b,
-	0x84, 0xf9, 0x34, 0x51, 0x7d, 0x12, 0x9c, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x12, 0x8c, 0xf2, 0x31,
-	0xbb, 0x91, 0x3a, 0x83, 0xd1, 0xe5, 0xf9, 0x4c, 0x20, 0x4e, 0xe3, 0xa2, 0x69, 0x7e, 0x96, 0x25,
-	0x0a, 0xe1, 0x0d, 0x6a, 0x57, 0xb5, 0x51, 0x02, 0xcf, 0xc0, 0x40, 0x11, 0xa0, 0x88, 0x6c, 0x44,
-	0x24, 0xde, 0x12, 0x71, 0x63, 0xcc, 0x6e, 0x1d, 0xba, 0xb7, 0x22, 0x18, 0xb8, 0x8b, 0x12, 0xce,
-	0xa1, 0x8e, 0xb6, 0x85, 0x1b, 0xa1, 0x5a, 0x84, 0x3c, 0x17, 0x9f, 0xb9, 0xa7, 0x37, 0x61, 0x0a,
-	0x2a, 0x4c, 0x75, 0x31, 0x7b, 0xb9, 0xcc, 0x13, 0x2f, 0x99, 0x62, 0xc3, 0xbc, 0x1d, 0x2d, 0xc0,
-	0x89, 0x4c, 0x71, 0xc1, 0x58, 0x9c, 0x95, 0xa8, 0x24, 0xbb, 0x4c, 0x59, 0xc2, 0x18, 0x77, 0x3d,
-	0x61, 0xba, 0x98, 0x86, 0x0f, 0x70, 0x31, 0x75, 0x54, 0x74, 0x32, 0x3f, 0xc5, 0x78, 0xb9, 0x90,
-	0x01, 0xe8, 0x2b, 0x14, 0xf9, 0xf3, 0x99, 0x50, 0xe4, 0x51, 0xd6, 0x81, 0x1b, 0xc5, 0x74, 0xe0,
-	0xf0, 0x71, 0xc7, 0x0f, 0x32, 0x8e, 0xf8, 0x7f, 0x5b, 0x20, 0xbf, 0xeb, 0xbc, 0xe3, 0x6e, 0x11,
-	0x3a, 0x65, 0xd0, 0x07, 0x61, 0x4c, 0x79, 0x27, 0xb8, 0x49, 0x64, 0xb1, 0x59, 0xa3, 0x6c, 0x67,
-	0x9c, 0x82, 0xe2, 0x0c, 0x36, 0x9a, 0x81, 0x1a, 0x1d, 0x27, 0xfe, 0x28, 0xd7, 0xfb, 0xca, 0x03,
-	0x32, 0xbb, 0xba, 0x28, 0x9e, 0xd2, 0x38, 0x28, 0x84, 0x09, 0xdf, 0x89, 0x13, 0xd6, 0x83, 0x7a,
-	0x27, 0x70, 0xef, 0xb1, 0x04, 0x0d, 0xcb, 0xe4, 0x5a, 0xca, 0x12, 0xc2, 0xdd, 0xb4, 0xed, 0xff,
-	0x50, 0x81, 0xd1, 0x94, 0x64, 0x3c, 0xa4, 0xc1, 0xf0, 0x0c, 0x54, 0xa5, 0x0e, 0xcf, 0xd6, 0xda,
-	0x52, 0x8a, 0x5e, 0x61, 0x50, 0xa5, 0xb5, 0xae, 0xb5, 0x6a, 0xd6, 0xc0, 0x31, 0x14, 0x2e, 0x36,
-	0xf1, 0x98, 0x50, 0x4e, 0xfc, 0x78, 0xde, 0xf7, 0x48, 0x90, 0xf0, 0x6e, 0x16, 0x23, 0x94, 0xd7,
-	0x96, 0xea, 0x26, 0x51, 0x2d, 0x94, 0x33, 0x00, 0x9c, 0x65, 0x8f, 0x3e, 0x65, 0xc1, 0xa8, 0x73,
-	0x3b, 0xd6, 0x15, 0xdd, 0x45, 0xd0, 0xf1, 0x11, 0x95, 0x54, 0xaa, 0x48, 0x3c, 0x77, 0xec, 0xa7,
-	0x9a, 0x70, 0x9a, 0x29, 0x7a, 0xdb, 0x02, 0x44, 0x76, 0x89, 0x2b, 0xc3, 0xa2, 0x45, 0x5f, 0x06,
-	0x8b, 0xd8, 0xc1, 0x5f, 0xe8, 0xa2, 0xcb, 0xa5, 0x7a, 0x77, 0x3b, 0xce, 0xe9, 0x03, 0xba, 0x02,
-	0xa8, 0xe1, 0xc5, 0xce, 0xba, 0x4f, 0xe6, 0xc3, 0xa6, 0xcc, 0x3e, 0x16, 0xe7, 0xe9, 0x67, 0xc5,
-	0x38, 0xa3, 0x85, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x9b, 0x65, 0x51, 0xb8, 0xdb, 0xb9, 0x1e, 0xf9,
-	0x4c, 0x4b, 0x98, 0xb3, 0x4c, 0xb4, 0x63, 0x85, 0x61, 0xff, 0x69, 0x59, 0x2d, 0x65, 0x9d, 0x03,
-	0xe0, 0x18, 0xb1, 0xc8, 0xd6, 0xbd, 0xc7, 0x22, 0xeb, 0x48, 0xa9, 0xee, 0x9c, 0xfa, 0x54, 0x0a,
-	0x6e, 0xe9, 0x01, 0xa5, 0xe0, 0x7e, 0xaf, 0x95, 0xaa, 0x67, 0x37, 0x7c, 0xfe, 0x95, 0x62, 0xf3,
-	0x0f, 0xa6, 0x79, 0x14, 0x57, 0x46, 0xaf, 0x64, 0x82, 0xf7, 0x9e, 0x81, 0xea, 0x86, 0xef, 0xb0,
-	0x2a, 0x2c, 0x6c, 0xa1, 0x1a, 0x11, 0x66, 0x17, 0x45, 0x3b, 0x56, 0x18, 0x54, 0xea, 0x1b, 0x44,
-	0x0f, 0x25, 0xb5, 0xff, 0x73, 0x19, 0x86, 0x0d, 0x8d, 0x9f, 0x6b, 0xbe, 0x59, 0x0f, 0x99, 0xf9,
-	0x56, 0x3a, 0x84, 0xf9, 0xf6, 0x3d, 0x50, 0x73, 0xa5, 0x36, 0x2a, 0xa6, 0x3e, 0x7f, 0x56, 0xc7,
-	0x69, 0x85, 0xa4, 0x9a, 0xb0, 0xe6, 0x89, 0x2e, 0xa5, 0xd2, 0x3c, 0x53, 0x7e, 0x81, 0xbc, 0x3c,
-	0x4c, 0xa1, 0xd1, 0xba, 0x9f, 0xc9, 0xc6, 0x07, 0x54, 0x0e, 0x8e, 0x0f, 0xb0, 0x7f, 0xdf, 0x52,
-	0x1f, 0xf7, 0x3e, 0xd4, 0xf3, 0xb9, 0x95, 0xae, 0xe7, 0x73, 0xa1, 0x90, 0x61, 0xee, 0x51, 0xc8,
-	0xe7, 0x1a, 0x0c, 0xcd, 0x87, 0xcd, 0xa6, 0x13, 0x34, 0xd0, 0xd7, 0xc3, 0x90, 0xcb, 0x7f, 0x0a,
-	0x1f, 0x1a, 0x3b, 0xac, 0x16, 0x50, 0x2c, 0x61, 0xe8, 0x71, 0x18, 0x70, 0xa2, 0x4d, 0xe9, 0x37,
-	0x63, 0x41, 0x70, 0xb3, 0xd1, 0x66, 0x8c, 0x59, 0xab, 0xfd, 0xe7, 0x16, 0x8c, 0xd1, 0x47, 0x3c,
-	0xf6, 0x52, 0xec, 0x75, 0x9e, 0x86, 0x41, 0xa7, 0x9d, 0x6c, 0x85, 0x5d, 0xfb, 0xb0, 0x59, 0xd6,
-	0x8a, 0x05, 0x94, 0xee, 0xc3, 0x54, 0x21, 0x08, 0x63, 0x1f, 0xb6, 0x40, 0xe7, 0x32, 0x83, 0x50,
-	0x53, 0x36, 0x6e, 0xaf, 0xe7, 0x9d, 0x96, 0xd6, 0x79, 0x33, 0x96, 0x70, 0x4a, 0x6c, 0x3d, 0x6c,
-	0x74, 0x44, 0x68, 0xaf, 0x22, 0x36, 0x17, 0x36, 0x3a, 0x98, 0x41, 0xd0, 0x13, 0x50, 0x8e, 0xb7,
-	0x1c, 0x79, 0x2e, 0x2f, 0xa3, 0xcc, 0xeb, 0x97, 0x67, 0x31, 0x6d, 0x57, 0x49, 0x13, 0x91, 0x9f,
-	0x8d, 0xb1, 0x4d, 0x27, 0x4d, 0x44, 0xbe, 0xfd, 0x2f, 0x07, 0x80, 0xc5, 0xdb, 0x38, 0x11, 0x69,
-	0xac, 0x85, 0xac, 0x94, 0xf0, 0xb1, 0x1e, 0x6b, 0xeb, 0x8d, 0xec, 0xc3, 0x7c, 0xb4, 0x6d, 0x1c,
-	0x6f, 0x96, 0xef, 0xf7, 0xf1, 0x66, 0xfe, 0x89, 0xf5, 0xc0, 0x43, 0x74, 0x62, 0x6d, 0x7f, 0xce,
-	0x02, 0xa4, 0xa2, 0xa7, 0x74, 0x48, 0xc9, 0x0c, 0xd4, 0x54, 0xb8, 0x96, 0x58, 0x2f, 0x5a, 0x2c,
-	0x4a, 0x00, 0xd6, 0x38, 0x7d, 0x78, 0x2f, 0x9e, 0x92, 0x3a, 0xab, 0x9c, 0xce, 0xb9, 0x60, 0x9a,
-	0x4e, 0xa8, 0x30, 0xfb, 0x57, 0x4a, 0xf0, 0x08, 0x37, 0x97, 0x96, 0x9d, 0xc0, 0xd9, 0x24, 0x4d,
-	0xda, 0xab, 0x7e, 0x83, 0x84, 0x5c, 0xba, 0x6d, 0xf6, 0x64, 0x86, 0xc4, 0x51, 0xe5, 0x15, 0x97,
-	0x33, 0x5c, 0xb2, 0x2c, 0x06, 0x5e, 0x82, 0x19, 0x71, 0x14, 0x43, 0x55, 0x5e, 0x66, 0x24, 0xf4,
-	0x4f, 0x41, 0x8c, 0x94, 0x28, 0x16, 0x96, 0x05, 0xc1, 0x8a, 0x11, 0x35, 0x1f, 0xfc, 0xd0, 0xdd,
-	0xa6, 0x4b, 0x3e, 0x6b, 0x3e, 0x2c, 0x89, 0x76, 0xac, 0x30, 0xec, 0x26, 0x8c, 0xcb, 0x31, 0x6c,
-	0x5d, 0x25, 0x1d, 0x4c, 0x36, 0xa8, 0xce, 0x75, 0x65, 0x93, 0x71, 0xbf, 0x92, 0xd2, 0xb9, 0xf3,
-	0x26, 0x10, 0xa7, 0x71, 0x65, 0x75, 0xe1, 0x52, 0x7e, 0x75, 0x61, 0xfb, 0x57, 0x2c, 0xc8, 0x2a,
-	0x7d, 0xa3, 0x96, 0xaa, 0xb5, 0x6f, 0x2d, 0xd5, 0x43, 0x54, 0x23, 0xfd, 0x4e, 0x18, 0x76, 0x12,
-	0x6a, 0xd5, 0x71, 0x0f, 0x4c, 0xf9, 0xde, 0x4e, 0x0e, 0x97, 0xc3, 0x86, 0xb7, 0xe1, 0x31, 0xcf,
-	0x8b, 0x49, 0xce, 0x7e, 0xdb, 0x82, 0xda, 0x42, 0xd4, 0x39, 0x7c, 0xaa, 0x5a, 0x77, 0x22, 0x5a,
-	0xe9, 0x50, 0x89, 0x68, 0x32, 0xd5, 0xad, 0xdc, 0x2b, 0xd5, 0xcd, 0xfe, 0x8b, 0x01, 0x98, 0xe8,
-	0xca, 0xbd, 0x44, 0x2f, 0xc2, 0x88, 0xfa, 0x4a, 0xd2, 0xed, 0x5a, 0x33, 0x83, 0x97, 0x35, 0x0c,
-	0xa7, 0x30, 0xfb, 0x58, 0xaa, 0x8b, 0x70, 0x32, 0x22, 0xaf, 0xb7, 0x49, 0x9b, 0xcc, 0x6e, 0x24,
-	0x24, 0xaa, 0x13, 0x37, 0x0c, 0x1a, 0xbc, 0x18, 0x71, 0x79, 0xee, 0xd1, 0x3b, 0x7b, 0x53, 0x27,
-	0x71, 0x37, 0x18, 0xe7, 0x3d, 0x83, 0x5a, 0x30, 0xea, 0x9b, 0xfb, 0x05, 0xb1, 0x4d, 0xbd, 0xa7,
-	0xad, 0x86, 0x9a, 0xad, 0xa9, 0x66, 0x9c, 0x66, 0x90, 0xde, 0x74, 0x54, 0x1e, 0xd0, 0xa6, 0xe3,
-	0x93, 0x7a, 0xd3, 0xc1, 0x63, 0x81, 0x3e, 0x5c, 0x70, 0xee, 0x6d, 0x3f, 0xbb, 0x8e, 0xa3, 0xec,
-	0x23, 0x5e, 0x86, 0xaa, 0x8c, 0x93, 0xec, 0x2b, 0xbe, 0xd0, 0xa4, 0xd3, 0x43, 0xb6, 0x3f, 0x0d,
-	0xef, 0xbe, 0x10, 0x45, 0xc6, 0x60, 0x5e, 0x0b, 0x93, 0x59, 0xdf, 0x0f, 0x6f, 0x53, 0x73, 0xe5,
-	0x7a, 0x4c, 0x84, 0x1f, 0xd0, 0xbe, 0x5b, 0x82, 0x9c, 0x2d, 0x35, 0x5d, 0x93, 0xda, 0x2e, 0x4c,
-	0xad, 0xc9, 0xc3, 0xd9, 0x86, 0x68, 0x97, 0xc7, 0x92, 0x72, 0x6b, 0xe0, 0x43, 0x45, 0xbb, 0x04,
-	0x74, 0x78, 0xa9, 0x92, 0x94, 0x2a, 0xc4, 0xf4, 0x3c, 0x80, 0x36, 0xe7, 0x85, 0x4d, 0xa8, 0x82,
-	0x43, 0xb4, 0xd5, 0x8f, 0x0d, 0x2c, 0xf4, 0x02, 0x0c, 0x7b, 0x41, 0x9c, 0x38, 0xbe, 0x7f, 0xd9,
-	0x0b, 0x12, 0x61, 0x27, 0x2a, 0xb3, 0x67, 0x51, 0x83, 0xb0, 0x89, 0x77, 0xf6, 0x03, 0xc6, 0xf7,
-	0x3b, 0xcc, 0x77, 0xdf, 0x82, 0x33, 0x97, 0xbc, 0x44, 0x25, 0x29, 0xaa, 0xf9, 0x46, 0xad, 0x75,
-	0x25, 0xab, 0xac, 0x9e, 0x69, 0xb9, 0x46, 0x92, 0x60, 0x29, 0x9d, 0xd3, 0x98, 0x4d, 0x12, 0xb4,
-	0x5d, 0x38, 0x75, 0xc9, 0x4b, 0x2e, 0x7a, 0x3e, 0x39, 0x46, 0x26, 0xbf, 0x34, 0x08, 0x23, 0x66,
-	0xee, 0xfe, 0x61, 0x24, 0xfb, 0x17, 0xa8, 0x1d, 0x2b, 0x06, 0xc2, 0x53, 0x07, 0xde, 0x37, 0x8f,
-	0x5c, 0x48, 0x20, 0x7f, 0x70, 0x0d, 0x53, 0x56, 0xf3, 0xc4, 0x66, 0x07, 0xd0, 0x6d, 0xa8, 0x6c,
-	0xb0, 0x7c, 0xb7, 0x72, 0x11, 0xa1, 0x4a, 0x79, 0x83, 0xaf, 0x57, 0x2e, 0xcf, 0x98, 0xe3, 0xfc,
-	0xa8, 0xf9, 0x11, 0xa5, 0xd3, 0xac, 0x8d, 0x2c, 0x04, 0xa1, 0xd7, 0x14, 0x46, 0x2f, 0xed, 0x51,
-	0xb9, 0x07, 0xed, 0x91, 0x92, 0xe5, 0x83, 0x0f, 0x48, 0x96, 0xb3, 0xdc, 0xc5, 0x64, 0x8b, 0x19,
-	0xc7, 0x22, 0x6d, 0x6a, 0x88, 0x0d, 0x82, 0x91, 0xbb, 0x98, 0x02, 0xe3, 0x2c, 0x3e, 0xfa, 0x98,
-	0xd2, 0x06, 0xd5, 0x22, 0x0e, 0x14, 0xcc, 0x19, 0x7d, 0xdc, 0x8a, 0xe0, 0x73, 0x25, 0x18, 0xbb,
-	0x14, 0xb4, 0x57, 0x2f, 0xad, 0xb6, 0xd7, 0x7d, 0xcf, 0xbd, 0x4a, 0x3a, 0x54, 0xda, 0x6f, 0x93,
-	0xce, 0xe2, 0x82, 0x58, 0x41, 0x6a, 0xce, 0x5c, 0xa5, 0x8d, 0x98, 0xc3, 0xa8, 0xdc, 0xda, 0xf0,
-	0x82, 0x4d, 0x12, 0xb5, 0x22, 0x4f, 0xf8, 0xfa, 0x0d, 0xb9, 0x75, 0x51, 0x83, 0xb0, 0x89, 0x47,
-	0x69, 0x87, 0xb7, 0x03, 0x55, 0x48, 0x49, 0xd1, 0x5e, 0xa1, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12,
-	0xb5, 0x85, 0x2b, 0xcd, 0x40, 0x5a, 0xa3, 0x8d, 0x98, 0xc3, 0xc4, 0x2e, 0x9d, 0x45, 0x82, 0x55,
-	0xba, 0x76, 0xe9, 0x2c, 0x88, 0x42, 0xc2, 0x29, 0xea, 0x36, 0xe9, 0x2c, 0x38, 0x89, 0x93, 0xdd,
-	0x64, 0x5f, 0xe5, 0xcd, 0x58, 0xc2, 0x59, 0x65, 0xe5, 0xf4, 0x70, 0x7c, 0xcd, 0x55, 0x56, 0x4e,
-	0x77, 0xbf, 0x87, 0x43, 0xe6, 0xef, 0x94, 0x60, 0xe4, 0x9d, 0xeb, 0x4f, 0x73, 0x2e, 0xf6, 0xb9,
-	0x09, 0x13, 0x5d, 0x19, 0xd3, 0x7d, 0x58, 0x48, 0x07, 0x56, 0xb4, 0xb0, 0x31, 0x0c, 0x53, 0xc2,
-	0xb2, 0xa2, 0xe0, 0x3c, 0x4c, 0xf0, 0xc5, 0x4b, 0x39, 0xb1, 0x04, 0x58, 0x95, 0x05, 0xcf, 0x0e,
-	0xb3, 0x6e, 0x64, 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xbc, 0x05, 0xa3, 0xa9, 0x24, 0xf6, 0x82, 0x6c,
-	0x39, 0xb6, 0xba, 0x43, 0x16, 0xc5, 0xcc, 0xb2, 0x4a, 0xca, 0x4c, 0x0d, 0xeb, 0xd5, 0xad, 0x41,
-	0xd8, 0xc4, 0xb3, 0x7f, 0xb3, 0x0c, 0x55, 0x19, 0x71, 0xd5, 0x47, 0x57, 0x3e, 0x6b, 0xc1, 0xa8,
-	0x3a, 0x40, 0x64, 0x1e, 0xdf, 0x52, 0x11, 0x39, 0x75, 0xb4, 0x07, 0xca, 0x7f, 0x12, 0x6c, 0x84,
-	0x7a, 0x63, 0x81, 0x4d, 0x66, 0x38, 0xcd, 0x1b, 0xdd, 0x00, 0x88, 0x3b, 0x71, 0x42, 0x9a, 0x86,
-	0xef, 0xd9, 0x36, 0x66, 0xd9, 0xb4, 0x1b, 0x46, 0x84, 0xce, 0xa9, 0x6b, 0x61, 0x83, 0xd4, 0x15,
-	0xa6, 0xb6, 0xf0, 0x74, 0x1b, 0x36, 0x28, 0xa1, 0x37, 0xd4, 0x71, 0xf7, 0x40, 0x11, 0x7a, 0x5d,
-	0x8e, 0x6f, 0x3f, 0xe7, 0xdd, 0x47, 0x38, 0x5f, 0xb6, 0x7f, 0xba, 0x04, 0x27, 0xb2, 0x23, 0x89,
-	0x3e, 0x0c, 0x23, 0x72, 0xd0, 0x0c, 0x37, 0x83, 0x0c, 0x73, 0x1b, 0xc1, 0x06, 0xec, 0xee, 0xde,
-	0xd4, 0x54, 0xf7, 0x3d, 0xda, 0xd3, 0x26, 0x0a, 0x4e, 0x11, 0xe3, 0x87, 0xcf, 0x22, 0x4a, 0x62,
-	0xae, 0x33, 0xdb, 0x6a, 0x89, 0x13, 0x64, 0xe3, 0xf0, 0xd9, 0x84, 0xe2, 0x0c, 0x36, 0x5a, 0x85,
-	0x53, 0x46, 0xcb, 0x35, 0xe2, 0x6d, 0x6e, 0xad, 0x87, 0x91, 0xdc, 0xd7, 0x3e, 0xae, 0x83, 0x6a,
-	0xbb, 0x71, 0x70, 0xee, 0x93, 0xd4, 0x30, 0x72, 0x9d, 0x96, 0xe3, 0x7a, 0x49, 0x47, 0x9c, 0x01,
-	0x28, 0x31, 0x3e, 0x2f, 0xda, 0xb1, 0xc2, 0xb0, 0xff, 0xe1, 0x00, 0x9c, 0xe0, 0x51, 0xa4, 0x44,
-	0x05, 0x49, 0xa3, 0x0f, 0x43, 0x2d, 0x4e, 0x9c, 0x88, 0x3b, 0x35, 0xac, 0x43, 0x8b, 0x2e, 0x9d,
-	0x79, 0x2f, 0x89, 0x60, 0x4d, 0x0f, 0xbd, 0xc2, 0xca, 0x96, 0x79, 0xf1, 0x16, 0xa3, 0x5e, 0xba,
-	0x37, 0x97, 0xc9, 0x45, 0x45, 0x01, 0x1b, 0xd4, 0xd0, 0xb7, 0x40, 0xa5, 0xb5, 0xe5, 0xc4, 0xd2,
-	0x9f, 0xf7, 0xb4, 0x94, 0x13, 0xab, 0xb4, 0xf1, 0xee, 0xde, 0xd4, 0xe9, 0xec, 0xab, 0x32, 0x00,
-	0xe6, 0x0f, 0x99, 0x52, 0x7e, 0xe0, 0xe0, 0x7b, 0x79, 0x1a, 0x51, 0xa7, 0x7e, 0x79, 0x36, 0x7b,
-	0x93, 0xcb, 0x02, 0x6b, 0xc5, 0x02, 0x4a, 0x65, 0xd2, 0x16, 0x67, 0xd9, 0xa0, 0xc8, 0x83, 0x69,
-	0x8b, 0xe3, 0xb2, 0x06, 0x61, 0x13, 0x0f, 0x7d, 0xae, 0x3b, 0xc6, 0x78, 0xe8, 0x18, 0x72, 0x50,
-	0xfa, 0x8d, 0x2e, 0xbe, 0x00, 0x35, 0xd1, 0xd5, 0xb5, 0x10, 0xbd, 0x08, 0x23, 0xdc, 0x5d, 0x34,
-	0x17, 0x39, 0x81, 0xbb, 0x95, 0x75, 0xf2, 0xac, 0x19, 0x30, 0x9c, 0xc2, 0xb4, 0x97, 0x61, 0xa0,
-	0x4f, 0x21, 0xdb, 0xd7, 0xde, 0xfd, 0x65, 0xa8, 0x52, 0x72, 0x72, 0x83, 0x56, 0x04, 0xc9, 0x10,
-	0xaa, 0xf2, 0x96, 0x47, 0x64, 0x43, 0xd9, 0x73, 0x64, 0x2c, 0x89, 0x5a, 0x42, 0x8b, 0x71, 0xdc,
-	0x66, 0xd3, 0x8e, 0x02, 0xd1, 0x53, 0x50, 0x26, 0xbb, 0xad, 0x6c, 0xd0, 0xc8, 0x85, 0xdd, 0x96,
-	0x17, 0x91, 0x98, 0x22, 0x91, 0xdd, 0x16, 0x3a, 0x0b, 0x25, 0xaf, 0x21, 0x66, 0x24, 0x08, 0x9c,
-	0xd2, 0xe2, 0x02, 0x2e, 0x79, 0x0d, 0x7b, 0x17, 0x6a, 0xea, 0x5a, 0x49, 0xb4, 0x2d, 0x4d, 0x2a,
-	0xab, 0x88, 0x28, 0x62, 0x49, 0xb7, 0x87, 0x31, 0xd5, 0x06, 0xd0, 0x25, 0x1d, 0x8a, 0x52, 0xc1,
-	0xe7, 0x60, 0xc0, 0x0d, 0x45, 0x31, 0x9e, 0xaa, 0x26, 0xc3, 0x6c, 0x29, 0x06, 0xb1, 0x6f, 0xc2,
-	0xd8, 0xd5, 0x20, 0xbc, 0xcd, 0x6e, 0x7f, 0x62, 0xc5, 0x8e, 0x29, 0xe1, 0x0d, 0xfa, 0x23, 0x6b,
-	0xb9, 0x33, 0x28, 0xe6, 0x30, 0x55, 0x86, 0xb5, 0xd4, 0xab, 0x0c, 0xab, 0xfd, 0x71, 0x0b, 0x46,
-	0x54, 0x6e, 0xf8, 0xa5, 0x9d, 0x6d, 0x4a, 0x77, 0x33, 0x0a, 0xdb, 0xad, 0x2c, 0x5d, 0x76, 0x83,
-	0x2d, 0xe6, 0x30, 0xb3, 0x68, 0x42, 0xe9, 0x80, 0xa2, 0x09, 0xe7, 0x60, 0x60, 0xdb, 0x0b, 0x1a,
-	0x59, 0xa7, 0xe8, 0x55, 0x2f, 0x68, 0x60, 0x06, 0xb1, 0xff, 0xd2, 0x82, 0x13, 0xaa, 0x0b, 0xd2,
-	0x66, 0x7a, 0x11, 0x46, 0xd6, 0xdb, 0x9e, 0xdf, 0x90, 0x55, 0x9c, 0x33, 0xcb, 0x65, 0xce, 0x80,
-	0xe1, 0x14, 0x26, 0x3a, 0x0f, 0xb0, 0xee, 0x05, 0x4e, 0xd4, 0x59, 0xd5, 0x46, 0x9a, 0xd2, 0xdb,
-	0x73, 0x0a, 0x82, 0x0d, 0x2c, 0xf4, 0x26, 0x54, 0x77, 0xe4, 0xe9, 0x6d, 0xb9, 0xd0, 0x5c, 0x7f,
-	0x31, 0x1e, 0x7a, 0x25, 0xa8, 0xe3, 0x60, 0xc5, 0xd1, 0xfe, 0x62, 0x19, 0xc6, 0xd2, 0xf9, 0xf9,
-	0x7d, 0x78, 0x4e, 0x9e, 0x82, 0x0a, 0x4b, 0xd9, 0xcf, 0x4e, 0x2c, 0x5e, 0x76, 0x99, 0xc3, 0x50,
-	0x0c, 0x83, 0x5c, 0x94, 0x14, 0x73, 0x07, 0xa9, 0xea, 0xa4, 0xf2, 0xe3, 0xb2, 0x48, 0x6f, 0xe1,
-	0x16, 0x17, 0xac, 0xd0, 0xa7, 0x2c, 0x18, 0x0a, 0x5b, 0x66, 0xfd, 0xcf, 0x0f, 0x15, 0x59, 0xbb,
-	0x40, 0x24, 0x08, 0x0b, 0x6b, 0x48, 0x4d, 0x3c, 0x39, 0x19, 0x24, 0xeb, 0xb3, 0xdf, 0x0c, 0x23,
-	0x26, 0xe6, 0x41, 0x06, 0x51, 0xd5, 0x34, 0x88, 0x3e, 0x6b, 0x4e, 0x49, 0x51, 0x9d, 0xa1, 0x8f,
-	0xc5, 0x7e, 0x1d, 0x2a, 0xae, 0x0a, 0x87, 0xbb, 0xa7, 0x9b, 0x07, 0x54, 0xf5, 0x32, 0x16, 0x6a,
-	0xc0, 0xa9, 0xd9, 0xbf, 0x6f, 0x19, 0xf3, 0x03, 0x93, 0x78, 0xb1, 0x81, 0x22, 0x28, 0x6f, 0xee,
-	0x6c, 0x0b, 0x23, 0xe3, 0x4a, 0x41, 0xc3, 0x7b, 0x69, 0x67, 0x5b, 0xaf, 0x30, 0xb3, 0x15, 0x53,
-	0x66, 0x7d, 0x1c, 0x36, 0xa4, 0x8a, 0x78, 0x94, 0x0f, 0x2e, 0xe2, 0x61, 0xbf, 0x5d, 0x82, 0x89,
-	0xae, 0x49, 0x85, 0xde, 0x80, 0x4a, 0x44, 0xdf, 0x52, 0xbc, 0xde, 0x52, 0x61, 0x65, 0x37, 0xe2,
-	0xc5, 0x86, 0x56, 0xde, 0xe9, 0x76, 0xcc, 0x59, 0xa2, 0x2b, 0x80, 0x74, 0xd0, 0xa6, 0x3a, 0xe9,
-	0xe0, 0xaf, 0xac, 0x22, 0xbb, 0x66, 0xbb, 0x30, 0x70, 0xce, 0x53, 0xe8, 0xa5, 0xec, 0x81, 0x49,
-	0xa6, 0xa2, 0xf4, 0x7e, 0x67, 0x1f, 0xf6, 0x5b, 0xe6, 0x14, 0xbc, 0xa1, 0x85, 0xe9, 0x51, 0x37,
-	0xa7, 0x5d, 0x92, 0xb5, 0xdc, 0xaf, 0x64, 0xb5, 0x7f, 0xa1, 0x04, 0xa3, 0xa9, 0x0a, 0xb1, 0xc8,
-	0x87, 0x2a, 0xf1, 0xd9, 0xc9, 0xae, 0xd4, 0xbe, 0x47, 0xbd, 0x2c, 0x46, 0xc9, 0xc9, 0x0b, 0x82,
-	0x2e, 0x56, 0x1c, 0x1e, 0x8e, 0x18, 0xb4, 0x17, 0x61, 0x44, 0x76, 0xe8, 0x43, 0x4e, 0xd3, 0xcf,
-	0x0e, 0xdf, 0x05, 0x03, 0x86, 0x53, 0x98, 0xf6, 0xaf, 0x96, 0x61, 0x92, 0x1f, 0x85, 0x37, 0xd4,
-	0x62, 0x50, 0x21, 0x2d, 0x3f, 0xa8, 0xeb, 0x38, 0x5b, 0x45, 0xdc, 0x88, 0xde, 0x8b, 0x51, 0x5f,
-	0xa1, 0xd3, 0x3f, 0x9e, 0x09, 0x9d, 0xe6, 0x5b, 0xf5, 0xcd, 0x63, 0xea, 0xd1, 0xd7, 0x56, 0x2c,
-	0xf5, 0x3f, 0x2d, 0xc1, 0x78, 0xe6, 0xe2, 0x3b, 0xf4, 0xc5, 0xf4, 0x5d, 0x29, 0x56, 0x11, 0xc7,
-	0x84, 0xfb, 0xde, 0x85, 0x76, 0xb8, 0x1b, 0x53, 0x1e, 0xd0, 0x52, 0xb1, 0x7f, 0xb7, 0x04, 0x63,
-	0xe9, 0x1b, 0xfb, 0x1e, 0xc2, 0x91, 0x7a, 0x1f, 0xd4, 0xd8, 0xa5, 0x54, 0x57, 0x49, 0x47, 0x9e,
-	0x32, 0xf2, 0xfb, 0x7f, 0x64, 0x23, 0xd6, 0xf0, 0x87, 0xe2, 0x22, 0x1a, 0xfb, 0x9f, 0x5b, 0x70,
-	0x9a, 0xbf, 0x65, 0x76, 0x1e, 0xfe, 0xad, 0xbc, 0xd1, 0x7d, 0xb5, 0xd8, 0x0e, 0x66, 0xea, 0x8f,
-	0x1f, 0x34, 0xbe, 0xec, 0x5e, 0x78, 0xd1, 0xdb, 0xf4, 0x54, 0x78, 0x08, 0x3b, 0x7b, 0xa8, 0xc9,
-	0x60, 0xff, 0xc7, 0x12, 0x0c, 0xaf, 0xcc, 0x2f, 0x2a, 0x11, 0x3e, 0x03, 0x35, 0x37, 0x22, 0x8e,
-	0x76, 0xff, 0x98, 0x81, 0x56, 0x12, 0x80, 0x35, 0x0e, 0xdd, 0x45, 0xf1, 0x40, 0xc5, 0x38, 0xbb,
-	0x8b, 0xe2, 0x71, 0x8c, 0x31, 0x96, 0x70, 0xf4, 0x0c, 0x54, 0x59, 0x0a, 0xf1, 0xf5, 0x48, 0x6a,
-	0x1c, 0xbd, 0xb5, 0x66, 0xed, 0x78, 0x09, 0x2b, 0x0c, 0x4a, 0xb8, 0x11, 0xba, 0x31, 0x45, 0xce,
-	0x78, 0x64, 0x16, 0x68, 0x33, 0x5e, 0xc2, 0x12, 0xce, 0x2a, 0x40, 0x32, 0xaf, 0x05, 0x45, 0xae,
-	0xa4, 0x3b, 0xcd, 0xdd, 0x1b, 0x14, 0x5d, 0xe3, 0x1c, 0xa6, 0x52, 0x68, 0x26, 0x8d, 0x6f, 0xa8,
-	0xbf, 0x34, 0x3e, 0xfb, 0x77, 0xcb, 0x50, 0xd3, 0x4e, 0x35, 0x4f, 0xd4, 0xcd, 0x28, 0xa4, 0xbe,
-	0x7d, 0xbd, 0x13, 0xb8, 0x8a, 0x34, 0x8f, 0x26, 0x30, 0xca, 0x66, 0x7c, 0xbf, 0x05, 0xc3, 0x5e,
-	0xe0, 0x25, 0x9e, 0xc3, 0x7c, 0x83, 0xc5, 0xdc, 0x13, 0xae, 0xd8, 0x2d, 0x72, 0xca, 0x61, 0x64,
-	0x1e, 0xf9, 0x2b, 0x66, 0xd8, 0xe4, 0x8c, 0x3e, 0x2a, 0xb2, 0xc6, 0xca, 0x85, 0x15, 0x9f, 0xa9,
-	0x66, 0x52, 0xc5, 0x5a, 0xd4, 0xc6, 0x4e, 0xa2, 0x82, 0x6a, 0x36, 0x61, 0x4a, 0x4a, 0xdd, 0xb3,
-	0xa2, 0x76, 0x31, 0xac, 0x19, 0x73, 0x46, 0x76, 0x0c, 0xa8, 0x7b, 0x2c, 0x0e, 0x99, 0x91, 0x33,
-	0x03, 0x35, 0xa7, 0x9d, 0x84, 0x4d, 0x3a, 0x4c, 0x22, 0x60, 0x40, 0xe7, 0x1c, 0x49, 0x00, 0xd6,
-	0x38, 0xf6, 0x17, 0x2b, 0x90, 0xa9, 0x62, 0x81, 0x76, 0xa1, 0xa6, 0xea, 0x58, 0x14, 0x93, 0xe1,
-	0xaa, 0x67, 0x94, 0xea, 0x8c, 0x6a, 0xc2, 0x9a, 0x19, 0xda, 0x94, 0x6e, 0x56, 0xbe, 0xda, 0x5f,
-	0xce, 0xba, 0x59, 0xbf, 0xbd, 0xbf, 0x53, 0x37, 0x3a, 0x57, 0x67, 0x78, 0xdd, 0xc2, 0xe9, 0x03,
-	0x3d, 0xb2, 0x07, 0xdd, 0x94, 0xfe, 0x09, 0x71, 0xab, 0x19, 0x26, 0x71, 0xdb, 0x4f, 0xc4, 0x6c,
-	0x78, 0xb9, 0xc0, 0x55, 0xc6, 0x09, 0xeb, 0x6a, 0x50, 0xfc, 0x3f, 0x36, 0x98, 0xa6, 0xfd, 0xe6,
-	0x83, 0xc7, 0xea, 0x37, 0x1f, 0x2a, 0xd4, 0x6f, 0x7e, 0x1e, 0x80, 0xcd, 0x6d, 0x9e, 0x39, 0x50,
-	0x65, 0xee, 0x4c, 0xa5, 0x62, 0xb0, 0x82, 0x60, 0x03, 0xcb, 0xfe, 0x46, 0x48, 0x97, 0x33, 0x43,
-	0x53, 0xb2, 0x7a, 0x1a, 0x3f, 0x11, 0x64, 0x49, 0x9b, 0xa9, 0x42, 0x67, 0x3f, 0x67, 0x81, 0x59,
-	0x73, 0x0d, 0xbd, 0xce, 0x8b, 0xbb, 0x59, 0x45, 0x9c, 0x30, 0x19, 0x74, 0xa7, 0x97, 0x9d, 0x56,
-	0x26, 0xda, 0x49, 0x56, 0x78, 0x3b, 0xfb, 0x01, 0xa8, 0x4a, 0xe8, 0xa1, 0x8c, 0xe5, 0x8f, 0xc1,
-	0x49, 0x59, 0x00, 0x42, 0x1e, 0x06, 0x89, 0xa8, 0x83, 0x83, 0x7d, 0x8c, 0xd2, 0x71, 0x58, 0xea,
-	0xe5, 0x38, 0x54, 0xbb, 0xe1, 0x72, 0xcf, 0xb2, 0xed, 0x3f, 0x6f, 0xc1, 0xb9, 0x6c, 0x07, 0xe2,
-	0xe5, 0x30, 0xf0, 0x92, 0x30, 0xaa, 0x93, 0x24, 0xf1, 0x82, 0x4d, 0x56, 0x83, 0xf7, 0xb6, 0x13,
-	0xc9, 0x7b, 0x98, 0x98, 0xa0, 0xbc, 0xe9, 0x44, 0x01, 0x66, 0xad, 0xa8, 0x03, 0x83, 0x3c, 0xd4,
-	0x5a, 0xec, 0x82, 0x8e, 0xb8, 0x36, 0x72, 0x86, 0x43, 0x6f, 0xc3, 0x78, 0x98, 0x37, 0x16, 0x0c,
-	0xed, 0xaf, 0x58, 0x80, 0x56, 0x76, 0x48, 0x14, 0x79, 0x0d, 0x23, 0x38, 0x9c, 0xdd, 0x0e, 0x6a,
-	0xdc, 0x02, 0x6a, 0x96, 0x27, 0xc9, 0xdc, 0x0e, 0x6a, 0xfc, 0xcb, 0xbf, 0x1d, 0xb4, 0x74, 0xb8,
-	0xdb, 0x41, 0xd1, 0x0a, 0x9c, 0x6e, 0xf2, 0x6d, 0x1c, 0xbf, 0x71, 0x8f, 0xef, 0xe9, 0x54, 0x26,
-	0xfd, 0x99, 0x3b, 0x7b, 0x53, 0xa7, 0x97, 0xf3, 0x10, 0x70, 0xfe, 0x73, 0xf6, 0x07, 0x00, 0xf1,
-	0x98, 0xf0, 0xf9, 0xbc, 0xb0, 0xd6, 0x9e, 0x6e, 0x0e, 0xfb, 0xc7, 0x2a, 0x30, 0x9e, 0xb9, 0xa5,
-	0x83, 0x6e, 0xa1, 0xbb, 0xe3, 0x68, 0x8f, 0xac, 0xbf, 0xbb, 0xbb, 0xd7, 0x57, 0x64, 0x6e, 0x00,
-	0x15, 0x2f, 0x68, 0xb5, 0x93, 0x62, 0x0a, 0x79, 0xf0, 0x4e, 0x2c, 0x52, 0x82, 0xc6, 0xb9, 0x04,
-	0xfd, 0x8b, 0x39, 0x9b, 0x22, 0xe3, 0x7c, 0x53, 0x9b, 0x9c, 0x81, 0x07, 0xe4, 0x66, 0xf9, 0x84,
-	0x8e, 0xba, 0xad, 0x14, 0xe1, 0x43, 0xce, 0x4c, 0x96, 0xe3, 0x0e, 0xb5, 0xfa, 0x99, 0x12, 0x0c,
-	0x1b, 0x1f, 0x0d, 0xfd, 0x44, 0xba, 0x22, 0xa9, 0x55, 0xdc, 0x2b, 0x31, 0xfa, 0xd3, 0xba, 0xe6,
-	0x28, 0x7f, 0xa5, 0xa7, 0xbb, 0x8b, 0x91, 0xde, 0xdd, 0x9b, 0x3a, 0x91, 0x29, 0x37, 0x9a, 0x2a,
-	0x50, 0x7a, 0xf6, 0xbb, 0x61, 0x3c, 0x43, 0x26, 0xe7, 0x95, 0xd7, 0xcc, 0x57, 0x3e, 0xb2, 0xbb,
-	0xcf, 0x1c, 0xb2, 0x2f, 0xd3, 0x21, 0x13, 0xf5, 0x03, 0x42, 0x9f, 0xf4, 0xe1, 0xeb, 0xcc, 0xec,
-	0x2f, 0x4a, 0x7d, 0x96, 0x09, 0x79, 0x2f, 0x54, 0x5b, 0xa1, 0xef, 0xb9, 0x9e, 0x2a, 0x68, 0xce,
-	0x0a, 0x93, 0xac, 0x8a, 0x36, 0xac, 0xa0, 0xe8, 0x36, 0xd4, 0x6e, 0xdd, 0x4e, 0xf8, 0x31, 0xa3,
-	0x38, 0xca, 0x28, 0xea, 0x74, 0x51, 0x19, 0x2d, 0xea, 0x1c, 0x13, 0x6b, 0x5e, 0xc8, 0x86, 0x41,
-	0xa6, 0x04, 0x65, 0x2e, 0x21, 0x3b, 0x66, 0x61, 0xda, 0x31, 0xc6, 0x02, 0x62, 0xff, 0xfb, 0x61,
-	0x38, 0x95, 0x77, 0x55, 0x12, 0x7a, 0x13, 0x06, 0x79, 0x1f, 0x8b, 0xb9, 0x8d, 0x2f, 0x8f, 0xc7,
-	0x25, 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x3b, 0xeb, 0x62, 0x86, 0x1c,
-	0x0f, 0xf7, 0x25, 0x47, 0x73, 0x5f, 0x72, 0x38, 0x77, 0xdf, 0x59, 0x47, 0xbb, 0x50, 0xd9, 0xf4,
-	0x12, 0xe2, 0x08, 0xe7, 0xcc, 0xcd, 0x63, 0x61, 0x4e, 0x1c, 0x6e, 0xa5, 0xb1, 0x9f, 0x98, 0x33,
-	0x44, 0x5f, 0xb2, 0x60, 0x7c, 0x3d, 0x5d, 0x9f, 0x48, 0x08, 0x4f, 0xe7, 0x18, 0xae, 0xc3, 0x4a,
-	0x33, 0xe2, 0xd7, 0xe3, 0x66, 0x1a, 0x71, 0xb6, 0x3b, 0xe8, 0x93, 0x16, 0x0c, 0x6d, 0x78, 0xbe,
-	0x71, 0xdf, 0xc8, 0x31, 0x7c, 0x9c, 0x8b, 0x8c, 0x81, 0xde, 0x71, 0xf0, 0xff, 0x31, 0x96, 0x9c,
-	0x7b, 0x69, 0xaa, 0xc1, 0xa3, 0x6a, 0xaa, 0xa1, 0x07, 0xa4, 0xa9, 0x3e, 0x63, 0x41, 0x4d, 0x8d,
-	0xb4, 0xa8, 0xf3, 0xf2, 0xe1, 0x63, 0xfc, 0xe4, 0xdc, 0x23, 0xa5, 0xfe, 0x62, 0xcd, 0x1c, 0xbd,
-	0x65, 0xc1, 0xb0, 0xf3, 0x46, 0x3b, 0x22, 0x0d, 0xb2, 0x13, 0xb6, 0x62, 0x51, 0x80, 0xf5, 0xd5,
-	0xe2, 0x3b, 0x33, 0x4b, 0x99, 0x2c, 0x90, 0x9d, 0x95, 0x56, 0x2c, 0xf2, 0x9c, 0x75, 0x03, 0x36,
-	0xbb, 0x80, 0xbe, 0x4f, 0xeb, 0x71, 0x28, 0xa2, 0x0c, 0x77, 0x5e, 0x6f, 0xfa, 0x4a, 0xdb, 0x27,
-	0xf0, 0x98, 0x1b, 0x06, 0x89, 0x17, 0xb4, 0xc9, 0x4a, 0x80, 0x49, 0x2b, 0xbc, 0x16, 0x26, 0x17,
-	0xc3, 0x76, 0xd0, 0xb8, 0x10, 0x45, 0x61, 0xc4, 0x0a, 0xd9, 0x18, 0x97, 0xb0, 0xce, 0xf7, 0x46,
-	0xc5, 0xfb, 0xd1, 0x39, 0x8a, 0xcd, 0xb0, 0x57, 0x82, 0xa9, 0x03, 0x06, 0x1b, 0xbd, 0x08, 0x23,
-	0x61, 0xb4, 0xe9, 0x04, 0xde, 0x1b, 0x66, 0x6d, 0x36, 0x65, 0x90, 0xae, 0x18, 0x30, 0x9c, 0xc2,
-	0x34, 0x8b, 0xf6, 0x94, 0x0e, 0x28, 0xda, 0x73, 0x0e, 0x06, 0x22, 0xd2, 0x0a, 0xb3, 0xfb, 0x2a,
-	0x96, 0x9a, 0xc8, 0x20, 0xe8, 0x09, 0x28, 0x3b, 0x2d, 0x4f, 0x38, 0x17, 0xd5, 0x76, 0x71, 0x76,
-	0x75, 0x11, 0xd3, 0xf6, 0x54, 0x0d, 0xb1, 0xca, 0x7d, 0xa9, 0x21, 0x46, 0x35, 0xa6, 0x38, 0x3e,
-	0x1b, 0xd4, 0x1a, 0x33, 0x7d, 0xac, 0x65, 0xbf, 0x5d, 0x86, 0x27, 0xf6, 0x5d, 0x5a, 0x3a, 0x64,
-	0xdd, 0xda, 0x27, 0x64, 0x5d, 0x0e, 0x4f, 0xe9, 0xa0, 0xe1, 0x29, 0xf7, 0x18, 0x9e, 0x4f, 0x52,
-	0x89, 0x21, 0x6b, 0xda, 0x15, 0x73, 0x91, 0x7c, 0xaf, 0x12, 0x79, 0x42, 0x58, 0x48, 0x28, 0xd6,
-	0x7c, 0xe9, 0x76, 0x29, 0x55, 0xb0, 0xa6, 0x52, 0x84, 0xc6, 0xec, 0x59, 0x57, 0x8e, 0x8b, 0x89,
-	0x5e, 0x55, 0x70, 0xec, 0x5f, 0x1c, 0x80, 0xa7, 0xfa, 0x50, 0x74, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c,
-	0xc5, 0x5f, 0xe3, 0x9f, 0xe9, 0xd3, 0xb9, 0x9f, 0x09, 0x17, 0xff, 0x99, 0xf6, 0xff, 0x42, 0xec,
-	0x04, 0x22, 0x88, 0x89, 0xdb, 0x8e, 0x78, 0xfa, 0x8e, 0x91, 0xb7, 0xbc, 0x28, 0xda, 0xb1, 0xc2,
-	0xa0, 0xdb, 0x5f, 0xd7, 0xa1, 0xcb, 0x7f, 0xa8, 0xa0, 0x02, 0x25, 0x66, 0x0a, 0x34, 0xb7, 0xbe,
-	0xe6, 0x67, 0xa9, 0x04, 0xe0, 0x6c, 0xec, 0x5f, 0xb3, 0xe0, 0x6c, 0x6f, 0x6b, 0x04, 0x3d, 0x0b,
-	0xc3, 0xeb, 0x2c, 0x98, 0x72, 0x99, 0x85, 0x4c, 0x89, 0xa9, 0xc3, 0xde, 0x57, 0x37, 0x63, 0x13,
-	0x07, 0xcd, 0xc3, 0x84, 0x19, 0x85, 0xb9, 0x6c, 0xc4, 0x5a, 0x31, 0x7f, 0xc9, 0x5a, 0x16, 0x88,
-	0xbb, 0xf1, 0xd1, 0x34, 0x40, 0xe2, 0x25, 0x3e, 0xe1, 0x4f, 0xf3, 0x89, 0xc6, 0x1c, 0x8a, 0x6b,
-	0xaa, 0x15, 0x1b, 0x18, 0xf6, 0x57, 0xcb, 0xf9, 0xaf, 0xc1, 0xad, 0xdc, 0xc3, 0xcc, 0x7e, 0x31,
-	0xb7, 0x4b, 0x7d, 0x48, 0xe8, 0xf2, 0xfd, 0x96, 0xd0, 0x03, 0xbd, 0x24, 0x34, 0x5a, 0x80, 0x13,
-	0xc6, 0xb5, 0xae, 0xbc, 0xc4, 0x0d, 0x3f, 0x94, 0x52, 0xf5, 0xe9, 0x56, 0x33, 0x70, 0xdc, 0xf5,
-	0xc4, 0x43, 0x3e, 0x55, 0x7f, 0xbd, 0x04, 0x67, 0x7a, 0x6e, 0x2c, 0xee, 0x93, 0x06, 0x32, 0x3f,
-	0xff, 0xc0, 0xfd, 0xf9, 0xfc, 0xe6, 0x47, 0xa9, 0x1c, 0xf8, 0x51, 0xfa, 0x51, 0xe7, 0xbf, 0x57,
-	0xea, 0xb9, 0x58, 0xe8, 0x46, 0xf4, 0xaf, 0xec, 0x48, 0xbe, 0x04, 0xa3, 0x4e, 0xab, 0xc5, 0xf1,
-	0x58, 0x66, 0x46, 0xa6, 0x66, 0xe6, 0xac, 0x09, 0xc4, 0x69, 0xdc, 0xbe, 0x06, 0xf6, 0x8f, 0x2c,
-	0xa8, 0x61, 0xb2, 0xc1, 0x25, 0x1c, 0xba, 0x25, 0x86, 0xc8, 0x2a, 0xe2, 0xe2, 0x02, 0x3a, 0xb0,
-	0xb1, 0xc7, 0xaa, 0xf9, 0xe7, 0x0d, 0xf6, 0x51, 0x2b, 0x30, 0xa8, 0xcb, 0x60, 0xcb, 0xbd, 0x2f,
-	0x83, 0xb5, 0x7f, 0xa9, 0x46, 0x5f, 0xaf, 0x15, 0xce, 0x47, 0xa4, 0x11, 0xd3, 0xef, 0xdb, 0x8e,
-	0x7c, 0x31, 0x49, 0xd4, 0xf7, 0xbd, 0x8e, 0x97, 0x30, 0x6d, 0x4f, 0x9d, 0x4f, 0x96, 0x0e, 0x55,
-	0x31, 0xb0, 0x7c, 0x60, 0xc5, 0xc0, 0x97, 0x60, 0x34, 0x8e, 0xb7, 0x56, 0x23, 0x6f, 0xc7, 0x49,
-	0xc8, 0x55, 0x22, 0x4b, 0x0b, 0xe9, 0xea, 0x59, 0xf5, 0xcb, 0x1a, 0x88, 0xd3, 0xb8, 0xe8, 0x12,
-	0x4c, 0xe8, 0xba, 0x7d, 0x24, 0x4a, 0x58, 0xca, 0x23, 0x9f, 0x09, 0xaa, 0x6c, 0x8c, 0xae, 0xf4,
-	0x27, 0x10, 0x70, 0xf7, 0x33, 0x54, 0xe6, 0xa6, 0x1a, 0x69, 0x47, 0x06, 0xd3, 0x32, 0x37, 0x45,
-	0x87, 0xf6, 0xa5, 0xeb, 0x09, 0xb4, 0x0c, 0x27, 0xf9, 0xc4, 0x98, 0x6d, 0xb5, 0x8c, 0x37, 0x1a,
-	0x4a, 0x57, 0x8b, 0xbf, 0xd4, 0x8d, 0x82, 0xf3, 0x9e, 0x43, 0x2f, 0xc0, 0xb0, 0x6a, 0x5e, 0x5c,
-	0x10, 0x47, 0x6b, 0xca, 0xb5, 0xa7, 0xc8, 0x2c, 0x36, 0xb0, 0x89, 0x87, 0x3e, 0x04, 0x8f, 0xea,
-	0xbf, 0x3c, 0x85, 0x9e, 0x9f, 0x37, 0x2f, 0x88, 0x92, 0xa8, 0xea, 0x32, 0xb2, 0x4b, 0xb9, 0x68,
-	0x0d, 0xdc, 0xeb, 0x79, 0xb4, 0x0e, 0x67, 0x15, 0xe8, 0x42, 0x90, 0xb0, 0x24, 0xd7, 0x98, 0xcc,
-	0x39, 0x31, 0x8b, 0x9c, 0x00, 0xf6, 0x9e, 0xb6, 0xa0, 0x7e, 0xf6, 0x92, 0x97, 0x5c, 0xce, 0xc3,
-	0xc4, 0x4b, 0x78, 0x1f, 0x2a, 0x68, 0x06, 0x6a, 0x24, 0x70, 0xd6, 0x7d, 0xb2, 0x32, 0xbf, 0x28,
-	0x76, 0xa4, 0x3a, 0x3b, 0x42, 0x02, 0xb0, 0xc6, 0x51, 0xf1, 0xfd, 0x23, 0xbd, 0xe2, 0xfb, 0xd1,
-	0x2a, 0x9c, 0xda, 0x74, 0x5b, 0xd4, 0xca, 0xf4, 0x5c, 0x32, 0xeb, 0xb2, 0x80, 0x62, 0xfa, 0x61,
-	0x78, 0x19, 0x7f, 0x95, 0x28, 0x75, 0x69, 0x7e, 0xb5, 0x0b, 0x07, 0xe7, 0x3e, 0xc9, 0x02, 0xcf,
-	0xa3, 0x70, 0xb7, 0x33, 0x79, 0x32, 0x13, 0x78, 0x4e, 0x1b, 0x31, 0x87, 0xa1, 0x2b, 0x80, 0x58,
-	0xb2, 0xe0, 0xe5, 0x24, 0x69, 0x29, 0xb3, 0x76, 0xf2, 0x54, 0xba, 0x40, 0xe2, 0xc5, 0x2e, 0x0c,
-	0x9c, 0xf3, 0x14, 0xb5, 0x7a, 0x82, 0x90, 0x51, 0x9f, 0x7c, 0x34, 0x6d, 0xf5, 0x5c, 0xe3, 0xcd,
-	0x58, 0xc2, 0xd1, 0x77, 0xc2, 0x64, 0x3b, 0x26, 0x6c, 0xc3, 0x7c, 0x33, 0x8c, 0xb6, 0xfd, 0xd0,
-	0x69, 0x2c, 0xb2, 0x5b, 0x67, 0x93, 0xce, 0xe4, 0x24, 0x63, 0x7e, 0x4e, 0x3c, 0x3b, 0x79, 0xbd,
-	0x07, 0x1e, 0xee, 0x49, 0x21, 0x5b, 0xe1, 0xf3, 0x4c, 0x9f, 0x15, 0x3e, 0x57, 0xe1, 0x94, 0xd4,
-	0x6b, 0x2b, 0xf3, 0x8b, 0xea, 0xa5, 0x27, 0xcf, 0xa6, 0xaf, 0xb1, 0x5b, 0xcc, 0xc1, 0xc1, 0xb9,
-	0x4f, 0xda, 0x7f, 0x68, 0xc1, 0xa8, 0x92, 0x60, 0xf7, 0x21, 0x69, 0xd9, 0x4f, 0x27, 0x2d, 0x5f,
-	0x3a, 0xba, 0x0e, 0x60, 0x3d, 0xef, 0x91, 0x62, 0xf3, 0x23, 0xa3, 0x00, 0x5a, 0x4f, 0x28, 0x15,
-	0x6d, 0xf5, 0x54, 0xd1, 0x0f, 0xad, 0x8c, 0xce, 0xab, 0xd8, 0x58, 0x79, 0xb0, 0x15, 0x1b, 0xeb,
-	0x70, 0x5a, 0x4e, 0x29, 0x7e, 0xa4, 0x7c, 0x39, 0x8c, 0x95, 0xc8, 0x37, 0xee, 0x25, 0x5c, 0xcc,
-	0x43, 0xc2, 0xf9, 0xcf, 0xa6, 0x6c, 0xbb, 0xa1, 0x03, 0x6d, 0x3b, 0x25, 0xe5, 0x96, 0x36, 0xe4,
-	0xad, 0xa1, 0x19, 0x29, 0xb7, 0x74, 0xb1, 0x8e, 0x35, 0x4e, 0xbe, 0xaa, 0xab, 0x15, 0xa4, 0xea,
-	0xe0, 0xd0, 0xaa, 0x4e, 0x0a, 0xdd, 0xe1, 0x9e, 0x42, 0x57, 0x1e, 0x5d, 0x8d, 0xf4, 0x3c, 0xba,
-	0xfa, 0x20, 0x8c, 0x79, 0xc1, 0x16, 0x89, 0xbc, 0x84, 0x34, 0xd8, 0x5a, 0x60, 0x02, 0xb9, 0xaa,
-	0x0d, 0x9d, 0xc5, 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x9a, 0x62, 0xac, 0x0f, 0x4d, 0xd1, 0x43, 0x3f,
-	0x8f, 0x17, 0xa3, 0x9f, 0x4f, 0x1c, 0x5d, 0x3f, 0x4f, 0x1c, 0xab, 0x7e, 0x46, 0x85, 0xe8, 0xe7,
-	0xbe, 0x54, 0x9f, 0xb1, 0x49, 0x3f, 0x75, 0xc0, 0x26, 0xbd, 0x97, 0x72, 0x3e, 0x7d, 0xcf, 0xca,
-	0x39, 0x5f, 0xef, 0x3e, 0xf2, 0x8e, 0xde, 0x2d, 0x44, 0xef, 0x7e, 0xa6, 0x04, 0xa7, 0xb5, 0x66,
-	0xa2, 0xf2, 0xc0, 0xdb, 0xa0, 0xb2, 0x99, 0x5d, 0xc5, 0xcd, 0x0f, 0xbc, 0x8d, 0x54, 0x79, 0x5d,
-	0x2c, 0x40, 0x41, 0xb0, 0x81, 0xc5, 0x32, 0xce, 0x49, 0xc4, 0x2e, 0x81, 0xc9, 0xaa, 0xad, 0x79,
-	0xd1, 0x8e, 0x15, 0x06, 0x1d, 0x04, 0xfa, 0x5b, 0x14, 0x3c, 0xc9, 0x96, 0x17, 0x9f, 0xd7, 0x20,
-	0x6c, 0xe2, 0xa1, 0xf7, 0x72, 0x26, 0x4c, 0x64, 0x52, 0xd5, 0x35, 0xc2, 0xb7, 0x95, 0x4a, 0x4a,
-	0x2a, 0xa8, 0xec, 0x0e, 0xab, 0x88, 0x50, 0xe9, 0xee, 0x0e, 0x8b, 0x1d, 0x55, 0x18, 0xf6, 0xff,
-	0xb2, 0xe0, 0x4c, 0xee, 0x50, 0xdc, 0x07, 0x73, 0x64, 0x37, 0x6d, 0x8e, 0xd4, 0x8b, 0xda, 0x92,
-	0x1a, 0x6f, 0xd1, 0xc3, 0x34, 0xf9, 0x4f, 0x16, 0x8c, 0x69, 0xfc, 0xfb, 0xf0, 0xaa, 0x5e, 0xfa,
-	0x55, 0x8b, 0xdb, 0x7d, 0xd7, 0xba, 0xde, 0xed, 0x57, 0x4b, 0xa0, 0x4a, 0xfe, 0xcf, 0xba, 0x49,
-	0x7f, 0xe9, 0x66, 0x1d, 0x18, 0x64, 0x11, 0x24, 0x71, 0x31, 0xd1, 0x71, 0x69, 0xfe, 0x2c, 0x1a,
-	0x45, 0x1f, 0xe8, 0xb1, 0xbf, 0x31, 0x16, 0x0c, 0xd9, 0x15, 0x45, 0xbc, 0x9a, 0x7a, 0x43, 0x24,
-	0x4e, 0xeb, 0x2b, 0x8a, 0x44, 0x3b, 0x56, 0x18, 0x54, 0x61, 0x7a, 0x6e, 0x18, 0xcc, 0xfb, 0x4e,
-	0x1c, 0x0b, 0x1b, 0x4e, 0x29, 0xcc, 0x45, 0x09, 0xc0, 0x1a, 0x87, 0x05, 0x97, 0x78, 0x71, 0xcb,
-	0x77, 0x3a, 0x86, 0x8f, 0xc5, 0x28, 0xec, 0xa5, 0x40, 0xd8, 0xc4, 0xb3, 0x9b, 0x30, 0x99, 0x7e,
-	0x89, 0x05, 0xb2, 0xc1, 0x22, 0xbb, 0xfb, 0x1a, 0xce, 0x19, 0xa8, 0x39, 0xec, 0xa9, 0xa5, 0xb6,
-	0x23, 0x64, 0x82, 0x8e, 0x6f, 0x96, 0x00, 0xac, 0x71, 0xec, 0x7f, 0x66, 0xc1, 0xc9, 0x9c, 0x41,
-	0x2b, 0x30, 0x31, 0x3d, 0xd1, 0xd2, 0x26, 0xcf, 0xd4, 0xf9, 0x06, 0x18, 0x6a, 0x90, 0x0d, 0x47,
-	0xc6, 0x0e, 0x9b, 0xa9, 0x06, 0xbc, 0x19, 0x4b, 0xb8, 0xfd, 0x0b, 0x25, 0x18, 0x4f, 0xf7, 0x35,
-	0x66, 0xe9, 0x96, 0x7c, 0x98, 0xbc, 0xd8, 0x0d, 0x77, 0x48, 0xd4, 0xa1, 0x6f, 0x6e, 0x65, 0xd2,
-	0x2d, 0xbb, 0x30, 0x70, 0xce, 0x53, 0xec, 0xc2, 0x8f, 0x86, 0x1a, 0x6d, 0x39, 0x23, 0x6f, 0x14,
-	0x39, 0x23, 0xf5, 0xc7, 0x34, 0xe3, 0x8c, 0x14, 0x4b, 0x6c, 0xf2, 0xa7, 0x26, 0x17, 0x4b, 0x16,
-	0x99, 0x6b, 0x7b, 0x7e, 0xe2, 0x05, 0xe2, 0x95, 0xc5, 0x5c, 0x55, 0x26, 0xd7, 0x72, 0x37, 0x0a,
-	0xce, 0x7b, 0xce, 0xfe, 0xca, 0x00, 0xa8, 0xa2, 0x2b, 0x2c, 0x0e, 0xb4, 0xa0, 0x28, 0xda, 0xc3,
-	0x26, 0xed, 0xaa, 0xb9, 0x35, 0xb0, 0x5f, 0x60, 0x16, 0x77, 0xcc, 0x99, 0x1e, 0x7c, 0x35, 0x60,
-	0x6b, 0x1a, 0x84, 0x4d, 0x3c, 0xda, 0x13, 0xdf, 0xdb, 0x21, 0xfc, 0xa1, 0xc1, 0x74, 0x4f, 0x96,
-	0x24, 0x00, 0x6b, 0x1c, 0x56, 0xdf, 0xdb, 0xdb, 0xd8, 0x10, 0x5e, 0x26, 0x5d, 0xdf, 0xdb, 0xdb,
-	0xd8, 0xc0, 0x0c, 0xc2, 0xaf, 0x84, 0x0a, 0xb7, 0xc5, 0x36, 0xc3, 0xb8, 0x12, 0x2a, 0xdc, 0xc6,
-	0x0c, 0x42, 0xbf, 0x52, 0x10, 0x46, 0x4d, 0xc7, 0xf7, 0xde, 0x20, 0x0d, 0xc5, 0x45, 0x6c, 0x2f,
-	0xd4, 0x57, 0xba, 0xd6, 0x8d, 0x82, 0xf3, 0x9e, 0xa3, 0x13, 0xba, 0x15, 0x91, 0x86, 0xe7, 0x26,
-	0x26, 0x35, 0x48, 0x4f, 0xe8, 0xd5, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x9a, 0x85, 0x71, 0x59, 0x34,
-	0x47, 0x16, 0x9a, 0x1c, 0x4e, 0x57, 0xab, 0xc3, 0x69, 0x30, 0xce, 0xe2, 0x53, 0x21, 0xd9, 0x14,
-	0x65, 0x72, 0xd9, 0x6e, 0xc4, 0x10, 0x92, 0xb2, 0x7c, 0x2e, 0x56, 0x18, 0xf6, 0x27, 0xca, 0x54,
-	0xa9, 0xf7, 0xa8, 0x46, 0x7d, 0xdf, 0xa2, 0xb6, 0xd3, 0x33, 0x72, 0xa0, 0x8f, 0x19, 0xf9, 0x3c,
-	0x8c, 0xdc, 0x8a, 0xc3, 0x40, 0x45, 0x44, 0x57, 0x7a, 0x46, 0x44, 0x1b, 0x58, 0xf9, 0x11, 0xd1,
-	0x83, 0x45, 0x45, 0x44, 0x0f, 0xdd, 0x63, 0x44, 0xf4, 0xbf, 0xa9, 0x80, 0xba, 0xf3, 0xf3, 0x1a,
-	0x49, 0x6e, 0x87, 0xd1, 0xb6, 0x17, 0x6c, 0xb2, 0x02, 0x30, 0x5f, 0xb2, 0x64, 0x0d, 0x99, 0x25,
-	0x33, 0x53, 0x78, 0xa3, 0xa0, 0x7b, 0x1b, 0x53, 0xcc, 0xa6, 0xd7, 0x0c, 0x46, 0x3c, 0xb2, 0x26,
-	0x53, 0xab, 0x46, 0x1c, 0x1a, 0xa4, 0x7a, 0x84, 0xbe, 0x1b, 0x40, 0xba, 0xe4, 0x37, 0xa4, 0x04,
-	0x5e, 0x2c, 0xa6, 0x7f, 0x98, 0x6c, 0x68, 0x93, 0x7a, 0x4d, 0x31, 0xc1, 0x06, 0x43, 0xf4, 0x19,
-	0x9d, 0x45, 0xcd, 0x53, 0xa7, 0x3e, 0x7a, 0x2c, 0x63, 0xd3, 0x4f, 0x0e, 0x35, 0x86, 0x21, 0x2f,
-	0xd8, 0xa4, 0xf3, 0x44, 0x44, 0x8e, 0xbe, 0x27, 0xaf, 0xbe, 0xd8, 0x52, 0xe8, 0x34, 0xe6, 0x1c,
-	0xdf, 0x09, 0x5c, 0x12, 0x2d, 0x72, 0x74, 0xad, 0x41, 0x45, 0x03, 0x96, 0x84, 0xba, 0x2e, 0x26,
-	0xad, 0xf4, 0x73, 0x31, 0xe9, 0xd9, 0x6f, 0x83, 0x89, 0xae, 0x8f, 0x79, 0xa8, 0x94, 0xe9, 0x23,
-	0x54, 0x16, 0xfb, 0xc5, 0x41, 0xad, 0xb4, 0xae, 0x85, 0x0d, 0x7e, 0xcf, 0x65, 0xa4, 0xbf, 0xa8,
-	0x30, 0x99, 0x0b, 0x9c, 0x22, 0x4a, 0xcd, 0x18, 0x8d, 0xd8, 0x64, 0x49, 0xe7, 0x68, 0xcb, 0x89,
-	0x48, 0x70, 0xdc, 0x73, 0x74, 0x55, 0x31, 0xc1, 0x06, 0x43, 0xb4, 0x95, 0xca, 0xed, 0xbb, 0x78,
-	0xf4, 0xdc, 0x3e, 0x56, 0xed, 0x35, 0xef, 0x3a, 0xb8, 0xb7, 0x2c, 0x18, 0x0b, 0x52, 0x33, 0xb7,
-	0x98, 0x70, 0xfe, 0xfc, 0x55, 0xc1, 0xaf, 0x8c, 0x4e, 0xb7, 0xe1, 0x0c, 0xff, 0x3c, 0x95, 0x56,
-	0x39, 0xa4, 0x4a, 0xd3, 0xf7, 0xec, 0x0e, 0xf6, 0xba, 0x67, 0x17, 0x05, 0xea, 0x02, 0xf4, 0xa1,
-	0x22, 0x2a, 0xa4, 0xa4, 0x6e, 0x3f, 0x87, 0x9c, 0x9b, 0xcf, 0x6f, 0x9a, 0xa9, 0xbf, 0x87, 0xbf,
-	0x08, 0x7b, 0xb4, 0x57, 0x8a, 0xb0, 0xfd, 0x7f, 0x07, 0xe0, 0x84, 0x1c, 0x11, 0x99, 0x0a, 0x44,
-	0xf5, 0x23, 0xe7, 0xab, 0x6d, 0x65, 0xa5, 0x1f, 0x2f, 0x4b, 0x00, 0xd6, 0x38, 0xd4, 0x1e, 0x6b,
-	0xc7, 0x64, 0xa5, 0x45, 0x82, 0x25, 0x6f, 0x3d, 0x16, 0xc7, 0xef, 0x6a, 0xa1, 0x5c, 0xd7, 0x20,
-	0x6c, 0xe2, 0xb1, 0xfc, 0x64, 0xd7, 0x2c, 0x12, 0xa2, 0xf3, 0x93, 0x85, 0xa1, 0x2a, 0xe1, 0xe8,
-	0x47, 0x73, 0xaf, 0xc7, 0x28, 0x26, 0x81, 0xb6, 0x2b, 0x03, 0xea, 0x70, 0xf7, 0x62, 0xa0, 0x7f,
-	0x64, 0xc1, 0x69, 0xde, 0x2a, 0x47, 0xf2, 0x7a, 0xab, 0xe1, 0x24, 0x24, 0x2e, 0xe6, 0x2a, 0xb1,
-	0x9c, 0xfe, 0x69, 0x2f, 0x7a, 0x1e, 0x5b, 0x9c, 0xdf, 0x1b, 0xf4, 0x45, 0x0b, 0xc6, 0xb7, 0x53,
-	0x45, 0xbe, 0xa4, 0xea, 0x38, 0x6a, 0x05, 0x9c, 0x14, 0x51, 0xbd, 0xd4, 0xd2, 0xed, 0x31, 0xce,
-	0x72, 0xb7, 0xff, 0xdc, 0x02, 0x53, 0x8c, 0xde, 0xff, 0xda, 0x60, 0x87, 0x37, 0x05, 0xa5, 0x75,
-	0x59, 0xe9, 0x69, 0x5d, 0x3e, 0x01, 0xe5, 0xb6, 0xd7, 0x10, 0xfb, 0x0b, 0x7d, 0xe0, 0xbf, 0xb8,
-	0x80, 0x69, 0xbb, 0xfd, 0xc7, 0x15, 0xed, 0x06, 0x11, 0xf9, 0xa9, 0x7f, 0x25, 0x5e, 0x7b, 0x43,
-	0x15, 0xfd, 0xe5, 0x6f, 0x7e, 0xad, 0xab, 0xe8, 0xef, 0xb7, 0x1c, 0x3e, 0xfd, 0x98, 0x0f, 0x50,
-	0xaf, 0x9a, 0xbf, 0x43, 0x07, 0xe4, 0x1e, 0xdf, 0x82, 0x2a, 0xdd, 0x82, 0x31, 0x7f, 0x66, 0x35,
-	0xd5, 0xa9, 0xea, 0x65, 0xd1, 0x7e, 0x77, 0x6f, 0xea, 0x9b, 0x0f, 0xdf, 0x2d, 0xf9, 0x34, 0x56,
-	0xf4, 0x51, 0x0c, 0x35, 0xfa, 0x9b, 0xa5, 0x49, 0x8b, 0xcd, 0xdd, 0x75, 0x25, 0x33, 0x25, 0xa0,
-	0x90, 0x1c, 0x6c, 0xcd, 0x07, 0x05, 0x50, 0xa3, 0x88, 0x9c, 0x29, 0xdf, 0x03, 0xae, 0xaa, 0x64,
-	0x65, 0x09, 0xb8, 0xbb, 0x37, 0xf5, 0xd2, 0xe1, 0x99, 0xaa, 0xc7, 0xb1, 0x66, 0x61, 0xa8, 0xc6,
-	0xe1, 0x9e, 0x57, 0xd0, 0xff, 0xbf, 0x01, 0x3d, 0xbf, 0x45, 0x3d, 0xe8, 0xbf, 0x12, 0xf3, 0xfb,
-	0xc5, 0xcc, 0xfc, 0x3e, 0xd7, 0x35, 0xbf, 0xc7, 0xe8, 0x98, 0xe5, 0x54, 0xa9, 0xbe, 0xdf, 0xc6,
-	0xc2, 0xc1, 0x3e, 0x09, 0x66, 0x25, 0xbd, 0xde, 0xf6, 0x22, 0x12, 0xaf, 0x46, 0xed, 0xc0, 0x0b,
-	0x36, 0xd9, 0x94, 0xad, 0x9a, 0x56, 0x52, 0x0a, 0x8c, 0xb3, 0xf8, 0x74, 0xe3, 0x4f, 0xe7, 0xc5,
-	0x4d, 0x67, 0x87, 0xcf, 0x3c, 0xa3, 0x16, 0x67, 0x5d, 0xb4, 0x63, 0x85, 0x81, 0xb6, 0xe0, 0x71,
-	0x49, 0x60, 0x81, 0xf8, 0x84, 0xbe, 0x10, 0x0b, 0x64, 0x8c, 0x9a, 0x3c, 0xcd, 0x80, 0xc7, 0xa2,
-	0xbc, 0x5b, 0x50, 0x78, 0x1c, 0xef, 0x83, 0x8b, 0xf7, 0xa5, 0x64, 0x7f, 0x99, 0x85, 0x2e, 0x18,
-	0xd5, 0x22, 0xe8, 0xec, 0xf3, 0xbd, 0xa6, 0x27, 0x4b, 0x86, 0xaa, 0xd9, 0xb7, 0x44, 0x1b, 0x31,
-	0x87, 0xa1, 0xdb, 0x30, 0xb4, 0xce, 0xaf, 0xa6, 0x2f, 0xe6, 0x4a, 0x28, 0x71, 0xcf, 0x3d, 0x2b,
-	0x17, 0x2e, 0x2f, 0xbd, 0xbf, 0xab, 0x7f, 0x62, 0xc9, 0xcd, 0xfe, 0x9d, 0x0a, 0x8c, 0xcb, 0xf0,
-	0xb2, 0xcb, 0x5e, 0xcc, 0x22, 0x12, 0xcc, 0x3b, 0x14, 0x4a, 0x07, 0xde, 0xa1, 0xf0, 0x11, 0x80,
-	0x06, 0x69, 0xf9, 0x61, 0x87, 0x19, 0x87, 0x03, 0x87, 0x36, 0x0e, 0xd5, 0x7e, 0x62, 0x41, 0x51,
-	0xc1, 0x06, 0x45, 0x51, 0x27, 0x95, 0x5f, 0xc9, 0x90, 0xa9, 0x93, 0x6a, 0x5c, 0x1c, 0x37, 0x78,
-	0x7f, 0x2f, 0x8e, 0xf3, 0x60, 0x9c, 0x77, 0x51, 0xd5, 0x64, 0xb8, 0x87, 0xd2, 0x0b, 0x2c, 0xab,
-	0x6d, 0x21, 0x4d, 0x06, 0x67, 0xe9, 0x9a, 0xb7, 0xc2, 0x55, 0xef, 0xf7, 0xad, 0x70, 0xef, 0x83,
-	0x9a, 0xfc, 0xce, 0xf1, 0x64, 0x4d, 0xd7, 0x0b, 0x92, 0xd3, 0x20, 0xc6, 0x1a, 0xde, 0x55, 0x5e,
-	0x06, 0x1e, 0x54, 0x79, 0x19, 0xfb, 0xad, 0x32, 0xdd, 0x55, 0xf0, 0x7e, 0x1d, 0xfa, 0x52, 0xc5,
-	0xcb, 0xc6, 0xa5, 0x8a, 0x87, 0xfb, 0x9e, 0xd5, 0xcc, 0xe5, 0x8b, 0x8f, 0xc3, 0x40, 0xe2, 0x6c,
-	0xca, 0x24, 0x5c, 0x06, 0x5d, 0x73, 0x36, 0x63, 0xcc, 0x5a, 0x0f, 0x53, 0x56, 0xfa, 0x25, 0x18,
-	0x8d, 0xbd, 0xcd, 0xc0, 0x49, 0xda, 0x11, 0x31, 0xce, 0x2f, 0x75, 0x90, 0x8e, 0x09, 0xc4, 0x69,
-	0x5c, 0xf4, 0x49, 0x0b, 0x20, 0x22, 0x6a, 0xcf, 0x32, 0x58, 0xc4, 0x1c, 0x52, 0x62, 0x40, 0xd2,
-	0x35, 0xcb, 0x82, 0xa8, 0xbd, 0x8a, 0xc1, 0xd6, 0xfe, 0xb4, 0x05, 0x13, 0x5d, 0x4f, 0xa1, 0x16,
-	0x0c, 0xba, 0xec, 0xea, 0xcb, 0x62, 0x4a, 0x61, 0xa6, 0xaf, 0xd1, 0xe4, 0xca, 0x89, 0xb7, 0x61,
-	0xc1, 0xc7, 0xfe, 0xa5, 0x11, 0x38, 0x55, 0x9f, 0x5f, 0x96, 0x17, 0x21, 0x1d, 0x5b, 0x56, 0x71,
-	0x1e, 0x8f, 0xfb, 0x97, 0x55, 0xdc, 0x83, 0xbb, 0x6f, 0x64, 0x15, 0xfb, 0x46, 0x56, 0x71, 0x3a,
-	0xc5, 0xb3, 0x5c, 0x44, 0x8a, 0x67, 0x5e, 0x0f, 0xfa, 0x49, 0xf1, 0x3c, 0xb6, 0x34, 0xe3, 0x7d,
-	0x3b, 0x74, 0xa8, 0x34, 0x63, 0x95, 0x83, 0x5d, 0x48, 0x46, 0x59, 0x8f, 0x4f, 0x95, 0x9b, 0x83,
-	0xad, 0xf2, 0x5f, 0x79, 0xb6, 0xa4, 0x50, 0x7a, 0xaf, 0x16, 0xdf, 0x81, 0x3e, 0xf2, 0x5f, 0x45,
-	0xc2, 0xa6, 0x99, 0x73, 0x3d, 0x54, 0x44, 0xce, 0x75, 0x5e, 0x77, 0x0e, 0xcc, 0xb9, 0x7e, 0x09,
-	0x46, 0x5d, 0x3f, 0x0c, 0xc8, 0x6a, 0x14, 0x26, 0xa1, 0x1b, 0xca, 0x8b, 0xc6, 0xf5, 0x9d, 0x91,
-	0x26, 0x10, 0xa7, 0x71, 0x7b, 0x25, 0x6c, 0xd7, 0x8e, 0x9a, 0xb0, 0x0d, 0x0f, 0x28, 0x61, 0xdb,
-	0x48, 0x49, 0x1e, 0x2e, 0x22, 0x25, 0x39, 0xef, 0x8b, 0xf4, 0x95, 0x92, 0xfc, 0x36, 0xbf, 0x67,
-	0x9f, 0x6e, 0x46, 0xb8, 0x14, 0x66, 0x47, 0x74, 0xc3, 0xe7, 0x5f, 0x3b, 0x86, 0x09, 0x7b, 0xb3,
-	0xae, 0xd9, 0xa8, 0xbb, 0xf7, 0x75, 0x13, 0x4e, 0x77, 0xe4, 0x28, 0x69, 0xcc, 0x3f, 0x56, 0x82,
-	0xaf, 0x3b, 0xb0, 0x0b, 0xe8, 0x36, 0x40, 0xe2, 0x6c, 0x8a, 0x89, 0x2a, 0x0e, 0xb2, 0x8e, 0x18,
-	0x57, 0xbc, 0x26, 0xe9, 0x89, 0x14, 0x3b, 0x45, 0x1e, 0x1b, 0xac, 0x58, 0x38, 0x71, 0xe8, 0x77,
-	0x55, 0xb1, 0xc6, 0xa1, 0x4f, 0x30, 0x83, 0x50, 0x43, 0x28, 0x22, 0x9b, 0xd4, 0xb8, 0x2f, 0xa7,
-	0x0d, 0x21, 0xcc, 0x5a, 0xb1, 0x80, 0xa2, 0x17, 0x60, 0xd8, 0xf1, 0x7d, 0x9e, 0xee, 0x47, 0x62,
-	0x71, 0x99, 0xab, 0xae, 0x5d, 0xab, 0x41, 0xd8, 0xc4, 0xb3, 0xff, 0xac, 0x04, 0x53, 0x07, 0xc8,
-	0x94, 0xae, 0x34, 0xef, 0x4a, 0xdf, 0x69, 0xde, 0x22, 0x5d, 0x69, 0xb0, 0x47, 0xba, 0xd2, 0x0b,
-	0x30, 0x9c, 0x10, 0xa7, 0x29, 0x22, 0x11, 0xb3, 0x25, 0x19, 0xd7, 0x34, 0x08, 0x9b, 0x78, 0x54,
-	0x8a, 0x8d, 0x39, 0xae, 0x4b, 0xe2, 0x58, 0xe6, 0x23, 0x09, 0x2f, 0x77, 0x61, 0xc9, 0x4e, 0xec,
-	0xf0, 0x60, 0x36, 0xc5, 0x02, 0x67, 0x58, 0x66, 0x07, 0xbc, 0xd6, 0xe7, 0x80, 0xff, 0x64, 0x09,
-	0x9e, 0xd8, 0x57, 0xbb, 0xf5, 0x9d, 0x2a, 0xd6, 0x8e, 0x49, 0x94, 0x9d, 0x38, 0xd7, 0x63, 0x12,
-	0x61, 0x06, 0xe1, 0xa3, 0xd4, 0x6a, 0xa9, 0x28, 0xf2, 0xe2, 0x73, 0x2b, 0xf9, 0x28, 0xa5, 0x58,
-	0xe0, 0x0c, 0xcb, 0x7b, 0x9d, 0x96, 0xbf, 0x33, 0x00, 0x4f, 0xf5, 0x61, 0x03, 0x14, 0x98, 0x83,
-	0x9a, 0xce, 0xaf, 0x2e, 0x3f, 0xa0, 0xfc, 0xea, 0x7b, 0x1b, 0xae, 0x77, 0xd2, 0xb2, 0xfb, 0xca,
-	0x75, 0xfd, 0x72, 0x09, 0xce, 0xf6, 0x36, 0x58, 0xd0, 0xb7, 0xc2, 0x78, 0xa4, 0x42, 0x12, 0xcd,
-	0xd4, 0xec, 0x93, 0xdc, 0xc7, 0x95, 0x02, 0xe1, 0x2c, 0x2e, 0x9a, 0x06, 0x68, 0x39, 0xc9, 0x56,
-	0x7c, 0x61, 0xd7, 0x8b, 0x13, 0x51, 0xcb, 0x6e, 0x8c, 0x9f, 0xbc, 0xca, 0x56, 0x6c, 0x60, 0x50,
-	0x76, 0xec, 0xdf, 0x42, 0x78, 0x2d, 0x4c, 0xf8, 0x43, 0x7c, 0xeb, 0x79, 0x52, 0xde, 0xfc, 0x68,
-	0x80, 0x70, 0x16, 0x97, 0xb2, 0x63, 0x67, 0xfb, 0xbc, 0xa3, 0x03, 0x3a, 0x99, 0x7b, 0x49, 0xb5,
-	0x62, 0x03, 0x23, 0x9b, 0x74, 0x5e, 0x39, 0x38, 0xe9, 0xdc, 0xfe, 0x57, 0x25, 0x38, 0xd3, 0xd3,
-	0xe0, 0xed, 0x4f, 0x4c, 0x3d, 0x7c, 0x89, 0xdf, 0xf7, 0xb8, 0xc2, 0x0e, 0x95, 0x30, 0x6c, 0xff,
-	0x51, 0x8f, 0x99, 0x26, 0x92, 0x81, 0xef, 0xbd, 0x6e, 0xca, 0xc3, 0x37, 0x9e, 0x5d, 0xf9, 0xbf,
-	0x03, 0x87, 0xc8, 0xff, 0xcd, 0x7c, 0x8c, 0x4a, 0x9f, 0xda, 0xe1, 0xbf, 0x0d, 0xf4, 0x1c, 0x5e,
-	0xba, 0x41, 0xee, 0xeb, 0x04, 0x61, 0x01, 0x4e, 0x78, 0x01, 0xbb, 0xcb, 0xb7, 0xde, 0x5e, 0x17,
-	0xe5, 0xcd, 0x78, 0x0d, 0x5f, 0x95, 0x7d, 0xb3, 0x98, 0x81, 0xe3, 0xae, 0x27, 0x1e, 0xc2, 0x7c,
-	0xec, 0x7b, 0x1b, 0xd2, 0x43, 0x4a, 0xee, 0x15, 0x38, 0x2d, 0x87, 0x62, 0xcb, 0x89, 0x48, 0x43,
-	0x28, 0xdb, 0x58, 0xe4, 0x5b, 0x9d, 0xe1, 0x39, 0x5b, 0x39, 0x08, 0x38, 0xff, 0x39, 0x76, 0xf1,
-	0x6a, 0xd8, 0xf2, 0x5c, 0xb1, 0x15, 0xd4, 0x17, 0xaf, 0xd2, 0x46, 0xcc, 0x61, 0x5a, 0x5f, 0xd4,
-	0xee, 0x8f, 0xbe, 0xf8, 0x08, 0xd4, 0xd4, 0x78, 0xf3, 0x9c, 0x0a, 0x35, 0xc9, 0xbb, 0x72, 0x2a,
-	0xd4, 0x0c, 0x37, 0xb0, 0xe8, 0xec, 0xa0, 0x1b, 0x95, 0xcc, 0x6a, 0xa5, 0xfc, 0x68, 0xbb, 0xfd,
-	0x1c, 0x8c, 0x28, 0x5f, 0x60, 0xbf, 0xd7, 0xdf, 0xda, 0x7f, 0x59, 0x82, 0xcc, 0x4d, 0x6f, 0x68,
-	0x17, 0x6a, 0x8d, 0xa8, 0xc3, 0x1b, 0x8b, 0xa9, 0x21, 0xbd, 0x20, 0xc9, 0xe9, 0x83, 0x30, 0xd5,
-	0x84, 0x35, 0x33, 0xf4, 0x26, 0x2f, 0xd7, 0x2c, 0x58, 0x97, 0x8a, 0xc8, 0xc9, 0xaf, 0x2b, 0x7a,
-	0xe6, 0xfd, 0x96, 0xb2, 0x0d, 0x1b, 0xfc, 0x50, 0x02, 0xb5, 0x2d, 0x79, 0xa3, 0x5d, 0x31, 0xe2,
-	0x4e, 0x5d, 0x90, 0xc7, 0x4d, 0x34, 0xf5, 0x17, 0x6b, 0x46, 0xf6, 0x1f, 0x96, 0xe0, 0x54, 0xfa,
-	0x03, 0x88, 0x83, 0xcb, 0x9f, 0xb6, 0xe0, 0x51, 0xdf, 0x89, 0x93, 0x7a, 0x9b, 0x6d, 0x14, 0x36,
-	0xda, 0xfe, 0x4a, 0xa6, 0xb2, 0xf7, 0x51, 0x9d, 0x2d, 0x8a, 0x70, 0xf6, 0x06, 0xc4, 0xb9, 0xc7,
-	0xee, 0xec, 0x4d, 0x3d, 0xba, 0x94, 0xcf, 0x1c, 0xf7, 0xea, 0x15, 0x7a, 0xcb, 0x82, 0x13, 0x6e,
-	0x3b, 0x8a, 0x48, 0x90, 0xe8, 0xae, 0xf2, 0xaf, 0x78, 0xad, 0x90, 0x81, 0xd4, 0x1d, 0x3c, 0x45,
-	0x05, 0xea, 0x7c, 0x86, 0x17, 0xee, 0xe2, 0x6e, 0xff, 0x20, 0xd5, 0x9c, 0x3d, 0xdf, 0xf3, 0xaf,
-	0xd9, 0x95, 0x8d, 0x7f, 0x32, 0x08, 0xa3, 0xa9, 0xf2, 0xe5, 0xa9, 0xc3, 0x3e, 0xeb, 0xc0, 0xc3,
-	0x3e, 0x96, 0x21, 0xd8, 0x0e, 0xe4, 0x6d, 0xf6, 0x46, 0x86, 0x60, 0x3b, 0x20, 0x98, 0xc3, 0xc4,
-	0x90, 0xe2, 0x76, 0x20, 0x72, 0x01, 0xcc, 0x21, 0xc5, 0xed, 0x00, 0x0b, 0x28, 0xfa, 0xb8, 0x05,
-	0x23, 0x6c, 0xf1, 0x89, 0xa3, 0x52, 0xa1, 0xd0, 0xae, 0x14, 0xb0, 0xdc, 0x65, 0xa9, 0x7e, 0x16,
-	0x3b, 0x6a, 0xb6, 0xe0, 0x14, 0x47, 0xf4, 0x29, 0x0b, 0x6a, 0xea, 0xea, 0x5c, 0x71, 0x36, 0x52,
-	0x2f, 0xb6, 0x3a, 0x7c, 0x46, 0xea, 0xa9, 0x32, 0xdd, 0x58, 0x33, 0x46, 0xb1, 0x3a, 0xc7, 0x1c,
-	0x3a, 0x9e, 0x73, 0x4c, 0xc8, 0x39, 0xc3, 0x7c, 0x1f, 0xd4, 0x9a, 0x4e, 0xe0, 0x6d, 0x90, 0x38,
-	0xe1, 0x47, 0x8b, 0xf2, 0x32, 0x10, 0xd9, 0x88, 0x35, 0x9c, 0x1a, 0xfb, 0x31, 0x7b, 0xb1, 0xc4,
-	0x38, 0x0b, 0x64, 0xc6, 0x7e, 0x5d, 0x37, 0x63, 0x13, 0xc7, 0x3c, 0xb8, 0x84, 0x07, 0x7a, 0x70,
-	0x39, 0x7c, 0xc0, 0xc1, 0x65, 0x1d, 0x4e, 0x3b, 0xed, 0x24, 0xbc, 0x4c, 0x1c, 0x7f, 0x36, 0x49,
-	0x48, 0xb3, 0x95, 0xc4, 0xbc, 0xe2, 0xfd, 0x08, 0x73, 0x01, 0xab, 0x68, 0xb7, 0x3a, 0xf1, 0x37,
-	0xba, 0x90, 0x70, 0xfe, 0xb3, 0xf6, 0xbf, 0xb0, 0xe0, 0x74, 0xee, 0x54, 0x78, 0x78, 0xf3, 0x0c,
-	0xec, 0x1f, 0xae, 0xc0, 0xc9, 0x9c, 0xcb, 0x0d, 0x50, 0xc7, 0x5c, 0x24, 0x56, 0x11, 0x21, 0x7b,
-	0xe9, 0x08, 0x34, 0xf9, 0x6d, 0x72, 0x56, 0xc6, 0xe1, 0x62, 0x11, 0x74, 0x3c, 0x40, 0xf9, 0xfe,
-	0xc6, 0x03, 0x18, 0x73, 0x7d, 0xe0, 0x81, 0xce, 0xf5, 0xca, 0x01, 0x73, 0xfd, 0x67, 0x2c, 0x98,
-	0x6c, 0xf6, 0xb8, 0xa9, 0x4c, 0x9c, 0x27, 0xdd, 0x38, 0x9e, 0x7b, 0xd0, 0xe6, 0x1e, 0xbf, 0xb3,
-	0x37, 0xd5, 0xf3, 0x82, 0x38, 0xdc, 0xb3, 0x57, 0xf6, 0x57, 0xca, 0xc0, 0xec, 0x35, 0x56, 0xc0,
-	0xba, 0x83, 0x3e, 0x66, 0xde, 0x91, 0x62, 0x15, 0x75, 0x9f, 0x07, 0x27, 0xae, 0xee, 0x58, 0xe1,
-	0x23, 0x98, 0x77, 0xe5, 0x4a, 0x56, 0x12, 0x96, 0xfa, 0x90, 0x84, 0xbe, 0xbc, 0x8c, 0xa6, 0x5c,
-	0xfc, 0x65, 0x34, 0xb5, 0xec, 0x45, 0x34, 0xfb, 0x7f, 0xe2, 0x81, 0x87, 0xf2, 0x13, 0xff, 0xb2,
-	0xc5, 0x05, 0x4f, 0xe6, 0x2b, 0x68, 0x73, 0xc3, 0xda, 0xc7, 0xdc, 0x78, 0x06, 0xaa, 0xb1, 0x90,
-	0xcc, 0xc2, 0x2c, 0xd1, 0xa1, 0x60, 0xa2, 0x1d, 0x2b, 0x0c, 0xba, 0xeb, 0x72, 0x7c, 0x3f, 0xbc,
-	0x7d, 0xa1, 0xd9, 0x4a, 0x3a, 0xc2, 0x40, 0x51, 0xdb, 0x82, 0x59, 0x05, 0xc1, 0x06, 0x16, 0x7a,
-	0x0a, 0x06, 0x79, 0xa5, 0x09, 0xe1, 0xdc, 0x19, 0xa6, 0xeb, 0x90, 0x97, 0xa1, 0x68, 0x60, 0x01,
-	0xb2, 0xb7, 0xc0, 0xd8, 0x55, 0xdc, 0xfb, 0x75, 0xd8, 0x07, 0xdf, 0x70, 0x69, 0xff, 0x83, 0x92,
-	0x60, 0xc5, 0x77, 0x09, 0x3a, 0x32, 0xd0, 0x3a, 0x64, 0x64, 0xe0, 0x9b, 0x00, 0x6e, 0xd8, 0x6c,
-	0xd1, 0x7d, 0xf3, 0x5a, 0x58, 0xcc, 0x66, 0x6b, 0x5e, 0xd1, 0xd3, 0xa3, 0xaa, 0xdb, 0xb0, 0xc1,
-	0x2f, 0x25, 0xda, 0xcb, 0x07, 0x8a, 0xf6, 0x94, 0x94, 0x1b, 0xd8, 0x5f, 0xca, 0xd9, 0x7f, 0x66,
-	0x41, 0xca, 0xea, 0x43, 0x2d, 0xa8, 0xd0, 0xee, 0x76, 0x84, 0xc0, 0x58, 0x29, 0xce, 0xc4, 0xa4,
-	0x92, 0x5a, 0xac, 0x42, 0xf6, 0x13, 0x73, 0x46, 0xc8, 0x17, 0x51, 0x90, 0x85, 0x6c, 0x7e, 0x4c,
-	0x86, 0x97, 0xc3, 0x70, 0x9b, 0x07, 0x13, 0xe9, 0x88, 0x4a, 0xfb, 0x45, 0x98, 0xe8, 0xea, 0x14,
-	0xbb, 0x42, 0x3b, 0x94, 0x3b, 0x78, 0x63, 0xf5, 0xb0, 0x82, 0x0f, 0x98, 0xc3, 0xec, 0x2f, 0x5b,
-	0x70, 0x22, 0x4b, 0x1e, 0xbd, 0x6d, 0xc1, 0x44, 0x9c, 0xa5, 0x77, 0x5c, 0x63, 0xa7, 0xb2, 0x1d,
-	0xba, 0x40, 0xb8, 0xbb, 0x13, 0xf6, 0xff, 0x14, 0xda, 0xe0, 0xa6, 0x17, 0x34, 0xc2, 0xdb, 0xca,
-	0x4e, 0xb2, 0x7a, 0xda, 0x49, 0x54, 0x3c, 0xb8, 0x5b, 0xa4, 0xd1, 0xf6, 0xbb, 0xca, 0x50, 0xd4,
-	0x45, 0x3b, 0x56, 0x18, 0x2c, 0xeb, 0xbe, 0x2d, 0xf6, 0xad, 0x99, 0x49, 0xb9, 0x20, 0xda, 0xb1,
-	0xc2, 0x40, 0xcf, 0xc3, 0x88, 0xf1, 0x92, 0x72, 0x5e, 0xb2, 0x4d, 0x87, 0xa1, 0xc1, 0x63, 0x9c,
-	0xc2, 0x42, 0xd3, 0x00, 0xca, 0xe6, 0x92, 0x1a, 0x9b, 0x39, 0xda, 0x95, 0x60, 0x8c, 0xb1, 0x81,
-	0xc1, 0x6a, 0x5c, 0xf8, 0xed, 0x98, 0x9d, 0x24, 0x0f, 0xea, 0x0b, 0x1d, 0xe6, 0x45, 0x1b, 0x56,
-	0x50, 0x2a, 0xdc, 0x9a, 0x4e, 0xd0, 0x76, 0x7c, 0x3a, 0x42, 0xc2, 0x75, 0xa6, 0x96, 0xe1, 0xb2,
-	0x82, 0x60, 0x03, 0x8b, 0xbe, 0x71, 0xe2, 0x35, 0xc9, 0x2b, 0x61, 0x20, 0xa3, 0xd4, 0x75, 0x70,
-	0x81, 0x68, 0xc7, 0x0a, 0x03, 0xbd, 0x08, 0xc3, 0x4e, 0xd0, 0xe0, 0x06, 0x62, 0x18, 0x89, 0x33,
-	0x4a, 0xb5, 0xfb, 0xbc, 0x1e, 0x93, 0x59, 0x0d, 0xc5, 0x26, 0x6a, 0xf6, 0x36, 0x0b, 0xe8, 0xf3,
-	0xb6, 0xbc, 0x3f, 0xb5, 0x60, 0x5c, 0x17, 0x2d, 0x62, 0x1e, 0xb6, 0x94, 0x6b, 0xd1, 0x3a, 0xd0,
-	0xb5, 0x98, 0xae, 0x5d, 0x52, 0xea, 0xab, 0x76, 0x89, 0x59, 0x56, 0xa4, 0xbc, 0x6f, 0x59, 0x91,
-	0xaf, 0x87, 0xa1, 0x6d, 0xd2, 0x31, 0xea, 0x8f, 0x30, 0xe5, 0x70, 0x95, 0x37, 0x61, 0x09, 0x43,
-	0x36, 0x0c, 0xba, 0x8e, 0xaa, 0x61, 0x38, 0x22, 0x62, 0xd3, 0x66, 0x19, 0x92, 0x80, 0xd8, 0x2b,
-	0x50, 0x53, 0x87, 0xfa, 0xd2, 0xd3, 0x67, 0xe5, 0x7b, 0xfa, 0xfa, 0x2a, 0x6f, 0x30, 0xb7, 0xfe,
-	0x1b, 0x5f, 0x7d, 0xf2, 0x5d, 0xbf, 0xfd, 0xd5, 0x27, 0xdf, 0xf5, 0x07, 0x5f, 0x7d, 0xf2, 0x5d,
-	0x1f, 0xbf, 0xf3, 0xa4, 0xf5, 0x1b, 0x77, 0x9e, 0xb4, 0x7e, 0xfb, 0xce, 0x93, 0xd6, 0x1f, 0xdc,
-	0x79, 0xd2, 0xfa, 0xca, 0x9d, 0x27, 0xad, 0xb7, 0xfe, 0xeb, 0x93, 0xef, 0x7a, 0x25, 0x37, 0x2f,
-	0x82, 0xfe, 0x78, 0xbf, 0xdb, 0x98, 0xd9, 0x79, 0x8e, 0x85, 0xe6, 0xd3, 0xf5, 0x3c, 0x63, 0x4c,
-	0xe2, 0x19, 0xb9, 0x9e, 0xff, 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x87, 0xd1, 0xb1, 0x14, 0x1c,
-	0x01, 0x01, 0x00,
+	0x20, 0xf6, 0xef, 0x59, 0xf0, 0xf5, 0xfd, 0x88, 0xbd, 0xe3, 0xeb, 0x63, 0x1d, 0x4e, 0x37, 0xc8,
+	0x86, 0xd3, 0xf6, 0x93, 0x34, 0x47, 0xd1, 0xe9, 0x27, 0xc4, 0xc3, 0xa7, 0x17, 0xf2, 0x90, 0x70,
+	0xfe, 0xb3, 0xf6, 0x7f, 0xb1, 0xd8, 0x76, 0x5d, 0xbe, 0xd6, 0x7d, 0xd8, 0x3a, 0x05, 0xe9, 0xad,
+	0xd3, 0x62, 0x61, 0xcb, 0xb4, 0xc7, 0xde, 0xe9, 0x73, 0x16, 0x9c, 0x35, 0xb0, 0x96, 0x9d, 0xc4,
+	0xdd, 0xba, 0xb0, 0xdb, 0x8a, 0x48, 0x1c, 0xd3, 0x29, 0xf5, 0x84, 0x21, 0x8e, 0xe7, 0x86, 0x05,
+	0x85, 0xf2, 0x55, 0xd2, 0xe1, 0xb2, 0xf9, 0x19, 0xa8, 0xf2, 0x35, 0x17, 0x46, 0xe2, 0x23, 0xa9,
+	0x77, 0x5b, 0x11, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0xcc, 0xa5, 0x32, 0x88, 0x9a, 0x09,
+	0x40, 0xbf, 0xfb, 0x0d, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x53, 0xdd, 0x59, 0x8d, 0x08, 0x9b, 0x0f,
+	0x8d, 0x8b, 0x1e, 0xf1, 0x1b, 0x31, 0xdd, 0xd6, 0x39, 0x41, 0x10, 0x26, 0x62, 0x87, 0x66, 0x6c,
+	0xeb, 0x66, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xdf, 0x59, 0x27, 0x3e, 0x1f, 0x51, 0xc1, 0x74,
+	0x89, 0xb5, 0x60, 0x01, 0xb1, 0xef, 0x94, 0xd8, 0x06, 0x52, 0x49, 0x34, 0x72, 0x3f, 0xbc, 0x0f,
+	0x51, 0x4a, 0x05, 0xac, 0x16, 0x27, 0x8f, 0x49, 0x6f, 0x0f, 0xc4, 0x1b, 0x19, 0x2d, 0x80, 0x0b,
+	0xe5, 0xba, 0xbf, 0x17, 0xe2, 0x63, 0x65, 0x98, 0x4a, 0x3f, 0xd0, 0xa5, 0x44, 0xe8, 0x96, 0xd7,
+	0x60, 0x94, 0xf5, 0xd5, 0x19, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0x87, 0x4b, 0xc7, 0x29, 0x87, 0x4d,
+	0x35, 0x51, 0x3e, 0x40, 0x4d, 0x3c, 0xad, 0x46, 0x7d, 0x20, 0x23, 0xf3, 0xd2, 0xaa, 0xf2, 0x1c,
+	0x0c, 0xc4, 0x09, 0x69, 0x4d, 0x56, 0xd2, 0x62, 0xb6, 0x9e, 0x90, 0x16, 0x66, 0x10, 0xf4, 0x6d,
+	0x30, 0x9e, 0x38, 0xd1, 0x26, 0x49, 0x22, 0xb2, 0xe3, 0x31, 0xbf, 0x2e, 0xdb, 0xcf, 0xd6, 0xe6,
+	0x4e, 0x52, 0xab, 0x6b, 0x8d, 0x81, 0xb0, 0x04, 0xe1, 0x2c, 0xae, 0xfd, 0x3f, 0x4a, 0xf0, 0x68,
+	0xfa, 0x13, 0x68, 0xc5, 0xf8, 0xed, 0x29, 0xc5, 0xf8, 0x5e, 0x53, 0x31, 0xde, 0xdd, 0x9b, 0x7a,
+	0xac, 0xc7, 0x63, 0x5f, 0x35, 0x7a, 0x13, 0x5d, 0xca, 0x7c, 0x84, 0x99, 0x2e, 0x2f, 0xeb, 0x13,
+	0x3d, 0xde, 0x31, 0xf3, 0x95, 0x9e, 0x86, 0xc1, 0x88, 0x38, 0x71, 0x18, 0x88, 0xef, 0xa4, 0xbe,
+	0x26, 0x66, 0xad, 0x58, 0x40, 0xed, 0xdf, 0xad, 0x65, 0x07, 0xfb, 0x12, 0xf7, 0x55, 0x87, 0x11,
+	0xf2, 0x60, 0x80, 0xed, 0xda, 0xb8, 0x64, 0xb9, 0x7a, 0xb4, 0x55, 0x48, 0xb5, 0x88, 0x22, 0x3d,
+	0x57, 0xa5, 0x5f, 0x8d, 0x36, 0x61, 0xc6, 0x02, 0xed, 0x42, 0xd5, 0x95, 0x9b, 0xa9, 0x52, 0x11,
+	0x6e, 0x47, 0xb1, 0x95, 0xd2, 0x1c, 0x47, 0xa8, 0xb8, 0x57, 0x3b, 0x30, 0xc5, 0x0d, 0x11, 0x28,
+	0x6f, 0x7a, 0x89, 0xf8, 0xac, 0x47, 0xdc, 0x2e, 0x5f, 0xf2, 0x8c, 0x57, 0x1c, 0xa2, 0x3a, 0xe8,
+	0x92, 0x97, 0x60, 0x4a, 0x1f, 0x7d, 0xca, 0x82, 0xe1, 0xd8, 0x6d, 0xae, 0x46, 0xe1, 0x8e, 0xd7,
+	0x20, 0x91, 0xb0, 0x31, 0x8f, 0x28, 0xd9, 0xea, 0xf3, 0xcb, 0x92, 0xa0, 0xe6, 0xcb, 0xdd, 0x17,
+	0x1a, 0x82, 0x4d, 0xbe, 0x74, 0xef, 0xf5, 0xa8, 0x78, 0xf7, 0x05, 0xe2, 0xb2, 0x15, 0x27, 0xf7,
+	0xcc, 0x6c, 0xa6, 0x1c, 0xd9, 0xe6, 0x5e, 0x68, 0xbb, 0xdb, 0x74, 0xbd, 0xe9, 0x0e, 0x3d, 0x76,
+	0x67, 0x6f, 0xea, 0xd1, 0xf9, 0x7c, 0x9e, 0xb8, 0x57, 0x67, 0xd8, 0x80, 0xb5, 0xda, 0xbe, 0x8f,
+	0xc9, 0xeb, 0x6d, 0xc2, 0x3c, 0x62, 0x05, 0x0c, 0xd8, 0xaa, 0x26, 0x98, 0x19, 0x30, 0x03, 0x82,
+	0x4d, 0xbe, 0xe8, 0x75, 0x18, 0x6c, 0x3a, 0x49, 0xe4, 0xed, 0x0a, 0x37, 0xd8, 0x11, 0x77, 0x41,
+	0xcb, 0x8c, 0x96, 0x66, 0xce, 0x14, 0x3d, 0x6f, 0xc4, 0x82, 0x11, 0x6a, 0x42, 0xa5, 0x49, 0xa2,
+	0x4d, 0x32, 0x59, 0x2d, 0xc2, 0xe5, 0xbf, 0x4c, 0x49, 0x69, 0x86, 0x35, 0x6a, 0x5c, 0xb1, 0x36,
+	0xcc, 0xb9, 0xa0, 0x57, 0xa1, 0x1a, 0x13, 0x9f, 0xb8, 0xd4, 0x3c, 0xaa, 0x31, 0x8e, 0xcf, 0xf5,
+	0x69, 0x2a, 0x52, 0xbb, 0xa4, 0x2e, 0x1e, 0xe5, 0x0b, 0x4c, 0xfe, 0xc3, 0x8a, 0x24, 0x1d, 0xc0,
+	0x96, 0xdf, 0xde, 0xf4, 0x82, 0x49, 0x28, 0x62, 0x00, 0x57, 0x19, 0xad, 0xcc, 0x00, 0xf2, 0x46,
+	0x2c, 0x18, 0xd9, 0xff, 0xdd, 0x02, 0x94, 0x16, 0x6a, 0xf7, 0xc1, 0x26, 0x7e, 0x3d, 0x6d, 0x13,
+	0x2f, 0x15, 0x69, 0xb4, 0xf4, 0x30, 0x8b, 0x7f, 0xa1, 0x06, 0x19, 0x75, 0x70, 0x8d, 0xc4, 0x09,
+	0x69, 0xbc, 0x23, 0xc2, 0xdf, 0x11, 0xe1, 0xef, 0x88, 0x70, 0x25, 0xc2, 0xd7, 0x33, 0x22, 0xfc,
+	0x03, 0xc6, 0xaa, 0xd7, 0xb1, 0x07, 0xaf, 0xa9, 0xe0, 0x04, 0xb3, 0x07, 0x06, 0x02, 0x95, 0x04,
+	0x57, 0xea, 0x2b, 0xd7, 0x72, 0x65, 0xf6, 0x6b, 0x69, 0x99, 0x7d, 0x54, 0x16, 0x7f, 0x1d, 0xa4,
+	0xf4, 0x6f, 0x58, 0xf0, 0xee, 0xb4, 0xf4, 0x92, 0x33, 0x67, 0x71, 0x33, 0x08, 0x23, 0xb2, 0xe0,
+	0x6d, 0x6c, 0x90, 0x88, 0x04, 0x2e, 0x89, 0x95, 0x6f, 0xc7, 0xea, 0xe5, 0xdb, 0x41, 0xcf, 0xc3,
+	0xc8, 0xad, 0x38, 0x0c, 0x56, 0x43, 0x2f, 0x10, 0x22, 0x88, 0xee, 0x38, 0x4e, 0xdc, 0xd9, 0x9b,
+	0x1a, 0xa1, 0x23, 0x2a, 0xdb, 0x71, 0x0a, 0x0b, 0xcd, 0xc3, 0xc4, 0xad, 0xd7, 0x57, 0x9d, 0xc4,
+	0xf0, 0x26, 0xc8, 0x7d, 0x3f, 0x3b, 0x8f, 0xba, 0xf2, 0x72, 0x06, 0x88, 0xbb, 0xf1, 0xed, 0xbf,
+	0x57, 0x82, 0x33, 0x99, 0x17, 0x09, 0x7d, 0x3f, 0x6c, 0x27, 0x74, 0x4f, 0x84, 0x7e, 0xc2, 0x82,
+	0x13, 0xcd, 0xb4, 0xc3, 0x22, 0x16, 0xee, 0xee, 0xef, 0x2c, 0x4c, 0x47, 0x64, 0x3c, 0x22, 0x73,
+	0x93, 0x62, 0x84, 0x4e, 0x64, 0x00, 0x31, 0xee, 0xea, 0x0b, 0x7a, 0x15, 0x6a, 0x4d, 0x67, 0xf7,
+	0x7a, 0xab, 0xe1, 0x24, 0x72, 0x3b, 0xda, 0xdb, 0x8b, 0xd0, 0x4e, 0x3c, 0x7f, 0x9a, 0x47, 0xb5,
+	0x4c, 0x2f, 0x06, 0xc9, 0x4a, 0x54, 0x4f, 0x22, 0x2f, 0xd8, 0xe4, 0x4e, 0xce, 0x65, 0x49, 0x06,
+	0x6b, 0x8a, 0xf6, 0x8f, 0x5b, 0x59, 0x25, 0xa5, 0x46, 0x27, 0x72, 0x12, 0xb2, 0xd9, 0x41, 0x6f,
+	0x42, 0x85, 0xee, 0x1b, 0xe5, 0xa8, 0xdc, 0x2c, 0x52, 0x73, 0x1a, 0x5f, 0x42, 0x2b, 0x51, 0xfa,
+	0x2f, 0xc6, 0x9c, 0xa9, 0xfd, 0x13, 0xb5, 0xac, 0xb1, 0xc0, 0xce, 0xe6, 0xcf, 0x03, 0x6c, 0x86,
+	0x6b, 0xa4, 0xd9, 0xf2, 0xe9, 0xb0, 0x58, 0xec, 0x80, 0x47, 0xb9, 0x4a, 0x2e, 0x29, 0x08, 0x36,
+	0xb0, 0xd0, 0x0f, 0x5a, 0x00, 0x9b, 0x72, 0xce, 0x4b, 0x43, 0xe0, 0x7a, 0x91, 0xaf, 0xa3, 0x57,
+	0x94, 0xee, 0x8b, 0x62, 0x88, 0x0d, 0xe6, 0xe8, 0xfb, 0x2c, 0xa8, 0x26, 0xb2, 0xfb, 0x5c, 0x35,
+	0xae, 0x15, 0xd9, 0x13, 0xf9, 0xd2, 0xda, 0x26, 0x52, 0x43, 0xa2, 0xf8, 0xa2, 0xef, 0xb7, 0x00,
+	0xe2, 0x4e, 0xe0, 0xae, 0x86, 0xbe, 0xe7, 0x76, 0x84, 0xc6, 0xbc, 0x51, 0xa8, 0x3b, 0x47, 0x51,
+	0x9f, 0x1b, 0xa3, 0xa3, 0xa1, 0xff, 0x63, 0x83, 0x33, 0xfa, 0x28, 0x54, 0x63, 0x31, 0xdd, 0x84,
+	0x8e, 0x5c, 0x2b, 0xd6, 0xa9, 0xc4, 0x69, 0x0b, 0xf1, 0x2a, 0xfe, 0x61, 0xc5, 0x13, 0xfd, 0xa8,
+	0x05, 0xe3, 0xad, 0xb4, 0x9b, 0x50, 0xa8, 0xc3, 0xe2, 0x64, 0x40, 0xc6, 0x0d, 0xc9, 0xbd, 0x2d,
+	0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, 0x06, 0xaf, 0xb4, 0xb8, 0xcb, 0x72, 0x48, 0x4b,
+	0xc0, 0x4b, 0x59, 0x20, 0xee, 0xc6, 0x47, 0xab, 0x70, 0x8a, 0xf6, 0xae, 0xc3, 0xcd, 0x4f, 0xa9,
+	0x5e, 0x62, 0xa6, 0x0c, 0xab, 0x73, 0x8f, 0x8b, 0x19, 0xc2, 0xce, 0x3a, 0xb2, 0x38, 0x38, 0xf7,
+	0x49, 0xf4, 0xdb, 0x16, 0x3c, 0xee, 0x31, 0x35, 0x60, 0x3a, 0xec, 0xb5, 0x46, 0x10, 0x07, 0xed,
+	0xa4, 0x50, 0x59, 0xd1, 0x4b, 0xfd, 0xcc, 0x7d, 0xbd, 0x78, 0x83, 0xc7, 0x17, 0xf7, 0xe9, 0x12,
+	0xde, 0xb7, 0xc3, 0xe8, 0x9b, 0x61, 0x54, 0xae, 0x8b, 0x55, 0x2a, 0x82, 0x99, 0xa2, 0xad, 0xcd,
+	0x4d, 0xdc, 0xd9, 0x9b, 0x1a, 0x5d, 0x33, 0x01, 0x38, 0x8d, 0x67, 0xff, 0xeb, 0x72, 0xea, 0x94,
+	0x48, 0xf9, 0x30, 0x99, 0xb8, 0x71, 0xa5, 0xff, 0x47, 0x4a, 0xcf, 0x42, 0xc5, 0x8d, 0xf2, 0x2e,
+	0x69, 0x71, 0xa3, 0x9a, 0x62, 0x6c, 0x30, 0xa7, 0x46, 0xe9, 0x84, 0x93, 0xf5, 0x94, 0x0a, 0x09,
+	0xf8, 0x6a, 0x91, 0x5d, 0xea, 0x3e, 0xd3, 0x3b, 0x23, 0xba, 0x36, 0xd1, 0x05, 0xc2, 0xdd, 0x5d,
+	0x42, 0xdf, 0x03, 0xb5, 0x48, 0x45, 0xb6, 0x94, 0x8b, 0xd8, 0xaa, 0xc9, 0x69, 0x23, 0xba, 0xa3,
+	0x0e, 0x80, 0x74, 0x0c, 0x8b, 0xe6, 0x68, 0x7f, 0xba, 0x94, 0x3a, 0x18, 0x33, 0x64, 0x47, 0x1f,
+	0x87, 0x7e, 0x9f, 0xb7, 0x60, 0x38, 0x0a, 0x7d, 0xdf, 0x0b, 0x36, 0xa9, 0x9c, 0x13, 0xca, 0xfa,
+	0x43, 0xc7, 0xa2, 0x2f, 0x85, 0x40, 0x63, 0x96, 0x35, 0xd6, 0x3c, 0xb1, 0xd9, 0x01, 0xf4, 0x12,
+	0x8c, 0x36, 0x88, 0x4f, 0xe8, 0xb3, 0x2b, 0x11, 0xdd, 0x13, 0x71, 0x27, 0xb3, 0x8a, 0x14, 0x59,
+	0x30, 0x81, 0x38, 0x8d, 0x6b, 0xff, 0x89, 0x05, 0x93, 0xbd, 0x84, 0x39, 0x22, 0xf0, 0x98, 0x94,
+	0x54, 0x6a, 0x1c, 0x57, 0x02, 0x49, 0x4f, 0xe8, 0xe3, 0xa7, 0x04, 0x9f, 0xc7, 0x56, 0x7b, 0xa3,
+	0xe2, 0xfd, 0xe8, 0xa0, 0x57, 0xe0, 0x84, 0x31, 0x28, 0xb1, 0x1a, 0xd5, 0xda, 0xdc, 0x34, 0xb5,
+	0x9e, 0x66, 0x33, 0xb0, 0xbb, 0x7b, 0x53, 0x8f, 0x64, 0xdb, 0x84, 0xb6, 0xe9, 0xa2, 0x63, 0xff,
+	0x74, 0xd7, 0xa7, 0x56, 0x86, 0xc2, 0xdb, 0x56, 0x97, 0x2b, 0xe2, 0x3b, 0x8f, 0x43, 0x39, 0x33,
+	0xa7, 0x85, 0x8a, 0xe1, 0xe8, 0x8d, 0xf3, 0x00, 0xcf, 0xfc, 0xed, 0x7f, 0x3b, 0x00, 0xfb, 0xf4,
+	0xac, 0x0f, 0xcb, 0xff, 0xd0, 0x87, 0xb0, 0x9f, 0xb5, 0xd4, 0x69, 0x1b, 0x17, 0x00, 0x8d, 0xe3,
+	0x1a, 0x7b, 0xbe, 0xf9, 0x8a, 0x79, 0xdc, 0x89, 0x72, 0xc1, 0xa7, 0xcf, 0xf5, 0xd0, 0x17, 0xad,
+	0xf4, 0x79, 0x21, 0x8f, 0x88, 0xf4, 0x8e, 0xad, 0x4f, 0xc6, 0x21, 0x24, 0xef, 0x98, 0x3e, 0xba,
+	0xea, 0x75, 0x3c, 0x39, 0x0d, 0xb0, 0xe1, 0x05, 0x8e, 0xef, 0xbd, 0x41, 0xb7, 0x56, 0x15, 0x66,
+	0x1d, 0x30, 0x73, 0xeb, 0xa2, 0x6a, 0xc5, 0x06, 0xc6, 0xd9, 0xbf, 0x09, 0xc3, 0xc6, 0x9b, 0xe7,
+	0x84, 0xcb, 0x9c, 0x32, 0xc3, 0x65, 0x6a, 0x46, 0x94, 0xcb, 0xd9, 0x0f, 0xc0, 0x89, 0x6c, 0x07,
+	0x0f, 0xf3, 0xbc, 0xfd, 0x7f, 0x86, 0xb2, 0x07, 0x78, 0x6b, 0x24, 0x6a, 0xd2, 0xae, 0xbd, 0xe3,
+	0x15, 0x7b, 0xc7, 0x2b, 0xf6, 0x8e, 0x57, 0xcc, 0x3c, 0xd8, 0x10, 0x1e, 0x9f, 0xa1, 0xfb, 0xe4,
+	0xf1, 0x49, 0xf9, 0xb0, 0xaa, 0x85, 0xfb, 0xb0, 0xec, 0x4f, 0x75, 0xb9, 0xfd, 0xd7, 0x22, 0x42,
+	0x50, 0x08, 0x95, 0x20, 0x6c, 0x10, 0x69, 0x20, 0x5f, 0x29, 0xc6, 0xda, 0xbb, 0x16, 0x36, 0x8c,
+	0x58, 0x73, 0xfa, 0x2f, 0xc6, 0x9c, 0x8f, 0xfd, 0xc9, 0x41, 0x48, 0xd9, 0xa2, 0xfc, 0xbb, 0x7f,
+	0x23, 0x0c, 0x45, 0xa4, 0x15, 0x5e, 0xc7, 0x4b, 0x42, 0x97, 0xe9, 0x54, 0x1d, 0xde, 0x8c, 0x25,
+	0x9c, 0xea, 0xbc, 0x96, 0x93, 0x6c, 0x09, 0x65, 0xa6, 0x74, 0xde, 0xaa, 0x93, 0x6c, 0x61, 0x06,
+	0x41, 0x1f, 0x80, 0xb1, 0x24, 0x75, 0x8e, 0x2e, 0xce, 0x8b, 0x1f, 0x11, 0xb8, 0x63, 0xe9, 0x53,
+	0x76, 0x9c, 0xc1, 0x46, 0xaf, 0xc3, 0xc0, 0x16, 0xf1, 0x9b, 0xe2, 0xd3, 0xd7, 0x8b, 0xd3, 0x35,
+	0xec, 0x5d, 0x2f, 0x13, 0xbf, 0xc9, 0x25, 0x21, 0xfd, 0x85, 0x19, 0x2b, 0x3a, 0xef, 0x6b, 0xdb,
+	0xed, 0x38, 0x09, 0x9b, 0xde, 0x1b, 0xd2, 0x4d, 0xfa, 0x9d, 0x05, 0x33, 0xbe, 0x2a, 0xe9, 0x73,
+	0x7f, 0x94, 0xfa, 0x8b, 0x35, 0x67, 0xd6, 0x8f, 0x86, 0x17, 0xb1, 0x29, 0xd3, 0x11, 0xde, 0xce,
+	0xa2, 0xfb, 0xb1, 0x20, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, 0x46, 0x1d, 0xb5, 0xfe, 0x86,
+	0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, 0xf6, 0x72, 0xd7, 0xe1, 0x53, 0x50, 0x71, 0xb7, 0x9c,
+	0x28, 0x99, 0x1c, 0x61, 0x93, 0x46, 0xcd, 0xe2, 0x79, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x01, 0xe5,
+	0x88, 0x6c, 0xb0, 0xd0, 0x66, 0x23, 0xa8, 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d, 0x36, 0xd6,
+	0x33, 0xda, 0xee, 0x27, 0x4b, 0x69, 0xc3, 0x2e, 0x3d, 0x32, 0x7c, 0x3d, 0xb8, 0xed, 0x28, 0x96,
+	0xde, 0x35, 0x63, 0x3d, 0xb0, 0x66, 0x2c, 0xe1, 0xe8, 0xe3, 0x16, 0x0c, 0xdd, 0x8a, 0xc3, 0x20,
+	0x20, 0x89, 0x50, 0xa2, 0x37, 0x0a, 0x1e, 0xac, 0x2b, 0x9c, 0xba, 0xee, 0x83, 0x68, 0xc0, 0x92,
+	0x2f, 0xed, 0x2e, 0xd9, 0x75, 0xfd, 0x76, 0xa3, 0x2b, 0x92, 0xe6, 0x02, 0x6f, 0xc6, 0x12, 0x4e,
+	0x51, 0xbd, 0x80, 0xa3, 0x0e, 0xa4, 0x51, 0x17, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0xcf, 0x55, 0xe1,
+	0x74, 0xee, 0xf2, 0xa1, 0x26, 0x17, 0x33, 0x6a, 0x2e, 0x7a, 0x3e, 0x91, 0x31, 0x64, 0xcc, 0xe4,
+	0xba, 0xa1, 0x5a, 0xb1, 0x81, 0x81, 0xbe, 0x17, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x28, 0xef, 0xf7,
+	0x91, 0x2d, 0x1b, 0xda, 0x8f, 0x55, 0x49, 0x53, 0x7b, 0x00, 0x54, 0x53, 0x8c, 0x0d, 0x96, 0xe8,
+	0x05, 0x18, 0x8e, 0x88, 0x4f, 0x9c, 0x98, 0xc5, 0xce, 0x67, 0x13, 0x81, 0xb0, 0x06, 0x61, 0x13,
+	0x0f, 0x3d, 0xad, 0xc2, 0xed, 0x32, 0x61, 0x47, 0xe9, 0x90, 0x3b, 0xf4, 0x05, 0x0b, 0xc6, 0x36,
+	0x3c, 0x9f, 0x68, 0xee, 0x22, 0x6d, 0x67, 0xe5, 0xe8, 0x2f, 0x79, 0xd1, 0xa4, 0xab, 0x65, 0x68,
+	0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0xef, 0x90, 0x88, 0x09, 0xdf, 0xc1, 0xf4, 0x67, 0xbe,
+	0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x59, 0x18, 0x6f, 0x39, 0x71, 0x3c, 0x1f, 0x91, 0x06, 0x09, 0x12,
+	0xcf, 0xf1, 0x79, 0x52, 0x4d, 0x55, 0xc7, 0xa2, 0xaf, 0xa6, 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x08,
+	0x8f, 0x72, 0xf7, 0xd2, 0xb2, 0x17, 0xc7, 0x5e, 0xb0, 0xa9, 0xa7, 0x81, 0xf0, 0xb2, 0x4d, 0x09,
+	0x52, 0x8f, 0x2e, 0xe6, 0xa3, 0xe1, 0x5e, 0xcf, 0xa3, 0x67, 0xa0, 0x1a, 0x6f, 0x7b, 0xad, 0xf9,
+	0xa8, 0x11, 0xb3, 0xa3, 0xa5, 0xaa, 0xf6, 0xe9, 0xd6, 0x45, 0x3b, 0x56, 0x18, 0xc8, 0x85, 0x11,
+	0xfe, 0x49, 0x78, 0xbc, 0xa0, 0x90, 0xa0, 0xef, 0xeb, 0xa9, 0xc8, 0x45, 0xfe, 0xec, 0x34, 0x76,
+	0x6e, 0x5f, 0x90, 0x07, 0x5d, 0xfc, 0x5c, 0xe6, 0x86, 0x41, 0x06, 0xa7, 0x88, 0xa6, 0xf7, 0x74,
+	0xc3, 0x7d, 0xec, 0xe9, 0x5e, 0x80, 0xe1, 0xed, 0xf6, 0x3a, 0x11, 0x23, 0x2f, 0x04, 0x9b, 0x9a,
+	0x7d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0x2c, 0x54, 0xb3, 0xe5, 0x89, 0x7f, 0xf1, 0xe4, 0xa8, 0x11,
+	0xaa, 0xb9, 0xba, 0x28, 0x9b, 0xb1, 0x89, 0x43, 0xbb, 0x46, 0xc7, 0x62, 0x8d, 0xc4, 0x2c, 0x13,
+	0x83, 0x0e, 0x97, 0xea, 0x5a, 0x5d, 0x02, 0xb0, 0xc6, 0x41, 0xab, 0x70, 0x8a, 0xfe, 0xa9, 0xb3,
+	0xfc, 0xe1, 0x1b, 0x8e, 0xef, 0x35, 0x78, 0xdc, 0xe0, 0x78, 0xda, 0x39, 0x5a, 0xcf, 0xc1, 0xc1,
+	0xb9, 0x4f, 0xda, 0x3f, 0x56, 0x4a, 0x7b, 0x4e, 0x4c, 0x11, 0x86, 0x62, 0x2a, 0xa8, 0x92, 0x1b,
+	0x4e, 0x24, 0x0d, 0x9e, 0x23, 0x66, 0x46, 0x09, 0xba, 0x37, 0x9c, 0xc8, 0x14, 0x79, 0x8c, 0x01,
+	0x96, 0x9c, 0xd0, 0x2d, 0x18, 0x48, 0x7c, 0xa7, 0xa0, 0x54, 0x4a, 0x83, 0xa3, 0xf6, 0x82, 0x2d,
+	0xcd, 0xc6, 0x98, 0xf1, 0x40, 0x8f, 0xd3, 0xdd, 0xdb, 0xba, 0x3c, 0xa6, 0x13, 0x1b, 0xae, 0xf5,
+	0x18, 0xb3, 0x56, 0xfb, 0x6f, 0x8f, 0xe6, 0x68, 0x1d, 0x65, 0x08, 0xa0, 0xf3, 0x00, 0x74, 0xd2,
+	0xac, 0x46, 0x64, 0xc3, 0xdb, 0x15, 0x86, 0x98, 0x92, 0x6c, 0xd7, 0x14, 0x04, 0x1b, 0x58, 0xf2,
+	0x99, 0x7a, 0x7b, 0x83, 0x3e, 0x53, 0xea, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x87, 0x41,
+	0xaf, 0xe9, 0x6c, 0xaa, 0x28, 0xe2, 0xc7, 0xa9, 0x48, 0x5b, 0x64, 0x2d, 0x77, 0xf7, 0xa6, 0xc6,
+	0x54, 0x87, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0xa7, 0x2d, 0x18, 0x71, 0xc3, 0x66, 0x33, 0x0c, 0xf8,
+	0xf6, 0x59, 0xf8, 0x02, 0x6e, 0x1d, 0x97, 0x99, 0x34, 0x3d, 0x6f, 0x30, 0xe3, 0xce, 0x00, 0x95,
+	0xf3, 0x69, 0x82, 0x70, 0xaa, 0x57, 0xa6, 0xe4, 0xab, 0x1c, 0x20, 0xf9, 0x7e, 0xde, 0x82, 0x09,
+	0xfe, 0xac, 0xb1, 0xab, 0x17, 0xe9, 0x8d, 0xe1, 0x31, 0xbf, 0x56, 0x97, 0xa3, 0x43, 0x79, 0x8a,
+	0xbb, 0xe0, 0xb8, 0xbb, 0x93, 0xe8, 0x12, 0x4c, 0x6c, 0x84, 0x91, 0x4b, 0xcc, 0x81, 0x10, 0x62,
+	0x5b, 0x11, 0xba, 0x98, 0x45, 0xc0, 0xdd, 0xcf, 0xa0, 0x1b, 0xf0, 0x88, 0xd1, 0x68, 0x8e, 0x03,
+	0x97, 0xdc, 0x4f, 0x0a, 0x6a, 0x8f, 0x5c, 0xcc, 0xc5, 0xc2, 0x3d, 0x9e, 0x4e, 0x0b, 0xc9, 0x5a,
+	0x1f, 0x42, 0xf2, 0x35, 0x38, 0xe3, 0x76, 0x8f, 0xcc, 0x4e, 0xdc, 0x5e, 0x8f, 0xb9, 0x1c, 0xaf,
+	0xce, 0x7d, 0x9d, 0x20, 0x70, 0x66, 0xbe, 0x17, 0x22, 0xee, 0x4d, 0x03, 0xbd, 0x09, 0xd5, 0x88,
+	0xb0, 0xaf, 0x12, 0x8b, 0x5c, 0xbf, 0x23, 0x7a, 0x3b, 0xb4, 0x05, 0xcf, 0xc9, 0x6a, 0xcd, 0x24,
+	0x1a, 0x62, 0xac, 0x38, 0xa2, 0xdb, 0x30, 0xd4, 0x72, 0x12, 0x77, 0x4b, 0x64, 0xf8, 0x1d, 0xd9,
+	0xb1, 0xaf, 0x98, 0xb3, 0x73, 0x18, 0xa3, 0x5e, 0x02, 0x67, 0x82, 0x25, 0x37, 0x6a, 0xab, 0xb9,
+	0x61, 0xb3, 0x15, 0x06, 0x24, 0x48, 0xa4, 0x12, 0x19, 0xe3, 0x87, 0x25, 0xb2, 0x15, 0x1b, 0x18,
+	0x5d, 0xba, 0x5c, 0xa3, 0x4d, 0x4e, 0xec, 0xa3, 0xcb, 0x0d, 0x6a, 0xbd, 0x9e, 0xa7, 0xca, 0x86,
+	0xb9, 0x15, 0x6f, 0x7a, 0xc9, 0x56, 0xd8, 0x4e, 0xe4, 0x2e, 0x59, 0x28, 0x2a, 0xa5, 0x6c, 0x96,
+	0x72, 0x70, 0x70, 0xee, 0x93, 0x59, 0xcd, 0x3a, 0x7e, 0x6f, 0x9a, 0xf5, 0x44, 0x1f, 0x9a, 0xb5,
+	0x0e, 0xa7, 0x59, 0x0f, 0x84, 0x95, 0x2c, 0x9d, 0x96, 0xf1, 0x24, 0x62, 0x9d, 0x57, 0xc9, 0x31,
+	0x4b, 0x79, 0x48, 0x38, 0xff, 0xd9, 0xb3, 0xdf, 0x0e, 0x13, 0x5d, 0x42, 0xee, 0x50, 0x0e, 0xc9,
+	0x05, 0x78, 0x24, 0x5f, 0x9c, 0x1c, 0xca, 0x2d, 0xf9, 0x73, 0x99, 0xa0, 0x76, 0x63, 0x8b, 0xd6,
+	0x87, 0x8b, 0xdb, 0x81, 0x32, 0x09, 0x76, 0x84, 0x76, 0xbd, 0x78, 0xb4, 0x59, 0x7d, 0x21, 0xd8,
+	0xe1, 0xd2, 0x90, 0xf9, 0xf1, 0x2e, 0x04, 0x3b, 0x98, 0xd2, 0x46, 0x3f, 0x6c, 0xa5, 0x36, 0x10,
+	0xdc, 0x31, 0xfe, 0xe1, 0x63, 0xd9, 0x93, 0xf6, 0xbd, 0xa7, 0xb0, 0xff, 0x5d, 0x09, 0xce, 0x1d,
+	0x44, 0xa4, 0x8f, 0xe1, 0x7b, 0x0a, 0x06, 0x63, 0x16, 0xa6, 0x22, 0xd4, 0xd5, 0x30, 0x5d, 0xc5,
+	0x3c, 0x70, 0xe5, 0x35, 0x2c, 0x40, 0xc8, 0x87, 0x72, 0xd3, 0x69, 0x09, 0x7f, 0xe9, 0xe2, 0x51,
+	0x93, 0xff, 0xe8, 0x7f, 0xc7, 0x5f, 0x76, 0x5a, 0x7c, 0xce, 0x1b, 0x0d, 0x98, 0xb2, 0x41, 0x09,
+	0x54, 0x9c, 0x28, 0x72, 0x64, 0x4c, 0xc4, 0xd5, 0x62, 0xf8, 0xcd, 0x52, 0x92, 0xfc, 0x48, 0x39,
+	0xd5, 0x84, 0x39, 0x33, 0xfb, 0x47, 0xab, 0xa9, 0x4c, 0x31, 0x16, 0xe8, 0x12, 0xc3, 0xa0, 0x70,
+	0x93, 0x5a, 0x45, 0xe7, 0x5c, 0xf2, 0x54, 0x6c, 0xe6, 0x81, 0x10, 0x05, 0x2d, 0x04, 0x2b, 0xf4,
+	0x19, 0x8b, 0x95, 0x8d, 0x90, 0xe9, 0x77, 0x62, 0x57, 0x7f, 0x3c, 0x55, 0x2c, 0xcc, 0x62, 0x14,
+	0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x69, 0x1c, 0xb6, 0x9b, 0xe9, 0x2e, 0x8d, 0xc3, 0x76, 0x27, 0x12,
+	0x8e, 0x76, 0x73, 0x02, 0x5a, 0x0a, 0x28, 0x3d, 0xd0, 0x47, 0x08, 0xcb, 0x17, 0x2d, 0x98, 0xf0,
+	0xb2, 0x91, 0x09, 0x62, 0x0f, 0x7c, 0xb3, 0x18, 0x9f, 0x66, 0x77, 0xe0, 0x83, 0x32, 0x74, 0xba,
+	0x40, 0xb8, 0xbb, 0x33, 0xa8, 0x01, 0x03, 0x5e, 0xb0, 0x11, 0x0a, 0xf3, 0x6e, 0xee, 0x68, 0x9d,
+	0x5a, 0x0c, 0x36, 0x42, 0xbd, 0x9a, 0xe9, 0x3f, 0xcc, 0xa8, 0xa3, 0x25, 0x38, 0x25, 0x93, 0x85,
+	0x2e, 0x7b, 0x71, 0x12, 0x46, 0x9d, 0x25, 0xaf, 0xe9, 0x25, 0xcc, 0x34, 0x2b, 0xcf, 0x4d, 0x52,
+	0xf5, 0x86, 0x73, 0xe0, 0x38, 0xf7, 0x29, 0xf4, 0x06, 0x0c, 0xc9, 0x68, 0x80, 0x6a, 0x11, 0xfe,
+	0x84, 0xee, 0xf9, 0xaf, 0x26, 0x53, 0x5d, 0x84, 0x03, 0x48, 0x86, 0xe8, 0xd3, 0x16, 0x8c, 0xf1,
+	0xdf, 0x97, 0x3b, 0x0d, 0x9e, 0x9f, 0x58, 0x2b, 0x22, 0xe4, 0xbf, 0x9e, 0xa2, 0x39, 0x87, 0xee,
+	0xec, 0x4d, 0x8d, 0xa5, 0xdb, 0x70, 0x86, 0xaf, 0xfd, 0x4f, 0x46, 0xa0, 0x3b, 0x7e, 0x22, 0x1d,
+	0x2c, 0x61, 0xdd, 0xef, 0x60, 0x09, 0xba, 0xab, 0x8c, 0x75, 0x9c, 0x43, 0x01, 0xcb, 0x4c, 0x70,
+	0xd5, 0xc7, 0xd0, 0x9d, 0xc0, 0xc5, 0x8c, 0x07, 0x6a, 0xc3, 0x20, 0xaf, 0x4c, 0x25, 0x34, 0xc0,
+	0xd1, 0x4f, 0xbe, 0xcd, 0x0a, 0x57, 0xda, 0xad, 0xc5, 0x5b, 0xb1, 0x60, 0x86, 0x76, 0x61, 0x68,
+	0x8b, 0x4f, 0x47, 0xb1, 0xd7, 0x5b, 0x3e, 0xea, 0xf8, 0xa6, 0xe6, 0xb8, 0x9e, 0x7c, 0xa2, 0x01,
+	0x4b, 0x76, 0x2c, 0x36, 0xcf, 0x88, 0x1e, 0xe2, 0x82, 0xa4, 0xb8, 0x54, 0xcb, 0xfe, 0x43, 0x87,
+	0x3e, 0x02, 0x23, 0x11, 0x71, 0xc3, 0xc0, 0xf5, 0x7c, 0xd2, 0x98, 0x95, 0x07, 0x62, 0x87, 0xc9,
+	0xb0, 0x63, 0xde, 0x24, 0x6c, 0xd0, 0xc0, 0x29, 0x8a, 0x6c, 0x9d, 0xa9, 0xac, 0x7b, 0xfa, 0x41,
+	0x88, 0x38, 0xf8, 0x58, 0x2a, 0x28, 0xc7, 0x9f, 0xd1, 0xe4, 0xeb, 0x2c, 0xdd, 0x86, 0x33, 0x7c,
+	0xd1, 0x2b, 0x00, 0xe1, 0x3a, 0x0f, 0xc0, 0x9b, 0x4d, 0xc4, 0x29, 0xc8, 0x61, 0x5e, 0x75, 0x8c,
+	0x67, 0xea, 0x4a, 0x0a, 0xd8, 0xa0, 0x86, 0xae, 0x02, 0xf0, 0x95, 0xb3, 0xd6, 0x69, 0xc9, 0x0d,
+	0xa1, 0x4c, 0x91, 0x84, 0xba, 0x82, 0xdc, 0xdd, 0x9b, 0xea, 0xf6, 0x39, 0xb3, 0x28, 0x23, 0xe3,
+	0x71, 0xf4, 0xdd, 0x30, 0x14, 0xb7, 0x9b, 0x4d, 0x47, 0x9d, 0x91, 0x14, 0x98, 0xfb, 0xcb, 0xe9,
+	0x1a, 0x82, 0x91, 0x37, 0x60, 0xc9, 0x11, 0xdd, 0xa2, 0x22, 0x5e, 0x48, 0x28, 0xbe, 0x8a, 0xb8,
+	0x85, 0xc2, 0x3d, 0x81, 0xef, 0x97, 0xbb, 0x18, 0x9c, 0x83, 0x73, 0x77, 0x6f, 0xea, 0x91, 0x74,
+	0xfb, 0x52, 0x28, 0xb2, 0x71, 0x73, 0x69, 0xa2, 0x2b, 0xb2, 0x08, 0x17, 0x7d, 0x6d, 0x59, 0x1b,
+	0xe6, 0x3d, 0xba, 0x08, 0x17, 0x6b, 0xee, 0x3d, 0x66, 0xe6, 0xc3, 0x68, 0x19, 0x4e, 0xba, 0x61,
+	0x90, 0x44, 0xa1, 0xef, 0xf3, 0x02, 0x7d, 0x7c, 0x6f, 0xce, 0xcf, 0x50, 0x1e, 0x13, 0xdd, 0x3e,
+	0x39, 0xdf, 0x8d, 0x82, 0xf3, 0x9e, 0xa3, 0x36, 0x79, 0x56, 0x3f, 0x8c, 0x15, 0x72, 0xbc, 0x9e,
+	0xa2, 0x29, 0x24, 0x94, 0x72, 0x7b, 0x1f, 0xa0, 0x29, 0x82, 0xf4, 0x21, 0xab, 0xf8, 0x62, 0xcf,
+	0xc3, 0x08, 0xd9, 0x4d, 0x48, 0x14, 0x38, 0xfe, 0x75, 0xbc, 0x24, 0x0f, 0x2c, 0xd8, 0xc2, 0xbc,
+	0x60, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, 0x97, 0xcc, 0x48, 0x7b, 0xe7, 0x5e, 0x32, 0xe9, 0x13,
+	0xb3, 0x7f, 0xb6, 0x9c, 0xb2, 0x59, 0x1f, 0xc8, 0x91, 0x2e, 0xab, 0xaf, 0x24, 0x0b, 0x51, 0x31,
+	0x80, 0xd8, 0x8b, 0x15, 0xc9, 0x59, 0x45, 0xcd, 0xad, 0x98, 0x8c, 0x70, 0x9a, 0x2f, 0xda, 0x86,
+	0xca, 0x56, 0x18, 0x27, 0x72, 0x87, 0x76, 0xc4, 0xcd, 0xe0, 0xe5, 0x30, 0x4e, 0x98, 0xa1, 0xa5,
+	0x5e, 0x9b, 0xb6, 0xc4, 0x98, 0xf3, 0xa0, 0x7b, 0xff, 0x78, 0xcb, 0x89, 0x1a, 0xf1, 0x3c, 0x2b,
+	0x52, 0x31, 0xc0, 0x2c, 0x2c, 0x65, 0x4f, 0xd7, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x9f, 0x5a, 0xa9,
+	0x53, 0xad, 0x9b, 0x2c, 0xe3, 0x60, 0x87, 0x04, 0x54, 0x44, 0x99, 0x31, 0x8e, 0xdf, 0x9c, 0xc9,
+	0xdf, 0x7e, 0x77, 0xaf, 0x5a, 0x9a, 0xb7, 0x29, 0x85, 0x69, 0x46, 0xc2, 0x08, 0x87, 0xfc, 0x98,
+	0x95, 0x4e, 0xc4, 0x2f, 0x15, 0xb1, 0x75, 0x33, 0x8b, 0x51, 0x1c, 0x98, 0xd3, 0x6f, 0xff, 0xb0,
+	0x05, 0x43, 0x73, 0x8e, 0xbb, 0x1d, 0x6e, 0x6c, 0xa0, 0x67, 0xa0, 0xda, 0x68, 0x47, 0x66, 0x4d,
+	0x00, 0xe5, 0xac, 0x5a, 0x10, 0xed, 0x58, 0x61, 0xd0, 0xa9, 0xbf, 0xe1, 0xb8, 0xb2, 0x24, 0x45,
+	0x99, 0x4f, 0xfd, 0x8b, 0xac, 0x05, 0x0b, 0x08, 0x1d, 0xfe, 0xa6, 0xb3, 0x2b, 0x1f, 0xce, 0x1e,
+	0xa9, 0x2d, 0x6b, 0x10, 0x36, 0xf1, 0xec, 0x5f, 0xb7, 0x60, 0x72, 0xce, 0x89, 0x3d, 0x77, 0xb6,
+	0x9d, 0x6c, 0xcd, 0x79, 0xc9, 0x7a, 0xdb, 0xdd, 0x26, 0x09, 0x2f, 0x5d, 0x42, 0x7b, 0xd9, 0x8e,
+	0xe9, 0x0a, 0x54, 0x3b, 0x66, 0xd5, 0xcb, 0xeb, 0xa2, 0x1d, 0x2b, 0x0c, 0xf4, 0x06, 0x0c, 0xb7,
+	0x9c, 0x38, 0xbe, 0x1d, 0x46, 0x0d, 0x4c, 0x36, 0x8a, 0x29, 0x6e, 0x54, 0x27, 0x6e, 0x44, 0x12,
+	0x4c, 0x36, 0x44, 0x80, 0x8a, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0x0f, 0x5a, 0x70, 0x6a, 0x8e, 0x38,
+	0x11, 0x89, 0x58, 0x2d, 0x24, 0xf5, 0x22, 0xe8, 0x75, 0xa8, 0x26, 0xb4, 0x85, 0xf6, 0xc8, 0x2a,
+	0xb6, 0x47, 0x2c, 0xb4, 0x64, 0x4d, 0x10, 0xc7, 0x8a, 0x8d, 0xfd, 0x79, 0x0b, 0xce, 0xe4, 0xf5,
+	0x65, 0xde, 0x0f, 0xdb, 0x8d, 0x07, 0xd1, 0xa1, 0xbf, 0x6b, 0xc1, 0x08, 0x3b, 0xae, 0x5f, 0x20,
+	0x89, 0xe3, 0xf9, 0x5d, 0x75, 0x18, 0xad, 0x3e, 0xeb, 0x30, 0x9e, 0x83, 0x81, 0xad, 0xb0, 0x49,
+	0xb2, 0xa1, 0x26, 0x97, 0xc3, 0x26, 0xc1, 0x0c, 0x82, 0x9e, 0xa5, 0x93, 0xd0, 0x0b, 0x12, 0x87,
+	0x2e, 0x47, 0x79, 0x9c, 0x31, 0xce, 0x27, 0xa0, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x2b, 0x35, 0x18,
+	0x12, 0x71, 0x51, 0x7d, 0x97, 0xd2, 0x91, 0x5e, 0x9c, 0x52, 0x4f, 0x2f, 0x4e, 0x0c, 0x83, 0x2e,
+	0x2b, 0x96, 0x2b, 0x2c, 0xf4, 0xab, 0x85, 0x04, 0xd2, 0xf1, 0xfa, 0xbb, 0xba, 0x5b, 0xfc, 0x3f,
+	0x16, 0xac, 0xd0, 0x5b, 0x16, 0x8c, 0xbb, 0x61, 0x10, 0x10, 0x57, 0xdb, 0x8e, 0x03, 0x45, 0x6c,
+	0x10, 0xe6, 0xd3, 0x44, 0xf5, 0x49, 0x70, 0x06, 0x80, 0xb3, 0xec, 0xd1, 0x4b, 0x30, 0xca, 0xc7,
+	0xec, 0x46, 0xea, 0x0c, 0x46, 0x97, 0xe7, 0x33, 0x81, 0x38, 0x8d, 0x8b, 0xa6, 0xf9, 0x59, 0x96,
+	0x28, 0x84, 0x37, 0xa8, 0x5d, 0xd5, 0x46, 0x09, 0x3c, 0x03, 0x03, 0x45, 0x80, 0x22, 0xb2, 0x11,
+	0x91, 0x78, 0x4b, 0xc4, 0x8d, 0x31, 0xbb, 0x75, 0xe8, 0xde, 0x8a, 0x60, 0xe0, 0x2e, 0x4a, 0x38,
+	0x87, 0x3a, 0xda, 0x16, 0x6e, 0x84, 0x6a, 0x11, 0xf2, 0x5c, 0x7c, 0xe6, 0x9e, 0xde, 0x84, 0x29,
+	0xa8, 0x30, 0xd5, 0xc5, 0xec, 0xe5, 0x32, 0x4f, 0xbc, 0x64, 0x8a, 0x0d, 0xf3, 0x76, 0xb4, 0x00,
+	0x27, 0x32, 0xc5, 0x05, 0x63, 0x71, 0x56, 0xa2, 0x92, 0xec, 0x32, 0x65, 0x09, 0x63, 0xdc, 0xf5,
+	0x84, 0xe9, 0x62, 0x1a, 0x3e, 0xc0, 0xc5, 0xd4, 0x51, 0xd1, 0xc9, 0xfc, 0x14, 0xe3, 0xe5, 0x42,
+	0x06, 0xa0, 0xaf, 0x50, 0xe4, 0xcf, 0x65, 0x42, 0x91, 0x47, 0x59, 0x07, 0x6e, 0x14, 0xd3, 0x81,
+	0xc3, 0xc7, 0x1d, 0x3f, 0xc8, 0x38, 0xe2, 0xff, 0x6d, 0x81, 0xfc, 0xae, 0xf3, 0x8e, 0xbb, 0x45,
+	0xe8, 0x94, 0x41, 0x1f, 0x80, 0x31, 0xe5, 0x9d, 0xe0, 0x26, 0x91, 0xc5, 0x66, 0x8d, 0xb2, 0x9d,
+	0x71, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x06, 0x6a, 0x74, 0x9c, 0xf8, 0xa3, 0x5c, 0xef, 0x2b, 0x0f,
+	0xc8, 0xec, 0xea, 0xa2, 0x78, 0x4a, 0xe3, 0xa0, 0x10, 0x26, 0x7c, 0x27, 0x4e, 0x58, 0x0f, 0xea,
+	0x9d, 0xc0, 0xbd, 0xc7, 0x12, 0x34, 0x2c, 0x93, 0x6b, 0x29, 0x4b, 0x08, 0x77, 0xd3, 0xb6, 0xff,
+	0x43, 0x05, 0x46, 0x53, 0x92, 0xf1, 0x90, 0x06, 0xc3, 0x33, 0x50, 0x95, 0x3a, 0x3c, 0x5b, 0x6b,
+	0x4b, 0x29, 0x7a, 0x85, 0x41, 0x95, 0xd6, 0xba, 0xd6, 0xaa, 0x59, 0x03, 0xc7, 0x50, 0xb8, 0xd8,
+	0xc4, 0x63, 0x42, 0x39, 0xf1, 0xe3, 0x79, 0xdf, 0x23, 0x41, 0xc2, 0xbb, 0x59, 0x8c, 0x50, 0x5e,
+	0x5b, 0xaa, 0x9b, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0xa4, 0x05, 0xa3, 0xce,
+	0xed, 0x58, 0x57, 0x74, 0x17, 0x41, 0xc7, 0x47, 0x54, 0x52, 0xa9, 0x22, 0xf1, 0xdc, 0xb1, 0x9f,
+	0x6a, 0xc2, 0x69, 0xa6, 0xe8, 0x6d, 0x0b, 0x10, 0xd9, 0x25, 0xae, 0x0c, 0x8b, 0x16, 0x7d, 0x19,
+	0x2c, 0x62, 0x07, 0x7f, 0xa1, 0x8b, 0x2e, 0x97, 0xea, 0xdd, 0xed, 0x38, 0xa7, 0x0f, 0xe8, 0x0a,
+	0xa0, 0x86, 0x17, 0x3b, 0xeb, 0x3e, 0x99, 0x0f, 0x9b, 0x32, 0xfb, 0x58, 0x9c, 0xa7, 0x9f, 0x15,
+	0xe3, 0x8c, 0x16, 0xba, 0x30, 0x70, 0xce, 0x53, 0x6c, 0x96, 0x45, 0xe1, 0x6e, 0xe7, 0x7a, 0xe4,
+	0x33, 0x2d, 0x61, 0xce, 0x32, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x67, 0x65, 0xb5, 0x94, 0x75, 0x0e,
+	0x80, 0x63, 0xc4, 0x22, 0x5b, 0xf7, 0x1e, 0x8b, 0xac, 0x23, 0xa5, 0xba, 0x73, 0xea, 0x53, 0x29,
+	0xb8, 0xa5, 0x07, 0x94, 0x82, 0xfb, 0x7d, 0x56, 0xaa, 0x9e, 0xdd, 0xf0, 0xf9, 0x57, 0x8a, 0xcd,
+	0x3f, 0x98, 0xe6, 0x51, 0x5c, 0x19, 0xbd, 0x92, 0x09, 0xde, 0x7b, 0x06, 0xaa, 0x1b, 0xbe, 0xc3,
+	0xaa, 0xb0, 0xb0, 0x85, 0x6a, 0x44, 0x98, 0x5d, 0x14, 0xed, 0x58, 0x61, 0x50, 0xa9, 0x6f, 0x10,
+	0x3d, 0x94, 0xd4, 0xfe, 0xcf, 0x65, 0x18, 0x36, 0x34, 0x7e, 0xae, 0xf9, 0x66, 0x3d, 0x64, 0xe6,
+	0x5b, 0xe9, 0x10, 0xe6, 0xdb, 0xf7, 0x42, 0xcd, 0x95, 0xda, 0xa8, 0x98, 0xfa, 0xfc, 0x59, 0x1d,
+	0xa7, 0x15, 0x92, 0x6a, 0xc2, 0x9a, 0x27, 0xba, 0x94, 0x4a, 0xf3, 0x4c, 0xf9, 0x05, 0xf2, 0xf2,
+	0x30, 0x85, 0x46, 0xeb, 0x7e, 0x26, 0x1b, 0x1f, 0x50, 0x39, 0x38, 0x3e, 0xc0, 0xfe, 0x03, 0x4b,
+	0x7d, 0xdc, 0xfb, 0x50, 0xcf, 0xe7, 0x56, 0xba, 0x9e, 0xcf, 0x85, 0x42, 0x86, 0xb9, 0x47, 0x21,
+	0x9f, 0x6b, 0x30, 0x34, 0x1f, 0x36, 0x9b, 0x4e, 0xd0, 0x40, 0xdf, 0x00, 0x43, 0x2e, 0xff, 0x29,
+	0x7c, 0x68, 0xec, 0xb0, 0x5a, 0x40, 0xb1, 0x84, 0xa1, 0xc7, 0x61, 0xc0, 0x89, 0x36, 0xa5, 0xdf,
+	0x8c, 0x05, 0xc1, 0xcd, 0x46, 0x9b, 0x31, 0x66, 0xad, 0xf6, 0x5f, 0x58, 0x30, 0x46, 0x1f, 0xf1,
+	0xd8, 0x4b, 0xb1, 0xd7, 0x79, 0x1a, 0x06, 0x9d, 0x76, 0xb2, 0x15, 0x76, 0xed, 0xc3, 0x66, 0x59,
+	0x2b, 0x16, 0x50, 0xba, 0x0f, 0x53, 0x85, 0x20, 0x8c, 0x7d, 0xd8, 0x02, 0x9d, 0xcb, 0x0c, 0x42,
+	0x4d, 0xd9, 0xb8, 0xbd, 0x9e, 0x77, 0x5a, 0x5a, 0xe7, 0xcd, 0x58, 0xc2, 0x29, 0xb1, 0xf5, 0xb0,
+	0xd1, 0x11, 0xa1, 0xbd, 0x8a, 0xd8, 0x5c, 0xd8, 0xe8, 0x60, 0x06, 0x41, 0x4f, 0x40, 0x39, 0xde,
+	0x72, 0xe4, 0xb9, 0xbc, 0x8c, 0x32, 0xaf, 0x5f, 0x9e, 0xc5, 0xb4, 0x5d, 0x25, 0x4d, 0x44, 0x7e,
+	0x36, 0xc6, 0x36, 0x9d, 0x34, 0x11, 0xf9, 0xf6, 0xbf, 0x1c, 0x00, 0x16, 0x6f, 0xe3, 0x44, 0xa4,
+	0xb1, 0x16, 0xb2, 0x52, 0xc2, 0xc7, 0x7a, 0xac, 0xad, 0x37, 0xb2, 0x0f, 0xf3, 0xd1, 0xb6, 0x71,
+	0xbc, 0x59, 0xbe, 0xdf, 0xc7, 0x9b, 0xf9, 0x27, 0xd6, 0x03, 0x0f, 0xd1, 0x89, 0xb5, 0xfd, 0x59,
+	0x0b, 0x90, 0x8a, 0x9e, 0xd2, 0x21, 0x25, 0x33, 0x50, 0x53, 0xe1, 0x5a, 0x62, 0xbd, 0x68, 0xb1,
+	0x28, 0x01, 0x58, 0xe3, 0xf4, 0xe1, 0xbd, 0x78, 0x4a, 0xea, 0xac, 0x72, 0x3a, 0xe7, 0x82, 0x69,
+	0x3a, 0xa1, 0xc2, 0xec, 0x5f, 0x2d, 0xc1, 0x23, 0xdc, 0x5c, 0x5a, 0x76, 0x02, 0x67, 0x93, 0x34,
+	0x69, 0xaf, 0xfa, 0x0d, 0x12, 0x72, 0xe9, 0xb6, 0xd9, 0x93, 0x19, 0x12, 0x47, 0x95, 0x57, 0x5c,
+	0xce, 0x70, 0xc9, 0xb2, 0x18, 0x78, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x55, 0x79, 0x99, 0x91, 0xd0,
+	0x3f, 0x05, 0x31, 0x52, 0xa2, 0x58, 0x58, 0x16, 0x04, 0x2b, 0x46, 0xd4, 0x7c, 0xf0, 0x43, 0x77,
+	0x9b, 0x2e, 0xf9, 0xac, 0xf9, 0xb0, 0x24, 0xda, 0xb1, 0xc2, 0xb0, 0x9b, 0x30, 0x2e, 0xc7, 0xb0,
+	0x75, 0x95, 0x74, 0x30, 0xd9, 0xa0, 0x3a, 0xd7, 0x95, 0x4d, 0xc6, 0xfd, 0x4a, 0x4a, 0xe7, 0xce,
+	0x9b, 0x40, 0x9c, 0xc6, 0x95, 0xd5, 0x85, 0x4b, 0xf9, 0xd5, 0x85, 0xed, 0x5f, 0xb5, 0x20, 0xab,
+	0xf4, 0x8d, 0x5a, 0xaa, 0xd6, 0xbe, 0xb5, 0x54, 0x0f, 0x51, 0x8d, 0xf4, 0xbb, 0x60, 0xd8, 0x49,
+	0xa8, 0x55, 0xc7, 0x3d, 0x30, 0xe5, 0x7b, 0x3b, 0x39, 0x5c, 0x0e, 0x1b, 0xde, 0x86, 0xc7, 0x3c,
+	0x2f, 0x26, 0x39, 0xfb, 0x6d, 0x0b, 0x6a, 0x0b, 0x51, 0xe7, 0xf0, 0xa9, 0x6a, 0xdd, 0x89, 0x68,
+	0xa5, 0x43, 0x25, 0xa2, 0xc9, 0x54, 0xb7, 0x72, 0xaf, 0x54, 0x37, 0xfb, 0x2f, 0x07, 0x60, 0xa2,
+	0x2b, 0xf7, 0x12, 0xbd, 0x08, 0x23, 0xea, 0x2b, 0x49, 0xb7, 0x6b, 0xcd, 0x0c, 0x5e, 0xd6, 0x30,
+	0x9c, 0xc2, 0xec, 0x63, 0xa9, 0x2e, 0xc2, 0xc9, 0x88, 0xbc, 0xde, 0x26, 0x6d, 0x32, 0xbb, 0x91,
+	0x90, 0xa8, 0x4e, 0xdc, 0x30, 0x68, 0xf0, 0x62, 0xc4, 0xe5, 0xb9, 0x47, 0xef, 0xec, 0x4d, 0x9d,
+	0xc4, 0xdd, 0x60, 0x9c, 0xf7, 0x0c, 0x6a, 0xc1, 0xa8, 0x6f, 0xee, 0x17, 0xc4, 0x36, 0xf5, 0x9e,
+	0xb6, 0x1a, 0x6a, 0xb6, 0xa6, 0x9a, 0x71, 0x9a, 0x41, 0x7a, 0xd3, 0x51, 0x79, 0x40, 0x9b, 0x8e,
+	0x4f, 0xe8, 0x4d, 0x07, 0x8f, 0x05, 0xfa, 0x50, 0xc1, 0xb9, 0xb7, 0xfd, 0xec, 0x3a, 0x8e, 0xb2,
+	0x8f, 0x78, 0x19, 0xaa, 0x32, 0x4e, 0xb2, 0xaf, 0xf8, 0x42, 0x93, 0x4e, 0x0f, 0xd9, 0x7e, 0xb7,
+	0x04, 0x39, 0x5b, 0x65, 0xba, 0xd6, 0xb4, 0xbd, 0x97, 0x5a, 0x6b, 0x87, 0xb3, 0xf9, 0xd0, 0x2e,
+	0x8f, 0x11, 0xe5, 0x5a, 0xfe, 0x83, 0x45, 0x6f, 0xf5, 0x75, 0xd8, 0xa8, 0x92, 0x80, 0x2a, 0x74,
+	0xf4, 0x3c, 0x80, 0x36, 0xd3, 0x85, 0xad, 0xa7, 0x82, 0x3e, 0xb4, 0x35, 0x8f, 0x0d, 0x2c, 0xf4,
+	0x02, 0x0c, 0x7b, 0x41, 0x9c, 0x38, 0xbe, 0x7f, 0xd9, 0x0b, 0x12, 0x61, 0xff, 0x29, 0x73, 0x66,
+	0x51, 0x83, 0xb0, 0x89, 0x77, 0xf6, 0xfd, 0xc6, 0x77, 0x39, 0xcc, 0xf7, 0xdc, 0x82, 0x33, 0x97,
+	0xbc, 0x44, 0x25, 0x1f, 0xaa, 0x79, 0x44, 0xad, 0x70, 0x25, 0x83, 0xac, 0x9e, 0xe9, 0xb6, 0x46,
+	0xf2, 0x5f, 0x29, 0x9d, 0xab, 0x98, 0x4d, 0xfe, 0xb3, 0x5d, 0x38, 0x75, 0xc9, 0x4b, 0x2e, 0x7a,
+	0x3e, 0x39, 0x46, 0x26, 0xbf, 0x3c, 0x08, 0x23, 0x66, 0x4e, 0xfe, 0x61, 0x24, 0xf6, 0xe7, 0xa9,
+	0x7d, 0x2a, 0x06, 0xc2, 0x53, 0x07, 0xd9, 0x37, 0x8f, 0x5c, 0x20, 0x20, 0x7f, 0x70, 0x0d, 0x13,
+	0x55, 0xf3, 0xc4, 0x66, 0x07, 0xd0, 0x6d, 0xa8, 0x6c, 0xb0, 0x3c, 0xb6, 0x72, 0x11, 0x21, 0x48,
+	0x79, 0x83, 0xaf, 0x57, 0x24, 0xcf, 0x84, 0xe3, 0xfc, 0xa8, 0x59, 0x11, 0xa5, 0xd3, 0xa7, 0x8d,
+	0xec, 0x02, 0xa1, 0xaf, 0x14, 0x46, 0x2f, 0xad, 0x50, 0xb9, 0x07, 0xad, 0x90, 0x92, 0xd1, 0x83,
+	0x0f, 0x48, 0x46, 0xb3, 0x9c, 0xc4, 0x64, 0x8b, 0x19, 0xbd, 0x22, 0x1d, 0x6a, 0x88, 0x0d, 0x82,
+	0x91, 0x93, 0x98, 0x02, 0xe3, 0x2c, 0x3e, 0xfa, 0xa8, 0x92, 0xf2, 0xd5, 0x22, 0x0e, 0x0a, 0xcc,
+	0x19, 0x7d, 0xdc, 0x02, 0xfe, 0xb3, 0x25, 0x18, 0xbb, 0x14, 0xb4, 0x57, 0x2f, 0xad, 0xb6, 0xd7,
+	0x7d, 0xcf, 0xbd, 0x4a, 0x3a, 0x54, 0x8a, 0x6f, 0x93, 0xce, 0xe2, 0x82, 0x58, 0x41, 0x6a, 0xce,
+	0x5c, 0xa5, 0x8d, 0x98, 0xc3, 0xa8, 0xdc, 0xda, 0xf0, 0x82, 0x4d, 0x12, 0xb5, 0x22, 0x4f, 0xf8,
+	0xf0, 0x0d, 0xb9, 0x75, 0x51, 0x83, 0xb0, 0x89, 0x47, 0x69, 0x87, 0xb7, 0x03, 0x55, 0x20, 0x49,
+	0xd1, 0x5e, 0xa1, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12, 0xb5, 0x85, 0x8b, 0xcc, 0x40, 0x5a, 0xa3,
+	0x8d, 0x98, 0xc3, 0xc4, 0xee, 0x9b, 0x45, 0x78, 0x55, 0xba, 0x76, 0xdf, 0x2c, 0x38, 0x42, 0xc2,
+	0x29, 0xea, 0x36, 0xe9, 0x2c, 0x38, 0x89, 0x93, 0xdd, 0x3c, 0x5f, 0xe5, 0xcd, 0x58, 0xc2, 0x59,
+	0xc5, 0xe4, 0xf4, 0x70, 0x7c, 0xd5, 0x55, 0x4c, 0x4e, 0x77, 0xbf, 0x87, 0xa3, 0xe5, 0xef, 0x94,
+	0x60, 0xe4, 0x9d, 0x6b, 0x4d, 0x73, 0x2e, 0xec, 0xb9, 0x09, 0x13, 0x5d, 0x99, 0xd0, 0x7d, 0x58,
+	0x3e, 0x07, 0x56, 0xaa, 0xb0, 0x31, 0x0c, 0x53, 0xc2, 0xb2, 0x52, 0xe0, 0x3c, 0x4c, 0xf0, 0xc5,
+	0x4b, 0x39, 0xb1, 0xc4, 0x56, 0x95, 0xdd, 0xce, 0x0e, 0xa9, 0x6e, 0x64, 0x81, 0xb8, 0x1b, 0xdf,
+	0xfe, 0x9c, 0x05, 0xa3, 0xa9, 0xe4, 0xf4, 0x82, 0x6c, 0x34, 0xb6, 0xba, 0x43, 0x16, 0x9d, 0xcc,
+	0xb2, 0x45, 0xca, 0x4c, 0x0d, 0xeb, 0xd5, 0xad, 0x41, 0xd8, 0xc4, 0xb3, 0x7f, 0xab, 0x0c, 0x55,
+	0x19, 0x49, 0xd5, 0x47, 0x57, 0x3e, 0x63, 0xc1, 0xa8, 0x3a, 0x18, 0x64, 0x9e, 0xdc, 0x52, 0x11,
+	0xb9, 0x72, 0xb4, 0x07, 0xca, 0x2f, 0x12, 0x6c, 0x84, 0x7a, 0xc3, 0x80, 0x4d, 0x66, 0x38, 0xcd,
+	0x1b, 0xdd, 0x00, 0x88, 0x3b, 0x71, 0x42, 0x9a, 0x86, 0x4f, 0xd9, 0x36, 0x66, 0xd9, 0xb4, 0x1b,
+	0x46, 0x84, 0xce, 0xa9, 0x6b, 0x61, 0x83, 0xd4, 0x15, 0xa6, 0xb6, 0xf0, 0x74, 0x1b, 0x36, 0x28,
+	0xa1, 0x37, 0xd4, 0x31, 0xf6, 0x40, 0x11, 0x7a, 0x5d, 0x8e, 0x6f, 0x3f, 0xe7, 0xd8, 0x47, 0x38,
+	0x37, 0xb6, 0x7f, 0xa6, 0x04, 0x27, 0xb2, 0x23, 0x89, 0x3e, 0x04, 0x23, 0x72, 0xd0, 0x0c, 0xf7,
+	0x81, 0x0c, 0x5f, 0x1b, 0xc1, 0x06, 0xec, 0xee, 0xde, 0xd4, 0x54, 0xf7, 0xfd, 0xd8, 0xd3, 0x26,
+	0x0a, 0x4e, 0x11, 0xe3, 0x87, 0xca, 0x22, 0xfa, 0x61, 0xae, 0x33, 0xdb, 0x6a, 0x89, 0x93, 0x61,
+	0xe3, 0x50, 0xd9, 0x84, 0xe2, 0x0c, 0x36, 0x5a, 0x85, 0x53, 0x46, 0xcb, 0x35, 0xe2, 0x6d, 0x6e,
+	0xad, 0x87, 0x91, 0xdc, 0xaf, 0x3e, 0xae, 0x83, 0x65, 0xbb, 0x71, 0x70, 0xee, 0x93, 0xd4, 0x30,
+	0x72, 0x9d, 0x96, 0xe3, 0x7a, 0x49, 0x47, 0xf8, 0xf6, 0x95, 0x18, 0x9f, 0x17, 0xed, 0x58, 0x61,
+	0xd8, 0xff, 0x70, 0x00, 0x4e, 0xf0, 0xe8, 0x50, 0xa2, 0x82, 0x9f, 0xd1, 0x87, 0xa0, 0x16, 0x27,
+	0x4e, 0xc4, 0x9d, 0x15, 0xd6, 0xa1, 0x45, 0x97, 0xce, 0xa8, 0x97, 0x44, 0xb0, 0xa6, 0x87, 0x5e,
+	0x61, 0xe5, 0xc8, 0xbc, 0x78, 0x8b, 0x51, 0x2f, 0xdd, 0x9b, 0x2b, 0xe4, 0xa2, 0xa2, 0x80, 0x0d,
+	0x6a, 0xe8, 0x5b, 0xa1, 0xd2, 0xda, 0x72, 0x62, 0xe9, 0xa7, 0x7b, 0x5a, 0xca, 0x89, 0x55, 0xda,
+	0x78, 0x77, 0x6f, 0xea, 0x74, 0xf6, 0x55, 0x19, 0x00, 0xf3, 0x87, 0x4c, 0x29, 0x3f, 0x70, 0xf0,
+	0x7d, 0x3b, 0x8d, 0xa8, 0x53, 0xbf, 0x3c, 0x9b, 0xbd, 0xa1, 0x65, 0x81, 0xb5, 0x62, 0x01, 0xa5,
+	0x32, 0x69, 0x8b, 0xb3, 0x6c, 0x50, 0xe4, 0xc1, 0xb4, 0xc5, 0x71, 0x59, 0x83, 0xb0, 0x89, 0x87,
+	0x3e, 0xdb, 0x1d, 0x3b, 0x3c, 0x74, 0x0c, 0xb9, 0x25, 0xfd, 0x46, 0x0d, 0x5f, 0x80, 0x9a, 0xe8,
+	0xea, 0x5a, 0x88, 0x5e, 0x84, 0x11, 0xee, 0x06, 0x9a, 0x8b, 0x9c, 0xc0, 0xdd, 0xca, 0x3a, 0x6f,
+	0xd6, 0x0c, 0x18, 0x4e, 0x61, 0xda, 0xcb, 0x30, 0xd0, 0xa7, 0x90, 0xed, 0x6b, 0x4f, 0xfe, 0x32,
+	0x54, 0x29, 0x39, 0xb9, 0x41, 0x2b, 0x82, 0x64, 0x08, 0x55, 0x79, 0x7b, 0x23, 0xb2, 0xa1, 0xec,
+	0x39, 0x32, 0x46, 0x44, 0x2d, 0xa1, 0xc5, 0x38, 0x6e, 0xb3, 0x69, 0x47, 0x81, 0xe8, 0x29, 0x28,
+	0x93, 0xdd, 0x56, 0x36, 0x18, 0xe4, 0xc2, 0x6e, 0xcb, 0x8b, 0x48, 0x4c, 0x91, 0xc8, 0x6e, 0x0b,
+	0x9d, 0x85, 0x92, 0xd7, 0x10, 0x33, 0x12, 0x04, 0x4e, 0x69, 0x71, 0x01, 0x97, 0xbc, 0x86, 0xbd,
+	0x0b, 0x35, 0x75, 0x5d, 0x24, 0xda, 0x96, 0x26, 0x95, 0x55, 0x44, 0x74, 0xb0, 0xa4, 0xdb, 0xc3,
+	0x98, 0x6a, 0x03, 0xe8, 0x52, 0x0d, 0x45, 0xa9, 0xe0, 0x73, 0x30, 0xe0, 0x86, 0xa2, 0xc8, 0x4e,
+	0x55, 0x93, 0x61, 0xb6, 0x14, 0x83, 0xd8, 0x37, 0x61, 0xec, 0x6a, 0x10, 0xde, 0x66, 0xb7, 0x3a,
+	0xb1, 0x22, 0xc6, 0x94, 0xf0, 0x06, 0xfd, 0x91, 0xb5, 0xdc, 0x19, 0x14, 0x73, 0x98, 0x2a, 0xaf,
+	0x5a, 0xea, 0x55, 0x5e, 0xd5, 0xfe, 0x98, 0x05, 0x23, 0x2a, 0xe7, 0xfb, 0xd2, 0xce, 0x36, 0xa5,
+	0xbb, 0x19, 0x85, 0xed, 0x56, 0x96, 0x2e, 0xbb, 0x99, 0x16, 0x73, 0x98, 0x59, 0x0c, 0xa1, 0x74,
+	0x40, 0x31, 0x84, 0x73, 0x30, 0xb0, 0xed, 0x05, 0x8d, 0xac, 0xb3, 0xf3, 0xaa, 0x17, 0x34, 0x30,
+	0x83, 0xd8, 0x7f, 0x65, 0xc1, 0x09, 0xd5, 0x05, 0x69, 0x33, 0xbd, 0x08, 0x23, 0xeb, 0x6d, 0xcf,
+	0x6f, 0xc8, 0xea, 0xcc, 0x99, 0xe5, 0x32, 0x67, 0xc0, 0x70, 0x0a, 0x13, 0x9d, 0x07, 0x58, 0xf7,
+	0x02, 0x27, 0xea, 0xac, 0x6a, 0x23, 0x4d, 0xe9, 0xed, 0x39, 0x05, 0xc1, 0x06, 0x16, 0x7a, 0x13,
+	0xaa, 0x3b, 0xf2, 0x54, 0xb6, 0x5c, 0x68, 0x0e, 0xbf, 0x18, 0x0f, 0xbd, 0x12, 0xd4, 0x31, 0xaf,
+	0xe2, 0x68, 0x7f, 0xa1, 0x0c, 0x63, 0xe9, 0xbc, 0xfb, 0x3e, 0x3c, 0x27, 0x4f, 0x41, 0x85, 0xa5,
+	0xe2, 0x67, 0x27, 0x16, 0x2f, 0xa7, 0xcc, 0x61, 0x28, 0x86, 0x41, 0x2e, 0x4a, 0x8a, 0xb9, 0x5b,
+	0x54, 0x75, 0x52, 0xf9, 0x67, 0x59, 0x04, 0xb7, 0x70, 0x77, 0x0b, 0x56, 0xe8, 0x93, 0x16, 0x0c,
+	0x85, 0x2d, 0xb3, 0xae, 0xe7, 0x07, 0x8b, 0xac, 0x49, 0x20, 0x12, 0x7f, 0x85, 0x35, 0xa4, 0x26,
+	0x9e, 0x9c, 0x0c, 0x92, 0xf5, 0xd9, 0x6f, 0x81, 0x11, 0x13, 0xf3, 0x20, 0x83, 0xa8, 0x6a, 0x1a,
+	0x44, 0x9f, 0x31, 0xa7, 0xa4, 0xa8, 0xba, 0xd0, 0xc7, 0x62, 0xbf, 0x0e, 0x15, 0x57, 0x85, 0xb9,
+	0xdd, 0xd3, 0x8d, 0x02, 0xaa, 0x2a, 0x19, 0x0b, 0x21, 0xe0, 0xd4, 0xec, 0x3f, 0xb0, 0x8c, 0xf9,
+	0x81, 0x49, 0xbc, 0xd8, 0x40, 0x11, 0x94, 0x37, 0x77, 0xb6, 0x85, 0x91, 0x71, 0xa5, 0xa0, 0xe1,
+	0xbd, 0xb4, 0xb3, 0xad, 0x57, 0x98, 0xd9, 0x8a, 0x29, 0xb3, 0x3e, 0x0e, 0x11, 0x52, 0xc5, 0x39,
+	0xca, 0x07, 0x17, 0xe7, 0xb0, 0xdf, 0x2e, 0xc1, 0x44, 0xd7, 0xa4, 0x42, 0x6f, 0x40, 0x25, 0xa2,
+	0x6f, 0x29, 0x5e, 0x6f, 0xa9, 0xb0, 0x72, 0x1a, 0xf1, 0x62, 0x43, 0x2b, 0xef, 0x74, 0x3b, 0xe6,
+	0x2c, 0xd1, 0x15, 0x40, 0x3a, 0x18, 0x53, 0x9d, 0x60, 0xf0, 0x57, 0x56, 0x11, 0x5b, 0xb3, 0x5d,
+	0x18, 0x38, 0xe7, 0x29, 0xf4, 0x52, 0xf6, 0x20, 0x24, 0x53, 0x29, 0x7a, 0xbf, 0x33, 0x0d, 0xfb,
+	0x2d, 0x73, 0x0a, 0xde, 0xd0, 0xc2, 0xf4, 0xa8, 0x9b, 0xd3, 0x2e, 0xc9, 0x5a, 0xee, 0x57, 0xb2,
+	0xda, 0xbf, 0x58, 0x82, 0xd1, 0x54, 0xe5, 0x57, 0xe4, 0x43, 0x95, 0xf8, 0xec, 0xc4, 0x56, 0x6a,
+	0xdf, 0xa3, 0x5e, 0x02, 0xa3, 0xe4, 0xe4, 0x05, 0x41, 0x17, 0x2b, 0x0e, 0x0f, 0x47, 0x6c, 0xd9,
+	0x8b, 0x30, 0x22, 0x3b, 0xf4, 0x41, 0xa7, 0xe9, 0x67, 0x87, 0xef, 0x82, 0x01, 0xc3, 0x29, 0x4c,
+	0xfb, 0xd7, 0xca, 0x30, 0xc9, 0x8f, 0xb8, 0x1b, 0x6a, 0x31, 0xa8, 0x50, 0x95, 0x1f, 0xd2, 0xf5,
+	0x99, 0xad, 0x22, 0x6e, 0x3a, 0xef, 0xc5, 0xa8, 0xaf, 0x90, 0xe8, 0x9f, 0xc8, 0x84, 0x44, 0xf3,
+	0xad, 0xfa, 0xe6, 0x31, 0xf5, 0xe8, 0xab, 0x2b, 0x46, 0xfa, 0x9f, 0x96, 0x60, 0x3c, 0x73, 0xa1,
+	0x1d, 0xfa, 0x42, 0xfa, 0x0e, 0x14, 0xab, 0x88, 0xe3, 0xbf, 0x7d, 0xef, 0x38, 0x3b, 0xdc, 0x4d,
+	0x28, 0x0f, 0x68, 0xa9, 0xd8, 0xbf, 0x57, 0x82, 0xb1, 0xf4, 0x4d, 0x7c, 0x0f, 0xe1, 0x48, 0xbd,
+	0x17, 0x6a, 0xec, 0xb2, 0xa9, 0xab, 0xa4, 0x23, 0x4f, 0x19, 0xf9, 0xbd, 0x3e, 0xb2, 0x11, 0x6b,
+	0xf8, 0x43, 0x71, 0xc1, 0x8c, 0xfd, 0xcf, 0x2d, 0x38, 0xcd, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x56,
+	0xde, 0xe8, 0xbe, 0x5a, 0x6c, 0x07, 0x33, 0x75, 0xc5, 0x0f, 0x1a, 0x5f, 0x76, 0xdf, 0xbb, 0xe8,
+	0x6d, 0x7a, 0x2a, 0x3c, 0x84, 0x9d, 0x3d, 0xd4, 0x64, 0xb0, 0xff, 0x63, 0x09, 0x86, 0x57, 0xe6,
+	0x17, 0x95, 0x08, 0x9f, 0x81, 0x9a, 0x1b, 0x11, 0x47, 0xbb, 0x7f, 0xcc, 0x00, 0x2a, 0x09, 0xc0,
+	0x1a, 0x87, 0xee, 0xa2, 0x78, 0x00, 0x62, 0x9c, 0xdd, 0x45, 0xf1, 0xf8, 0xc4, 0x18, 0x4b, 0x38,
+	0x7a, 0x06, 0xaa, 0x2c, 0x35, 0xf8, 0x7a, 0x24, 0x35, 0x8e, 0xde, 0x5a, 0xb3, 0x76, 0xbc, 0x84,
+	0x15, 0x06, 0x25, 0xdc, 0x08, 0xdd, 0x98, 0x22, 0x67, 0x3c, 0x32, 0x0b, 0xb4, 0x19, 0x2f, 0x61,
+	0x09, 0x67, 0x95, 0x1d, 0x99, 0xd7, 0x82, 0x22, 0x57, 0xd2, 0x9d, 0xe6, 0xee, 0x0d, 0x8a, 0xae,
+	0x71, 0x0e, 0x53, 0x01, 0x34, 0x93, 0x9e, 0x37, 0xd4, 0x5f, 0x7a, 0x9e, 0xfd, 0x7b, 0x65, 0xa8,
+	0x69, 0xa7, 0x9a, 0x27, 0xea, 0x61, 0x14, 0x52, 0xb7, 0xbe, 0xde, 0x09, 0x5c, 0x45, 0x9a, 0x47,
+	0x13, 0x18, 0xe5, 0x30, 0x7e, 0xc0, 0x82, 0x61, 0x2f, 0xf0, 0x12, 0xcf, 0x61, 0xbe, 0xc1, 0x62,
+	0xee, 0xff, 0x56, 0xec, 0x16, 0x39, 0xe5, 0x30, 0x32, 0x8f, 0xfc, 0x15, 0x33, 0x6c, 0x72, 0x46,
+	0x1f, 0x11, 0xd9, 0x60, 0xe5, 0xc2, 0x8a, 0xca, 0x54, 0x33, 0x29, 0x60, 0x2d, 0x6a, 0x63, 0x27,
+	0x51, 0x41, 0xb5, 0x98, 0x30, 0x25, 0xa5, 0xee, 0x4f, 0x51, 0xbb, 0x18, 0xd6, 0x8c, 0x39, 0x23,
+	0x3b, 0x06, 0xd4, 0x3d, 0x16, 0x87, 0xcc, 0xb4, 0x99, 0x81, 0x9a, 0xd3, 0x4e, 0xc2, 0x26, 0x1d,
+	0x26, 0x11, 0x30, 0xa0, 0x73, 0x89, 0x24, 0x00, 0x6b, 0x1c, 0xfb, 0x0b, 0x15, 0xc8, 0x54, 0xa7,
+	0x40, 0xbb, 0x50, 0x53, 0xf5, 0x29, 0x8a, 0xc9, 0x5c, 0xd5, 0x33, 0x4a, 0x75, 0x46, 0x35, 0x61,
+	0xcd, 0x0c, 0x6d, 0x4a, 0x37, 0x2b, 0x5f, 0xed, 0x2f, 0x67, 0xdd, 0xac, 0xdf, 0xd1, 0xdf, 0xa9,
+	0x1b, 0x9d, 0xab, 0x33, 0xbc, 0x1e, 0xe1, 0xf4, 0x81, 0x1e, 0xd9, 0x83, 0x6e, 0x40, 0xff, 0xb8,
+	0xb8, 0xad, 0x0c, 0x93, 0xb8, 0xed, 0x27, 0x62, 0x36, 0xbc, 0x5c, 0xe0, 0x2a, 0xe3, 0x84, 0x75,
+	0x95, 0x27, 0xfe, 0x1f, 0x1b, 0x4c, 0xd3, 0x7e, 0xf3, 0xc1, 0x63, 0xf5, 0x9b, 0x0f, 0x15, 0xea,
+	0x37, 0x3f, 0x0f, 0xc0, 0xe6, 0x36, 0xcf, 0x08, 0xa8, 0x32, 0x77, 0xa6, 0x52, 0x31, 0x58, 0x41,
+	0xb0, 0x81, 0x65, 0x7f, 0x13, 0xa4, 0xcb, 0x94, 0xa1, 0x29, 0x59, 0x15, 0x8d, 0x9f, 0x08, 0xb2,
+	0x64, 0xcc, 0x54, 0x01, 0xb3, 0x9f, 0xb7, 0xc0, 0xac, 0xa5, 0x86, 0x5e, 0xe7, 0x45, 0xdb, 0xac,
+	0x22, 0x4e, 0x98, 0x0c, 0xba, 0xd3, 0xcb, 0x4e, 0x2b, 0x13, 0xed, 0x24, 0x2b, 0xb7, 0x9d, 0x7d,
+	0x3f, 0x54, 0x25, 0xf4, 0x50, 0xc6, 0xf2, 0x47, 0xe1, 0xa4, 0x2c, 0xec, 0x20, 0x0f, 0x83, 0x44,
+	0xd4, 0xc1, 0xc1, 0x3e, 0x46, 0xe9, 0x38, 0x2c, 0xf5, 0x72, 0x1c, 0xaa, 0xdd, 0x70, 0xb9, 0x67,
+	0x39, 0xf6, 0x5f, 0xb0, 0xe0, 0x5c, 0xb6, 0x03, 0xf1, 0x72, 0x18, 0x78, 0x49, 0x18, 0xd5, 0x49,
+	0x92, 0x78, 0xc1, 0x26, 0xab, 0xad, 0x7b, 0xdb, 0x89, 0xe4, 0xfd, 0x4a, 0x4c, 0x50, 0xde, 0x74,
+	0xa2, 0x00, 0xb3, 0x56, 0xd4, 0x81, 0x41, 0x1e, 0x42, 0x2d, 0x76, 0x41, 0x47, 0x5c, 0x1b, 0x39,
+	0xc3, 0xa1, 0xb7, 0x61, 0x3c, 0x7c, 0x1b, 0x0b, 0x86, 0xf6, 0x97, 0x2d, 0x40, 0x2b, 0x3b, 0x24,
+	0x8a, 0xbc, 0x86, 0x11, 0xf4, 0xcd, 0x6e, 0xfd, 0x34, 0x6e, 0xf7, 0x34, 0xcb, 0x8e, 0x64, 0x6e,
+	0xfd, 0x34, 0xfe, 0xe5, 0xdf, 0xfa, 0x59, 0x3a, 0xdc, 0xad, 0x9f, 0x68, 0x05, 0x4e, 0x37, 0xf9,
+	0x36, 0x8e, 0xdf, 0xa4, 0xc7, 0xf7, 0x74, 0x2a, 0x43, 0xfe, 0xcc, 0x9d, 0xbd, 0xa9, 0xd3, 0xcb,
+	0x79, 0x08, 0x38, 0xff, 0x39, 0xfb, 0xfd, 0x80, 0x78, 0xac, 0xf7, 0x7c, 0x5e, 0xb8, 0x6a, 0x4f,
+	0x37, 0x87, 0xfd, 0xe3, 0x15, 0x18, 0xcf, 0xdc, 0xbe, 0x41, 0xb7, 0xd0, 0xdd, 0xf1, 0xb1, 0x47,
+	0xd6, 0xdf, 0xdd, 0xdd, 0xeb, 0x2b, 0xe2, 0x36, 0x80, 0x8a, 0x17, 0xb4, 0xda, 0x49, 0x31, 0x05,
+	0x3a, 0x78, 0x27, 0x16, 0x29, 0x41, 0xe3, 0x5c, 0x82, 0xfe, 0xc5, 0x9c, 0x4d, 0x91, 0xf1, 0xbb,
+	0xa9, 0x4d, 0xce, 0xc0, 0x03, 0x72, 0xb3, 0x7c, 0x5c, 0x47, 0xd3, 0x56, 0x8a, 0xf0, 0x21, 0x67,
+	0x26, 0xcb, 0x71, 0x87, 0x5a, 0xfd, 0x6c, 0x09, 0x86, 0x8d, 0x8f, 0x86, 0x7e, 0x32, 0x5d, 0x69,
+	0xd4, 0x2a, 0xee, 0x95, 0x18, 0xfd, 0x69, 0x5d, 0x4b, 0x94, 0xbf, 0xd2, 0xd3, 0xdd, 0x45, 0x46,
+	0xef, 0xee, 0x4d, 0x9d, 0xc8, 0x94, 0x11, 0x4d, 0x15, 0x1e, 0x3d, 0xfb, 0x3d, 0x30, 0x9e, 0x21,
+	0x93, 0xf3, 0xca, 0x6b, 0xe6, 0x2b, 0x1f, 0xd9, 0xdd, 0x67, 0x0e, 0xd9, 0x97, 0xe8, 0x90, 0x89,
+	0xba, 0x00, 0xa1, 0x4f, 0xfa, 0xf0, 0x75, 0x66, 0xf6, 0x17, 0xa5, 0x3e, 0xcb, 0x7f, 0xbc, 0x07,
+	0xaa, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, 0x15, 0x2a, 0x67, 0x05, 0x47, 0x56, 0x45, 0x1b, 0x56, 0x50,
+	0x74, 0x1b, 0x6a, 0xb7, 0x6e, 0x27, 0xfc, 0x98, 0x51, 0x1c, 0x65, 0x14, 0x75, 0xba, 0xa8, 0x8c,
+	0x16, 0x75, 0x8e, 0x89, 0x35, 0x2f, 0x64, 0xc3, 0x20, 0x53, 0x82, 0x32, 0x47, 0x90, 0x1d, 0xb3,
+	0x30, 0xed, 0x18, 0x63, 0x01, 0xb1, 0xff, 0xfd, 0x30, 0x9c, 0xca, 0xbb, 0x02, 0x09, 0xbd, 0x09,
+	0x83, 0xbc, 0x8f, 0xc5, 0xdc, 0xb2, 0x97, 0xc7, 0xe3, 0x12, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63,
+	0xc1, 0x53, 0x70, 0xf7, 0x9d, 0x75, 0x31, 0x43, 0x8e, 0x87, 0xfb, 0x92, 0xa3, 0xb9, 0x2f, 0x39,
+	0x9c, 0xbb, 0xef, 0xac, 0xa3, 0x5d, 0xa8, 0x6c, 0x7a, 0x09, 0x71, 0x84, 0x73, 0xe6, 0xe6, 0xb1,
+	0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, 0x2f, 0x5a, 0x30, 0xbe, 0x9e, 0xae,
+	0x3b, 0x24, 0x84, 0xa7, 0x73, 0x0c, 0xd7, 0x5c, 0xa5, 0x19, 0xf1, 0x6b, 0x6f, 0x33, 0x8d, 0x38,
+	0xdb, 0x1d, 0xf4, 0x09, 0x0b, 0x86, 0x36, 0x3c, 0xdf, 0xb8, 0x47, 0xe4, 0x18, 0x3e, 0xce, 0x45,
+	0xc6, 0x40, 0xef, 0x38, 0xf8, 0xff, 0x18, 0x4b, 0xce, 0xbd, 0x34, 0xd5, 0xe0, 0x51, 0x35, 0xd5,
+	0xd0, 0x03, 0xd2, 0x54, 0x9f, 0xb6, 0xa0, 0xa6, 0x46, 0x5a, 0xd4, 0x6f, 0xf9, 0xd0, 0x31, 0x7e,
+	0x72, 0xee, 0x91, 0x52, 0x7f, 0xb1, 0x66, 0x8e, 0xde, 0xb2, 0x60, 0xd8, 0x79, 0xa3, 0x1d, 0x91,
+	0x06, 0xd9, 0x09, 0x5b, 0xb1, 0x28, 0xac, 0xfa, 0x6a, 0xf1, 0x9d, 0x99, 0xa5, 0x4c, 0x16, 0xc8,
+	0xce, 0x4a, 0x2b, 0x16, 0xf9, 0xcb, 0xba, 0x01, 0x9b, 0x5d, 0x40, 0xdf, 0xaf, 0xf5, 0x38, 0x14,
+	0x51, 0x5e, 0x3b, 0xaf, 0x37, 0x7d, 0xa5, 0xe3, 0x13, 0x78, 0xcc, 0x0d, 0x83, 0xc4, 0x0b, 0xda,
+	0x64, 0x25, 0xc0, 0xa4, 0x15, 0x5e, 0x0b, 0x93, 0x8b, 0x61, 0x3b, 0x68, 0x5c, 0x88, 0xa2, 0x30,
+	0x62, 0x05, 0x6a, 0x8c, 0xcb, 0x55, 0xe7, 0x7b, 0xa3, 0xe2, 0xfd, 0xe8, 0x1c, 0xc5, 0x66, 0xd8,
+	0x2b, 0xc1, 0xd4, 0x01, 0x83, 0x8d, 0x5e, 0x84, 0x91, 0x30, 0xda, 0x74, 0x02, 0xef, 0x0d, 0xb3,
+	0xe6, 0x9a, 0x32, 0x48, 0x57, 0x0c, 0x18, 0x4e, 0x61, 0x9a, 0xc5, 0x78, 0x4a, 0x07, 0x14, 0xe3,
+	0x39, 0x07, 0x03, 0x11, 0x69, 0x85, 0xd9, 0x7d, 0x15, 0x4b, 0x39, 0x64, 0x10, 0xf4, 0x04, 0x94,
+	0x9d, 0x96, 0x27, 0x9c, 0x8b, 0x6a, 0xbb, 0x38, 0xbb, 0xba, 0x88, 0x69, 0x7b, 0xaa, 0x36, 0x58,
+	0xe5, 0xbe, 0xd4, 0x06, 0xa3, 0x1a, 0x53, 0x1c, 0x9f, 0x0d, 0x6a, 0x8d, 0x99, 0x3e, 0xd6, 0xb2,
+	0xdf, 0x2e, 0xc3, 0x13, 0xfb, 0x2e, 0x2d, 0x1d, 0xb2, 0x6e, 0xed, 0x13, 0xb2, 0x2e, 0x87, 0xa7,
+	0x74, 0xd0, 0xf0, 0x94, 0x7b, 0x0c, 0xcf, 0x27, 0xa8, 0xc4, 0x90, 0xb5, 0xea, 0x8a, 0xb9, 0x20,
+	0xbe, 0x57, 0xe9, 0x3b, 0x21, 0x2c, 0x24, 0x14, 0x6b, 0xbe, 0x74, 0xbb, 0x94, 0x2a, 0x44, 0x53,
+	0x29, 0x42, 0x63, 0xf6, 0xac, 0x17, 0xc7, 0xc5, 0x44, 0xaf, 0xea, 0x36, 0xf6, 0x2f, 0x0d, 0xc0,
+	0x53, 0x7d, 0x28, 0x3a, 0x73, 0x16, 0x5b, 0x7d, 0xce, 0xe2, 0xaf, 0xf2, 0xcf, 0xf4, 0xa9, 0xdc,
+	0xcf, 0x84, 0x8b, 0xff, 0x4c, 0xfb, 0x7f, 0x21, 0x76, 0x02, 0x11, 0xc4, 0xc4, 0x6d, 0x47, 0x3c,
+	0x7d, 0xc7, 0xc8, 0x47, 0x5e, 0x14, 0xed, 0x58, 0x61, 0xd0, 0xed, 0xaf, 0xeb, 0xd0, 0xe5, 0x3f,
+	0x54, 0x50, 0xe1, 0x11, 0x33, 0xb5, 0x99, 0x5b, 0x5f, 0xf3, 0xb3, 0x54, 0x02, 0x70, 0x36, 0xf6,
+	0xaf, 0x5b, 0x70, 0xb6, 0xb7, 0x35, 0x82, 0x9e, 0x85, 0xe1, 0x75, 0x16, 0x4c, 0xb9, 0xcc, 0x42,
+	0xa6, 0xc4, 0xd4, 0x61, 0xef, 0xab, 0x9b, 0xb1, 0x89, 0x83, 0xe6, 0x61, 0xc2, 0x8c, 0xc2, 0x5c,
+	0x36, 0x62, 0xad, 0x98, 0xbf, 0x64, 0x2d, 0x0b, 0xc4, 0xdd, 0xf8, 0x68, 0x1a, 0x20, 0xf1, 0x12,
+	0x9f, 0xf0, 0xa7, 0xf9, 0x44, 0x63, 0x0e, 0xc5, 0x35, 0xd5, 0x8a, 0x0d, 0x0c, 0xfb, 0x2b, 0xe5,
+	0xfc, 0xd7, 0xe0, 0x56, 0xee, 0x61, 0x66, 0xbf, 0x98, 0xdb, 0xa5, 0x3e, 0x24, 0x74, 0xf9, 0x7e,
+	0x4b, 0xe8, 0x81, 0x5e, 0x12, 0x1a, 0x2d, 0xc0, 0x09, 0xe3, 0xba, 0x56, 0x5e, 0xba, 0x86, 0x1f,
+	0x4a, 0xa9, 0xba, 0x73, 0xab, 0x19, 0x38, 0xee, 0x7a, 0xe2, 0x21, 0x9f, 0xaa, 0xbf, 0x51, 0x82,
+	0x33, 0x3d, 0x37, 0x16, 0xf7, 0x49, 0x03, 0x99, 0x9f, 0x7f, 0xe0, 0xfe, 0x7c, 0x7e, 0xf3, 0xa3,
+	0x54, 0x0e, 0xfc, 0x28, 0xfd, 0xa8, 0xf3, 0xdf, 0x2f, 0xf5, 0x5c, 0x2c, 0x74, 0x23, 0xfa, 0x35,
+	0x3b, 0x92, 0x2f, 0xc1, 0xa8, 0xd3, 0x6a, 0x71, 0x3c, 0x96, 0x99, 0x91, 0xa9, 0x85, 0x39, 0x6b,
+	0x02, 0x71, 0x1a, 0xb7, 0xaf, 0x81, 0xfd, 0x63, 0x0b, 0x6a, 0x98, 0x6c, 0x70, 0x09, 0x87, 0x6e,
+	0x89, 0x21, 0xb2, 0x8a, 0xb8, 0x90, 0x80, 0x0e, 0x6c, 0xec, 0xb1, 0x2a, 0xfd, 0x79, 0x83, 0x7d,
+	0xd4, 0xca, 0x0a, 0xea, 0x92, 0xd7, 0x72, 0xef, 0x4b, 0x5e, 0xed, 0x5f, 0xae, 0xd1, 0xd7, 0x6b,
+	0x85, 0xf3, 0x11, 0x69, 0xc4, 0xf4, 0xfb, 0xb6, 0x23, 0x5f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf, 0xe3,
+	0x25, 0x4c, 0xdb, 0x53, 0xe7, 0x93, 0xa5, 0x43, 0x55, 0x02, 0x2c, 0x1f, 0x58, 0x09, 0xf0, 0x25,
+	0x18, 0x8d, 0xe3, 0xad, 0xd5, 0xc8, 0xdb, 0x71, 0x12, 0x72, 0x95, 0xc8, 0x92, 0x41, 0xba, 0x2a,
+	0x56, 0xfd, 0xb2, 0x06, 0xe2, 0x34, 0x2e, 0xba, 0x04, 0x13, 0xba, 0x1e, 0x1f, 0x89, 0x12, 0x96,
+	0xf2, 0xc8, 0x67, 0x82, 0x2a, 0x07, 0xa3, 0x2b, 0xf8, 0x09, 0x04, 0xdc, 0xfd, 0x0c, 0x95, 0xb9,
+	0xa9, 0x46, 0xda, 0x91, 0xc1, 0xb4, 0xcc, 0x4d, 0xd1, 0xa1, 0x7d, 0xe9, 0x7a, 0x02, 0x2d, 0xc3,
+	0x49, 0x3e, 0x31, 0x66, 0x5b, 0x2d, 0xe3, 0x8d, 0x86, 0xd2, 0x55, 0xe0, 0x2f, 0x75, 0xa3, 0xe0,
+	0xbc, 0xe7, 0xd0, 0x0b, 0x30, 0xac, 0x9a, 0x17, 0x17, 0xc4, 0xd1, 0x9a, 0x72, 0xed, 0x29, 0x32,
+	0x8b, 0x0d, 0x6c, 0xe2, 0xa1, 0x0f, 0xc2, 0xa3, 0xfa, 0x2f, 0x4f, 0xa1, 0xe7, 0xe7, 0xcd, 0x0b,
+	0xa2, 0xd4, 0xa9, 0xba, 0x64, 0xec, 0x52, 0x2e, 0x5a, 0x03, 0xf7, 0x7a, 0x1e, 0xad, 0xc3, 0x59,
+	0x05, 0xba, 0x10, 0x24, 0x2c, 0xc9, 0x35, 0x26, 0x73, 0x4e, 0xcc, 0x22, 0x27, 0x80, 0xbd, 0xa7,
+	0x2d, 0xa8, 0x9f, 0xbd, 0xe4, 0x25, 0x97, 0xf3, 0x30, 0xf1, 0x12, 0xde, 0x87, 0x0a, 0x9a, 0x81,
+	0x1a, 0x09, 0x9c, 0x75, 0x9f, 0xac, 0xcc, 0x2f, 0x8a, 0x1d, 0xa9, 0xce, 0x8e, 0x90, 0x00, 0xac,
+	0x71, 0x54, 0x7c, 0xff, 0x48, 0xaf, 0xf8, 0x7e, 0xb4, 0x0a, 0xa7, 0x36, 0xdd, 0x16, 0xb5, 0x32,
+	0x3d, 0x97, 0xcc, 0xba, 0x2c, 0xa0, 0x98, 0x7e, 0x18, 0x5e, 0x9e, 0x5f, 0x25, 0x4a, 0x5d, 0x9a,
+	0x5f, 0xed, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xf3, 0x28, 0xdc, 0xed, 0x4c, 0x9e, 0xcc, 0x04,
+	0x9e, 0xd3, 0x46, 0xcc, 0x61, 0xe8, 0x0a, 0x20, 0x96, 0x2c, 0x78, 0x39, 0x49, 0x5a, 0xca, 0xac,
+	0x9d, 0x3c, 0x95, 0x2e, 0x7c, 0x78, 0xb1, 0x0b, 0x03, 0xe7, 0x3c, 0x45, 0xad, 0x9e, 0x20, 0x64,
+	0xd4, 0x27, 0x1f, 0x4d, 0x5b, 0x3d, 0xd7, 0x78, 0x33, 0x96, 0x70, 0xf4, 0x5d, 0x30, 0xd9, 0x8e,
+	0x09, 0xdb, 0x30, 0xdf, 0x0c, 0xa3, 0x6d, 0x3f, 0x74, 0x1a, 0x8b, 0xec, 0x36, 0xd9, 0xa4, 0x33,
+	0x39, 0xc9, 0x98, 0x9f, 0x13, 0xcf, 0x4e, 0x5e, 0xef, 0x81, 0x87, 0x7b, 0x52, 0xc8, 0x56, 0xee,
+	0x3c, 0xd3, 0x67, 0xe5, 0xce, 0x55, 0x38, 0x25, 0xf5, 0xda, 0xca, 0xfc, 0xa2, 0x7a, 0xe9, 0xc9,
+	0xb3, 0xe9, 0xeb, 0xe9, 0x16, 0x73, 0x70, 0x70, 0xee, 0x93, 0xf6, 0x1f, 0x59, 0x30, 0xaa, 0x24,
+	0xd8, 0x7d, 0x48, 0x5a, 0xf6, 0xd3, 0x49, 0xcb, 0x97, 0x8e, 0xae, 0x03, 0x58, 0xcf, 0x7b, 0xa4,
+	0xd8, 0xfc, 0xe8, 0x28, 0x80, 0xd6, 0x13, 0x4a, 0x45, 0x5b, 0x3d, 0x55, 0xf4, 0x43, 0x2b, 0xa3,
+	0xf3, 0x2a, 0x31, 0x56, 0x1e, 0x6c, 0x25, 0xc6, 0x3a, 0x9c, 0x96, 0x53, 0x8a, 0x1f, 0x29, 0x5f,
+	0x0e, 0x63, 0x25, 0xf2, 0x8d, 0xfb, 0x06, 0x17, 0xf3, 0x90, 0x70, 0xfe, 0xb3, 0x29, 0xdb, 0x6e,
+	0xe8, 0x40, 0xdb, 0x4e, 0x49, 0xb9, 0xa5, 0x0d, 0x79, 0x1b, 0x68, 0x46, 0xca, 0x2d, 0x5d, 0xac,
+	0x63, 0x8d, 0x93, 0xaf, 0xea, 0x6a, 0x05, 0xa9, 0x3a, 0x38, 0xb4, 0xaa, 0x93, 0x42, 0x77, 0xb8,
+	0xa7, 0xd0, 0x95, 0x47, 0x57, 0x23, 0x3d, 0x8f, 0xae, 0x3e, 0x00, 0x63, 0x5e, 0xb0, 0x45, 0x22,
+	0x2f, 0x21, 0x0d, 0xb6, 0x16, 0x98, 0x40, 0xae, 0x6a, 0x43, 0x67, 0x31, 0x05, 0xc5, 0x19, 0xec,
+	0xb4, 0xa6, 0x18, 0xeb, 0x43, 0x53, 0xf4, 0xd0, 0xcf, 0xe3, 0xc5, 0xe8, 0xe7, 0x13, 0x47, 0xd7,
+	0xcf, 0x13, 0xc7, 0xaa, 0x9f, 0x51, 0x21, 0xfa, 0xb9, 0x2f, 0xd5, 0x67, 0x6c, 0xd2, 0x4f, 0x1d,
+	0xb0, 0x49, 0xef, 0xa5, 0x9c, 0x4f, 0xdf, 0xb3, 0x72, 0xce, 0xd7, 0xbb, 0x8f, 0xbc, 0xa3, 0x77,
+	0x0b, 0xd1, 0xbb, 0x9f, 0x2e, 0xc1, 0x69, 0xad, 0x99, 0xa8, 0x3c, 0xf0, 0x36, 0xa8, 0x6c, 0x66,
+	0x57, 0x6c, 0xf3, 0x03, 0x6f, 0x23, 0x55, 0x5e, 0x17, 0x0b, 0x50, 0x10, 0x6c, 0x60, 0xb1, 0x8c,
+	0x73, 0x12, 0xb1, 0xcb, 0x5d, 0xb2, 0x6a, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x41, 0x07, 0x81, 0xfe,
+	0x16, 0x05, 0x4f, 0xb2, 0x65, 0xc3, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x3d, 0x9c, 0x09, 0x13,
+	0x99, 0x54, 0x75, 0x8d, 0xf0, 0x6d, 0xa5, 0x92, 0x92, 0x0a, 0x2a, 0xbb, 0xc3, 0x2a, 0x22, 0x54,
+	0xba, 0xbb, 0xc3, 0x62, 0x47, 0x15, 0x86, 0xfd, 0xbf, 0x2c, 0x38, 0x93, 0x3b, 0x14, 0xf7, 0xc1,
+	0x1c, 0xd9, 0x4d, 0x9b, 0x23, 0xf5, 0xa2, 0xb6, 0xa4, 0xc6, 0x5b, 0xf4, 0x30, 0x4d, 0xfe, 0x93,
+	0x05, 0x63, 0x1a, 0xff, 0x3e, 0xbc, 0xaa, 0x97, 0x7e, 0xd5, 0xe2, 0x76, 0xdf, 0xb5, 0xae, 0x77,
+	0xfb, 0xb5, 0x12, 0xa8, 0x52, 0xfe, 0xb3, 0x6e, 0xd2, 0x5f, 0xba, 0x59, 0x07, 0x06, 0x59, 0x04,
+	0x49, 0x5c, 0x4c, 0x74, 0x5c, 0x9a, 0x3f, 0x8b, 0x46, 0xd1, 0x07, 0x7a, 0xec, 0x6f, 0x8c, 0x05,
+	0x43, 0x76, 0xf5, 0x10, 0xaf, 0x92, 0xde, 0x10, 0x89, 0xd3, 0xfa, 0xea, 0x21, 0xd1, 0x8e, 0x15,
+	0x06, 0x55, 0x98, 0x9e, 0x1b, 0x06, 0xf3, 0xbe, 0x13, 0xc7, 0xc2, 0x86, 0x53, 0x0a, 0x73, 0x51,
+	0x02, 0xb0, 0xc6, 0x61, 0xc1, 0x25, 0x5e, 0xdc, 0xf2, 0x9d, 0x8e, 0xe1, 0x63, 0x31, 0x0a, 0x7b,
+	0x29, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0xa6, 0x5f, 0x62, 0x81, 0x6c, 0xb0, 0xc8, 0xee, 0xbe,
+	0x86, 0x73, 0x06, 0x6a, 0x0e, 0x7b, 0x6a, 0xa9, 0xed, 0x08, 0x99, 0xa0, 0xe3, 0x9b, 0x25, 0x00,
+	0x6b, 0x1c, 0xfb, 0x9f, 0x59, 0x70, 0x32, 0x67, 0xd0, 0x0a, 0x4c, 0x4c, 0x4f, 0xb4, 0xb4, 0xc9,
+	0x33, 0x75, 0xbe, 0x11, 0x86, 0x1a, 0x64, 0xc3, 0x91, 0xb1, 0xc3, 0x66, 0xaa, 0x01, 0x6f, 0xc6,
+	0x12, 0x6e, 0xff, 0x62, 0x09, 0xc6, 0xd3, 0x7d, 0x8d, 0x59, 0xba, 0x25, 0x1f, 0x26, 0x2f, 0x76,
+	0xc3, 0x1d, 0x12, 0x75, 0xe8, 0x9b, 0x5b, 0x99, 0x74, 0xcb, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0xbb,
+	0xc8, 0xa3, 0xa1, 0x46, 0x5b, 0xce, 0xc8, 0x1b, 0x45, 0xce, 0x48, 0xfd, 0x31, 0xcd, 0x38, 0x23,
+	0xc5, 0x12, 0x9b, 0xfc, 0xa9, 0xc9, 0xc5, 0x92, 0x45, 0xe6, 0xda, 0x9e, 0x9f, 0x78, 0x81, 0x78,
+	0x65, 0x31, 0x57, 0x95, 0xc9, 0xb5, 0xdc, 0x8d, 0x82, 0xf3, 0x9e, 0xb3, 0xbf, 0x3c, 0x00, 0xaa,
+	0xe8, 0x0a, 0x8b, 0x03, 0x2d, 0x28, 0x8a, 0xf6, 0xb0, 0x49, 0xbb, 0x6a, 0x6e, 0x0d, 0xec, 0x17,
+	0x98, 0xc5, 0x1d, 0x73, 0xa6, 0x07, 0x5f, 0x0d, 0xd8, 0x9a, 0x06, 0x61, 0x13, 0x8f, 0xf6, 0xc4,
+	0xf7, 0x76, 0x08, 0x7f, 0x68, 0x30, 0xdd, 0x93, 0x25, 0x09, 0xc0, 0x1a, 0x87, 0xd5, 0xed, 0xf6,
+	0x36, 0x36, 0x84, 0x97, 0x49, 0xd7, 0xed, 0xf6, 0x36, 0x36, 0x30, 0x83, 0xf0, 0xab, 0x9e, 0xc2,
+	0x6d, 0xb1, 0xcd, 0x30, 0xae, 0x7a, 0x0a, 0xb7, 0x31, 0x83, 0xd0, 0xaf, 0x14, 0x84, 0x51, 0xd3,
+	0xf1, 0xbd, 0x37, 0x48, 0x43, 0x71, 0x11, 0xdb, 0x0b, 0xf5, 0x95, 0xae, 0x75, 0xa3, 0xe0, 0xbc,
+	0xe7, 0xe8, 0x84, 0x6e, 0x45, 0xa4, 0xe1, 0xb9, 0x89, 0x49, 0x0d, 0xd2, 0x13, 0x7a, 0xb5, 0x0b,
+	0x03, 0xe7, 0x3c, 0x85, 0x66, 0x61, 0x5c, 0x16, 0xcd, 0x91, 0x85, 0x26, 0x87, 0xd3, 0xd5, 0xea,
+	0x70, 0x1a, 0x8c, 0xb3, 0xf8, 0x54, 0x48, 0x36, 0x45, 0xf9, 0x5b, 0xb6, 0x1b, 0x31, 0x84, 0xa4,
+	0x2c, 0x8b, 0x8b, 0x15, 0x86, 0xfd, 0xf1, 0x32, 0x55, 0xea, 0x3d, 0xaa, 0x4c, 0xdf, 0xb7, 0xa8,
+	0xed, 0xf4, 0x8c, 0x1c, 0xe8, 0x63, 0x46, 0x3e, 0x0f, 0x23, 0xb7, 0xe2, 0x30, 0x50, 0x11, 0xd1,
+	0x95, 0x9e, 0x11, 0xd1, 0x06, 0x56, 0x7e, 0x44, 0xf4, 0x60, 0x51, 0x11, 0xd1, 0x43, 0xf7, 0x18,
+	0x11, 0xfd, 0x6f, 0x2a, 0xa0, 0xee, 0xf2, 0xbc, 0x46, 0x92, 0xdb, 0x61, 0xb4, 0xed, 0x05, 0x9b,
+	0xac, 0x00, 0xcc, 0x17, 0x2d, 0x59, 0x43, 0x66, 0xc9, 0xcc, 0x14, 0xde, 0x28, 0xe8, 0x3e, 0xc6,
+	0x14, 0xb3, 0xe9, 0x35, 0x83, 0x11, 0x8f, 0xac, 0xc9, 0xd4, 0xaa, 0x11, 0x87, 0x06, 0xa9, 0x1e,
+	0xa1, 0xef, 0x01, 0x90, 0x2e, 0xf9, 0x0d, 0x29, 0x81, 0x17, 0x8b, 0xe9, 0x1f, 0x26, 0x1b, 0xda,
+	0xa4, 0x5e, 0x53, 0x4c, 0xb0, 0xc1, 0x10, 0x7d, 0x5a, 0x67, 0x51, 0xf3, 0xd4, 0xa9, 0x8f, 0x1c,
+	0xcb, 0xd8, 0xf4, 0x93, 0x43, 0x8d, 0x61, 0xc8, 0x0b, 0x36, 0xe9, 0x3c, 0x11, 0x91, 0xa3, 0xef,
+	0xce, 0xab, 0x2f, 0xb6, 0x14, 0x3a, 0x8d, 0x39, 0xc7, 0x77, 0x02, 0x97, 0x44, 0x8b, 0x1c, 0x5d,
+	0x6b, 0x50, 0xd1, 0x80, 0x25, 0xa1, 0xae, 0x0b, 0x47, 0x2b, 0xfd, 0x5c, 0x38, 0x7a, 0xf6, 0xdb,
+	0x61, 0xa2, 0xeb, 0x63, 0x1e, 0x2a, 0x65, 0xfa, 0x08, 0x95, 0xc5, 0x7e, 0x69, 0x50, 0x2b, 0xad,
+	0x6b, 0x61, 0x83, 0xdf, 0x5f, 0x19, 0xe9, 0x2f, 0x2a, 0x4c, 0xe6, 0x02, 0xa7, 0x88, 0x52, 0x33,
+	0x46, 0x23, 0x36, 0x59, 0xd2, 0x39, 0xda, 0x72, 0x22, 0x12, 0x1c, 0xf7, 0x1c, 0x5d, 0x55, 0x4c,
+	0xb0, 0xc1, 0x10, 0x6d, 0xa5, 0x72, 0xfb, 0x2e, 0x1e, 0x3d, 0xb7, 0x8f, 0x55, 0x7b, 0xcd, 0xbb,
+	0xe6, 0xed, 0x2d, 0x0b, 0xc6, 0x82, 0xd4, 0xcc, 0x2d, 0x26, 0x9c, 0x3f, 0x7f, 0x55, 0xf0, 0xab,
+	0xa0, 0xd3, 0x6d, 0x38, 0xc3, 0x3f, 0x4f, 0xa5, 0x55, 0x0e, 0xa9, 0xd2, 0xf4, 0xfd, 0xb9, 0x83,
+	0xbd, 0xee, 0xcf, 0x45, 0x81, 0xba, 0xd8, 0x7c, 0xa8, 0x88, 0x0a, 0x29, 0xa9, 0x5b, 0xcd, 0x21,
+	0xe7, 0x46, 0xf3, 0x9b, 0x66, 0xea, 0xef, 0xe1, 0x2f, 0xb8, 0x1e, 0xed, 0x95, 0x22, 0x6c, 0xff,
+	0xdf, 0x01, 0x38, 0x21, 0x47, 0x44, 0xa6, 0x02, 0x51, 0xfd, 0xc8, 0xf9, 0x6a, 0x5b, 0x59, 0xe9,
+	0xc7, 0xcb, 0x12, 0x80, 0x35, 0x0e, 0xb5, 0xc7, 0xda, 0x31, 0x59, 0x69, 0x91, 0x60, 0xc9, 0x5b,
+	0x8f, 0xc5, 0xf1, 0xbb, 0x5a, 0x28, 0xd7, 0x35, 0x08, 0x9b, 0x78, 0x2c, 0x3f, 0xd9, 0x35, 0x8b,
+	0x84, 0xe8, 0xfc, 0x64, 0x61, 0xa8, 0x4a, 0x38, 0xfa, 0xb1, 0xdc, 0x6b, 0x2f, 0x8a, 0x49, 0xa0,
+	0xed, 0xca, 0x80, 0x3a, 0xdc, 0x7d, 0x17, 0xe8, 0x1f, 0x59, 0x70, 0x9a, 0xb7, 0xca, 0x91, 0xbc,
+	0xde, 0x6a, 0x38, 0x09, 0x89, 0x8b, 0xb9, 0x22, 0x2c, 0xa7, 0x7f, 0xda, 0x8b, 0x9e, 0xc7, 0x16,
+	0xe7, 0xf7, 0x06, 0x7d, 0xc1, 0x82, 0xf1, 0xed, 0x54, 0x91, 0x2f, 0xa9, 0x3a, 0x8e, 0x5a, 0x01,
+	0x27, 0x45, 0x54, 0x2f, 0xb5, 0x74, 0x7b, 0x8c, 0xb3, 0xdc, 0xed, 0xbf, 0xb0, 0xc0, 0x14, 0xa3,
+	0xf7, 0xbf, 0x36, 0xd8, 0xe1, 0x4d, 0x41, 0x69, 0x5d, 0x56, 0x7a, 0x5a, 0x97, 0x4f, 0x40, 0xb9,
+	0xed, 0x35, 0xc4, 0xfe, 0x42, 0x1f, 0xf8, 0x2f, 0x2e, 0x60, 0xda, 0x6e, 0xff, 0x49, 0x45, 0xbb,
+	0x41, 0x44, 0x7e, 0xea, 0xd7, 0xc4, 0x6b, 0x6f, 0xa8, 0xa2, 0xbf, 0xfc, 0xcd, 0xaf, 0x75, 0x15,
+	0xfd, 0xfd, 0xd6, 0xc3, 0xa7, 0x1f, 0xf3, 0x01, 0xea, 0x55, 0xf3, 0x77, 0xe8, 0x80, 0xdc, 0xe3,
+	0x5b, 0x50, 0xa5, 0x5b, 0x30, 0xe6, 0xcf, 0xac, 0xa6, 0x3a, 0x55, 0xbd, 0x2c, 0xda, 0xef, 0xee,
+	0x4d, 0x7d, 0xcb, 0xe1, 0xbb, 0x25, 0x9f, 0xc6, 0x8a, 0x3e, 0x8a, 0xa1, 0x46, 0x7f, 0xb3, 0x34,
+	0x69, 0xb1, 0xb9, 0xbb, 0xae, 0x64, 0xa6, 0x04, 0x14, 0x92, 0x83, 0xad, 0xf9, 0xa0, 0x00, 0x6a,
+	0x14, 0x91, 0x33, 0xe5, 0x7b, 0xc0, 0x55, 0x95, 0xac, 0x2c, 0x01, 0x77, 0xf7, 0xa6, 0x5e, 0x3a,
+	0x3c, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0x0c, 0xd5, 0x38, 0xdc, 0xf3, 0x6a, 0xf9, 0xff, 0x37, 0xa0,
+	0xe7, 0xb7, 0xa8, 0x07, 0xfd, 0x35, 0x31, 0xbf, 0x5f, 0xcc, 0xcc, 0xef, 0x73, 0x5d, 0xf3, 0x7b,
+	0x8c, 0x8e, 0x59, 0x4e, 0x95, 0xea, 0xfb, 0x6d, 0x2c, 0x1c, 0xec, 0x93, 0x60, 0x56, 0xd2, 0xeb,
+	0x6d, 0x2f, 0x22, 0xf1, 0x6a, 0xd4, 0x0e, 0xbc, 0x60, 0x93, 0x4d, 0xd9, 0xaa, 0x69, 0x25, 0xa5,
+	0xc0, 0x38, 0x8b, 0x4f, 0x37, 0xfe, 0x74, 0x5e, 0xdc, 0x74, 0x76, 0xf8, 0xcc, 0x33, 0x6a, 0x71,
+	0xd6, 0x45, 0x3b, 0x56, 0x18, 0x68, 0x0b, 0x1e, 0x97, 0x04, 0x16, 0x88, 0x4f, 0xe8, 0x0b, 0xb1,
+	0x40, 0xc6, 0xa8, 0xc9, 0xd3, 0x0c, 0x78, 0x2c, 0xca, 0xd7, 0x0b, 0x0a, 0x8f, 0xe3, 0x7d, 0x70,
+	0xf1, 0xbe, 0x94, 0xec, 0x2f, 0xb1, 0xd0, 0x05, 0xa3, 0x5a, 0x04, 0x9d, 0x7d, 0xbe, 0xd7, 0xf4,
+	0x64, 0xc9, 0x50, 0x35, 0xfb, 0x96, 0x68, 0x23, 0xe6, 0x30, 0x74, 0x1b, 0x86, 0xd6, 0xf9, 0x95,
+	0xf3, 0xc5, 0x5c, 0xf5, 0x24, 0xee, 0xaf, 0x67, 0xe5, 0xc2, 0xe5, 0x65, 0xf6, 0x77, 0xf5, 0x4f,
+	0x2c, 0xb9, 0xd9, 0xbf, 0x5b, 0x81, 0x71, 0x19, 0x5e, 0x76, 0xd9, 0x8b, 0x59, 0x44, 0x82, 0x79,
+	0x87, 0x42, 0xe9, 0xc0, 0x3b, 0x14, 0x3e, 0x0c, 0xd0, 0x20, 0x2d, 0x3f, 0xec, 0x30, 0xe3, 0x70,
+	0xe0, 0xd0, 0xc6, 0xa1, 0xda, 0x4f, 0x2c, 0x28, 0x2a, 0xd8, 0xa0, 0x28, 0xea, 0xa4, 0xf2, 0x2b,
+	0x19, 0x32, 0x75, 0x52, 0x8d, 0x0b, 0xe1, 0x06, 0xef, 0xef, 0x85, 0x70, 0x1e, 0x8c, 0xf3, 0x2e,
+	0xaa, 0x9a, 0x0c, 0xf7, 0x50, 0x7a, 0x81, 0x65, 0xb5, 0x2d, 0xa4, 0xc9, 0xe0, 0x2c, 0x5d, 0xf3,
+	0xb6, 0xb7, 0xea, 0xfd, 0xbe, 0xed, 0xed, 0xbd, 0x50, 0x93, 0xdf, 0x39, 0x9e, 0xac, 0xe9, 0x7a,
+	0x41, 0x72, 0x1a, 0xc4, 0x58, 0xc3, 0xbb, 0xca, 0xcb, 0xc0, 0x83, 0x2a, 0x2f, 0x63, 0xbf, 0x55,
+	0xa6, 0xbb, 0x0a, 0xde, 0xaf, 0x43, 0x5f, 0x96, 0x78, 0xd9, 0xb8, 0x2c, 0xf1, 0x70, 0xdf, 0xb3,
+	0x9a, 0xb9, 0x54, 0xf1, 0x71, 0x18, 0x48, 0x9c, 0x4d, 0x99, 0x84, 0xcb, 0xa0, 0x6b, 0xce, 0x66,
+	0x8c, 0x59, 0xeb, 0x61, 0xca, 0x4a, 0xbf, 0x04, 0xa3, 0xb1, 0xb7, 0x19, 0x38, 0x49, 0x3b, 0x22,
+	0xc6, 0xf9, 0xa5, 0x0e, 0xd2, 0x31, 0x81, 0x38, 0x8d, 0x8b, 0x3e, 0x61, 0x01, 0x44, 0x44, 0xed,
+	0x59, 0x06, 0x8b, 0x98, 0x43, 0x4a, 0x0c, 0x48, 0xba, 0x66, 0x59, 0x10, 0xb5, 0x57, 0x31, 0xd8,
+	0xda, 0x9f, 0xb2, 0x60, 0xa2, 0xeb, 0x29, 0xd4, 0x82, 0x41, 0x97, 0x5d, 0x69, 0x59, 0x4c, 0x29,
+	0xcc, 0xf4, 0xf5, 0x98, 0x5c, 0x39, 0xf1, 0x36, 0x2c, 0xf8, 0xd8, 0xbf, 0x3c, 0x02, 0xa7, 0xea,
+	0xf3, 0xcb, 0xf2, 0x22, 0xa4, 0x63, 0xcb, 0x2a, 0xce, 0xe3, 0x71, 0xff, 0xb2, 0x8a, 0x7b, 0x70,
+	0xf7, 0x8d, 0xac, 0x62, 0xdf, 0xc8, 0x2a, 0x4e, 0xa7, 0x78, 0x96, 0x8b, 0x48, 0xf1, 0xcc, 0xeb,
+	0x41, 0x3f, 0x29, 0x9e, 0xc7, 0x96, 0x66, 0xbc, 0x6f, 0x87, 0x0e, 0x95, 0x66, 0xac, 0x72, 0xb0,
+	0x0b, 0xc9, 0x28, 0xeb, 0xf1, 0xa9, 0x72, 0x73, 0xb0, 0x55, 0xfe, 0x2b, 0xcf, 0x96, 0x14, 0x4a,
+	0xef, 0xd5, 0xe2, 0x3b, 0xd0, 0x47, 0xfe, 0xab, 0x48, 0xd8, 0x34, 0x73, 0xae, 0x87, 0x8a, 0xc8,
+	0xb9, 0xce, 0xeb, 0xce, 0x81, 0x39, 0xd7, 0x2f, 0xc1, 0xa8, 0xeb, 0x87, 0x01, 0x59, 0x8d, 0xc2,
+	0x24, 0x74, 0x43, 0x79, 0x81, 0xb8, 0xbe, 0x0b, 0xd2, 0x04, 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xed,
+	0xda, 0x51, 0x13, 0xb6, 0xe1, 0x01, 0x25, 0x6c, 0x1b, 0x29, 0xc9, 0xc3, 0x45, 0xa4, 0x24, 0xe7,
+	0x7d, 0x91, 0xbe, 0x52, 0x92, 0xdf, 0xe6, 0xf7, 0xe7, 0xd3, 0xcd, 0x08, 0x97, 0xc2, 0xec, 0x88,
+	0x6e, 0xf8, 0xfc, 0x6b, 0xc7, 0x30, 0x61, 0x6f, 0xd6, 0x35, 0x1b, 0x75, 0xa7, 0xbe, 0x6e, 0xc2,
+	0xe9, 0x8e, 0x1c, 0x25, 0x8d, 0xf9, 0xc7, 0x4b, 0xf0, 0x75, 0x07, 0x76, 0x01, 0xdd, 0x06, 0x48,
+	0x9c, 0x4d, 0x31, 0x51, 0xc5, 0x41, 0xd6, 0x11, 0xe3, 0x8a, 0xd7, 0x24, 0x3d, 0x91, 0x62, 0xa7,
+	0xc8, 0x63, 0x83, 0x15, 0x0b, 0x27, 0x0e, 0xfd, 0xae, 0x2a, 0xd6, 0x38, 0xf4, 0x09, 0x66, 0x10,
+	0x6a, 0x08, 0x45, 0x64, 0x93, 0x1a, 0xf7, 0xe5, 0xb4, 0x21, 0x84, 0x59, 0x2b, 0x16, 0x50, 0xf4,
+	0x02, 0x0c, 0x3b, 0xbe, 0xcf, 0xd3, 0xfd, 0x48, 0x2c, 0x2e, 0x69, 0xd5, 0xb5, 0x6b, 0x35, 0x08,
+	0x9b, 0x78, 0xf6, 0x9f, 0x97, 0x60, 0xea, 0x00, 0x99, 0xd2, 0x95, 0xe6, 0x5d, 0xe9, 0x3b, 0xcd,
+	0x5b, 0xa4, 0x2b, 0x0d, 0xf6, 0x48, 0x57, 0x7a, 0x01, 0x86, 0x13, 0xe2, 0x34, 0x45, 0x24, 0x62,
+	0xb6, 0x24, 0xe3, 0x9a, 0x06, 0x61, 0x13, 0x8f, 0x4a, 0xb1, 0x31, 0xc7, 0x75, 0x49, 0x1c, 0xcb,
+	0x7c, 0x24, 0xe1, 0xe5, 0x2e, 0x2c, 0xd9, 0x89, 0x1d, 0x1e, 0xcc, 0xa6, 0x58, 0xe0, 0x0c, 0xcb,
+	0xec, 0x80, 0xd7, 0xfa, 0x1c, 0xf0, 0x9f, 0x2a, 0xc1, 0x13, 0xfb, 0x6a, 0xb7, 0xbe, 0x53, 0xc5,
+	0xda, 0x31, 0x89, 0xb2, 0x13, 0xe7, 0x7a, 0x4c, 0x22, 0xcc, 0x20, 0x7c, 0x94, 0x5a, 0x2d, 0x15,
+	0x45, 0x5e, 0x7c, 0x6e, 0x25, 0x1f, 0xa5, 0x14, 0x0b, 0x9c, 0x61, 0x79, 0xaf, 0xd3, 0xf2, 0x77,
+	0x07, 0xe0, 0xa9, 0x3e, 0x6c, 0x80, 0x02, 0x73, 0x50, 0xd3, 0xf9, 0xd5, 0xe5, 0x07, 0x94, 0x5f,
+	0x7d, 0x6f, 0xc3, 0xf5, 0x4e, 0x5a, 0x76, 0x5f, 0xb9, 0xae, 0x5f, 0x2a, 0xc1, 0xd9, 0xde, 0x06,
+	0x0b, 0xfa, 0x36, 0x18, 0x8f, 0x54, 0x48, 0xa2, 0x99, 0x9a, 0x7d, 0x92, 0xfb, 0xb8, 0x52, 0x20,
+	0x9c, 0xc5, 0x45, 0xd3, 0x00, 0x2d, 0x27, 0xd9, 0x8a, 0x2f, 0xec, 0x7a, 0x71, 0x22, 0x6a, 0xd9,
+	0x8d, 0xf1, 0x93, 0x57, 0xd9, 0x8a, 0x0d, 0x0c, 0xca, 0x8e, 0xfd, 0x5b, 0x08, 0xaf, 0x85, 0x09,
+	0x7f, 0x88, 0x6f, 0x3d, 0x4f, 0xca, 0x9b, 0x1f, 0x0d, 0x10, 0xce, 0xe2, 0x52, 0x76, 0xec, 0x6c,
+	0x9f, 0x77, 0x74, 0x40, 0x27, 0x73, 0x2f, 0xa9, 0x56, 0x6c, 0x60, 0x64, 0x93, 0xce, 0x2b, 0x07,
+	0x27, 0x9d, 0xdb, 0xff, 0xaa, 0x04, 0x67, 0x7a, 0x1a, 0xbc, 0xfd, 0x89, 0xa9, 0x87, 0x2f, 0xf1,
+	0xfb, 0x1e, 0x57, 0xd8, 0xa1, 0x12, 0x86, 0xed, 0x3f, 0xee, 0x31, 0xd3, 0x44, 0x32, 0xf0, 0xbd,
+	0xd7, 0x4d, 0x79, 0xf8, 0xc6, 0xb3, 0x2b, 0xff, 0x77, 0xe0, 0x10, 0xf9, 0xbf, 0x99, 0x8f, 0x51,
+	0xe9, 0x53, 0x3b, 0xfc, 0xb7, 0x81, 0x9e, 0xc3, 0x4b, 0x37, 0xc8, 0x7d, 0x9d, 0x20, 0x2c, 0xc0,
+	0x09, 0x2f, 0x60, 0x77, 0xf9, 0xd6, 0xdb, 0xeb, 0xa2, 0xbc, 0x19, 0xaf, 0xe1, 0xab, 0xb2, 0x6f,
+	0x16, 0x33, 0x70, 0xdc, 0xf5, 0xc4, 0x43, 0x98, 0x8f, 0x7d, 0x6f, 0x43, 0x7a, 0x48, 0xc9, 0xbd,
+	0x02, 0xa7, 0xe5, 0x50, 0x6c, 0x39, 0x11, 0x69, 0x08, 0x65, 0x1b, 0x8b, 0x7c, 0xab, 0x33, 0x3c,
+	0x67, 0x2b, 0x07, 0x01, 0xe7, 0x3f, 0xc7, 0x2e, 0x5e, 0x0d, 0x5b, 0x9e, 0x2b, 0xb6, 0x82, 0xfa,
+	0xe2, 0x55, 0xda, 0x88, 0x39, 0x4c, 0xeb, 0x8b, 0xda, 0xfd, 0xd1, 0x17, 0x1f, 0x86, 0x9a, 0x1a,
+	0x6f, 0x9e, 0x53, 0xa1, 0x26, 0x79, 0x57, 0x4e, 0x85, 0x9a, 0xe1, 0x06, 0x16, 0x9d, 0x1d, 0x74,
+	0xa3, 0x92, 0x59, 0xad, 0x94, 0x1f, 0x6d, 0xb7, 0x9f, 0x83, 0x11, 0xe5, 0x0b, 0xec, 0xf7, 0xfa,
+	0x5b, 0xfb, 0xaf, 0x4a, 0x90, 0xb9, 0xe9, 0x0d, 0xed, 0x42, 0xad, 0x11, 0x75, 0x78, 0x63, 0x31,
+	0x35, 0xa4, 0x17, 0x24, 0x39, 0x7d, 0x10, 0xa6, 0x9a, 0xb0, 0x66, 0x86, 0xde, 0xe4, 0xe5, 0x9a,
+	0x05, 0xeb, 0x52, 0x11, 0x39, 0xf9, 0x75, 0x45, 0xcf, 0xbc, 0xdf, 0x52, 0xb6, 0x61, 0x83, 0x1f,
+	0x4a, 0xa0, 0xb6, 0x25, 0x6f, 0xb4, 0x2b, 0x46, 0xdc, 0xa9, 0x0b, 0xf2, 0xb8, 0x89, 0xa6, 0xfe,
+	0x62, 0xcd, 0xc8, 0xfe, 0xa3, 0x12, 0x9c, 0x4a, 0x7f, 0x00, 0x71, 0x70, 0xf9, 0x33, 0x16, 0x3c,
+	0xea, 0x3b, 0x71, 0x52, 0x6f, 0xb3, 0x8d, 0xc2, 0x46, 0xdb, 0x5f, 0xc9, 0x54, 0xf6, 0x3e, 0xaa,
+	0xb3, 0x45, 0x11, 0xce, 0xde, 0x80, 0x38, 0xf7, 0xd8, 0x9d, 0xbd, 0xa9, 0x47, 0x97, 0xf2, 0x99,
+	0xe3, 0x5e, 0xbd, 0x42, 0x6f, 0x59, 0x70, 0xc2, 0x6d, 0x47, 0x11, 0x09, 0x12, 0xdd, 0x55, 0xfe,
+	0x15, 0xaf, 0x15, 0x32, 0x90, 0xba, 0x83, 0xa7, 0xa8, 0x40, 0x9d, 0xcf, 0xf0, 0xc2, 0x5d, 0xdc,
+	0xed, 0x1f, 0xa2, 0x9a, 0xb3, 0xe7, 0x7b, 0xfe, 0x35, 0xbb, 0xb2, 0xf1, 0x4f, 0x07, 0x61, 0x34,
+	0x55, 0xbe, 0x3c, 0x75, 0xd8, 0x67, 0x1d, 0x78, 0xd8, 0xc7, 0x32, 0x04, 0xdb, 0x81, 0xbc, 0xcd,
+	0xde, 0xc8, 0x10, 0x6c, 0x07, 0x04, 0x73, 0x98, 0x18, 0x52, 0xdc, 0x0e, 0x44, 0x2e, 0x80, 0x39,
+	0xa4, 0xb8, 0x1d, 0x60, 0x01, 0x45, 0x1f, 0xb3, 0x60, 0x84, 0x2d, 0x3e, 0x71, 0x54, 0x2a, 0x14,
+	0xda, 0x95, 0x02, 0x96, 0xbb, 0x2c, 0xd5, 0xcf, 0x62, 0x47, 0xcd, 0x16, 0x9c, 0xe2, 0x88, 0x3e,
+	0x69, 0x41, 0x4d, 0x5d, 0x9d, 0x2b, 0xce, 0x46, 0xea, 0xc5, 0x56, 0x87, 0xcf, 0x48, 0x3d, 0x55,
+	0xa6, 0x1b, 0x6b, 0xc6, 0x28, 0x56, 0xe7, 0x98, 0x43, 0xc7, 0x73, 0x8e, 0x09, 0x39, 0x67, 0x98,
+	0xef, 0x85, 0x5a, 0xd3, 0x09, 0xbc, 0x0d, 0x12, 0x27, 0xfc, 0x68, 0x51, 0x5e, 0x06, 0x22, 0x1b,
+	0xb1, 0x86, 0x53, 0x63, 0x3f, 0x66, 0x2f, 0x96, 0x18, 0x67, 0x81, 0xcc, 0xd8, 0xaf, 0xeb, 0x66,
+	0x6c, 0xe2, 0x98, 0x07, 0x97, 0xf0, 0x40, 0x0f, 0x2e, 0x87, 0x0f, 0x38, 0xb8, 0xac, 0xc3, 0x69,
+	0xa7, 0x9d, 0x84, 0x97, 0x89, 0xe3, 0xcf, 0x26, 0x09, 0x69, 0xb6, 0x92, 0x98, 0x57, 0xbc, 0x1f,
+	0x61, 0x2e, 0x60, 0x15, 0xed, 0x56, 0x27, 0xfe, 0x46, 0x17, 0x12, 0xce, 0x7f, 0xd6, 0xfe, 0x17,
+	0x16, 0x9c, 0xce, 0x9d, 0x0a, 0x0f, 0x6f, 0x9e, 0x81, 0xfd, 0x23, 0x15, 0x38, 0x99, 0x73, 0xb9,
+	0x01, 0xea, 0x98, 0x8b, 0xc4, 0x2a, 0x22, 0x64, 0x2f, 0x1d, 0x81, 0x26, 0xbf, 0x4d, 0xce, 0xca,
+	0x38, 0x5c, 0x2c, 0x82, 0x8e, 0x07, 0x28, 0xdf, 0xdf, 0x78, 0x00, 0x63, 0xae, 0x0f, 0x3c, 0xd0,
+	0xb9, 0x5e, 0x39, 0x60, 0xae, 0xff, 0xac, 0x05, 0x93, 0xcd, 0x1e, 0x37, 0x95, 0x89, 0xf3, 0xa4,
+	0x1b, 0xc7, 0x73, 0x0f, 0xda, 0xdc, 0xe3, 0x77, 0xf6, 0xa6, 0x7a, 0x5e, 0x10, 0x87, 0x7b, 0xf6,
+	0xca, 0xfe, 0x72, 0x19, 0x98, 0xbd, 0xc6, 0x0a, 0x58, 0x77, 0xd0, 0x47, 0xcd, 0x3b, 0x52, 0xac,
+	0xa2, 0xee, 0xf3, 0xe0, 0xc4, 0xd5, 0x1d, 0x2b, 0x7c, 0x04, 0xf3, 0xae, 0x5c, 0xc9, 0x4a, 0xc2,
+	0x52, 0x1f, 0x92, 0xd0, 0x97, 0x97, 0xd1, 0x94, 0x8b, 0xbf, 0x8c, 0xa6, 0x96, 0xbd, 0x88, 0x66,
+	0xff, 0x4f, 0x3c, 0xf0, 0x50, 0x7e, 0xe2, 0x5f, 0xb1, 0xb8, 0xe0, 0xc9, 0x7c, 0x05, 0x6d, 0x6e,
+	0x58, 0xfb, 0x98, 0x1b, 0xcf, 0x40, 0x35, 0x16, 0x92, 0x59, 0x98, 0x25, 0x3a, 0x14, 0x4c, 0xb4,
+	0x63, 0x85, 0x41, 0x77, 0x5d, 0x8e, 0xef, 0x87, 0xb7, 0x2f, 0x34, 0x5b, 0x49, 0x47, 0x18, 0x28,
+	0x6a, 0x5b, 0x30, 0xab, 0x20, 0xd8, 0xc0, 0x42, 0x4f, 0xc1, 0x20, 0xaf, 0x34, 0x21, 0x9c, 0x3b,
+	0xc3, 0x74, 0x1d, 0xf2, 0x32, 0x14, 0x0d, 0x2c, 0x40, 0xf6, 0x16, 0x18, 0xbb, 0x8a, 0x7b, 0xbf,
+	0x0e, 0xfb, 0xe0, 0x1b, 0x2e, 0xed, 0x7f, 0x50, 0x12, 0xac, 0xf8, 0x2e, 0x41, 0x47, 0x06, 0x5a,
+	0x87, 0x8c, 0x0c, 0x7c, 0x13, 0xc0, 0x0d, 0x9b, 0x2d, 0xba, 0x6f, 0x5e, 0x0b, 0x8b, 0xd9, 0x6c,
+	0xcd, 0x2b, 0x7a, 0x7a, 0x54, 0x75, 0x1b, 0x36, 0xf8, 0xa5, 0x44, 0x7b, 0xf9, 0x40, 0xd1, 0x9e,
+	0x92, 0x72, 0x03, 0xfb, 0x4b, 0x39, 0xfb, 0xcf, 0x2d, 0x48, 0x59, 0x7d, 0xa8, 0x05, 0x15, 0xda,
+	0xdd, 0x8e, 0x10, 0x18, 0x2b, 0xc5, 0x99, 0x98, 0x54, 0x52, 0x8b, 0x55, 0xc8, 0x7e, 0x62, 0xce,
+	0x08, 0xf9, 0x22, 0x0a, 0xb2, 0x90, 0xcd, 0x8f, 0xc9, 0xf0, 0x72, 0x18, 0x6e, 0xf3, 0x60, 0x22,
+	0x1d, 0x51, 0x69, 0xbf, 0x08, 0x13, 0x5d, 0x9d, 0x62, 0x57, 0x68, 0x87, 0x72, 0x07, 0x6f, 0xac,
+	0x1e, 0x56, 0xf0, 0x01, 0x73, 0x98, 0xfd, 0x25, 0x0b, 0x4e, 0x64, 0xc9, 0xa3, 0xb7, 0x2d, 0x98,
+	0x88, 0xb3, 0xf4, 0x8e, 0x6b, 0xec, 0x54, 0xb6, 0x43, 0x17, 0x08, 0x77, 0x77, 0xc2, 0xfe, 0x9f,
+	0x42, 0x1b, 0xdc, 0xf4, 0x82, 0x46, 0x78, 0x5b, 0xd9, 0x49, 0x56, 0x4f, 0x3b, 0x89, 0x8a, 0x07,
+	0x77, 0x8b, 0x34, 0xda, 0x7e, 0x57, 0x19, 0x8a, 0xba, 0x68, 0xc7, 0x0a, 0x83, 0x65, 0xdd, 0xb7,
+	0xc5, 0xbe, 0x35, 0x33, 0x29, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xe8, 0x79, 0x18, 0x31, 0x5e, 0x52,
+	0xce, 0x4b, 0xb6, 0xe9, 0x30, 0x34, 0x78, 0x8c, 0x53, 0x58, 0x68, 0x1a, 0x40, 0xd9, 0x5c, 0x52,
+	0x63, 0x33, 0x47, 0xbb, 0x12, 0x8c, 0x31, 0x36, 0x30, 0x58, 0x8d, 0x0b, 0xbf, 0x1d, 0xb3, 0x93,
+	0xe4, 0x41, 0x7d, 0xa1, 0xc3, 0xbc, 0x68, 0xc3, 0x0a, 0x4a, 0x85, 0x5b, 0xd3, 0x09, 0xda, 0x8e,
+	0x4f, 0x47, 0x48, 0xb8, 0xce, 0xd4, 0x32, 0x5c, 0x56, 0x10, 0x6c, 0x60, 0xd1, 0x37, 0x4e, 0xbc,
+	0x26, 0x79, 0x25, 0x0c, 0x64, 0x94, 0xba, 0x0e, 0x2e, 0x10, 0xed, 0x58, 0x61, 0xa0, 0x17, 0x61,
+	0xd8, 0x09, 0x1a, 0xdc, 0x40, 0x0c, 0x23, 0x71, 0x46, 0xa9, 0x76, 0x9f, 0xd7, 0x63, 0x32, 0xab,
+	0xa1, 0xd8, 0x44, 0xcd, 0xde, 0x66, 0x01, 0x7d, 0xde, 0x96, 0xf7, 0x67, 0x16, 0x8c, 0xeb, 0xa2,
+	0x45, 0xcc, 0xc3, 0x96, 0x72, 0x2d, 0x5a, 0x07, 0xba, 0x16, 0xd3, 0xb5, 0x4b, 0x4a, 0x7d, 0xd5,
+	0x2e, 0x31, 0xcb, 0x8a, 0x94, 0xf7, 0x2d, 0x2b, 0xf2, 0x0d, 0x30, 0xb4, 0x4d, 0x3a, 0x46, 0xfd,
+	0x11, 0xa6, 0x1c, 0xae, 0xf2, 0x26, 0x2c, 0x61, 0xc8, 0x86, 0x41, 0xd7, 0x51, 0x35, 0x0c, 0x47,
+	0x44, 0x6c, 0xda, 0x2c, 0x43, 0x12, 0x10, 0x7b, 0x05, 0x6a, 0xea, 0x50, 0x5f, 0x7a, 0xfa, 0xac,
+	0x7c, 0x4f, 0x5f, 0x5f, 0xe5, 0x0d, 0xe6, 0xd6, 0x7f, 0xf3, 0x2b, 0x4f, 0xbe, 0xeb, 0x77, 0xbe,
+	0xf2, 0xe4, 0xbb, 0xfe, 0xf0, 0x2b, 0x4f, 0xbe, 0xeb, 0x63, 0x77, 0x9e, 0xb4, 0x7e, 0xf3, 0xce,
+	0x93, 0xd6, 0xef, 0xdc, 0x79, 0xd2, 0xfa, 0xc3, 0x3b, 0x4f, 0x5a, 0x5f, 0xbe, 0xf3, 0xa4, 0xf5,
+	0xd6, 0x7f, 0x7d, 0xf2, 0x5d, 0xaf, 0xe4, 0xe6, 0x45, 0xd0, 0x1f, 0xef, 0x73, 0x1b, 0x33, 0x3b,
+	0xcf, 0xb1, 0xd0, 0x7c, 0xba, 0x9e, 0x67, 0x8c, 0x49, 0x3c, 0x23, 0xd7, 0xf3, 0xff, 0x0f, 0x00,
+	0x00, 0xff, 0xff, 0x51, 0x38, 0xed, 0x10, 0xf4, 0x00, 0x01, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
@@ -9924,29 +9893,6 @@ func (m *EnvEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }
 
-func (m *ErrApplicationNotAllowedToUseProject) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalToSizedBuffer(dAtA[:size])
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ErrApplicationNotAllowedToUseProject) MarshalTo(dAtA []byte) (int, error) {
-	size := m.Size()
-	return m.MarshalToSizedBuffer(dAtA[:size])
-}
-
-func (m *ErrApplicationNotAllowedToUseProject) MarshalToSizedBuffer(dAtA []byte) (int, error) {
-	i := len(dAtA)
-	_ = i
-	var l int
-	_ = l
-	return len(dAtA) - i, nil
-}
-
 func (m *ExecProviderConfig) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -17717,15 +17663,6 @@ func (m *EnvEntry) Size() (n int) {
 	return n
 }
 
-func (m *ErrApplicationNotAllowedToUseProject) Size() (n int) {
-	if m == nil {
-		return 0
-	}
-	var l int
-	_ = l
-	return n
-}
-
 func (m *ExecProviderConfig) Size() (n int) {
 	if m == nil {
 		return 0
@@ -21174,15 +21111,6 @@ func (this *EnvEntry) String() string {
 	}, "")
 	return s
 }
-func (this *ErrApplicationNotAllowedToUseProject) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&ErrApplicationNotAllowedToUseProject{`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *ExecProviderConfig) String() string {
 	if this == nil {
 		return "nil"
@@ -36201,56 +36129,6 @@ func (m *EnvEntry) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ErrApplicationNotAllowedToUseProject) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= uint64(b&0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ErrApplicationNotAllowedToUseProject: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ErrApplicationNotAllowedToUseProject: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if (skippy < 0) || (iNdEx+skippy) < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ExecProviderConfig) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index 88bb8a53d2d33..0109eea4cfeea 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -1065,9 +1065,6 @@ message EnvEntry {
   optional string value = 2;
 }
 
-message ErrApplicationNotAllowedToUseProject {
-}
-
 // ExecProviderConfig is config used to call an external command to perform cluster authentication
 // See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
 message ExecProviderConfig {
diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go
index b4f026b8d2cba..4520013d518d2 100644
--- a/pkg/apis/application/v1alpha1/openapi_generated.go
+++ b/pkg/apis/application/v1alpha1/openapi_generated.go
@@ -75,7 +75,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.DrySource":                               schema_pkg_apis_application_v1alpha1_DrySource(ref),
 		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.DuckTypeGenerator":                       schema_pkg_apis_application_v1alpha1_DuckTypeGenerator(ref),
 		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.EnvEntry":                                schema_pkg_apis_application_v1alpha1_EnvEntry(ref),
-		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.ErrApplicationNotAllowedToUseProject":    schema_pkg_apis_application_v1alpha1_ErrApplicationNotAllowedToUseProject(ref),
 		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.ExecProviderConfig":                      schema_pkg_apis_application_v1alpha1_ExecProviderConfig(ref),
 		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.GitDirectoryGeneratorItem":               schema_pkg_apis_application_v1alpha1_GitDirectoryGeneratorItem(ref),
 		"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1.GitFileGeneratorItem":                    schema_pkg_apis_application_v1alpha1_GitFileGeneratorItem(ref),
@@ -3498,40 +3497,6 @@ func schema_pkg_apis_application_v1alpha1_EnvEntry(ref common.ReferenceCallback)
 	}
 }
 
-func schema_pkg_apis_application_v1alpha1_ErrApplicationNotAllowedToUseProject(ref common.ReferenceCallback) common.OpenAPIDefinition {
-	return common.OpenAPIDefinition{
-		Schema: spec.Schema{
-			SchemaProps: spec.SchemaProps{
-				Type: []string{"object"},
-				Properties: map[string]spec.Schema{
-					"application": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"namespace": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"project": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-				},
-				Required: []string{"application", "namespace", "project"},
-			},
-		},
-	}
-}
-
 func schema_pkg_apis_application_v1alpha1_ExecProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
index d1727af27dfc5..2ca9dc1114767 100644
--- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
@@ -2036,22 +2036,6 @@ func (in *EnvEntry) DeepCopy() *EnvEntry {
 	return out
 }
 
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ErrApplicationNotAllowedToUseProject) DeepCopyInto(out *ErrApplicationNotAllowedToUseProject) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ErrApplicationNotAllowedToUseProject.
-func (in *ErrApplicationNotAllowedToUseProject) DeepCopy() *ErrApplicationNotAllowedToUseProject {
-	if in == nil {
-		return nil
-	}
-	out := new(ErrApplicationNotAllowedToUseProject)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ExecProviderConfig) DeepCopyInto(out *ExecProviderConfig) {
 	*out = *in
diff --git a/server/application/application.go b/server/application/application.go
index a1b907cb2bbc5..1c33bcf23381c 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -1107,15 +1107,16 @@ func (s *Server) getAppProject(ctx context.Context, a *v1alpha1.Application, log
 		return nil, vagueError
 	}
 
-	var applicationNotAllowedToUseProjectErr *v1alpha1.ErrApplicationNotAllowedToUseProject
+	var applicationNotAllowedToUseProjectErr *argo.ErrApplicationNotAllowedToUseProject
 	if errors.As(err, &applicationNotAllowedToUseProjectErr) {
-		logCtx.WithFields(map[string]any{
-			"project":                a.Spec.Project,
-			argocommon.SecurityField: argocommon.SecurityMedium,
-		}).Warnf("error getting app project: %s", err)
 		return nil, vagueError
 	}
 
+	// Unknown error, log it but return the vague error to the user
+	logCtx.WithFields(map[string]any{
+		"project":                a.Spec.Project,
+		argocommon.SecurityField: argocommon.SecurityMedium,
+	}).Warnf("error getting app project: %s", err)
 	return nil, vagueError
 }
 
diff --git a/util/argo/argo.go b/util/argo/argo.go
index ad00e2f4cc13d..e7020c4d12cad 100644
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -730,7 +730,7 @@ func GetAppProject(ctx context.Context, app *argoappv1.Application, projLister a
 		return nil, err
 	}
 	if !proj.IsAppNamespacePermitted(app, ns) {
-		return nil, argoappv1.NewErrApplicationNotAllowedToUseProject(app.Name, app.Namespace, proj.Name)
+		return nil, NewErrApplicationNotAllowedToUseProject(app.Name, app.Namespace, proj.Name)
 	}
 	return proj, nil
 }
diff --git a/util/argo/types.go b/util/argo/types.go
new file mode 100644
index 0000000000000..b1453fa838b2e
--- /dev/null
+++ b/util/argo/types.go
@@ -0,0 +1,21 @@
+package argo
+
+import "fmt"
+
+type ErrApplicationNotAllowedToUseProject struct {
+	application string
+	namespace   string
+	project     string
+}
+
+func NewErrApplicationNotAllowedToUseProject(application, namespace, project string) error {
+	return &ErrApplicationNotAllowedToUseProject{
+		application: application,
+		namespace:   namespace,
+		project:     project,
+	}
+}
+
+func (err *ErrApplicationNotAllowedToUseProject) Error() string {
+	return fmt.Sprintf("application '%s' in namespace '%s' is not allowed to use project %s", err.application, err.namespace, err.project)
+}

From 630ce4ca5c34d2bef8eabfd5e9eae1f0bae29371 Mon Sep 17 00:00:00 2001
From: dudinea <eugene.doudine@octopus.com>
Date: Tue, 29 Jul 2025 18:17:26 +0300
Subject: [PATCH 208/383] docs: add notes related to Revision Cache Expiration
 settings (#23986) (#23963)

Signed-off-by: Eugene Doudine <eugene.doudine@octopus.com>
Signed-off-by: dudinea <eugene.doudine@octopus.com>
Co-authored-by: Papapetrou Patroklos <1743100+ppapapetrou76@users.noreply.github.com>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../applicationset/Generators-Git.md          | 35 +++++++++++++++++--
 docs/operator-manual/argocd-cm.yaml           |  8 ++++-
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/docs/operator-manual/applicationset/Generators-Git.md b/docs/operator-manual/applicationset/Generators-Git.md
index a03d10e7eb428..2580b75cd8d71 100644
--- a/docs/operator-manual/applicationset/Generators-Git.md
+++ b/docs/operator-manual/applicationset/Generators-Git.md
@@ -422,11 +422,40 @@ spec:
 
 In `values` we can also interpolate all fields set by the git files generator as mentioned above.
 
+## Git Polling Interval
+
+When using a Git generator, the ApplicationSet controller polls Git
+repositories, by default, every 3 minutes to detect changes, unless
+different default value is set by the
+`ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER` environment variable.
+You can customize this interval per ApplicationSet using
+`requeueAfterSeconds`.
+
+!!!note
+    The Git generator uses the ArgoCD Repo Server to retrieve file
+    and directory lists from Git. Therefore, the Git generator is
+    affected by the Repo Server's Revision Cache Expiration setting
+    (see the description of the `timeout.reconciliation` parameter in
+    [argocd-cm.yaml](../argocd-cm-yaml.md/#:~:text=timeout.reconciliation%3A)).
+    If this value exceeds the configured Git Polling Interval, the
+    Git generator might not see files or directories from new commits
+    until the previous cache entry expires.
+ 
+## The `argocd.argoproj.io/application-set-refresh` Annotation
+
+Setting the `argocd.argoproj.io/application-set-refresh` annotation
+(to any value) triggers an ApplicationSet refresh. This annotation
+forces the Git provider to resolve Git references directly, bypassing
+the Revision Cache. The ApplicationSet controller removes this
+annotation after reconciliation.
+
 ## Webhook Configuration
 
-When using a Git generator, the ApplicationSet controller polls Git repositories every 3 minutes (this can be customized per ApplicationSet with `requeueAfterSeconds`) to detect changes. To eliminate
-this delay from polling, the ApplicationSet webhook server can be configured to receive webhook events. ApplicationSet supports
-Git webhook notifications from GitHub and GitLab. The following explains how to configure a Git webhook for GitHub, but the same process should be applicable to other providers.
+To eliminate the polling delay, the ApplicationSet webhook
+server can be configured to receive webhook events. ApplicationSet
+supports Git webhook notifications from GitHub and GitLab. The
+following explains how to configure a Git webhook for GitHub, but the
+same process should be applicable to other providers.
 
 ```yaml
 apiVersion: argoproj.io/v1alpha1
diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml
index 804f7138afe33..25b5119e73d2a 100644
--- a/docs/operator-manual/argocd-cm.yaml
+++ b/docs/operator-manual/argocd-cm.yaml
@@ -330,6 +330,12 @@ data:
 
   # Application reconciliation timeout is the amount of time spent before Argo tries to discover if a new manifests version got
   # published to the repository. Reconciliation by timeout is disabled if timeout is set to 0. Two minutes by default with additional jitter.
+  # For the argocd-repo-server this setting defines the expiration
+  # value for cached git revisions.
+  # When set to 0, the cache expiration value will be taken from the
+  # --default-cache-expiration parameter, which is 24 hours by
+  # default, unless another value is set using the
+  # ARGOCD_DEFAULT_CACHE_EXPIRATION variable).
   # > Note: The argocd-repo-server deployment and the argocd-application-controller statefulset (or deployment, if
   # configured) must be manually restarted after changing the setting.
   timeout.reconciliation: 120s
@@ -432,4 +438,4 @@ data:
   webhook.maxPayloadSizeMB: "50"
 
   # application.sync.impersonation.enabled enables application sync to use a custom service account, via impersonation. This allows decoupling sync from control-plane service account.
-  application.sync.impersonation.enabled: "false"
\ No newline at end of file
+  application.sync.impersonation.enabled: "false"

From 5a137c5e6fb93761f267c0b6da270f5a588ec3f6 Mon Sep 17 00:00:00 2001
From: rumstead <37445536+rumstead@users.noreply.github.com>
Date: Tue, 29 Jul 2025 11:38:53 -0400
Subject: [PATCH 209/383] fix(appset): add applicationset leader election to
 roles and clean up (#14369) (#23976)

Signed-off-by: Manuelraa <kontakt@manuel-rapp.de>
Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
Co-authored-by: Manuelraa <kontakt@manuel-rapp.de>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ...argocd-applicationset-controller-role.yaml |  24 ++-
 ...applicationset-controller-clusterrole.yaml | 151 ++++++++----------
 manifests/core-install-with-hydrator.yaml     |  17 +-
 manifests/core-install.yaml                   |  17 +-
 manifests/ha/install-with-hydrator.yaml       |  55 +++----
 manifests/ha/install.yaml                     |  55 +++----
 .../ha/namespace-install-with-hydrator.yaml   |  17 +-
 manifests/ha/namespace-install.yaml           |  17 +-
 manifests/install-with-hydrator.yaml          |  55 +++----
 manifests/install.yaml                        |  55 +++----
 .../namespace-install-with-hydrator.yaml      |  17 +-
 manifests/namespace-install.yaml              |  17 +-
 12 files changed, 250 insertions(+), 247 deletions(-)

diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml
index 3eaf779dd6c31..3482b7936f704 100644
--- a/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml
+++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-role.yaml
@@ -38,7 +38,7 @@ rules:
       - patch
       - update
   - apiGroups:
-      - ''
+      - ""
     resources:
       - events
     verbs:
@@ -48,7 +48,7 @@ rules:
       - patch
       - watch
   - apiGroups:
-      - ''
+      - ""
     resources:
       - secrets
       - configmaps
@@ -56,12 +56,22 @@ rules:
       - get
       - list
       - watch
+  # argocd-applicationset-controller leader election rules
+  # Create with resourceNames fails, so use a separate rule for the lease creation
   - apiGroups:
-      - apps
-      - extensions
+      - coordination.k8s.io
     resources:
-      - deployments
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      # Defined in `cmd/argocd-applicationset-controller/commands/applicationset_controller.go`
+      - 58ac56fa.applicationsets.argoproj.io
     verbs:
       - get
-      - list
-      - watch
+      - update
+      - create
diff --git a/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml b/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml
index b550e36f9ad0b..cbfc38c30c7d2 100644
--- a/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml
+++ b/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml
@@ -1,90 +1,77 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  name: argocd-applicationset-controller
   labels:
     app.kubernetes.io/name: argocd-applicationset-controller
     app.kubernetes.io/part-of: argocd
     app.kubernetes.io/component: applicationset-controller
-  name: argocd-applicationset-controller
 rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - applications
+      - applicationsets
+      - applicationsets/finalizers
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - appprojects
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - argoproj.io
+    resources:
+      - applicationsets/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  # argocd-applicationset-controller leader election rules
+  # Create with resourceNames fails, so use a separate rule for the lease creation
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - create
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    resourceNames:
+      # Defined in `cmd/argocd-applicationset-controller/commands/applicationset_controller.go`
+      - 58ac56fa.applicationsets.argoproj.io
+    verbs:
+      - get
+      - update
+      - create
diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index 358fbfcebdf5d..497fed3b7c75b 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -24148,14 +24148,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index a9e58ec632965..3388c5a672d14 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -24139,14 +24139,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 8a26184f5bead..9f53494363e17 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -24186,14 +24186,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -24392,14 +24399,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
 - apiGroups:
   - argoproj.io
   resources:
@@ -24409,23 +24408,19 @@ rules:
   - list
   - watch
 - apiGroups:
-  - ""
+  - argoproj.io
   resources:
-  - events
+  - applicationsets/status
   verbs:
-  - create
   - get
-  - list
   - patch
-  - watch
+  - update
 - apiGroups:
   - ""
   resources:
-  - configmaps
+  - events
   verbs:
   - create
-  - update
-  - delete
   - get
   - list
   - patch
@@ -24434,31 +24429,27 @@ rules:
   - ""
   resources:
   - secrets
+  - configmaps
   verbs:
   - get
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
   verbs:
-  - get
-  - list
-  - watch
+  - create
 - apiGroups:
   - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
   resources:
   - leases
   verbs:
-  - create
-  - delete
   - get
-  - list
-  - patch
   - update
-  - watch
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index 533c71065f007..40cdb52ec9171 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -24177,14 +24177,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -24383,14 +24390,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
 - apiGroups:
   - argoproj.io
   resources:
@@ -24400,23 +24399,19 @@ rules:
   - list
   - watch
 - apiGroups:
-  - ""
+  - argoproj.io
   resources:
-  - events
+  - applicationsets/status
   verbs:
-  - create
   - get
-  - list
   - patch
-  - watch
+  - update
 - apiGroups:
   - ""
   resources:
-  - configmaps
+  - events
   verbs:
   - create
-  - update
-  - delete
   - get
   - list
   - patch
@@ -24425,31 +24420,27 @@ rules:
   - ""
   resources:
   - secrets
+  - configmaps
   verbs:
   - get
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
   verbs:
-  - get
-  - list
-  - watch
+  - create
 - apiGroups:
   - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
   resources:
   - leases
   verbs:
-  - create
-  - delete
   - get
-  - list
-  - patch
   - update
-  - watch
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml
index 4d5f1e9dbd9fc..2bef545941eeb 100644
--- a/manifests/ha/namespace-install-with-hydrator.yaml
+++ b/manifests/ha/namespace-install-with-hydrator.yaml
@@ -189,14 +189,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
index 9699d9089bb58..460233cf9cacb 100644
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -180,14 +180,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index 12d84c5dc921e..fcd0c63d0bd11 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -24175,14 +24175,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -24359,14 +24366,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
 - apiGroups:
   - argoproj.io
   resources:
@@ -24376,23 +24375,19 @@ rules:
   - list
   - watch
 - apiGroups:
-  - ""
+  - argoproj.io
   resources:
-  - events
+  - applicationsets/status
   verbs:
-  - create
   - get
-  - list
   - patch
-  - watch
+  - update
 - apiGroups:
   - ""
   resources:
-  - configmaps
+  - events
   verbs:
   - create
-  - update
-  - delete
   - get
   - list
   - patch
@@ -24401,31 +24396,27 @@ rules:
   - ""
   resources:
   - secrets
+  - configmaps
   verbs:
   - get
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
   verbs:
-  - get
-  - list
-  - watch
+  - create
 - apiGroups:
   - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
   resources:
   - leases
   verbs:
-  - create
-  - delete
   - get
-  - list
-  - patch
   - update
-  - watch
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/manifests/install.yaml b/manifests/install.yaml
index bef53d3ae3e81..6753c57f4b9d4 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -24166,14 +24166,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -24350,14 +24357,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
 - apiGroups:
   - argoproj.io
   resources:
@@ -24367,23 +24366,19 @@ rules:
   - list
   - watch
 - apiGroups:
-  - ""
+  - argoproj.io
   resources:
-  - events
+  - applicationsets/status
   verbs:
-  - create
   - get
-  - list
   - patch
-  - watch
+  - update
 - apiGroups:
   - ""
   resources:
-  - configmaps
+  - events
   verbs:
   - create
-  - update
-  - delete
   - get
   - list
   - patch
@@ -24392,31 +24387,27 @@ rules:
   - ""
   resources:
   - secrets
+  - configmaps
   verbs:
   - get
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
   verbs:
-  - get
-  - list
-  - watch
+  - create
 - apiGroups:
   - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
   resources:
   - leases
   verbs:
-  - create
-  - delete
   - get
-  - list
-  - patch
   - update
-  - watch
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml
index 655bfaaff4c6e..fd115ff4d0cab 100644
--- a/manifests/namespace-install-with-hydrator.yaml
+++ b/manifests/namespace-install-with-hydrator.yaml
@@ -178,14 +178,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml
index c53fa7e0990be..4d64743c092f1 100644
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -169,14 +169,21 @@ rules:
   - list
   - watch
 - apiGroups:
-  - apps
-  - extensions
+  - coordination.k8s.io
   resources:
-  - deployments
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - 58ac56fa.applicationsets.argoproj.io
+  resources:
+  - leases
   verbs:
   - get
-  - list
-  - watch
+  - update
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

From 4d0aa11a12f95ddabd246cdfd1fe3ad232616648 Mon Sep 17 00:00:00 2001
From: Etienne Lafarge <etienne.lafarge@gmail.com>
Date: Tue, 29 Jul 2025 23:55:27 +0200
Subject: [PATCH 210/383] chore(reposerver): Remove last occurrences of
 deprecated otelgrpc interceptors (#23921)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Étienne Lafarge <etienne.lafarge@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 reposerver/server.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/reposerver/server.go b/reposerver/server.go
index 1c0ff668a2dd8..aafad1f907328 100644
--- a/reposerver/server.go
+++ b/reposerver/server.go
@@ -66,13 +66,11 @@ func NewServer(metricsServer *metrics.MetricsServer, cache *reposervercache.Cach
 
 	serverLog := log.NewEntry(log.StandardLogger())
 	streamInterceptors := []grpc.StreamServerInterceptor{
-		otelgrpc.StreamServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
 		logging.StreamServerInterceptor(grpc_util.InterceptorLogger(serverLog)),
 		serverMetrics.StreamServerInterceptor(),
 		recovery.StreamServerInterceptor(recovery.WithRecoveryHandler(grpc_util.LoggerRecoveryHandler(serverLog))),
 	}
 	unaryInterceptors := []grpc.UnaryServerInterceptor{
-		otelgrpc.UnaryServerInterceptor(), //nolint:staticcheck // TODO: ignore SA1019 for depreciation: see https://github.com/argoproj/argo-cd/issues/18258
 		logging.UnaryServerInterceptor(grpc_util.InterceptorLogger(serverLog)),
 		serverMetrics.UnaryServerInterceptor(),
 		recovery.UnaryServerInterceptor(recovery.WithRecoveryHandler(grpc_util.LoggerRecoveryHandler(serverLog))),

From 736fab8d4cb39c42e49fee73e16991e9a5102723 Mon Sep 17 00:00:00 2001
From: KIMJiho <52690007+CHOUMnote@users.noreply.github.com>
Date: Thu, 31 Jul 2025 11:45:30 +0900
Subject: [PATCH 211/383] docs(cli): improve example usage for argocd logout
 command (#24001)

Signed-off-by: Kimjiho <rlawlgh1028@naver.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/logout.go             | 7 +++++--
 docs/user-guide/commands/argocd_logout.md | 7 +++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/cmd/argocd/commands/logout.go b/cmd/argocd/commands/logout.go
index 4f39df88412b8..aad7ef2bffb9f 100644
--- a/cmd/argocd/commands/logout.go
+++ b/cmd/argocd/commands/logout.go
@@ -19,9 +19,12 @@ func NewLogoutCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comma
 		Use:   "logout CONTEXT",
 		Short: "Log out from Argo CD",
 		Long:  "Log out from Argo CD",
-		Example: `# To log out of argocd
-$ argocd logout
+		Example: `# Logout from the active Argo CD context
 # This can be helpful for security reasons or when you want to switch between different Argo CD contexts or accounts.
+argocd logout CONTEXT
+
+# Logout from a specific context named 'cd.argoproj.io'
+argocd logout cd.argoproj.io
 `,
 		Run: func(c *cobra.Command, args []string) {
 			if len(args) == 0 {
diff --git a/docs/user-guide/commands/argocd_logout.md b/docs/user-guide/commands/argocd_logout.md
index 6eab9e7f5e09e..686068ac1ebdf 100644
--- a/docs/user-guide/commands/argocd_logout.md
+++ b/docs/user-guide/commands/argocd_logout.md
@@ -15,9 +15,12 @@ argocd logout CONTEXT [flags]
 ### Examples
 
 ```
-# To log out of argocd
-$ argocd logout
+# Logout from the active Argo CD context
 # This can be helpful for security reasons or when you want to switch between different Argo CD contexts or accounts.
+argocd logout CONTEXT
+
+# Logout from a specific context named 'cd.argoproj.io'
+argocd logout cd.argoproj.io
 
 ```
 

From 787f5c45513da28e9c454b27687681f54cd576a1 Mon Sep 17 00:00:00 2001
From: EmilyXinyi <52259856+EmilyXinyi@users.noreply.github.com>
Date: Thu, 31 Jul 2025 09:58:12 -0400
Subject: [PATCH 212/383] docs: PR generator title match (#24000)

Signed-off-by: EmilyXinyi <xinyi_0302@yahoo.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/applicationset.yaml                     | 4 +++-
 .../applicationset/Generators-Pull-Request.md                | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/operator-manual/applicationset.yaml b/docs/operator-manual/applicationset.yaml
index dc1e6a69b295f..e487b09d49780 100644
--- a/docs/operator-manual/applicationset.yaml
+++ b/docs/operator-manual/applicationset.yaml
@@ -162,9 +162,11 @@ spec:
           - preview
 
         # Filters allow selecting which pull requests to generate for
-        # Include any pull request ending with "argocd". (optional)
+        # Include any pull request branch ending with "argocd" 
+        # and pull request title starting with "feat:". (optional)
         filters:
         - branchMatch: ".*-argocd"
+        - titleMatch: "^feat:"
 
         # Specify the project from which to fetch the GitLab merge requests.
         gitlab:
diff --git a/docs/operator-manual/applicationset/Generators-Pull-Request.md b/docs/operator-manual/applicationset/Generators-Pull-Request.md
index fd6a48d89b004..282db84b8ef19 100644
--- a/docs/operator-manual/applicationset/Generators-Pull-Request.md
+++ b/docs/operator-manual/applicationset/Generators-Pull-Request.md
@@ -351,15 +351,18 @@ spec:
   generators:
   - pullRequest:
       # ...
-      # Include any pull request ending with "argocd". (optional)
+      # Include any pull request branch ending with "argocd" 
+      # and pull request title starting with "feat:". (optional)
       filters:
       - branchMatch: ".*-argocd"
+      - titleMatch: "^feat:"
   template:
   # ...
 ```
 
 * `branchMatch`: A regexp matched against source branch names.
 * `targetBranchMatch`: A regexp matched against target branch names.
+* `titleMatch`: A regexp matched against Pull Request title. 
 
 [GitHub](#github) and [GitLab](#gitlab) also support a `labels` filter.
 

From f501939197277642653eedac61052b09c770cb8c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 31 Jul 2025 06:58:37 -0700
Subject: [PATCH 213/383] chore(deps): bump github.com/golang-jwt/jwt/v5 from
 5.2.3 to 5.3.0 (#24003)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c753e26ef7ec3..ee75c91896afc 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/gogits/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/gogo/protobuf v1.3.2
-	github.com/golang-jwt/jwt/v5 v5.2.3
+	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang/protobuf v1.5.4
 	github.com/google/btree v1.1.3
 	github.com/google/go-cmp v0.7.0
diff --git a/go.sum b/go.sum
index 427bd5d7a4a5d..96facb080db61 100644
--- a/go.sum
+++ b/go.sum
@@ -395,8 +395,8 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
 github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/golang-jwt/jwt/v5 v5.2.3 h1:kkGXqQOBSDDWRhWNXTFpqGSCMyh/PLnqUvMGJPDJDs0=
-github.com/golang-jwt/jwt/v5 v5.2.3/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
+github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.2.5 h1:DrW6hGnjIhtvhOIiAKT6Psh/Kd/ldepEa81DKeiRJ5I=
 github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=

From b448f1a4460e987c8acaecd1c8f0b2da3a6ebcfc Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Thu, 31 Jul 2025 10:32:54 -0400
Subject: [PATCH 214/383] fix(api): `app create --upsert` should not error on
 invalid current destination (#23922)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 server/application/application.go      |  4 --
 server/application/application_test.go | 97 ++++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 4 deletions(-)

diff --git a/server/application/application.go b/server/application/application.go
index 1c33bcf23381c..45b1a1af43945 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -380,10 +380,6 @@ func (s *Server) Create(ctx context.Context, q *application.ApplicationCreateReq
 		return nil, status.Errorf(codes.Internal, "unable to check existing application details (%s): %v", appNs, err)
 	}
 
-	if _, err := argo.GetDestinationCluster(ctx, existing.Spec.Destination, s.db); err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, "application destination spec for %s is invalid: %s", existing.Name, err.Error())
-	}
-
 	equalSpecs := reflect.DeepEqual(existing.Spec.Destination, a.Spec.Destination) &&
 		reflect.DeepEqual(existing.Spec, a.Spec) &&
 		reflect.DeepEqual(existing.Labels, a.Labels) &&
diff --git a/server/application/application_test.go b/server/application/application_test.go
index 3b365ee6f105d..16ce0923e8006 100644
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -1510,6 +1510,103 @@ func TestCreateAppWithOperation(t *testing.T) {
 	assert.Nil(t, app.Operation)
 }
 
+func TestCreateAppUpsert(t *testing.T) {
+	t.Parallel()
+	t.Run("No error when spec equals", func(t *testing.T) {
+		t.Parallel()
+		appServer := newTestAppServer(t)
+		testApp := newTestApp()
+
+		createReq := application.ApplicationCreateRequest{
+			Application: testApp,
+		}
+		// Call Create() instead of adding the object to the tesst server to make sure the app is correctly normalized.
+		_, err := appServer.Create(t.Context(), &createReq)
+		require.NoError(t, err)
+
+		app, err := appServer.Create(t.Context(), &createReq)
+		require.NoError(t, err)
+		require.NotNil(t, app)
+	})
+	t.Run("Error on update without upsert", func(t *testing.T) {
+		t.Parallel()
+		appServer := newTestAppServer(t)
+		testApp := newTestApp()
+
+		// Call Create() instead of adding the object to the tesst server to make sure the app is correctly normalized.
+		_, err := appServer.Create(t.Context(), &application.ApplicationCreateRequest{
+			Application: testApp,
+		})
+		require.NoError(t, err)
+
+		newApp := newTestApp()
+		newApp.Spec.Source.Name = "updated"
+		createReq := application.ApplicationCreateRequest{
+			Application: newApp,
+		}
+		_, err = appServer.Create(t.Context(), &createReq)
+		require.EqualError(t, err, "rpc error: code = InvalidArgument desc = existing application spec is different, use upsert flag to force update")
+	})
+	t.Run("Invalid existing app can be updated", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		testApp.Spec.Destination.Server = "https://invalid-cluster"
+		appServer := newTestAppServer(t, testApp)
+
+		newApp := newTestAppWithDestName()
+		newApp.TypeMeta = testApp.TypeMeta
+		newApp.Spec.Source.Name = "updated"
+		createReq := application.ApplicationCreateRequest{
+			Application: newApp,
+			Upsert:      ptr.To(true),
+		}
+		app, err := appServer.Create(t.Context(), &createReq)
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Equal(t, "updated", app.Spec.Source.Name)
+	})
+	t.Run("Can update application project", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		appServer := newTestAppServer(t, testApp)
+
+		newApp := newTestAppWithDestName()
+		newApp.TypeMeta = testApp.TypeMeta
+		newApp.Spec.Project = "my-proj"
+		createReq := application.ApplicationCreateRequest{
+			Application: newApp,
+			Upsert:      ptr.To(true),
+		}
+		app, err := appServer.Create(t.Context(), &createReq)
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Equal(t, "my-proj", app.Spec.Project)
+	})
+	t.Run("Existing label and annotations are preserved", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		testApp.Annotations = map[string]string{"test": "test-value", "update": "old"}
+		testApp.Labels = map[string]string{"test": "test-value", "update": "old"}
+		appServer := newTestAppServer(t, testApp)
+
+		newApp := newTestAppWithDestName()
+		newApp.TypeMeta = testApp.TypeMeta
+		newApp.Annotations = map[string]string{"update": "new"}
+		newApp.Labels = map[string]string{"update": "new"}
+		createReq := application.ApplicationCreateRequest{
+			Application: newApp,
+			Upsert:      ptr.To(true),
+		}
+		app, err := appServer.Create(t.Context(), &createReq)
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Len(t, app.Annotations, 2)
+		assert.Equal(t, "new", app.GetAnnotations()["update"])
+		assert.Len(t, app.Labels, 2)
+		assert.Equal(t, "new", app.GetLabels()["update"])
+	})
+}
+
 func TestUpdateApp(t *testing.T) {
 	testApp := newTestApp()
 	appServer := newTestAppServer(t, testApp)

From ec6db20bff2e279ab86a64c12dfc9f862da4ae20 Mon Sep 17 00:00:00 2001
From: Eunji <129590633+bianbbc87@users.noreply.github.com>
Date: Thu, 31 Jul 2025 23:37:48 +0900
Subject: [PATCH 215/383] fix: support dynamic field path based on Hydrator
 state in summary view (#23950)

Signed-off-by: EunJiJung <bianbbc87@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-summary.tsx                   | 31 ++++++++++++++++---
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx
index f2dd942296ef1..b2abc19b9d05f 100644
--- a/ui/src/app/applications/components/application-summary/application-summary.tsx
+++ b/ui/src/app/applications/components/application-summary/application-summary.tsx
@@ -66,7 +66,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
     const updateApp = notificationSubscriptions.withNotificationSubscriptions(props.updateApp);
 
     const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0;
-
+    const isHydrator = app.spec.sourceHydrator && true;
     const repoType = source.repoURL.startsWith('oci://') ? 'oci' : (source.hasOwnProperty('chart') && 'helm') || 'git';
 
     const attributes = [
@@ -175,7 +175,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
         !hasMultipleSources && {
             title: 'REPO URL',
             view: <Repo url={source?.repoURL} />,
-            edit: (formApi: FormApi) => <FormField formApi={formApi} field='spec.source.repoURL' component={Text} />
+            edit: (formApi: FormApi) => <FormField formApi={formApi} field={getRepoField(isHydrator)} component={Text} />
         },
         ...(!hasMultipleSources
             ? isHelm
@@ -237,7 +237,14 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
                               hasMultipleSources ? (
                                   helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.')
                               ) : (
-                                  <RevisionFormField helpIconTop={'0'} hideLabel={true} formApi={formApi} repoURL={source.repoURL} repoType={repoType} />
+                                  <RevisionFormField
+                                      helpIconTop={'0'}
+                                      hideLabel={true}
+                                      formApi={formApi}
+                                      fieldValue={getTargetRevisionField(isHydrator)}
+                                      repoURL={source.repoURL}
+                                      repoType={repoType}
+                                  />
                               )
                       },
                       {
@@ -251,7 +258,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
                               hasMultipleSources ? (
                                   helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.')
                               ) : (
-                                  <FormField formApi={formApi} field='spec.source.path' component={Text} />
+                                  <FormField formApi={formApi} field={getPathField(isHydrator)} component={Text} />
                               )
                       }
                   ]
@@ -646,3 +653,19 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
         </div>
     );
 };
+
+/** Get the repository URL field based on the hydrator status */
+const getRepoField = (isHydrator: boolean): string => {
+    const repoURLField = isHydrator ? 'spec.sourceHydrator.drySource.repoURL' : 'spec.source.repoURL';
+    return repoURLField;
+};
+
+const getTargetRevisionField = (isHydrator: boolean): string => {
+    const targetRevisionField = isHydrator ? 'spec.sourceHydrator.drySource.targetRevision' : 'spec.source.targetRevision';
+    return targetRevisionField;
+};
+
+const getPathField = (isHydrator: boolean): string => {
+    const pathField = isHydrator ? 'spec.sourceHydrator.drySource.path' : 'spec.source.path';
+    return pathField;
+};

From 086d4d05f35e829d07f0e52a019353526db36796 Mon Sep 17 00:00:00 2001
From: xfrnk2 <34790699+xfrnk2@users.noreply.github.com>
Date: Fri, 1 Aug 2025 01:13:26 +0900
Subject: [PATCH 216/383] fix(ui): wrap log lines are wrapped to the next line
 (#23946)

Signed-off-by: Beomseok Kim <xfrnk2@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../components/pod-logs-viewer/pod-logs-viewer.tsx          | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx
index 946e58be32fa0..fcbc8b4206730 100644
--- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx
+++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx
@@ -219,12 +219,12 @@ export const PodsLogsViewer = (props: PodLogsProps) => {
                 width,
                 height,
                 overflow: 'scroll',
-                minWidth: '100%'
+                minWidth: isWrapped ? 'fit-content' : '100%'
             }}>
             <div
                 style={{
                     width: '100%',
-                    minWidth: 'fit-content'
+                    minWidth: isWrapped ? 'fit-content' : '100%'
                 }}>
                 {logs.map((log, lineNum) => {
                     const {podNameContent, timestampContent, logContent} = renderLog(log, lineNum, prefs.appDetails.darkMode);
@@ -236,7 +236,7 @@ export const PodsLogsViewer = (props: PodLogsProps) => {
                                 lineHeight: '1.5rem',
                                 backgroundColor: selectedPod === log.podName ? getPodBackgroundColor(log.podName, prefs.appDetails.darkMode) : 'transparent',
                                 padding: '1px 8px',
-                                width: '100vw',
+                                width: '100%',
                                 marginLeft: '-8px',
                                 marginRight: '-8px'
                             }}

From 03bd1aa49a473740f581c119c2b4ecab580e9e8b Mon Sep 17 00:00:00 2001
From: Suraj yadav <harrypotter1108@gmail.com>
Date: Thu, 31 Jul 2025 22:25:12 +0530
Subject: [PATCH 217/383] feat(ui): Requests info for Cpu and Mem added to Pod
 details  (#20637)

Signed-off-by: Surajyadav <harrypotter1108@gmail.com>
Signed-off-by: Suraj yadav <harrypotter1108@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 common/common.go                              |   6 +
 controller/cache/info.go                      |  12 ++
 controller/cache/info_test.go                 | 172 ++++++++++++++++++
 .../application-pod-view/pod-tooltip.tsx      |  30 ++-
 .../application-pod-view/pod-view.tsx         |   2 +-
 .../applications/components/utils.test.tsx    | 134 ++++++++++++++
 ui/src/app/applications/components/utils.tsx  |   6 +
 7 files changed, 352 insertions(+), 10 deletions(-)

diff --git a/common/common.go b/common/common.go
index 4c5e428dadc78..2c8809be58017 100644
--- a/common/common.go
+++ b/common/common.go
@@ -100,6 +100,12 @@ const (
 	PluginConfigFileName = "plugin.yaml"
 )
 
+// consts for podrequests metrics in cache/info
+const (
+	PodRequestsCPU = "cpu"
+	PodRequestsMEM = "memory"
+)
+
 // Argo CD application related constants
 const (
 
diff --git a/controller/cache/info.go b/controller/cache/info.go
index 1eb1e46b6f4bb..be8ab13d53357 100644
--- a/controller/cache/info.go
+++ b/controller/cache/info.go
@@ -446,6 +446,7 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) {
 	}
 
 	req, _ := resourcehelper.PodRequestsAndLimits(&pod)
+
 	res.PodInfo = &PodInfo{NodeName: pod.Spec.NodeName, ResourceRequests: req, Phase: pod.Status.Phase}
 
 	res.Info = append(res.Info, v1alpha1.InfoItem{Name: "Node", Value: pod.Spec.NodeName})
@@ -454,6 +455,17 @@ func populatePodInfo(un *unstructured.Unstructured, res *ResourceInfo) {
 		res.Info = append(res.Info, v1alpha1.InfoItem{Name: "Restart Count", Value: strconv.Itoa(restarts)})
 	}
 
+	// Requests are relevant even for pods in the init phase or pending state (e.g., due to insufficient resources),
+	// as they help with diagnosing scheduling and startup issues.
+	// requests will be released for terminated pods either with success or failed state termination.
+	if !isPodPhaseTerminal(pod.Status.Phase) {
+		CPUReq := req[corev1.ResourceCPU]
+		MemoryReq := req[corev1.ResourceMemory]
+
+		res.Info = append(res.Info, v1alpha1.InfoItem{Name: common.PodRequestsCPU, Value: strconv.FormatInt(CPUReq.MilliValue(), 10)})
+		res.Info = append(res.Info, v1alpha1.InfoItem{Name: common.PodRequestsMEM, Value: strconv.FormatInt(MemoryReq.MilliValue(), 10)})
+	}
+
 	var urls []string
 	if res.NetworkingInfo != nil {
 		urls = res.NetworkingInfo.ExternalURLs
diff --git a/controller/cache/info_test.go b/controller/cache/info_test.go
index c0ffd72774db5..44a0acedda90d 100644
--- a/controller/cache/info_test.go
+++ b/controller/cache/info_test.go
@@ -12,6 +12,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/yaml"
 
+	"github.com/argoproj/argo-cd/v3/common"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/util/argo/normalizers"
 	"github.com/argoproj/argo-cd/v3/util/errors"
@@ -304,6 +305,8 @@ func TestGetPodInfo(t *testing.T) {
 		assert.Equal(t, []v1alpha1.InfoItem{
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/1"},
+			{Name: common.PodRequestsCPU, Value: "0"}, // strings imported from common
+			{Name: common.PodRequestsMEM, Value: "134217728000"},
 		}, info.Info)
 		assert.Equal(t, []string{"bar"}, info.Images)
 		assert.Equal(t, &PodInfo{
@@ -365,9 +368,81 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Status Reason", Value: "Running"},
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "1/1"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
+	t.Run("TestGetPodWithInitialContainerInfoWithResources", func(t *testing.T) {
+		pod := strToUnstructured(`
+        apiVersion: "v1"
+        kind: "Pod"
+        metadata:
+            labels:
+                app: "app-with-initial-container"
+            name: "app-with-initial-container-5f46976fdb-vd6rv"
+            namespace: "default"
+            ownerReferences:
+            - apiVersion: "apps/v1"
+              kind: "ReplicaSet"
+              name: "app-with-initial-container-5f46976fdb"
+        spec:
+            containers:
+            - image: "alpine:latest"
+              imagePullPolicy: "Always"
+              name: "app-with-initial-container"
+              resources:
+                requests:
+                  cpu: "100m"
+                  memory: "128Mi"
+                limits:
+                  cpu: "500m"
+                  memory: "512Mi"
+            initContainers:
+            - image: "alpine:latest"
+              imagePullPolicy: "Always"
+              name: "app-with-initial-container-logshipper"
+              resources:
+                requests:
+                  cpu: "50m"
+                  memory: "64Mi"
+                limits:
+                  cpu: "250m"
+                  memory: "256Mi"
+            nodeName: "minikube"
+        status:
+            containerStatuses:
+            - image: "alpine:latest"
+              name: "app-with-initial-container"
+              ready: true
+              restartCount: 0
+              started: true
+              state:
+                running:
+                  startedAt: "2024-10-08T08:44:25Z"
+            initContainerStatuses:
+            - image: "alpine:latest"
+              name: "app-with-initial-container-logshipper"
+              ready: true
+              restartCount: 0
+              started: false
+              state:
+                terminated:
+                  exitCode: 0
+                  reason: "Completed"
+            phase: "Running"
+    `)
+
+		info := &ResourceInfo{}
+		populateNodeInfo(pod, info, []string{})
+		assert.Equal(t, []v1alpha1.InfoItem{
+			{Name: "Status Reason", Value: "Running"},
+			{Name: "Node", Value: "minikube"},
+			{Name: "Containers", Value: "1/1"},
+			{Name: common.PodRequestsCPU, Value: "100"},
+			{Name: common.PodRequestsMEM, Value: "134217728000"},
+		}, info.Info)
+	})
 	t.Run("TestGetPodInfoWithSidecar", func(t *testing.T) {
 		t.Parallel()
 
@@ -422,6 +497,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Status Reason", Value: "Running"},
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "2/2"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -480,6 +557,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Status Reason", Value: "Init:0/1"},
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/1"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -537,6 +616,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/3"},
 			{Name: "Restart Count", Value: "3"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -594,6 +675,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/3"},
 			{Name: "Restart Count", Value: "3"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -654,6 +737,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "1/3"},
 			{Name: "Restart Count", Value: "7"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -696,6 +781,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/1"},
 			{Name: "Restart Count", Value: "3"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -731,6 +818,45 @@ func TestGetPodInfo(t *testing.T) {
 		}, info.Info)
 	})
 
+	// Test pod condition succeed which had some allocated resources
+	t.Run("TestPodConditionSucceededWithResources", func(t *testing.T) {
+		t.Parallel()
+
+		pod := strToUnstructured(`
+  apiVersion: v1
+  kind: Pod
+  metadata:
+    name: test8
+  spec:
+    nodeName: minikube
+    containers:
+      - name: container
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "64Mi"
+          limits:
+            cpu: "250m"
+            memory: "256Mi"
+  status:
+    phase: Succeeded
+    containerStatuses:
+      - ready: false
+        restartCount: 0
+        state:
+          terminated:
+            reason: Completed
+            exitCode: 0
+`)
+		info := &ResourceInfo{}
+		populateNodeInfo(pod, info, []string{})
+		assert.Equal(t, []v1alpha1.InfoItem{
+			{Name: "Status Reason", Value: "Completed"},
+			{Name: "Node", Value: "minikube"},
+			{Name: "Containers", Value: "0/1"},
+		}, info.Info)
+	})
+
 	// Test pod condition failed
 	t.Run("TestPodConditionFailed", func(t *testing.T) {
 		t.Parallel()
@@ -763,6 +889,46 @@ func TestGetPodInfo(t *testing.T) {
 		}, info.Info)
 	})
 
+	// Test pod condition failed with allocated resources
+
+	t.Run("TestPodConditionFailedWithResources", func(t *testing.T) {
+		t.Parallel()
+
+		pod := strToUnstructured(`
+  apiVersion: v1
+  kind: Pod
+  metadata:
+    name: test9
+  spec:
+    nodeName: minikube
+    containers:
+      - name: container
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "64Mi"
+          limits:
+            cpu: "250m"
+            memory: "256Mi"
+  status:
+    phase: Failed
+    containerStatuses:
+      - ready: false
+        restartCount: 0
+        state:
+          terminated:
+            reason: Error
+            exitCode: 1
+`)
+		info := &ResourceInfo{}
+		populateNodeInfo(pod, info, []string{})
+		assert.Equal(t, []v1alpha1.InfoItem{
+			{Name: "Status Reason", Value: "Error"},
+			{Name: "Node", Value: "minikube"},
+			{Name: "Containers", Value: "0/1"},
+		}, info.Info)
+	})
+
 	// Test pod condition succeed with deletion
 	t.Run("TestPodConditionSucceededWithDeletion", func(t *testing.T) {
 		t.Parallel()
@@ -824,6 +990,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Status Reason", Value: "Terminating"},
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/1"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -850,6 +1018,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Status Reason", Value: "Terminating"},
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/1"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 
@@ -880,6 +1050,8 @@ func TestGetPodInfo(t *testing.T) {
 			{Name: "Status Reason", Value: "SchedulingGated"},
 			{Name: "Node", Value: "minikube"},
 			{Name: "Containers", Value: "0/2"},
+			{Name: common.PodRequestsCPU, Value: "0"},
+			{Name: common.PodRequestsMEM, Value: "0"},
 		}, info.Info)
 	})
 }
diff --git a/ui/src/app/applications/components/application-pod-view/pod-tooltip.tsx b/ui/src/app/applications/components/application-pod-view/pod-tooltip.tsx
index 51303a1334b56..b07184f4feb41 100644
--- a/ui/src/app/applications/components/application-pod-view/pod-tooltip.tsx
+++ b/ui/src/app/applications/components/application-pod-view/pod-tooltip.tsx
@@ -1,7 +1,8 @@
 import * as React from 'react';
 import Moment from 'react-moment';
-import {Pod} from '../../../shared/models';
+import {Pod, ResourceName} from '../../../shared/models';
 import {isYoungerThanXMinutes} from '../utils';
+import {formatMetric} from './pod-view';
 
 export const PodTooltip = (props: {pod: Pod}) => {
     const pod = props.pod;
@@ -16,15 +17,26 @@ export const PodTooltip = (props: {pod: Pod}) => {
                 <div className='columns small-6'>{pod.health}</div>
             </div>
             {(pod.info || [])
-                .filter(i => i.name !== 'Node')
-                .map(i => (
-                    <div className='row' key={i.name}>
-                        <div className='columns small-6' style={{whiteSpace: 'nowrap'}}>
-                            {i.name}:
+                .filter(i => {
+                    //filter out 0 values for CPU and mem on pod info
+                    return i.name !== 'Node' && !((i.name === ResourceName.ResourceCPU || i.name === ResourceName.ResourceMemory) && parseInt(i.value, 10) === 0);
+                })
+                .map(i => {
+                    const isPodRequests = i.name === ResourceName.ResourceCPU || i.name === ResourceName.ResourceMemory;
+                    const formattedValue = isPodRequests ? formatMetric(i.name as ResourceName, parseInt(i.value, 10)) : i.value;
+
+                    //this is just to show cpu and mem info with "Requests" as prefix
+                    const label = i.name === ResourceName.ResourceCPU ? 'Requests CPU:' : i.name === ResourceName.ResourceMemory ? 'Requests MEM:' : `${i.name}:`;
+
+                    return (
+                        <div className='row' key={i.name}>
+                            <div className='columns small-6' style={{whiteSpace: 'nowrap'}}>
+                                {label}
+                            </div>
+                            <div className='columns small-6'>{formattedValue}</div>
                         </div>
-                        <div className='columns small-6'>{i.value}</div>
-                    </div>
-                ))}
+                    );
+                })}
             {pod.createdAt && (
                 <div className='row'>
                     <div className='columns small-6'>
diff --git a/ui/src/app/applications/components/application-pod-view/pod-view.tsx b/ui/src/app/applications/components/application-pod-view/pod-view.tsx
index b7ce3ad959697..bbec9e42bbc18 100644
--- a/ui/src/app/applications/components/application-pod-view/pod-view.tsx
+++ b/ui/src/app/applications/components/application-pod-view/pod-view.tsx
@@ -452,7 +452,7 @@ function formatSize(bytes: number) {
     return parseFloat((bytes / Math.pow(k, i)).toFixed(dm)) + ' ' + sizes[i];
 }
 
-function formatMetric(name: ResourceName, val: number) {
+export function formatMetric(name: ResourceName, val: number) {
     if (name === ResourceName.ResourceStorage || name === ResourceName.ResourceMemory) {
         // divide by 1000 to convert "milli bytes" to bytes
         return formatSize(val / 1000);
diff --git a/ui/src/app/applications/components/utils.test.tsx b/ui/src/app/applications/components/utils.test.tsx
index a64244c61bfba..feba54b33d2be 100644
--- a/ui/src/app/applications/components/utils.test.tsx
+++ b/ui/src/app/applications/components/utils.test.tsx
@@ -323,6 +323,72 @@ describe('getPodStateReason', () => {
             expect(reason).toBe('Running');
     });
 
+    it('TestGetPodWithInitialContainerInfoWithResources', () => {
+      const podYaml = `
+        apiVersion: "v1"
+        kind: "Pod"
+        metadata:
+            labels:
+                app: "app-with-initial-container"
+            name: "app-with-initial-container-5f46976fdb-vd6rv"
+            namespace: "default"
+            ownerReferences:
+            - apiVersion: "apps/v1"
+              kind: "ReplicaSet"
+              name: "app-with-initial-container-5f46976fdb"
+        spec:
+            containers:
+            - image: "alpine:latest"
+              imagePullPolicy: "Always"
+              name: "app-with-initial-container"
+              resources:
+                requests:
+                  cpu: "100m"
+                  memory: "128Mi"
+                limits:
+                  cpu: "500m"
+                  memory: "512Mi"
+            initContainers:
+            - image: "alpine:latest"
+              imagePullPolicy: "Always"
+              name: "app-with-initial-container-logshipper"
+              resources:
+                requests:
+                  cpu: "50m"
+                  memory: "64Mi"
+                limits:
+                  cpu: "250m"
+                  memory: "256Mi"
+            nodeName: "minikube"
+        status:
+            containerStatuses:
+            - image: "alpine:latest"
+              name: "app-with-initial-container"
+              ready: true
+              restartCount: 0
+              started: true
+              state:
+                running:
+                  startedAt: "2024-10-08T08:44:25Z"
+            initContainerStatuses:
+            - image: "alpine:latest"
+              name: "app-with-initial-container-logshipper"
+              ready: true
+              restartCount: 0
+              started: false
+              state:
+                terminated:
+                  exitCode: 0
+                  reason: "Completed"
+            phase: "Running"
+`;
+
+        const pod = jsYaml.load(podYaml);
+
+        const {reason} = getPodStateReason(pod as State);
+            expect(reason).toBe('Running');
+    });
+
     it('TestGetPodInfoWithSidecar', () => {
         const podYaml = `
   apiVersion: v1
@@ -631,6 +697,40 @@ status:
             expect(reason).toBe('Completed');
     });
 
+    it('TestPodConditionSucceededWithResources', () => {
+        const podYaml = `
+  apiVersion: v1
+  kind: Pod
+  metadata:
+    name: test8
+  spec:
+    nodeName: minikube
+    containers:
+      - name: container
+        resources:
+          requests:
+            cpu: "50m"
+            memory: "64Mi"
+          limits:
+            cpu: "250m"
+            memory: "256Mi"
+  status:
+    phase: Succeeded
+    containerStatuses:
+      - ready: false
+        restartCount: 0
+        state:
+          terminated:
+            reason: Completed
+            exitCode: 0
+`;
+        const pod = jsYaml.load(podYaml);
+
+        const {reason} = getPodStateReason(pod as State);
+
+            expect(reason).toBe('Completed');
+    });
+
     it('TestPodConditionFailed', () => {
         const podYaml = `
   apiVersion: v1
@@ -658,6 +758,40 @@ status:
             expect(reason).toBe('Error');
     });
 
+    it('TestPodConditionFailedWithResources', () => {
+      const podYaml = `
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test9
+spec:
+  nodeName: minikube
+  containers:
+    - name: container
+      resources:
+        requests:
+          cpu: "50m"
+          memory: "64Mi"
+        limits:
+          cpu: "250m"
+          memory: "256Mi"
+status:
+  phase: Failed
+  containerStatuses:
+    - ready: false
+      restartCount: 0
+      state:
+        terminated:
+          reason: Error
+          exitCode: 1
+`;
+      const pod = jsYaml.load(podYaml);
+
+      const {reason} = getPodStateReason(pod as State);
+
+          expect(reason).toBe('Error');
+  });
+
     it('TestPodConditionSucceededWithDeletion', () => {
         const podYaml = `
   apiVersion: v1
diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx
index adf3ecbb401ee..0c7afe41b24ac 100644
--- a/ui/src/app/applications/components/utils.tsx
+++ b/ui/src/app/applications/components/utils.tsx
@@ -1732,3 +1732,9 @@ export const getProgressiveSyncStatusColor = (status: string): string => {
             return COLORS.sync.unknown;
     }
 };
+
+// constant for podrequests
+export const podRequests = {
+    CPU: 'Requests (CPU)',
+    MEMORY: 'Requests (MEM)'
+} as const;

From 7c171b48ff2158f10a97eeefe4f5eca695d0fea6 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Thu, 31 Jul 2025 14:42:31 -0700
Subject: [PATCH 218/383] docs(actions): document parameterized resource
 actions (#24007)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/resource_actions.md       | 14 ++++++++++++++
 docs/user-guide/scale_application_resources.md | 10 ++++------
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/docs/operator-manual/resource_actions.md b/docs/operator-manual/resource_actions.md
index a76225316d218..f5532245f9a8f 100644
--- a/docs/operator-manual/resource_actions.md
+++ b/docs/operator-manual/resource_actions.md
@@ -221,3 +221,17 @@ actions["create-workflow"] = {
 }
 return actions
 ```
+
+### Action Parameters
+
+You can define parameters for your custom actions. The parameters are defined in the `parameters` key of the action discovery definition.
+
+<!-- Link directly to the script for people reading the docs in GitHub where embedding doesn't work. -->
+See the [Deployment actions discovery script](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/apps/Deployment/actions/discovery.lua):
+
+<!-- Embed the actual script so ReadTheDocs always has an up-to-date example. -->
+```lua
+{!resource_customizations/apps/Deployment/actions/discovery.lua!}
+```
+
+The [resource scale actions](../user-guide/scale_application_resources.md) documentation shows how this function behaves in the UI.
diff --git a/docs/user-guide/scale_application_resources.md b/docs/user-guide/scale_application_resources.md
index 53858983a6284..f504bdecca340 100644
--- a/docs/user-guide/scale_application_resources.md
+++ b/docs/user-guide/scale_application_resources.md
@@ -1,10 +1,9 @@
-# Scale Resources in ArgoCD UI
-
-This enables users to scale resources directly from the ArgoCD UI. Users will be able to increase or decrease the number of replicas (Pods) for Deployments and StatefulSets by using an input field. The feature aims to enhance user experience, especially for non-technical users, by eliminating the need to modify configuration files or use kubectl commands for scaling.
+# Scale Resources in Argo CD UI
 
+This enables users to scale resources directly from the Argo CD UI. Users will be able to increase or decrease the number of replicas (Pods) for Deployments and StatefulSets by using an input field. The feature aims to enhance user experience, especially for non-technical users, by eliminating the need to modify configuration files or use kubectl commands for scaling.
 
 ## Example Usage
-1. User navigates to a Deployment or StatefulSet in any ArgoCD application.
+1. User navigates to a Deployment or StatefulSet in any Argo CD application.
 2. User clicks on the Actions dropdown and selects "Scale".
   ![action button for scaling](../assets/scale_resources_1.png)
 3. A modal pops up showing an input field `Enter input parameters for action: scale` with the current number of Pods.
@@ -13,10 +12,9 @@ This enables users to scale resources directly from the ArgoCD UI. Users will be
 5. User presses OK, and the resource is scaled accordingly.
   ![result for scaling](../assets/scale_resources_3.png)
 
-
 !!! note
     This feature will only apply to `Deployments`, and `StatefulSets`.
 
 !!! note
-    If you use HPA (Horizontal Pod Autoscaling) or enabled ArgoCD auto-sync, changing the replica count in scale actions would be overwritten.
+    If you use HPA (Horizontal Pod Autoscaling) or enabled Argo CD auto-sync, changing the replica count in scale actions would be overwritten.
     Ensure that invalid values (e.g., `non-numeric` characters, `negative` numbers, or values beyond the `max integer limit`) cannot be entered.

From 0b6a39867cea33dba5d4d5548ec58cdeab80e187 Mon Sep 17 00:00:00 2001
From: Itai Spiegel <itai.spiegel@gmail.com>
Date: Fri, 1 Aug 2025 02:24:02 +0300
Subject: [PATCH 219/383] fix: existingWindows to treat all fields of the
 window instead of a small subset of them (#20712) (#23636)

Signed-off-by: Itai Spiegel <itai.spiegel@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application/v1alpha1/app_project_types.go |  12 +-
 pkg/apis/application/v1alpha1/types.go        |  27 +++
 pkg/apis/application/v1alpha1/types_test.go   | 162 ++++++++++++++++++
 3 files changed, 197 insertions(+), 4 deletions(-)

diff --git a/pkg/apis/application/v1alpha1/app_project_types.go b/pkg/apis/application/v1alpha1/app_project_types.go
index 1a93560ab0356..0d4ec0f0c0769 100644
--- a/pkg/apis/application/v1alpha1/app_project_types.go
+++ b/pkg/apis/application/v1alpha1/app_project_types.go
@@ -234,13 +234,17 @@ func (proj *AppProject) ValidateProject() error {
 	}
 
 	if proj.Spec.SyncWindows.HasWindows() {
-		existingWindows := make(map[string]bool)
+		existingWindows := make(map[uint64]bool)
 		for _, window := range proj.Spec.SyncWindows {
 			if window == nil {
 				continue
 			}
-			if _, ok := existingWindows[window.Kind+window.Schedule+window.Duration]; ok {
-				return status.Errorf(codes.AlreadyExists, "window '%s':'%s':'%s' already exists, update or edit", window.Kind, window.Schedule, window.Duration)
+			windowHash, hashErr := window.HashIdentity()
+			if hashErr != nil {
+				return status.Errorf(codes.Internal, "failed to generate hash for sync window with kind '%s', schedule '%s', and duration '%s': %v", window.Kind, window.Schedule, window.Duration, hashErr)
+			}
+			if _, ok := existingWindows[windowHash]; ok {
+				return status.Errorf(codes.AlreadyExists, "sync window with kind '%s', schedule '%s', and duration '%s' already exists (hash=%d, duplicate detected)", window.Kind, window.Schedule, window.Duration, windowHash)
 			}
 			err := window.Validate()
 			if err != nil {
@@ -249,7 +253,7 @@ func (proj *AppProject) ValidateProject() error {
 			if len(window.Applications) == 0 && len(window.Namespaces) == 0 && len(window.Clusters) == 0 {
 				return status.Errorf(codes.OutOfRange, "window '%s':'%s':'%s' requires one of application, cluster or namespace", window.Kind, window.Schedule, window.Duration)
 			}
-			existingWindows[window.Kind+window.Schedule+window.Duration] = true
+			existingWindows[windowHash] = true
 		}
 	}
 
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index 85fb9eafe68cb..ad4401e18d97c 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -1,6 +1,8 @@
 package v1alpha1
 
 import (
+	"bytes"
+	"encoding/gob"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -22,6 +24,7 @@ import (
 	"github.com/argoproj/gitops-engine/pkg/health"
 	synccommon "github.com/argoproj/gitops-engine/pkg/sync/common"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
+	"github.com/cespare/xxhash/v2"
 	"github.com/robfig/cron/v3"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
@@ -3130,6 +3133,30 @@ func (w *SyncWindow) Validate() error {
 	return nil
 }
 
+func (w *SyncWindow) HashIdentity() (uint64, error) {
+	// Create a copy of the window with only the core identity fields
+	// Excluding ManualSync and Description as they are behavioral/metadata fields
+	identityWindow := SyncWindow{
+		Kind:           w.Kind,
+		Schedule:       w.Schedule,
+		Duration:       w.Duration,
+		Applications:   w.Applications,
+		Namespaces:     w.Namespaces,
+		Clusters:       w.Clusters,
+		TimeZone:       w.TimeZone,
+		UseAndOperator: w.UseAndOperator,
+		// ManualSync and Description are excluded as they don't affect window identity
+	}
+
+	var windowBuffer bytes.Buffer
+	enc := gob.NewEncoder(&windowBuffer)
+	err := enc.Encode(identityWindow)
+	if err != nil {
+		return 0, fmt.Errorf("failed to encode sync window for hashing: %w", err)
+	}
+	return xxhash.Sum64(windowBuffer.Bytes()), nil
+}
+
 // DestinationClusters returns a list of cluster URLs allowed as destination in an AppProject
 func (spec AppProjectSpec) DestinationClusters() []string {
 	servers := make([]string, 0)
diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go
index 14dcb8f2d95da..c7430e3a80e48 100644
--- a/pkg/apis/application/v1alpha1/types_test.go
+++ b/pkg/apis/application/v1alpha1/types_test.go
@@ -825,6 +825,29 @@ func TestAppProject_ValidateSyncWindowList(t *testing.T) {
 		err = p.ValidateProject()
 		require.NoError(t, err)
 	})
+
+	t.Run("HasDuplicateSyncWindow", func(t *testing.T) {
+		p := newTestProjectWithSyncWindows()
+		err := p.ValidateProject()
+		require.NoError(t, err)
+		dup := *p.Spec.SyncWindows[0]
+		p.Spec.SyncWindows = append(p.Spec.SyncWindows, &dup)
+		err = p.ValidateProject()
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "already exists")
+	})
+
+	t.Run("HasRequiredFields", func(t *testing.T) {
+		p := newTestProjectWithSyncWindows()
+		err := p.ValidateProject()
+		require.NoError(t, err)
+		p.Spec.SyncWindows[0].Applications = []string{}
+		p.Spec.SyncWindows[0].Namespaces = []string{}
+		p.Spec.SyncWindows[0].Clusters = []string{}
+		err = p.ValidateProject()
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "requires one of application, cluster or namespace")
+	})
 }
 
 // TestInvalidPolicyRules checks various errors in policy rules
@@ -4543,3 +4566,142 @@ func TestCluster_ParseProxyUrl(t *testing.T) {
 		}
 	}
 }
+
+func TestSyncWindow_Hash(t *testing.T) {
+	tests := []struct {
+		name        string
+		window      *SyncWindow
+		expectError bool
+		errorMsg    string
+	}{
+		{
+			name: "valid sync window should hash successfully",
+			window: &SyncWindow{
+				Kind:           "allow",
+				Schedule:       "0 0 * * *",
+				Duration:       "1h",
+				TimeZone:       "UTC",
+				ManualSync:     true,
+				Applications:   []string{"app1", "app2"},
+				Namespaces:     []string{"ns1", "ns2"},
+				Clusters:       []string{"cluster1", "cluster2"},
+				UseAndOperator: false,
+				Description:    "test window",
+			},
+			expectError: false,
+		},
+		{
+			name: "empty sync window should hash successfully",
+			window: &SyncWindow{
+				Kind:     "deny",
+				Schedule: "0 0 * * *",
+				Duration: "30m",
+			},
+			expectError: false,
+		},
+		{
+			name: "sync window with nil should hash successfully",
+			window: &SyncWindow{
+				Kind:     "allow",
+				Schedule: "0 0 * * *",
+				Duration: "1h",
+			},
+			expectError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			hash, err := tt.window.HashIdentity()
+
+			if tt.expectError {
+				require.Error(t, err)
+				if tt.errorMsg != "" {
+					require.Contains(t, err.Error(), tt.errorMsg)
+				}
+			} else {
+				require.NoError(t, err)
+				require.NotZero(t, hash, "hash should not be zero for valid sync window")
+			}
+		})
+	}
+
+	// Test that different sync windows produce different hashes
+	t.Run("different sync windows should have different hashes", func(t *testing.T) {
+		window1 := &SyncWindow{
+			Kind:     "allow",
+			Schedule: "0 0 * * *",
+			Duration: "1h",
+		}
+		window2 := &SyncWindow{
+			Kind:     "deny",
+			Schedule: "0 0 * * *",
+			Duration: "1h",
+		}
+		window3 := &SyncWindow{
+			Kind:     "allow",
+			Schedule: "0 1 * * *",
+			Duration: "1h",
+		}
+
+		hash1, err1 := window1.HashIdentity()
+		hash2, err2 := window2.HashIdentity()
+		hash3, err3 := window3.HashIdentity()
+
+		require.NoError(t, err1)
+		require.NoError(t, err2)
+		require.NoError(t, err3)
+
+		require.NotEqual(t, hash1, hash2, "different kind should produce different hash")
+		require.NotEqual(t, hash1, hash3, "different schedule should produce different hash")
+		require.NotEqual(t, hash2, hash3, "different windows should produce different hashes")
+	})
+
+	// Test that identical sync windows produce the same hash
+	t.Run("identical sync windows should have same hash", func(t *testing.T) {
+		window1 := &SyncWindow{
+			Kind:     "allow",
+			Schedule: "0 0 * * *",
+			Duration: "1h",
+			TimeZone: "UTC",
+		}
+		window2 := &SyncWindow{
+			Kind:     "allow",
+			Schedule: "0 0 * * *",
+			Duration: "1h",
+			TimeZone: "UTC",
+		}
+
+		hash1, err1 := window1.HashIdentity()
+		hash2, err2 := window2.HashIdentity()
+
+		require.NoError(t, err1)
+		require.NoError(t, err2)
+		require.Equal(t, hash1, hash2, "identical windows should produce same hash")
+	})
+
+	// Test that windows with different ManualSync or Description but same core identity produce same hash
+	t.Run("windows with different metadata should have same identity hash", func(t *testing.T) {
+		window1 := &SyncWindow{
+			Kind:        "allow",
+			Schedule:    "0 0 * * *",
+			Duration:    "1h",
+			ManualSync:  false,
+			Description: "first window",
+		}
+		window2 := &SyncWindow{
+			Kind:        "allow",
+			Schedule:    "0 0 * * *",
+			Duration:    "1h",
+			ManualSync:  true,
+			Description: "second window with different description",
+		}
+
+		hash1, err1 := window1.HashIdentity()
+		hash2, err2 := window2.HashIdentity()
+
+		require.NoError(t, err1)
+		require.NoError(t, err2)
+		require.Equal(t, hash1, hash2, "windows with same core identity but different metadata should produce same hash")
+	})
+}

From 0ab7c33f88fb0e5c8be624c4328420bbcae26849 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 06:40:06 -0700
Subject: [PATCH 220/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.110.0 to 2.111.0 (#24011)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ee75c91896afc..69fc061163115 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.110.0
+	github.com/casbin/casbin/v2 v2.111.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index 96facb080db61..1491b4154951d 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.110.0 h1:ltBGXgtm5qKxWXHGQevvzFf92yHXic0GEcAj4t+RuRQ=
-github.com/casbin/casbin/v2 v2.110.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.111.0 h1:UXN21o25OeoECw5Y/WunsBk3dSzuEJNP+SmCyzzR2TQ=
+github.com/casbin/casbin/v2 v2.111.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From 414eab5727d6411b3ece29dbb38056914f902990 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 06:43:34 -0700
Subject: [PATCH 221/383] chore(deps): bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.1 to 1.18.2 (#24013)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 69fc061163115..e0427c91dca4b 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.24.4
 require (
 	code.gitea.io/sdk/gitea v0.21.0
 	dario.cat/mergo v1.0.2
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
 	github.com/Azure/kubelogin v0.2.9
 	github.com/Masterminds/semver/v3 v3.4.0
@@ -124,7 +124,7 @@ require (
 	cloud.google.com/go/compute/metadata v0.7.0 // indirect
 	github.com/42wim/httpsig v1.2.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
diff --git a/go.sum b/go.sum
index 1491b4154951d..6429554fcaeb7 100644
--- a/go.sum
+++ b/go.sum
@@ -44,14 +44,14 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
 github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1 h1:Wc1ml6QlJs2BHQ/9Bqu1jiyggbsSjramq2oUmp5WeIo=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.1/go.mod h1:Ot/6aikWnKWi4l9QB7qVSwa8iMphQNqkWALMoNT3rzM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 h1:Hr5FTipp7SL07o2FvoVOX9HRiRH3CR3Mj8pxqCcdD5A=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1 h1:FPKJS1T+clwv+OLGt13a8UjqeRuh0O4SJ3lUriThc+4=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.1/go.mod h1:j2chePtV91HrC22tGoRX3sGY42uF13WzmmV80/OdVAA=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=

From a3c48f2f4baf39e792b668a18b107a50940fe74d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Aug 2025 10:36:32 -0400
Subject: [PATCH 222/383] chore(deps): bump github.com/prometheus/client_golang
 from 1.22.0 to 1.23.0 (#24012)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index e0427c91dca4b..9769f3d20bcc0 100644
--- a/go.mod
+++ b/go.mod
@@ -72,7 +72,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible
-	github.com/prometheus/client_golang v1.22.0
+	github.com/prometheus/client_golang v1.23.0
 	github.com/prometheus/client_model v0.6.2
 	github.com/r3labs/diff/v3 v3.0.1
 	github.com/redis/go-redis/v9 v9.8.0
@@ -240,7 +240,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/common v0.64.0 // indirect
+	github.com/prometheus/common v0.65.0 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/cors v1.11.1 // indirect
diff --git a/go.sum b/go.sum
index 6429554fcaeb7..85e1250975a09 100644
--- a/go.sum
+++ b/go.sum
@@ -771,8 +771,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
-github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
+github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -783,8 +783,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4=
-github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
+github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=

From d7ff79bc197fbc80658a4202dd32890da92d8f70 Mon Sep 17 00:00:00 2001
From: Yusuke Abe <moonset20@gmail.com>
Date: Fri, 1 Aug 2025 23:44:25 +0900
Subject: [PATCH 223/383] fix: replace `:arrow_heading_up:` for MS teams
 (#22258) (#22725)

Signed-off-by: chansuke <moonset20@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/notifications/catalog.md | 24 +++++++++----------
 notifications_catalog/install.yaml            | 24 +++++++++----------
 .../templates/app-deployed.yaml               |  4 ++--
 .../templates/app-health-degraded.yaml        |  4 ++--
 .../templates/app-sync-failed.yaml            |  4 ++--
 .../templates/app-sync-running.yaml           |  4 ++--
 .../templates/app-sync-status-unknown.yaml    |  4 ++--
 .../templates/app-sync-succeeded.yaml         |  4 ++--
 8 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/docs/operator-manual/notifications/catalog.md b/docs/operator-manual/notifications/catalog.md
index a5385889f8cf6..466243c217ade 100644
--- a/docs/operator-manual/notifications/catalog.md
+++ b/docs/operator-manual/notifications/catalog.md
@@ -87,7 +87,7 @@ teams:
     },
     {
       "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-      "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+      "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
     },
     {
       "name": "Revision",
@@ -115,7 +115,7 @@ teams:
       "name":"Open Repository",
       "targets":[{
         "os":"default",
-        "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+        "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
       }]
     }]
   themeColor: '#000080'
@@ -168,7 +168,7 @@ teams:
     },
     {
       "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-      "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+      "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
     }
     {{range $index, $c := .app.status.conditions}}
       ,
@@ -192,7 +192,7 @@ teams:
       "name":"Open Repository",
       "targets":[{
         "os":"default",
-        "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+        "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
       }]
     }]
   themeColor: '#FF0000'
@@ -249,7 +249,7 @@ teams:
     },
     {
       "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-      "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+      "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
     }
     {{range $index, $c := .app.status.conditions}}
       ,
@@ -273,7 +273,7 @@ teams:
       "name":"Open Repository",
       "targets":[{
         "os":"default",
-        "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+        "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}{{ $source.repoURL }}⬆️ {{- end }}" {{- end }}
       }]
     }]
   themeColor: '#FF0000'
@@ -330,7 +330,7 @@ teams:
     },
     {
       "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-      "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+      "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
     }
     {{range $index, $c := .app.status.conditions}}
       ,
@@ -354,7 +354,7 @@ teams:
       "name":"Open Repository",
       "targets":[{
         "os":"default",
-        "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+        "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
       }]
     }]
   title: Start syncing application {{.app.metadata.name}}.
@@ -411,7 +411,7 @@ teams:
     },
     {
       "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-      "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+      "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
     }
     {{range $index, $c := .app.status.conditions}}
       ,
@@ -435,7 +435,7 @@ teams:
       "name":"Open Repository",
       "targets":[{
         "os":"default",
-        "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+        "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
       }]
     }]
   title: Application {{.app.metadata.name}} sync status is 'Unknown'
@@ -491,7 +491,7 @@ teams:
     },
     {
       "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-      "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+      "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
     }
     {{range $index, $c := .app.status.conditions}}
       ,
@@ -515,7 +515,7 @@ teams:
       "name":"Open Repository",
       "targets":[{
         "os":"default",
-        "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+        "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
       }]
     }]
   themeColor: '#000080'
diff --git a/notifications_catalog/install.yaml b/notifications_catalog/install.yaml
index 120d053a8d0f8..87b3cfc9e0283 100644
--- a/notifications_catalog/install.yaml
+++ b/notifications_catalog/install.yaml
@@ -60,7 +60,7 @@ data:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         },
         {
           "name": "Revision",
@@ -88,7 +88,7 @@ data:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
       themeColor: '#000080'
@@ -137,7 +137,7 @@ data:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -161,7 +161,7 @@ data:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
       themeColor: '#FF0000'
@@ -214,7 +214,7 @@ data:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -238,7 +238,7 @@ data:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}{{ $source.repoURL }}⬆️ {{- end }}" {{- end }}
           }]
         }]
       themeColor: '#FF0000'
@@ -291,7 +291,7 @@ data:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -315,7 +315,7 @@ data:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
       title: Start syncing application {{.app.metadata.name}}.
@@ -368,7 +368,7 @@ data:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -392,7 +392,7 @@ data:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
       title: Application {{.app.metadata.name}} sync status is 'Unknown'
@@ -444,7 +444,7 @@ data:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -468,7 +468,7 @@ data:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
       themeColor: '#000080'
diff --git a/notifications_catalog/templates/app-deployed.yaml b/notifications_catalog/templates/app-deployed.yaml
index 058f7fd776b28..45af0d92744dc 100644
--- a/notifications_catalog/templates/app-deployed.yaml
+++ b/notifications_catalog/templates/app-deployed.yaml
@@ -44,7 +44,7 @@ teams:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         },
         {
           "name": "Revision",
@@ -72,6 +72,6 @@ teams:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
diff --git a/notifications_catalog/templates/app-health-degraded.yaml b/notifications_catalog/templates/app-health-degraded.yaml
index cf6983f770f82..73035d4651e50 100644
--- a/notifications_catalog/templates/app-health-degraded.yaml
+++ b/notifications_catalog/templates/app-health-degraded.yaml
@@ -40,7 +40,7 @@ teams:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -64,6 +64,6 @@ teams:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
diff --git a/notifications_catalog/templates/app-sync-failed.yaml b/notifications_catalog/templates/app-sync-failed.yaml
index 710f42fc1a4f0..6145cdee5bb3e 100644
--- a/notifications_catalog/templates/app-sync-failed.yaml
+++ b/notifications_catalog/templates/app-sync-failed.yaml
@@ -44,7 +44,7 @@ teams:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -68,6 +68,6 @@ teams:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}{{ $source.repoURL }}⬆️ {{- end }}" {{- end }}
           }]
         }]
diff --git a/notifications_catalog/templates/app-sync-running.yaml b/notifications_catalog/templates/app-sync-running.yaml
index 3260221ab574a..49b8210339f6b 100644
--- a/notifications_catalog/templates/app-sync-running.yaml
+++ b/notifications_catalog/templates/app-sync-running.yaml
@@ -43,7 +43,7 @@ teams:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -67,6 +67,6 @@ teams:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
diff --git a/notifications_catalog/templates/app-sync-status-unknown.yaml b/notifications_catalog/templates/app-sync-status-unknown.yaml
index 674dfac5cc7ed..9f17806a8dbe0 100644
--- a/notifications_catalog/templates/app-sync-status-unknown.yaml
+++ b/notifications_catalog/templates/app-sync-status-unknown.yaml
@@ -44,7 +44,7 @@ teams:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -68,6 +68,6 @@ teams:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]
diff --git a/notifications_catalog/templates/app-sync-succeeded.yaml b/notifications_catalog/templates/app-sync-succeeded.yaml
index c4d10d7284098..a3bb1a67b7963 100644
--- a/notifications_catalog/templates/app-sync-succeeded.yaml
+++ b/notifications_catalog/templates/app-sync-succeeded.yaml
@@ -44,7 +44,7 @@ teams:
         },
         {
           "name": {{- if .app.spec.source }} "Repository" {{- else if .app.spec.sources }} "Repositories" {{- end }},
-          "value": {{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+          "value": {{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
         }
         {{range $index, $c := .app.status.conditions}}
           ,
@@ -68,6 +68,6 @@ teams:
           "name":"Open Repository",
           "targets":[{
             "os":"default",
-            "uri":{{- if .app.spec.source }} ":arrow_heading_up: {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}:arrow_heading_up: {{ $source.repoURL }}{{- end }}" {{- end }}
+            "uri":{{- if .app.spec.source }} "⬆️ {{ .app.spec.source.repoURL }}" {{- else if .app.spec.sources }} "{{- range $index, $source := .app.spec.sources }}{{ if $index }}\n{{ end }}⬆️ {{ $source.repoURL }}{{- end }}" {{- end }}
           }]
         }]

From cceff363ec91039b245472c67452150e82684faf Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Fri, 1 Aug 2025 08:01:49 -0700
Subject: [PATCH 224/383] chore(refactor): remove unused actions parameter
 fields (#24008)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 assets/swagger.json                           |   12 -
 pkg/apis/application/v1alpha1/generated.pb.go | 1669 ++++++++---------
 pkg/apis/application/v1alpha1/generated.proto |    9 -
 pkg/apis/application/v1alpha1/types.go        |    6 -
 .../apps/Deployment/actions/discovery.lua     |    3 +-
 .../apps/StatefulSet/actions/discovery.lua    |    3 +-
 util/lua/lua_test.go                          |    2 -
 7 files changed, 776 insertions(+), 928 deletions(-)

diff --git a/assets/swagger.json b/assets/swagger.json
index d70aa4fb91e36..d28d232d670c7 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -9594,21 +9594,9 @@
       "description": "ResourceActionParam represents a parameter for a resource action.\nIt includes a name, value, type, and an optional default value for the parameter.",
       "type": "object",
       "properties": {
-        "default": {
-          "description": "Default is the default value of the parameter, if any.",
-          "type": "string"
-        },
         "name": {
           "description": "Name is the name of the parameter.",
           "type": "string"
-        },
-        "type": {
-          "description": "Type is the type of the parameter (e.g., string, integer).",
-          "type": "string"
-        },
-        "value": {
-          "description": "Value is the value of the parameter.",
-          "type": "string"
         }
       }
     },
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index 3b91bfe187e75..158d6bfc472de 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -4914,781 +4914,780 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12379 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0x49,
-	0x56, 0xd8, 0x55, 0xb7, 0x5a, 0xea, 0x7e, 0xfa, 0x1a, 0xe5, 0xcc, 0xec, 0x6a, 0x66, 0x3f, 0x34,
-	0xd4, 0xc2, 0xde, 0xe1, 0xdb, 0x93, 0xd8, 0xd9, 0xdd, 0x63, 0xcd, 0xc2, 0x81, 0x3e, 0xe6, 0x43,
-	0x33, 0xd2, 0x48, 0x9b, 0xad, 0x99, 0xe1, 0xf6, 0xd8, 0xdb, 0x2b, 0x55, 0xa7, 0xa4, 0x1a, 0x55,
-	0x57, 0xf5, 0x56, 0x55, 0x6b, 0xd4, 0xcb, 0x72, 0xdc, 0x71, 0x77, 0x70, 0x70, 0x5f, 0x6b, 0x70,
-	0x98, 0xc5, 0x36, 0xf8, 0x30, 0xf8, 0x2b, 0x1c, 0x17, 0x60, 0xf3, 0xc3, 0x44, 0x00, 0x41, 0xf0,
-	0x11, 0x04, 0xf8, 0x0b, 0x4c, 0x60, 0xc0, 0x06, 0xe4, 0xbb, 0xb1, 0x1d, 0x10, 0x8e, 0x30, 0x11,
-	0x60, 0xff, 0x70, 0x8c, 0x1d, 0x84, 0x23, 0xbf, 0xb3, 0xaa, 0xab, 0xa5, 0xd6, 0xa8, 0x34, 0x33,
-	0x77, 0xec, 0xbf, 0xee, 0x7c, 0xaf, 0xde, 0xcb, 0xca, 0xca, 0x7c, 0xef, 0xe5, 0xcb, 0xf7, 0x5e,
-	0xc2, 0xd2, 0xa6, 0x97, 0x6c, 0xb5, 0xd7, 0xa7, 0xdd, 0xb0, 0x39, 0xe3, 0x44, 0x9b, 0x61, 0x2b,
-	0x0a, 0x6f, 0xb1, 0x1f, 0xef, 0x73, 0x1b, 0x33, 0x3b, 0xcf, 0xcd, 0xb4, 0xb6, 0x37, 0x67, 0x9c,
-	0x96, 0x17, 0xcf, 0x38, 0xad, 0x96, 0xef, 0xb9, 0x4e, 0xe2, 0x85, 0xc1, 0xcc, 0xce, 0xb3, 0x8e,
-	0xdf, 0xda, 0x72, 0x9e, 0x9d, 0xd9, 0x24, 0x01, 0x89, 0x9c, 0x84, 0x34, 0xa6, 0x5b, 0x51, 0x98,
-	0x84, 0xe8, 0x5b, 0x35, 0xb5, 0x69, 0x49, 0x8d, 0xfd, 0x78, 0xcd, 0x6d, 0x4c, 0xef, 0x3c, 0x37,
-	0xdd, 0xda, 0xde, 0x9c, 0xa6, 0xd4, 0xa6, 0x0d, 0x6a, 0xd3, 0x92, 0xda, 0xd9, 0xf7, 0x19, 0x7d,
-	0xd9, 0x0c, 0x37, 0xc3, 0x19, 0x46, 0x74, 0xbd, 0xbd, 0xc1, 0xfe, 0xb1, 0x3f, 0xec, 0x17, 0x67,
-	0x76, 0xd6, 0xde, 0x7e, 0x31, 0x9e, 0xf6, 0x42, 0xda, 0xbd, 0x19, 0x37, 0x8c, 0xc8, 0xcc, 0x4e,
-	0x57, 0x87, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x37, 0x21, 0x41, 0xec, 0x85, 0x41, 0xfc, 0x3e, 0xda,
-	0x05, 0x12, 0xed, 0x90, 0xc8, 0x7c, 0x3d, 0x03, 0x21, 0x8f, 0xd2, 0xf3, 0x9a, 0x52, 0xd3, 0x71,
-	0xb7, 0xbc, 0x80, 0x44, 0x1d, 0xfd, 0x78, 0x93, 0x24, 0x4e, 0xde, 0x53, 0x33, 0xbd, 0x9e, 0x8a,
-	0xda, 0x41, 0xe2, 0x35, 0x49, 0xd7, 0x03, 0xef, 0x3f, 0xe8, 0x81, 0xd8, 0xdd, 0x22, 0x4d, 0xa7,
-	0xeb, 0xb9, 0xe7, 0x7a, 0x3d, 0xd7, 0x4e, 0x3c, 0x7f, 0xc6, 0x0b, 0x92, 0x38, 0x89, 0xb2, 0x0f,
-	0xd9, 0x7f, 0xdf, 0x82, 0xd1, 0xd9, 0x9b, 0xf5, 0xd9, 0x76, 0xb2, 0x35, 0x1f, 0x06, 0x1b, 0xde,
-	0x26, 0x7a, 0x01, 0x86, 0x5d, 0xbf, 0x1d, 0x27, 0x24, 0xba, 0xe6, 0x34, 0xc9, 0xa4, 0x75, 0xce,
-	0x7a, 0x4f, 0x6d, 0xee, 0xe4, 0x6f, 0xee, 0x4d, 0xbd, 0xeb, 0xce, 0xde, 0xd4, 0xf0, 0xbc, 0x06,
-	0x61, 0x13, 0x0f, 0x7d, 0x23, 0x0c, 0x45, 0xa1, 0x4f, 0x66, 0xf1, 0xb5, 0xc9, 0x12, 0x7b, 0x64,
-	0x5c, 0x3c, 0x32, 0x84, 0x79, 0x33, 0x96, 0x70, 0x8a, 0xda, 0x8a, 0xc2, 0x0d, 0xcf, 0x27, 0x93,
-	0xe5, 0x34, 0xea, 0x2a, 0x6f, 0xc6, 0x12, 0x6e, 0xff, 0x58, 0x09, 0xc6, 0x67, 0x5b, 0xad, 0xcb,
-	0xc4, 0xf1, 0x93, 0xad, 0x7a, 0xe2, 0x24, 0xed, 0x18, 0x6d, 0xc2, 0x60, 0xcc, 0x7e, 0x89, 0xbe,
-	0xad, 0x88, 0xa7, 0x07, 0x39, 0xfc, 0xee, 0xde, 0xd4, 0xb7, 0xe5, 0xcd, 0xe8, 0x4d, 0x2f, 0x09,
-	0x5b, 0xf1, 0xfb, 0x48, 0xb0, 0xe9, 0x05, 0x84, 0x8d, 0xcb, 0x16, 0xa3, 0x3a, 0x6d, 0x12, 0x9f,
-	0x0f, 0x1b, 0x04, 0x0b, 0xf2, 0xb4, 0x9f, 0x4d, 0x12, 0xc7, 0xce, 0x26, 0xc9, 0xbe, 0xd2, 0x32,
-	0x6f, 0xc6, 0x12, 0x8e, 0x22, 0x40, 0xbe, 0x13, 0x27, 0x6b, 0x91, 0x13, 0xc4, 0x1e, 0x9d, 0xd2,
-	0x6b, 0x5e, 0x93, 0xbf, 0xdd, 0xf0, 0xf9, 0xbf, 0x31, 0xcd, 0x3f, 0xcc, 0xb4, 0xf9, 0x61, 0xf4,
-	0x3a, 0xa0, 0xf3, 0x66, 0x7a, 0xe7, 0xd9, 0x69, 0xfa, 0xc4, 0xdc, 0x23, 0x77, 0xf6, 0xa6, 0xd0,
-	0x52, 0x17, 0x25, 0x9c, 0x43, 0xdd, 0xfe, 0xfd, 0x12, 0xc0, 0x6c, 0xab, 0xb5, 0x1a, 0x85, 0xb7,
-	0x88, 0x9b, 0xa0, 0x8f, 0x40, 0x95, 0x92, 0x6a, 0x38, 0x89, 0xc3, 0x06, 0x66, 0xf8, 0xfc, 0x37,
-	0xf5, 0xc7, 0x78, 0x65, 0x9d, 0x3e, 0xbf, 0x4c, 0x12, 0x67, 0x0e, 0x89, 0x17, 0x04, 0xdd, 0x86,
-	0x15, 0x55, 0x14, 0xc0, 0x40, 0xdc, 0x22, 0x2e, 0x1b, 0x8c, 0xe1, 0xf3, 0x4b, 0xd3, 0x47, 0x59,
-	0xe9, 0xd3, 0xba, 0xe7, 0xf5, 0x16, 0x71, 0xe7, 0x46, 0x04, 0xe7, 0x01, 0xfa, 0x0f, 0x33, 0x3e,
-	0x68, 0x47, 0x7d, 0x68, 0x3e, 0x90, 0xd7, 0x0a, 0xe3, 0xc8, 0xa8, 0xce, 0x8d, 0xa5, 0x27, 0x8e,
-	0xfc, 0xee, 0xf6, 0x9f, 0x58, 0x30, 0xa6, 0x91, 0x97, 0xbc, 0x38, 0x41, 0xdf, 0xd5, 0x35, 0xb8,
-	0xd3, 0xfd, 0x0d, 0x2e, 0x7d, 0x9a, 0x0d, 0xed, 0x09, 0xc1, 0xac, 0x2a, 0x5b, 0x8c, 0x81, 0x6d,
-	0x42, 0xc5, 0x4b, 0x48, 0x33, 0x9e, 0x2c, 0x9d, 0x2b, 0xbf, 0x67, 0xf8, 0xfc, 0xe5, 0xa2, 0xde,
-	0x73, 0x6e, 0x54, 0x30, 0xad, 0x2c, 0x52, 0xf2, 0x98, 0x73, 0xb1, 0xff, 0x72, 0xd4, 0x7c, 0x3f,
-	0x3a, 0xe0, 0xe8, 0x59, 0x18, 0x8e, 0xc3, 0x76, 0xe4, 0x12, 0x4c, 0x5a, 0x21, 0x5d, 0x58, 0x65,
-	0x3a, 0xdd, 0xe9, 0x82, 0xaf, 0xeb, 0x66, 0x6c, 0xe2, 0xa0, 0xcf, 0x5b, 0x30, 0xd2, 0x20, 0x71,
-	0xe2, 0x05, 0x8c, 0xbf, 0xec, 0xfc, 0xda, 0x91, 0x3b, 0x2f, 0x1b, 0x17, 0x34, 0xf1, 0xb9, 0x53,
-	0xe2, 0x45, 0x46, 0x8c, 0xc6, 0x18, 0xa7, 0xf8, 0x53, 0xc1, 0xd5, 0x20, 0xb1, 0x1b, 0x79, 0x2d,
-	0xfa, 0x5f, 0x88, 0x16, 0x25, 0xb8, 0x16, 0x34, 0x08, 0x9b, 0x78, 0x28, 0x80, 0x0a, 0x15, 0x4c,
-	0xf1, 0xe4, 0x00, 0xeb, 0xff, 0xe2, 0xd1, 0xfa, 0x2f, 0x06, 0x95, 0xca, 0x3c, 0x3d, 0xfa, 0xf4,
-	0x5f, 0x8c, 0x39, 0x1b, 0xf4, 0x39, 0x0b, 0x26, 0x85, 0xe0, 0xc4, 0x84, 0x0f, 0xe8, 0xcd, 0x2d,
-	0x2f, 0x21, 0xbe, 0x17, 0x27, 0x93, 0x15, 0xd6, 0x87, 0x99, 0xfe, 0xe6, 0xd6, 0xa5, 0x28, 0x6c,
-	0xb7, 0xae, 0x7a, 0x41, 0x63, 0xee, 0x9c, 0xe0, 0x34, 0x39, 0xdf, 0x83, 0x30, 0xee, 0xc9, 0x12,
-	0xfd, 0x88, 0x05, 0x67, 0x03, 0xa7, 0x49, 0xe2, 0x96, 0x43, 0x3f, 0x2d, 0x07, 0xcf, 0xf9, 0x8e,
-	0xbb, 0xcd, 0x7a, 0x34, 0x78, 0x6f, 0x3d, 0xb2, 0x45, 0x8f, 0xce, 0x5e, 0xeb, 0x49, 0x1a, 0xef,
-	0xc3, 0x16, 0xfd, 0x94, 0x05, 0x13, 0x61, 0xd4, 0xda, 0x72, 0x02, 0xd2, 0x90, 0xd0, 0x78, 0x72,
-	0x88, 0x2d, 0xbd, 0x0f, 0x1f, 0xed, 0x13, 0xad, 0x64, 0xc9, 0x2e, 0x87, 0x81, 0x97, 0x84, 0x51,
-	0x9d, 0x24, 0x89, 0x17, 0x6c, 0xc6, 0x73, 0xa7, 0xef, 0xec, 0x4d, 0x4d, 0x74, 0x61, 0xe1, 0xee,
-	0xfe, 0xa0, 0xef, 0x86, 0xe1, 0xb8, 0x13, 0xb8, 0x37, 0xbd, 0xa0, 0x11, 0xde, 0x8e, 0x27, 0xab,
-	0x45, 0x2c, 0xdf, 0xba, 0x22, 0x28, 0x16, 0xa0, 0x66, 0x80, 0x4d, 0x6e, 0xf9, 0x1f, 0x4e, 0x4f,
-	0xa5, 0x5a, 0xd1, 0x1f, 0x4e, 0x4f, 0xa6, 0x7d, 0xd8, 0xa2, 0x1f, 0xb0, 0x60, 0x34, 0xf6, 0x36,
-	0x03, 0x27, 0x69, 0x47, 0xe4, 0x2a, 0xe9, 0xc4, 0x93, 0xc0, 0x3a, 0x72, 0xe5, 0x88, 0xa3, 0x62,
-	0x90, 0x9c, 0x3b, 0x2d, 0xfa, 0x38, 0x6a, 0xb6, 0xc6, 0x38, 0xcd, 0x37, 0x6f, 0xa1, 0xe9, 0x69,
-	0x3d, 0x5c, 0xec, 0x42, 0xd3, 0x93, 0xba, 0x27, 0x4b, 0xf4, 0x1d, 0x70, 0x82, 0x37, 0xa9, 0x91,
-	0x8d, 0x27, 0x47, 0x98, 0xa0, 0x3d, 0x75, 0x67, 0x6f, 0xea, 0x44, 0x3d, 0x03, 0xc3, 0x5d, 0xd8,
-	0xe8, 0x75, 0x98, 0x6a, 0x91, 0xa8, 0xe9, 0x25, 0x2b, 0x81, 0xdf, 0x91, 0xe2, 0xdb, 0x0d, 0x5b,
-	0xa4, 0x21, 0xba, 0x13, 0x4f, 0x8e, 0x9e, 0xb3, 0xde, 0x53, 0x9d, 0x7b, 0xb7, 0xe8, 0xe6, 0xd4,
-	0xea, 0xfe, 0xe8, 0xf8, 0x20, 0x7a, 0xe8, 0x37, 0x2c, 0x38, 0x6b, 0x48, 0xd9, 0x3a, 0x89, 0x76,
-	0x3c, 0x97, 0xcc, 0xba, 0x6e, 0xd8, 0x0e, 0x92, 0x78, 0x72, 0x8c, 0x0d, 0xe3, 0xfa, 0x71, 0xc8,
-	0xfc, 0x34, 0x2b, 0x3d, 0x2f, 0x7b, 0xa2, 0xc4, 0x78, 0x9f, 0x9e, 0xda, 0xbf, 0x55, 0x82, 0x13,
-	0x59, 0x0b, 0x00, 0xfd, 0x63, 0x0b, 0xc6, 0x6f, 0xdd, 0x4e, 0xd6, 0xc2, 0x6d, 0x12, 0xc4, 0x73,
-	0x1d, 0x2a, 0xa7, 0x99, 0xee, 0x1b, 0x3e, 0xef, 0x16, 0x6b, 0x6b, 0x4c, 0x5f, 0x49, 0x73, 0xb9,
-	0x10, 0x24, 0x51, 0x67, 0xee, 0x51, 0xf1, 0x4e, 0xe3, 0x57, 0x6e, 0xae, 0x99, 0x50, 0x9c, 0xed,
-	0xd4, 0xd9, 0xcf, 0x58, 0x70, 0x2a, 0x8f, 0x04, 0x3a, 0x01, 0xe5, 0x6d, 0xd2, 0xe1, 0x96, 0x30,
-	0xa6, 0x3f, 0xd1, 0xab, 0x50, 0xd9, 0x71, 0xfc, 0x36, 0x11, 0x66, 0xda, 0xa5, 0xa3, 0xbd, 0x88,
-	0xea, 0x19, 0xe6, 0x54, 0xbf, 0xa5, 0xf4, 0xa2, 0x65, 0xff, 0x76, 0x19, 0x86, 0x8d, 0x8f, 0x76,
-	0x1f, 0x4c, 0xcf, 0x30, 0x65, 0x7a, 0x2e, 0x17, 0x36, 0xdf, 0x7a, 0xda, 0x9e, 0xb7, 0x33, 0xb6,
-	0xe7, 0x4a, 0x71, 0x2c, 0xf7, 0x35, 0x3e, 0x51, 0x02, 0xb5, 0xb0, 0x45, 0xb7, 0x68, 0xd4, 0x86,
-	0x19, 0x28, 0xe2, 0x13, 0xae, 0x48, 0x72, 0x73, 0xa3, 0x77, 0xf6, 0xa6, 0x6a, 0xea, 0x2f, 0xd6,
-	0x8c, 0xec, 0x3f, 0xb0, 0xe0, 0x94, 0xd1, 0xc7, 0xf9, 0x30, 0x68, 0xb0, 0x8d, 0x06, 0x3a, 0x07,
-	0x03, 0x49, 0xa7, 0x25, 0xb7, 0x81, 0x6a, 0xa4, 0xd6, 0x3a, 0x2d, 0x82, 0x19, 0xe4, 0x61, 0xdf,
-	0x25, 0xfd, 0x88, 0x05, 0x8f, 0xe4, 0x0b, 0x18, 0xf4, 0x34, 0x0c, 0x72, 0x1f, 0x80, 0x78, 0x3b,
-	0xfd, 0x49, 0x58, 0x2b, 0x16, 0x50, 0x34, 0x03, 0x35, 0xa5, 0xf0, 0xc4, 0x3b, 0x4e, 0x08, 0xd4,
-	0x9a, 0xd6, 0x92, 0x1a, 0x87, 0x0e, 0x1a, 0xfd, 0x23, 0x4c, 0x50, 0x35, 0x68, 0x6c, 0xd3, 0xcc,
-	0x20, 0xf6, 0xef, 0x59, 0xf0, 0xf5, 0xfd, 0x88, 0xbd, 0xe3, 0xeb, 0x63, 0x1d, 0x4e, 0x37, 0xc8,
-	0x86, 0xd3, 0xf6, 0x93, 0x34, 0x47, 0xd1, 0xe9, 0x27, 0xc4, 0xc3, 0xa7, 0x17, 0xf2, 0x90, 0x70,
-	0xfe, 0xb3, 0xf6, 0x7f, 0xb1, 0xd8, 0x76, 0x5d, 0xbe, 0xd6, 0x7d, 0xd8, 0x3a, 0x05, 0xe9, 0xad,
-	0xd3, 0x62, 0x61, 0xcb, 0xb4, 0xc7, 0xde, 0xe9, 0x73, 0x16, 0x9c, 0x35, 0xb0, 0x96, 0x9d, 0xc4,
-	0xdd, 0xba, 0xb0, 0xdb, 0x8a, 0x48, 0x1c, 0xd3, 0x29, 0xf5, 0x84, 0x21, 0x8e, 0xe7, 0x86, 0x05,
-	0x85, 0xf2, 0x55, 0xd2, 0xe1, 0xb2, 0xf9, 0x19, 0xa8, 0xf2, 0x35, 0x17, 0x46, 0xe2, 0x23, 0xa9,
-	0x77, 0x5b, 0x11, 0xed, 0x58, 0x61, 0x20, 0x1b, 0x06, 0x99, 0xcc, 0xa5, 0x32, 0x88, 0x9a, 0x09,
-	0x40, 0xbf, 0xfb, 0x0d, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x53, 0xdd, 0x59, 0x8d, 0x08, 0x9b, 0x0f,
-	0x8d, 0x8b, 0x1e, 0xf1, 0x1b, 0x31, 0xdd, 0xd6, 0x39, 0x41, 0x10, 0x26, 0x62, 0x87, 0x66, 0x6c,
-	0xeb, 0x66, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xdf, 0x59, 0x27, 0x3e, 0x1f, 0x51, 0xc1, 0x74,
-	0x89, 0xb5, 0x60, 0x01, 0xb1, 0xef, 0x94, 0xd8, 0x06, 0x52, 0x49, 0x34, 0x72, 0x3f, 0xbc, 0x0f,
-	0x51, 0x4a, 0x05, 0xac, 0x16, 0x27, 0x8f, 0x49, 0x6f, 0x0f, 0xc4, 0x1b, 0x19, 0x2d, 0x80, 0x0b,
-	0xe5, 0xba, 0xbf, 0x17, 0xe2, 0x63, 0x65, 0x98, 0x4a, 0x3f, 0xd0, 0xa5, 0x44, 0xe8, 0x96, 0xd7,
-	0x60, 0x94, 0xf5, 0xd5, 0x19, 0xf8, 0xd8, 0xc4, 0xeb, 0x21, 0x87, 0x4b, 0xc7, 0x29, 0x87, 0x4d,
-	0x35, 0x51, 0x3e, 0x40, 0x4d, 0x3c, 0xad, 0x46, 0x7d, 0x20, 0x23, 0xf3, 0xd2, 0xaa, 0xf2, 0x1c,
-	0x0c, 0xc4, 0x09, 0x69, 0x4d, 0x56, 0xd2, 0x62, 0xb6, 0x9e, 0x90, 0x16, 0x66, 0x10, 0xf4, 0x6d,
-	0x30, 0x9e, 0x38, 0xd1, 0x26, 0x49, 0x22, 0xb2, 0xe3, 0x31, 0xbf, 0x2e, 0xdb, 0xcf, 0xd6, 0xe6,
-	0x4e, 0x52, 0xab, 0x6b, 0x8d, 0x81, 0xb0, 0x04, 0xe1, 0x2c, 0xae, 0xfd, 0x3f, 0x4a, 0xf0, 0x68,
-	0xfa, 0x13, 0x68, 0xc5, 0xf8, 0xed, 0x29, 0xc5, 0xf8, 0x5e, 0x53, 0x31, 0xde, 0xdd, 0x9b, 0x7a,
-	0xac, 0xc7, 0x63, 0x5f, 0x35, 0x7a, 0x13, 0x5d, 0xca, 0x7c, 0x84, 0x99, 0x2e, 0x2f, 0xeb, 0x13,
-	0x3d, 0xde, 0x31, 0xf3, 0x95, 0x9e, 0x86, 0xc1, 0x88, 0x38, 0x71, 0x18, 0x88, 0xef, 0xa4, 0xbe,
-	0x26, 0x66, 0xad, 0x58, 0x40, 0xed, 0xdf, 0xad, 0x65, 0x07, 0xfb, 0x12, 0xf7, 0x55, 0x87, 0x11,
-	0xf2, 0x60, 0x80, 0xed, 0xda, 0xb8, 0x64, 0xb9, 0x7a, 0xb4, 0x55, 0x48, 0xb5, 0x88, 0x22, 0x3d,
-	0x57, 0xa5, 0x5f, 0x8d, 0x36, 0x61, 0xc6, 0x02, 0xed, 0x42, 0xd5, 0x95, 0x9b, 0xa9, 0x52, 0x11,
-	0x6e, 0x47, 0xb1, 0x95, 0xd2, 0x1c, 0x47, 0xa8, 0xb8, 0x57, 0x3b, 0x30, 0xc5, 0x0d, 0x11, 0x28,
-	0x6f, 0x7a, 0x89, 0xf8, 0xac, 0x47, 0xdc, 0x2e, 0x5f, 0xf2, 0x8c, 0x57, 0x1c, 0xa2, 0x3a, 0xe8,
-	0x92, 0x97, 0x60, 0x4a, 0x1f, 0x7d, 0xca, 0x82, 0xe1, 0xd8, 0x6d, 0xae, 0x46, 0xe1, 0x8e, 0xd7,
-	0x20, 0x91, 0xb0, 0x31, 0x8f, 0x28, 0xd9, 0xea, 0xf3, 0xcb, 0x92, 0xa0, 0xe6, 0xcb, 0xdd, 0x17,
-	0x1a, 0x82, 0x4d, 0xbe, 0x74, 0xef, 0xf5, 0xa8, 0x78, 0xf7, 0x05, 0xe2, 0xb2, 0x15, 0x27, 0xf7,
-	0xcc, 0x6c, 0xa6, 0x1c, 0xd9, 0xe6, 0x5e, 0x68, 0xbb, 0xdb, 0x74, 0xbd, 0xe9, 0x0e, 0x3d, 0x76,
-	0x67, 0x6f, 0xea, 0xd1, 0xf9, 0x7c, 0x9e, 0xb8, 0x57, 0x67, 0xd8, 0x80, 0xb5, 0xda, 0xbe, 0x8f,
-	0xc9, 0xeb, 0x6d, 0xc2, 0x3c, 0x62, 0x05, 0x0c, 0xd8, 0xaa, 0x26, 0x98, 0x19, 0x30, 0x03, 0x82,
-	0x4d, 0xbe, 0xe8, 0x75, 0x18, 0x6c, 0x3a, 0x49, 0xe4, 0xed, 0x0a, 0x37, 0xd8, 0x11, 0x77, 0x41,
-	0xcb, 0x8c, 0x96, 0x66, 0xce, 0x14, 0x3d, 0x6f, 0xc4, 0x82, 0x11, 0x6a, 0x42, 0xa5, 0x49, 0xa2,
-	0x4d, 0x32, 0x59, 0x2d, 0xc2, 0xe5, 0xbf, 0x4c, 0x49, 0x69, 0x86, 0x35, 0x6a, 0x5c, 0xb1, 0x36,
-	0xcc, 0xb9, 0xa0, 0x57, 0xa1, 0x1a, 0x13, 0x9f, 0xb8, 0xd4, 0x3c, 0xaa, 0x31, 0x8e, 0xcf, 0xf5,
-	0x69, 0x2a, 0x52, 0xbb, 0xa4, 0x2e, 0x1e, 0xe5, 0x0b, 0x4c, 0xfe, 0xc3, 0x8a, 0x24, 0x1d, 0xc0,
-	0x96, 0xdf, 0xde, 0xf4, 0x82, 0x49, 0x28, 0x62, 0x00, 0x57, 0x19, 0xad, 0xcc, 0x00, 0xf2, 0x46,
-	0x2c, 0x18, 0xd9, 0xff, 0xdd, 0x02, 0x94, 0x16, 0x6a, 0xf7, 0xc1, 0x26, 0x7e, 0x3d, 0x6d, 0x13,
-	0x2f, 0x15, 0x69, 0xb4, 0xf4, 0x30, 0x8b, 0x7f, 0xa1, 0x06, 0x19, 0x75, 0x70, 0x8d, 0xc4, 0x09,
-	0x69, 0xbc, 0x23, 0xc2, 0xdf, 0x11, 0xe1, 0xef, 0x88, 0x70, 0x25, 0xc2, 0xd7, 0x33, 0x22, 0xfc,
-	0x03, 0xc6, 0xaa, 0xd7, 0xb1, 0x07, 0xaf, 0xa9, 0xe0, 0x04, 0xb3, 0x07, 0x06, 0x02, 0x95, 0x04,
-	0x57, 0xea, 0x2b, 0xd7, 0x72, 0x65, 0xf6, 0x6b, 0x69, 0x99, 0x7d, 0x54, 0x16, 0x7f, 0x1d, 0xa4,
-	0xf4, 0x6f, 0x58, 0xf0, 0xee, 0xb4, 0xf4, 0x92, 0x33, 0x67, 0x71, 0x33, 0x08, 0x23, 0xb2, 0xe0,
-	0x6d, 0x6c, 0x90, 0x88, 0x04, 0x2e, 0x89, 0x95, 0x6f, 0xc7, 0xea, 0xe5, 0xdb, 0x41, 0xcf, 0xc3,
-	0xc8, 0xad, 0x38, 0x0c, 0x56, 0x43, 0x2f, 0x10, 0x22, 0x88, 0xee, 0x38, 0x4e, 0xdc, 0xd9, 0x9b,
-	0x1a, 0xa1, 0x23, 0x2a, 0xdb, 0x71, 0x0a, 0x0b, 0xcd, 0xc3, 0xc4, 0xad, 0xd7, 0x57, 0x9d, 0xc4,
-	0xf0, 0x26, 0xc8, 0x7d, 0x3f, 0x3b, 0x8f, 0xba, 0xf2, 0x72, 0x06, 0x88, 0xbb, 0xf1, 0xed, 0xbf,
-	0x57, 0x82, 0x33, 0x99, 0x17, 0x09, 0x7d, 0x3f, 0x6c, 0x27, 0x74, 0x4f, 0x84, 0x7e, 0xc2, 0x82,
-	0x13, 0xcd, 0xb4, 0xc3, 0x22, 0x16, 0xee, 0xee, 0xef, 0x2c, 0x4c, 0x47, 0x64, 0x3c, 0x22, 0x73,
-	0x93, 0x62, 0x84, 0x4e, 0x64, 0x00, 0x31, 0xee, 0xea, 0x0b, 0x7a, 0x15, 0x6a, 0x4d, 0x67, 0xf7,
-	0x7a, 0xab, 0xe1, 0x24, 0x72, 0x3b, 0xda, 0xdb, 0x8b, 0xd0, 0x4e, 0x3c, 0x7f, 0x9a, 0x47, 0xb5,
-	0x4c, 0x2f, 0x06, 0xc9, 0x4a, 0x54, 0x4f, 0x22, 0x2f, 0xd8, 0xe4, 0x4e, 0xce, 0x65, 0x49, 0x06,
-	0x6b, 0x8a, 0xf6, 0x8f, 0x5b, 0x59, 0x25, 0xa5, 0x46, 0x27, 0x72, 0x12, 0xb2, 0xd9, 0x41, 0x6f,
-	0x42, 0x85, 0xee, 0x1b, 0xe5, 0xa8, 0xdc, 0x2c, 0x52, 0x73, 0x1a, 0x5f, 0x42, 0x2b, 0x51, 0xfa,
-	0x2f, 0xc6, 0x9c, 0xa9, 0xfd, 0x13, 0xb5, 0xac, 0xb1, 0xc0, 0xce, 0xe6, 0xcf, 0x03, 0x6c, 0x86,
-	0x6b, 0xa4, 0xd9, 0xf2, 0xe9, 0xb0, 0x58, 0xec, 0x80, 0x47, 0xb9, 0x4a, 0x2e, 0x29, 0x08, 0x36,
-	0xb0, 0xd0, 0x0f, 0x5a, 0x00, 0x9b, 0x72, 0xce, 0x4b, 0x43, 0xe0, 0x7a, 0x91, 0xaf, 0xa3, 0x57,
-	0x94, 0xee, 0x8b, 0x62, 0x88, 0x0d, 0xe6, 0xe8, 0xfb, 0x2c, 0xa8, 0x26, 0xb2, 0xfb, 0x5c, 0x35,
-	0xae, 0x15, 0xd9, 0x13, 0xf9, 0xd2, 0xda, 0x26, 0x52, 0x43, 0xa2, 0xf8, 0xa2, 0xef, 0xb7, 0x00,
-	0xe2, 0x4e, 0xe0, 0xae, 0x86, 0xbe, 0xe7, 0x76, 0x84, 0xc6, 0xbc, 0x51, 0xa8, 0x3b, 0x47, 0x51,
-	0x9f, 0x1b, 0xa3, 0xa3, 0xa1, 0xff, 0x63, 0x83, 0x33, 0xfa, 0x28, 0x54, 0x63, 0x31, 0xdd, 0x84,
-	0x8e, 0x5c, 0x2b, 0xd6, 0xa9, 0xc4, 0x69, 0x0b, 0xf1, 0x2a, 0xfe, 0x61, 0xc5, 0x13, 0xfd, 0xa8,
-	0x05, 0xe3, 0xad, 0xb4, 0x9b, 0x50, 0xa8, 0xc3, 0xe2, 0x64, 0x40, 0xc6, 0x0d, 0xc9, 0xbd, 0x2d,
-	0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, 0x06, 0xaf, 0xb4, 0xb8, 0xcb, 0x72, 0x48, 0x4b,
-	0xc0, 0x4b, 0x59, 0x20, 0xee, 0xc6, 0x47, 0xab, 0x70, 0x8a, 0xf6, 0xae, 0xc3, 0xcd, 0x4f, 0xa9,
-	0x5e, 0x62, 0xa6, 0x0c, 0xab, 0x73, 0x8f, 0x8b, 0x19, 0xc2, 0xce, 0x3a, 0xb2, 0x38, 0x38, 0xf7,
-	0x49, 0xf4, 0xdb, 0x16, 0x3c, 0xee, 0x31, 0x35, 0x60, 0x3a, 0xec, 0xb5, 0x46, 0x10, 0x07, 0xed,
-	0xa4, 0x50, 0x59, 0xd1, 0x4b, 0xfd, 0xcc, 0x7d, 0xbd, 0x78, 0x83, 0xc7, 0x17, 0xf7, 0xe9, 0x12,
-	0xde, 0xb7, 0xc3, 0xe8, 0x9b, 0x61, 0x54, 0xae, 0x8b, 0x55, 0x2a, 0x82, 0x99, 0xa2, 0xad, 0xcd,
-	0x4d, 0xdc, 0xd9, 0x9b, 0x1a, 0x5d, 0x33, 0x01, 0x38, 0x8d, 0x67, 0xff, 0xeb, 0x72, 0xea, 0x94,
-	0x48, 0xf9, 0x30, 0x99, 0xb8, 0x71, 0xa5, 0xff, 0x47, 0x4a, 0xcf, 0x42, 0xc5, 0x8d, 0xf2, 0x2e,
-	0x69, 0x71, 0xa3, 0x9a, 0x62, 0x6c, 0x30, 0xa7, 0x46, 0xe9, 0x84, 0x93, 0xf5, 0x94, 0x0a, 0x09,
-	0xf8, 0x6a, 0x91, 0x5d, 0xea, 0x3e, 0xd3, 0x3b, 0x23, 0xba, 0x36, 0xd1, 0x05, 0xc2, 0xdd, 0x5d,
-	0x42, 0xdf, 0x03, 0xb5, 0x48, 0x45, 0xb6, 0x94, 0x8b, 0xd8, 0xaa, 0xc9, 0x69, 0x23, 0xba, 0xa3,
-	0x0e, 0x80, 0x74, 0x0c, 0x8b, 0xe6, 0x68, 0x7f, 0xba, 0x94, 0x3a, 0x18, 0x33, 0x64, 0x47, 0x1f,
-	0x87, 0x7e, 0x9f, 0xb7, 0x60, 0x38, 0x0a, 0x7d, 0xdf, 0x0b, 0x36, 0xa9, 0x9c, 0x13, 0xca, 0xfa,
-	0x43, 0xc7, 0xa2, 0x2f, 0x85, 0x40, 0x63, 0x96, 0x35, 0xd6, 0x3c, 0xb1, 0xd9, 0x01, 0xf4, 0x12,
-	0x8c, 0x36, 0x88, 0x4f, 0xe8, 0xb3, 0x2b, 0x11, 0xdd, 0x13, 0x71, 0x27, 0xb3, 0x8a, 0x14, 0x59,
-	0x30, 0x81, 0x38, 0x8d, 0x6b, 0xff, 0x89, 0x05, 0x93, 0xbd, 0x84, 0x39, 0x22, 0xf0, 0x98, 0x94,
-	0x54, 0x6a, 0x1c, 0x57, 0x02, 0x49, 0x4f, 0xe8, 0xe3, 0xa7, 0x04, 0x9f, 0xc7, 0x56, 0x7b, 0xa3,
-	0xe2, 0xfd, 0xe8, 0xa0, 0x57, 0xe0, 0x84, 0x31, 0x28, 0xb1, 0x1a, 0xd5, 0xda, 0xdc, 0x34, 0xb5,
-	0x9e, 0x66, 0x33, 0xb0, 0xbb, 0x7b, 0x53, 0x8f, 0x64, 0xdb, 0x84, 0xb6, 0xe9, 0xa2, 0x63, 0xff,
-	0x74, 0xd7, 0xa7, 0x56, 0x86, 0xc2, 0xdb, 0x56, 0x97, 0x2b, 0xe2, 0x3b, 0x8f, 0x43, 0x39, 0x33,
-	0xa7, 0x85, 0x8a, 0xe1, 0xe8, 0x8d, 0xf3, 0x00, 0xcf, 0xfc, 0xed, 0x7f, 0x3b, 0x00, 0xfb, 0xf4,
-	0xac, 0x0f, 0xcb, 0xff, 0xd0, 0x87, 0xb0, 0x9f, 0xb5, 0xd4, 0x69, 0x1b, 0x17, 0x00, 0x8d, 0xe3,
-	0x1a, 0x7b, 0xbe, 0xf9, 0x8a, 0x79, 0xdc, 0x89, 0x72, 0xc1, 0xa7, 0xcf, 0xf5, 0xd0, 0x17, 0xad,
-	0xf4, 0x79, 0x21, 0x8f, 0x88, 0xf4, 0x8e, 0xad, 0x4f, 0xc6, 0x21, 0x24, 0xef, 0x98, 0x3e, 0xba,
-	0xea, 0x75, 0x3c, 0x39, 0x0d, 0xb0, 0xe1, 0x05, 0x8e, 0xef, 0xbd, 0x41, 0xb7, 0x56, 0x15, 0x66,
-	0x1d, 0x30, 0x73, 0xeb, 0xa2, 0x6a, 0xc5, 0x06, 0xc6, 0xd9, 0xbf, 0x09, 0xc3, 0xc6, 0x9b, 0xe7,
-	0x84, 0xcb, 0x9c, 0x32, 0xc3, 0x65, 0x6a, 0x46, 0x94, 0xcb, 0xd9, 0x0f, 0xc0, 0x89, 0x6c, 0x07,
-	0x0f, 0xf3, 0xbc, 0xfd, 0x7f, 0x86, 0xb2, 0x07, 0x78, 0x6b, 0x24, 0x6a, 0xd2, 0xae, 0xbd, 0xe3,
-	0x15, 0x7b, 0xc7, 0x2b, 0xf6, 0x8e, 0x57, 0xcc, 0x3c, 0xd8, 0x10, 0x1e, 0x9f, 0xa1, 0xfb, 0xe4,
-	0xf1, 0x49, 0xf9, 0xb0, 0xaa, 0x85, 0xfb, 0xb0, 0xec, 0x4f, 0x75, 0xb9, 0xfd, 0xd7, 0x22, 0x42,
-	0x50, 0x08, 0x95, 0x20, 0x6c, 0x10, 0x69, 0x20, 0x5f, 0x29, 0xc6, 0xda, 0xbb, 0x16, 0x36, 0x8c,
-	0x58, 0x73, 0xfa, 0x2f, 0xc6, 0x9c, 0x8f, 0xfd, 0xc9, 0x41, 0x48, 0xd9, 0xa2, 0xfc, 0xbb, 0x7f,
-	0x23, 0x0c, 0x45, 0xa4, 0x15, 0x5e, 0xc7, 0x4b, 0x42, 0x97, 0xe9, 0x54, 0x1d, 0xde, 0x8c, 0x25,
-	0x9c, 0xea, 0xbc, 0x96, 0x93, 0x6c, 0x09, 0x65, 0xa6, 0x74, 0xde, 0xaa, 0x93, 0x6c, 0x61, 0x06,
-	0x41, 0x1f, 0x80, 0xb1, 0x24, 0x75, 0x8e, 0x2e, 0xce, 0x8b, 0x1f, 0x11, 0xb8, 0x63, 0xe9, 0x53,
-	0x76, 0x9c, 0xc1, 0x46, 0xaf, 0xc3, 0xc0, 0x16, 0xf1, 0x9b, 0xe2, 0xd3, 0xd7, 0x8b, 0xd3, 0x35,
-	0xec, 0x5d, 0x2f, 0x13, 0xbf, 0xc9, 0x25, 0x21, 0xfd, 0x85, 0x19, 0x2b, 0x3a, 0xef, 0x6b, 0xdb,
-	0xed, 0x38, 0x09, 0x9b, 0xde, 0x1b, 0xd2, 0x4d, 0xfa, 0x9d, 0x05, 0x33, 0xbe, 0x2a, 0xe9, 0x73,
-	0x7f, 0x94, 0xfa, 0x8b, 0x35, 0x67, 0xd6, 0x8f, 0x86, 0x17, 0xb1, 0x29, 0xd3, 0x11, 0xde, 0xce,
-	0xa2, 0xfb, 0xb1, 0x20, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, 0x46, 0x1d, 0xb5, 0xfe, 0x86,
-	0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, 0xf6, 0x72, 0xd7, 0xe1, 0x53, 0x50, 0x71, 0xb7, 0x9c,
-	0x28, 0x99, 0x1c, 0x61, 0x93, 0x46, 0xcd, 0xe2, 0x79, 0xda, 0x88, 0x39, 0x0c, 0x3d, 0x01, 0xe5,
-	0x88, 0x6c, 0xb0, 0xd0, 0x66, 0x23, 0xa8, 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d, 0x36, 0xd6,
-	0x33, 0xda, 0xee, 0x27, 0x4b, 0x69, 0xc3, 0x2e, 0x3d, 0x32, 0x7c, 0x3d, 0xb8, 0xed, 0x28, 0x96,
-	0xde, 0x35, 0x63, 0x3d, 0xb0, 0x66, 0x2c, 0xe1, 0xe8, 0xe3, 0x16, 0x0c, 0xdd, 0x8a, 0xc3, 0x20,
-	0x20, 0x89, 0x50, 0xa2, 0x37, 0x0a, 0x1e, 0xac, 0x2b, 0x9c, 0xba, 0xee, 0x83, 0x68, 0xc0, 0x92,
-	0x2f, 0xed, 0x2e, 0xd9, 0x75, 0xfd, 0x76, 0xa3, 0x2b, 0x92, 0xe6, 0x02, 0x6f, 0xc6, 0x12, 0x4e,
-	0x51, 0xbd, 0x80, 0xa3, 0x0e, 0xa4, 0x51, 0x17, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0xcf, 0x55, 0xe1,
-	0x74, 0xee, 0xf2, 0xa1, 0x26, 0x17, 0x33, 0x6a, 0x2e, 0x7a, 0x3e, 0x91, 0x31, 0x64, 0xcc, 0xe4,
-	0xba, 0xa1, 0x5a, 0xb1, 0x81, 0x81, 0xbe, 0x17, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x28, 0xef, 0xf7,
-	0x91, 0x2d, 0x1b, 0xda, 0x8f, 0x55, 0x49, 0x53, 0x7b, 0x00, 0x54, 0x53, 0x8c, 0x0d, 0x96, 0xe8,
-	0x05, 0x18, 0x8e, 0x88, 0x4f, 0x9c, 0x98, 0xc5, 0xce, 0x67, 0x13, 0x81, 0xb0, 0x06, 0x61, 0x13,
-	0x0f, 0x3d, 0xad, 0xc2, 0xed, 0x32, 0x61, 0x47, 0xe9, 0x90, 0x3b, 0xf4, 0x05, 0x0b, 0xc6, 0x36,
-	0x3c, 0x9f, 0x68, 0xee, 0x22, 0x6d, 0x67, 0xe5, 0xe8, 0x2f, 0x79, 0xd1, 0xa4, 0xab, 0x65, 0x68,
-	0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0xef, 0x90, 0x88, 0x09, 0xdf, 0xc1, 0xf4, 0x67, 0xbe,
-	0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x59, 0x18, 0x6f, 0x39, 0x71, 0x3c, 0x1f, 0x91, 0x06, 0x09, 0x12,
-	0xcf, 0xf1, 0x79, 0x52, 0x4d, 0x55, 0xc7, 0xa2, 0xaf, 0xa6, 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x08,
-	0x8f, 0x72, 0xf7, 0xd2, 0xb2, 0x17, 0xc7, 0x5e, 0xb0, 0xa9, 0xa7, 0x81, 0xf0, 0xb2, 0x4d, 0x09,
-	0x52, 0x8f, 0x2e, 0xe6, 0xa3, 0xe1, 0x5e, 0xcf, 0xa3, 0x67, 0xa0, 0x1a, 0x6f, 0x7b, 0xad, 0xf9,
-	0xa8, 0x11, 0xb3, 0xa3, 0xa5, 0xaa, 0xf6, 0xe9, 0xd6, 0x45, 0x3b, 0x56, 0x18, 0xc8, 0x85, 0x11,
-	0xfe, 0x49, 0x78, 0xbc, 0xa0, 0x90, 0xa0, 0xef, 0xeb, 0xa9, 0xc8, 0x45, 0xfe, 0xec, 0x34, 0x76,
-	0x6e, 0x5f, 0x90, 0x07, 0x5d, 0xfc, 0x5c, 0xe6, 0x86, 0x41, 0x06, 0xa7, 0x88, 0xa6, 0xf7, 0x74,
-	0xc3, 0x7d, 0xec, 0xe9, 0x5e, 0x80, 0xe1, 0xed, 0xf6, 0x3a, 0x11, 0x23, 0x2f, 0x04, 0x9b, 0x9a,
-	0x7d, 0x57, 0x35, 0x08, 0x9b, 0x78, 0x2c, 0x54, 0xb3, 0xe5, 0x89, 0x7f, 0xf1, 0xe4, 0xa8, 0x11,
-	0xaa, 0xb9, 0xba, 0x28, 0x9b, 0xb1, 0x89, 0x43, 0xbb, 0x46, 0xc7, 0x62, 0x8d, 0xc4, 0x2c, 0x13,
-	0x83, 0x0e, 0x97, 0xea, 0x5a, 0x5d, 0x02, 0xb0, 0xc6, 0x41, 0xab, 0x70, 0x8a, 0xfe, 0xa9, 0xb3,
-	0xfc, 0xe1, 0x1b, 0x8e, 0xef, 0x35, 0x78, 0xdc, 0xe0, 0x78, 0xda, 0x39, 0x5a, 0xcf, 0xc1, 0xc1,
-	0xb9, 0x4f, 0xda, 0x3f, 0x56, 0x4a, 0x7b, 0x4e, 0x4c, 0x11, 0x86, 0x62, 0x2a, 0xa8, 0x92, 0x1b,
-	0x4e, 0x24, 0x0d, 0x9e, 0x23, 0x66, 0x46, 0x09, 0xba, 0x37, 0x9c, 0xc8, 0x14, 0x79, 0x8c, 0x01,
-	0x96, 0x9c, 0xd0, 0x2d, 0x18, 0x48, 0x7c, 0xa7, 0xa0, 0x54, 0x4a, 0x83, 0xa3, 0xf6, 0x82, 0x2d,
-	0xcd, 0xc6, 0x98, 0xf1, 0x40, 0x8f, 0xd3, 0xdd, 0xdb, 0xba, 0x3c, 0xa6, 0x13, 0x1b, 0xae, 0xf5,
-	0x18, 0xb3, 0x56, 0xfb, 0x6f, 0x8f, 0xe6, 0x68, 0x1d, 0x65, 0x08, 0xa0, 0xf3, 0x00, 0x74, 0xd2,
-	0xac, 0x46, 0x64, 0xc3, 0xdb, 0x15, 0x86, 0x98, 0x92, 0x6c, 0xd7, 0x14, 0x04, 0x1b, 0x58, 0xf2,
-	0x99, 0x7a, 0x7b, 0x83, 0x3e, 0x53, 0xea, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x87, 0x41,
-	0xaf, 0xe9, 0x6c, 0xaa, 0x28, 0xe2, 0xc7, 0xa9, 0x48, 0x5b, 0x64, 0x2d, 0x77, 0xf7, 0xa6, 0xc6,
-	0x54, 0x87, 0x58, 0x13, 0x16, 0xb8, 0xe8, 0xa7, 0x2d, 0x18, 0x71, 0xc3, 0x66, 0x33, 0x0c, 0xf8,
-	0xf6, 0x59, 0xf8, 0x02, 0x6e, 0x1d, 0x97, 0x99, 0x34, 0x3d, 0x6f, 0x30, 0xe3, 0xce, 0x00, 0x95,
-	0xf3, 0x69, 0x82, 0x70, 0xaa, 0x57, 0xa6, 0xe4, 0xab, 0x1c, 0x20, 0xf9, 0x7e, 0xde, 0x82, 0x09,
-	0xfe, 0xac, 0xb1, 0xab, 0x17, 0xe9, 0x8d, 0xe1, 0x31, 0xbf, 0x56, 0x97, 0xa3, 0x43, 0x79, 0x8a,
-	0xbb, 0xe0, 0xb8, 0xbb, 0x93, 0xe8, 0x12, 0x4c, 0x6c, 0x84, 0x91, 0x4b, 0xcc, 0x81, 0x10, 0x62,
-	0x5b, 0x11, 0xba, 0x98, 0x45, 0xc0, 0xdd, 0xcf, 0xa0, 0x1b, 0xf0, 0x88, 0xd1, 0x68, 0x8e, 0x03,
-	0x97, 0xdc, 0x4f, 0x0a, 0x6a, 0x8f, 0x5c, 0xcc, 0xc5, 0xc2, 0x3d, 0x9e, 0x4e, 0x0b, 0xc9, 0x5a,
-	0x1f, 0x42, 0xf2, 0x35, 0x38, 0xe3, 0x76, 0x8f, 0xcc, 0x4e, 0xdc, 0x5e, 0x8f, 0xb9, 0x1c, 0xaf,
-	0xce, 0x7d, 0x9d, 0x20, 0x70, 0x66, 0xbe, 0x17, 0x22, 0xee, 0x4d, 0x03, 0xbd, 0x09, 0xd5, 0x88,
-	0xb0, 0xaf, 0x12, 0x8b, 0x5c, 0xbf, 0x23, 0x7a, 0x3b, 0xb4, 0x05, 0xcf, 0xc9, 0x6a, 0xcd, 0x24,
-	0x1a, 0x62, 0xac, 0x38, 0xa2, 0xdb, 0x30, 0xd4, 0x72, 0x12, 0x77, 0x4b, 0x64, 0xf8, 0x1d, 0xd9,
-	0xb1, 0xaf, 0x98, 0xb3, 0x73, 0x18, 0xa3, 0x5e, 0x02, 0x67, 0x82, 0x25, 0x37, 0x6a, 0xab, 0xb9,
-	0x61, 0xb3, 0x15, 0x06, 0x24, 0x48, 0xa4, 0x12, 0x19, 0xe3, 0x87, 0x25, 0xb2, 0x15, 0x1b, 0x18,
-	0x5d, 0xba, 0x5c, 0xa3, 0x4d, 0x4e, 0xec, 0xa3, 0xcb, 0x0d, 0x6a, 0xbd, 0x9e, 0xa7, 0xca, 0x86,
-	0xb9, 0x15, 0x6f, 0x7a, 0xc9, 0x56, 0xd8, 0x4e, 0xe4, 0x2e, 0x59, 0x28, 0x2a, 0xa5, 0x6c, 0x96,
-	0x72, 0x70, 0x70, 0xee, 0x93, 0x59, 0xcd, 0x3a, 0x7e, 0x6f, 0x9a, 0xf5, 0x44, 0x1f, 0x9a, 0xb5,
-	0x0e, 0xa7, 0x59, 0x0f, 0x84, 0x95, 0x2c, 0x9d, 0x96, 0xf1, 0x24, 0x62, 0x9d, 0x57, 0xc9, 0x31,
-	0x4b, 0x79, 0x48, 0x38, 0xff, 0xd9, 0xb3, 0xdf, 0x0e, 0x13, 0x5d, 0x42, 0xee, 0x50, 0x0e, 0xc9,
-	0x05, 0x78, 0x24, 0x5f, 0x9c, 0x1c, 0xca, 0x2d, 0xf9, 0x73, 0x99, 0xa0, 0x76, 0x63, 0x8b, 0xd6,
-	0x87, 0x8b, 0xdb, 0x81, 0x32, 0x09, 0x76, 0x84, 0x76, 0xbd, 0x78, 0xb4, 0x59, 0x7d, 0x21, 0xd8,
-	0xe1, 0xd2, 0x90, 0xf9, 0xf1, 0x2e, 0x04, 0x3b, 0x98, 0xd2, 0x46, 0x3f, 0x6c, 0xa5, 0x36, 0x10,
-	0xdc, 0x31, 0xfe, 0xe1, 0x63, 0xd9, 0x93, 0xf6, 0xbd, 0xa7, 0xb0, 0xff, 0x5d, 0x09, 0xce, 0x1d,
-	0x44, 0xa4, 0x8f, 0xe1, 0x7b, 0x0a, 0x06, 0x63, 0x16, 0xa6, 0x22, 0xd4, 0xd5, 0x30, 0x5d, 0xc5,
-	0x3c, 0x70, 0xe5, 0x35, 0x2c, 0x40, 0xc8, 0x87, 0x72, 0xd3, 0x69, 0x09, 0x7f, 0xe9, 0xe2, 0x51,
-	0x93, 0xff, 0xe8, 0x7f, 0xc7, 0x5f, 0x76, 0x5a, 0x7c, 0xce, 0x1b, 0x0d, 0x98, 0xb2, 0x41, 0x09,
-	0x54, 0x9c, 0x28, 0x72, 0x64, 0x4c, 0xc4, 0xd5, 0x62, 0xf8, 0xcd, 0x52, 0x92, 0xfc, 0x48, 0x39,
-	0xd5, 0x84, 0x39, 0x33, 0xfb, 0x47, 0xab, 0xa9, 0x4c, 0x31, 0x16, 0xe8, 0x12, 0xc3, 0xa0, 0x70,
-	0x93, 0x5a, 0x45, 0xe7, 0x5c, 0xf2, 0x54, 0x6c, 0xe6, 0x81, 0x10, 0x05, 0x2d, 0x04, 0x2b, 0xf4,
-	0x19, 0x8b, 0x95, 0x8d, 0x90, 0xe9, 0x77, 0x62, 0x57, 0x7f, 0x3c, 0x55, 0x2c, 0xcc, 0x62, 0x14,
-	0xb2, 0x11, 0x9b, 0xdc, 0x45, 0x69, 0x1c, 0xb6, 0x9b, 0xe9, 0x2e, 0x8d, 0xc3, 0x76, 0x27, 0x12,
-	0x8e, 0x76, 0x73, 0x02, 0x5a, 0x0a, 0x28, 0x3d, 0xd0, 0x47, 0x08, 0xcb, 0x17, 0x2d, 0x98, 0xf0,
-	0xb2, 0x91, 0x09, 0x62, 0x0f, 0x7c, 0xb3, 0x18, 0x9f, 0x66, 0x77, 0xe0, 0x83, 0x32, 0x74, 0xba,
-	0x40, 0xb8, 0xbb, 0x33, 0xa8, 0x01, 0x03, 0x5e, 0xb0, 0x11, 0x0a, 0xf3, 0x6e, 0xee, 0x68, 0x9d,
-	0x5a, 0x0c, 0x36, 0x42, 0xbd, 0x9a, 0xe9, 0x3f, 0xcc, 0xa8, 0xa3, 0x25, 0x38, 0x25, 0x93, 0x85,
-	0x2e, 0x7b, 0x71, 0x12, 0x46, 0x9d, 0x25, 0xaf, 0xe9, 0x25, 0xcc, 0x34, 0x2b, 0xcf, 0x4d, 0x52,
-	0xf5, 0x86, 0x73, 0xe0, 0x38, 0xf7, 0x29, 0xf4, 0x06, 0x0c, 0xc9, 0x68, 0x80, 0x6a, 0x11, 0xfe,
-	0x84, 0xee, 0xf9, 0xaf, 0x26, 0x53, 0x5d, 0x84, 0x03, 0x48, 0x86, 0xe8, 0xd3, 0x16, 0x8c, 0xf1,
-	0xdf, 0x97, 0x3b, 0x0d, 0x9e, 0x9f, 0x58, 0x2b, 0x22, 0xe4, 0xbf, 0x9e, 0xa2, 0x39, 0x87, 0xee,
-	0xec, 0x4d, 0x8d, 0xa5, 0xdb, 0x70, 0x86, 0xaf, 0xfd, 0x4f, 0x46, 0xa0, 0x3b, 0x7e, 0x22, 0x1d,
-	0x2c, 0x61, 0xdd, 0xef, 0x60, 0x09, 0xba, 0xab, 0x8c, 0x75, 0x9c, 0x43, 0x01, 0xcb, 0x4c, 0x70,
-	0xd5, 0xc7, 0xd0, 0x9d, 0xc0, 0xc5, 0x8c, 0x07, 0x6a, 0xc3, 0x20, 0xaf, 0x4c, 0x25, 0x34, 0xc0,
-	0xd1, 0x4f, 0xbe, 0xcd, 0x0a, 0x57, 0xda, 0xad, 0xc5, 0x5b, 0xb1, 0x60, 0x86, 0x76, 0x61, 0x68,
-	0x8b, 0x4f, 0x47, 0xb1, 0xd7, 0x5b, 0x3e, 0xea, 0xf8, 0xa6, 0xe6, 0xb8, 0x9e, 0x7c, 0xa2, 0x01,
-	0x4b, 0x76, 0x2c, 0x36, 0xcf, 0x88, 0x1e, 0xe2, 0x82, 0xa4, 0xb8, 0x54, 0xcb, 0xfe, 0x43, 0x87,
-	0x3e, 0x02, 0x23, 0x11, 0x71, 0xc3, 0xc0, 0xf5, 0x7c, 0xd2, 0x98, 0x95, 0x07, 0x62, 0x87, 0xc9,
-	0xb0, 0x63, 0xde, 0x24, 0x6c, 0xd0, 0xc0, 0x29, 0x8a, 0x6c, 0x9d, 0xa9, 0xac, 0x7b, 0xfa, 0x41,
-	0x88, 0x38, 0xf8, 0x58, 0x2a, 0x28, 0xc7, 0x9f, 0xd1, 0xe4, 0xeb, 0x2c, 0xdd, 0x86, 0x33, 0x7c,
-	0xd1, 0x2b, 0x00, 0xe1, 0x3a, 0x0f, 0xc0, 0x9b, 0x4d, 0xc4, 0x29, 0xc8, 0x61, 0x5e, 0x75, 0x8c,
-	0x67, 0xea, 0x4a, 0x0a, 0xd8, 0xa0, 0x86, 0xae, 0x02, 0xf0, 0x95, 0xb3, 0xd6, 0x69, 0xc9, 0x0d,
-	0xa1, 0x4c, 0x91, 0x84, 0xba, 0x82, 0xdc, 0xdd, 0x9b, 0xea, 0xf6, 0x39, 0xb3, 0x28, 0x23, 0xe3,
-	0x71, 0xf4, 0xdd, 0x30, 0x14, 0xb7, 0x9b, 0x4d, 0x47, 0x9d, 0x91, 0x14, 0x98, 0xfb, 0xcb, 0xe9,
-	0x1a, 0x82, 0x91, 0x37, 0x60, 0xc9, 0x11, 0xdd, 0xa2, 0x22, 0x5e, 0x48, 0x28, 0xbe, 0x8a, 0xb8,
-	0x85, 0xc2, 0x3d, 0x81, 0xef, 0x97, 0xbb, 0x18, 0x9c, 0x83, 0x73, 0x77, 0x6f, 0xea, 0x91, 0x74,
-	0xfb, 0x52, 0x28, 0xb2, 0x71, 0x73, 0x69, 0xa2, 0x2b, 0xb2, 0x08, 0x17, 0x7d, 0x6d, 0x59, 0x1b,
-	0xe6, 0x3d, 0xba, 0x08, 0x17, 0x6b, 0xee, 0x3d, 0x66, 0xe6, 0xc3, 0x68, 0x19, 0x4e, 0xba, 0x61,
-	0x90, 0x44, 0xa1, 0xef, 0xf3, 0x02, 0x7d, 0x7c, 0x6f, 0xce, 0xcf, 0x50, 0x1e, 0x13, 0xdd, 0x3e,
-	0x39, 0xdf, 0x8d, 0x82, 0xf3, 0x9e, 0xa3, 0x36, 0x79, 0x56, 0x3f, 0x8c, 0x15, 0x72, 0xbc, 0x9e,
-	0xa2, 0x29, 0x24, 0x94, 0x72, 0x7b, 0x1f, 0xa0, 0x29, 0x82, 0xf4, 0x21, 0xab, 0xf8, 0x62, 0xcf,
-	0xc3, 0x08, 0xd9, 0x4d, 0x48, 0x14, 0x38, 0xfe, 0x75, 0xbc, 0x24, 0x0f, 0x2c, 0xd8, 0xc2, 0xbc,
-	0x60, 0xb4, 0xe3, 0x14, 0x16, 0xb2, 0x95, 0x97, 0xcc, 0x48, 0x7b, 0xe7, 0x5e, 0x32, 0xe9, 0x13,
-	0xb3, 0x7f, 0xb6, 0x9c, 0xb2, 0x59, 0x1f, 0xc8, 0x91, 0x2e, 0xab, 0xaf, 0x24, 0x0b, 0x51, 0x31,
-	0x80, 0xd8, 0x8b, 0x15, 0xc9, 0x59, 0x45, 0xcd, 0xad, 0x98, 0x8c, 0x70, 0x9a, 0x2f, 0xda, 0x86,
-	0xca, 0x56, 0x18, 0x27, 0x72, 0x87, 0x76, 0xc4, 0xcd, 0xe0, 0xe5, 0x30, 0x4e, 0x98, 0xa1, 0xa5,
-	0x5e, 0x9b, 0xb6, 0xc4, 0x98, 0xf3, 0xa0, 0x7b, 0xff, 0x78, 0xcb, 0x89, 0x1a, 0xf1, 0x3c, 0x2b,
-	0x52, 0x31, 0xc0, 0x2c, 0x2c, 0x65, 0x4f, 0xd7, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x9f, 0x5a, 0xa9,
-	0x53, 0xad, 0x9b, 0x2c, 0xe3, 0x60, 0x87, 0x04, 0x54, 0x44, 0x99, 0x31, 0x8e, 0xdf, 0x9c, 0xc9,
-	0xdf, 0x7e, 0x77, 0xaf, 0x5a, 0x9a, 0xb7, 0x29, 0x85, 0x69, 0x46, 0xc2, 0x08, 0x87, 0xfc, 0x98,
-	0x95, 0x4e, 0xc4, 0x2f, 0x15, 0xb1, 0x75, 0x33, 0x8b, 0x51, 0x1c, 0x98, 0xd3, 0x6f, 0xff, 0xb0,
-	0x05, 0x43, 0x73, 0x8e, 0xbb, 0x1d, 0x6e, 0x6c, 0xa0, 0x67, 0xa0, 0xda, 0x68, 0x47, 0x66, 0x4d,
-	0x00, 0xe5, 0xac, 0x5a, 0x10, 0xed, 0x58, 0x61, 0xd0, 0xa9, 0xbf, 0xe1, 0xb8, 0xb2, 0x24, 0x45,
-	0x99, 0x4f, 0xfd, 0x8b, 0xac, 0x05, 0x0b, 0x08, 0x1d, 0xfe, 0xa6, 0xb3, 0x2b, 0x1f, 0xce, 0x1e,
-	0xa9, 0x2d, 0x6b, 0x10, 0x36, 0xf1, 0xec, 0x5f, 0xb7, 0x60, 0x72, 0xce, 0x89, 0x3d, 0x77, 0xb6,
-	0x9d, 0x6c, 0xcd, 0x79, 0xc9, 0x7a, 0xdb, 0xdd, 0x26, 0x09, 0x2f, 0x5d, 0x42, 0x7b, 0xd9, 0x8e,
-	0xe9, 0x0a, 0x54, 0x3b, 0x66, 0xd5, 0xcb, 0xeb, 0xa2, 0x1d, 0x2b, 0x0c, 0xf4, 0x06, 0x0c, 0xb7,
-	0x9c, 0x38, 0xbe, 0x1d, 0x46, 0x0d, 0x4c, 0x36, 0x8a, 0x29, 0x6e, 0x54, 0x27, 0x6e, 0x44, 0x12,
-	0x4c, 0x36, 0x44, 0x80, 0x8a, 0xa6, 0x8f, 0x4d, 0x66, 0xf6, 0x0f, 0x5a, 0x70, 0x6a, 0x8e, 0x38,
-	0x11, 0x89, 0x58, 0x2d, 0x24, 0xf5, 0x22, 0xe8, 0x75, 0xa8, 0x26, 0xb4, 0x85, 0xf6, 0xc8, 0x2a,
-	0xb6, 0x47, 0x2c, 0xb4, 0x64, 0x4d, 0x10, 0xc7, 0x8a, 0x8d, 0xfd, 0x79, 0x0b, 0xce, 0xe4, 0xf5,
-	0x65, 0xde, 0x0f, 0xdb, 0x8d, 0x07, 0xd1, 0xa1, 0xbf, 0x6b, 0xc1, 0x08, 0x3b, 0xae, 0x5f, 0x20,
-	0x89, 0xe3, 0xf9, 0x5d, 0x75, 0x18, 0xad, 0x3e, 0xeb, 0x30, 0x9e, 0x83, 0x81, 0xad, 0xb0, 0x49,
-	0xb2, 0xa1, 0x26, 0x97, 0xc3, 0x26, 0xc1, 0x0c, 0x82, 0x9e, 0xa5, 0x93, 0xd0, 0x0b, 0x12, 0x87,
-	0x2e, 0x47, 0x79, 0x9c, 0x31, 0xce, 0x27, 0xa0, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x2b, 0x35, 0x18,
-	0x12, 0x71, 0x51, 0x7d, 0x97, 0xd2, 0x91, 0x5e, 0x9c, 0x52, 0x4f, 0x2f, 0x4e, 0x0c, 0x83, 0x2e,
-	0x2b, 0x96, 0x2b, 0x2c, 0xf4, 0xab, 0x85, 0x04, 0xd2, 0xf1, 0xfa, 0xbb, 0xba, 0x5b, 0xfc, 0x3f,
-	0x16, 0xac, 0xd0, 0x5b, 0x16, 0x8c, 0xbb, 0x61, 0x10, 0x10, 0x57, 0xdb, 0x8e, 0x03, 0x45, 0x6c,
-	0x10, 0xe6, 0xd3, 0x44, 0xf5, 0x49, 0x70, 0x06, 0x80, 0xb3, 0xec, 0xd1, 0x4b, 0x30, 0xca, 0xc7,
-	0xec, 0x46, 0xea, 0x0c, 0x46, 0x97, 0xe7, 0x33, 0x81, 0x38, 0x8d, 0x8b, 0xa6, 0xf9, 0x59, 0x96,
-	0x28, 0x84, 0x37, 0xa8, 0x5d, 0xd5, 0x46, 0x09, 0x3c, 0x03, 0x03, 0x45, 0x80, 0x22, 0xb2, 0x11,
-	0x91, 0x78, 0x4b, 0xc4, 0x8d, 0x31, 0xbb, 0x75, 0xe8, 0xde, 0x8a, 0x60, 0xe0, 0x2e, 0x4a, 0x38,
-	0x87, 0x3a, 0xda, 0x16, 0x6e, 0x84, 0x6a, 0x11, 0xf2, 0x5c, 0x7c, 0xe6, 0x9e, 0xde, 0x84, 0x29,
-	0xa8, 0x30, 0xd5, 0xc5, 0xec, 0xe5, 0x32, 0x4f, 0xbc, 0x64, 0x8a, 0x0d, 0xf3, 0x76, 0xb4, 0x00,
-	0x27, 0x32, 0xc5, 0x05, 0x63, 0x71, 0x56, 0xa2, 0x92, 0xec, 0x32, 0x65, 0x09, 0x63, 0xdc, 0xf5,
-	0x84, 0xe9, 0x62, 0x1a, 0x3e, 0xc0, 0xc5, 0xd4, 0x51, 0xd1, 0xc9, 0xfc, 0x14, 0xe3, 0xe5, 0x42,
-	0x06, 0xa0, 0xaf, 0x50, 0xe4, 0xcf, 0x65, 0x42, 0x91, 0x47, 0x59, 0x07, 0x6e, 0x14, 0xd3, 0x81,
-	0xc3, 0xc7, 0x1d, 0x3f, 0xc8, 0x38, 0xe2, 0xff, 0x6d, 0x81, 0xfc, 0xae, 0xf3, 0x8e, 0xbb, 0x45,
-	0xe8, 0x94, 0x41, 0x1f, 0x80, 0x31, 0xe5, 0x9d, 0xe0, 0x26, 0x91, 0xc5, 0x66, 0x8d, 0xb2, 0x9d,
-	0x71, 0x0a, 0x8a, 0x33, 0xd8, 0x68, 0x06, 0x6a, 0x74, 0x9c, 0xf8, 0xa3, 0x5c, 0xef, 0x2b, 0x0f,
-	0xc8, 0xec, 0xea, 0xa2, 0x78, 0x4a, 0xe3, 0xa0, 0x10, 0x26, 0x7c, 0x27, 0x4e, 0x58, 0x0f, 0xea,
-	0x9d, 0xc0, 0xbd, 0xc7, 0x12, 0x34, 0x2c, 0x93, 0x6b, 0x29, 0x4b, 0x08, 0x77, 0xd3, 0xb6, 0xff,
-	0x43, 0x05, 0x46, 0x53, 0x92, 0xf1, 0x90, 0x06, 0xc3, 0x33, 0x50, 0x95, 0x3a, 0x3c, 0x5b, 0x6b,
-	0x4b, 0x29, 0x7a, 0x85, 0x41, 0x95, 0xd6, 0xba, 0xd6, 0xaa, 0x59, 0x03, 0xc7, 0x50, 0xb8, 0xd8,
-	0xc4, 0x63, 0x42, 0x39, 0xf1, 0xe3, 0x79, 0xdf, 0x23, 0x41, 0xc2, 0xbb, 0x59, 0x8c, 0x50, 0x5e,
-	0x5b, 0xaa, 0x9b, 0x44, 0xb5, 0x50, 0xce, 0x00, 0x70, 0x96, 0x3d, 0xfa, 0xa4, 0x05, 0xa3, 0xce,
-	0xed, 0x58, 0x57, 0x74, 0x17, 0x41, 0xc7, 0x47, 0x54, 0x52, 0xa9, 0x22, 0xf1, 0xdc, 0xb1, 0x9f,
-	0x6a, 0xc2, 0x69, 0xa6, 0xe8, 0x6d, 0x0b, 0x10, 0xd9, 0x25, 0xae, 0x0c, 0x8b, 0x16, 0x7d, 0x19,
-	0x2c, 0x62, 0x07, 0x7f, 0xa1, 0x8b, 0x2e, 0x97, 0xea, 0xdd, 0xed, 0x38, 0xa7, 0x0f, 0xe8, 0x0a,
-	0xa0, 0x86, 0x17, 0x3b, 0xeb, 0x3e, 0x99, 0x0f, 0x9b, 0x32, 0xfb, 0x58, 0x9c, 0xa7, 0x9f, 0x15,
-	0xe3, 0x8c, 0x16, 0xba, 0x30, 0x70, 0xce, 0x53, 0x6c, 0x96, 0x45, 0xe1, 0x6e, 0xe7, 0x7a, 0xe4,
-	0x33, 0x2d, 0x61, 0xce, 0x32, 0xd1, 0x8e, 0x15, 0x86, 0xfd, 0x67, 0x65, 0xb5, 0x94, 0x75, 0x0e,
-	0x80, 0x63, 0xc4, 0x22, 0x5b, 0xf7, 0x1e, 0x8b, 0xac, 0x23, 0xa5, 0xba, 0x73, 0xea, 0x53, 0x29,
-	0xb8, 0xa5, 0x07, 0x94, 0x82, 0xfb, 0x7d, 0x56, 0xaa, 0x9e, 0xdd, 0xf0, 0xf9, 0x57, 0x8a, 0xcd,
-	0x3f, 0x98, 0xe6, 0x51, 0x5c, 0x19, 0xbd, 0x92, 0x09, 0xde, 0x7b, 0x06, 0xaa, 0x1b, 0xbe, 0xc3,
-	0xaa, 0xb0, 0xb0, 0x85, 0x6a, 0x44, 0x98, 0x5d, 0x14, 0xed, 0x58, 0x61, 0x50, 0xa9, 0x6f, 0x10,
-	0x3d, 0x94, 0xd4, 0xfe, 0xcf, 0x65, 0x18, 0x36, 0x34, 0x7e, 0xae, 0xf9, 0x66, 0x3d, 0x64, 0xe6,
-	0x5b, 0xe9, 0x10, 0xe6, 0xdb, 0xf7, 0x42, 0xcd, 0x95, 0xda, 0xa8, 0x98, 0xfa, 0xfc, 0x59, 0x1d,
-	0xa7, 0x15, 0x92, 0x6a, 0xc2, 0x9a, 0x27, 0xba, 0x94, 0x4a, 0xf3, 0x4c, 0xf9, 0x05, 0xf2, 0xf2,
-	0x30, 0x85, 0x46, 0xeb, 0x7e, 0x26, 0x1b, 0x1f, 0x50, 0x39, 0x38, 0x3e, 0xc0, 0xfe, 0x03, 0x4b,
-	0x7d, 0xdc, 0xfb, 0x50, 0xcf, 0xe7, 0x56, 0xba, 0x9e, 0xcf, 0x85, 0x42, 0x86, 0xb9, 0x47, 0x21,
-	0x9f, 0x6b, 0x30, 0x34, 0x1f, 0x36, 0x9b, 0x4e, 0xd0, 0x40, 0xdf, 0x00, 0x43, 0x2e, 0xff, 0x29,
-	0x7c, 0x68, 0xec, 0xb0, 0x5a, 0x40, 0xb1, 0x84, 0xa1, 0xc7, 0x61, 0xc0, 0x89, 0x36, 0xa5, 0xdf,
-	0x8c, 0x05, 0xc1, 0xcd, 0x46, 0x9b, 0x31, 0x66, 0xad, 0xf6, 0x5f, 0x58, 0x30, 0x46, 0x1f, 0xf1,
-	0xd8, 0x4b, 0xb1, 0xd7, 0x79, 0x1a, 0x06, 0x9d, 0x76, 0xb2, 0x15, 0x76, 0xed, 0xc3, 0x66, 0x59,
-	0x2b, 0x16, 0x50, 0xba, 0x0f, 0x53, 0x85, 0x20, 0x8c, 0x7d, 0xd8, 0x02, 0x9d, 0xcb, 0x0c, 0x42,
-	0x4d, 0xd9, 0xb8, 0xbd, 0x9e, 0x77, 0x5a, 0x5a, 0xe7, 0xcd, 0x58, 0xc2, 0x29, 0xb1, 0xf5, 0xb0,
-	0xd1, 0x11, 0xa1, 0xbd, 0x8a, 0xd8, 0x5c, 0xd8, 0xe8, 0x60, 0x06, 0x41, 0x4f, 0x40, 0x39, 0xde,
-	0x72, 0xe4, 0xb9, 0xbc, 0x8c, 0x32, 0xaf, 0x5f, 0x9e, 0xc5, 0xb4, 0x5d, 0x25, 0x4d, 0x44, 0x7e,
-	0x36, 0xc6, 0x36, 0x9d, 0x34, 0x11, 0xf9, 0xf6, 0xbf, 0x1c, 0x00, 0x16, 0x6f, 0xe3, 0x44, 0xa4,
-	0xb1, 0x16, 0xb2, 0x52, 0xc2, 0xc7, 0x7a, 0xac, 0xad, 0x37, 0xb2, 0x0f, 0xf3, 0xd1, 0xb6, 0x71,
-	0xbc, 0x59, 0xbe, 0xdf, 0xc7, 0x9b, 0xf9, 0x27, 0xd6, 0x03, 0x0f, 0xd1, 0x89, 0xb5, 0xfd, 0x59,
-	0x0b, 0x90, 0x8a, 0x9e, 0xd2, 0x21, 0x25, 0x33, 0x50, 0x53, 0xe1, 0x5a, 0x62, 0xbd, 0x68, 0xb1,
-	0x28, 0x01, 0x58, 0xe3, 0xf4, 0xe1, 0xbd, 0x78, 0x4a, 0xea, 0xac, 0x72, 0x3a, 0xe7, 0x82, 0x69,
-	0x3a, 0xa1, 0xc2, 0xec, 0x5f, 0x2d, 0xc1, 0x23, 0xdc, 0x5c, 0x5a, 0x76, 0x02, 0x67, 0x93, 0x34,
-	0x69, 0xaf, 0xfa, 0x0d, 0x12, 0x72, 0xe9, 0xb6, 0xd9, 0x93, 0x19, 0x12, 0x47, 0x95, 0x57, 0x5c,
-	0xce, 0x70, 0xc9, 0xb2, 0x18, 0x78, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x55, 0x79, 0x99, 0x91, 0xd0,
-	0x3f, 0x05, 0x31, 0x52, 0xa2, 0x58, 0x58, 0x16, 0x04, 0x2b, 0x46, 0xd4, 0x7c, 0xf0, 0x43, 0x77,
-	0x9b, 0x2e, 0xf9, 0xac, 0xf9, 0xb0, 0x24, 0xda, 0xb1, 0xc2, 0xb0, 0x9b, 0x30, 0x2e, 0xc7, 0xb0,
-	0x75, 0x95, 0x74, 0x30, 0xd9, 0xa0, 0x3a, 0xd7, 0x95, 0x4d, 0xc6, 0xfd, 0x4a, 0x4a, 0xe7, 0xce,
-	0x9b, 0x40, 0x9c, 0xc6, 0x95, 0xd5, 0x85, 0x4b, 0xf9, 0xd5, 0x85, 0xed, 0x5f, 0xb5, 0x20, 0xab,
-	0xf4, 0x8d, 0x5a, 0xaa, 0xd6, 0xbe, 0xb5, 0x54, 0x0f, 0x51, 0x8d, 0xf4, 0xbb, 0x60, 0xd8, 0x49,
-	0xa8, 0x55, 0xc7, 0x3d, 0x30, 0xe5, 0x7b, 0x3b, 0x39, 0x5c, 0x0e, 0x1b, 0xde, 0x86, 0xc7, 0x3c,
-	0x2f, 0x26, 0x39, 0xfb, 0x6d, 0x0b, 0x6a, 0x0b, 0x51, 0xe7, 0xf0, 0xa9, 0x6a, 0xdd, 0x89, 0x68,
-	0xa5, 0x43, 0x25, 0xa2, 0xc9, 0x54, 0xb7, 0x72, 0xaf, 0x54, 0x37, 0xfb, 0x2f, 0x07, 0x60, 0xa2,
-	0x2b, 0xf7, 0x12, 0xbd, 0x08, 0x23, 0xea, 0x2b, 0x49, 0xb7, 0x6b, 0xcd, 0x0c, 0x5e, 0xd6, 0x30,
-	0x9c, 0xc2, 0xec, 0x63, 0xa9, 0x2e, 0xc2, 0xc9, 0x88, 0xbc, 0xde, 0x26, 0x6d, 0x32, 0xbb, 0x91,
-	0x90, 0xa8, 0x4e, 0xdc, 0x30, 0x68, 0xf0, 0x62, 0xc4, 0xe5, 0xb9, 0x47, 0xef, 0xec, 0x4d, 0x9d,
-	0xc4, 0xdd, 0x60, 0x9c, 0xf7, 0x0c, 0x6a, 0xc1, 0xa8, 0x6f, 0xee, 0x17, 0xc4, 0x36, 0xf5, 0x9e,
-	0xb6, 0x1a, 0x6a, 0xb6, 0xa6, 0x9a, 0x71, 0x9a, 0x41, 0x7a, 0xd3, 0x51, 0x79, 0x40, 0x9b, 0x8e,
-	0x4f, 0xe8, 0x4d, 0x07, 0x8f, 0x05, 0xfa, 0x50, 0xc1, 0xb9, 0xb7, 0xfd, 0xec, 0x3a, 0x8e, 0xb2,
-	0x8f, 0x78, 0x19, 0xaa, 0x32, 0x4e, 0xb2, 0xaf, 0xf8, 0x42, 0x93, 0x4e, 0x0f, 0xd9, 0x7e, 0xb7,
-	0x04, 0x39, 0x5b, 0x65, 0xba, 0xd6, 0xb4, 0xbd, 0x97, 0x5a, 0x6b, 0x87, 0xb3, 0xf9, 0xd0, 0x2e,
-	0x8f, 0x11, 0xe5, 0x5a, 0xfe, 0x83, 0x45, 0x6f, 0xf5, 0x75, 0xd8, 0xa8, 0x92, 0x80, 0x2a, 0x74,
-	0xf4, 0x3c, 0x80, 0x36, 0xd3, 0x85, 0xad, 0xa7, 0x82, 0x3e, 0xb4, 0x35, 0x8f, 0x0d, 0x2c, 0xf4,
-	0x02, 0x0c, 0x7b, 0x41, 0x9c, 0x38, 0xbe, 0x7f, 0xd9, 0x0b, 0x12, 0x61, 0xff, 0x29, 0x73, 0x66,
-	0x51, 0x83, 0xb0, 0x89, 0x77, 0xf6, 0xfd, 0xc6, 0x77, 0x39, 0xcc, 0xf7, 0xdc, 0x82, 0x33, 0x97,
-	0xbc, 0x44, 0x25, 0x1f, 0xaa, 0x79, 0x44, 0xad, 0x70, 0x25, 0x83, 0xac, 0x9e, 0xe9, 0xb6, 0x46,
-	0xf2, 0x5f, 0x29, 0x9d, 0xab, 0x98, 0x4d, 0xfe, 0xb3, 0x5d, 0x38, 0x75, 0xc9, 0x4b, 0x2e, 0x7a,
-	0x3e, 0x39, 0x46, 0x26, 0xbf, 0x3c, 0x08, 0x23, 0x66, 0x4e, 0xfe, 0x61, 0x24, 0xf6, 0xe7, 0xa9,
-	0x7d, 0x2a, 0x06, 0xc2, 0x53, 0x07, 0xd9, 0x37, 0x8f, 0x5c, 0x20, 0x20, 0x7f, 0x70, 0x0d, 0x13,
-	0x55, 0xf3, 0xc4, 0x66, 0x07, 0xd0, 0x6d, 0xa8, 0x6c, 0xb0, 0x3c, 0xb6, 0x72, 0x11, 0x21, 0x48,
-	0x79, 0x83, 0xaf, 0x57, 0x24, 0xcf, 0x84, 0xe3, 0xfc, 0xa8, 0x59, 0x11, 0xa5, 0xd3, 0xa7, 0x8d,
-	0xec, 0x02, 0xa1, 0xaf, 0x14, 0x46, 0x2f, 0xad, 0x50, 0xb9, 0x07, 0xad, 0x90, 0x92, 0xd1, 0x83,
-	0x0f, 0x48, 0x46, 0xb3, 0x9c, 0xc4, 0x64, 0x8b, 0x19, 0xbd, 0x22, 0x1d, 0x6a, 0x88, 0x0d, 0x82,
-	0x91, 0x93, 0x98, 0x02, 0xe3, 0x2c, 0x3e, 0xfa, 0xa8, 0x92, 0xf2, 0xd5, 0x22, 0x0e, 0x0a, 0xcc,
-	0x19, 0x7d, 0xdc, 0x02, 0xfe, 0xb3, 0x25, 0x18, 0xbb, 0x14, 0xb4, 0x57, 0x2f, 0xad, 0xb6, 0xd7,
-	0x7d, 0xcf, 0xbd, 0x4a, 0x3a, 0x54, 0x8a, 0x6f, 0x93, 0xce, 0xe2, 0x82, 0x58, 0x41, 0x6a, 0xce,
-	0x5c, 0xa5, 0x8d, 0x98, 0xc3, 0xa8, 0xdc, 0xda, 0xf0, 0x82, 0x4d, 0x12, 0xb5, 0x22, 0x4f, 0xf8,
-	0xf0, 0x0d, 0xb9, 0x75, 0x51, 0x83, 0xb0, 0x89, 0x47, 0x69, 0x87, 0xb7, 0x03, 0x55, 0x20, 0x49,
-	0xd1, 0x5e, 0xa1, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12, 0xb5, 0x85, 0x8b, 0xcc, 0x40, 0x5a, 0xa3,
-	0x8d, 0x98, 0xc3, 0xc4, 0xee, 0x9b, 0x45, 0x78, 0x55, 0xba, 0x76, 0xdf, 0x2c, 0x38, 0x42, 0xc2,
-	0x29, 0xea, 0x36, 0xe9, 0x2c, 0x38, 0x89, 0x93, 0xdd, 0x3c, 0x5f, 0xe5, 0xcd, 0x58, 0xc2, 0x59,
-	0xc5, 0xe4, 0xf4, 0x70, 0x7c, 0xd5, 0x55, 0x4c, 0x4e, 0x77, 0xbf, 0x87, 0xa3, 0xe5, 0xef, 0x94,
-	0x60, 0xe4, 0x9d, 0x6b, 0x4d, 0x73, 0x2e, 0xec, 0xb9, 0x09, 0x13, 0x5d, 0x99, 0xd0, 0x7d, 0x58,
-	0x3e, 0x07, 0x56, 0xaa, 0xb0, 0x31, 0x0c, 0x53, 0xc2, 0xb2, 0x52, 0xe0, 0x3c, 0x4c, 0xf0, 0xc5,
-	0x4b, 0x39, 0xb1, 0xc4, 0x56, 0x95, 0xdd, 0xce, 0x0e, 0xa9, 0x6e, 0x64, 0x81, 0xb8, 0x1b, 0xdf,
-	0xfe, 0x9c, 0x05, 0xa3, 0xa9, 0xe4, 0xf4, 0x82, 0x6c, 0x34, 0xb6, 0xba, 0x43, 0x16, 0x9d, 0xcc,
-	0xb2, 0x45, 0xca, 0x4c, 0x0d, 0xeb, 0xd5, 0xad, 0x41, 0xd8, 0xc4, 0xb3, 0x7f, 0xab, 0x0c, 0x55,
-	0x19, 0x49, 0xd5, 0x47, 0x57, 0x3e, 0x63, 0xc1, 0xa8, 0x3a, 0x18, 0x64, 0x9e, 0xdc, 0x52, 0x11,
-	0xb9, 0x72, 0xb4, 0x07, 0xca, 0x2f, 0x12, 0x6c, 0x84, 0x7a, 0xc3, 0x80, 0x4d, 0x66, 0x38, 0xcd,
-	0x1b, 0xdd, 0x00, 0x88, 0x3b, 0x71, 0x42, 0x9a, 0x86, 0x4f, 0xd9, 0x36, 0x66, 0xd9, 0xb4, 0x1b,
-	0x46, 0x84, 0xce, 0xa9, 0x6b, 0x61, 0x83, 0xd4, 0x15, 0xa6, 0xb6, 0xf0, 0x74, 0x1b, 0x36, 0x28,
-	0xa1, 0x37, 0xd4, 0x31, 0xf6, 0x40, 0x11, 0x7a, 0x5d, 0x8e, 0x6f, 0x3f, 0xe7, 0xd8, 0x47, 0x38,
-	0x37, 0xb6, 0x7f, 0xa6, 0x04, 0x27, 0xb2, 0x23, 0x89, 0x3e, 0x04, 0x23, 0x72, 0xd0, 0x0c, 0xf7,
-	0x81, 0x0c, 0x5f, 0x1b, 0xc1, 0x06, 0xec, 0xee, 0xde, 0xd4, 0x54, 0xf7, 0xfd, 0xd8, 0xd3, 0x26,
-	0x0a, 0x4e, 0x11, 0xe3, 0x87, 0xca, 0x22, 0xfa, 0x61, 0xae, 0x33, 0xdb, 0x6a, 0x89, 0x93, 0x61,
-	0xe3, 0x50, 0xd9, 0x84, 0xe2, 0x0c, 0x36, 0x5a, 0x85, 0x53, 0x46, 0xcb, 0x35, 0xe2, 0x6d, 0x6e,
-	0xad, 0x87, 0x91, 0xdc, 0xaf, 0x3e, 0xae, 0x83, 0x65, 0xbb, 0x71, 0x70, 0xee, 0x93, 0xd4, 0x30,
-	0x72, 0x9d, 0x96, 0xe3, 0x7a, 0x49, 0x47, 0xf8, 0xf6, 0x95, 0x18, 0x9f, 0x17, 0xed, 0x58, 0x61,
-	0xd8, 0xff, 0x70, 0x00, 0x4e, 0xf0, 0xe8, 0x50, 0xa2, 0x82, 0x9f, 0xd1, 0x87, 0xa0, 0x16, 0x27,
-	0x4e, 0xc4, 0x9d, 0x15, 0xd6, 0xa1, 0x45, 0x97, 0xce, 0xa8, 0x97, 0x44, 0xb0, 0xa6, 0x87, 0x5e,
-	0x61, 0xe5, 0xc8, 0xbc, 0x78, 0x8b, 0x51, 0x2f, 0xdd, 0x9b, 0x2b, 0xe4, 0xa2, 0xa2, 0x80, 0x0d,
-	0x6a, 0xe8, 0x5b, 0xa1, 0xd2, 0xda, 0x72, 0x62, 0xe9, 0xa7, 0x7b, 0x5a, 0xca, 0x89, 0x55, 0xda,
-	0x78, 0x77, 0x6f, 0xea, 0x74, 0xf6, 0x55, 0x19, 0x00, 0xf3, 0x87, 0x4c, 0x29, 0x3f, 0x70, 0xf0,
-	0x7d, 0x3b, 0x8d, 0xa8, 0x53, 0xbf, 0x3c, 0x9b, 0xbd, 0xa1, 0x65, 0x81, 0xb5, 0x62, 0x01, 0xa5,
-	0x32, 0x69, 0x8b, 0xb3, 0x6c, 0x50, 0xe4, 0xc1, 0xb4, 0xc5, 0x71, 0x59, 0x83, 0xb0, 0x89, 0x87,
-	0x3e, 0xdb, 0x1d, 0x3b, 0x3c, 0x74, 0x0c, 0xb9, 0x25, 0xfd, 0x46, 0x0d, 0x5f, 0x80, 0x9a, 0xe8,
-	0xea, 0x5a, 0x88, 0x5e, 0x84, 0x11, 0xee, 0x06, 0x9a, 0x8b, 0x9c, 0xc0, 0xdd, 0xca, 0x3a, 0x6f,
-	0xd6, 0x0c, 0x18, 0x4e, 0x61, 0xda, 0xcb, 0x30, 0xd0, 0xa7, 0x90, 0xed, 0x6b, 0x4f, 0xfe, 0x32,
-	0x54, 0x29, 0x39, 0xb9, 0x41, 0x2b, 0x82, 0x64, 0x08, 0x55, 0x79, 0x7b, 0x23, 0xb2, 0xa1, 0xec,
-	0x39, 0x32, 0x46, 0x44, 0x2d, 0xa1, 0xc5, 0x38, 0x6e, 0xb3, 0x69, 0x47, 0x81, 0xe8, 0x29, 0x28,
-	0x93, 0xdd, 0x56, 0x36, 0x18, 0xe4, 0xc2, 0x6e, 0xcb, 0x8b, 0x48, 0x4c, 0x91, 0xc8, 0x6e, 0x0b,
-	0x9d, 0x85, 0x92, 0xd7, 0x10, 0x33, 0x12, 0x04, 0x4e, 0x69, 0x71, 0x01, 0x97, 0xbc, 0x86, 0xbd,
-	0x0b, 0x35, 0x75, 0x5d, 0x24, 0xda, 0x96, 0x26, 0x95, 0x55, 0x44, 0x74, 0xb0, 0xa4, 0xdb, 0xc3,
-	0x98, 0x6a, 0x03, 0xe8, 0x52, 0x0d, 0x45, 0xa9, 0xe0, 0x73, 0x30, 0xe0, 0x86, 0xa2, 0xc8, 0x4e,
-	0x55, 0x93, 0x61, 0xb6, 0x14, 0x83, 0xd8, 0x37, 0x61, 0xec, 0x6a, 0x10, 0xde, 0x66, 0xb7, 0x3a,
-	0xb1, 0x22, 0xc6, 0x94, 0xf0, 0x06, 0xfd, 0x91, 0xb5, 0xdc, 0x19, 0x14, 0x73, 0x98, 0x2a, 0xaf,
-	0x5a, 0xea, 0x55, 0x5e, 0xd5, 0xfe, 0x98, 0x05, 0x23, 0x2a, 0xe7, 0xfb, 0xd2, 0xce, 0x36, 0xa5,
-	0xbb, 0x19, 0x85, 0xed, 0x56, 0x96, 0x2e, 0xbb, 0x99, 0x16, 0x73, 0x98, 0x59, 0x0c, 0xa1, 0x74,
-	0x40, 0x31, 0x84, 0x73, 0x30, 0xb0, 0xed, 0x05, 0x8d, 0xac, 0xb3, 0xf3, 0xaa, 0x17, 0x34, 0x30,
-	0x83, 0xd8, 0x7f, 0x65, 0xc1, 0x09, 0xd5, 0x05, 0x69, 0x33, 0xbd, 0x08, 0x23, 0xeb, 0x6d, 0xcf,
-	0x6f, 0xc8, 0xea, 0xcc, 0x99, 0xe5, 0x32, 0x67, 0xc0, 0x70, 0x0a, 0x13, 0x9d, 0x07, 0x58, 0xf7,
-	0x02, 0x27, 0xea, 0xac, 0x6a, 0x23, 0x4d, 0xe9, 0xed, 0x39, 0x05, 0xc1, 0x06, 0x16, 0x7a, 0x13,
-	0xaa, 0x3b, 0xf2, 0x54, 0xb6, 0x5c, 0x68, 0x0e, 0xbf, 0x18, 0x0f, 0xbd, 0x12, 0xd4, 0x31, 0xaf,
-	0xe2, 0x68, 0x7f, 0xa1, 0x0c, 0x63, 0xe9, 0xbc, 0xfb, 0x3e, 0x3c, 0x27, 0x4f, 0x41, 0x85, 0xa5,
-	0xe2, 0x67, 0x27, 0x16, 0x2f, 0xa7, 0xcc, 0x61, 0x28, 0x86, 0x41, 0x2e, 0x4a, 0x8a, 0xb9, 0x5b,
-	0x54, 0x75, 0x52, 0xf9, 0x67, 0x59, 0x04, 0xb7, 0x70, 0x77, 0x0b, 0x56, 0xe8, 0x93, 0x16, 0x0c,
-	0x85, 0x2d, 0xb3, 0xae, 0xe7, 0x07, 0x8b, 0xac, 0x49, 0x20, 0x12, 0x7f, 0x85, 0x35, 0xa4, 0x26,
-	0x9e, 0x9c, 0x0c, 0x92, 0xf5, 0xd9, 0x6f, 0x81, 0x11, 0x13, 0xf3, 0x20, 0x83, 0xa8, 0x6a, 0x1a,
-	0x44, 0x9f, 0x31, 0xa7, 0xa4, 0xa8, 0xba, 0xd0, 0xc7, 0x62, 0xbf, 0x0e, 0x15, 0x57, 0x85, 0xb9,
-	0xdd, 0xd3, 0x8d, 0x02, 0xaa, 0x2a, 0x19, 0x0b, 0x21, 0xe0, 0xd4, 0xec, 0x3f, 0xb0, 0x8c, 0xf9,
-	0x81, 0x49, 0xbc, 0xd8, 0x40, 0x11, 0x94, 0x37, 0x77, 0xb6, 0x85, 0x91, 0x71, 0xa5, 0xa0, 0xe1,
-	0xbd, 0xb4, 0xb3, 0xad, 0x57, 0x98, 0xd9, 0x8a, 0x29, 0xb3, 0x3e, 0x0e, 0x11, 0x52, 0xc5, 0x39,
-	0xca, 0x07, 0x17, 0xe7, 0xb0, 0xdf, 0x2e, 0xc1, 0x44, 0xd7, 0xa4, 0x42, 0x6f, 0x40, 0x25, 0xa2,
-	0x6f, 0x29, 0x5e, 0x6f, 0xa9, 0xb0, 0x72, 0x1a, 0xf1, 0x62, 0x43, 0x2b, 0xef, 0x74, 0x3b, 0xe6,
-	0x2c, 0xd1, 0x15, 0x40, 0x3a, 0x18, 0x53, 0x9d, 0x60, 0xf0, 0x57, 0x56, 0x11, 0x5b, 0xb3, 0x5d,
-	0x18, 0x38, 0xe7, 0x29, 0xf4, 0x52, 0xf6, 0x20, 0x24, 0x53, 0x29, 0x7a, 0xbf, 0x33, 0x0d, 0xfb,
-	0x2d, 0x73, 0x0a, 0xde, 0xd0, 0xc2, 0xf4, 0xa8, 0x9b, 0xd3, 0x2e, 0xc9, 0x5a, 0xee, 0x57, 0xb2,
-	0xda, 0xbf, 0x58, 0x82, 0xd1, 0x54, 0xe5, 0x57, 0xe4, 0x43, 0x95, 0xf8, 0xec, 0xc4, 0x56, 0x6a,
-	0xdf, 0xa3, 0x5e, 0x02, 0xa3, 0xe4, 0xe4, 0x05, 0x41, 0x17, 0x2b, 0x0e, 0x0f, 0x47, 0x6c, 0xd9,
-	0x8b, 0x30, 0x22, 0x3b, 0xf4, 0x41, 0xa7, 0xe9, 0x67, 0x87, 0xef, 0x82, 0x01, 0xc3, 0x29, 0x4c,
-	0xfb, 0xd7, 0xca, 0x30, 0xc9, 0x8f, 0xb8, 0x1b, 0x6a, 0x31, 0xa8, 0x50, 0x95, 0x1f, 0xd2, 0xf5,
-	0x99, 0xad, 0x22, 0x6e, 0x3a, 0xef, 0xc5, 0xa8, 0xaf, 0x90, 0xe8, 0x9f, 0xc8, 0x84, 0x44, 0xf3,
-	0xad, 0xfa, 0xe6, 0x31, 0xf5, 0xe8, 0xab, 0x2b, 0x46, 0xfa, 0x9f, 0x96, 0x60, 0x3c, 0x73, 0xa1,
-	0x1d, 0xfa, 0x42, 0xfa, 0x0e, 0x14, 0xab, 0x88, 0xe3, 0xbf, 0x7d, 0xef, 0x38, 0x3b, 0xdc, 0x4d,
-	0x28, 0x0f, 0x68, 0xa9, 0xd8, 0xbf, 0x57, 0x82, 0xb1, 0xf4, 0x4d, 0x7c, 0x0f, 0xe1, 0x48, 0xbd,
-	0x17, 0x6a, 0xec, 0xb2, 0xa9, 0xab, 0xa4, 0x23, 0x4f, 0x19, 0xf9, 0xbd, 0x3e, 0xb2, 0x11, 0x6b,
-	0xf8, 0x43, 0x71, 0xc1, 0x8c, 0xfd, 0xcf, 0x2d, 0x38, 0xcd, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x56,
-	0xde, 0xe8, 0xbe, 0x5a, 0x6c, 0x07, 0x33, 0x75, 0xc5, 0x0f, 0x1a, 0x5f, 0x76, 0xdf, 0xbb, 0xe8,
-	0x6d, 0x7a, 0x2a, 0x3c, 0x84, 0x9d, 0x3d, 0xd4, 0x64, 0xb0, 0xff, 0x63, 0x09, 0x86, 0x57, 0xe6,
-	0x17, 0x95, 0x08, 0x9f, 0x81, 0x9a, 0x1b, 0x11, 0x47, 0xbb, 0x7f, 0xcc, 0x00, 0x2a, 0x09, 0xc0,
-	0x1a, 0x87, 0xee, 0xa2, 0x78, 0x00, 0x62, 0x9c, 0xdd, 0x45, 0xf1, 0xf8, 0xc4, 0x18, 0x4b, 0x38,
-	0x7a, 0x06, 0xaa, 0x2c, 0x35, 0xf8, 0x7a, 0x24, 0x35, 0x8e, 0xde, 0x5a, 0xb3, 0x76, 0xbc, 0x84,
-	0x15, 0x06, 0x25, 0xdc, 0x08, 0xdd, 0x98, 0x22, 0x67, 0x3c, 0x32, 0x0b, 0xb4, 0x19, 0x2f, 0x61,
-	0x09, 0x67, 0x95, 0x1d, 0x99, 0xd7, 0x82, 0x22, 0x57, 0xd2, 0x9d, 0xe6, 0xee, 0x0d, 0x8a, 0xae,
-	0x71, 0x0e, 0x53, 0x01, 0x34, 0x93, 0x9e, 0x37, 0xd4, 0x5f, 0x7a, 0x9e, 0xfd, 0x7b, 0x65, 0xa8,
-	0x69, 0xa7, 0x9a, 0x27, 0xea, 0x61, 0x14, 0x52, 0xb7, 0xbe, 0xde, 0x09, 0x5c, 0x45, 0x9a, 0x47,
-	0x13, 0x18, 0xe5, 0x30, 0x7e, 0xc0, 0x82, 0x61, 0x2f, 0xf0, 0x12, 0xcf, 0x61, 0xbe, 0xc1, 0x62,
-	0xee, 0xff, 0x56, 0xec, 0x16, 0x39, 0xe5, 0x30, 0x32, 0x8f, 0xfc, 0x15, 0x33, 0x6c, 0x72, 0x46,
-	0x1f, 0x11, 0xd9, 0x60, 0xe5, 0xc2, 0x8a, 0xca, 0x54, 0x33, 0x29, 0x60, 0x2d, 0x6a, 0x63, 0x27,
-	0x51, 0x41, 0xb5, 0x98, 0x30, 0x25, 0xa5, 0xee, 0x4f, 0x51, 0xbb, 0x18, 0xd6, 0x8c, 0x39, 0x23,
-	0x3b, 0x06, 0xd4, 0x3d, 0x16, 0x87, 0xcc, 0xb4, 0x99, 0x81, 0x9a, 0xd3, 0x4e, 0xc2, 0x26, 0x1d,
-	0x26, 0x11, 0x30, 0xa0, 0x73, 0x89, 0x24, 0x00, 0x6b, 0x1c, 0xfb, 0x0b, 0x15, 0xc8, 0x54, 0xa7,
-	0x40, 0xbb, 0x50, 0x53, 0xf5, 0x29, 0x8a, 0xc9, 0x5c, 0xd5, 0x33, 0x4a, 0x75, 0x46, 0x35, 0x61,
-	0xcd, 0x0c, 0x6d, 0x4a, 0x37, 0x2b, 0x5f, 0xed, 0x2f, 0x67, 0xdd, 0xac, 0xdf, 0xd1, 0xdf, 0xa9,
-	0x1b, 0x9d, 0xab, 0x33, 0xbc, 0x1e, 0xe1, 0xf4, 0x81, 0x1e, 0xd9, 0x83, 0x6e, 0x40, 0xff, 0xb8,
-	0xb8, 0xad, 0x0c, 0x93, 0xb8, 0xed, 0x27, 0x62, 0x36, 0xbc, 0x5c, 0xe0, 0x2a, 0xe3, 0x84, 0x75,
-	0x95, 0x27, 0xfe, 0x1f, 0x1b, 0x4c, 0xd3, 0x7e, 0xf3, 0xc1, 0x63, 0xf5, 0x9b, 0x0f, 0x15, 0xea,
-	0x37, 0x3f, 0x0f, 0xc0, 0xe6, 0x36, 0xcf, 0x08, 0xa8, 0x32, 0x77, 0xa6, 0x52, 0x31, 0x58, 0x41,
-	0xb0, 0x81, 0x65, 0x7f, 0x13, 0xa4, 0xcb, 0x94, 0xa1, 0x29, 0x59, 0x15, 0x8d, 0x9f, 0x08, 0xb2,
-	0x64, 0xcc, 0x54, 0x01, 0xb3, 0x9f, 0xb7, 0xc0, 0xac, 0xa5, 0x86, 0x5e, 0xe7, 0x45, 0xdb, 0xac,
-	0x22, 0x4e, 0x98, 0x0c, 0xba, 0xd3, 0xcb, 0x4e, 0x2b, 0x13, 0xed, 0x24, 0x2b, 0xb7, 0x9d, 0x7d,
-	0x3f, 0x54, 0x25, 0xf4, 0x50, 0xc6, 0xf2, 0x47, 0xe1, 0xa4, 0x2c, 0xec, 0x20, 0x0f, 0x83, 0x44,
-	0xd4, 0xc1, 0xc1, 0x3e, 0x46, 0xe9, 0x38, 0x2c, 0xf5, 0x72, 0x1c, 0xaa, 0xdd, 0x70, 0xb9, 0x67,
-	0x39, 0xf6, 0x5f, 0xb0, 0xe0, 0x5c, 0xb6, 0x03, 0xf1, 0x72, 0x18, 0x78, 0x49, 0x18, 0xd5, 0x49,
-	0x92, 0x78, 0xc1, 0x26, 0xab, 0xad, 0x7b, 0xdb, 0x89, 0xe4, 0xfd, 0x4a, 0x4c, 0x50, 0xde, 0x74,
-	0xa2, 0x00, 0xb3, 0x56, 0xd4, 0x81, 0x41, 0x1e, 0x42, 0x2d, 0x76, 0x41, 0x47, 0x5c, 0x1b, 0x39,
-	0xc3, 0xa1, 0xb7, 0x61, 0x3c, 0x7c, 0x1b, 0x0b, 0x86, 0xf6, 0x97, 0x2d, 0x40, 0x2b, 0x3b, 0x24,
-	0x8a, 0xbc, 0x86, 0x11, 0xf4, 0xcd, 0x6e, 0xfd, 0x34, 0x6e, 0xf7, 0x34, 0xcb, 0x8e, 0x64, 0x6e,
-	0xfd, 0x34, 0xfe, 0xe5, 0xdf, 0xfa, 0x59, 0x3a, 0xdc, 0xad, 0x9f, 0x68, 0x05, 0x4e, 0x37, 0xf9,
-	0x36, 0x8e, 0xdf, 0xa4, 0xc7, 0xf7, 0x74, 0x2a, 0x43, 0xfe, 0xcc, 0x9d, 0xbd, 0xa9, 0xd3, 0xcb,
-	0x79, 0x08, 0x38, 0xff, 0x39, 0xfb, 0xfd, 0x80, 0x78, 0xac, 0xf7, 0x7c, 0x5e, 0xb8, 0x6a, 0x4f,
-	0x37, 0x87, 0xfd, 0xe3, 0x15, 0x18, 0xcf, 0xdc, 0xbe, 0x41, 0xb7, 0xd0, 0xdd, 0xf1, 0xb1, 0x47,
-	0xd6, 0xdf, 0xdd, 0xdd, 0xeb, 0x2b, 0xe2, 0x36, 0x80, 0x8a, 0x17, 0xb4, 0xda, 0x49, 0x31, 0x05,
-	0x3a, 0x78, 0x27, 0x16, 0x29, 0x41, 0xe3, 0x5c, 0x82, 0xfe, 0xc5, 0x9c, 0x4d, 0x91, 0xf1, 0xbb,
-	0xa9, 0x4d, 0xce, 0xc0, 0x03, 0x72, 0xb3, 0x7c, 0x5c, 0x47, 0xd3, 0x56, 0x8a, 0xf0, 0x21, 0x67,
-	0x26, 0xcb, 0x71, 0x87, 0x5a, 0xfd, 0x6c, 0x09, 0x86, 0x8d, 0x8f, 0x86, 0x7e, 0x32, 0x5d, 0x69,
-	0xd4, 0x2a, 0xee, 0x95, 0x18, 0xfd, 0x69, 0x5d, 0x4b, 0x94, 0xbf, 0xd2, 0xd3, 0xdd, 0x45, 0x46,
-	0xef, 0xee, 0x4d, 0x9d, 0xc8, 0x94, 0x11, 0x4d, 0x15, 0x1e, 0x3d, 0xfb, 0x3d, 0x30, 0x9e, 0x21,
-	0x93, 0xf3, 0xca, 0x6b, 0xe6, 0x2b, 0x1f, 0xd9, 0xdd, 0x67, 0x0e, 0xd9, 0x97, 0xe8, 0x90, 0x89,
-	0xba, 0x00, 0xa1, 0x4f, 0xfa, 0xf0, 0x75, 0x66, 0xf6, 0x17, 0xa5, 0x3e, 0xcb, 0x7f, 0xbc, 0x07,
-	0xaa, 0xad, 0xd0, 0xf7, 0x5c, 0x4f, 0x15, 0x2a, 0x67, 0x05, 0x47, 0x56, 0x45, 0x1b, 0x56, 0x50,
-	0x74, 0x1b, 0x6a, 0xb7, 0x6e, 0x27, 0xfc, 0x98, 0x51, 0x1c, 0x65, 0x14, 0x75, 0xba, 0xa8, 0x8c,
-	0x16, 0x75, 0x8e, 0x89, 0x35, 0x2f, 0x64, 0xc3, 0x20, 0x53, 0x82, 0x32, 0x47, 0x90, 0x1d, 0xb3,
-	0x30, 0xed, 0x18, 0x63, 0x01, 0xb1, 0xff, 0xfd, 0x30, 0x9c, 0xca, 0xbb, 0x02, 0x09, 0xbd, 0x09,
-	0x83, 0xbc, 0x8f, 0xc5, 0xdc, 0xb2, 0x97, 0xc7, 0xe3, 0x12, 0x23, 0x28, 0xba, 0xc5, 0x7e, 0x63,
-	0xc1, 0x53, 0x70, 0xf7, 0x9d, 0x75, 0x31, 0x43, 0x8e, 0x87, 0xfb, 0x92, 0xa3, 0xb9, 0x2f, 0x39,
-	0x9c, 0xbb, 0xef, 0xac, 0xa3, 0x5d, 0xa8, 0x6c, 0x7a, 0x09, 0x71, 0x84, 0x73, 0xe6, 0xe6, 0xb1,
-	0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, 0x2f, 0x5a, 0x30, 0xbe, 0x9e, 0xae,
-	0x3b, 0x24, 0x84, 0xa7, 0x73, 0x0c, 0xd7, 0x5c, 0xa5, 0x19, 0xf1, 0x6b, 0x6f, 0x33, 0x8d, 0x38,
-	0xdb, 0x1d, 0xf4, 0x09, 0x0b, 0x86, 0x36, 0x3c, 0xdf, 0xb8, 0x47, 0xe4, 0x18, 0x3e, 0xce, 0x45,
-	0xc6, 0x40, 0xef, 0x38, 0xf8, 0xff, 0x18, 0x4b, 0xce, 0xbd, 0x34, 0xd5, 0xe0, 0x51, 0x35, 0xd5,
-	0xd0, 0x03, 0xd2, 0x54, 0x9f, 0xb6, 0xa0, 0xa6, 0x46, 0x5a, 0xd4, 0x6f, 0xf9, 0xd0, 0x31, 0x7e,
-	0x72, 0xee, 0x91, 0x52, 0x7f, 0xb1, 0x66, 0x8e, 0xde, 0xb2, 0x60, 0xd8, 0x79, 0xa3, 0x1d, 0x91,
-	0x06, 0xd9, 0x09, 0x5b, 0xb1, 0x28, 0xac, 0xfa, 0x6a, 0xf1, 0x9d, 0x99, 0xa5, 0x4c, 0x16, 0xc8,
-	0xce, 0x4a, 0x2b, 0x16, 0xf9, 0xcb, 0xba, 0x01, 0x9b, 0x5d, 0x40, 0xdf, 0xaf, 0xf5, 0x38, 0x14,
-	0x51, 0x5e, 0x3b, 0xaf, 0x37, 0x7d, 0xa5, 0xe3, 0x13, 0x78, 0xcc, 0x0d, 0x83, 0xc4, 0x0b, 0xda,
-	0x64, 0x25, 0xc0, 0xa4, 0x15, 0x5e, 0x0b, 0x93, 0x8b, 0x61, 0x3b, 0x68, 0x5c, 0x88, 0xa2, 0x30,
-	0x62, 0x05, 0x6a, 0x8c, 0xcb, 0x55, 0xe7, 0x7b, 0xa3, 0xe2, 0xfd, 0xe8, 0x1c, 0xc5, 0x66, 0xd8,
-	0x2b, 0xc1, 0xd4, 0x01, 0x83, 0x8d, 0x5e, 0x84, 0x91, 0x30, 0xda, 0x74, 0x02, 0xef, 0x0d, 0xb3,
-	0xe6, 0x9a, 0x32, 0x48, 0x57, 0x0c, 0x18, 0x4e, 0x61, 0x9a, 0xc5, 0x78, 0x4a, 0x07, 0x14, 0xe3,
-	0x39, 0x07, 0x03, 0x11, 0x69, 0x85, 0xd9, 0x7d, 0x15, 0x4b, 0x39, 0x64, 0x10, 0xf4, 0x04, 0x94,
-	0x9d, 0x96, 0x27, 0x9c, 0x8b, 0x6a, 0xbb, 0x38, 0xbb, 0xba, 0x88, 0x69, 0x7b, 0xaa, 0x36, 0x58,
-	0xe5, 0xbe, 0xd4, 0x06, 0xa3, 0x1a, 0x53, 0x1c, 0x9f, 0x0d, 0x6a, 0x8d, 0x99, 0x3e, 0xd6, 0xb2,
-	0xdf, 0x2e, 0xc3, 0x13, 0xfb, 0x2e, 0x2d, 0x1d, 0xb2, 0x6e, 0xed, 0x13, 0xb2, 0x2e, 0x87, 0xa7,
-	0x74, 0xd0, 0xf0, 0x94, 0x7b, 0x0c, 0xcf, 0x27, 0xa8, 0xc4, 0x90, 0xb5, 0xea, 0x8a, 0xb9, 0x20,
-	0xbe, 0x57, 0xe9, 0x3b, 0x21, 0x2c, 0x24, 0x14, 0x6b, 0xbe, 0x74, 0xbb, 0x94, 0x2a, 0x44, 0x53,
-	0x29, 0x42, 0x63, 0xf6, 0xac, 0x17, 0xc7, 0xc5, 0x44, 0xaf, 0xea, 0x36, 0xf6, 0x2f, 0x0d, 0xc0,
-	0x53, 0x7d, 0x28, 0x3a, 0x73, 0x16, 0x5b, 0x7d, 0xce, 0xe2, 0xaf, 0xf2, 0xcf, 0xf4, 0xa9, 0xdc,
-	0xcf, 0x84, 0x8b, 0xff, 0x4c, 0xfb, 0x7f, 0x21, 0x76, 0x02, 0x11, 0xc4, 0xc4, 0x6d, 0x47, 0x3c,
-	0x7d, 0xc7, 0xc8, 0x47, 0x5e, 0x14, 0xed, 0x58, 0x61, 0xd0, 0xed, 0xaf, 0xeb, 0xd0, 0xe5, 0x3f,
-	0x54, 0x50, 0xe1, 0x11, 0x33, 0xb5, 0x99, 0x5b, 0x5f, 0xf3, 0xb3, 0x54, 0x02, 0x70, 0x36, 0xf6,
-	0xaf, 0x5b, 0x70, 0xb6, 0xb7, 0x35, 0x82, 0x9e, 0x85, 0xe1, 0x75, 0x16, 0x4c, 0xb9, 0xcc, 0x42,
-	0xa6, 0xc4, 0xd4, 0x61, 0xef, 0xab, 0x9b, 0xb1, 0x89, 0x83, 0xe6, 0x61, 0xc2, 0x8c, 0xc2, 0x5c,
-	0x36, 0x62, 0xad, 0x98, 0xbf, 0x64, 0x2d, 0x0b, 0xc4, 0xdd, 0xf8, 0x68, 0x1a, 0x20, 0xf1, 0x12,
-	0x9f, 0xf0, 0xa7, 0xf9, 0x44, 0x63, 0x0e, 0xc5, 0x35, 0xd5, 0x8a, 0x0d, 0x0c, 0xfb, 0x2b, 0xe5,
-	0xfc, 0xd7, 0xe0, 0x56, 0xee, 0x61, 0x66, 0xbf, 0x98, 0xdb, 0xa5, 0x3e, 0x24, 0x74, 0xf9, 0x7e,
-	0x4b, 0xe8, 0x81, 0x5e, 0x12, 0x1a, 0x2d, 0xc0, 0x09, 0xe3, 0xba, 0x56, 0x5e, 0xba, 0x86, 0x1f,
-	0x4a, 0xa9, 0xba, 0x73, 0xab, 0x19, 0x38, 0xee, 0x7a, 0xe2, 0x21, 0x9f, 0xaa, 0xbf, 0x51, 0x82,
-	0x33, 0x3d, 0x37, 0x16, 0xf7, 0x49, 0x03, 0x99, 0x9f, 0x7f, 0xe0, 0xfe, 0x7c, 0x7e, 0xf3, 0xa3,
-	0x54, 0x0e, 0xfc, 0x28, 0xfd, 0xa8, 0xf3, 0xdf, 0x2f, 0xf5, 0x5c, 0x2c, 0x74, 0x23, 0xfa, 0x35,
-	0x3b, 0x92, 0x2f, 0xc1, 0xa8, 0xd3, 0x6a, 0x71, 0x3c, 0x96, 0x99, 0x91, 0xa9, 0x85, 0x39, 0x6b,
-	0x02, 0x71, 0x1a, 0xb7, 0xaf, 0x81, 0xfd, 0x63, 0x0b, 0x6a, 0x98, 0x6c, 0x70, 0x09, 0x87, 0x6e,
-	0x89, 0x21, 0xb2, 0x8a, 0xb8, 0x90, 0x80, 0x0e, 0x6c, 0xec, 0xb1, 0x2a, 0xfd, 0x79, 0x83, 0x7d,
-	0xd4, 0xca, 0x0a, 0xea, 0x92, 0xd7, 0x72, 0xef, 0x4b, 0x5e, 0xed, 0x5f, 0xae, 0xd1, 0xd7, 0x6b,
-	0x85, 0xf3, 0x11, 0x69, 0xc4, 0xf4, 0xfb, 0xb6, 0x23, 0x5f, 0x4c, 0x12, 0xf5, 0x7d, 0xaf, 0xe3,
-	0x25, 0x4c, 0xdb, 0x53, 0xe7, 0x93, 0xa5, 0x43, 0x55, 0x02, 0x2c, 0x1f, 0x58, 0x09, 0xf0, 0x25,
-	0x18, 0x8d, 0xe3, 0xad, 0xd5, 0xc8, 0xdb, 0x71, 0x12, 0x72, 0x95, 0xc8, 0x92, 0x41, 0xba, 0x2a,
-	0x56, 0xfd, 0xb2, 0x06, 0xe2, 0x34, 0x2e, 0xba, 0x04, 0x13, 0xba, 0x1e, 0x1f, 0x89, 0x12, 0x96,
-	0xf2, 0xc8, 0x67, 0x82, 0x2a, 0x07, 0xa3, 0x2b, 0xf8, 0x09, 0x04, 0xdc, 0xfd, 0x0c, 0x95, 0xb9,
-	0xa9, 0x46, 0xda, 0x91, 0xc1, 0xb4, 0xcc, 0x4d, 0xd1, 0xa1, 0x7d, 0xe9, 0x7a, 0x02, 0x2d, 0xc3,
-	0x49, 0x3e, 0x31, 0x66, 0x5b, 0x2d, 0xe3, 0x8d, 0x86, 0xd2, 0x55, 0xe0, 0x2f, 0x75, 0xa3, 0xe0,
-	0xbc, 0xe7, 0xd0, 0x0b, 0x30, 0xac, 0x9a, 0x17, 0x17, 0xc4, 0xd1, 0x9a, 0x72, 0xed, 0x29, 0x32,
-	0x8b, 0x0d, 0x6c, 0xe2, 0xa1, 0x0f, 0xc2, 0xa3, 0xfa, 0x2f, 0x4f, 0xa1, 0xe7, 0xe7, 0xcd, 0x0b,
-	0xa2, 0xd4, 0xa9, 0xba, 0x64, 0xec, 0x52, 0x2e, 0x5a, 0x03, 0xf7, 0x7a, 0x1e, 0xad, 0xc3, 0x59,
-	0x05, 0xba, 0x10, 0x24, 0x2c, 0xc9, 0x35, 0x26, 0x73, 0x4e, 0xcc, 0x22, 0x27, 0x80, 0xbd, 0xa7,
-	0x2d, 0xa8, 0x9f, 0xbd, 0xe4, 0x25, 0x97, 0xf3, 0x30, 0xf1, 0x12, 0xde, 0x87, 0x0a, 0x9a, 0x81,
-	0x1a, 0x09, 0x9c, 0x75, 0x9f, 0xac, 0xcc, 0x2f, 0x8a, 0x1d, 0xa9, 0xce, 0x8e, 0x90, 0x00, 0xac,
-	0x71, 0x54, 0x7c, 0xff, 0x48, 0xaf, 0xf8, 0x7e, 0xb4, 0x0a, 0xa7, 0x36, 0xdd, 0x16, 0xb5, 0x32,
-	0x3d, 0x97, 0xcc, 0xba, 0x2c, 0xa0, 0x98, 0x7e, 0x18, 0x5e, 0x9e, 0x5f, 0x25, 0x4a, 0x5d, 0x9a,
-	0x5f, 0xed, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xf3, 0x28, 0xdc, 0xed, 0x4c, 0x9e, 0xcc, 0x04,
-	0x9e, 0xd3, 0x46, 0xcc, 0x61, 0xe8, 0x0a, 0x20, 0x96, 0x2c, 0x78, 0x39, 0x49, 0x5a, 0xca, 0xac,
-	0x9d, 0x3c, 0x95, 0x2e, 0x7c, 0x78, 0xb1, 0x0b, 0x03, 0xe7, 0x3c, 0x45, 0xad, 0x9e, 0x20, 0x64,
-	0xd4, 0x27, 0x1f, 0x4d, 0x5b, 0x3d, 0xd7, 0x78, 0x33, 0x96, 0x70, 0xf4, 0x5d, 0x30, 0xd9, 0x8e,
-	0x09, 0xdb, 0x30, 0xdf, 0x0c, 0xa3, 0x6d, 0x3f, 0x74, 0x1a, 0x8b, 0xec, 0x36, 0xd9, 0xa4, 0x33,
-	0x39, 0xc9, 0x98, 0x9f, 0x13, 0xcf, 0x4e, 0x5e, 0xef, 0x81, 0x87, 0x7b, 0x52, 0xc8, 0x56, 0xee,
-	0x3c, 0xd3, 0x67, 0xe5, 0xce, 0x55, 0x38, 0x25, 0xf5, 0xda, 0xca, 0xfc, 0xa2, 0x7a, 0xe9, 0xc9,
-	0xb3, 0xe9, 0xeb, 0xe9, 0x16, 0x73, 0x70, 0x70, 0xee, 0x93, 0xf6, 0x1f, 0x59, 0x30, 0xaa, 0x24,
-	0xd8, 0x7d, 0x48, 0x5a, 0xf6, 0xd3, 0x49, 0xcb, 0x97, 0x8e, 0xae, 0x03, 0x58, 0xcf, 0x7b, 0xa4,
-	0xd8, 0xfc, 0xe8, 0x28, 0x80, 0xd6, 0x13, 0x4a, 0x45, 0x5b, 0x3d, 0x55, 0xf4, 0x43, 0x2b, 0xa3,
-	0xf3, 0x2a, 0x31, 0x56, 0x1e, 0x6c, 0x25, 0xc6, 0x3a, 0x9c, 0x96, 0x53, 0x8a, 0x1f, 0x29, 0x5f,
-	0x0e, 0x63, 0x25, 0xf2, 0x8d, 0xfb, 0x06, 0x17, 0xf3, 0x90, 0x70, 0xfe, 0xb3, 0x29, 0xdb, 0x6e,
-	0xe8, 0x40, 0xdb, 0x4e, 0x49, 0xb9, 0xa5, 0x0d, 0x79, 0x1b, 0x68, 0x46, 0xca, 0x2d, 0x5d, 0xac,
-	0x63, 0x8d, 0x93, 0xaf, 0xea, 0x6a, 0x05, 0xa9, 0x3a, 0x38, 0xb4, 0xaa, 0x93, 0x42, 0x77, 0xb8,
-	0xa7, 0xd0, 0x95, 0x47, 0x57, 0x23, 0x3d, 0x8f, 0xae, 0x3e, 0x00, 0x63, 0x5e, 0xb0, 0x45, 0x22,
-	0x2f, 0x21, 0x0d, 0xb6, 0x16, 0x98, 0x40, 0xae, 0x6a, 0x43, 0x67, 0x31, 0x05, 0xc5, 0x19, 0xec,
-	0xb4, 0xa6, 0x18, 0xeb, 0x43, 0x53, 0xf4, 0xd0, 0xcf, 0xe3, 0xc5, 0xe8, 0xe7, 0x13, 0x47, 0xd7,
-	0xcf, 0x13, 0xc7, 0xaa, 0x9f, 0x51, 0x21, 0xfa, 0xb9, 0x2f, 0xd5, 0x67, 0x6c, 0xd2, 0x4f, 0x1d,
-	0xb0, 0x49, 0xef, 0xa5, 0x9c, 0x4f, 0xdf, 0xb3, 0x72, 0xce, 0xd7, 0xbb, 0x8f, 0xbc, 0xa3, 0x77,
-	0x0b, 0xd1, 0xbb, 0x9f, 0x2e, 0xc1, 0x69, 0xad, 0x99, 0xa8, 0x3c, 0xf0, 0x36, 0xa8, 0x6c, 0x66,
-	0x57, 0x6c, 0xf3, 0x03, 0x6f, 0x23, 0x55, 0x5e, 0x17, 0x0b, 0x50, 0x10, 0x6c, 0x60, 0xb1, 0x8c,
-	0x73, 0x12, 0xb1, 0xcb, 0x5d, 0xb2, 0x6a, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x41, 0x07, 0x81, 0xfe,
-	0x16, 0x05, 0x4f, 0xb2, 0x65, 0xc3, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x3d, 0x9c, 0x09, 0x13,
-	0x99, 0x54, 0x75, 0x8d, 0xf0, 0x6d, 0xa5, 0x92, 0x92, 0x0a, 0x2a, 0xbb, 0xc3, 0x2a, 0x22, 0x54,
-	0xba, 0xbb, 0xc3, 0x62, 0x47, 0x15, 0x86, 0xfd, 0xbf, 0x2c, 0x38, 0x93, 0x3b, 0x14, 0xf7, 0xc1,
-	0x1c, 0xd9, 0x4d, 0x9b, 0x23, 0xf5, 0xa2, 0xb6, 0xa4, 0xc6, 0x5b, 0xf4, 0x30, 0x4d, 0xfe, 0x93,
-	0x05, 0x63, 0x1a, 0xff, 0x3e, 0xbc, 0xaa, 0x97, 0x7e, 0xd5, 0xe2, 0x76, 0xdf, 0xb5, 0xae, 0x77,
-	0xfb, 0xb5, 0x12, 0xa8, 0x52, 0xfe, 0xb3, 0x6e, 0xd2, 0x5f, 0xba, 0x59, 0x07, 0x06, 0x59, 0x04,
-	0x49, 0x5c, 0x4c, 0x74, 0x5c, 0x9a, 0x3f, 0x8b, 0x46, 0xd1, 0x07, 0x7a, 0xec, 0x6f, 0x8c, 0x05,
-	0x43, 0x76, 0xf5, 0x10, 0xaf, 0x92, 0xde, 0x10, 0x89, 0xd3, 0xfa, 0xea, 0x21, 0xd1, 0x8e, 0x15,
-	0x06, 0x55, 0x98, 0x9e, 0x1b, 0x06, 0xf3, 0xbe, 0x13, 0xc7, 0xc2, 0x86, 0x53, 0x0a, 0x73, 0x51,
-	0x02, 0xb0, 0xc6, 0x61, 0xc1, 0x25, 0x5e, 0xdc, 0xf2, 0x9d, 0x8e, 0xe1, 0x63, 0x31, 0x0a, 0x7b,
-	0x29, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0xa6, 0x5f, 0x62, 0x81, 0x6c, 0xb0, 0xc8, 0xee, 0xbe,
-	0x86, 0x73, 0x06, 0x6a, 0x0e, 0x7b, 0x6a, 0xa9, 0xed, 0x08, 0x99, 0xa0, 0xe3, 0x9b, 0x25, 0x00,
-	0x6b, 0x1c, 0xfb, 0x9f, 0x59, 0x70, 0x32, 0x67, 0xd0, 0x0a, 0x4c, 0x4c, 0x4f, 0xb4, 0xb4, 0xc9,
-	0x33, 0x75, 0xbe, 0x11, 0x86, 0x1a, 0x64, 0xc3, 0x91, 0xb1, 0xc3, 0x66, 0xaa, 0x01, 0x6f, 0xc6,
-	0x12, 0x6e, 0xff, 0x62, 0x09, 0xc6, 0xd3, 0x7d, 0x8d, 0x59, 0xba, 0x25, 0x1f, 0x26, 0x2f, 0x76,
-	0xc3, 0x1d, 0x12, 0x75, 0xe8, 0x9b, 0x5b, 0x99, 0x74, 0xcb, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0xbb,
-	0xc8, 0xa3, 0xa1, 0x46, 0x5b, 0xce, 0xc8, 0x1b, 0x45, 0xce, 0x48, 0xfd, 0x31, 0xcd, 0x38, 0x23,
-	0xc5, 0x12, 0x9b, 0xfc, 0xa9, 0xc9, 0xc5, 0x92, 0x45, 0xe6, 0xda, 0x9e, 0x9f, 0x78, 0x81, 0x78,
-	0x65, 0x31, 0x57, 0x95, 0xc9, 0xb5, 0xdc, 0x8d, 0x82, 0xf3, 0x9e, 0xb3, 0xbf, 0x3c, 0x00, 0xaa,
-	0xe8, 0x0a, 0x8b, 0x03, 0x2d, 0x28, 0x8a, 0xf6, 0xb0, 0x49, 0xbb, 0x6a, 0x6e, 0x0d, 0xec, 0x17,
-	0x98, 0xc5, 0x1d, 0x73, 0xa6, 0x07, 0x5f, 0x0d, 0xd8, 0x9a, 0x06, 0x61, 0x13, 0x8f, 0xf6, 0xc4,
-	0xf7, 0x76, 0x08, 0x7f, 0x68, 0x30, 0xdd, 0x93, 0x25, 0x09, 0xc0, 0x1a, 0x87, 0xd5, 0xed, 0xf6,
-	0x36, 0x36, 0x84, 0x97, 0x49, 0xd7, 0xed, 0xf6, 0x36, 0x36, 0x30, 0x83, 0xf0, 0xab, 0x9e, 0xc2,
-	0x6d, 0xb1, 0xcd, 0x30, 0xae, 0x7a, 0x0a, 0xb7, 0x31, 0x83, 0xd0, 0xaf, 0x14, 0x84, 0x51, 0xd3,
-	0xf1, 0xbd, 0x37, 0x48, 0x43, 0x71, 0x11, 0xdb, 0x0b, 0xf5, 0x95, 0xae, 0x75, 0xa3, 0xe0, 0xbc,
-	0xe7, 0xe8, 0x84, 0x6e, 0x45, 0xa4, 0xe1, 0xb9, 0x89, 0x49, 0x0d, 0xd2, 0x13, 0x7a, 0xb5, 0x0b,
-	0x03, 0xe7, 0x3c, 0x85, 0x66, 0x61, 0x5c, 0x16, 0xcd, 0x91, 0x85, 0x26, 0x87, 0xd3, 0xd5, 0xea,
-	0x70, 0x1a, 0x8c, 0xb3, 0xf8, 0x54, 0x48, 0x36, 0x45, 0xf9, 0x5b, 0xb6, 0x1b, 0x31, 0x84, 0xa4,
-	0x2c, 0x8b, 0x8b, 0x15, 0x86, 0xfd, 0xf1, 0x32, 0x55, 0xea, 0x3d, 0xaa, 0x4c, 0xdf, 0xb7, 0xa8,
-	0xed, 0xf4, 0x8c, 0x1c, 0xe8, 0x63, 0x46, 0x3e, 0x0f, 0x23, 0xb7, 0xe2, 0x30, 0x50, 0x11, 0xd1,
-	0x95, 0x9e, 0x11, 0xd1, 0x06, 0x56, 0x7e, 0x44, 0xf4, 0x60, 0x51, 0x11, 0xd1, 0x43, 0xf7, 0x18,
-	0x11, 0xfd, 0x6f, 0x2a, 0xa0, 0xee, 0xf2, 0xbc, 0x46, 0x92, 0xdb, 0x61, 0xb4, 0xed, 0x05, 0x9b,
-	0xac, 0x00, 0xcc, 0x17, 0x2d, 0x59, 0x43, 0x66, 0xc9, 0xcc, 0x14, 0xde, 0x28, 0xe8, 0x3e, 0xc6,
-	0x14, 0xb3, 0xe9, 0x35, 0x83, 0x11, 0x8f, 0xac, 0xc9, 0xd4, 0xaa, 0x11, 0x87, 0x06, 0xa9, 0x1e,
-	0xa1, 0xef, 0x01, 0x90, 0x2e, 0xf9, 0x0d, 0x29, 0x81, 0x17, 0x8b, 0xe9, 0x1f, 0x26, 0x1b, 0xda,
-	0xa4, 0x5e, 0x53, 0x4c, 0xb0, 0xc1, 0x10, 0x7d, 0x5a, 0x67, 0x51, 0xf3, 0xd4, 0xa9, 0x8f, 0x1c,
-	0xcb, 0xd8, 0xf4, 0x93, 0x43, 0x8d, 0x61, 0xc8, 0x0b, 0x36, 0xe9, 0x3c, 0x11, 0x91, 0xa3, 0xef,
-	0xce, 0xab, 0x2f, 0xb6, 0x14, 0x3a, 0x8d, 0x39, 0xc7, 0x77, 0x02, 0x97, 0x44, 0x8b, 0x1c, 0x5d,
-	0x6b, 0x50, 0xd1, 0x80, 0x25, 0xa1, 0xae, 0x0b, 0x47, 0x2b, 0xfd, 0x5c, 0x38, 0x7a, 0xf6, 0xdb,
-	0x61, 0xa2, 0xeb, 0x63, 0x1e, 0x2a, 0x65, 0xfa, 0x08, 0x95, 0xc5, 0x7e, 0x69, 0x50, 0x2b, 0xad,
-	0x6b, 0x61, 0x83, 0xdf, 0x5f, 0x19, 0xe9, 0x2f, 0x2a, 0x4c, 0xe6, 0x02, 0xa7, 0x88, 0x52, 0x33,
-	0x46, 0x23, 0x36, 0x59, 0xd2, 0x39, 0xda, 0x72, 0x22, 0x12, 0x1c, 0xf7, 0x1c, 0x5d, 0x55, 0x4c,
-	0xb0, 0xc1, 0x10, 0x6d, 0xa5, 0x72, 0xfb, 0x2e, 0x1e, 0x3d, 0xb7, 0x8f, 0x55, 0x7b, 0xcd, 0xbb,
-	0xe6, 0xed, 0x2d, 0x0b, 0xc6, 0x82, 0xd4, 0xcc, 0x2d, 0x26, 0x9c, 0x3f, 0x7f, 0x55, 0xf0, 0xab,
-	0xa0, 0xd3, 0x6d, 0x38, 0xc3, 0x3f, 0x4f, 0xa5, 0x55, 0x0e, 0xa9, 0xd2, 0xf4, 0xfd, 0xb9, 0x83,
-	0xbd, 0xee, 0xcf, 0x45, 0x81, 0xba, 0xd8, 0x7c, 0xa8, 0x88, 0x0a, 0x29, 0xa9, 0x5b, 0xcd, 0x21,
-	0xe7, 0x46, 0xf3, 0x9b, 0x66, 0xea, 0xef, 0xe1, 0x2f, 0xb8, 0x1e, 0xed, 0x95, 0x22, 0x6c, 0xff,
-	0xdf, 0x01, 0x38, 0x21, 0x47, 0x44, 0xa6, 0x02, 0x51, 0xfd, 0xc8, 0xf9, 0x6a, 0x5b, 0x59, 0xe9,
-	0xc7, 0xcb, 0x12, 0x80, 0x35, 0x0e, 0xb5, 0xc7, 0xda, 0x31, 0x59, 0x69, 0x91, 0x60, 0xc9, 0x5b,
-	0x8f, 0xc5, 0xf1, 0xbb, 0x5a, 0x28, 0xd7, 0x35, 0x08, 0x9b, 0x78, 0x2c, 0x3f, 0xd9, 0x35, 0x8b,
-	0x84, 0xe8, 0xfc, 0x64, 0x61, 0xa8, 0x4a, 0x38, 0xfa, 0xb1, 0xdc, 0x6b, 0x2f, 0x8a, 0x49, 0xa0,
-	0xed, 0xca, 0x80, 0x3a, 0xdc, 0x7d, 0x17, 0xe8, 0x1f, 0x59, 0x70, 0x9a, 0xb7, 0xca, 0x91, 0xbc,
-	0xde, 0x6a, 0x38, 0x09, 0x89, 0x8b, 0xb9, 0x22, 0x2c, 0xa7, 0x7f, 0xda, 0x8b, 0x9e, 0xc7, 0x16,
-	0xe7, 0xf7, 0x06, 0x7d, 0xc1, 0x82, 0xf1, 0xed, 0x54, 0x91, 0x2f, 0xa9, 0x3a, 0x8e, 0x5a, 0x01,
-	0x27, 0x45, 0x54, 0x2f, 0xb5, 0x74, 0x7b, 0x8c, 0xb3, 0xdc, 0xed, 0xbf, 0xb0, 0xc0, 0x14, 0xa3,
-	0xf7, 0xbf, 0x36, 0xd8, 0xe1, 0x4d, 0x41, 0x69, 0x5d, 0x56, 0x7a, 0x5a, 0x97, 0x4f, 0x40, 0xb9,
-	0xed, 0x35, 0xc4, 0xfe, 0x42, 0x1f, 0xf8, 0x2f, 0x2e, 0x60, 0xda, 0x6e, 0xff, 0x49, 0x45, 0xbb,
-	0x41, 0x44, 0x7e, 0xea, 0xd7, 0xc4, 0x6b, 0x6f, 0xa8, 0xa2, 0xbf, 0xfc, 0xcd, 0xaf, 0x75, 0x15,
-	0xfd, 0xfd, 0xd6, 0xc3, 0xa7, 0x1f, 0xf3, 0x01, 0xea, 0x55, 0xf3, 0x77, 0xe8, 0x80, 0xdc, 0xe3,
-	0x5b, 0x50, 0xa5, 0x5b, 0x30, 0xe6, 0xcf, 0xac, 0xa6, 0x3a, 0x55, 0xbd, 0x2c, 0xda, 0xef, 0xee,
-	0x4d, 0x7d, 0xcb, 0xe1, 0xbb, 0x25, 0x9f, 0xc6, 0x8a, 0x3e, 0x8a, 0xa1, 0x46, 0x7f, 0xb3, 0x34,
-	0x69, 0xb1, 0xb9, 0xbb, 0xae, 0x64, 0xa6, 0x04, 0x14, 0x92, 0x83, 0xad, 0xf9, 0xa0, 0x00, 0x6a,
-	0x14, 0x91, 0x33, 0xe5, 0x7b, 0xc0, 0x55, 0x95, 0xac, 0x2c, 0x01, 0x77, 0xf7, 0xa6, 0x5e, 0x3a,
-	0x3c, 0x53, 0xf5, 0x38, 0xd6, 0x2c, 0x0c, 0xd5, 0x38, 0xdc, 0xf3, 0x6a, 0xf9, 0xff, 0x37, 0xa0,
-	0xe7, 0xb7, 0xa8, 0x07, 0xfd, 0x35, 0x31, 0xbf, 0x5f, 0xcc, 0xcc, 0xef, 0x73, 0x5d, 0xf3, 0x7b,
-	0x8c, 0x8e, 0x59, 0x4e, 0x95, 0xea, 0xfb, 0x6d, 0x2c, 0x1c, 0xec, 0x93, 0x60, 0x56, 0xd2, 0xeb,
-	0x6d, 0x2f, 0x22, 0xf1, 0x6a, 0xd4, 0x0e, 0xbc, 0x60, 0x93, 0x4d, 0xd9, 0xaa, 0x69, 0x25, 0xa5,
-	0xc0, 0x38, 0x8b, 0x4f, 0x37, 0xfe, 0x74, 0x5e, 0xdc, 0x74, 0x76, 0xf8, 0xcc, 0x33, 0x6a, 0x71,
-	0xd6, 0x45, 0x3b, 0x56, 0x18, 0x68, 0x0b, 0x1e, 0x97, 0x04, 0x16, 0x88, 0x4f, 0xe8, 0x0b, 0xb1,
-	0x40, 0xc6, 0xa8, 0xc9, 0xd3, 0x0c, 0x78, 0x2c, 0xca, 0xd7, 0x0b, 0x0a, 0x8f, 0xe3, 0x7d, 0x70,
-	0xf1, 0xbe, 0x94, 0xec, 0x2f, 0xb1, 0xd0, 0x05, 0xa3, 0x5a, 0x04, 0x9d, 0x7d, 0xbe, 0xd7, 0xf4,
-	0x64, 0xc9, 0x50, 0x35, 0xfb, 0x96, 0x68, 0x23, 0xe6, 0x30, 0x74, 0x1b, 0x86, 0xd6, 0xf9, 0x95,
-	0xf3, 0xc5, 0x5c, 0xf5, 0x24, 0xee, 0xaf, 0x67, 0xe5, 0xc2, 0xe5, 0x65, 0xf6, 0x77, 0xf5, 0x4f,
-	0x2c, 0xb9, 0xd9, 0xbf, 0x5b, 0x81, 0x71, 0x19, 0x5e, 0x76, 0xd9, 0x8b, 0x59, 0x44, 0x82, 0x79,
-	0x87, 0x42, 0xe9, 0xc0, 0x3b, 0x14, 0x3e, 0x0c, 0xd0, 0x20, 0x2d, 0x3f, 0xec, 0x30, 0xe3, 0x70,
-	0xe0, 0xd0, 0xc6, 0xa1, 0xda, 0x4f, 0x2c, 0x28, 0x2a, 0xd8, 0xa0, 0x28, 0xea, 0xa4, 0xf2, 0x2b,
-	0x19, 0x32, 0x75, 0x52, 0x8d, 0x0b, 0xe1, 0x06, 0xef, 0xef, 0x85, 0x70, 0x1e, 0x8c, 0xf3, 0x2e,
-	0xaa, 0x9a, 0x0c, 0xf7, 0x50, 0x7a, 0x81, 0x65, 0xb5, 0x2d, 0xa4, 0xc9, 0xe0, 0x2c, 0x5d, 0xf3,
-	0xb6, 0xb7, 0xea, 0xfd, 0xbe, 0xed, 0xed, 0xbd, 0x50, 0x93, 0xdf, 0x39, 0x9e, 0xac, 0xe9, 0x7a,
-	0x41, 0x72, 0x1a, 0xc4, 0x58, 0xc3, 0xbb, 0xca, 0xcb, 0xc0, 0x83, 0x2a, 0x2f, 0x63, 0xbf, 0x55,
-	0xa6, 0xbb, 0x0a, 0xde, 0xaf, 0x43, 0x5f, 0x96, 0x78, 0xd9, 0xb8, 0x2c, 0xf1, 0x70, 0xdf, 0xb3,
-	0x9a, 0xb9, 0x54, 0xf1, 0x71, 0x18, 0x48, 0x9c, 0x4d, 0x99, 0x84, 0xcb, 0xa0, 0x6b, 0xce, 0x66,
-	0x8c, 0x59, 0xeb, 0x61, 0xca, 0x4a, 0xbf, 0x04, 0xa3, 0xb1, 0xb7, 0x19, 0x38, 0x49, 0x3b, 0x22,
-	0xc6, 0xf9, 0xa5, 0x0e, 0xd2, 0x31, 0x81, 0x38, 0x8d, 0x8b, 0x3e, 0x61, 0x01, 0x44, 0x44, 0xed,
-	0x59, 0x06, 0x8b, 0x98, 0x43, 0x4a, 0x0c, 0x48, 0xba, 0x66, 0x59, 0x10, 0xb5, 0x57, 0x31, 0xd8,
-	0xda, 0x9f, 0xb2, 0x60, 0xa2, 0xeb, 0x29, 0xd4, 0x82, 0x41, 0x97, 0x5d, 0x69, 0x59, 0x4c, 0x29,
-	0xcc, 0xf4, 0xf5, 0x98, 0x5c, 0x39, 0xf1, 0x36, 0x2c, 0xf8, 0xd8, 0xbf, 0x3c, 0x02, 0xa7, 0xea,
-	0xf3, 0xcb, 0xf2, 0x22, 0xa4, 0x63, 0xcb, 0x2a, 0xce, 0xe3, 0x71, 0xff, 0xb2, 0x8a, 0x7b, 0x70,
-	0xf7, 0x8d, 0xac, 0x62, 0xdf, 0xc8, 0x2a, 0x4e, 0xa7, 0x78, 0x96, 0x8b, 0x48, 0xf1, 0xcc, 0xeb,
-	0x41, 0x3f, 0x29, 0x9e, 0xc7, 0x96, 0x66, 0xbc, 0x6f, 0x87, 0x0e, 0x95, 0x66, 0xac, 0x72, 0xb0,
-	0x0b, 0xc9, 0x28, 0xeb, 0xf1, 0xa9, 0x72, 0x73, 0xb0, 0x55, 0xfe, 0x2b, 0xcf, 0x96, 0x14, 0x4a,
-	0xef, 0xd5, 0xe2, 0x3b, 0xd0, 0x47, 0xfe, 0xab, 0x48, 0xd8, 0x34, 0x73, 0xae, 0x87, 0x8a, 0xc8,
-	0xb9, 0xce, 0xeb, 0xce, 0x81, 0x39, 0xd7, 0x2f, 0xc1, 0xa8, 0xeb, 0x87, 0x01, 0x59, 0x8d, 0xc2,
-	0x24, 0x74, 0x43, 0x79, 0x81, 0xb8, 0xbe, 0x0b, 0xd2, 0x04, 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xed,
-	0xda, 0x51, 0x13, 0xb6, 0xe1, 0x01, 0x25, 0x6c, 0x1b, 0x29, 0xc9, 0xc3, 0x45, 0xa4, 0x24, 0xe7,
-	0x7d, 0x91, 0xbe, 0x52, 0x92, 0xdf, 0xe6, 0xf7, 0xe7, 0xd3, 0xcd, 0x08, 0x97, 0xc2, 0xec, 0x88,
-	0x6e, 0xf8, 0xfc, 0x6b, 0xc7, 0x30, 0x61, 0x6f, 0xd6, 0x35, 0x1b, 0x75, 0xa7, 0xbe, 0x6e, 0xc2,
-	0xe9, 0x8e, 0x1c, 0x25, 0x8d, 0xf9, 0xc7, 0x4b, 0xf0, 0x75, 0x07, 0x76, 0x01, 0xdd, 0x06, 0x48,
-	0x9c, 0x4d, 0x31, 0x51, 0xc5, 0x41, 0xd6, 0x11, 0xe3, 0x8a, 0xd7, 0x24, 0x3d, 0x91, 0x62, 0xa7,
-	0xc8, 0x63, 0x83, 0x15, 0x0b, 0x27, 0x0e, 0xfd, 0xae, 0x2a, 0xd6, 0x38, 0xf4, 0x09, 0x66, 0x10,
-	0x6a, 0x08, 0x45, 0x64, 0x93, 0x1a, 0xf7, 0xe5, 0xb4, 0x21, 0x84, 0x59, 0x2b, 0x16, 0x50, 0xf4,
-	0x02, 0x0c, 0x3b, 0xbe, 0xcf, 0xd3, 0xfd, 0x48, 0x2c, 0x2e, 0x69, 0xd5, 0xb5, 0x6b, 0x35, 0x08,
-	0x9b, 0x78, 0xf6, 0x9f, 0x97, 0x60, 0xea, 0x00, 0x99, 0xd2, 0x95, 0xe6, 0x5d, 0xe9, 0x3b, 0xcd,
-	0x5b, 0xa4, 0x2b, 0x0d, 0xf6, 0x48, 0x57, 0x7a, 0x01, 0x86, 0x13, 0xe2, 0x34, 0x45, 0x24, 0x62,
-	0xb6, 0x24, 0xe3, 0x9a, 0x06, 0x61, 0x13, 0x8f, 0x4a, 0xb1, 0x31, 0xc7, 0x75, 0x49, 0x1c, 0xcb,
-	0x7c, 0x24, 0xe1, 0xe5, 0x2e, 0x2c, 0xd9, 0x89, 0x1d, 0x1e, 0xcc, 0xa6, 0x58, 0xe0, 0x0c, 0xcb,
-	0xec, 0x80, 0xd7, 0xfa, 0x1c, 0xf0, 0x9f, 0x2a, 0xc1, 0x13, 0xfb, 0x6a, 0xb7, 0xbe, 0x53, 0xc5,
-	0xda, 0x31, 0x89, 0xb2, 0x13, 0xe7, 0x7a, 0x4c, 0x22, 0xcc, 0x20, 0x7c, 0x94, 0x5a, 0x2d, 0x15,
-	0x45, 0x5e, 0x7c, 0x6e, 0x25, 0x1f, 0xa5, 0x14, 0x0b, 0x9c, 0x61, 0x79, 0xaf, 0xd3, 0xf2, 0x77,
-	0x07, 0xe0, 0xa9, 0x3e, 0x6c, 0x80, 0x02, 0x73, 0x50, 0xd3, 0xf9, 0xd5, 0xe5, 0x07, 0x94, 0x5f,
-	0x7d, 0x6f, 0xc3, 0xf5, 0x4e, 0x5a, 0x76, 0x5f, 0xb9, 0xae, 0x5f, 0x2a, 0xc1, 0xd9, 0xde, 0x06,
-	0x0b, 0xfa, 0x36, 0x18, 0x8f, 0x54, 0x48, 0xa2, 0x99, 0x9a, 0x7d, 0x92, 0xfb, 0xb8, 0x52, 0x20,
-	0x9c, 0xc5, 0x45, 0xd3, 0x00, 0x2d, 0x27, 0xd9, 0x8a, 0x2f, 0xec, 0x7a, 0x71, 0x22, 0x6a, 0xd9,
-	0x8d, 0xf1, 0x93, 0x57, 0xd9, 0x8a, 0x0d, 0x0c, 0xca, 0x8e, 0xfd, 0x5b, 0x08, 0xaf, 0x85, 0x09,
-	0x7f, 0x88, 0x6f, 0x3d, 0x4f, 0xca, 0x9b, 0x1f, 0x0d, 0x10, 0xce, 0xe2, 0x52, 0x76, 0xec, 0x6c,
-	0x9f, 0x77, 0x74, 0x40, 0x27, 0x73, 0x2f, 0xa9, 0x56, 0x6c, 0x60, 0x64, 0x93, 0xce, 0x2b, 0x07,
-	0x27, 0x9d, 0xdb, 0xff, 0xaa, 0x04, 0x67, 0x7a, 0x1a, 0xbc, 0xfd, 0x89, 0xa9, 0x87, 0x2f, 0xf1,
-	0xfb, 0x1e, 0x57, 0xd8, 0xa1, 0x12, 0x86, 0xed, 0x3f, 0xee, 0x31, 0xd3, 0x44, 0x32, 0xf0, 0xbd,
-	0xd7, 0x4d, 0x79, 0xf8, 0xc6, 0xb3, 0x2b, 0xff, 0x77, 0xe0, 0x10, 0xf9, 0xbf, 0x99, 0x8f, 0x51,
-	0xe9, 0x53, 0x3b, 0xfc, 0xb7, 0x81, 0x9e, 0xc3, 0x4b, 0x37, 0xc8, 0x7d, 0x9d, 0x20, 0x2c, 0xc0,
-	0x09, 0x2f, 0x60, 0x77, 0xf9, 0xd6, 0xdb, 0xeb, 0xa2, 0xbc, 0x19, 0xaf, 0xe1, 0xab, 0xb2, 0x6f,
-	0x16, 0x33, 0x70, 0xdc, 0xf5, 0xc4, 0x43, 0x98, 0x8f, 0x7d, 0x6f, 0x43, 0x7a, 0x48, 0xc9, 0xbd,
-	0x02, 0xa7, 0xe5, 0x50, 0x6c, 0x39, 0x11, 0x69, 0x08, 0x65, 0x1b, 0x8b, 0x7c, 0xab, 0x33, 0x3c,
-	0x67, 0x2b, 0x07, 0x01, 0xe7, 0x3f, 0xc7, 0x2e, 0x5e, 0x0d, 0x5b, 0x9e, 0x2b, 0xb6, 0x82, 0xfa,
-	0xe2, 0x55, 0xda, 0x88, 0x39, 0x4c, 0xeb, 0x8b, 0xda, 0xfd, 0xd1, 0x17, 0x1f, 0x86, 0x9a, 0x1a,
-	0x6f, 0x9e, 0x53, 0xa1, 0x26, 0x79, 0x57, 0x4e, 0x85, 0x9a, 0xe1, 0x06, 0x16, 0x9d, 0x1d, 0x74,
-	0xa3, 0x92, 0x59, 0xad, 0x94, 0x1f, 0x6d, 0xb7, 0x9f, 0x83, 0x11, 0xe5, 0x0b, 0xec, 0xf7, 0xfa,
-	0x5b, 0xfb, 0xaf, 0x4a, 0x90, 0xb9, 0xe9, 0x0d, 0xed, 0x42, 0xad, 0x11, 0x75, 0x78, 0x63, 0x31,
-	0x35, 0xa4, 0x17, 0x24, 0x39, 0x7d, 0x10, 0xa6, 0x9a, 0xb0, 0x66, 0x86, 0xde, 0xe4, 0xe5, 0x9a,
-	0x05, 0xeb, 0x52, 0x11, 0x39, 0xf9, 0x75, 0x45, 0xcf, 0xbc, 0xdf, 0x52, 0xb6, 0x61, 0x83, 0x1f,
-	0x4a, 0xa0, 0xb6, 0x25, 0x6f, 0xb4, 0x2b, 0x46, 0xdc, 0xa9, 0x0b, 0xf2, 0xb8, 0x89, 0xa6, 0xfe,
-	0x62, 0xcd, 0xc8, 0xfe, 0xa3, 0x12, 0x9c, 0x4a, 0x7f, 0x00, 0x71, 0x70, 0xf9, 0x33, 0x16, 0x3c,
-	0xea, 0x3b, 0x71, 0x52, 0x6f, 0xb3, 0x8d, 0xc2, 0x46, 0xdb, 0x5f, 0xc9, 0x54, 0xf6, 0x3e, 0xaa,
-	0xb3, 0x45, 0x11, 0xce, 0xde, 0x80, 0x38, 0xf7, 0xd8, 0x9d, 0xbd, 0xa9, 0x47, 0x97, 0xf2, 0x99,
-	0xe3, 0x5e, 0xbd, 0x42, 0x6f, 0x59, 0x70, 0xc2, 0x6d, 0x47, 0x11, 0x09, 0x12, 0xdd, 0x55, 0xfe,
-	0x15, 0xaf, 0x15, 0x32, 0x90, 0xba, 0x83, 0xa7, 0xa8, 0x40, 0x9d, 0xcf, 0xf0, 0xc2, 0x5d, 0xdc,
-	0xed, 0x1f, 0xa2, 0x9a, 0xb3, 0xe7, 0x7b, 0xfe, 0x35, 0xbb, 0xb2, 0xf1, 0x4f, 0x07, 0x61, 0x34,
-	0x55, 0xbe, 0x3c, 0x75, 0xd8, 0x67, 0x1d, 0x78, 0xd8, 0xc7, 0x32, 0x04, 0xdb, 0x81, 0xbc, 0xcd,
-	0xde, 0xc8, 0x10, 0x6c, 0x07, 0x04, 0x73, 0x98, 0x18, 0x52, 0xdc, 0x0e, 0x44, 0x2e, 0x80, 0x39,
-	0xa4, 0xb8, 0x1d, 0x60, 0x01, 0x45, 0x1f, 0xb3, 0x60, 0x84, 0x2d, 0x3e, 0x71, 0x54, 0x2a, 0x14,
-	0xda, 0x95, 0x02, 0x96, 0xbb, 0x2c, 0xd5, 0xcf, 0x62, 0x47, 0xcd, 0x16, 0x9c, 0xe2, 0x88, 0x3e,
-	0x69, 0x41, 0x4d, 0x5d, 0x9d, 0x2b, 0xce, 0x46, 0xea, 0xc5, 0x56, 0x87, 0xcf, 0x48, 0x3d, 0x55,
-	0xa6, 0x1b, 0x6b, 0xc6, 0x28, 0x56, 0xe7, 0x98, 0x43, 0xc7, 0x73, 0x8e, 0x09, 0x39, 0x67, 0x98,
-	0xef, 0x85, 0x5a, 0xd3, 0x09, 0xbc, 0x0d, 0x12, 0x27, 0xfc, 0x68, 0x51, 0x5e, 0x06, 0x22, 0x1b,
-	0xb1, 0x86, 0x53, 0x63, 0x3f, 0x66, 0x2f, 0x96, 0x18, 0x67, 0x81, 0xcc, 0xd8, 0xaf, 0xeb, 0x66,
-	0x6c, 0xe2, 0x98, 0x07, 0x97, 0xf0, 0x40, 0x0f, 0x2e, 0x87, 0x0f, 0x38, 0xb8, 0xac, 0xc3, 0x69,
-	0xa7, 0x9d, 0x84, 0x97, 0x89, 0xe3, 0xcf, 0x26, 0x09, 0x69, 0xb6, 0x92, 0x98, 0x57, 0xbc, 0x1f,
-	0x61, 0x2e, 0x60, 0x15, 0xed, 0x56, 0x27, 0xfe, 0x46, 0x17, 0x12, 0xce, 0x7f, 0xd6, 0xfe, 0x17,
-	0x16, 0x9c, 0xce, 0x9d, 0x0a, 0x0f, 0x6f, 0x9e, 0x81, 0xfd, 0x23, 0x15, 0x38, 0x99, 0x73, 0xb9,
-	0x01, 0xea, 0x98, 0x8b, 0xc4, 0x2a, 0x22, 0x64, 0x2f, 0x1d, 0x81, 0x26, 0xbf, 0x4d, 0xce, 0xca,
-	0x38, 0x5c, 0x2c, 0x82, 0x8e, 0x07, 0x28, 0xdf, 0xdf, 0x78, 0x00, 0x63, 0xae, 0x0f, 0x3c, 0xd0,
-	0xb9, 0x5e, 0x39, 0x60, 0xae, 0xff, 0xac, 0x05, 0x93, 0xcd, 0x1e, 0x37, 0x95, 0x89, 0xf3, 0xa4,
-	0x1b, 0xc7, 0x73, 0x0f, 0xda, 0xdc, 0xe3, 0x77, 0xf6, 0xa6, 0x7a, 0x5e, 0x10, 0x87, 0x7b, 0xf6,
-	0xca, 0xfe, 0x72, 0x19, 0x98, 0xbd, 0xc6, 0x0a, 0x58, 0x77, 0xd0, 0x47, 0xcd, 0x3b, 0x52, 0xac,
-	0xa2, 0xee, 0xf3, 0xe0, 0xc4, 0xd5, 0x1d, 0x2b, 0x7c, 0x04, 0xf3, 0xae, 0x5c, 0xc9, 0x4a, 0xc2,
-	0x52, 0x1f, 0x92, 0xd0, 0x97, 0x97, 0xd1, 0x94, 0x8b, 0xbf, 0x8c, 0xa6, 0x96, 0xbd, 0x88, 0x66,
-	0xff, 0x4f, 0x3c, 0xf0, 0x50, 0x7e, 0xe2, 0x5f, 0xb1, 0xb8, 0xe0, 0xc9, 0x7c, 0x05, 0x6d, 0x6e,
-	0x58, 0xfb, 0x98, 0x1b, 0xcf, 0x40, 0x35, 0x16, 0x92, 0x59, 0x98, 0x25, 0x3a, 0x14, 0x4c, 0xb4,
-	0x63, 0x85, 0x41, 0x77, 0x5d, 0x8e, 0xef, 0x87, 0xb7, 0x2f, 0x34, 0x5b, 0x49, 0x47, 0x18, 0x28,
-	0x6a, 0x5b, 0x30, 0xab, 0x20, 0xd8, 0xc0, 0x42, 0x4f, 0xc1, 0x20, 0xaf, 0x34, 0x21, 0x9c, 0x3b,
-	0xc3, 0x74, 0x1d, 0xf2, 0x32, 0x14, 0x0d, 0x2c, 0x40, 0xf6, 0x16, 0x18, 0xbb, 0x8a, 0x7b, 0xbf,
-	0x0e, 0xfb, 0xe0, 0x1b, 0x2e, 0xed, 0x7f, 0x50, 0x12, 0xac, 0xf8, 0x2e, 0x41, 0x47, 0x06, 0x5a,
-	0x87, 0x8c, 0x0c, 0x7c, 0x13, 0xc0, 0x0d, 0x9b, 0x2d, 0xba, 0x6f, 0x5e, 0x0b, 0x8b, 0xd9, 0x6c,
-	0xcd, 0x2b, 0x7a, 0x7a, 0x54, 0x75, 0x1b, 0x36, 0xf8, 0xa5, 0x44, 0x7b, 0xf9, 0x40, 0xd1, 0x9e,
-	0x92, 0x72, 0x03, 0xfb, 0x4b, 0x39, 0xfb, 0xcf, 0x2d, 0x48, 0x59, 0x7d, 0xa8, 0x05, 0x15, 0xda,
-	0xdd, 0x8e, 0x10, 0x18, 0x2b, 0xc5, 0x99, 0x98, 0x54, 0x52, 0x8b, 0x55, 0xc8, 0x7e, 0x62, 0xce,
-	0x08, 0xf9, 0x22, 0x0a, 0xb2, 0x90, 0xcd, 0x8f, 0xc9, 0xf0, 0x72, 0x18, 0x6e, 0xf3, 0x60, 0x22,
-	0x1d, 0x51, 0x69, 0xbf, 0x08, 0x13, 0x5d, 0x9d, 0x62, 0x57, 0x68, 0x87, 0x72, 0x07, 0x6f, 0xac,
-	0x1e, 0x56, 0xf0, 0x01, 0x73, 0x98, 0xfd, 0x25, 0x0b, 0x4e, 0x64, 0xc9, 0xa3, 0xb7, 0x2d, 0x98,
-	0x88, 0xb3, 0xf4, 0x8e, 0x6b, 0xec, 0x54, 0xb6, 0x43, 0x17, 0x08, 0x77, 0x77, 0xc2, 0xfe, 0x9f,
-	0x42, 0x1b, 0xdc, 0xf4, 0x82, 0x46, 0x78, 0x5b, 0xd9, 0x49, 0x56, 0x4f, 0x3b, 0x89, 0x8a, 0x07,
-	0x77, 0x8b, 0x34, 0xda, 0x7e, 0x57, 0x19, 0x8a, 0xba, 0x68, 0xc7, 0x0a, 0x83, 0x65, 0xdd, 0xb7,
-	0xc5, 0xbe, 0x35, 0x33, 0x29, 0x17, 0x44, 0x3b, 0x56, 0x18, 0xe8, 0x79, 0x18, 0x31, 0x5e, 0x52,
-	0xce, 0x4b, 0xb6, 0xe9, 0x30, 0x34, 0x78, 0x8c, 0x53, 0x58, 0x68, 0x1a, 0x40, 0xd9, 0x5c, 0x52,
-	0x63, 0x33, 0x47, 0xbb, 0x12, 0x8c, 0x31, 0x36, 0x30, 0x58, 0x8d, 0x0b, 0xbf, 0x1d, 0xb3, 0x93,
-	0xe4, 0x41, 0x7d, 0xa1, 0xc3, 0xbc, 0x68, 0xc3, 0x0a, 0x4a, 0x85, 0x5b, 0xd3, 0x09, 0xda, 0x8e,
-	0x4f, 0x47, 0x48, 0xb8, 0xce, 0xd4, 0x32, 0x5c, 0x56, 0x10, 0x6c, 0x60, 0xd1, 0x37, 0x4e, 0xbc,
-	0x26, 0x79, 0x25, 0x0c, 0x64, 0x94, 0xba, 0x0e, 0x2e, 0x10, 0xed, 0x58, 0x61, 0xa0, 0x17, 0x61,
-	0xd8, 0x09, 0x1a, 0xdc, 0x40, 0x0c, 0x23, 0x71, 0x46, 0xa9, 0x76, 0x9f, 0xd7, 0x63, 0x32, 0xab,
-	0xa1, 0xd8, 0x44, 0xcd, 0xde, 0x66, 0x01, 0x7d, 0xde, 0x96, 0xf7, 0x67, 0x16, 0x8c, 0xeb, 0xa2,
-	0x45, 0xcc, 0xc3, 0x96, 0x72, 0x2d, 0x5a, 0x07, 0xba, 0x16, 0xd3, 0xb5, 0x4b, 0x4a, 0x7d, 0xd5,
-	0x2e, 0x31, 0xcb, 0x8a, 0x94, 0xf7, 0x2d, 0x2b, 0xf2, 0x0d, 0x30, 0xb4, 0x4d, 0x3a, 0x46, 0xfd,
-	0x11, 0xa6, 0x1c, 0xae, 0xf2, 0x26, 0x2c, 0x61, 0xc8, 0x86, 0x41, 0xd7, 0x51, 0x35, 0x0c, 0x47,
-	0x44, 0x6c, 0xda, 0x2c, 0x43, 0x12, 0x10, 0x7b, 0x05, 0x6a, 0xea, 0x50, 0x5f, 0x7a, 0xfa, 0xac,
-	0x7c, 0x4f, 0x5f, 0x5f, 0xe5, 0x0d, 0xe6, 0xd6, 0x7f, 0xf3, 0x2b, 0x4f, 0xbe, 0xeb, 0x77, 0xbe,
-	0xf2, 0xe4, 0xbb, 0xfe, 0xf0, 0x2b, 0x4f, 0xbe, 0xeb, 0x63, 0x77, 0x9e, 0xb4, 0x7e, 0xf3, 0xce,
-	0x93, 0xd6, 0xef, 0xdc, 0x79, 0xd2, 0xfa, 0xc3, 0x3b, 0x4f, 0x5a, 0x5f, 0xbe, 0xf3, 0xa4, 0xf5,
-	0xd6, 0x7f, 0x7d, 0xf2, 0x5d, 0xaf, 0xe4, 0xe6, 0x45, 0xd0, 0x1f, 0xef, 0x73, 0x1b, 0x33, 0x3b,
-	0xcf, 0xb1, 0xd0, 0x7c, 0xba, 0x9e, 0x67, 0x8c, 0x49, 0x3c, 0x23, 0xd7, 0xf3, 0xff, 0x0f, 0x00,
-	0x00, 0xff, 0xff, 0x51, 0x38, 0xed, 0x10, 0xf4, 0x00, 0x01, 0x00,
+	// 12358 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0x59,
+	0x56, 0x18, 0xbc, 0x59, 0xa5, 0x92, 0xaa, 0x8e, 0x5e, 0xad, 0xdb, 0xdd, 0x33, 0xea, 0x9e, 0x87,
+	0x9a, 0x1c, 0x98, 0x5d, 0xbe, 0x9d, 0x91, 0x98, 0x9e, 0x99, 0x65, 0x3e, 0x06, 0x16, 0xf4, 0xe8,
+	0x87, 0xba, 0xa5, 0x96, 0xe6, 0x96, 0xba, 0x9b, 0x9d, 0x65, 0x76, 0x36, 0x95, 0x75, 0x25, 0x65,
+	0x2b, 0x2b, 0xb3, 0x26, 0x33, 0x4b, 0xad, 0x1a, 0x86, 0x65, 0x97, 0xdd, 0x85, 0x85, 0x7d, 0x8d,
+	0xc1, 0x61, 0x06, 0xdb, 0xe0, 0xc5, 0xe0, 0x47, 0x84, 0x63, 0x03, 0x6c, 0x7e, 0x98, 0x08, 0x20,
+	0x08, 0x1e, 0x41, 0x80, 0x5f, 0x60, 0x02, 0x03, 0x36, 0x20, 0xef, 0xb6, 0xed, 0x80, 0x70, 0x84,
+	0x89, 0x00, 0xfb, 0x87, 0xa3, 0xed, 0x20, 0x1c, 0xf7, 0x7d, 0x33, 0x2b, 0x4b, 0x2a, 0xb5, 0x52,
+	0xdd, 0xbd, 0x30, 0xff, 0xaa, 0xee, 0x39, 0x79, 0xce, 0xcd, 0x9b, 0xf7, 0x9e, 0x73, 0xee, 0xb9,
+	0xe7, 0x9c, 0x0b, 0x4b, 0x9b, 0x5e, 0xb2, 0xd5, 0x5e, 0x9f, 0x76, 0xc3, 0xe6, 0x8c, 0x13, 0x6d,
+	0x86, 0xad, 0x28, 0xbc, 0xc5, 0x7e, 0x3c, 0xeb, 0x36, 0x66, 0x76, 0x9e, 0x9f, 0x69, 0x6d, 0x6f,
+	0xce, 0x38, 0x2d, 0x2f, 0x9e, 0x71, 0x5a, 0x2d, 0xdf, 0x73, 0x9d, 0xc4, 0x0b, 0x83, 0x99, 0x9d,
+	0xe7, 0x1c, 0xbf, 0xb5, 0xe5, 0x3c, 0x37, 0xb3, 0x49, 0x02, 0x12, 0x39, 0x09, 0x69, 0x4c, 0xb7,
+	0xa2, 0x30, 0x09, 0xd1, 0xb7, 0x6a, 0x6a, 0xd3, 0x92, 0x1a, 0xfb, 0xf1, 0xba, 0xdb, 0x98, 0xde,
+	0x79, 0x7e, 0xba, 0xb5, 0xbd, 0x39, 0x4d, 0xa9, 0x4d, 0x1b, 0xd4, 0xa6, 0x25, 0xb5, 0xb3, 0xcf,
+	0x1a, 0x7d, 0xd9, 0x0c, 0x37, 0xc3, 0x19, 0x46, 0x74, 0xbd, 0xbd, 0xc1, 0xfe, 0xb1, 0x3f, 0xec,
+	0x17, 0x67, 0x76, 0xd6, 0xde, 0x7e, 0x29, 0x9e, 0xf6, 0x42, 0xda, 0xbd, 0x19, 0x37, 0x8c, 0xc8,
+	0xcc, 0x4e, 0x57, 0x87, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x37, 0x21, 0x41, 0xec, 0x85, 0x41, 0xfc,
+	0x2c, 0xed, 0x02, 0x89, 0x76, 0x48, 0x64, 0xbe, 0x9e, 0x81, 0x90, 0x47, 0xe9, 0x05, 0x4d, 0xa9,
+	0xe9, 0xb8, 0x5b, 0x5e, 0x40, 0xa2, 0x8e, 0x7e, 0xbc, 0x49, 0x12, 0x27, 0xef, 0xa9, 0x99, 0x5e,
+	0x4f, 0x45, 0xed, 0x20, 0xf1, 0x9a, 0xa4, 0xeb, 0x81, 0x0f, 0x1c, 0xf4, 0x40, 0xec, 0x6e, 0x91,
+	0xa6, 0xd3, 0xf5, 0xdc, 0xf3, 0xbd, 0x9e, 0x6b, 0x27, 0x9e, 0x3f, 0xe3, 0x05, 0x49, 0x9c, 0x44,
+	0xd9, 0x87, 0xec, 0xbf, 0x6f, 0xc1, 0xe8, 0xec, 0xcd, 0xfa, 0x6c, 0x3b, 0xd9, 0x9a, 0x0f, 0x83,
+	0x0d, 0x6f, 0x13, 0xbd, 0x08, 0xc3, 0xae, 0xdf, 0x8e, 0x13, 0x12, 0x5d, 0x73, 0x9a, 0x64, 0xd2,
+	0x3a, 0x67, 0xbd, 0xaf, 0x36, 0x77, 0xf2, 0x37, 0xf7, 0xa6, 0xde, 0x73, 0x67, 0x6f, 0x6a, 0x78,
+	0x5e, 0x83, 0xb0, 0x89, 0x87, 0xbe, 0x11, 0x86, 0xa2, 0xd0, 0x27, 0xb3, 0xf8, 0xda, 0x64, 0x89,
+	0x3d, 0x32, 0x2e, 0x1e, 0x19, 0xc2, 0xbc, 0x19, 0x4b, 0x38, 0x45, 0x6d, 0x45, 0xe1, 0x86, 0xe7,
+	0x93, 0xc9, 0x72, 0x1a, 0x75, 0x95, 0x37, 0x63, 0x09, 0xb7, 0x7f, 0xac, 0x04, 0xe3, 0xb3, 0xad,
+	0xd6, 0x65, 0xe2, 0xf8, 0xc9, 0x56, 0x3d, 0x71, 0x92, 0x76, 0x8c, 0x36, 0x61, 0x30, 0x66, 0xbf,
+	0x44, 0xdf, 0x56, 0xc4, 0xd3, 0x83, 0x1c, 0x7e, 0x77, 0x6f, 0xea, 0xdb, 0xf2, 0x66, 0xf4, 0xa6,
+	0x97, 0x84, 0xad, 0xf8, 0x59, 0x12, 0x6c, 0x7a, 0x01, 0x61, 0xe3, 0xb2, 0xc5, 0xa8, 0x4e, 0x9b,
+	0xc4, 0xe7, 0xc3, 0x06, 0xc1, 0x82, 0x3c, 0xed, 0x67, 0x93, 0xc4, 0xb1, 0xb3, 0x49, 0xb2, 0xaf,
+	0xb4, 0xcc, 0x9b, 0xb1, 0x84, 0xa3, 0x08, 0x90, 0xef, 0xc4, 0xc9, 0x5a, 0xe4, 0x04, 0xb1, 0x47,
+	0xa7, 0xf4, 0x9a, 0xd7, 0xe4, 0x6f, 0x37, 0x7c, 0xfe, 0xff, 0x9b, 0xe6, 0x1f, 0x66, 0xda, 0xfc,
+	0x30, 0x7a, 0x1d, 0xd0, 0x79, 0x33, 0xbd, 0xf3, 0xdc, 0x34, 0x7d, 0x62, 0xee, 0x91, 0x3b, 0x7b,
+	0x53, 0x68, 0xa9, 0x8b, 0x12, 0xce, 0xa1, 0x6e, 0xff, 0x7e, 0x09, 0x60, 0xb6, 0xd5, 0x5a, 0x8d,
+	0xc2, 0x5b, 0xc4, 0x4d, 0xd0, 0x47, 0xa1, 0x4a, 0x49, 0x35, 0x9c, 0xc4, 0x61, 0x03, 0x33, 0x7c,
+	0xfe, 0x9b, 0xfa, 0x63, 0xbc, 0xb2, 0x4e, 0x9f, 0x5f, 0x26, 0x89, 0x33, 0x87, 0xc4, 0x0b, 0x82,
+	0x6e, 0xc3, 0x8a, 0x2a, 0x0a, 0x60, 0x20, 0x6e, 0x11, 0x97, 0x0d, 0xc6, 0xf0, 0xf9, 0xa5, 0xe9,
+	0xa3, 0xac, 0xf4, 0x69, 0xdd, 0xf3, 0x7a, 0x8b, 0xb8, 0x73, 0x23, 0x82, 0xf3, 0x00, 0xfd, 0x87,
+	0x19, 0x1f, 0xb4, 0xa3, 0x3e, 0x34, 0x1f, 0xc8, 0x6b, 0x85, 0x71, 0x64, 0x54, 0xe7, 0xc6, 0xd2,
+	0x13, 0x47, 0x7e, 0x77, 0xfb, 0x4f, 0x2c, 0x18, 0xd3, 0xc8, 0x4b, 0x5e, 0x9c, 0xa0, 0xef, 0xea,
+	0x1a, 0xdc, 0xe9, 0xfe, 0x06, 0x97, 0x3e, 0xcd, 0x86, 0xf6, 0x84, 0x60, 0x56, 0x95, 0x2d, 0xc6,
+	0xc0, 0x36, 0xa1, 0xe2, 0x25, 0xa4, 0x19, 0x4f, 0x96, 0xce, 0x95, 0xdf, 0x37, 0x7c, 0xfe, 0x72,
+	0x51, 0xef, 0x39, 0x37, 0x2a, 0x98, 0x56, 0x16, 0x29, 0x79, 0xcc, 0xb9, 0xd8, 0x7f, 0x39, 0x6a,
+	0xbe, 0x1f, 0x1d, 0x70, 0xf4, 0x1c, 0x0c, 0xc7, 0x61, 0x3b, 0x72, 0x09, 0x26, 0xad, 0x90, 0x2e,
+	0xac, 0x32, 0x9d, 0xee, 0x74, 0xc1, 0xd7, 0x75, 0x33, 0x36, 0x71, 0xd0, 0x17, 0x2c, 0x18, 0x69,
+	0x90, 0x38, 0xf1, 0x02, 0xc6, 0x5f, 0x76, 0x7e, 0xed, 0xc8, 0x9d, 0x97, 0x8d, 0x0b, 0x9a, 0xf8,
+	0xdc, 0x29, 0xf1, 0x22, 0x23, 0x46, 0x63, 0x8c, 0x53, 0xfc, 0xa9, 0xe0, 0x6a, 0x90, 0xd8, 0x8d,
+	0xbc, 0x16, 0xfd, 0x2f, 0x44, 0x8b, 0x12, 0x5c, 0x0b, 0x1a, 0x84, 0x4d, 0x3c, 0x14, 0x40, 0x85,
+	0x0a, 0xa6, 0x78, 0x72, 0x80, 0xf5, 0x7f, 0xf1, 0x68, 0xfd, 0x17, 0x83, 0x4a, 0x65, 0x9e, 0x1e,
+	0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xbc, 0x05, 0x93, 0x42, 0x70, 0x62, 0xc2, 0x07, 0xf4,
+	0xe6, 0x96, 0x97, 0x10, 0xdf, 0x8b, 0x93, 0xc9, 0x0a, 0xeb, 0xc3, 0x4c, 0x7f, 0x73, 0xeb, 0x52,
+	0x14, 0xb6, 0x5b, 0x57, 0xbd, 0xa0, 0x31, 0x77, 0x4e, 0x70, 0x9a, 0x9c, 0xef, 0x41, 0x18, 0xf7,
+	0x64, 0x89, 0x7e, 0xc4, 0x82, 0xb3, 0x81, 0xd3, 0x24, 0x71, 0xcb, 0xa1, 0x9f, 0x96, 0x83, 0xe7,
+	0x7c, 0xc7, 0xdd, 0x66, 0x3d, 0x1a, 0xbc, 0xb7, 0x1e, 0xd9, 0xa2, 0x47, 0x67, 0xaf, 0xf5, 0x24,
+	0x8d, 0xf7, 0x61, 0x8b, 0x7e, 0xca, 0x82, 0x89, 0x30, 0x6a, 0x6d, 0x39, 0x01, 0x69, 0x48, 0x68,
+	0x3c, 0x39, 0xc4, 0x96, 0xde, 0x47, 0x8e, 0xf6, 0x89, 0x56, 0xb2, 0x64, 0x97, 0xc3, 0xc0, 0x4b,
+	0xc2, 0xa8, 0x4e, 0x92, 0xc4, 0x0b, 0x36, 0xe3, 0xb9, 0xd3, 0x77, 0xf6, 0xa6, 0x26, 0xba, 0xb0,
+	0x70, 0x77, 0x7f, 0xd0, 0x77, 0xc3, 0x70, 0xdc, 0x09, 0xdc, 0x9b, 0x5e, 0xd0, 0x08, 0x6f, 0xc7,
+	0x93, 0xd5, 0x22, 0x96, 0x6f, 0x5d, 0x11, 0x14, 0x0b, 0x50, 0x33, 0xc0, 0x26, 0xb7, 0xfc, 0x0f,
+	0xa7, 0xa7, 0x52, 0xad, 0xe8, 0x0f, 0xa7, 0x27, 0xd3, 0x3e, 0x6c, 0xd1, 0x0f, 0x58, 0x30, 0x1a,
+	0x7b, 0x9b, 0x81, 0x93, 0xb4, 0x23, 0x72, 0x95, 0x74, 0xe2, 0x49, 0x60, 0x1d, 0xb9, 0x72, 0xc4,
+	0x51, 0x31, 0x48, 0xce, 0x9d, 0x16, 0x7d, 0x1c, 0x35, 0x5b, 0x63, 0x9c, 0xe6, 0x9b, 0xb7, 0xd0,
+	0xf4, 0xb4, 0x1e, 0x2e, 0x76, 0xa1, 0xe9, 0x49, 0xdd, 0x93, 0x25, 0xfa, 0x0e, 0x38, 0xc1, 0x9b,
+	0xd4, 0xc8, 0xc6, 0x93, 0x23, 0x4c, 0xd0, 0x9e, 0xba, 0xb3, 0x37, 0x75, 0xa2, 0x9e, 0x81, 0xe1,
+	0x2e, 0x6c, 0xf4, 0x06, 0x4c, 0xb5, 0x48, 0xd4, 0xf4, 0x92, 0x95, 0xc0, 0xef, 0x48, 0xf1, 0xed,
+	0x86, 0x2d, 0xd2, 0x10, 0xdd, 0x89, 0x27, 0x47, 0xcf, 0x59, 0xef, 0xab, 0xce, 0xbd, 0x57, 0x74,
+	0x73, 0x6a, 0x75, 0x7f, 0x74, 0x7c, 0x10, 0x3d, 0xf4, 0x1b, 0x16, 0x9c, 0x35, 0xa4, 0x6c, 0x9d,
+	0x44, 0x3b, 0x9e, 0x4b, 0x66, 0x5d, 0x37, 0x6c, 0x07, 0x49, 0x3c, 0x39, 0xc6, 0x86, 0x71, 0xfd,
+	0x38, 0x64, 0x7e, 0x9a, 0x95, 0x9e, 0x97, 0x3d, 0x51, 0x62, 0xbc, 0x4f, 0x4f, 0xed, 0xdf, 0x2a,
+	0xc1, 0x89, 0xac, 0x05, 0x80, 0xfe, 0xb1, 0x05, 0xe3, 0xb7, 0x6e, 0x27, 0x6b, 0xe1, 0x36, 0x09,
+	0xe2, 0xb9, 0x0e, 0x95, 0xd3, 0x4c, 0xf7, 0x0d, 0x9f, 0x77, 0x8b, 0xb5, 0x35, 0xa6, 0xaf, 0xa4,
+	0xb9, 0x5c, 0x08, 0x92, 0xa8, 0x33, 0xf7, 0xa8, 0x78, 0xa7, 0xf1, 0x2b, 0x37, 0xd7, 0x4c, 0x28,
+	0xce, 0x76, 0xea, 0xec, 0x67, 0x2d, 0x38, 0x95, 0x47, 0x02, 0x9d, 0x80, 0xf2, 0x36, 0xe9, 0x70,
+	0x4b, 0x18, 0xd3, 0x9f, 0xe8, 0x35, 0xa8, 0xec, 0x38, 0x7e, 0x9b, 0x08, 0x33, 0xed, 0xd2, 0xd1,
+	0x5e, 0x44, 0xf5, 0x0c, 0x73, 0xaa, 0xdf, 0x52, 0x7a, 0xc9, 0xb2, 0x7f, 0xbb, 0x0c, 0xc3, 0xc6,
+	0x47, 0xbb, 0x0f, 0xa6, 0x67, 0x98, 0x32, 0x3d, 0x97, 0x0b, 0x9b, 0x6f, 0x3d, 0x6d, 0xcf, 0xdb,
+	0x19, 0xdb, 0x73, 0xa5, 0x38, 0x96, 0xfb, 0x1a, 0x9f, 0x28, 0x81, 0x5a, 0xd8, 0xa2, 0x5b, 0x34,
+	0x6a, 0xc3, 0x0c, 0x14, 0xf1, 0x09, 0x57, 0x24, 0xb9, 0xb9, 0xd1, 0x3b, 0x7b, 0x53, 0x35, 0xf5,
+	0x17, 0x6b, 0x46, 0xf6, 0x1f, 0x58, 0x70, 0xca, 0xe8, 0xe3, 0x7c, 0x18, 0x34, 0xd8, 0x46, 0x03,
+	0x9d, 0x83, 0x81, 0xa4, 0xd3, 0x92, 0xdb, 0x40, 0x35, 0x52, 0x6b, 0x9d, 0x16, 0xc1, 0x0c, 0xf2,
+	0xb0, 0xef, 0x92, 0x7e, 0xc4, 0x82, 0x47, 0xf2, 0x05, 0x0c, 0x7a, 0x1a, 0x06, 0xb9, 0x0f, 0x40,
+	0xbc, 0x9d, 0xfe, 0x24, 0xac, 0x15, 0x0b, 0x28, 0x9a, 0x81, 0x9a, 0x52, 0x78, 0xe2, 0x1d, 0x27,
+	0x04, 0x6a, 0x4d, 0x6b, 0x49, 0x8d, 0x43, 0x07, 0x8d, 0xfe, 0x11, 0x26, 0xa8, 0x1a, 0x34, 0xb6,
+	0x69, 0x66, 0x10, 0xfb, 0xf7, 0x2c, 0xf8, 0xfa, 0x7e, 0xc4, 0xde, 0xf1, 0xf5, 0xb1, 0x0e, 0xa7,
+	0x1b, 0x64, 0xc3, 0x69, 0xfb, 0x49, 0x9a, 0xa3, 0xe8, 0xf4, 0x13, 0xe2, 0xe1, 0xd3, 0x0b, 0x79,
+	0x48, 0x38, 0xff, 0x59, 0xfb, 0x3f, 0x5b, 0x6c, 0xbb, 0x2e, 0x5f, 0xeb, 0x3e, 0x6c, 0x9d, 0x82,
+	0xf4, 0xd6, 0x69, 0xb1, 0xb0, 0x65, 0xda, 0x63, 0xef, 0xf4, 0x79, 0x0b, 0xce, 0x1a, 0x58, 0xcb,
+	0x4e, 0xe2, 0x6e, 0x5d, 0xd8, 0x6d, 0x45, 0x24, 0x8e, 0xe9, 0x94, 0x7a, 0xc2, 0x10, 0xc7, 0x73,
+	0xc3, 0x82, 0x42, 0xf9, 0x2a, 0xe9, 0x70, 0xd9, 0xfc, 0x0c, 0x54, 0xf9, 0x9a, 0x0b, 0x23, 0xf1,
+	0x91, 0xd4, 0xbb, 0xad, 0x88, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0xe6, 0x52, 0x19, 0x44,
+	0xcd, 0x04, 0xa0, 0xdf, 0xfd, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0xac, 0x46, 0x84,
+	0xcd, 0x87, 0xc6, 0x45, 0x8f, 0xf8, 0x8d, 0x98, 0x6e, 0xeb, 0x9c, 0x20, 0x08, 0x13, 0xb1, 0x43,
+	0x33, 0xb6, 0x75, 0xb3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xef, 0xac, 0x13, 0x9f, 0x8f, 0xa8,
+	0x60, 0xba, 0xc4, 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x03, 0xa9, 0x24, 0x1a, 0xb9, 0x1f,
+	0xde, 0x87, 0x28, 0xa5, 0x02, 0x56, 0x8b, 0x93, 0xc7, 0xa4, 0xb7, 0x07, 0xe2, 0xcd, 0x8c, 0x16,
+	0xc0, 0x85, 0x72, 0xdd, 0xdf, 0x0b, 0xf1, 0xf1, 0x32, 0x4c, 0xa5, 0x1f, 0xe8, 0x52, 0x22, 0x74,
+	0xcb, 0x6b, 0x30, 0xca, 0xfa, 0xea, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x90, 0xc3, 0xa5, 0xe3, 0x94,
+	0xc3, 0xa6, 0x9a, 0x28, 0x1f, 0xa0, 0x26, 0x9e, 0x56, 0xa3, 0x3e, 0x90, 0x91, 0x79, 0x69, 0x55,
+	0x79, 0x0e, 0x06, 0xe2, 0x84, 0xb4, 0x26, 0x2b, 0x69, 0x31, 0x5b, 0x4f, 0x48, 0x0b, 0x33, 0x08,
+	0xfa, 0x36, 0x18, 0x4f, 0x9c, 0x68, 0x93, 0x24, 0x11, 0xd9, 0xf1, 0x98, 0x5f, 0x97, 0xed, 0x67,
+	0x6b, 0x73, 0x27, 0xa9, 0xd5, 0xb5, 0xc6, 0x40, 0x58, 0x82, 0x70, 0x16, 0xd7, 0xfe, 0xef, 0x25,
+	0x78, 0x34, 0xfd, 0x09, 0xb4, 0x62, 0xfc, 0xf6, 0x94, 0x62, 0x7c, 0xbf, 0xa9, 0x18, 0xef, 0xee,
+	0x4d, 0x3d, 0xd6, 0xe3, 0xb1, 0xaf, 0x19, 0xbd, 0x89, 0x2e, 0x65, 0x3e, 0xc2, 0x4c, 0x97, 0x97,
+	0xf5, 0x89, 0x1e, 0xef, 0x98, 0xf9, 0x4a, 0x4f, 0xc3, 0x60, 0x44, 0x9c, 0x38, 0x0c, 0xc4, 0x77,
+	0x52, 0x5f, 0x13, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xef, 0xd6, 0xb2, 0x83, 0x7d, 0x89, 0xfb, 0xaa,
+	0xc3, 0x08, 0x79, 0x30, 0xc0, 0x76, 0x6d, 0x5c, 0xb2, 0x5c, 0x3d, 0xda, 0x2a, 0xa4, 0x5a, 0x44,
+	0x91, 0x9e, 0xab, 0xd2, 0xaf, 0x46, 0x9b, 0x30, 0x63, 0x81, 0x76, 0xa1, 0xea, 0xca, 0xcd, 0x54,
+	0xa9, 0x08, 0xb7, 0xa3, 0xd8, 0x4a, 0x69, 0x8e, 0x23, 0x54, 0xdc, 0xab, 0x1d, 0x98, 0xe2, 0x86,
+	0x08, 0x94, 0x37, 0xbd, 0x44, 0x7c, 0xd6, 0x23, 0x6e, 0x97, 0x2f, 0x79, 0xc6, 0x2b, 0x0e, 0x51,
+	0x1d, 0x74, 0xc9, 0x4b, 0x30, 0xa5, 0x8f, 0x3e, 0x6d, 0xc1, 0x70, 0xec, 0x36, 0x57, 0xa3, 0x70,
+	0xc7, 0x6b, 0x90, 0x48, 0xd8, 0x98, 0x47, 0x94, 0x6c, 0xf5, 0xf9, 0x65, 0x49, 0x50, 0xf3, 0xe5,
+	0xee, 0x0b, 0x0d, 0xc1, 0x26, 0x5f, 0xba, 0xf7, 0x7a, 0x54, 0xbc, 0xfb, 0x02, 0x71, 0xd9, 0x8a,
+	0x93, 0x7b, 0x66, 0x36, 0x53, 0x8e, 0x6c, 0x73, 0x2f, 0xb4, 0xdd, 0x6d, 0xba, 0xde, 0x74, 0x87,
+	0x1e, 0xbb, 0xb3, 0x37, 0xf5, 0xe8, 0x7c, 0x3e, 0x4f, 0xdc, 0xab, 0x33, 0x6c, 0xc0, 0x5a, 0x6d,
+	0xdf, 0xc7, 0xe4, 0x8d, 0x36, 0x61, 0x1e, 0xb1, 0x02, 0x06, 0x6c, 0x55, 0x13, 0xcc, 0x0c, 0x98,
+	0x01, 0xc1, 0x26, 0x5f, 0xf4, 0x06, 0x0c, 0x36, 0x9d, 0x24, 0xf2, 0x76, 0x85, 0x1b, 0xec, 0x88,
+	0xbb, 0xa0, 0x65, 0x46, 0x4b, 0x33, 0x67, 0x8a, 0x9e, 0x37, 0x62, 0xc1, 0x08, 0x35, 0xa1, 0xd2,
+	0x24, 0xd1, 0x26, 0x99, 0xac, 0x16, 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x1a, 0x35, 0xae,
+	0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0x6b, 0x50, 0x8d, 0x89, 0x4f, 0x5c, 0x6a, 0x1e, 0xd5, 0x18, 0xc7,
+	0xe7, 0xfb, 0x34, 0x15, 0xa9, 0x5d, 0x52, 0x17, 0x8f, 0xf2, 0x05, 0x26, 0xff, 0x61, 0x45, 0x92,
+	0x0e, 0x60, 0xcb, 0x6f, 0x6f, 0x7a, 0xc1, 0x24, 0x14, 0x31, 0x80, 0xab, 0x8c, 0x56, 0x66, 0x00,
+	0x79, 0x23, 0x16, 0x8c, 0xec, 0xff, 0x66, 0x01, 0x4a, 0x0b, 0xb5, 0xfb, 0x60, 0x13, 0xbf, 0x91,
+	0xb6, 0x89, 0x97, 0x8a, 0x34, 0x5a, 0x7a, 0x98, 0xc5, 0xbf, 0x50, 0x83, 0x8c, 0x3a, 0xb8, 0x46,
+	0xe2, 0x84, 0x34, 0xde, 0x15, 0xe1, 0xef, 0x8a, 0xf0, 0x77, 0x45, 0xb8, 0x12, 0xe1, 0xeb, 0x19,
+	0x11, 0xfe, 0x41, 0x63, 0xd5, 0xeb, 0xd8, 0x83, 0xd7, 0x55, 0x70, 0x82, 0xd9, 0x03, 0x03, 0x81,
+	0x4a, 0x82, 0x2b, 0xf5, 0x95, 0x6b, 0xb9, 0x32, 0xfb, 0xf5, 0xb4, 0xcc, 0x3e, 0x2a, 0x8b, 0xbf,
+	0x09, 0x52, 0xfa, 0x37, 0x2c, 0x78, 0x6f, 0x5a, 0x7a, 0xc9, 0x99, 0xb3, 0xb8, 0x19, 0x84, 0x11,
+	0x59, 0xf0, 0x36, 0x36, 0x48, 0x44, 0x02, 0x97, 0xc4, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0,
+	0x17, 0x60, 0xe4, 0x56, 0x1c, 0x06, 0xab, 0xa1, 0x17, 0x08, 0x11, 0x44, 0x77, 0x1c, 0x27, 0xee,
+	0xec, 0x4d, 0x8d, 0xd0, 0x11, 0x95, 0xed, 0x38, 0x85, 0x85, 0xe6, 0x61, 0xe2, 0xd6, 0x1b, 0xab,
+	0x4e, 0x62, 0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x79, 0x25, 0x03, 0xc4, 0xdd, 0xf8,
+	0xf6, 0xdf, 0x2b, 0xc1, 0x99, 0xcc, 0x8b, 0x84, 0xbe, 0x1f, 0xb6, 0x13, 0xba, 0x27, 0x42, 0x3f,
+	0x61, 0xc1, 0x89, 0x66, 0xda, 0x61, 0x11, 0x0b, 0x77, 0xf7, 0x77, 0x16, 0xa6, 0x23, 0x32, 0x1e,
+	0x91, 0xb9, 0x49, 0x31, 0x42, 0x27, 0x32, 0x80, 0x18, 0x77, 0xf5, 0x05, 0xbd, 0x06, 0xb5, 0xa6,
+	0xb3, 0x7b, 0xbd, 0xd5, 0x70, 0x12, 0xb9, 0x1d, 0xed, 0xed, 0x45, 0x68, 0x27, 0x9e, 0x3f, 0xcd,
+	0xa3, 0x5a, 0xa6, 0x17, 0x83, 0x64, 0x25, 0xaa, 0x27, 0x91, 0x17, 0x6c, 0x72, 0x27, 0xe7, 0xb2,
+	0x24, 0x83, 0x35, 0x45, 0xfb, 0xc7, 0xad, 0xac, 0x92, 0x52, 0xa3, 0x13, 0x39, 0x09, 0xd9, 0xec,
+	0xa0, 0xb7, 0xa0, 0x42, 0xf7, 0x8d, 0x72, 0x54, 0x6e, 0x16, 0xa9, 0x39, 0x8d, 0x2f, 0xa1, 0x95,
+	0x28, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0x89, 0x5a, 0xd6, 0x58, 0x60, 0x67, 0xf3, 0xe7, 0x01,
+	0x36, 0xc3, 0x35, 0xd2, 0x6c, 0xf9, 0x74, 0x58, 0x2c, 0x76, 0xc0, 0xa3, 0x5c, 0x25, 0x97, 0x14,
+	0x04, 0x1b, 0x58, 0xe8, 0x07, 0x2d, 0x80, 0x4d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, 0xc8, 0xd7,
+	0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0x7d, 0x16, 0x54, 0x13, 0xd9, 0x7d,
+	0xae, 0x1a, 0xd7, 0x8a, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, 0xd1, 0xf7,
+	0x5b, 0x00, 0x71, 0x27, 0x70, 0x57, 0x43, 0xdf, 0x73, 0x3b, 0x42, 0x63, 0xde, 0x28, 0xd4, 0x9d,
+	0xa3, 0xa8, 0xcf, 0x8d, 0xd1, 0xd1, 0xd0, 0xff, 0xb1, 0xc1, 0x19, 0x7d, 0x0c, 0xaa, 0xb1, 0x98,
+	0x6e, 0x42, 0x47, 0xae, 0x15, 0xeb, 0x54, 0xe2, 0xb4, 0x85, 0x78, 0x15, 0xff, 0xb0, 0xe2, 0x89,
+	0x7e, 0xd4, 0x82, 0xf1, 0x56, 0xda, 0x4d, 0x28, 0xd4, 0x61, 0x71, 0x32, 0x20, 0xe3, 0x86, 0xe4,
+	0xde, 0x96, 0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, 0x83, 0x57, 0x5a, 0xdc, 0x65, 0x39,
+	0xa4, 0x25, 0xe0, 0xa5, 0x2c, 0x10, 0x77, 0xe3, 0xa3, 0x55, 0x38, 0x45, 0x7b, 0xd7, 0xe1, 0xe6,
+	0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xb9, 0xc7, 0xc5, 0x0c, 0x61, 0x67, 0x1d, 0x59, 0x1c,
+	0x9c, 0xfb, 0x24, 0xfa, 0x6d, 0x0b, 0x1e, 0xf7, 0x98, 0x1a, 0x30, 0x1d, 0xf6, 0x5a, 0x23, 0x88,
+	0x83, 0x76, 0x52, 0xa8, 0xac, 0xe8, 0xa5, 0x7e, 0xe6, 0xbe, 0x5e, 0xbc, 0xc1, 0xe3, 0x8b, 0xfb,
+	0x74, 0x09, 0xef, 0xdb, 0x61, 0xf4, 0xcd, 0x30, 0x2a, 0xd7, 0xc5, 0x2a, 0x15, 0xc1, 0x4c, 0xd1,
+	0xd6, 0xe6, 0x26, 0xee, 0xec, 0x4d, 0x8d, 0xae, 0x99, 0x00, 0x9c, 0xc6, 0xb3, 0xff, 0x55, 0x39,
+	0x75, 0x4a, 0xa4, 0x7c, 0x98, 0x4c, 0xdc, 0xb8, 0xd2, 0xff, 0x23, 0xa5, 0x67, 0xa1, 0xe2, 0x46,
+	0x79, 0x97, 0xb4, 0xb8, 0x51, 0x4d, 0x31, 0x36, 0x98, 0x53, 0xa3, 0x74, 0xc2, 0xc9, 0x7a, 0x4a,
+	0x85, 0x04, 0x7c, 0xad, 0xc8, 0x2e, 0x75, 0x9f, 0xe9, 0x9d, 0x11, 0x5d, 0x9b, 0xe8, 0x02, 0xe1,
+	0xee, 0x2e, 0xa1, 0xef, 0x81, 0x5a, 0xa4, 0x22, 0x5b, 0xca, 0x45, 0x6c, 0xd5, 0xe4, 0xb4, 0x11,
+	0xdd, 0x51, 0x07, 0x40, 0x3a, 0x86, 0x45, 0x73, 0xb4, 0x3f, 0x53, 0x4a, 0x1d, 0x8c, 0x19, 0xb2,
+	0xa3, 0x8f, 0x43, 0xbf, 0x2f, 0x58, 0x30, 0x1c, 0x85, 0xbe, 0xef, 0x05, 0x9b, 0x54, 0xce, 0x09,
+	0x65, 0xfd, 0xe1, 0x63, 0xd1, 0x97, 0x42, 0xa0, 0x31, 0xcb, 0x1a, 0x6b, 0x9e, 0xd8, 0xec, 0x00,
+	0x7a, 0x19, 0x46, 0x1b, 0xc4, 0x27, 0xf4, 0xd9, 0x95, 0x88, 0xee, 0x89, 0xb8, 0x93, 0x59, 0x45,
+	0x8a, 0x2c, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0xff, 0xc4, 0x82, 0xc9, 0x5e, 0xc2, 0x1c, 0x11, 0x78,
+	0x4c, 0x4a, 0x2a, 0x35, 0x8e, 0x2b, 0x81, 0xa4, 0x27, 0xf4, 0xf1, 0x53, 0x82, 0xcf, 0x63, 0xab,
+	0xbd, 0x51, 0xf1, 0x7e, 0x74, 0xd0, 0xab, 0x70, 0xc2, 0x18, 0x94, 0x58, 0x8d, 0x6a, 0x6d, 0x6e,
+	0x9a, 0x5a, 0x4f, 0xb3, 0x19, 0xd8, 0xdd, 0xbd, 0xa9, 0x47, 0xb2, 0x6d, 0x42, 0xdb, 0x74, 0xd1,
+	0xb1, 0x7f, 0xba, 0xeb, 0x53, 0x2b, 0x43, 0xe1, 0x1d, 0xab, 0xcb, 0x15, 0xf1, 0x9d, 0xc7, 0xa1,
+	0x9c, 0x99, 0xd3, 0x42, 0xc5, 0x70, 0xf4, 0xc6, 0x79, 0x80, 0x67, 0xfe, 0xf6, 0xbf, 0x19, 0x80,
+	0x7d, 0x7a, 0xd6, 0x87, 0xe5, 0x7f, 0xe8, 0x43, 0xd8, 0xcf, 0x59, 0xea, 0xb4, 0x8d, 0x0b, 0x80,
+	0xc6, 0x71, 0x8d, 0x3d, 0xdf, 0x7c, 0xc5, 0x3c, 0xee, 0x44, 0xb9, 0xe0, 0xd3, 0xe7, 0x7a, 0xe8,
+	0x4b, 0x56, 0xfa, 0xbc, 0x90, 0x47, 0x44, 0x7a, 0xc7, 0xd6, 0x27, 0xe3, 0x10, 0x92, 0x77, 0x4c,
+	0x1f, 0x5d, 0xf5, 0x3a, 0x9e, 0x9c, 0x06, 0xd8, 0xf0, 0x02, 0xc7, 0xf7, 0xde, 0xa4, 0x5b, 0xab,
+	0x0a, 0xb3, 0x0e, 0x98, 0xb9, 0x75, 0x51, 0xb5, 0x62, 0x03, 0xe3, 0xec, 0xff, 0x0f, 0xc3, 0xc6,
+	0x9b, 0xe7, 0x84, 0xcb, 0x9c, 0x32, 0xc3, 0x65, 0x6a, 0x46, 0x94, 0xcb, 0xd9, 0x0f, 0xc2, 0x89,
+	0x6c, 0x07, 0x0f, 0xf3, 0xbc, 0xfd, 0xbf, 0x87, 0xb2, 0x07, 0x78, 0x6b, 0x24, 0x6a, 0xd2, 0xae,
+	0xbd, 0xeb, 0x15, 0x7b, 0xd7, 0x2b, 0xf6, 0xae, 0x57, 0xcc, 0x3c, 0xd8, 0x10, 0x1e, 0x9f, 0xa1,
+	0xfb, 0xe4, 0xf1, 0x49, 0xf9, 0xb0, 0xaa, 0x85, 0xfb, 0xb0, 0xec, 0x4f, 0x77, 0xb9, 0xfd, 0xd7,
+	0x22, 0x42, 0x50, 0x08, 0x95, 0x20, 0x6c, 0x10, 0x69, 0x20, 0x5f, 0x29, 0xc6, 0xda, 0xbb, 0x16,
+	0x36, 0x8c, 0x58, 0x73, 0xfa, 0x2f, 0xc6, 0x9c, 0x8f, 0xfd, 0xa9, 0x41, 0x48, 0xd9, 0xa2, 0xfc,
+	0xbb, 0x7f, 0x23, 0x0c, 0x45, 0xa4, 0x15, 0x5e, 0xc7, 0x4b, 0x42, 0x97, 0xe9, 0x54, 0x1d, 0xde,
+	0x8c, 0x25, 0x9c, 0xea, 0xbc, 0x96, 0x93, 0x6c, 0x09, 0x65, 0xa6, 0x74, 0xde, 0xaa, 0x93, 0x6c,
+	0x61, 0x06, 0x41, 0x1f, 0x84, 0xb1, 0x24, 0x75, 0x8e, 0x2e, 0xce, 0x8b, 0x1f, 0x11, 0xb8, 0x63,
+	0xe9, 0x53, 0x76, 0x9c, 0xc1, 0x46, 0x6f, 0xc0, 0xc0, 0x16, 0xf1, 0x9b, 0xe2, 0xd3, 0xd7, 0x8b,
+	0xd3, 0x35, 0xec, 0x5d, 0x2f, 0x13, 0xbf, 0xc9, 0x25, 0x21, 0xfd, 0x85, 0x19, 0x2b, 0x3a, 0xef,
+	0x6b, 0xdb, 0xed, 0x38, 0x09, 0x9b, 0xde, 0x9b, 0xd2, 0x4d, 0xfa, 0x9d, 0x05, 0x33, 0xbe, 0x2a,
+	0xe9, 0x73, 0x7f, 0x94, 0xfa, 0x8b, 0x35, 0x67, 0xd6, 0x8f, 0x86, 0x17, 0xb1, 0x29, 0xd3, 0x11,
+	0xde, 0xce, 0xa2, 0xfb, 0xb1, 0x20, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, 0x46, 0x1d, 0xb5,
+	0xfe, 0x86, 0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, 0xf6, 0x72, 0xd7, 0xe1, 0x53, 0x50, 0x71,
+	0xb7, 0x9c, 0x28, 0x99, 0x1c, 0x61, 0x93, 0x46, 0xcd, 0xe2, 0x79, 0xda, 0x88, 0x39, 0x0c, 0x3d,
+	0x01, 0xe5, 0x88, 0x6c, 0xb0, 0xd0, 0x66, 0x23, 0xa8, 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d,
+	0x36, 0xd6, 0x33, 0xda, 0xee, 0x27, 0x4b, 0x69, 0xc3, 0x2e, 0x3d, 0x32, 0x7c, 0x3d, 0xb8, 0xed,
+	0x28, 0x96, 0xde, 0x35, 0x63, 0x3d, 0xb0, 0x66, 0x2c, 0xe1, 0xe8, 0x13, 0x16, 0x0c, 0xdd, 0x8a,
+	0xc3, 0x20, 0x20, 0x89, 0x50, 0xa2, 0x37, 0x0a, 0x1e, 0xac, 0x2b, 0x9c, 0xba, 0xee, 0x83, 0x68,
+	0xc0, 0x92, 0x2f, 0xed, 0x2e, 0xd9, 0x75, 0xfd, 0x76, 0xa3, 0x2b, 0x92, 0xe6, 0x02, 0x6f, 0xc6,
+	0x12, 0x4e, 0x51, 0xbd, 0x80, 0xa3, 0x0e, 0xa4, 0x51, 0x17, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0xcf,
+	0x55, 0xe1, 0x74, 0xee, 0xf2, 0xa1, 0x26, 0x17, 0x33, 0x6a, 0x2e, 0x7a, 0x3e, 0x91, 0x31, 0x64,
+	0xcc, 0xe4, 0xba, 0xa1, 0x5a, 0xb1, 0x81, 0x81, 0xbe, 0x17, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x28,
+	0xef, 0xf7, 0x91, 0x2d, 0x1b, 0xda, 0x8f, 0x55, 0x49, 0x53, 0x7b, 0x00, 0x54, 0x53, 0x8c, 0x0d,
+	0x96, 0xe8, 0x45, 0x18, 0x8e, 0x88, 0x4f, 0x9c, 0x98, 0xc5, 0xce, 0x67, 0x13, 0x81, 0xb0, 0x06,
+	0x61, 0x13, 0x0f, 0x3d, 0xad, 0xc2, 0xed, 0x32, 0x61, 0x47, 0xe9, 0x90, 0x3b, 0xf4, 0x45, 0x0b,
+	0xc6, 0x36, 0x3c, 0x9f, 0x68, 0xee, 0x22, 0x6d, 0x67, 0xe5, 0xe8, 0x2f, 0x79, 0xd1, 0xa4, 0xab,
+	0x65, 0x68, 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0xef, 0x90, 0x88, 0x09, 0xdf, 0xc1, 0xf4,
+	0x67, 0xbe, 0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x59, 0x18, 0x6f, 0x39, 0x71, 0x3c, 0x1f, 0x91, 0x06,
+	0x09, 0x12, 0xcf, 0xf1, 0x79, 0x52, 0x4d, 0x55, 0xc7, 0xa2, 0xaf, 0xa6, 0xc1, 0x38, 0x8b, 0x8f,
+	0x3e, 0x04, 0x8f, 0x72, 0xf7, 0xd2, 0xb2, 0x17, 0xc7, 0x5e, 0xb0, 0xa9, 0xa7, 0x81, 0xf0, 0xb2,
+	0x4d, 0x09, 0x52, 0x8f, 0x2e, 0xe6, 0xa3, 0xe1, 0x5e, 0xcf, 0xa3, 0x67, 0xa0, 0x1a, 0x6f, 0x7b,
+	0xad, 0xf9, 0xa8, 0x11, 0xb3, 0xa3, 0xa5, 0xaa, 0xf6, 0xe9, 0xd6, 0x45, 0x3b, 0x56, 0x18, 0xc8,
+	0x85, 0x11, 0xfe, 0x49, 0x78, 0xbc, 0xa0, 0x90, 0xa0, 0xcf, 0xf6, 0x54, 0xe4, 0x22, 0x7f, 0x76,
+	0x1a, 0x3b, 0xb7, 0x2f, 0xc8, 0x83, 0x2e, 0x7e, 0x2e, 0x73, 0xc3, 0x20, 0x83, 0x53, 0x44, 0xd3,
+	0x7b, 0xba, 0xe1, 0x3e, 0xf6, 0x74, 0x2f, 0xc2, 0xf0, 0x76, 0x7b, 0x9d, 0x88, 0x91, 0x17, 0x82,
+	0x4d, 0xcd, 0xbe, 0xab, 0x1a, 0x84, 0x4d, 0x3c, 0x16, 0xaa, 0xd9, 0xf2, 0xc4, 0xbf, 0x78, 0x72,
+	0xd4, 0x08, 0xd5, 0x5c, 0x5d, 0x94, 0xcd, 0xd8, 0xc4, 0xa1, 0x5d, 0xa3, 0x63, 0xb1, 0x46, 0x62,
+	0x96, 0x89, 0x41, 0x87, 0x4b, 0x75, 0xad, 0x2e, 0x01, 0x58, 0xe3, 0xa0, 0x55, 0x38, 0x45, 0xff,
+	0xd4, 0x59, 0xfe, 0xf0, 0x0d, 0xc7, 0xf7, 0x1a, 0x3c, 0x6e, 0x70, 0x3c, 0xed, 0x1c, 0xad, 0xe7,
+	0xe0, 0xe0, 0xdc, 0x27, 0xed, 0x1f, 0x2b, 0xa5, 0x3d, 0x27, 0xa6, 0x08, 0x43, 0x31, 0x15, 0x54,
+	0xc9, 0x0d, 0x27, 0x92, 0x06, 0xcf, 0x11, 0x33, 0xa3, 0x04, 0xdd, 0x1b, 0x4e, 0x64, 0x8a, 0x3c,
+	0xc6, 0x00, 0x4b, 0x4e, 0xe8, 0x16, 0x0c, 0x24, 0xbe, 0x53, 0x50, 0x2a, 0xa5, 0xc1, 0x51, 0x7b,
+	0xc1, 0x96, 0x66, 0x63, 0xcc, 0x78, 0xa0, 0xc7, 0xe9, 0xee, 0x6d, 0x5d, 0x1e, 0xd3, 0x89, 0x0d,
+	0xd7, 0x7a, 0x8c, 0x59, 0xab, 0xfd, 0xb7, 0x47, 0x73, 0xb4, 0x8e, 0x32, 0x04, 0xd0, 0x79, 0x00,
+	0x3a, 0x69, 0x56, 0x23, 0xb2, 0xe1, 0xed, 0x0a, 0x43, 0x4c, 0x49, 0xb6, 0x6b, 0x0a, 0x82, 0x0d,
+	0x2c, 0xf9, 0x4c, 0xbd, 0xbd, 0x41, 0x9f, 0x29, 0x75, 0x3f, 0xc3, 0x21, 0xd8, 0xc0, 0x42, 0x2f,
+	0xc0, 0xa0, 0xd7, 0x74, 0x36, 0x55, 0x14, 0xf1, 0xe3, 0x54, 0xa4, 0x2d, 0xb2, 0x96, 0xbb, 0x7b,
+	0x53, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, 0xf4, 0xd3, 0x16, 0x8c, 0xb8, 0x61, 0xb3, 0x19,
+	0x06, 0x7c, 0xfb, 0x2c, 0x7c, 0x01, 0xb7, 0x8e, 0xcb, 0x4c, 0x9a, 0x9e, 0x37, 0x98, 0x71, 0x67,
+	0x80, 0xca, 0xf9, 0x34, 0x41, 0x38, 0xd5, 0x2b, 0x53, 0xf2, 0x55, 0x0e, 0x90, 0x7c, 0x3f, 0x6f,
+	0xc1, 0x04, 0x7f, 0xd6, 0xd8, 0xd5, 0x8b, 0xf4, 0xc6, 0xf0, 0x98, 0x5f, 0xab, 0xcb, 0xd1, 0xa1,
+	0x3c, 0xc5, 0x5d, 0x70, 0xdc, 0xdd, 0x49, 0x74, 0x09, 0x26, 0x36, 0xc2, 0xc8, 0x25, 0xe6, 0x40,
+	0x08, 0xb1, 0xad, 0x08, 0x5d, 0xcc, 0x22, 0xe0, 0xee, 0x67, 0xd0, 0x0d, 0x78, 0xc4, 0x68, 0x34,
+	0xc7, 0x81, 0x4b, 0xee, 0x27, 0x05, 0xb5, 0x47, 0x2e, 0xe6, 0x62, 0xe1, 0x1e, 0x4f, 0xa7, 0x85,
+	0x64, 0xad, 0x0f, 0x21, 0xf9, 0x3a, 0x9c, 0x71, 0xbb, 0x47, 0x66, 0x27, 0x6e, 0xaf, 0xc7, 0x5c,
+	0x8e, 0x57, 0xe7, 0xbe, 0x4e, 0x10, 0x38, 0x33, 0xdf, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0xde, 0x82,
+	0x6a, 0x44, 0xd8, 0x57, 0x89, 0x45, 0xae, 0xdf, 0x11, 0xbd, 0x1d, 0xda, 0x82, 0xe7, 0x64, 0xb5,
+	0x66, 0x12, 0x0d, 0x31, 0x56, 0x1c, 0xd1, 0x6d, 0x18, 0x6a, 0x39, 0x89, 0xbb, 0x25, 0x32, 0xfc,
+	0x8e, 0xec, 0xd8, 0x57, 0xcc, 0xd9, 0x39, 0x8c, 0x51, 0x2f, 0x81, 0x33, 0xc1, 0x92, 0x1b, 0xb5,
+	0xd5, 0xdc, 0xb0, 0xd9, 0x0a, 0x03, 0x12, 0x24, 0x52, 0x89, 0x8c, 0xf1, 0xc3, 0x12, 0xd9, 0x8a,
+	0x0d, 0x8c, 0x2e, 0x5d, 0xae, 0xd1, 0x26, 0x27, 0xf6, 0xd1, 0xe5, 0x06, 0xb5, 0x5e, 0xcf, 0x53,
+	0x65, 0xc3, 0xdc, 0x8a, 0x37, 0xbd, 0x64, 0x2b, 0x6c, 0x27, 0x72, 0x97, 0x2c, 0x14, 0x95, 0x52,
+	0x36, 0x4b, 0x39, 0x38, 0x38, 0xf7, 0xc9, 0xac, 0x66, 0x1d, 0xbf, 0x37, 0xcd, 0x7a, 0xa2, 0x0f,
+	0xcd, 0x5a, 0x87, 0xd3, 0xac, 0x07, 0xc2, 0x4a, 0x96, 0x4e, 0xcb, 0x78, 0x12, 0xb1, 0xce, 0xab,
+	0xe4, 0x98, 0xa5, 0x3c, 0x24, 0x9c, 0xff, 0xec, 0xd9, 0x6f, 0x87, 0x89, 0x2e, 0x21, 0x77, 0x28,
+	0x87, 0xe4, 0x02, 0x3c, 0x92, 0x2f, 0x4e, 0x0e, 0xe5, 0x96, 0xfc, 0xb9, 0x4c, 0x50, 0xbb, 0xb1,
+	0x45, 0xeb, 0xc3, 0xc5, 0xed, 0x40, 0x99, 0x04, 0x3b, 0x42, 0xbb, 0x5e, 0x3c, 0xda, 0xac, 0xbe,
+	0x10, 0xec, 0x70, 0x69, 0xc8, 0xfc, 0x78, 0x17, 0x82, 0x1d, 0x4c, 0x69, 0xa3, 0x1f, 0xb6, 0x52,
+	0x1b, 0x08, 0xee, 0x18, 0xff, 0xc8, 0xb1, 0xec, 0x49, 0xfb, 0xde, 0x53, 0xd8, 0xff, 0xb6, 0x04,
+	0xe7, 0x0e, 0x22, 0xd2, 0xc7, 0xf0, 0x3d, 0x05, 0x83, 0x31, 0x0b, 0x53, 0x11, 0xea, 0x6a, 0x98,
+	0xae, 0x62, 0x1e, 0xb8, 0xf2, 0x3a, 0x16, 0x20, 0xe4, 0x43, 0xb9, 0xe9, 0xb4, 0x84, 0xbf, 0x74,
+	0xf1, 0xa8, 0xc9, 0x7f, 0xf4, 0xbf, 0xe3, 0x2f, 0x3b, 0x2d, 0x3e, 0xe7, 0x8d, 0x06, 0x4c, 0xd9,
+	0xa0, 0x04, 0x2a, 0x4e, 0x14, 0x39, 0x32, 0x26, 0xe2, 0x6a, 0x31, 0xfc, 0x66, 0x29, 0x49, 0x7e,
+	0xa4, 0x9c, 0x6a, 0xc2, 0x9c, 0x99, 0xfd, 0xa3, 0xd5, 0x54, 0xa6, 0x18, 0x0b, 0x74, 0x89, 0x61,
+	0x50, 0xb8, 0x49, 0xad, 0xa2, 0x73, 0x2e, 0x79, 0x2a, 0x36, 0xf3, 0x40, 0x88, 0x82, 0x16, 0x82,
+	0x15, 0xfa, 0xac, 0xc5, 0xca, 0x46, 0xc8, 0xf4, 0x3b, 0xb1, 0xab, 0x3f, 0x9e, 0x2a, 0x16, 0x66,
+	0x31, 0x0a, 0xd9, 0x88, 0x4d, 0xee, 0xa2, 0x34, 0x0e, 0xdb, 0xcd, 0x74, 0x97, 0xc6, 0x61, 0xbb,
+	0x13, 0x09, 0x47, 0xbb, 0x39, 0x01, 0x2d, 0x05, 0x94, 0x1e, 0xe8, 0x23, 0x84, 0xe5, 0x4b, 0x16,
+	0x4c, 0x78, 0xd9, 0xc8, 0x04, 0xb1, 0x07, 0xbe, 0x59, 0x8c, 0x4f, 0xb3, 0x3b, 0xf0, 0x41, 0x19,
+	0x3a, 0x5d, 0x20, 0xdc, 0xdd, 0x19, 0xd4, 0x80, 0x01, 0x2f, 0xd8, 0x08, 0x85, 0x79, 0x37, 0x77,
+	0xb4, 0x4e, 0x2d, 0x06, 0x1b, 0xa1, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, 0x12, 0x9c, 0x92,
+	0xc9, 0x42, 0x97, 0xbd, 0x38, 0x09, 0xa3, 0xce, 0x92, 0xd7, 0xf4, 0x12, 0x66, 0x9a, 0x95, 0xe7,
+	0x26, 0xa9, 0x7a, 0xc3, 0x39, 0x70, 0x9c, 0xfb, 0x14, 0x7a, 0x13, 0x86, 0x64, 0x34, 0x40, 0xb5,
+	0x08, 0x7f, 0x42, 0xf7, 0xfc, 0x57, 0x93, 0xa9, 0x2e, 0xc2, 0x01, 0x24, 0x43, 0xf4, 0x19, 0x0b,
+	0xc6, 0xf8, 0xef, 0xcb, 0x9d, 0x06, 0xcf, 0x4f, 0xac, 0x15, 0x11, 0xf2, 0x5f, 0x4f, 0xd1, 0x9c,
+	0x43, 0x77, 0xf6, 0xa6, 0xc6, 0xd2, 0x6d, 0x38, 0xc3, 0xd7, 0xfe, 0x27, 0x23, 0xd0, 0x1d, 0x3f,
+	0x91, 0x0e, 0x96, 0xb0, 0xee, 0x77, 0xb0, 0x04, 0xdd, 0x55, 0xc6, 0x3a, 0xce, 0xa1, 0x80, 0x65,
+	0x26, 0xb8, 0xea, 0x63, 0xe8, 0x4e, 0xe0, 0x62, 0xc6, 0x03, 0xb5, 0x61, 0x90, 0x57, 0xa6, 0x12,
+	0x1a, 0xe0, 0xe8, 0x27, 0xdf, 0x66, 0x85, 0x2b, 0xed, 0xd6, 0xe2, 0xad, 0x58, 0x30, 0x43, 0xbb,
+	0x30, 0xb4, 0xc5, 0xa7, 0xa3, 0xd8, 0xeb, 0x2d, 0x1f, 0x75, 0x7c, 0x53, 0x73, 0x5c, 0x4f, 0x3e,
+	0xd1, 0x80, 0x25, 0x3b, 0x16, 0x9b, 0x67, 0x44, 0x0f, 0x71, 0x41, 0x52, 0x5c, 0xaa, 0x65, 0xff,
+	0xa1, 0x43, 0x1f, 0x85, 0x91, 0x88, 0xb8, 0x61, 0xe0, 0x7a, 0x3e, 0x69, 0xcc, 0xca, 0x03, 0xb1,
+	0xc3, 0x64, 0xd8, 0x31, 0x6f, 0x12, 0x36, 0x68, 0xe0, 0x14, 0x45, 0xb6, 0xce, 0x54, 0xd6, 0x3d,
+	0xfd, 0x20, 0x44, 0x1c, 0x7c, 0x2c, 0x15, 0x94, 0xe3, 0xcf, 0x68, 0xf2, 0x75, 0x96, 0x6e, 0xc3,
+	0x19, 0xbe, 0xe8, 0x55, 0x80, 0x70, 0x9d, 0x07, 0xe0, 0xcd, 0x26, 0xe2, 0x14, 0xe4, 0x30, 0xaf,
+	0x3a, 0xc6, 0x33, 0x75, 0x25, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x01, 0xf8, 0xca, 0x59, 0xeb, 0xb4,
+	0xe4, 0x86, 0x50, 0xa6, 0x48, 0x42, 0x5d, 0x41, 0xee, 0xee, 0x4d, 0x75, 0xfb, 0x9c, 0x59, 0x94,
+	0x91, 0xf1, 0x38, 0xfa, 0x6e, 0x18, 0x8a, 0xdb, 0xcd, 0xa6, 0xa3, 0xce, 0x48, 0x0a, 0xcc, 0xfd,
+	0xe5, 0x74, 0x0d, 0xc1, 0xc8, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0x11, 0x2f, 0x24, 0x14, 0x5f,
+	0x45, 0xdc, 0x42, 0xe1, 0x9e, 0xc0, 0x0f, 0xc8, 0x5d, 0x0c, 0xce, 0xc1, 0xb9, 0xbb, 0x37, 0xf5,
+	0x48, 0xba, 0x7d, 0x29, 0x14, 0xd9, 0xb8, 0xb9, 0x34, 0xd1, 0x15, 0x59, 0x84, 0x8b, 0xbe, 0xb6,
+	0xac, 0x0d, 0xf3, 0x3e, 0x5d, 0x84, 0x8b, 0x35, 0xf7, 0x1e, 0x33, 0xf3, 0x61, 0xb4, 0x0c, 0x27,
+	0xdd, 0x30, 0x48, 0xa2, 0xd0, 0xf7, 0x79, 0x81, 0x3e, 0xbe, 0x37, 0xe7, 0x67, 0x28, 0x8f, 0x89,
+	0x6e, 0x9f, 0x9c, 0xef, 0x46, 0xc1, 0x79, 0xcf, 0x51, 0x9b, 0x3c, 0xab, 0x1f, 0xc6, 0x0a, 0x39,
+	0x5e, 0x4f, 0xd1, 0x14, 0x12, 0x4a, 0xb9, 0xbd, 0x0f, 0xd0, 0x14, 0x41, 0xfa, 0x90, 0x55, 0x7c,
+	0xb1, 0x17, 0x60, 0x84, 0xec, 0x26, 0x24, 0x0a, 0x1c, 0xff, 0x3a, 0x5e, 0x92, 0x07, 0x16, 0x6c,
+	0x61, 0x5e, 0x30, 0xda, 0x71, 0x0a, 0x0b, 0xd9, 0xca, 0x4b, 0x66, 0xa4, 0xbd, 0x73, 0x2f, 0x99,
+	0xf4, 0x89, 0xd9, 0x3f, 0x5b, 0x4e, 0xd9, 0xac, 0x0f, 0xe4, 0x48, 0x97, 0xd5, 0x57, 0x92, 0x85,
+	0xa8, 0x18, 0x40, 0xec, 0xc5, 0x8a, 0xe4, 0xac, 0xa2, 0xe6, 0x56, 0x4c, 0x46, 0x38, 0xcd, 0x17,
+	0x6d, 0x43, 0x65, 0x2b, 0x8c, 0x13, 0xb9, 0x43, 0x3b, 0xe2, 0x66, 0xf0, 0x72, 0x18, 0x27, 0xcc,
+	0xd0, 0x52, 0xaf, 0x4d, 0x5b, 0x62, 0xcc, 0x79, 0xd0, 0xbd, 0x7f, 0xbc, 0xe5, 0x44, 0x8d, 0x78,
+	0x9e, 0x15, 0xa9, 0x18, 0x60, 0x16, 0x96, 0xb2, 0xa7, 0xeb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x4f,
+	0xad, 0xd4, 0xa9, 0xd6, 0x4d, 0x96, 0x71, 0xb0, 0x43, 0x02, 0x2a, 0xa2, 0xcc, 0x18, 0xc7, 0x6f,
+	0xce, 0xe4, 0x6f, 0xbf, 0xb7, 0x57, 0x2d, 0xcd, 0xdb, 0x94, 0xc2, 0x34, 0x23, 0x61, 0x84, 0x43,
+	0x7e, 0xdc, 0x4a, 0x27, 0xe2, 0x97, 0x8a, 0xd8, 0xba, 0x99, 0xc5, 0x28, 0x0e, 0xcc, 0xe9, 0xb7,
+	0x7f, 0xd8, 0x82, 0xa1, 0x39, 0xc7, 0xdd, 0x0e, 0x37, 0x36, 0xd0, 0x33, 0x50, 0x6d, 0xb4, 0x23,
+	0xb3, 0x26, 0x80, 0x72, 0x56, 0x2d, 0x88, 0x76, 0xac, 0x30, 0xe8, 0xd4, 0xdf, 0x70, 0x5c, 0x59,
+	0x92, 0xa2, 0xcc, 0xa7, 0xfe, 0x45, 0xd6, 0x82, 0x05, 0x84, 0x0e, 0x7f, 0xd3, 0xd9, 0x95, 0x0f,
+	0x67, 0x8f, 0xd4, 0x96, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0xaf, 0x5b, 0x30, 0x39, 0xe7, 0xc4, 0x9e,
+	0x3b, 0xdb, 0x4e, 0xb6, 0xe6, 0xbc, 0x64, 0xbd, 0xed, 0x6e, 0x93, 0x84, 0x97, 0x2e, 0xa1, 0xbd,
+	0x6c, 0xc7, 0x74, 0x05, 0xaa, 0x1d, 0xb3, 0xea, 0xe5, 0x75, 0xd1, 0x8e, 0x15, 0x06, 0x7a, 0x13,
+	0x86, 0x5b, 0x4e, 0x1c, 0xdf, 0x0e, 0xa3, 0x06, 0x26, 0x1b, 0xc5, 0x14, 0x37, 0xaa, 0x13, 0x37,
+	0x22, 0x09, 0x26, 0x1b, 0x22, 0x40, 0x45, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x07, 0x2d, 0x38, 0x35,
+	0x47, 0x9c, 0x88, 0x44, 0xac, 0x16, 0x92, 0x7a, 0x11, 0xf4, 0x06, 0x54, 0x13, 0xda, 0x42, 0x7b,
+	0x64, 0x15, 0xdb, 0x23, 0x16, 0x5a, 0xb2, 0x26, 0x88, 0x63, 0xc5, 0xc6, 0xfe, 0x82, 0x05, 0x67,
+	0xf2, 0xfa, 0x32, 0xef, 0x87, 0xed, 0xc6, 0x83, 0xe8, 0xd0, 0xdf, 0xb5, 0x60, 0x84, 0x1d, 0xd7,
+	0x2f, 0x90, 0xc4, 0xf1, 0xfc, 0xae, 0x3a, 0x8c, 0x56, 0x9f, 0x75, 0x18, 0xcf, 0xc1, 0xc0, 0x56,
+	0xd8, 0x24, 0xd9, 0x50, 0x93, 0xcb, 0x61, 0x93, 0x60, 0x06, 0x41, 0xcf, 0xd1, 0x49, 0xe8, 0x05,
+	0x89, 0x43, 0x97, 0xa3, 0x3c, 0xce, 0x18, 0xe7, 0x13, 0x50, 0x35, 0x63, 0x13, 0xc7, 0xfe, 0x95,
+	0x1a, 0x0c, 0x89, 0xb8, 0xa8, 0xbe, 0x4b, 0xe9, 0x48, 0x2f, 0x4e, 0xa9, 0xa7, 0x17, 0x27, 0x86,
+	0x41, 0x97, 0x15, 0xcb, 0x15, 0x16, 0xfa, 0xd5, 0x42, 0x02, 0xe9, 0x78, 0xfd, 0x5d, 0xdd, 0x2d,
+	0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x6d, 0x0b, 0xc6, 0xdd, 0x30, 0x08, 0x88, 0xab, 0x6d, 0xc7, 0x81,
+	0x22, 0x36, 0x08, 0xf3, 0x69, 0xa2, 0xfa, 0x24, 0x38, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0x65, 0x18,
+	0xe5, 0x63, 0x76, 0x23, 0x75, 0x06, 0xa3, 0xcb, 0xf3, 0x99, 0x40, 0x9c, 0xc6, 0x45, 0xd3, 0xfc,
+	0x2c, 0x4b, 0x14, 0xc2, 0x1b, 0xd4, 0xae, 0x6a, 0xa3, 0x04, 0x9e, 0x81, 0x81, 0x22, 0x40, 0x11,
+	0xd9, 0x88, 0x48, 0xbc, 0x25, 0xe2, 0xc6, 0x98, 0xdd, 0x3a, 0x74, 0x6f, 0x45, 0x30, 0x70, 0x17,
+	0x25, 0x9c, 0x43, 0x1d, 0x6d, 0x0b, 0x37, 0x42, 0xb5, 0x08, 0x79, 0x2e, 0x3e, 0x73, 0x4f, 0x6f,
+	0xc2, 0x14, 0x54, 0x98, 0xea, 0x62, 0xf6, 0x72, 0x99, 0x27, 0x5e, 0x32, 0xc5, 0x86, 0x79, 0x3b,
+	0x5a, 0x80, 0x13, 0x99, 0xe2, 0x82, 0xb1, 0x38, 0x2b, 0x51, 0x49, 0x76, 0x99, 0xb2, 0x84, 0x31,
+	0xee, 0x7a, 0xc2, 0x74, 0x31, 0x0d, 0x1f, 0xe0, 0x62, 0xea, 0xa8, 0xe8, 0x64, 0x7e, 0x8a, 0xf1,
+	0x4a, 0x21, 0x03, 0xd0, 0x57, 0x28, 0xf2, 0xe7, 0x33, 0xa1, 0xc8, 0xa3, 0xac, 0x03, 0x37, 0x8a,
+	0xe9, 0xc0, 0xe1, 0xe3, 0x8e, 0x1f, 0x64, 0x1c, 0xf1, 0xff, 0xb2, 0x40, 0x7e, 0xd7, 0x79, 0xc7,
+	0xdd, 0x22, 0x74, 0xca, 0xa0, 0x0f, 0xc2, 0x98, 0xf2, 0x4e, 0x70, 0x93, 0xc8, 0x62, 0xb3, 0x46,
+	0xd9, 0xce, 0x38, 0x05, 0xc5, 0x19, 0x6c, 0x34, 0x03, 0x35, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0xf7,
+	0x95, 0x07, 0x64, 0x76, 0x75, 0x51, 0x3c, 0xa5, 0x71, 0x50, 0x08, 0x13, 0xbe, 0x13, 0x27, 0xac,
+	0x07, 0xf5, 0x4e, 0xe0, 0xde, 0x63, 0x09, 0x1a, 0x96, 0xc9, 0xb5, 0x94, 0x25, 0x84, 0xbb, 0x69,
+	0xdb, 0xff, 0xbe, 0x02, 0xa3, 0x29, 0xc9, 0x78, 0x48, 0x83, 0xe1, 0x19, 0xa8, 0x4a, 0x1d, 0x9e,
+	0xad, 0xb5, 0xa5, 0x14, 0xbd, 0xc2, 0xa0, 0x4a, 0x6b, 0x5d, 0x6b, 0xd5, 0xac, 0x81, 0x63, 0x28,
+	0x5c, 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0xf8, 0xf1, 0xbc, 0xef, 0x91, 0x20, 0xe1, 0xdd, 0x2c, 0x46,
+	0x28, 0xaf, 0x2d, 0xd5, 0x4d, 0xa2, 0x5a, 0x28, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0x7d, 0xca, 0x82,
+	0x51, 0xe7, 0x76, 0xac, 0x2b, 0xba, 0x8b, 0xa0, 0xe3, 0x23, 0x2a, 0xa9, 0x54, 0x91, 0x78, 0xee,
+	0xd8, 0x4f, 0x35, 0xe1, 0x34, 0x53, 0xf4, 0x8e, 0x05, 0x88, 0xec, 0x12, 0x57, 0x86, 0x45, 0x8b,
+	0xbe, 0x0c, 0x16, 0xb1, 0x83, 0xbf, 0xd0, 0x45, 0x97, 0x4b, 0xf5, 0xee, 0x76, 0x9c, 0xd3, 0x07,
+	0x74, 0x05, 0x50, 0xc3, 0x8b, 0x9d, 0x75, 0x9f, 0xcc, 0x87, 0x4d, 0x99, 0x7d, 0x2c, 0xce, 0xd3,
+	0xcf, 0x8a, 0x71, 0x46, 0x0b, 0x5d, 0x18, 0x38, 0xe7, 0x29, 0x36, 0xcb, 0xa2, 0x70, 0xb7, 0x73,
+	0x3d, 0xf2, 0x99, 0x96, 0x30, 0x67, 0x99, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xb3, 0xb2, 0x5a, 0xca,
+	0x3a, 0x07, 0xc0, 0x31, 0x62, 0x91, 0xad, 0x7b, 0x8f, 0x45, 0xd6, 0x91, 0x52, 0xdd, 0x39, 0xf5,
+	0xa9, 0x14, 0xdc, 0xd2, 0x03, 0x4a, 0xc1, 0xfd, 0x3e, 0x2b, 0x55, 0xcf, 0x6e, 0xf8, 0xfc, 0xab,
+	0xc5, 0xe6, 0x1f, 0x4c, 0xf3, 0x28, 0xae, 0x8c, 0x5e, 0xc9, 0x04, 0xef, 0x3d, 0x03, 0xd5, 0x0d,
+	0xdf, 0x61, 0x55, 0x58, 0xd8, 0x42, 0x35, 0x22, 0xcc, 0x2e, 0x8a, 0x76, 0xac, 0x30, 0xa8, 0xd4,
+	0x37, 0x88, 0x1e, 0x4a, 0x6a, 0xff, 0xa7, 0x32, 0x0c, 0x1b, 0x1a, 0x3f, 0xd7, 0x7c, 0xb3, 0x1e,
+	0x32, 0xf3, 0xad, 0x74, 0x08, 0xf3, 0xed, 0x7b, 0xa1, 0xe6, 0x4a, 0x6d, 0x54, 0x4c, 0x7d, 0xfe,
+	0xac, 0x8e, 0xd3, 0x0a, 0x49, 0x35, 0x61, 0xcd, 0x13, 0x5d, 0x4a, 0xa5, 0x79, 0xa6, 0xfc, 0x02,
+	0x79, 0x79, 0x98, 0x42, 0xa3, 0x75, 0x3f, 0x93, 0x8d, 0x0f, 0xa8, 0x1c, 0x1c, 0x1f, 0x60, 0xff,
+	0x81, 0xa5, 0x3e, 0xee, 0x7d, 0xa8, 0xe7, 0x73, 0x2b, 0x5d, 0xcf, 0xe7, 0x42, 0x21, 0xc3, 0xdc,
+	0xa3, 0x90, 0xcf, 0x35, 0x18, 0x9a, 0x0f, 0x9b, 0x4d, 0x27, 0x68, 0xa0, 0x6f, 0x80, 0x21, 0x97,
+	0xff, 0x14, 0x3e, 0x34, 0x76, 0x58, 0x2d, 0xa0, 0x58, 0xc2, 0xd0, 0xe3, 0x30, 0xe0, 0x44, 0x9b,
+	0xd2, 0x6f, 0xc6, 0x82, 0xe0, 0x66, 0xa3, 0xcd, 0x18, 0xb3, 0x56, 0xfb, 0x2f, 0x2c, 0x18, 0xa3,
+	0x8f, 0x78, 0xec, 0xa5, 0xd8, 0xeb, 0x3c, 0x0d, 0x83, 0x4e, 0x3b, 0xd9, 0x0a, 0xbb, 0xf6, 0x61,
+	0xb3, 0xac, 0x15, 0x0b, 0x28, 0xdd, 0x87, 0xa9, 0x42, 0x10, 0xc6, 0x3e, 0x6c, 0x81, 0xce, 0x65,
+	0x06, 0xa1, 0xa6, 0x6c, 0xdc, 0x5e, 0xcf, 0x3b, 0x2d, 0xad, 0xf3, 0x66, 0x2c, 0xe1, 0x94, 0xd8,
+	0x7a, 0xd8, 0xe8, 0x88, 0xd0, 0x5e, 0x45, 0x6c, 0x2e, 0x6c, 0x74, 0x30, 0x83, 0xa0, 0x27, 0xa0,
+	0x1c, 0x6f, 0x39, 0xf2, 0x5c, 0x5e, 0x46, 0x99, 0xd7, 0x2f, 0xcf, 0x62, 0xda, 0xae, 0x92, 0x26,
+	0x22, 0x3f, 0x1b, 0x63, 0x9b, 0x4e, 0x9a, 0x88, 0x7c, 0xfb, 0x5f, 0x0c, 0x00, 0x8b, 0xb7, 0x71,
+	0x22, 0xd2, 0x58, 0x0b, 0x59, 0x29, 0xe1, 0x63, 0x3d, 0xd6, 0xd6, 0x1b, 0xd9, 0x87, 0xf9, 0x68,
+	0xdb, 0x38, 0xde, 0x2c, 0xdf, 0xef, 0xe3, 0xcd, 0xfc, 0x13, 0xeb, 0x81, 0x87, 0xe8, 0xc4, 0xda,
+	0xfe, 0x9c, 0x05, 0x48, 0x45, 0x4f, 0xe9, 0x90, 0x92, 0x19, 0xa8, 0xa9, 0x70, 0x2d, 0xb1, 0x5e,
+	0xb4, 0x58, 0x94, 0x00, 0xac, 0x71, 0xfa, 0xf0, 0x5e, 0x3c, 0x25, 0x75, 0x56, 0x39, 0x9d, 0x73,
+	0xc1, 0x34, 0x9d, 0x50, 0x61, 0xf6, 0xaf, 0x96, 0xe0, 0x11, 0x6e, 0x2e, 0x2d, 0x3b, 0x81, 0xb3,
+	0x49, 0x9a, 0xb4, 0x57, 0xfd, 0x06, 0x09, 0xb9, 0x74, 0xdb, 0xec, 0xc9, 0x0c, 0x89, 0xa3, 0xca,
+	0x2b, 0x2e, 0x67, 0xb8, 0x64, 0x59, 0x0c, 0xbc, 0x04, 0x33, 0xe2, 0x28, 0x86, 0xaa, 0xbc, 0xcc,
+	0x48, 0xe8, 0x9f, 0x82, 0x18, 0x29, 0x51, 0x2c, 0x2c, 0x0b, 0x82, 0x15, 0x23, 0x6a, 0x3e, 0xf8,
+	0xa1, 0xbb, 0x4d, 0x97, 0x7c, 0xd6, 0x7c, 0x58, 0x12, 0xed, 0x58, 0x61, 0xd8, 0x4d, 0x18, 0x97,
+	0x63, 0xd8, 0xba, 0x4a, 0x3a, 0x98, 0x6c, 0x50, 0x9d, 0xeb, 0xca, 0x26, 0xe3, 0x7e, 0x25, 0xa5,
+	0x73, 0xe7, 0x4d, 0x20, 0x4e, 0xe3, 0xca, 0xea, 0xc2, 0xa5, 0xfc, 0xea, 0xc2, 0xf6, 0xaf, 0x5a,
+	0x90, 0x55, 0xfa, 0x46, 0x2d, 0x55, 0x6b, 0xdf, 0x5a, 0xaa, 0x87, 0xa8, 0x46, 0xfa, 0x5d, 0x30,
+	0xec, 0x24, 0xd4, 0xaa, 0xe3, 0x1e, 0x98, 0xf2, 0xbd, 0x9d, 0x1c, 0x2e, 0x87, 0x0d, 0x6f, 0xc3,
+	0x63, 0x9e, 0x17, 0x93, 0x9c, 0xfd, 0x8e, 0x05, 0xb5, 0x85, 0xa8, 0x73, 0xf8, 0x54, 0xb5, 0xee,
+	0x44, 0xb4, 0xd2, 0xa1, 0x12, 0xd1, 0x64, 0xaa, 0x5b, 0xb9, 0x57, 0xaa, 0x9b, 0xfd, 0x97, 0x03,
+	0x30, 0xd1, 0x95, 0x7b, 0x89, 0x5e, 0x82, 0x11, 0xf5, 0x95, 0xa4, 0xdb, 0xb5, 0x66, 0x06, 0x2f,
+	0x6b, 0x18, 0x4e, 0x61, 0xf6, 0xb1, 0x54, 0x17, 0xe1, 0x64, 0x44, 0xde, 0x68, 0x93, 0x36, 0x99,
+	0xdd, 0x48, 0x48, 0x54, 0x27, 0x6e, 0x18, 0x34, 0x78, 0x31, 0xe2, 0xf2, 0xdc, 0xa3, 0x77, 0xf6,
+	0xa6, 0x4e, 0xe2, 0x6e, 0x30, 0xce, 0x7b, 0x06, 0xb5, 0x60, 0xd4, 0x37, 0xf7, 0x0b, 0x62, 0x9b,
+	0x7a, 0x4f, 0x5b, 0x0d, 0x35, 0x5b, 0x53, 0xcd, 0x38, 0xcd, 0x20, 0xbd, 0xe9, 0xa8, 0x3c, 0xa0,
+	0x4d, 0xc7, 0x27, 0xf5, 0xa6, 0x83, 0xc7, 0x02, 0x7d, 0xb8, 0xe0, 0xdc, 0xdb, 0x7e, 0x76, 0x1d,
+	0x47, 0xd9, 0x47, 0xbc, 0x02, 0x55, 0x19, 0x27, 0xd9, 0x57, 0x7c, 0xa1, 0x49, 0xa7, 0x87, 0x6c,
+	0xbf, 0x5b, 0x82, 0x9c, 0xad, 0x32, 0x5d, 0x6b, 0xda, 0xde, 0x4b, 0xad, 0xb5, 0xc3, 0xd9, 0x7c,
+	0x68, 0x97, 0xc7, 0x88, 0x72, 0x2d, 0xff, 0xa1, 0xa2, 0xb7, 0xfa, 0x3a, 0x6c, 0x54, 0x49, 0x40,
+	0x15, 0x3a, 0x7a, 0x1e, 0x40, 0x9b, 0xe9, 0xc2, 0xd6, 0x53, 0x41, 0x1f, 0xda, 0x9a, 0xc7, 0x06,
+	0x16, 0x7a, 0x11, 0x86, 0xbd, 0x20, 0x4e, 0x1c, 0xdf, 0xbf, 0xec, 0x05, 0x89, 0xb0, 0xff, 0x94,
+	0x39, 0xb3, 0xa8, 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x01, 0xe3, 0xbb, 0x1c, 0xe6, 0x7b, 0x6e, 0xc1,
+	0x99, 0x4b, 0x5e, 0xa2, 0x92, 0x0f, 0xd5, 0x3c, 0xa2, 0x56, 0xb8, 0x92, 0x41, 0x56, 0xcf, 0x74,
+	0x5b, 0x23, 0xf9, 0xaf, 0x94, 0xce, 0x55, 0xcc, 0x26, 0xff, 0xd9, 0x2e, 0x9c, 0xba, 0xe4, 0x25,
+	0x17, 0x3d, 0x9f, 0x1c, 0x23, 0x93, 0x5f, 0x1e, 0x84, 0x11, 0x33, 0x27, 0xff, 0x30, 0x12, 0xfb,
+	0x0b, 0xd4, 0x3e, 0x15, 0x03, 0xe1, 0xa9, 0x83, 0xec, 0x9b, 0x47, 0x2e, 0x10, 0x90, 0x3f, 0xb8,
+	0x86, 0x89, 0xaa, 0x79, 0x62, 0xb3, 0x03, 0xe8, 0x36, 0x54, 0x36, 0x58, 0x1e, 0x5b, 0xb9, 0x88,
+	0x10, 0xa4, 0xbc, 0xc1, 0xd7, 0x2b, 0x92, 0x67, 0xc2, 0x71, 0x7e, 0xd4, 0xac, 0x88, 0xd2, 0xe9,
+	0xd3, 0x46, 0x76, 0x81, 0xd0, 0x57, 0x0a, 0xa3, 0x97, 0x56, 0xa8, 0xdc, 0x83, 0x56, 0x48, 0xc9,
+	0xe8, 0xc1, 0x07, 0x24, 0xa3, 0x59, 0x4e, 0x62, 0xb2, 0xc5, 0x8c, 0x5e, 0x91, 0x0e, 0x35, 0xc4,
+	0x06, 0xc1, 0xc8, 0x49, 0x4c, 0x81, 0x71, 0x16, 0x1f, 0x7d, 0x4c, 0x49, 0xf9, 0x6a, 0x11, 0x07,
+	0x05, 0xe6, 0x8c, 0x3e, 0x6e, 0x01, 0xff, 0xb9, 0x12, 0x8c, 0x5d, 0x0a, 0xda, 0xab, 0x97, 0x56,
+	0xdb, 0xeb, 0xbe, 0xe7, 0x5e, 0x25, 0x1d, 0x2a, 0xc5, 0xb7, 0x49, 0x67, 0x71, 0x41, 0xac, 0x20,
+	0x35, 0x67, 0xae, 0xd2, 0x46, 0xcc, 0x61, 0x54, 0x6e, 0x6d, 0x78, 0xc1, 0x26, 0x89, 0x5a, 0x91,
+	0x27, 0x7c, 0xf8, 0x86, 0xdc, 0xba, 0xa8, 0x41, 0xd8, 0xc4, 0xa3, 0xb4, 0xc3, 0xdb, 0x81, 0x2a,
+	0x90, 0xa4, 0x68, 0xaf, 0xd0, 0x46, 0xcc, 0x61, 0x14, 0x29, 0x89, 0xda, 0xc2, 0x45, 0x66, 0x20,
+	0xad, 0xd1, 0x46, 0xcc, 0x61, 0x62, 0xf7, 0xcd, 0x22, 0xbc, 0x2a, 0x5d, 0xbb, 0x6f, 0x16, 0x1c,
+	0x21, 0xe1, 0x14, 0x75, 0x9b, 0x74, 0x16, 0x9c, 0xc4, 0xc9, 0x6e, 0x9e, 0xaf, 0xf2, 0x66, 0x2c,
+	0xe1, 0xac, 0x62, 0x72, 0x7a, 0x38, 0xbe, 0xe6, 0x2a, 0x26, 0xa7, 0xbb, 0xdf, 0xc3, 0xd1, 0xf2,
+	0x77, 0x4a, 0x30, 0xf2, 0xee, 0xb5, 0xa6, 0x39, 0x17, 0xf6, 0xdc, 0x84, 0x89, 0xae, 0x4c, 0xe8,
+	0x3e, 0x2c, 0x9f, 0x03, 0x2b, 0x55, 0xd8, 0x18, 0x86, 0x29, 0x61, 0x59, 0x29, 0x70, 0x1e, 0x26,
+	0xf8, 0xe2, 0xa5, 0x9c, 0x58, 0x62, 0xab, 0xca, 0x6e, 0x67, 0x87, 0x54, 0x37, 0xb2, 0x40, 0xdc,
+	0x8d, 0x6f, 0x7f, 0xde, 0x82, 0xd1, 0x54, 0x72, 0x7a, 0x41, 0x36, 0x1a, 0x5b, 0xdd, 0x21, 0x8b,
+	0x4e, 0x66, 0xd9, 0x22, 0x65, 0xa6, 0x86, 0xf5, 0xea, 0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0xbf, 0x55,
+	0x86, 0xaa, 0x8c, 0xa4, 0xea, 0xa3, 0x2b, 0x9f, 0xb5, 0x60, 0x54, 0x1d, 0x0c, 0x32, 0x4f, 0x6e,
+	0xa9, 0x88, 0x5c, 0x39, 0xda, 0x03, 0xe5, 0x17, 0x09, 0x36, 0x42, 0xbd, 0x61, 0xc0, 0x26, 0x33,
+	0x9c, 0xe6, 0x8d, 0x6e, 0x00, 0xc4, 0x9d, 0x38, 0x21, 0x4d, 0xc3, 0xa7, 0x6c, 0x1b, 0xb3, 0x6c,
+	0xda, 0x0d, 0x23, 0x42, 0xe7, 0xd4, 0xb5, 0xb0, 0x41, 0xea, 0x0a, 0x53, 0x5b, 0x78, 0xba, 0x0d,
+	0x1b, 0x94, 0xd0, 0x9b, 0xea, 0x18, 0x7b, 0xa0, 0x08, 0xbd, 0x2e, 0xc7, 0xb7, 0x9f, 0x73, 0xec,
+	0x23, 0x9c, 0x1b, 0xdb, 0x3f, 0x53, 0x82, 0x13, 0xd9, 0x91, 0x44, 0x1f, 0x86, 0x11, 0x39, 0x68,
+	0x86, 0xfb, 0x40, 0x86, 0xaf, 0x8d, 0x60, 0x03, 0x76, 0x77, 0x6f, 0x6a, 0xaa, 0xfb, 0x7e, 0xec,
+	0x69, 0x13, 0x05, 0xa7, 0x88, 0xf1, 0x43, 0x65, 0x11, 0xfd, 0x30, 0xd7, 0x99, 0x6d, 0xb5, 0xc4,
+	0xc9, 0xb0, 0x71, 0xa8, 0x6c, 0x42, 0x71, 0x06, 0x1b, 0xad, 0xc2, 0x29, 0xa3, 0xe5, 0x1a, 0xf1,
+	0x36, 0xb7, 0xd6, 0xc3, 0x48, 0xee, 0x57, 0x1f, 0xd7, 0xc1, 0xb2, 0xdd, 0x38, 0x38, 0xf7, 0x49,
+	0x6a, 0x18, 0xb9, 0x4e, 0xcb, 0x71, 0xbd, 0xa4, 0x23, 0x7c, 0xfb, 0x4a, 0x8c, 0xcf, 0x8b, 0x76,
+	0xac, 0x30, 0xec, 0x7f, 0x38, 0x00, 0x27, 0x78, 0x74, 0x28, 0x51, 0xc1, 0xcf, 0xe8, 0xc3, 0x50,
+	0x8b, 0x13, 0x27, 0xe2, 0xce, 0x0a, 0xeb, 0xd0, 0xa2, 0x4b, 0x67, 0xd4, 0x4b, 0x22, 0x58, 0xd3,
+	0x43, 0xaf, 0xb2, 0x72, 0x64, 0x5e, 0xbc, 0xc5, 0xa8, 0x97, 0xee, 0xcd, 0x15, 0x72, 0x51, 0x51,
+	0xc0, 0x06, 0x35, 0xf4, 0xad, 0x50, 0x69, 0x6d, 0x39, 0xb1, 0xf4, 0xd3, 0x3d, 0x2d, 0xe5, 0xc4,
+	0x2a, 0x6d, 0xbc, 0xbb, 0x37, 0x75, 0x3a, 0xfb, 0xaa, 0x0c, 0x80, 0xf9, 0x43, 0xa6, 0x94, 0x1f,
+	0x38, 0xf8, 0xbe, 0x9d, 0x46, 0xd4, 0xa9, 0x5f, 0x9e, 0xcd, 0xde, 0xd0, 0xb2, 0xc0, 0x5a, 0xb1,
+	0x80, 0x52, 0x99, 0xb4, 0xc5, 0x59, 0x36, 0x28, 0xf2, 0x60, 0xda, 0xe2, 0xb8, 0xac, 0x41, 0xd8,
+	0xc4, 0x43, 0x9f, 0xeb, 0x8e, 0x1d, 0x1e, 0x3a, 0x86, 0xdc, 0x92, 0x7e, 0xa3, 0x86, 0x2f, 0x40,
+	0x4d, 0x74, 0x75, 0x2d, 0x44, 0x2f, 0xc1, 0x08, 0x77, 0x03, 0xcd, 0x45, 0x4e, 0xe0, 0x6e, 0x65,
+	0x9d, 0x37, 0x6b, 0x06, 0x0c, 0xa7, 0x30, 0xed, 0x65, 0x18, 0xe8, 0x53, 0xc8, 0xf6, 0xb5, 0x27,
+	0x7f, 0x05, 0xaa, 0x94, 0x9c, 0xdc, 0xa0, 0x15, 0x41, 0x32, 0x84, 0xaa, 0xbc, 0xbd, 0x11, 0xd9,
+	0x50, 0xf6, 0x1c, 0x19, 0x23, 0xa2, 0x96, 0xd0, 0x62, 0x1c, 0xb7, 0xd9, 0xb4, 0xa3, 0x40, 0xf4,
+	0x14, 0x94, 0xc9, 0x6e, 0x2b, 0x1b, 0x0c, 0x72, 0x61, 0xb7, 0xe5, 0x45, 0x24, 0xa6, 0x48, 0x64,
+	0xb7, 0x85, 0xce, 0x42, 0xc9, 0x6b, 0x88, 0x19, 0x09, 0x02, 0xa7, 0xb4, 0xb8, 0x80, 0x4b, 0x5e,
+	0xc3, 0xde, 0x85, 0x9a, 0xba, 0x2e, 0x12, 0x6d, 0x4b, 0x93, 0xca, 0x2a, 0x22, 0x3a, 0x58, 0xd2,
+	0xed, 0x61, 0x4c, 0xb5, 0x01, 0x74, 0xa9, 0x86, 0xa2, 0x54, 0xf0, 0x39, 0x18, 0x70, 0x43, 0x51,
+	0x64, 0xa7, 0xaa, 0xc9, 0x30, 0x5b, 0x8a, 0x41, 0xec, 0x9b, 0x30, 0x76, 0x35, 0x08, 0x6f, 0xb3,
+	0x5b, 0x9d, 0x58, 0x11, 0x63, 0x4a, 0x78, 0x83, 0xfe, 0xc8, 0x5a, 0xee, 0x0c, 0x8a, 0x39, 0x4c,
+	0x95, 0x57, 0x2d, 0xf5, 0x2a, 0xaf, 0x6a, 0x7f, 0xdc, 0x82, 0x11, 0x95, 0xf3, 0x7d, 0x69, 0x67,
+	0x9b, 0xd2, 0xdd, 0x8c, 0xc2, 0x76, 0x2b, 0x4b, 0x97, 0xdd, 0x4c, 0x8b, 0x39, 0xcc, 0x2c, 0x86,
+	0x50, 0x3a, 0xa0, 0x18, 0xc2, 0x39, 0x18, 0xd8, 0xf6, 0x82, 0x46, 0xd6, 0xd9, 0x79, 0xd5, 0x0b,
+	0x1a, 0x98, 0x41, 0xec, 0xbf, 0xb2, 0xe0, 0x84, 0xea, 0x82, 0xb4, 0x99, 0x5e, 0x82, 0x91, 0xf5,
+	0xb6, 0xe7, 0x37, 0x64, 0x75, 0xe6, 0xcc, 0x72, 0x99, 0x33, 0x60, 0x38, 0x85, 0x89, 0xce, 0x03,
+	0xac, 0x7b, 0x81, 0x13, 0x75, 0x56, 0xb5, 0x91, 0xa6, 0xf4, 0xf6, 0x9c, 0x82, 0x60, 0x03, 0x0b,
+	0xbd, 0x05, 0xd5, 0x1d, 0x79, 0x2a, 0x5b, 0x2e, 0x34, 0x87, 0x5f, 0x8c, 0x87, 0x5e, 0x09, 0xea,
+	0x98, 0x57, 0x71, 0xb4, 0xbf, 0x58, 0x86, 0xb1, 0x74, 0xde, 0x7d, 0x1f, 0x9e, 0x93, 0xa7, 0xa0,
+	0xc2, 0x52, 0xf1, 0xb3, 0x13, 0x8b, 0x97, 0x53, 0xe6, 0x30, 0x14, 0xc3, 0x20, 0x17, 0x25, 0xc5,
+	0xdc, 0x2d, 0xaa, 0x3a, 0xa9, 0xfc, 0xb3, 0x2c, 0x82, 0x5b, 0xb8, 0xbb, 0x05, 0x2b, 0xf4, 0x29,
+	0x0b, 0x86, 0xc2, 0x96, 0x59, 0xd7, 0xf3, 0x43, 0x45, 0xd6, 0x24, 0x10, 0x89, 0xbf, 0xc2, 0x1a,
+	0x52, 0x13, 0x4f, 0x4e, 0x06, 0xc9, 0xfa, 0xec, 0xb7, 0xc0, 0x88, 0x89, 0x79, 0x90, 0x41, 0x54,
+	0x35, 0x0d, 0xa2, 0xcf, 0x9a, 0x53, 0x52, 0x54, 0x5d, 0xe8, 0x63, 0xb1, 0x5f, 0x87, 0x8a, 0xab,
+	0xc2, 0xdc, 0xee, 0xe9, 0x46, 0x01, 0x55, 0x95, 0x8c, 0x85, 0x10, 0x70, 0x6a, 0xf6, 0x1f, 0x58,
+	0xc6, 0xfc, 0xc0, 0x24, 0x5e, 0x6c, 0xa0, 0x08, 0xca, 0x9b, 0x3b, 0xdb, 0xc2, 0xc8, 0xb8, 0x52,
+	0xd0, 0xf0, 0x5e, 0xda, 0xd9, 0xd6, 0x2b, 0xcc, 0x6c, 0xc5, 0x94, 0x59, 0x1f, 0x87, 0x08, 0xa9,
+	0xe2, 0x1c, 0xe5, 0x83, 0x8b, 0x73, 0xd8, 0xef, 0x94, 0x60, 0xa2, 0x6b, 0x52, 0xa1, 0x37, 0xa1,
+	0x12, 0xd1, 0xb7, 0x14, 0xaf, 0xb7, 0x54, 0x58, 0x39, 0x8d, 0x78, 0xb1, 0xa1, 0x95, 0x77, 0xba,
+	0x1d, 0x73, 0x96, 0xe8, 0x0a, 0x20, 0x1d, 0x8c, 0xa9, 0x4e, 0x30, 0xf8, 0x2b, 0xab, 0x88, 0xad,
+	0xd9, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x7a, 0x39, 0x7b, 0x10, 0x92, 0xa9, 0x14, 0xbd, 0xdf, 0x99,
+	0x86, 0xfd, 0xb6, 0x39, 0x05, 0x6f, 0x68, 0x61, 0x7a, 0xd4, 0xcd, 0x69, 0x97, 0x64, 0x2d, 0xf7,
+	0x2b, 0x59, 0xed, 0x5f, 0x2c, 0xc1, 0x68, 0xaa, 0xf2, 0x2b, 0xf2, 0xa1, 0x4a, 0x7c, 0x76, 0x62,
+	0x2b, 0xb5, 0xef, 0x51, 0x2f, 0x81, 0x51, 0x72, 0xf2, 0x82, 0xa0, 0x8b, 0x15, 0x87, 0x87, 0x23,
+	0xb6, 0xec, 0x25, 0x18, 0x91, 0x1d, 0xfa, 0x90, 0xd3, 0xf4, 0xb3, 0xc3, 0x77, 0xc1, 0x80, 0xe1,
+	0x14, 0xa6, 0xfd, 0x6b, 0x65, 0x98, 0xe4, 0x47, 0xdc, 0x0d, 0xb5, 0x18, 0x54, 0xa8, 0xca, 0x0f,
+	0xe9, 0xfa, 0xcc, 0x56, 0x11, 0x37, 0x9d, 0xf7, 0x62, 0xd4, 0x57, 0x48, 0xf4, 0x4f, 0x64, 0x42,
+	0xa2, 0xf9, 0x56, 0x7d, 0xf3, 0x98, 0x7a, 0xf4, 0xb5, 0x15, 0x23, 0xfd, 0x4f, 0x4b, 0x30, 0x9e,
+	0xb9, 0xd0, 0x0e, 0x7d, 0x31, 0x7d, 0x07, 0x8a, 0x55, 0xc4, 0xf1, 0xdf, 0xbe, 0x77, 0x9c, 0x1d,
+	0xee, 0x26, 0x94, 0x07, 0xb4, 0x54, 0xec, 0xdf, 0x2b, 0xc1, 0x58, 0xfa, 0x26, 0xbe, 0x87, 0x70,
+	0xa4, 0xde, 0x0f, 0x35, 0x76, 0xd9, 0xd4, 0x55, 0xd2, 0x91, 0xa7, 0x8c, 0xfc, 0x5e, 0x1f, 0xd9,
+	0x88, 0x35, 0xfc, 0xa1, 0xb8, 0x60, 0xc6, 0xfe, 0x67, 0x16, 0x9c, 0xe6, 0x6f, 0x99, 0x9d, 0x87,
+	0x7f, 0x2b, 0x6f, 0x74, 0x5f, 0x2b, 0xb6, 0x83, 0x99, 0xba, 0xe2, 0x07, 0x8d, 0x2f, 0xbb, 0xef,
+	0x5d, 0xf4, 0x36, 0x3d, 0x15, 0x1e, 0xc2, 0xce, 0x1e, 0x6a, 0x32, 0xd8, 0xff, 0xa1, 0x04, 0xc3,
+	0x2b, 0xf3, 0x8b, 0x4a, 0x84, 0xcf, 0x40, 0xcd, 0x8d, 0x88, 0xa3, 0xdd, 0x3f, 0x66, 0x00, 0x95,
+	0x04, 0x60, 0x8d, 0x43, 0x77, 0x51, 0x3c, 0x00, 0x31, 0xce, 0xee, 0xa2, 0x78, 0x7c, 0x62, 0x8c,
+	0x25, 0x1c, 0x3d, 0x03, 0x55, 0x96, 0x1a, 0x7c, 0x3d, 0x92, 0x1a, 0x47, 0x6f, 0xad, 0x59, 0x3b,
+	0x5e, 0xc2, 0x0a, 0x83, 0x12, 0x6e, 0x84, 0x6e, 0x4c, 0x91, 0x33, 0x1e, 0x99, 0x05, 0xda, 0x8c,
+	0x97, 0xb0, 0x84, 0xb3, 0xca, 0x8e, 0xcc, 0x6b, 0x41, 0x91, 0x2b, 0xe9, 0x4e, 0x73, 0xf7, 0x06,
+	0x45, 0xd7, 0x38, 0x87, 0xa9, 0x00, 0x9a, 0x49, 0xcf, 0x1b, 0xea, 0x2f, 0x3d, 0xcf, 0xfe, 0xbd,
+	0x32, 0xd4, 0xb4, 0x53, 0xcd, 0x13, 0xf5, 0x30, 0x0a, 0xa9, 0x5b, 0x5f, 0xef, 0x04, 0xae, 0x22,
+	0xcd, 0xa3, 0x09, 0x8c, 0x72, 0x18, 0x3f, 0x60, 0xc1, 0xb0, 0x17, 0x78, 0x89, 0xe7, 0x30, 0xdf,
+	0x60, 0x31, 0xf7, 0x7f, 0x2b, 0x76, 0x8b, 0x9c, 0x72, 0x18, 0x99, 0x47, 0xfe, 0x8a, 0x19, 0x36,
+	0x39, 0xa3, 0x8f, 0x8a, 0x6c, 0xb0, 0x72, 0x61, 0x45, 0x65, 0xaa, 0x99, 0x14, 0xb0, 0x16, 0xb5,
+	0xb1, 0x93, 0xa8, 0xa0, 0x5a, 0x4c, 0x98, 0x92, 0x52, 0xf7, 0xa7, 0xa8, 0x5d, 0x0c, 0x6b, 0xc6,
+	0x9c, 0x91, 0x1d, 0x03, 0xea, 0x1e, 0x8b, 0x43, 0x66, 0xda, 0xcc, 0x40, 0xcd, 0x69, 0x27, 0x61,
+	0x93, 0x0e, 0x93, 0x08, 0x18, 0xd0, 0xb9, 0x44, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xc5, 0x0a, 0x64,
+	0xaa, 0x53, 0xa0, 0x5d, 0xa8, 0xa9, 0xfa, 0x14, 0xc5, 0x64, 0xae, 0xea, 0x19, 0xa5, 0x3a, 0xa3,
+	0x9a, 0xb0, 0x66, 0x86, 0x36, 0xa5, 0x9b, 0x95, 0xaf, 0xf6, 0x57, 0xb2, 0x6e, 0xd6, 0xef, 0xe8,
+	0xef, 0xd4, 0x8d, 0xce, 0xd5, 0x19, 0x5e, 0x8f, 0x70, 0xfa, 0x40, 0x8f, 0xec, 0x41, 0x37, 0xa0,
+	0x7f, 0x42, 0xdc, 0x56, 0x86, 0x49, 0xdc, 0xf6, 0x13, 0x31, 0x1b, 0x5e, 0x29, 0x70, 0x95, 0x71,
+	0xc2, 0xba, 0xca, 0x13, 0xff, 0x8f, 0x0d, 0xa6, 0x69, 0xbf, 0xf9, 0xe0, 0xb1, 0xfa, 0xcd, 0x87,
+	0x0a, 0xf5, 0x9b, 0x9f, 0x07, 0x60, 0x73, 0x9b, 0x67, 0x04, 0x54, 0x99, 0x3b, 0x53, 0xa9, 0x18,
+	0xac, 0x20, 0xd8, 0xc0, 0xb2, 0xbf, 0x09, 0xd2, 0x65, 0xca, 0xd0, 0x94, 0xac, 0x8a, 0xc6, 0x4f,
+	0x04, 0x59, 0x32, 0x66, 0xaa, 0x80, 0xd9, 0xcf, 0x5b, 0x60, 0xd6, 0x52, 0x43, 0x6f, 0xf0, 0xa2,
+	0x6d, 0x56, 0x11, 0x27, 0x4c, 0x06, 0xdd, 0xe9, 0x65, 0xa7, 0x95, 0x89, 0x76, 0x92, 0x95, 0xdb,
+	0xce, 0x7e, 0x00, 0xaa, 0x12, 0x7a, 0x28, 0x63, 0xf9, 0x63, 0x70, 0x52, 0x16, 0x76, 0x90, 0x87,
+	0x41, 0x22, 0xea, 0xe0, 0x60, 0x1f, 0xa3, 0x74, 0x1c, 0x96, 0x7a, 0x39, 0x0e, 0xd5, 0x6e, 0xb8,
+	0xdc, 0xb3, 0x1c, 0xfb, 0x2f, 0x58, 0x70, 0x2e, 0xdb, 0x81, 0x78, 0x39, 0x0c, 0xbc, 0x24, 0x8c,
+	0xea, 0x24, 0x49, 0xbc, 0x60, 0x93, 0xd5, 0xd6, 0xbd, 0xed, 0x44, 0xf2, 0x7e, 0x25, 0x26, 0x28,
+	0x6f, 0x3a, 0x51, 0x80, 0x59, 0x2b, 0xea, 0xc0, 0x20, 0x0f, 0xa1, 0x16, 0xbb, 0xa0, 0x23, 0xae,
+	0x8d, 0x9c, 0xe1, 0xd0, 0xdb, 0x30, 0x1e, 0xbe, 0x8d, 0x05, 0x43, 0xfb, 0x2b, 0x16, 0xa0, 0x95,
+	0x1d, 0x12, 0x45, 0x5e, 0xc3, 0x08, 0xfa, 0x66, 0xb7, 0x7e, 0x1a, 0xb7, 0x7b, 0x9a, 0x65, 0x47,
+	0x32, 0xb7, 0x7e, 0x1a, 0xff, 0xf2, 0x6f, 0xfd, 0x2c, 0x1d, 0xee, 0xd6, 0x4f, 0xb4, 0x02, 0xa7,
+	0x9b, 0x7c, 0x1b, 0xc7, 0x6f, 0xd2, 0xe3, 0x7b, 0x3a, 0x95, 0x21, 0x7f, 0xe6, 0xce, 0xde, 0xd4,
+	0xe9, 0xe5, 0x3c, 0x04, 0x9c, 0xff, 0x9c, 0xfd, 0x01, 0x40, 0x3c, 0xd6, 0x7b, 0x3e, 0x2f, 0x5c,
+	0xb5, 0xa7, 0x9b, 0xc3, 0xfe, 0xf1, 0x0a, 0x8c, 0x67, 0x6e, 0xdf, 0xa0, 0x5b, 0xe8, 0xee, 0xf8,
+	0xd8, 0x23, 0xeb, 0xef, 0xee, 0xee, 0xf5, 0x15, 0x71, 0x1b, 0x40, 0xc5, 0x0b, 0x5a, 0xed, 0xa4,
+	0x98, 0x02, 0x1d, 0xbc, 0x13, 0x8b, 0x94, 0xa0, 0x71, 0x2e, 0x41, 0xff, 0x62, 0xce, 0xa6, 0xc8,
+	0xf8, 0xdd, 0xd4, 0x26, 0x67, 0xe0, 0x01, 0xb9, 0x59, 0x3e, 0xa1, 0xa3, 0x69, 0x2b, 0x45, 0xf8,
+	0x90, 0x33, 0x93, 0xe5, 0xb8, 0x43, 0xad, 0x7e, 0xb6, 0x04, 0xc3, 0xc6, 0x47, 0x43, 0x3f, 0x99,
+	0xae, 0x34, 0x6a, 0x15, 0xf7, 0x4a, 0x8c, 0xfe, 0xb4, 0xae, 0x25, 0xca, 0x5f, 0xe9, 0xe9, 0xee,
+	0x22, 0xa3, 0x77, 0xf7, 0xa6, 0x4e, 0x64, 0xca, 0x88, 0xa6, 0x0a, 0x8f, 0x9e, 0xfd, 0x1e, 0x18,
+	0xcf, 0x90, 0xc9, 0x79, 0xe5, 0x35, 0xf3, 0x95, 0x8f, 0xec, 0xee, 0x33, 0x87, 0xec, 0xcb, 0x74,
+	0xc8, 0x44, 0x5d, 0x80, 0xd0, 0x27, 0x7d, 0xf8, 0x3a, 0x33, 0xfb, 0x8b, 0x52, 0x9f, 0xe5, 0x3f,
+	0xde, 0x07, 0xd5, 0x56, 0xe8, 0x7b, 0xae, 0xa7, 0x0a, 0x95, 0xb3, 0x82, 0x23, 0xab, 0xa2, 0x0d,
+	0x2b, 0x28, 0xba, 0x0d, 0xb5, 0x5b, 0xb7, 0x13, 0x7e, 0xcc, 0x28, 0x8e, 0x32, 0x8a, 0x3a, 0x5d,
+	0x54, 0x46, 0x8b, 0x3a, 0xc7, 0xc4, 0x9a, 0x17, 0xb2, 0x61, 0x90, 0x29, 0x41, 0x99, 0x23, 0xc8,
+	0x8e, 0x59, 0x98, 0x76, 0x8c, 0xb1, 0x80, 0xd8, 0xff, 0x6e, 0x18, 0x4e, 0xe5, 0x5d, 0x81, 0x84,
+	0xde, 0x82, 0x41, 0xde, 0xc7, 0x62, 0x6e, 0xd9, 0xcb, 0xe3, 0x71, 0x89, 0x11, 0x14, 0xdd, 0x62,
+	0xbf, 0xb1, 0xe0, 0x29, 0xb8, 0xfb, 0xce, 0xba, 0x98, 0x21, 0xc7, 0xc3, 0x7d, 0xc9, 0xd1, 0xdc,
+	0x97, 0x1c, 0xce, 0xdd, 0x77, 0xd6, 0xd1, 0x2e, 0x54, 0x36, 0xbd, 0x84, 0x38, 0xc2, 0x39, 0x73,
+	0xf3, 0x58, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, 0x27, 0xe6, 0x0c, 0xd1, 0x97, 0x2c, 0x18, 0x5f,
+	0x4f, 0xd7, 0x1d, 0x12, 0xc2, 0xd3, 0x39, 0x86, 0x6b, 0xae, 0xd2, 0x8c, 0xf8, 0xb5, 0xb7, 0x99,
+	0x46, 0x9c, 0xed, 0x0e, 0xfa, 0xa4, 0x05, 0x43, 0x1b, 0x9e, 0x6f, 0xdc, 0x23, 0x72, 0x0c, 0x1f,
+	0xe7, 0x22, 0x63, 0xa0, 0x77, 0x1c, 0xfc, 0x7f, 0x8c, 0x25, 0xe7, 0x5e, 0x9a, 0x6a, 0xf0, 0xa8,
+	0x9a, 0x6a, 0xe8, 0x01, 0x69, 0xaa, 0xcf, 0x58, 0x50, 0x53, 0x23, 0x2d, 0xea, 0xb7, 0x7c, 0xf8,
+	0x18, 0x3f, 0x39, 0xf7, 0x48, 0xa9, 0xbf, 0x58, 0x33, 0x47, 0x6f, 0x5b, 0x30, 0xec, 0xbc, 0xd9,
+	0x8e, 0x48, 0x83, 0xec, 0x84, 0xad, 0x58, 0x14, 0x56, 0x7d, 0xad, 0xf8, 0xce, 0xcc, 0x52, 0x26,
+	0x0b, 0x64, 0x67, 0xa5, 0x15, 0x8b, 0xfc, 0x65, 0xdd, 0x80, 0xcd, 0x2e, 0xa0, 0xef, 0xd7, 0x7a,
+	0x1c, 0x8a, 0x28, 0xaf, 0x9d, 0xd7, 0x9b, 0xbe, 0xd2, 0xf1, 0x09, 0x3c, 0xe6, 0x86, 0x41, 0xe2,
+	0x05, 0x6d, 0xb2, 0x12, 0x60, 0xd2, 0x0a, 0xaf, 0x85, 0xc9, 0xc5, 0xb0, 0x1d, 0x34, 0x2e, 0x44,
+	0x51, 0x18, 0xb1, 0x02, 0x35, 0xc6, 0xe5, 0xaa, 0xf3, 0xbd, 0x51, 0xf1, 0x7e, 0x74, 0x8e, 0x62,
+	0x33, 0xec, 0x95, 0x60, 0xea, 0x80, 0xc1, 0x46, 0x2f, 0xc1, 0x48, 0x18, 0x6d, 0x3a, 0x81, 0xf7,
+	0xa6, 0x59, 0x73, 0x4d, 0x19, 0xa4, 0x2b, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0x62, 0x3c, 0xa5, 0x03,
+	0x8a, 0xf1, 0x9c, 0x83, 0x81, 0x88, 0xb4, 0xc2, 0xec, 0xbe, 0x8a, 0xa5, 0x1c, 0x32, 0x08, 0x7a,
+	0x02, 0xca, 0x4e, 0xcb, 0x13, 0xce, 0x45, 0xb5, 0x5d, 0x9c, 0x5d, 0x5d, 0xc4, 0xb4, 0x3d, 0x55,
+	0x1b, 0xac, 0x72, 0x5f, 0x6a, 0x83, 0x51, 0x8d, 0x29, 0x8e, 0xcf, 0x06, 0xb5, 0xc6, 0x4c, 0x1f,
+	0x6b, 0xd9, 0xef, 0x94, 0xe1, 0x89, 0x7d, 0x97, 0x96, 0x0e, 0x59, 0xb7, 0xf6, 0x09, 0x59, 0x97,
+	0xc3, 0x53, 0x3a, 0x68, 0x78, 0xca, 0x3d, 0x86, 0xe7, 0x93, 0x54, 0x62, 0xc8, 0x5a, 0x75, 0xc5,
+	0x5c, 0x10, 0xdf, 0xab, 0xf4, 0x9d, 0x10, 0x16, 0x12, 0x8a, 0x35, 0x5f, 0xba, 0x5d, 0x4a, 0x15,
+	0xa2, 0xa9, 0x14, 0xa1, 0x31, 0x7b, 0xd6, 0x8b, 0xe3, 0x62, 0xa2, 0x57, 0x75, 0x1b, 0xfb, 0x97,
+	0x06, 0xe0, 0xa9, 0x3e, 0x14, 0x9d, 0x39, 0x8b, 0xad, 0x3e, 0x67, 0xf1, 0xd7, 0xf8, 0x67, 0xfa,
+	0x74, 0xee, 0x67, 0xc2, 0xc5, 0x7f, 0xa6, 0xfd, 0xbf, 0x10, 0x3b, 0x81, 0x08, 0x62, 0xe2, 0xb6,
+	0x23, 0x9e, 0xbe, 0x63, 0xe4, 0x23, 0x2f, 0x8a, 0x76, 0xac, 0x30, 0xe8, 0xf6, 0xd7, 0x75, 0xe8,
+	0xf2, 0x1f, 0x2a, 0xa8, 0xf0, 0x88, 0x99, 0xda, 0xcc, 0xad, 0xaf, 0xf9, 0x59, 0x2a, 0x01, 0x38,
+	0x1b, 0xfb, 0xd7, 0x2d, 0x38, 0xdb, 0xdb, 0x1a, 0x41, 0xcf, 0xc1, 0xf0, 0x3a, 0x0b, 0xa6, 0x5c,
+	0x66, 0x21, 0x53, 0x62, 0xea, 0xb0, 0xf7, 0xd5, 0xcd, 0xd8, 0xc4, 0x41, 0xf3, 0x30, 0x61, 0x46,
+	0x61, 0x2e, 0x1b, 0xb1, 0x56, 0xcc, 0x5f, 0xb2, 0x96, 0x05, 0xe2, 0x6e, 0x7c, 0x34, 0x0d, 0x90,
+	0x78, 0x89, 0x4f, 0xf8, 0xd3, 0x7c, 0xa2, 0x31, 0x87, 0xe2, 0x9a, 0x6a, 0xc5, 0x06, 0x86, 0xfd,
+	0xd5, 0x72, 0xfe, 0x6b, 0x70, 0x2b, 0xf7, 0x30, 0xb3, 0x5f, 0xcc, 0xed, 0x52, 0x1f, 0x12, 0xba,
+	0x7c, 0xbf, 0x25, 0xf4, 0x40, 0x2f, 0x09, 0x8d, 0x16, 0xe0, 0x84, 0x71, 0x5d, 0x2b, 0x2f, 0x5d,
+	0xc3, 0x0f, 0xa5, 0x54, 0xdd, 0xb9, 0xd5, 0x0c, 0x1c, 0x77, 0x3d, 0xf1, 0x90, 0x4f, 0xd5, 0xdf,
+	0x28, 0xc1, 0x99, 0x9e, 0x1b, 0x8b, 0xfb, 0xa4, 0x81, 0xcc, 0xcf, 0x3f, 0x70, 0x7f, 0x3e, 0xbf,
+	0xf9, 0x51, 0x2a, 0x07, 0x7e, 0x94, 0x7e, 0xd4, 0xf9, 0xef, 0x97, 0x7a, 0x2e, 0x16, 0xba, 0x11,
+	0xfd, 0x6b, 0x3b, 0x92, 0x2f, 0xc3, 0xa8, 0xd3, 0x6a, 0x71, 0x3c, 0x96, 0x99, 0x91, 0xa9, 0x85,
+	0x39, 0x6b, 0x02, 0x71, 0x1a, 0xb7, 0xaf, 0x81, 0xfd, 0x63, 0x0b, 0x6a, 0x98, 0x6c, 0x70, 0x09,
+	0x87, 0x6e, 0x89, 0x21, 0xb2, 0x8a, 0xb8, 0x90, 0x80, 0x0e, 0x6c, 0xec, 0xb1, 0x2a, 0xfd, 0x79,
+	0x83, 0x7d, 0xd4, 0xca, 0x0a, 0xea, 0x92, 0xd7, 0x72, 0xef, 0x4b, 0x5e, 0xed, 0x5f, 0xae, 0xd1,
+	0xd7, 0x6b, 0x85, 0xf3, 0x11, 0x69, 0xc4, 0xf4, 0xfb, 0xb6, 0x23, 0x5f, 0x4c, 0x12, 0xf5, 0x7d,
+	0xaf, 0xe3, 0x25, 0x4c, 0xdb, 0x53, 0xe7, 0x93, 0xa5, 0x43, 0x55, 0x02, 0x2c, 0x1f, 0x58, 0x09,
+	0xf0, 0x65, 0x18, 0x8d, 0xe3, 0xad, 0xd5, 0xc8, 0xdb, 0x71, 0x12, 0x72, 0x95, 0xc8, 0x92, 0x41,
+	0xba, 0x2a, 0x56, 0xfd, 0xb2, 0x06, 0xe2, 0x34, 0x2e, 0xba, 0x04, 0x13, 0xba, 0x1e, 0x1f, 0x89,
+	0x12, 0x96, 0xf2, 0xc8, 0x67, 0x82, 0x2a, 0x07, 0xa3, 0x2b, 0xf8, 0x09, 0x04, 0xdc, 0xfd, 0x0c,
+	0x95, 0xb9, 0xa9, 0x46, 0xda, 0x91, 0xc1, 0xb4, 0xcc, 0x4d, 0xd1, 0xa1, 0x7d, 0xe9, 0x7a, 0x02,
+	0x2d, 0xc3, 0x49, 0x3e, 0x31, 0x66, 0x5b, 0x2d, 0xe3, 0x8d, 0x86, 0xd2, 0x55, 0xe0, 0x2f, 0x75,
+	0xa3, 0xe0, 0xbc, 0xe7, 0xd0, 0x8b, 0x30, 0xac, 0x9a, 0x17, 0x17, 0xc4, 0xd1, 0x9a, 0x72, 0xed,
+	0x29, 0x32, 0x8b, 0x0d, 0x6c, 0xe2, 0xa1, 0x0f, 0xc1, 0xa3, 0xfa, 0x2f, 0x4f, 0xa1, 0xe7, 0xe7,
+	0xcd, 0x0b, 0xa2, 0xd4, 0xa9, 0xba, 0x64, 0xec, 0x52, 0x2e, 0x5a, 0x03, 0xf7, 0x7a, 0x1e, 0xad,
+	0xc3, 0x59, 0x05, 0xba, 0x10, 0x24, 0x2c, 0xc9, 0x35, 0x26, 0x73, 0x4e, 0xcc, 0x22, 0x27, 0x80,
+	0xbd, 0xa7, 0x2d, 0xa8, 0x9f, 0xbd, 0xe4, 0x25, 0x97, 0xf3, 0x30, 0xf1, 0x12, 0xde, 0x87, 0x0a,
+	0x9a, 0x81, 0x1a, 0x09, 0x9c, 0x75, 0x9f, 0xac, 0xcc, 0x2f, 0x8a, 0x1d, 0xa9, 0xce, 0x8e, 0x90,
+	0x00, 0xac, 0x71, 0x54, 0x7c, 0xff, 0x48, 0xaf, 0xf8, 0x7e, 0xb4, 0x0a, 0xa7, 0x36, 0xdd, 0x16,
+	0xb5, 0x32, 0x3d, 0x97, 0xcc, 0xba, 0x2c, 0xa0, 0x98, 0x7e, 0x18, 0x5e, 0x9e, 0x5f, 0x25, 0x4a,
+	0x5d, 0x9a, 0x5f, 0xed, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xf3, 0x28, 0xdc, 0xed, 0x4c, 0x9e,
+	0xcc, 0x04, 0x9e, 0xd3, 0x46, 0xcc, 0x61, 0xe8, 0x0a, 0x20, 0x96, 0x2c, 0x78, 0x39, 0x49, 0x5a,
+	0xca, 0xac, 0x9d, 0x3c, 0x95, 0x2e, 0x7c, 0x78, 0xb1, 0x0b, 0x03, 0xe7, 0x3c, 0x45, 0xad, 0x9e,
+	0x20, 0x64, 0xd4, 0x27, 0x1f, 0x4d, 0x5b, 0x3d, 0xd7, 0x78, 0x33, 0x96, 0x70, 0xf4, 0x5d, 0x30,
+	0xd9, 0x8e, 0x09, 0xdb, 0x30, 0xdf, 0x0c, 0xa3, 0x6d, 0x3f, 0x74, 0x1a, 0x8b, 0xec, 0x36, 0xd9,
+	0xa4, 0x33, 0x39, 0xc9, 0x98, 0x9f, 0x13, 0xcf, 0x4e, 0x5e, 0xef, 0x81, 0x87, 0x7b, 0x52, 0xc8,
+	0x56, 0xee, 0x3c, 0xd3, 0x67, 0xe5, 0xce, 0x55, 0x38, 0x25, 0xf5, 0xda, 0xca, 0xfc, 0xa2, 0x7a,
+	0xe9, 0xc9, 0xb3, 0xe9, 0xeb, 0xe9, 0x16, 0x73, 0x70, 0x70, 0xee, 0x93, 0xf6, 0x1f, 0x59, 0x30,
+	0xaa, 0x24, 0xd8, 0x7d, 0x48, 0x5a, 0xf6, 0xd3, 0x49, 0xcb, 0x97, 0x8e, 0xae, 0x03, 0x58, 0xcf,
+	0x7b, 0xa4, 0xd8, 0xfc, 0xe8, 0x28, 0x80, 0xd6, 0x13, 0x4a, 0x45, 0x5b, 0x3d, 0x55, 0xf4, 0x43,
+	0x2b, 0xa3, 0xf3, 0x2a, 0x31, 0x56, 0x1e, 0x6c, 0x25, 0xc6, 0x3a, 0x9c, 0x96, 0x53, 0x8a, 0x1f,
+	0x29, 0x5f, 0x0e, 0x63, 0x25, 0xf2, 0x8d, 0xfb, 0x06, 0x17, 0xf3, 0x90, 0x70, 0xfe, 0xb3, 0x29,
+	0xdb, 0x6e, 0xe8, 0x40, 0xdb, 0x4e, 0x49, 0xb9, 0xa5, 0x0d, 0x79, 0x1b, 0x68, 0x46, 0xca, 0x2d,
+	0x5d, 0xac, 0x63, 0x8d, 0x93, 0xaf, 0xea, 0x6a, 0x05, 0xa9, 0x3a, 0x38, 0xb4, 0xaa, 0x93, 0x42,
+	0x77, 0xb8, 0xa7, 0xd0, 0x95, 0x47, 0x57, 0x23, 0x3d, 0x8f, 0xae, 0x3e, 0x08, 0x63, 0x5e, 0xb0,
+	0x45, 0x22, 0x2f, 0x21, 0x0d, 0xb6, 0x16, 0x98, 0x40, 0xae, 0x6a, 0x43, 0x67, 0x31, 0x05, 0xc5,
+	0x19, 0xec, 0xb4, 0xa6, 0x18, 0xeb, 0x43, 0x53, 0xf4, 0xd0, 0xcf, 0xe3, 0xc5, 0xe8, 0xe7, 0x13,
+	0x47, 0xd7, 0xcf, 0x13, 0xc7, 0xaa, 0x9f, 0x51, 0x21, 0xfa, 0xb9, 0x2f, 0xd5, 0x67, 0x6c, 0xd2,
+	0x4f, 0x1d, 0xb0, 0x49, 0xef, 0xa5, 0x9c, 0x4f, 0xdf, 0xb3, 0x72, 0xce, 0xd7, 0xbb, 0x8f, 0xbc,
+	0xab, 0x77, 0x0b, 0xd1, 0xbb, 0x9f, 0x29, 0xc1, 0x69, 0xad, 0x99, 0xa8, 0x3c, 0xf0, 0x36, 0xa8,
+	0x6c, 0x66, 0x57, 0x6c, 0xf3, 0x03, 0x6f, 0x23, 0x55, 0x5e, 0x17, 0x0b, 0x50, 0x10, 0x6c, 0x60,
+	0xb1, 0x8c, 0x73, 0x12, 0xb1, 0xcb, 0x5d, 0xb2, 0x6a, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x41, 0x07,
+	0x81, 0xfe, 0x16, 0x05, 0x4f, 0xb2, 0x65, 0xc3, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x7d, 0x9c,
+	0x09, 0x13, 0x99, 0x54, 0x75, 0x8d, 0xf0, 0x6d, 0xa5, 0x92, 0x92, 0x0a, 0x2a, 0xbb, 0xc3, 0x2a,
+	0x22, 0x54, 0xba, 0xbb, 0xc3, 0x62, 0x47, 0x15, 0x86, 0xfd, 0x3f, 0x2d, 0x38, 0x93, 0x3b, 0x14,
+	0xf7, 0xc1, 0x1c, 0xd9, 0x4d, 0x9b, 0x23, 0xf5, 0xa2, 0xb6, 0xa4, 0xc6, 0x5b, 0xf4, 0x30, 0x4d,
+	0xfe, 0xa3, 0x05, 0x63, 0x1a, 0xff, 0x3e, 0xbc, 0xaa, 0x97, 0x7e, 0xd5, 0xe2, 0x76, 0xdf, 0xb5,
+	0xae, 0x77, 0xfb, 0xb5, 0x12, 0xa8, 0x52, 0xfe, 0xb3, 0x6e, 0xd2, 0x5f, 0xba, 0x59, 0x07, 0x06,
+	0x59, 0x04, 0x49, 0x5c, 0x4c, 0x74, 0x5c, 0x9a, 0x3f, 0x8b, 0x46, 0xd1, 0x07, 0x7a, 0xec, 0x6f,
+	0x8c, 0x05, 0x43, 0x76, 0xf5, 0x10, 0xaf, 0x92, 0xde, 0x10, 0x89, 0xd3, 0xfa, 0xea, 0x21, 0xd1,
+	0x8e, 0x15, 0x06, 0x55, 0x98, 0x9e, 0x1b, 0x06, 0xf3, 0xbe, 0x13, 0xc7, 0xc2, 0x86, 0x53, 0x0a,
+	0x73, 0x51, 0x02, 0xb0, 0xc6, 0x61, 0xc1, 0x25, 0x5e, 0xdc, 0xf2, 0x9d, 0x8e, 0xe1, 0x63, 0x31,
+	0x0a, 0x7b, 0x29, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0xa6, 0x5f, 0x62, 0x81, 0x6c, 0xb0, 0xc8,
+	0xee, 0xbe, 0x86, 0x73, 0x06, 0x6a, 0x0e, 0x7b, 0x6a, 0xa9, 0xed, 0x08, 0x99, 0xa0, 0xe3, 0x9b,
+	0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x9b, 0xe1, 0x64, 0xce, 0x98, 0xf5, 0x11, 0x40, 0xf7, 0x8b, 0x25,
+	0x18, 0x4f, 0x3f, 0x19, 0xb3, 0xdc, 0x47, 0xde, 0x67, 0x2f, 0x76, 0xc3, 0x1d, 0x12, 0x75, 0x68,
+	0x37, 0xac, 0x4c, 0xee, 0x63, 0x17, 0x06, 0xce, 0x79, 0x8a, 0xdd, 0xaa, 0xd1, 0x50, 0xaf, 0x2e,
+	0xa7, 0xc7, 0x8d, 0x22, 0xa7, 0x87, 0x1e, 0x59, 0x33, 0xe8, 0x47, 0xb1, 0xc4, 0x26, 0x7f, 0x6a,
+	0xff, 0xb0, 0xcc, 0x8d, 0xb9, 0xb6, 0xe7, 0x27, 0x5e, 0x20, 0x5e, 0x59, 0x4c, 0x1c, 0x65, 0xff,
+	0x2c, 0x77, 0xa3, 0xe0, 0xbc, 0xe7, 0xec, 0xaf, 0x0c, 0x80, 0xaa, 0x80, 0xc2, 0x82, 0x32, 0x0b,
+	0x0a, 0x69, 0x3d, 0x6c, 0x06, 0xad, 0xfa, 0xd2, 0x03, 0xfb, 0x45, 0x49, 0x71, 0x2f, 0x99, 0xe9,
+	0x4e, 0x57, 0x03, 0xb6, 0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x3d, 0xf1, 0xbd, 0x1d, 0xc2, 0x1f, 0x1a,
+	0x4c, 0xf7, 0x64, 0x49, 0x02, 0xb0, 0xc6, 0x61, 0x45, 0xb4, 0xbd, 0x8d, 0x0d, 0xe1, 0xf2, 0xd1,
+	0x45, 0xb4, 0xbd, 0x8d, 0x0d, 0xcc, 0x20, 0xfc, 0xde, 0xa5, 0x70, 0x5b, 0xd8, 0xfc, 0xc6, 0xbd,
+	0x4b, 0xe1, 0x36, 0x66, 0x10, 0xfa, 0x95, 0x82, 0x30, 0x6a, 0x3a, 0xbe, 0xf7, 0x26, 0x69, 0x28,
+	0x2e, 0xc2, 0xd6, 0x57, 0x5f, 0xe9, 0x5a, 0x37, 0x0a, 0xce, 0x7b, 0x8e, 0x4e, 0xe8, 0x56, 0x44,
+	0x1a, 0x9e, 0x9b, 0x98, 0xd4, 0x20, 0x3d, 0xa1, 0x57, 0xbb, 0x30, 0x70, 0xce, 0x53, 0x68, 0x16,
+	0xc6, 0x65, 0x05, 0x1b, 0x59, 0xf5, 0x71, 0x38, 0x5d, 0x3a, 0x0e, 0xa7, 0xc1, 0x38, 0x8b, 0x4f,
+	0x25, 0x56, 0x53, 0xd4, 0xa2, 0x65, 0x5b, 0x03, 0x43, 0x62, 0xc9, 0x1a, 0xb5, 0x58, 0x61, 0xd8,
+	0x9f, 0x28, 0x53, 0x0d, 0xdb, 0xa3, 0xe4, 0xf3, 0x7d, 0x0b, 0xa1, 0x4e, 0xcf, 0xc8, 0x81, 0x3e,
+	0x66, 0xe4, 0x0b, 0x30, 0x72, 0x2b, 0x0e, 0x03, 0x15, 0x9e, 0x5c, 0xe9, 0x19, 0x9e, 0x6c, 0x60,
+	0xe5, 0x87, 0x27, 0x0f, 0x16, 0x15, 0x9e, 0x3c, 0x74, 0x8f, 0xe1, 0xc9, 0xff, 0xba, 0x02, 0xea,
+	0x62, 0xcd, 0x6b, 0x24, 0xb9, 0x1d, 0x46, 0xdb, 0x5e, 0xb0, 0xc9, 0xaa, 0xb1, 0x7c, 0xc9, 0x92,
+	0x05, 0x5d, 0x96, 0xcc, 0xb4, 0xdd, 0x8d, 0x82, 0x2e, 0x47, 0x4c, 0x31, 0x9b, 0x5e, 0x33, 0x18,
+	0xf1, 0x30, 0x97, 0x4c, 0xe1, 0x18, 0xe1, 0xc1, 0x4f, 0xf5, 0x08, 0x7d, 0x0f, 0x80, 0xf4, 0x8f,
+	0x6f, 0x48, 0x09, 0xbc, 0x58, 0x4c, 0xff, 0x30, 0xd9, 0xd0, 0xf6, 0xed, 0x9a, 0x62, 0x82, 0x0d,
+	0x86, 0xe8, 0x33, 0x3a, 0xa5, 0x99, 0xe7, 0x31, 0x7d, 0xf4, 0x58, 0xc6, 0xa6, 0x9f, 0x84, 0x66,
+	0x0c, 0x43, 0x5e, 0xb0, 0x49, 0xe7, 0x89, 0x08, 0xe3, 0x7c, 0x6f, 0x5e, 0xb1, 0xaf, 0xa5, 0xd0,
+	0x69, 0xcc, 0x39, 0xbe, 0x13, 0xb8, 0x24, 0x5a, 0xe4, 0xe8, 0x7a, 0xcf, 0x23, 0x1a, 0xb0, 0x24,
+	0xd4, 0x75, 0xfb, 0x67, 0xa5, 0x9f, 0xdb, 0x3f, 0xcf, 0x7e, 0x3b, 0x4c, 0x74, 0x7d, 0xcc, 0x43,
+	0xe5, 0x2f, 0x1f, 0xa1, 0xcc, 0xd7, 0x2f, 0x0d, 0x6a, 0xa5, 0x75, 0x2d, 0x6c, 0xf0, 0xcb, 0x24,
+	0x23, 0xfd, 0x45, 0x85, 0xfd, 0x5a, 0xe0, 0x14, 0x51, 0x6a, 0xc6, 0x68, 0xc4, 0x26, 0x4b, 0x3a,
+	0x47, 0x5b, 0x4e, 0x44, 0x82, 0xe3, 0x9e, 0xa3, 0xab, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0xad, 0x54,
+	0xa2, 0xdd, 0xc5, 0xa3, 0x27, 0xda, 0xb1, 0xd2, 0xab, 0x79, 0x77, 0xae, 0xbd, 0x6d, 0xc1, 0x58,
+	0x90, 0x9a, 0xb9, 0xc5, 0xc4, 0xd6, 0xe7, 0xaf, 0x0a, 0x7e, 0x2f, 0x73, 0xba, 0x0d, 0x67, 0xf8,
+	0xe7, 0xa9, 0xb4, 0xca, 0x21, 0x55, 0x9a, 0xbe, 0xcc, 0x76, 0xb0, 0xd7, 0x65, 0xb6, 0x28, 0x50,
+	0xb7, 0x8c, 0x0f, 0x15, 0x51, 0xae, 0x24, 0x75, 0xc5, 0x38, 0xe4, 0x5c, 0x2f, 0x7e, 0xd3, 0xcc,
+	0xc3, 0x3d, 0xfc, 0x6d, 0xd3, 0xa3, 0xbd, 0xf2, 0x75, 0xed, 0xff, 0x33, 0x00, 0x27, 0xe4, 0x88,
+	0xc8, 0xbc, 0x1c, 0xaa, 0x1f, 0x39, 0x5f, 0x6d, 0x2b, 0x2b, 0xfd, 0x78, 0x59, 0x02, 0xb0, 0xc6,
+	0xa1, 0xf6, 0x58, 0x3b, 0x26, 0x2b, 0x2d, 0x12, 0x2c, 0x79, 0xeb, 0xb1, 0x38, 0x0b, 0x57, 0x0b,
+	0xe5, 0xba, 0x06, 0x61, 0x13, 0x8f, 0x25, 0x0b, 0xbb, 0x66, 0xc5, 0x0e, 0x9d, 0x2c, 0x2c, 0x0c,
+	0x55, 0x09, 0x47, 0x3f, 0x96, 0x7b, 0x07, 0x45, 0x31, 0xd9, 0xac, 0x5d, 0xe9, 0x48, 0x87, 0xbb,
+	0x7c, 0x02, 0xfd, 0x23, 0x0b, 0x4e, 0xf3, 0x56, 0x39, 0x92, 0xd7, 0x5b, 0x0d, 0x27, 0x21, 0x71,
+	0x31, 0xf7, 0x75, 0xe5, 0xf4, 0x4f, 0xbb, 0xb4, 0xf3, 0xd8, 0xe2, 0xfc, 0xde, 0xa0, 0x2f, 0x5a,
+	0x30, 0xbe, 0x9d, 0xaa, 0xb8, 0x25, 0x55, 0xc7, 0x51, 0xcb, 0xd1, 0xa4, 0x88, 0xea, 0xa5, 0x96,
+	0x6e, 0x8f, 0x71, 0x96, 0xbb, 0xfd, 0x17, 0x16, 0x98, 0x62, 0xf4, 0xfe, 0x17, 0xea, 0x3a, 0xbc,
+	0x29, 0x28, 0xad, 0xcb, 0x4a, 0x4f, 0xeb, 0xf2, 0x09, 0x28, 0xb7, 0xbd, 0x86, 0xd8, 0x5f, 0xe8,
+	0xd3, 0xf7, 0xc5, 0x05, 0x4c, 0xdb, 0xed, 0x3f, 0xa9, 0x68, 0x9f, 0x84, 0x48, 0x16, 0xfd, 0x6b,
+	0xf1, 0xda, 0x1b, 0xaa, 0x02, 0x2f, 0x7f, 0xf3, 0x6b, 0x5d, 0x15, 0x78, 0xbf, 0xf5, 0xf0, 0xb9,
+	0xc0, 0x7c, 0x80, 0x7a, 0x15, 0xe0, 0x1d, 0x3a, 0x20, 0x11, 0xf8, 0x16, 0x54, 0xe9, 0x16, 0x8c,
+	0x39, 0x17, 0xab, 0xa9, 0x4e, 0x55, 0x2f, 0x8b, 0xf6, 0xbb, 0x7b, 0x53, 0xdf, 0x72, 0xf8, 0x6e,
+	0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd1, 0xdf, 0x2c, 0x67, 0x59, 0x6c, 0xee, 0xae, 0x2b,
+	0x99, 0x29, 0x01, 0x85, 0x24, 0x44, 0x6b, 0x3e, 0x28, 0x80, 0x1a, 0x45, 0xe4, 0x4c, 0xf9, 0x1e,
+	0x70, 0x55, 0x65, 0x0e, 0x4b, 0xc0, 0xdd, 0xbd, 0xa9, 0x97, 0x0f, 0xcf, 0x54, 0x3d, 0x8e, 0x35,
+	0x0b, 0x43, 0x35, 0x0e, 0xf7, 0xbc, 0xe7, 0xfd, 0xff, 0x0e, 0xe8, 0xf9, 0x2d, 0x8a, 0x33, 0xff,
+	0xb5, 0x98, 0xdf, 0x2f, 0x65, 0xe6, 0xf7, 0xb9, 0xae, 0xf9, 0x3d, 0x46, 0xc7, 0x2c, 0xa7, 0x64,
+	0xf4, 0xfd, 0x36, 0x16, 0x0e, 0xf6, 0x49, 0x30, 0x2b, 0xe9, 0x8d, 0xb6, 0x17, 0x91, 0x78, 0x35,
+	0x6a, 0x07, 0x5e, 0xb0, 0xc9, 0xa6, 0x6c, 0xd5, 0xb4, 0x92, 0x52, 0x60, 0x9c, 0xc5, 0xa7, 0x1b,
+	0x7f, 0x3a, 0x2f, 0x6e, 0x3a, 0x3b, 0x7c, 0xe6, 0x19, 0x85, 0x31, 0xeb, 0xa2, 0x1d, 0x2b, 0x0c,
+	0xb4, 0x05, 0x8f, 0x4b, 0x02, 0x0b, 0xc4, 0x27, 0xf4, 0x85, 0x58, 0x54, 0x61, 0xd4, 0xe4, 0x31,
+	0xff, 0x3c, 0x30, 0xe4, 0xeb, 0x05, 0x85, 0xc7, 0xf1, 0x3e, 0xb8, 0x78, 0x5f, 0x4a, 0xf6, 0x97,
+	0x59, 0x1c, 0x81, 0x51, 0xba, 0x81, 0xce, 0x3e, 0xdf, 0x6b, 0x7a, 0xb2, 0x7e, 0xa7, 0x9a, 0x7d,
+	0x4b, 0xb4, 0x11, 0x73, 0x18, 0xba, 0x0d, 0x43, 0xeb, 0xfc, 0xfe, 0xf7, 0x62, 0xee, 0x5d, 0x12,
+	0x97, 0xc9, 0xb3, 0xda, 0xdd, 0xf2, 0x66, 0xf9, 0xbb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xdf, 0xad,
+	0xc0, 0xb8, 0x8c, 0xf5, 0xba, 0xec, 0xc5, 0x2c, 0x3c, 0xc0, 0xbc, 0xd0, 0xa0, 0x74, 0xe0, 0x85,
+	0x06, 0x1f, 0x01, 0x68, 0x90, 0x96, 0x1f, 0x76, 0x98, 0x71, 0x38, 0x70, 0x68, 0xe3, 0x50, 0xed,
+	0x27, 0x16, 0x14, 0x15, 0x6c, 0x50, 0x14, 0x45, 0x4b, 0xf9, 0xfd, 0x08, 0x99, 0xa2, 0xa5, 0xc6,
+	0xed, 0x6c, 0x83, 0xf7, 0xf7, 0x76, 0x36, 0x0f, 0xc6, 0x79, 0x17, 0x55, 0x81, 0x84, 0x7b, 0xa8,
+	0x83, 0xc0, 0x52, 0xcc, 0x16, 0xd2, 0x64, 0x70, 0x96, 0xae, 0x79, 0xf5, 0x5a, 0xf5, 0x7e, 0x5f,
+	0xbd, 0xf6, 0x7e, 0xa8, 0xc9, 0xef, 0x1c, 0x4f, 0xd6, 0x74, 0xf1, 0x1e, 0x39, 0x0d, 0x62, 0xac,
+	0xe1, 0x5d, 0xb5, 0x5e, 0xe0, 0x41, 0xd5, 0x7a, 0xb1, 0xdf, 0x2e, 0xd3, 0x5d, 0x05, 0xef, 0xd7,
+	0xa1, 0x6f, 0x2e, 0xbc, 0x6c, 0xdc, 0x5c, 0x78, 0xb8, 0xef, 0x59, 0xcd, 0xdc, 0x70, 0xf8, 0x38,
+	0x0c, 0x24, 0xce, 0xa6, 0xcc, 0x88, 0x65, 0xd0, 0x35, 0x67, 0x33, 0xc6, 0xac, 0xf5, 0x30, 0x35,
+	0x9e, 0x5f, 0x86, 0xd1, 0xd8, 0xdb, 0x0c, 0x9c, 0xa4, 0x1d, 0x11, 0xe3, 0x30, 0x51, 0x47, 0xcc,
+	0x98, 0x40, 0x9c, 0xc6, 0x45, 0x9f, 0xb4, 0x00, 0x22, 0xa2, 0xf6, 0x2c, 0x83, 0x45, 0xcc, 0x21,
+	0x25, 0x06, 0x24, 0x5d, 0xb3, 0x46, 0x87, 0xda, 0xab, 0x18, 0x6c, 0xed, 0x4f, 0x5b, 0x30, 0xd1,
+	0xf5, 0x14, 0x6a, 0xc1, 0xa0, 0xcb, 0xee, 0x97, 0x2c, 0xa6, 0x2e, 0x65, 0xfa, 0xae, 0x4a, 0xae,
+	0x9c, 0x78, 0x1b, 0x16, 0x7c, 0xec, 0x5f, 0x1e, 0x81, 0x53, 0xf5, 0xf9, 0x65, 0x79, 0x2b, 0xd1,
+	0xb1, 0xa5, 0xf8, 0xe6, 0xf1, 0xb8, 0x7f, 0x29, 0xbe, 0x3d, 0xb8, 0xfb, 0x46, 0x8a, 0xaf, 0x6f,
+	0xa4, 0xf8, 0xa6, 0xf3, 0x2d, 0xcb, 0x45, 0xe4, 0x5b, 0xe6, 0xf5, 0xa0, 0x9f, 0x7c, 0xcb, 0x63,
+	0xcb, 0xf9, 0xdd, 0xb7, 0x43, 0x87, 0xca, 0xf9, 0x55, 0x09, 0xd1, 0x85, 0xa4, 0x77, 0xf5, 0xf8,
+	0x54, 0xb9, 0x09, 0xd1, 0x2a, 0x19, 0x95, 0xa7, 0x2e, 0x0a, 0xa5, 0xf7, 0x5a, 0xf1, 0x1d, 0xe8,
+	0x23, 0x19, 0x55, 0x64, 0x4f, 0x9a, 0x09, 0xd0, 0x43, 0x45, 0x24, 0x40, 0xe7, 0x75, 0xe7, 0xc0,
+	0x04, 0xe8, 0x97, 0x61, 0xd4, 0xf5, 0xc3, 0x80, 0xac, 0x46, 0x61, 0x12, 0xba, 0xa1, 0xbc, 0xcd,
+	0x5b, 0x5f, 0xcc, 0x68, 0x02, 0x71, 0x1a, 0xb7, 0x57, 0xf6, 0x74, 0xed, 0xa8, 0xd9, 0xd3, 0xf0,
+	0x80, 0xb2, 0xa7, 0x8d, 0xfc, 0xe0, 0xe1, 0x22, 0xf2, 0x83, 0xf3, 0xbe, 0x48, 0x5f, 0xf9, 0xc1,
+	0xef, 0xf0, 0xcb, 0xec, 0xe9, 0x66, 0x84, 0x4b, 0x61, 0x76, 0x44, 0x37, 0x7c, 0xfe, 0xf5, 0x63,
+	0x98, 0xb0, 0x37, 0xeb, 0x9a, 0x8d, 0xba, 0xe0, 0x5e, 0x37, 0xe1, 0x74, 0x47, 0x8e, 0x92, 0x53,
+	0xfc, 0xe3, 0x25, 0xf8, 0xba, 0x03, 0xbb, 0x80, 0x6e, 0x03, 0x24, 0xce, 0xa6, 0x98, 0xa8, 0xe2,
+	0x20, 0xeb, 0x88, 0x41, 0xbe, 0x6b, 0x92, 0x9e, 0xc8, 0x77, 0x53, 0xe4, 0xb1, 0xc1, 0x8a, 0xc5,
+	0xf6, 0x86, 0x7e, 0x57, 0x49, 0x69, 0x1c, 0xfa, 0x04, 0x33, 0x08, 0x35, 0x84, 0x22, 0xb2, 0x49,
+	0x8d, 0xfb, 0x72, 0xda, 0x10, 0xc2, 0xac, 0x15, 0x0b, 0x28, 0x7a, 0x11, 0x86, 0x1d, 0xdf, 0xe7,
+	0xb9, 0x77, 0x24, 0x16, 0x37, 0xa6, 0xea, 0x42, 0xb2, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcf, 0x4b,
+	0x30, 0x75, 0x80, 0x4c, 0xe9, 0xca, 0xb9, 0xae, 0xf4, 0x9d, 0x73, 0x2d, 0x72, 0x87, 0x06, 0x7b,
+	0xe4, 0x0e, 0xbd, 0x08, 0xc3, 0x09, 0x71, 0x9a, 0x22, 0x2c, 0x30, 0x5b, 0x1f, 0x71, 0x4d, 0x83,
+	0xb0, 0x89, 0x47, 0xa5, 0xd8, 0x98, 0xe3, 0xba, 0x24, 0x8e, 0x65, 0x72, 0x90, 0xf0, 0x72, 0x17,
+	0x96, 0x79, 0xc4, 0x0e, 0x0f, 0x66, 0x53, 0x2c, 0x70, 0x86, 0x65, 0x76, 0xc0, 0x6b, 0x7d, 0x0e,
+	0xf8, 0x4f, 0x95, 0xe0, 0x89, 0x7d, 0xb5, 0x5b, 0xdf, 0x79, 0x5b, 0xed, 0x98, 0x44, 0xd9, 0x89,
+	0x73, 0x3d, 0x26, 0x11, 0x66, 0x10, 0x3e, 0x4a, 0xad, 0x96, 0x0a, 0xe9, 0x2e, 0x3e, 0xd1, 0x91,
+	0x8f, 0x52, 0x8a, 0x05, 0xce, 0xb0, 0xbc, 0xd7, 0x69, 0xf9, 0xbb, 0x03, 0xf0, 0x54, 0x1f, 0x36,
+	0x40, 0x81, 0x09, 0xa1, 0xe9, 0x64, 0xe7, 0xf2, 0x03, 0x4a, 0x76, 0xbe, 0xb7, 0xe1, 0x7a, 0x37,
+	0x47, 0xba, 0xaf, 0xc4, 0xd3, 0x2f, 0x97, 0xe0, 0x6c, 0x6f, 0x83, 0x05, 0x7d, 0x1b, 0x8c, 0x47,
+	0x2a, 0x3e, 0xd0, 0xcc, 0x93, 0x3e, 0xc9, 0x7d, 0x5c, 0x29, 0x10, 0xce, 0xe2, 0xa2, 0x69, 0x80,
+	0x96, 0x93, 0x6c, 0xc5, 0x17, 0x76, 0xbd, 0x38, 0x11, 0x85, 0xe5, 0xc6, 0xf8, 0xc9, 0xab, 0x6c,
+	0xc5, 0x06, 0x06, 0x65, 0xc7, 0xfe, 0x2d, 0x84, 0xd7, 0xc2, 0x84, 0x3f, 0xc4, 0xb7, 0x9e, 0x27,
+	0xe5, 0x35, 0x8c, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0xb6, 0xcf, 0x3b, 0x3a, 0xa0, 0x33,
+	0xab, 0x97, 0x54, 0x2b, 0x36, 0x30, 0xb2, 0x19, 0xe0, 0x95, 0x83, 0x33, 0xc0, 0xed, 0x7f, 0x59,
+	0x82, 0x33, 0x3d, 0x0d, 0xde, 0xfe, 0xc4, 0xd4, 0xc3, 0x97, 0x85, 0x7d, 0x8f, 0x2b, 0xec, 0x50,
+	0xd9, 0xbb, 0xf6, 0x1f, 0xf7, 0x98, 0x69, 0x22, 0x33, 0xf7, 0xde, 0x8b, 0x98, 0x3c, 0x7c, 0xe3,
+	0xd9, 0x95, 0x8c, 0x3b, 0x70, 0x88, 0x64, 0xdc, 0xcc, 0xc7, 0xa8, 0xf4, 0xa9, 0x1d, 0xfe, 0xeb,
+	0x40, 0xcf, 0xe1, 0xa5, 0x1b, 0xe4, 0xbe, 0x4e, 0x10, 0x16, 0xe0, 0x84, 0x17, 0xb0, 0x8b, 0x75,
+	0xeb, 0xed, 0x75, 0x51, 0x6b, 0x8c, 0x17, 0xd4, 0x55, 0xa9, 0x30, 0x8b, 0x19, 0x38, 0xee, 0x7a,
+	0xe2, 0x21, 0x4c, 0x8e, 0xbe, 0xb7, 0x21, 0x3d, 0xa4, 0xe4, 0x5e, 0x81, 0xd3, 0x72, 0x28, 0xb6,
+	0x9c, 0x88, 0x34, 0x84, 0xb2, 0x8d, 0x45, 0xf2, 0xd3, 0x19, 0x9e, 0x40, 0x95, 0x83, 0x80, 0xf3,
+	0x9f, 0x63, 0xb7, 0xa0, 0x86, 0x2d, 0xcf, 0x15, 0x5b, 0x41, 0x7d, 0x0b, 0x2a, 0x6d, 0xc4, 0x1c,
+	0xa6, 0xf5, 0x45, 0xed, 0xfe, 0xe8, 0x8b, 0x8f, 0x40, 0x4d, 0x8d, 0x37, 0x4f, 0x70, 0x50, 0x93,
+	0xbc, 0x2b, 0xc1, 0x41, 0xcd, 0x70, 0x03, 0x8b, 0xce, 0x0e, 0xba, 0x51, 0xc9, 0xac, 0x56, 0xca,
+	0x8f, 0xb6, 0xdb, 0xcf, 0xc3, 0x88, 0xf2, 0x05, 0xf6, 0x7b, 0x17, 0xad, 0xfd, 0x57, 0x25, 0xc8,
+	0x5c, 0xbb, 0x86, 0x76, 0xa1, 0xd6, 0x90, 0xd7, 0xf8, 0x17, 0x53, 0xd0, 0x79, 0x41, 0x92, 0xd3,
+	0x07, 0x61, 0xaa, 0x09, 0x6b, 0x66, 0xe8, 0x2d, 0x5e, 0x3b, 0x59, 0xb0, 0x2e, 0x15, 0x91, 0x20,
+	0x5f, 0x57, 0xf4, 0xcc, 0xcb, 0x26, 0x65, 0x1b, 0x36, 0xf8, 0xa1, 0x04, 0x6a, 0x5b, 0xf2, 0x7a,
+	0xb9, 0x62, 0xc4, 0x9d, 0xba, 0xad, 0x8e, 0x9b, 0x68, 0xea, 0x2f, 0xd6, 0x8c, 0xec, 0x3f, 0x2a,
+	0xc1, 0xa9, 0xf4, 0x07, 0x10, 0x07, 0x97, 0x3f, 0x63, 0xc1, 0xa3, 0xbe, 0x13, 0x27, 0xf5, 0x36,
+	0xdb, 0x28, 0x6c, 0xb4, 0xfd, 0x95, 0x4c, 0x99, 0xed, 0xa3, 0x3a, 0x5b, 0x14, 0xe1, 0xec, 0x75,
+	0x84, 0x73, 0x8f, 0xdd, 0xd9, 0x9b, 0x7a, 0x74, 0x29, 0x9f, 0x39, 0xee, 0xd5, 0x2b, 0xf4, 0xb6,
+	0x05, 0x27, 0xdc, 0x76, 0x14, 0x91, 0x20, 0xd1, 0x5d, 0xe5, 0x5f, 0xf1, 0x5a, 0x21, 0x03, 0xa9,
+	0x3b, 0x78, 0x8a, 0x0a, 0xd4, 0xf9, 0x0c, 0x2f, 0xdc, 0xc5, 0xdd, 0xfe, 0x21, 0xaa, 0x39, 0x7b,
+	0xbe, 0xe7, 0xdf, 0xb0, 0xfb, 0x13, 0xff, 0x74, 0x10, 0x46, 0x53, 0xb5, 0xc4, 0x53, 0x87, 0x7d,
+	0xd6, 0x81, 0x87, 0x7d, 0x2c, 0x5d, 0xaf, 0x1d, 0xc8, 0xab, 0xe5, 0x8d, 0x74, 0xbd, 0x76, 0x40,
+	0x30, 0x87, 0x89, 0x21, 0xc5, 0xed, 0x40, 0xe4, 0x02, 0x98, 0x43, 0x8a, 0xdb, 0x01, 0x16, 0x50,
+	0xf4, 0x71, 0x0b, 0x46, 0xd8, 0xe2, 0x13, 0x47, 0xa5, 0x42, 0xa1, 0x5d, 0x29, 0x60, 0xb9, 0xcb,
+	0xba, 0xf9, 0x2c, 0x76, 0xd4, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0x53, 0x16, 0xd4, 0xd4, 0x3d, 0xb6,
+	0xe2, 0x6c, 0xa4, 0x5e, 0x6c, 0xa9, 0xf6, 0x8c, 0xd4, 0x53, 0x35, 0xb3, 0xb1, 0x66, 0x8c, 0x62,
+	0x75, 0x8e, 0x39, 0x74, 0x3c, 0xe7, 0x98, 0x90, 0x73, 0x86, 0xf9, 0x7e, 0xa8, 0x35, 0x9d, 0xc0,
+	0xdb, 0x20, 0x71, 0xc2, 0x8f, 0x16, 0xe5, 0xcd, 0x1c, 0xb2, 0x11, 0x6b, 0x38, 0x35, 0xf6, 0x63,
+	0xf6, 0x62, 0x89, 0x71, 0x16, 0xc8, 0x8c, 0xfd, 0xba, 0x6e, 0xc6, 0x26, 0x8e, 0x79, 0x70, 0x09,
+	0x0f, 0xf4, 0xe0, 0x72, 0xf8, 0x80, 0x83, 0xcb, 0x3a, 0x9c, 0x76, 0xda, 0x49, 0x78, 0x99, 0x38,
+	0xfe, 0x6c, 0x92, 0x90, 0x66, 0x2b, 0x89, 0x79, 0xf9, 0xf9, 0x11, 0xe6, 0x02, 0x56, 0xd1, 0x6e,
+	0x75, 0xe2, 0x6f, 0x74, 0x21, 0xe1, 0xfc, 0x67, 0xed, 0x7f, 0x6e, 0xc1, 0xe9, 0xdc, 0xa9, 0xf0,
+	0xf0, 0xe6, 0x19, 0xd8, 0x3f, 0x52, 0x81, 0x93, 0x39, 0x37, 0x0d, 0xa0, 0x8e, 0xb9, 0x48, 0xac,
+	0x22, 0x42, 0xf6, 0xd2, 0x11, 0x68, 0xf2, 0xdb, 0xe4, 0xac, 0x8c, 0xc3, 0xc5, 0x22, 0xe8, 0x78,
+	0x80, 0xf2, 0xfd, 0x8d, 0x07, 0x30, 0xe6, 0xfa, 0xc0, 0x03, 0x9d, 0xeb, 0x95, 0x03, 0xe6, 0xfa,
+	0xcf, 0x5a, 0x30, 0xd9, 0xec, 0x71, 0x6d, 0x98, 0x38, 0x4f, 0xba, 0x71, 0x3c, 0x97, 0x92, 0xcd,
+	0x3d, 0x7e, 0x67, 0x6f, 0xaa, 0xe7, 0x6d, 0x6d, 0xb8, 0x67, 0xaf, 0xec, 0xaf, 0x94, 0x81, 0xd9,
+	0x6b, 0xac, 0x9a, 0x74, 0x07, 0x7d, 0xcc, 0xbc, 0xb0, 0xc4, 0x2a, 0xea, 0x72, 0x0d, 0x4e, 0x5c,
+	0x5d, 0x78, 0xc2, 0x47, 0x30, 0xef, 0xfe, 0x93, 0xac, 0x24, 0x2c, 0xf5, 0x21, 0x09, 0x7d, 0x79,
+	0x33, 0x4c, 0xb9, 0xf8, 0x9b, 0x61, 0x6a, 0xd9, 0x5b, 0x61, 0xf6, 0xff, 0xc4, 0x03, 0x0f, 0xe5,
+	0x27, 0xfe, 0x15, 0x8b, 0x0b, 0x9e, 0xcc, 0x57, 0xd0, 0xe6, 0x86, 0xb5, 0x8f, 0xb9, 0xf1, 0x0c,
+	0x54, 0x63, 0x21, 0x99, 0x85, 0x59, 0xa2, 0x43, 0xc1, 0x44, 0x3b, 0x56, 0x18, 0x74, 0xd7, 0xe5,
+	0xf8, 0x7e, 0x78, 0xfb, 0x42, 0xb3, 0x95, 0x74, 0x84, 0x81, 0xa2, 0xb6, 0x05, 0xb3, 0x0a, 0x82,
+	0x0d, 0x2c, 0xf4, 0x14, 0x0c, 0xf2, 0xb2, 0x0f, 0xc2, 0xb9, 0x33, 0x4c, 0xd7, 0x21, 0xaf, 0x09,
+	0xd1, 0xc0, 0x02, 0x64, 0x6f, 0x81, 0xb1, 0xab, 0xb8, 0xf7, 0xbb, 0xa9, 0x0f, 0xbe, 0x6e, 0xd2,
+	0xfe, 0x07, 0x25, 0xc1, 0x8a, 0xef, 0x12, 0x74, 0x64, 0xa0, 0x75, 0xc8, 0xc8, 0xc0, 0xb7, 0x00,
+	0xdc, 0xb0, 0xd9, 0xa2, 0xfb, 0xe6, 0xb5, 0xb0, 0x98, 0xcd, 0xd6, 0xbc, 0xa2, 0xa7, 0x47, 0x55,
+	0xb7, 0x61, 0x83, 0x5f, 0x4a, 0xb4, 0x97, 0x0f, 0x14, 0xed, 0x29, 0x29, 0x37, 0xb0, 0xbf, 0x94,
+	0xb3, 0xff, 0xdc, 0x82, 0x94, 0xd5, 0x87, 0x5a, 0x50, 0xa1, 0xdd, 0xed, 0x08, 0x81, 0xb1, 0x52,
+	0x9c, 0x89, 0x49, 0x25, 0xb5, 0x58, 0x85, 0xec, 0x27, 0xe6, 0x8c, 0x90, 0x2f, 0xa2, 0x20, 0x0b,
+	0xd9, 0xfc, 0x98, 0x0c, 0x2f, 0x87, 0xe1, 0x36, 0x0f, 0x26, 0xd2, 0x11, 0x95, 0xf6, 0x4b, 0x30,
+	0xd1, 0xd5, 0x29, 0x76, 0x9f, 0x75, 0x28, 0x77, 0xf0, 0xc6, 0xea, 0x61, 0xd5, 0x17, 0x30, 0x87,
+	0xd9, 0x5f, 0xb6, 0xe0, 0x44, 0x96, 0x3c, 0x7a, 0xc7, 0x82, 0x89, 0x38, 0x4b, 0xef, 0xb8, 0xc6,
+	0x4e, 0x65, 0x3b, 0x74, 0x81, 0x70, 0x77, 0x27, 0xec, 0xff, 0x21, 0xb4, 0xc1, 0x4d, 0x2f, 0x68,
+	0x84, 0xb7, 0x95, 0x9d, 0x64, 0xf5, 0xb4, 0x93, 0xa8, 0x78, 0x70, 0xb7, 0x48, 0xa3, 0xed, 0x77,
+	0xd5, 0x84, 0xa8, 0x8b, 0x76, 0xac, 0x30, 0x58, 0x0a, 0x7c, 0x5b, 0xec, 0x5b, 0x33, 0x93, 0x72,
+	0x41, 0xb4, 0x63, 0x85, 0x81, 0x5e, 0x80, 0x11, 0xe3, 0x25, 0xe5, 0xbc, 0x64, 0x9b, 0x0e, 0x43,
+	0x83, 0xc7, 0x38, 0x85, 0x85, 0xa6, 0x01, 0x94, 0xcd, 0x25, 0x35, 0x36, 0x73, 0xb4, 0x2b, 0xc1,
+	0x18, 0x63, 0x03, 0x83, 0x15, 0x9c, 0xf0, 0xdb, 0x31, 0x3b, 0x49, 0x1e, 0xd4, 0xb7, 0x2b, 0xcc,
+	0x8b, 0x36, 0xac, 0xa0, 0x54, 0xb8, 0x35, 0x9d, 0xa0, 0xed, 0xf8, 0x74, 0x84, 0x84, 0xeb, 0x4c,
+	0x2d, 0xc3, 0x65, 0x05, 0xc1, 0x06, 0x16, 0x7d, 0xe3, 0xc4, 0x6b, 0x92, 0x57, 0xc3, 0x40, 0x46,
+	0xa9, 0xeb, 0xe0, 0x02, 0xd1, 0x8e, 0x15, 0x06, 0x7a, 0x09, 0x86, 0x9d, 0xa0, 0xc1, 0x0d, 0xc4,
+	0x30, 0x12, 0x67, 0x94, 0x6a, 0xf7, 0x79, 0x3d, 0x26, 0xb3, 0x1a, 0x8a, 0x4d, 0xd4, 0xec, 0xd5,
+	0x12, 0xd0, 0xe7, 0xd5, 0x75, 0x7f, 0x66, 0xc1, 0xb8, 0xae, 0x20, 0xc4, 0x3c, 0x6c, 0x29, 0xd7,
+	0xa2, 0x75, 0xa0, 0x6b, 0x31, 0x5d, 0x48, 0xa4, 0xd4, 0x57, 0x21, 0x11, 0xb3, 0xc6, 0x47, 0x79,
+	0xdf, 0x1a, 0x1f, 0xdf, 0x00, 0x43, 0xdb, 0xa4, 0x63, 0x14, 0x03, 0x61, 0xca, 0xe1, 0x2a, 0x6f,
+	0xc2, 0x12, 0x86, 0x6c, 0x18, 0x74, 0x1d, 0x55, 0x50, 0x70, 0x44, 0xc4, 0xa6, 0xcd, 0x32, 0x24,
+	0x01, 0xb1, 0x57, 0xa0, 0xa6, 0x0e, 0xf5, 0xa5, 0xa7, 0xcf, 0xca, 0xf7, 0xf4, 0xf5, 0x75, 0x09,
+	0xfe, 0xdc, 0xfa, 0x6f, 0x7e, 0xf5, 0xc9, 0xf7, 0xfc, 0xce, 0x57, 0x9f, 0x7c, 0xcf, 0x1f, 0x7e,
+	0xf5, 0xc9, 0xf7, 0x7c, 0xfc, 0xce, 0x93, 0xd6, 0x6f, 0xde, 0x79, 0xd2, 0xfa, 0x9d, 0x3b, 0x4f,
+	0x5a, 0x7f, 0x78, 0xe7, 0x49, 0xeb, 0x2b, 0x77, 0x9e, 0xb4, 0xde, 0xfe, 0x2f, 0x4f, 0xbe, 0xe7,
+	0xd5, 0xdc, 0xbc, 0x08, 0xfa, 0xe3, 0x59, 0xb7, 0x31, 0xb3, 0xf3, 0x3c, 0x0b, 0xcd, 0xa7, 0xeb,
+	0x79, 0xc6, 0x98, 0xc4, 0x33, 0x72, 0x3d, 0xff, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x46, 0x6f,
+	0xd4, 0x86, 0x81, 0x00, 0x01, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
@@ -13434,21 +13433,6 @@ func (m *ResourceActionParam) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
-	i -= len(m.Default)
-	copy(dAtA[i:], m.Default)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Default)))
-	i--
-	dAtA[i] = 0x22
-	i -= len(m.Type)
-	copy(dAtA[i:], m.Type)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Type)))
-	i--
-	dAtA[i] = 0x1a
-	i -= len(m.Value)
-	copy(dAtA[i:], m.Value)
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Value)))
-	i--
-	dAtA[i] = 0x12
 	i -= len(m.Name)
 	copy(dAtA[i:], m.Name)
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
@@ -18967,12 +18951,6 @@ func (m *ResourceActionParam) Size() (n int) {
 	_ = l
 	l = len(m.Name)
 	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Value)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Type)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Default)
-	n += 1 + l + sovGenerated(uint64(l))
 	return n
 }
 
@@ -22135,9 +22113,6 @@ func (this *ResourceActionParam) String() string {
 	}
 	s := strings.Join([]string{`&ResourceActionParam{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Value:` + fmt.Sprintf("%v", this.Value) + `,`,
-		`Type:` + fmt.Sprintf("%v", this.Type) + `,`,
-		`Default:` + fmt.Sprintf("%v", this.Default) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -48186,102 +48161,6 @@ func (m *ResourceActionParam) Unmarshal(dAtA []byte) error {
 			}
 			m.Name = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Value", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Value = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Type", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Type = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Default", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= uint64(b&0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Default = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index 0109eea4cfeea..be11b3ac327b5 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -1981,15 +1981,6 @@ message ResourceActionDefinition {
 message ResourceActionParam {
   // Name is the name of the parameter.
   optional string name = 1;
-
-  // Value is the value of the parameter.
-  optional string value = 2;
-
-  // Type is the type of the parameter (e.g., string, integer).
-  optional string type = 3;
-
-  // Default is the default value of the parameter, if any.
-  optional string default = 4;
 }
 
 // ResourceActions holds the set of actions that can be applied to a resource.
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index ad4401e18d97c..c9ed8e8f9eb7f 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -2530,12 +2530,6 @@ type ResourceAction struct {
 type ResourceActionParam struct {
 	// Name is the name of the parameter.
 	Name string `json:"name,omitempty" protobuf:"bytes,1,opt,name=name"`
-	// Value is the value of the parameter.
-	Value string `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"`
-	// Type is the type of the parameter (e.g., string, integer).
-	Type string `json:"type,omitempty" protobuf:"bytes,3,opt,name=type"`
-	// Default is the default value of the parameter, if any.
-	Default string `json:"default,omitempty" protobuf:"bytes,4,opt,name=default"`
 }
 
 // TODO: refactor to use rbac.ActionGet, rbac.ActionCreate, without import cycle
diff --git a/resource_customizations/apps/Deployment/actions/discovery.lua b/resource_customizations/apps/Deployment/actions/discovery.lua
index f939d920f842b..4ea4a3c61aba4 100644
--- a/resource_customizations/apps/Deployment/actions/discovery.lua
+++ b/resource_customizations/apps/Deployment/actions/discovery.lua
@@ -11,8 +11,7 @@ actions["resume"] = {["disabled"] = not(paused)}
 actions["scale"] = {
     ["params"] = {
         {
-            ["name"] = "replicas",
-            ["default"] = tostring(obj.spec.replicas)
+            ["name"] = "replicas"
         }
     },
 }
diff --git a/resource_customizations/apps/StatefulSet/actions/discovery.lua b/resource_customizations/apps/StatefulSet/actions/discovery.lua
index 83a37a874e4b4..4c43b2eb935db 100644
--- a/resource_customizations/apps/StatefulSet/actions/discovery.lua
+++ b/resource_customizations/apps/StatefulSet/actions/discovery.lua
@@ -4,8 +4,7 @@ actions["restart"] = {}
 actions["scale"] = {
   ["params"] = {
         {
-            ["name"] = "replicas",
-            ["default"] = tostring(obj.spec.replicas)
+            ["name"] = "replicas"
         }
   },
 }
diff --git a/util/lua/lua_test.go b/util/lua/lua_test.go
index 9274d279d83fa..7e0a49fc05c3c 100644
--- a/util/lua/lua_test.go
+++ b/util/lua/lua_test.go
@@ -395,7 +395,6 @@ func TestExecuteResourceActionDiscovery(t *testing.T) {
 			Name: "scale",
 			Params: []appv1.ResourceActionParam{{
 				Name: "replicas",
-				Type: "number",
 			}},
 		},
 	}
@@ -417,7 +416,6 @@ func TestExecuteResourceActionDiscoveryWithDuplicationActions(t *testing.T) {
 			Name: "scale",
 			Params: []appv1.ResourceActionParam{{
 				Name: "replicas",
-				Type: "number",
 			}},
 		},
 		{

From ccbadabdb6712fbc0f51a54e961630f557c15a6c Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Fri, 1 Aug 2025 11:35:49 -0400
Subject: [PATCH 225/383] chore: local docker build on MAC with amd64 target
 (#23993)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 453b01acdba53..86f6b7319e435 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS builder
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS builder
 
 WORKDIR /tmp
 
@@ -34,7 +34,7 @@ RUN ./install.sh helm && \
 ####################################################################################################
 # Argo CD Base - used as the base for both the release and dev argocd images
 ####################################################################################################
-FROM $BASE_IMAGE AS argocd-base
+FROM --platform=$BUILDPLATFORM $BASE_IMAGE AS argocd-base
 
 LABEL org.opencontainers.image.source="https://github.com/argoproj/argo-cd"
 

From 63e20fd7848eb3a8d82d15b6d9c8b797167a4a51 Mon Sep 17 00:00:00 2001
From: Matthieu MOREL <matthieu.morel35@gmail.com>
Date: Sun, 3 Aug 2025 14:47:33 +0200
Subject: [PATCH 226/383] chore: enable exposedSyncMutex rule from go-critic
 (#24026)

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .golangci.yaml                               |  1 -
 controller/sharding/consistent/consistent.go | 35 ++++++++++----------
 2 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 62b8e31e12bea..72bfe0f257f80 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -58,7 +58,6 @@ linters:
         - commentedOutCode
         - deferInLoop
         - exitAfterDefer
-        - exposedSyncMutex
         - hugeParam
         - importShadow
         - paramTypeCombine # Leave disabled, there are too many failures to be worth fixing.
diff --git a/controller/sharding/consistent/consistent.go b/controller/sharding/consistent/consistent.go
index ffcdfb09f85a9..3de3337846257 100644
--- a/controller/sharding/consistent/consistent.go
+++ b/controller/sharding/consistent/consistent.go
@@ -37,8 +37,7 @@ type Consistent struct {
 	loadMap           map[string]*Host
 	totalLoad         int64
 	replicationFactor int
-
-	sync.RWMutex
+	lock              sync.RWMutex
 }
 
 type item struct {
@@ -68,8 +67,8 @@ func NewWithReplicationFactor(replicationFactor int) *Consistent {
 }
 
 func (c *Consistent) Add(server string) {
-	c.Lock()
-	defer c.Unlock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
 	if _, ok := c.loadMap[server]; ok {
 		return
@@ -87,8 +86,8 @@ func (c *Consistent) Add(server string) {
 // As described in https://en.wikipedia.org/wiki/Consistent_hashing
 // It returns ErrNoHosts if the ring has no servers in it.
 func (c *Consistent) Get(client string) (string, error) {
-	c.RLock()
-	defer c.RUnlock()
+	c.lock.RLock()
+	defer c.lock.RUnlock()
 
 	if c.clients.Len() == 0 {
 		return "", ErrNoHosts
@@ -116,8 +115,8 @@ func (c *Consistent) Get(client string) (string, error) {
 // https://research.googleblog.com/2017/04/consistent-hashing-with-bounded-loads.html
 // It returns ErrNoHosts if the ring has no hosts in it.
 func (c *Consistent) GetLeast(client string) (string, error) {
-	c.RLock()
-	defer c.RUnlock()
+	c.lock.RLock()
+	defer c.lock.RUnlock()
 
 	if c.clients.Len() == 0 {
 		return "", ErrNoHosts
@@ -151,8 +150,8 @@ func (c *Consistent) GetLeast(client string) (string, error) {
 
 // Sets the load of `server` to the given `load`
 func (c *Consistent) UpdateLoad(server string, load int64) {
-	c.Lock()
-	defer c.Unlock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
 	if _, ok := c.loadMap[server]; !ok {
 		return
@@ -166,8 +165,8 @@ func (c *Consistent) UpdateLoad(server string, load int64) {
 //
 // should only be used with if you obtained a host with GetLeast
 func (c *Consistent) Inc(server string) {
-	c.Lock()
-	defer c.Unlock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
 	if _, ok := c.loadMap[server]; !ok {
 		return
@@ -180,8 +179,8 @@ func (c *Consistent) Inc(server string) {
 //
 // should only be used with if you obtained a host with GetLeast
 func (c *Consistent) Done(server string) {
-	c.Lock()
-	defer c.Unlock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
 	if _, ok := c.loadMap[server]; !ok {
 		return
@@ -192,8 +191,8 @@ func (c *Consistent) Done(server string) {
 
 // Deletes host from the ring
 func (c *Consistent) Remove(server string) bool {
-	c.Lock()
-	defer c.Unlock()
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
 	for i := 0; i < c.replicationFactor; i++ {
 		h := c.hash(fmt.Sprintf("%s%d", server, i))
@@ -206,8 +205,8 @@ func (c *Consistent) Remove(server string) bool {
 
 // Return the list of servers in the ring
 func (c *Consistent) Servers() (servers []string) {
-	c.RLock()
-	defer c.RUnlock()
+	c.lock.RLock()
+	defer c.lock.RUnlock()
 	for k := range c.loadMap {
 		servers = append(servers, k)
 	}

From 6b03c4227b6c7a5f9c51377075119a1905fb01a0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 3 Aug 2025 22:43:12 -0400
Subject: [PATCH 227/383] chore(deps): update dependency pymdown-extensions to
 v10.16.1 (#23974)

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index 3dc6ba50e31fd..05461aa314a5c 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -6,4 +6,4 @@ markdown_include==0.8.1
 pygments==2.19.2
 jinja2==3.1.6
 markdown==3.8.2
-pymdown-extensions==10.16
\ No newline at end of file
+pymdown-extensions==10.16.1
\ No newline at end of file

From 7d8e1a5acd56d4034d8ef5eb057acef81794b264 Mon Sep 17 00:00:00 2001
From: Suraj yadav <harrypotter1108@gmail.com>
Date: Mon, 4 Aug 2025 08:52:57 +0530
Subject: [PATCH 228/383] fix(UI): Add missing icon colors to auto-sync
 (#23962)

Signed-off-by: Surajyadav <harrypotter1108@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../components/applications-list/applications-filter.tsx     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ui/src/app/applications/components/applications-list/applications-filter.tsx b/ui/src/app/applications/components/applications-list/applications-filter.tsx
index c926211565521..c35aba2d9a0b1 100644
--- a/ui/src/app/applications/components/applications-list/applications-filter.tsx
+++ b/ui/src/app/applications/components/applications-list/applications-filter.tsx
@@ -8,6 +8,7 @@ import {Filter, FiltersGroup} from '../filter/filter';
 import * as LabelSelector from '../label-selector';
 import {ComparisonStatusIcon, getAppDefaultSource, HealthStatusIcon} from '../utils';
 import {formatClusterQueryParam} from '../../../shared/utils';
+import {COLORS} from '../../../shared/components/colors';
 
 export interface FilterResult {
     repos: boolean;
@@ -253,12 +254,12 @@ function getAutoSyncOptions(apps: FilteredApp[]) {
     return [
         {
             label: 'Enabled',
-            icon: <i className='fa fa-circle-play' />,
+            icon: <i className='fa fa-circle-play' style={{color: COLORS.sync.synced}} />,
             count: counts.get('Enabled')
         },
         {
             label: 'Disabled',
-            icon: <i className='fa fa-ban' />,
+            icon: <i className='fa fa-ban' style={{color: COLORS.sync.out_of_sync}} />,
             count: counts.get('Disabled')
         }
     ];

From d0a4c85b4f708ef8675fe56e009d5bf4a8bbfde5 Mon Sep 17 00:00:00 2001
From: dudinea <eugene.doudine@octopus.com>
Date: Mon, 4 Aug 2025 17:02:41 +0300
Subject: [PATCH 229/383] fix: remove mounting of host /tmp when running 
 argocd-test-(client|server) images (#24025) (#24028) (#24024)

Signed-off-by: Eugene Doudine <eugene.doudine@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Makefile                                | 2 --
 docs/developer-guide/toolchain-guide.md | 1 -
 2 files changed, 3 deletions(-)

diff --git a/Makefile b/Makefile
index 4c56781668146..3056e8e25c0d3 100644
--- a/Makefile
+++ b/Makefile
@@ -113,7 +113,6 @@ define run-in-test-server
 		-v ${GOPATH}/pkg/mod:/go/pkg/mod${VOLUME_MOUNT} \
 		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
 		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
-		-v /tmp:/tmp${VOLUME_MOUNT} \
 		-w ${DOCKER_WORKDIR} \
 		-p ${ARGOCD_E2E_APISERVER_PORT}:8080 \
 		-p 4000:4000 \
@@ -138,7 +137,6 @@ define run-in-test-client
 		-v ${GOPATH}/pkg/mod:/go/pkg/mod${VOLUME_MOUNT} \
 		-v ${GOCACHE}:/tmp/go-build-cache${VOLUME_MOUNT} \
 		-v ${HOME}/.kube:/home/user/.kube${VOLUME_MOUNT} \
-		-v /tmp:/tmp${VOLUME_MOUNT} \
 		-w ${DOCKER_WORKDIR} \
 		$(PODMAN_ARGS) \
 		$(TEST_TOOLS_PREFIX)$(TEST_TOOLS_IMAGE):$(TEST_TOOLS_TAG) \
diff --git a/docs/developer-guide/toolchain-guide.md b/docs/developer-guide/toolchain-guide.md
index 002830bc51fd2..1e5fb559cb4af 100644
--- a/docs/developer-guide/toolchain-guide.md
+++ b/docs/developer-guide/toolchain-guide.md
@@ -23,7 +23,6 @@ The Docker container for the virtualized toolchain will use the following local
 * `~/go/src` - Your Go workspace's source directory (modifications expected)
 * `~/.cache/go-build` - Your Go build cache (modifications expected)
 * `~/.kube` - Your Kubernetes client configuration (no modifications)
-* `/tmp` - Your system's temp directory (modifications expected)
 
 #### Known issues on macOS
 [Known issues](mac-users.md)

From 022d32d53813f47b9ed49d9553d41b3ef6e0e79a Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Mon, 4 Aug 2025 19:51:47 +0530
Subject: [PATCH 230/383] fix: remove tracking annotation from git manifest
 when performing hydration (#23857)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/hydrator_dependencies.go           |   9 ++
 controller/hydrator_dependencies_test.go      |  79 ++++++++++++
 docs/user-guide/source-hydrator.md            |   7 ++
 .../v1alpha1/application_annotations.go       |   1 -
 util/argo/resource_tracking.go                |  41 +++++++
 util/argo/resource_tracking_test.go           | 114 ++++++++++++++++++
 6 files changed, 250 insertions(+), 1 deletion(-)
 create mode 100644 controller/hydrator_dependencies_test.go

diff --git a/controller/hydrator_dependencies.go b/controller/hydrator_dependencies.go
index dfd0d21bcf613..7ae95d627494d 100644
--- a/controller/hydrator_dependencies.go
+++ b/controller/hydrator_dependencies.go
@@ -54,6 +54,15 @@ func (ctrl *ApplicationController) GetRepoObjs(origApp *appv1.Application, drySo
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to get repo objects: %w", err)
 	}
+	trackingMethod, err := ctrl.settingsMgr.GetTrackingMethod()
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to get tracking method: %w", err)
+	}
+	for _, obj := range objs {
+		if err := argoutil.NewResourceTracking().RemoveAppInstance(obj, trackingMethod); err != nil {
+			return nil, nil, fmt.Errorf("failed to remove the app instance value: %w", err)
+		}
+	}
 
 	if len(resp) != 1 {
 		return nil, nil, fmt.Errorf("expected one manifest response, got %d", len(resp))
diff --git a/controller/hydrator_dependencies_test.go b/controller/hydrator_dependencies_test.go
new file mode 100644
index 0000000000000..39d1872d435d2
--- /dev/null
+++ b/controller/hydrator_dependencies_test.go
@@ -0,0 +1,79 @@
+package controller
+
+import (
+	"encoding/json"
+	"errors"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/argoproj/argo-cd/v3/common"
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
+	"github.com/argoproj/argo-cd/v3/test"
+)
+
+func TestGetRepoObjs(t *testing.T) {
+	cm := test.NewConfigMap()
+	cm.SetAnnotations(map[string]string{
+		"custom-annotation":             "custom-value",
+		common.AnnotationInstallationID: "id",     // tracking annotation should be removed
+		common.AnnotationKeyAppInstance: "my-app", // tracking annotation should be removed
+	})
+	cmBytes, _ := json.Marshal(cm)
+
+	app := newFakeApp()
+	// Enable the manifest-generate-paths annotation and set a synced revision
+	app.SetAnnotations(map[string]string{v1alpha1.AnnotationKeyManifestGeneratePaths: "."})
+	app.Status.Sync = v1alpha1.SyncStatus{
+		Revision: "abc123",
+		Status:   v1alpha1.SyncStatusCodeSynced,
+	}
+
+	data := fakeData{
+		manifestResponse: &apiclient.ManifestResponse{
+			Manifests: []string{string(cmBytes)},
+			Namespace: test.FakeDestNamespace,
+			Server:    test.FakeClusterURL,
+			Revision:  "abc123",
+		},
+	}
+
+	ctrl := newFakeControllerWithResync(&data, time.Minute, nil, errors.New("this should not be called"))
+	source := app.Spec.GetSource()
+	source.RepoURL = "oci://example.com/argo/argo-cd"
+
+	objs, resp, err := ctrl.GetRepoObjs(app, source, "abc123", &v1alpha1.AppProject{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "default",
+			Namespace: test.FakeArgoCDNamespace,
+		},
+		Spec: v1alpha1.AppProjectSpec{
+			SourceRepos: []string{"*"},
+			Destinations: []v1alpha1.ApplicationDestination{
+				{
+					Server:    "*",
+					Namespace: "*",
+				},
+			},
+		},
+	})
+	require.NoError(t, err)
+	assert.NotNil(t, resp)
+	assert.Equal(t, "abc123", resp.Revision)
+	assert.Len(t, objs, 1)
+
+	annotations := objs[0].GetAnnotations()
+
+	// only the tracking annotations set by Argo CD should be removed
+	// and not the custom annotations set by user
+	require.NotNil(t, annotations)
+	assert.Equal(t, "custom-value", annotations["custom-annotation"])
+	assert.NotContains(t, annotations, common.AnnotationInstallationID)
+	assert.NotContains(t, annotations, common.AnnotationKeyAppInstance)
+
+	assert.Equal(t, "ConfigMap", objs[0].GetKind())
+}
diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md
index fa79bdbaa103e..e2dab29d98661 100644
--- a/docs/user-guide/source-hydrator.md
+++ b/docs/user-guide/source-hydrator.md
@@ -323,3 +323,10 @@ from pushing to the hydrated branches, enable branch protection in your SCM.
 
 It is best practice to prefix the hydrated branches with a common prefix, such as `environments/`. This makes it easier
 to configure branch protection rules on the destination repository.
+
+!!! note
+    To maintain reproducibility and determinism in the Hydrator’s output,
+    Argo CD-specific metadata (such as `argocd.argoproj.io/tracking-id`) is
+    not written to Git during hydration. These annotations are added dynamically
+    during application sync and comparison.
+!!!
diff --git a/pkg/apis/application/v1alpha1/application_annotations.go b/pkg/apis/application/v1alpha1/application_annotations.go
index 6395b5dbee494..27080082b135e 100644
--- a/pkg/apis/application/v1alpha1/application_annotations.go
+++ b/pkg/apis/application/v1alpha1/application_annotations.go
@@ -6,7 +6,6 @@ const (
 	AnnotationKeyRefresh string = "argocd.argoproj.io/refresh"
 	// AnnotationKeyHydrate is the annotation key which indicates that app needs to be hydrated. Removed by application controller after app is hydrated.
 	AnnotationKeyHydrate string = "argocd.argoproj.io/hydrate"
-
 	// AnnotationKeyManifestGeneratePaths is an annotation that contains a list of semicolon-separated paths in the
 	// manifests repository that affects the manifest generation. Paths might be either relative or absolute. The
 	// absolute path means an absolute path within the repository and the relative path is relative to the application
diff --git a/util/argo/resource_tracking.go b/util/argo/resource_tracking.go
index ac1535d52def8..1d81918780b2e 100644
--- a/util/argo/resource_tracking.go
+++ b/util/argo/resource_tracking.go
@@ -28,6 +28,7 @@ type ResourceTracking interface {
 	BuildAppInstanceValue(value AppInstanceValue) string
 	ParseAppInstanceValue(value string) (*AppInstanceValue, error)
 	Normalize(config, live *unstructured.Unstructured, labelKey, trackingMethod string) error
+	RemoveAppInstance(un *unstructured.Unstructured, trackingMethod string) error
 }
 
 // AppInstanceValue store information about resource tracking info
@@ -170,6 +171,46 @@ func (rt *resourceTracking) SetAppInstance(un *unstructured.Unstructured, key, v
 	}
 }
 
+func (rt *resourceTracking) RemoveAppInstance(un *unstructured.Unstructured, trackingMethod string) error {
+	switch v1alpha1.TrackingMethod(trackingMethod) {
+	case v1alpha1.TrackingMethodLabel:
+		if err := kube.RemoveLabel(un, common.LabelKeyAppInstance); err != nil {
+			return err
+		}
+		return nil
+	case v1alpha1.TrackingMethodAnnotation:
+		if err := kube.RemoveAnnotation(un, common.AnnotationKeyAppInstance); err != nil {
+			return err
+		}
+		if err := kube.RemoveAnnotation(un, common.AnnotationInstallationID); err != nil {
+			return err
+		}
+		return nil
+	case v1alpha1.TrackingMethodAnnotationAndLabel:
+		if err := kube.RemoveAnnotation(un, common.AnnotationKeyAppInstance); err != nil {
+			return err
+		}
+		if err := kube.RemoveAnnotation(un, common.AnnotationInstallationID); err != nil {
+			return err
+		}
+		if err := kube.RemoveLabel(un, common.LabelKeyAppInstance); err != nil {
+			return err
+		}
+		return nil
+	default:
+		// By default, only app instance annotations are set and not labels
+		// hence the default case should be only to remove annotations and not labels
+		if err := kube.RemoveAnnotation(un, common.AnnotationKeyAppInstance); err != nil {
+			return err
+		}
+		if err := kube.RemoveAnnotation(un, common.AnnotationInstallationID); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // BuildAppInstanceValue build resource tracking id in format <application-name>;<group>/<kind>/<namespace>/<name>
 func (rt *resourceTracking) BuildAppInstanceValue(value AppInstanceValue) string {
 	return fmt.Sprintf("%s:%s/%s:%s/%s", value.ApplicationName, value.Group, value.Kind, value.Namespace, value.Name)
diff --git a/util/argo/resource_tracking_test.go b/util/argo/resource_tracking_test.go
index 582d610e2b3bb..3d0ad61daf647 100644
--- a/util/argo/resource_tracking_test.go
+++ b/util/argo/resource_tracking_test.go
@@ -118,6 +118,120 @@ func TestSetAppInstanceAnnotationAndLabelOutOfBounds(t *testing.T) {
 	assert.EqualError(t, err, "failed to set app instance label: unable to truncate label to not end with a special character")
 }
 
+func TestRemoveAppInstance_LabelOnly(t *testing.T) {
+	yamlBytes, err := os.ReadFile("testdata/svc.yaml")
+	require.NoError(t, err)
+	var obj unstructured.Unstructured
+	err = yaml.Unmarshal(yamlBytes, &obj)
+	require.NoError(t, err)
+
+	rt := NewResourceTracking()
+
+	err = rt.SetAppInstance(&obj, common.LabelKeyAppInstance, "my-app", "", v1alpha1.TrackingMethodLabel, "")
+	require.NoError(t, err)
+
+	err = rt.RemoveAppInstance(&obj, string(v1alpha1.TrackingMethodLabel))
+	require.NoError(t, err)
+
+	_, exists := obj.GetLabels()[common.LabelKeyAppInstance]
+	assert.False(t, exists)
+}
+
+func TestRemoveAppInstance_AnnotationOnly(t *testing.T) {
+	yamlBytes, err := os.ReadFile("testdata/svc.yaml")
+	require.NoError(t, err)
+
+	var obj unstructured.Unstructured
+	err = yaml.Unmarshal(yamlBytes, &obj)
+	require.NoError(t, err)
+
+	rt := NewResourceTracking()
+
+	err = rt.SetAppInstance(&obj, common.AnnotationKeyAppInstance, "my-app", "", v1alpha1.TrackingMethodAnnotation, "")
+	require.NoError(t, err)
+
+	err = rt.RemoveAppInstance(&obj, string(v1alpha1.TrackingMethodAnnotation))
+	require.NoError(t, err)
+
+	annotations := obj.GetAnnotations()
+	assert.NotContains(t, annotations, common.AnnotationKeyAppInstance)
+	assert.NotContains(t, annotations, common.AnnotationInstallationID)
+	assert.NotContains(t, annotations, v1alpha1.TrackingMethodAnnotation)
+}
+
+func TestRemoveAppInstance_AnnotationAndLabel(t *testing.T) {
+	yamlBytes, err := os.ReadFile("testdata/svc.yaml")
+	require.NoError(t, err)
+
+	var obj unstructured.Unstructured
+	err = yaml.Unmarshal(yamlBytes, &obj)
+	require.NoError(t, err)
+
+	rt := NewResourceTracking()
+
+	err = rt.SetAppInstance(&obj, common.LabelKeyAppInstance, "my-app", "", v1alpha1.TrackingMethodAnnotationAndLabel, "")
+	require.NoError(t, err)
+
+	err = rt.RemoveAppInstance(&obj, string(v1alpha1.TrackingMethodAnnotationAndLabel))
+	require.NoError(t, err)
+
+	assert.NotContains(t, obj.GetAnnotations(), common.AnnotationKeyAppInstance)
+	assert.NotContains(t, obj.GetAnnotations(), common.AnnotationInstallationID)
+	assert.NotContains(t, obj.GetLabels(), common.LabelKeyAppInstance)
+}
+
+func TestRemoveAppInstance_DefaultCase(t *testing.T) {
+	yamlBytes, err := os.ReadFile("testdata/svc.yaml")
+	require.NoError(t, err)
+
+	var obj unstructured.Unstructured
+	err = yaml.Unmarshal(yamlBytes, &obj)
+	require.NoError(t, err)
+
+	// Add a label manually to verify if this custom label exists at the end
+	obj.SetLabels(map[string]string{
+		"my-custom-label": "keep-me",
+	})
+
+	rt := NewResourceTracking()
+
+	err = rt.SetAppInstance(&obj, common.AnnotationKeyAppInstance, "my-app", "", "", "")
+	require.NoError(t, err)
+
+	err = rt.RemoveAppInstance(&obj, "unknown-method")
+	require.NoError(t, err)
+
+	assert.NotContains(t, obj.GetAnnotations(), common.AnnotationKeyAppInstance)
+	assert.NotContains(t, obj.GetAnnotations(), common.AnnotationInstallationID)
+
+	// Argo CD app-instance label was never added, so it shouldn't exist
+	_, argocdLabelExists := obj.GetLabels()[common.LabelKeyAppInstance]
+	assert.False(t, argocdLabelExists)
+	// Custom label should still exist
+	assert.Equal(t, "keep-me", obj.GetLabels()["my-custom-label"])
+}
+
+func TestRemoveAppInstance_AnnotationAndLabel_LongName(t *testing.T) {
+	yamlBytes, err := os.ReadFile("testdata/svc.yaml")
+	require.NoError(t, err)
+
+	var obj unstructured.Unstructured
+	err = yaml.Unmarshal(yamlBytes, &obj)
+	require.NoError(t, err)
+
+	rt := NewResourceTracking()
+
+	longName := "my-app-with-an-extremely-long-name-that-is-over-sixty-three-characters"
+	err = rt.SetAppInstance(&obj, common.LabelKeyAppInstance, longName, "", v1alpha1.TrackingMethodAnnotationAndLabel, "")
+	require.NoError(t, err)
+
+	err = rt.RemoveAppInstance(&obj, string(v1alpha1.TrackingMethodAnnotationAndLabel))
+	require.NoError(t, err)
+
+	assert.NotContains(t, obj.GetAnnotations(), common.AnnotationKeyAppInstance)
+	assert.NotContains(t, obj.GetLabels(), common.LabelKeyAppInstance)
+}
+
 func TestSetAppInstanceAnnotationNotFound(t *testing.T) {
 	yamlBytes, err := os.ReadFile("testdata/svc.yaml")
 	require.NoError(t, err)

From 8d84479a3c9b6e94455a5e462624331702566cd3 Mon Sep 17 00:00:00 2001
From: Gusty Sapto Ady Prakoso <gustysaptoadyprakoso@gmail.com>
Date: Tue, 5 Aug 2025 00:35:42 +0700
Subject: [PATCH 231/383] docs: add batumbu to USERS.md (#24035)

Signed-off-by: Gusty Sapto Ady Prakoso <gustysaptoadyprakoso@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 70060f09b1049..785beb10fe449 100644
--- a/USERS.md
+++ b/USERS.md
@@ -41,6 +41,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Back Market](https://www.backmarket.com)
 1. [Bajaj Finserv Health Ltd.](https://www.bajajfinservhealth.in)
 1. [Baloise](https://www.baloise.com)
+1. [Batumbu](https://batumbu.id)
 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform)
 1. [Beat](https://thebeat.co/en/)
 1. [Beez Innovation Labs](https://www.beezlabs.com/)

From f94dfdbea6a4d56bf1f0a1bc0ea5684a31f1f1bc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Aug 2025 10:48:25 +0300
Subject: [PATCH 232/383] chore(deps): bump github.com/go-jose/go-jose/v4 from
 4.1.1 to 4.1.2 (#24032)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9769f3d20bcc0..d107a1230663d 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68
 	github.com/go-git/go-git/v5 v5.16.2
-	github.com/go-jose/go-jose/v4 v4.1.1
+	github.com/go-jose/go-jose/v4 v4.1.2
 	github.com/go-logr/logr v1.4.3
 	github.com/go-openapi/loads v0.22.0
 	github.com/go-openapi/runtime v0.28.0
diff --git a/go.sum b/go.sum
index 85e1250975a09..ef1117afe99e1 100644
--- a/go.sum
+++ b/go.sum
@@ -306,8 +306,8 @@ github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lo
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI=
-github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA=
+github.com/go-jose/go-jose/v4 v4.1.2 h1:TK/7NqRQZfgAh+Td8AlsrvtPoUyiHh0LqVvokh+1vHI=
+github.com/go-jose/go-jose/v4 v4.1.2/go.mod h1:22cg9HWM1pOlnRiY+9cQYJ9XHmya1bYW8OeDM6Ku6Oo=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

From 93a5dc40ef78dd0fb6d1902be7b2505b83ada1aa Mon Sep 17 00:00:00 2001
From: Papapetrou Patroklos <1743100+ppapapetrou76@users.noreply.github.com>
Date: Tue, 5 Aug 2025 12:27:18 +0300
Subject: [PATCH 233/383] fix: improves message for diff-exit-code
 configuration option (#24039)

Signed-off-by: Patroklos Papapetrou <ppapapetrou76@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/app.go                  | 2 +-
 docs/user-guide/commands/argocd_app_diff.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go
index cb1bdc54caed1..dbd17dd372641 100644
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -1407,7 +1407,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().BoolVar(&refresh, "refresh", false, "Refresh application data when retrieving")
 	command.Flags().BoolVar(&hardRefresh, "hard-refresh", false, "Refresh application data as well as target manifests cache")
 	command.Flags().BoolVar(&exitCode, "exit-code", true, "Return non-zero exit code when there is a diff. May also return non-zero exit code if there is an error.")
-	command.Flags().IntVar(&diffExitCode, "diff-exit-code", 1, "Return specified exit code when there is a diff. Typical error code is 20.")
+	command.Flags().IntVar(&diffExitCode, "diff-exit-code", 1, "Return specified exit code when there is a diff. Typical error code is 20 but use another exit code if you want to differentiate from the generic exit code (20) returned by all CLI commands.")
 	command.Flags().StringVar(&local, "local", "", "Compare live app to a local manifests")
 	command.Flags().StringVar(&revision, "revision", "", "Compare live app to a particular revision")
 	command.Flags().StringVar(&localRepoRoot, "local-repo-root", "/", "Path to the repository root. Used together with --local allows setting the repository root")
diff --git a/docs/user-guide/commands/argocd_app_diff.md b/docs/user-guide/commands/argocd_app_diff.md
index cbbf77203cb31..bc24299db0ffb 100644
--- a/docs/user-guide/commands/argocd_app_diff.md
+++ b/docs/user-guide/commands/argocd_app_diff.md
@@ -19,7 +19,7 @@ argocd app diff APPNAME [flags]
 
 ```
   -N, --app-namespace string                              Only render the difference in namespace
-      --diff-exit-code int                                Return specified exit code when there is a diff. Typical error code is 20. (default 1)
+      --diff-exit-code int                                Return specified exit code when there is a diff. Typical error code is 20 but use another exit code if you want to differentiate from the generic exit code (20) returned by all CLI commands. (default 1)
       --exit-code                                         Return non-zero exit code when there is a diff. May also return non-zero exit code if there is an error. (default true)
       --hard-refresh                                      Refresh application data as well as target manifests cache
   -h, --help                                              help for diff

From 53b7c921a76ccf3b4fbff7f5538f3bef26f1d515 Mon Sep 17 00:00:00 2001
From: Josh Baird <jbaird@galileo.io>
Date: Tue, 5 Aug 2025 16:25:41 -0400
Subject: [PATCH 234/383] chore(ci): Use default TARGETPLATFORM for base ArgoCD
 image to fix multi-platform builds (#24048)

Signed-off-by: Josh Baird <jbaird@galileo.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 86f6b7319e435..6c61140235400 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,7 +34,7 @@ RUN ./install.sh helm && \
 ####################################################################################################
 # Argo CD Base - used as the base for both the release and dev argocd images
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM $BASE_IMAGE AS argocd-base
+FROM $BASE_IMAGE AS argocd-base
 
 LABEL org.opencontainers.image.source="https://github.com/argoproj/argo-cd"
 

From e8654632d62a6bb072dee3e393512d9f7a2cc2bb Mon Sep 17 00:00:00 2001
From: Kevin Park <krapi0314@gmail.com>
Date: Thu, 7 Aug 2025 01:48:22 +0900
Subject: [PATCH 235/383] fix(cli): avoid panic in configure command when no
 local config exists (#23085) (#23967)

Signed-off-by: Kevin Park <krapi0314@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/configure.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cmd/argocd/commands/configure.go b/cmd/argocd/commands/configure.go
index d5fa4f2a2d930..d10f9f6398082 100644
--- a/cmd/argocd/commands/configure.go
+++ b/cmd/argocd/commands/configure.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"fmt"
+	"os"
 	"strconv"
 
 	"github.com/spf13/cobra"
@@ -27,6 +28,10 @@ argocd configure --prompts-enabled=false`,
 		Run: func(_ *cobra.Command, _ []string) {
 			localCfg, err := localconfig.ReadLocalConfig(globalClientOpts.ConfigPath)
 			errors.CheckError(err)
+			if localCfg == nil {
+				fmt.Println("No local configuration found")
+				os.Exit(1)
+			}
 
 			localCfg.PromptsEnabled = promptsEnabled
 

From 311d40926f648960a3b3c05337385e84e59bf92f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Quentin=20=C3=85gren?= <quentin.agren@gmail.com>
Date: Wed, 6 Aug 2025 19:10:02 +0200
Subject: [PATCH 236/383] docs: RBAC: Fix typo and rephrase fine-grained action
 syntax (#24033)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Quentin Ågren <quentin.agren@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/rbac.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md
index 8648448f49804..d7b558c6c00c8 100644
--- a/docs/operator-manual/rbac.md
+++ b/docs/operator-manual/rbac.md
@@ -117,7 +117,7 @@ The `applications` resource is an [Application-Specific Policy](#application-spe
 The `update` and `delete` actions, when granted on an application, will allow the user to perform the operation on the application itself,
 but not on its resources.
 
-To do so, when the action if performed on an application's resource, the `<action>` will have the `<action>/<group>/<kind>/<ns>/<name>` format.
+To allow an action on the application's resources, specify the action as `<action>/<group>/<kind>/<ns>/<name>`.
 
 For instance, to grant access to `example-user` to only delete Pods in the `prod-app` Application, the policy could be:
 

From 39f6e32263ed1770e6c4f6b62af361f046f627c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 Aug 2025 21:42:41 -0400
Subject: [PATCH 237/383] chore(deps): bump docker/login-action from 3.4.0 to
 3.5.0 (#24043)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/image-reuse.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index 26a35fc1e09da..ca76c25b2eaed 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -103,7 +103,7 @@ jobs:
             echo 'EOF' >> $GITHUB_ENV
 
       - name: Login to Quay.io
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           registry: quay.io
           username: ${{ secrets.quay_username }}
@@ -111,7 +111,7 @@ jobs:
         if: ${{ inputs.quay_image_name && inputs.push }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           registry: ghcr.io
           username: ${{ secrets.ghcr_username }}
@@ -119,7 +119,7 @@ jobs:
         if: ${{ inputs.ghcr_image_name && inputs.push }}
 
       - name: Login to dockerhub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           username: ${{ secrets.docker_username }}
           password: ${{ secrets.docker_password }}

From 59de460f3acdf852556ec5b5ed2513f2b816491e Mon Sep 17 00:00:00 2001
From: Christopher Coco <chriscoco1205@gmail.com>
Date: Thu, 7 Aug 2025 00:59:10 -0400
Subject: [PATCH 238/383] feat(cli): add 'get-resource' command (#23196)
 (#23609)

Signed-off-by: Christopher Coco <chriscoco1205@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/app.go                    |   1 +
 cmd/argocd/commands/app_resource_test.go      | 561 ++++++++++++++++++
 cmd/argocd/commands/app_resources.go          | 309 +++++++++-
 docs/user-guide/commands/argocd_app.md        |   1 +
 .../commands/argocd_app_get-resource.md       |  83 +++
 5 files changed, 935 insertions(+), 20 deletions(-)
 create mode 100644 docs/user-guide/commands/argocd_app_get-resource.md

diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go
index dbd17dd372641..f96612df728c7 100644
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -95,6 +95,7 @@ func NewApplicationCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman
 	command.AddCommand(NewApplicationTerminateOpCommand(clientOpts))
 	command.AddCommand(NewApplicationEditCommand(clientOpts))
 	command.AddCommand(NewApplicationPatchCommand(clientOpts))
+	command.AddCommand(NewApplicationGetResourceCommand(clientOpts))
 	command.AddCommand(NewApplicationPatchResourceCommand(clientOpts))
 	command.AddCommand(NewApplicationDeleteResourceCommand(clientOpts))
 	command.AddCommand(NewApplicationResourceActionsCommand(clientOpts))
diff --git a/cmd/argocd/commands/app_resource_test.go b/cmd/argocd/commands/app_resource_test.go
index 4de6e0cbf32d4..c840d3ad3a6b2 100644
--- a/cmd/argocd/commands/app_resource_test.go
+++ b/cmd/argocd/commands/app_resource_test.go
@@ -2,11 +2,14 @@ package commands
 
 import (
 	"bytes"
+	"encoding/json"
+	"strings"
 	"testing"
 	"text/tabwriter"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 )
@@ -117,3 +120,561 @@ func TestPrintResourcesTree(t *testing.T) {
 
 	assert.Equal(t, expectation, output)
 }
+
+func TestFilterFieldsFromObject(t *testing.T) {
+	tests := []struct {
+		name             string
+		obj              unstructured.Unstructured
+		filteredFields   []string
+		expectedFields   []string
+		unexpectedFields []string
+	}{
+		{
+			name: "filter nested field",
+			obj: unstructured.Unstructured{
+				Object: map[string]any{
+					"apiVersion": "vX",
+					"kind":       "kind",
+					"metadata": map[string]any{
+						"name": "test",
+					},
+					"spec": map[string]any{
+						"testfield": map[string]any{
+							"nestedtest": "test",
+						},
+						"testfield2": "test",
+					},
+				},
+			},
+			filteredFields:   []string{"spec.testfield.nestedtest"},
+			expectedFields:   []string{"spec.testfield.nestedtest"},
+			unexpectedFields: []string{"spec.testfield2"},
+		},
+		{
+			name: "filter multiple fields",
+			obj: unstructured.Unstructured{
+				Object: map[string]any{
+					"apiVersion": "vX",
+					"kind":       "kind",
+					"metadata": map[string]any{
+						"name": "test",
+					},
+					"spec": map[string]any{
+						"testfield": map[string]any{
+							"nestedtest": "test",
+						},
+						"testfield2": "test",
+						"testfield3": "deleteme",
+					},
+				},
+			},
+			filteredFields:   []string{"spec.testfield.nestedtest", "spec.testfield3"},
+			expectedFields:   []string{"spec.testfield.nestedtest"},
+			unexpectedFields: []string{"spec.testfield2"},
+		},
+		{
+			name: "filter nested list object",
+			obj: unstructured.Unstructured{
+				Object: map[string]any{
+					"apiVersion": "vX",
+					"kind":       "kind",
+					"metadata": map[string]any{
+						"name": "test",
+					},
+					"spec": map[string]any{
+						"testfield": map[string]any{
+							"nestedtest": "test",
+						},
+						"testfield2": "test",
+					},
+				},
+			},
+			filteredFields:   []string{"spec.testfield.nestedtest"},
+			expectedFields:   []string{"spec.testfield.nestedtest"},
+			unexpectedFields: []string{"spec.testfield2"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.obj.SetName("test-object")
+
+			filtered := filterFieldsFromObject(&tt.obj, tt.filteredFields)
+
+			for _, field := range tt.expectedFields {
+				fieldPath := strings.Split(field, ".")
+				_, exists, err := unstructured.NestedFieldCopy(filtered.Object, fieldPath...)
+				require.NoError(t, err)
+				assert.True(t, exists, "Expected field %s to exist", field)
+			}
+
+			for _, field := range tt.unexpectedFields {
+				fieldPath := strings.Split(field, ".")
+				_, exists, err := unstructured.NestedFieldCopy(filtered.Object, fieldPath...)
+				require.NoError(t, err)
+				assert.False(t, exists, "Expected field %s to not exist", field)
+			}
+
+			assert.Equal(t, tt.obj.GetName(), filtered.GetName())
+		})
+	}
+}
+
+func TestExtractNestedItem(t *testing.T) {
+	tests := []struct {
+		name     string
+		obj      map[string]any
+		fields   []string
+		depth    int
+		expected map[string]any
+	}{
+		{
+			name: "extract simple nested item",
+			obj: map[string]any{
+				"listofitems": []any{
+					map[string]any{
+						"extract":     "123",
+						"dontextract": "abc",
+					},
+					map[string]any{
+						"extract":     "456",
+						"dontextract": "def",
+					},
+					map[string]any{
+						"extract":     "789",
+						"dontextract": "ghi",
+					},
+				},
+			},
+			fields: []string{"listofitems", "extract"},
+			depth:  0,
+			expected: map[string]any{
+				"listofitems": []any{
+					map[string]any{
+						"extract": "123",
+					},
+					map[string]any{
+						"extract": "456",
+					},
+					map[string]any{
+						"extract": "789",
+					},
+				},
+			},
+		},
+		{
+			name: "double nested list of objects",
+			obj: map[string]any{
+				"listofitems": []any{
+					map[string]any{
+						"doublenested": []any{
+							map[string]any{
+								"extract": "123",
+							},
+						},
+						"dontextract": "abc",
+					},
+					map[string]any{
+						"doublenested": []any{
+							map[string]any{
+								"extract": "456",
+							},
+						},
+						"dontextract": "def",
+					},
+					map[string]any{
+						"doublenested": []any{
+							map[string]any{
+								"extract": "789",
+							},
+						},
+						"dontextract": "ghi",
+					},
+				},
+			},
+			fields: []string{"listofitems", "doublenested", "extract"},
+			depth:  0,
+			expected: map[string]any{
+				"listofitems": []any{
+					map[string]any{
+						"doublenested": []any{
+							map[string]any{
+								"extract": "123",
+							},
+						},
+					},
+					map[string]any{
+						"doublenested": []any{
+							map[string]any{
+								"extract": "456",
+							},
+						},
+					},
+					map[string]any{
+						"doublenested": []any{
+							map[string]any{
+								"extract": "789",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name:     "depth is greater then list of field size",
+			obj:      map[string]any{"test1": "1234567890"},
+			fields:   []string{"test1"},
+			depth:    4,
+			expected: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			filteredObj := extractNestedItem(tt.obj, tt.fields, tt.depth)
+			assert.Equal(t, tt.expected, filteredObj, "Did not get the correct filtered obj")
+		})
+	}
+}
+
+func TestExtractItemsFromList(t *testing.T) {
+	tests := []struct {
+		name     string
+		list     []any
+		fields   []string
+		expected []any
+	}{
+		{
+			name: "test simple field",
+			list: []any{
+				map[string]any{"extract": "value1", "dontextract": "valueA"},
+				map[string]any{"extract": "value2", "dontextract": "valueB"},
+				map[string]any{"extract": "value3", "dontextract": "valueC"},
+			},
+			fields: []string{"extract"},
+			expected: []any{
+				map[string]any{"extract": "value1"},
+				map[string]any{"extract": "value2"},
+				map[string]any{"extract": "value3"},
+			},
+		},
+		{
+			name: "test simple field with some depth",
+			list: []any{
+				map[string]any{
+					"test1": map[string]any{
+						"test2": map[string]any{
+							"extract":     "123",
+							"dontextract": "abc",
+						},
+					},
+				},
+				map[string]any{
+					"test1": map[string]any{
+						"test2": map[string]any{
+							"extract":     "456",
+							"dontextract": "def",
+						},
+					},
+				},
+				map[string]any{
+					"test1": map[string]any{
+						"test2": map[string]any{
+							"extract":     "789",
+							"dontextract": "ghi",
+						},
+					},
+				},
+			},
+			fields: []string{"test1", "test2", "extract"},
+			expected: []any{
+				map[string]any{
+					"test1": map[string]any{
+						"test2": map[string]any{
+							"extract": "123",
+						},
+					},
+				},
+				map[string]any{
+					"test1": map[string]any{
+						"test2": map[string]any{
+							"extract": "456",
+						},
+					},
+				},
+				map[string]any{
+					"test1": map[string]any{
+						"test2": map[string]any{
+							"extract": "789",
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "test a missing field",
+			list: []any{
+				map[string]any{"test1": "123"},
+				map[string]any{"test1": "456"},
+				map[string]any{"test1": "789"},
+			},
+			fields:   []string{"test2"},
+			expected: nil,
+		},
+		{
+			name: "test getting an object",
+			list: []any{
+				map[string]any{
+					"extract": map[string]any{
+						"keyA": "valueA",
+						"keyB": "valueB",
+						"keyC": "valueC",
+					},
+					"dontextract": map[string]any{
+						"key1": "value1",
+						"key2": "value2",
+						"key3": "value3",
+					},
+				},
+				map[string]any{
+					"extract": map[string]any{
+						"keyD": "valueD",
+						"keyE": "valueE",
+						"keyF": "valueF",
+					},
+					"dontextract": map[string]any{
+						"key4": "value4",
+						"key5": "value5",
+						"key6": "value6",
+					},
+				},
+			},
+			fields: []string{"extract"},
+			expected: []any{
+				map[string]any{
+					"extract": map[string]any{
+						"keyA": "valueA",
+						"keyB": "valueB",
+						"keyC": "valueC",
+					},
+				},
+				map[string]any{
+					"extract": map[string]any{
+						"keyD": "valueD",
+						"keyE": "valueE",
+						"keyF": "valueF",
+					},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			extractedList := extractItemsFromList(tt.list, tt.fields)
+			assert.Equal(t, tt.expected, extractedList, "Lists were not equal")
+		})
+	}
+}
+
+func TestReconstructObject(t *testing.T) {
+	tests := []struct {
+		name      string
+		extracted []any
+		fields    []string
+		depth     int
+		expected  map[string]any
+	}{
+		{
+			name:      "simple single field at depth 0",
+			extracted: []any{"value1", "value2"},
+			fields:    []string{"items"},
+			depth:     0,
+			expected: map[string]any{
+				"items": []any{"value1", "value2"},
+			},
+		},
+		{
+			name:      "object nested at depth 1",
+			extracted: []any{map[string]any{"key": "value"}},
+			fields:    []string{"test1", "test2"},
+			depth:     1,
+			expected: map[string]any{
+				"test1": map[string]any{
+					"test2": []any{map[string]any{"key": "value"}},
+				},
+			},
+		},
+		{
+			name:      "empty list of extracted items",
+			extracted: []any{},
+			fields:    []string{"test1"},
+			depth:     0,
+			expected: map[string]any{
+				"test1": []any{},
+			},
+		},
+		{
+			name: "complex object nesteed at depth 2",
+			extracted: []any{map[string]any{
+				"obj1": map[string]any{
+					"key1": "value1",
+					"key2": "value2",
+				},
+				"obj2": map[string]any{
+					"keyA": "valueA",
+					"keyB": "valueB",
+				},
+			}},
+			fields: []string{"test1", "test2", "test3"},
+			depth:  2,
+			expected: map[string]any{
+				"test1": map[string]any{
+					"test2": map[string]any{
+						"test3": []any{
+							map[string]any{
+								"obj1": map[string]any{
+									"key1": "value1",
+									"key2": "value2",
+								},
+								"obj2": map[string]any{
+									"keyA": "valueA",
+									"keyB": "valueB",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			filteredObj := reconstructObject(tt.extracted, tt.fields, tt.depth)
+			assert.Equal(t, tt.expected, filteredObj, "objects were not equal")
+		})
+	}
+}
+
+func TestPrintManifests(t *testing.T) {
+	obj := unstructured.Unstructured{
+		Object: map[string]any{
+			"apiVersion": "vX",
+			"kind":       "test",
+			"metadata": map[string]any{
+				"name": "unit-test",
+			},
+			"spec": map[string]any{
+				"testfield": "testvalue",
+			},
+		},
+	}
+
+	expectedYAML := `apiVersion: vX
+kind: test
+metadata:
+    name: unit-test
+spec:
+    testfield: testvalue
+`
+
+	output, _ := captureOutput(func() error {
+		printManifests(&[]unstructured.Unstructured{obj}, false, true, "yaml")
+		return nil
+	})
+	assert.Equal(t, expectedYAML+"\n", output, "Incorrect yaml output for printManifests")
+
+	output, _ = captureOutput(func() error {
+		printManifests(&[]unstructured.Unstructured{obj, obj}, false, true, "yaml")
+		return nil
+	})
+	assert.Equal(t, expectedYAML+"\n---\n"+expectedYAML+"\n", output, "Incorrect yaml output with multiple objs.")
+
+	expectedJSON := `{
+ "apiVersion": "vX",
+ "kind": "test",
+ "metadata": {
+  "name": "unit-test"
+ },
+ "spec": {
+  "testfield": "testvalue"
+ }
+}`
+
+	output, _ = captureOutput(func() error {
+		printManifests(&[]unstructured.Unstructured{obj}, false, true, "json")
+		return nil
+	})
+	assert.Equal(t, expectedJSON+"\n", output, "Incorrect json output.")
+
+	output, _ = captureOutput(func() error {
+		printManifests(&[]unstructured.Unstructured{obj, obj}, false, true, "json")
+		return nil
+	})
+	assert.Equal(t, expectedJSON+"\n---\n"+expectedJSON+"\n", output, "Incorrect json output with multiple objs.")
+
+	output, _ = captureOutput(func() error {
+		printManifests(&[]unstructured.Unstructured{obj}, true, true, "wide")
+		return nil
+	})
+	assert.Contains(t, output, "FIELD           RESOURCE NAME  VALUE", "Missing or incorrect header line for table print with showing names.")
+	assert.Contains(t, output, "apiVersion      unit-test      vX", "Missing or incorrect row in table related to apiVersion with showing names.")
+	assert.Contains(t, output, "kind            unit-test      test", "Missing or incorrect line in the table related to kind with showing names.")
+	assert.Contains(t, output, "spec.testfield  unit-test      testvalue", "Missing or incorrect line in the table related to spec.testfield with showing names.")
+	assert.NotContains(t, output, "metadata.name   unit-test      testvalue", "Missing or incorrect line in the table related to metadata.name with showing names.")
+
+	output, _ = captureOutput(func() error {
+		printManifests(&[]unstructured.Unstructured{obj}, true, false, "wide")
+		return nil
+	})
+	assert.Contains(t, output, "FIELD           VALUE", "Missing or incorrect header line for table print with not showing names.")
+	assert.Contains(t, output, "apiVersion      vX", "Missing or incorrect row in table related to apiVersion with not showing names.")
+	assert.Contains(t, output, "kind            test", "Missing or incorrect row in the table related to kind with not showing names.")
+	assert.Contains(t, output, "spec.testfield  testvalue", "Missing or incorrect row in the table related to spec.testefield with not showing names.")
+	assert.NotContains(t, output, "metadata.name   testvalue", "Missing or incorrect row in the tbale related to metadata.name with not showing names.")
+}
+
+func TestPrintManifests_FilterNestedListObject_Wide(t *testing.T) {
+	obj := unstructured.Unstructured{
+		Object: map[string]any{
+			"apiVersion": "vX",
+			"kind":       "kind",
+			"metadata": map[string]any{
+				"name": "unit-test",
+			},
+			"status": map[string]any{
+				"podIPs": []map[string]any{
+					{
+						"IP": "127.0.0.1",
+					},
+					{
+						"IP": "127.0.0.2",
+					},
+				},
+			},
+		},
+	}
+
+	output, _ := captureOutput(func() error {
+		v, err := json.Marshal(&obj)
+		if err != nil {
+			return nil
+		}
+
+		var obj2 *unstructured.Unstructured
+		err = json.Unmarshal([]byte(v), &obj2)
+		if err != nil {
+			return nil
+		}
+		printManifests(&[]unstructured.Unstructured{*obj2}, false, true, "wide")
+		return nil
+	})
+
+	// Verify table header
+	assert.Contains(t, output, "FIELD                RESOURCE NAME  VALUE", "Missing a line in the table")
+	assert.Contains(t, output, "apiVersion           unit-test      vX", "Test for apiVersion field failed for wide output")
+	assert.Contains(t, output, "kind                 unit-test      kind", "Test for kind field failed for wide output")
+	assert.Contains(t, output, "status.podIPs[0].IP  unit-test      127.0.0.1", "Test for podIP array index 0 field failed for wide output")
+	assert.Contains(t, output, "status.podIPs[1].IP  unit-test      127.0.0.2", "Test for podIP array index 1 field failed for wide output")
+}
diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go
index f2a6cd4a32ff3..a72ca474f0398 100644
--- a/cmd/argocd/commands/app_resources.go
+++ b/cmd/argocd/commands/app_resources.go
@@ -1,16 +1,22 @@
 package commands
 
 import (
+	"encoding/json"
 	"fmt"
 	"os"
+	"strconv"
+	"strings"
 	"text/tabwriter"
 
+	"gopkg.in/yaml.v3"
+
 	"github.com/argoproj/argo-cd/v3/cmd/argocd/commands/utils"
 	"github.com/argoproj/argo-cd/v3/cmd/util"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 
@@ -22,15 +28,273 @@ import (
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 )
 
+// NewApplicationGetResourceCommand returns a new instance of the `app get-resource` command
+func NewApplicationGetResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
+	var (
+		resourceName      string
+		kind              string
+		project           string
+		filteredFields    []string
+		showManagedFields bool
+		output            string
+	)
+	command := &cobra.Command{
+		Use:   "get-resource APPNAME",
+		Short: "Get details about the live Kubernetes manifests of a resource in an application. The filter-fields flag can be used to only display fields you want to see.",
+		Example: `
+  # Get a specific resource, Pod my-app-pod, in 'my-app' by name in wide format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod
+
+  # Get a specific resource, Pod my-app-pod, in 'my-app' by name in yaml format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod -o yaml
+
+  # Get a specific resource, Pod my-app-pod, in 'my-app' by name in json format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod -o json
+
+  # Get details about all Pods in the application
+    argocd app get-resource my-app --kind Pod
+
+  # Get a specific resource with managed fields, Pod my-app-pod, in 'my-app' by name in wide format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod --show-managed-fields
+
+  # Get the the details of a specific field in a resource in 'my-app' in the wide format
+    argocd app get-resource my-app --kind Pod --filter-fields status.podIP
+
+  # Get the details of multiple specific fields in a specific resource in 'my-app' in the wide format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod --filter-fields status.podIP,status.hostIP`,
+	}
+
+	command.Run = func(c *cobra.Command, args []string) {
+		ctx := c.Context()
+
+		if len(args) != 1 {
+			c.HelpFunc()(c, args)
+			os.Exit(1)
+		}
+
+		appName, appNs := argo.ParseFromQualifiedName(args[0], "")
+
+		conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie()
+		defer utilio.Close(conn)
+
+		tree, err := appIf.ResourceTree(ctx, &applicationpkg.ResourcesQuery{
+			ApplicationName: &appName,
+			AppNamespace:    &appNs,
+		})
+		errors.CheckError(err)
+
+		// Get manifests of resources
+		// If resource name is "" find all resources of that kind
+		var resources []unstructured.Unstructured
+		var fetchedStr string
+		for _, r := range tree.Nodes {
+			if (resourceName != "" && r.Name != resourceName) || r.Kind != kind {
+				continue
+			}
+			resource, err := appIf.GetResource(ctx, &applicationpkg.ApplicationResourceRequest{
+				Name:         &appName,
+				AppNamespace: &appNs,
+				Group:        &r.Group,
+				Kind:         &r.Kind,
+				Namespace:    &r.Namespace,
+				Project:      &project,
+				ResourceName: &r.Name,
+				Version:      &r.Version,
+			})
+			errors.CheckError(err)
+			manifest := resource.GetManifest()
+
+			var obj *unstructured.Unstructured
+			err = json.Unmarshal([]byte(manifest), &obj)
+			errors.CheckError(err)
+
+			if !showManagedFields {
+				unstructured.RemoveNestedField(obj.Object, "metadata", "managedFields")
+			}
+
+			if len(filteredFields) != 0 {
+				obj = filterFieldsFromObject(obj, filteredFields)
+			}
+
+			fetchedStr += obj.GetName() + ", "
+			resources = append(resources, *obj)
+		}
+		printManifests(&resources, len(filteredFields) > 0, resourceName == "", output)
+
+		if fetchedStr != "" {
+			fetchedStr = strings.TrimSuffix(fetchedStr, ", ")
+		}
+		log.Infof("Resources '%s' fetched", fetchedStr)
+	}
+
+	command.Flags().StringVar(&resourceName, "resource-name", "", "Name of resource, if none is included will output details of all resources with specified kind")
+	command.Flags().StringVar(&kind, "kind", "", "Kind of resource [REQUIRED]")
+	err := command.MarkFlagRequired("kind")
+	errors.CheckError(err)
+	command.Flags().StringVar(&project, "project", "", "Project of resource")
+	command.Flags().StringSliceVar(&filteredFields, "filter-fields", nil, "A comma separated list of fields to display, if not provided will output the entire manifest")
+	command.Flags().BoolVar(&showManagedFields, "show-managed-fields", false, "Show managed fields in the output manifest")
+	command.Flags().StringVarP(&output, "output", "o", "wide", "Format of the output, wide, yaml, or json")
+	return command
+}
+
+// filterFieldsFromObject creates a new unstructured object containing only the specified fields from the source object.
+func filterFieldsFromObject(obj *unstructured.Unstructured, filteredFields []string) *unstructured.Unstructured {
+	var filteredObj unstructured.Unstructured
+	filteredObj.Object = make(map[string]any)
+
+	for _, f := range filteredFields {
+		fields := strings.Split(f, ".")
+
+		value, exists, err := unstructured.NestedFieldCopy(obj.Object, fields...)
+		if exists {
+			errors.CheckError(err)
+			err = unstructured.SetNestedField(filteredObj.Object, value, fields...)
+			errors.CheckError(err)
+		} else {
+			// If doesn't exist assume its a nested inside a list of objects
+			value := extractNestedItem(obj.Object, fields, 0)
+			filteredObj.Object = value
+		}
+	}
+	filteredObj.SetName(obj.GetName())
+	return &filteredObj
+}
+
+// extractNestedItem recursively extracts an item that may be nested inside a list of objects.
+func extractNestedItem(obj map[string]any, fields []string, depth int) map[string]any {
+	if depth >= len(fields) {
+		return nil
+	}
+
+	value, exists, _ := unstructured.NestedFieldCopy(obj, fields[:depth+1]...)
+	list, ok := value.([]any)
+	if !exists || !ok {
+		return extractNestedItem(obj, fields, depth+1)
+	}
+
+	extractedItems := extractItemsFromList(list, fields[depth+1:])
+	if len(extractedItems) == 0 {
+		for _, e := range list {
+			if o, ok := e.(map[string]any); ok {
+				result := extractNestedItem(o, fields[depth+1:], 0)
+				extractedItems = append(extractedItems, result)
+			}
+		}
+	}
+
+	filteredObj := reconstructObject(extractedItems, fields, depth)
+	return filteredObj
+}
+
+// extractItemsFromList processes a list of objects and extracts specific fields from each item.
+func extractItemsFromList(list []any, fields []string) []any {
+	var extratedObjs []any
+	for _, e := range list {
+		extractedObj := make(map[string]any)
+		if o, ok := e.(map[string]any); ok {
+			value, exists, _ := unstructured.NestedFieldCopy(o, fields...)
+			if !exists {
+				continue
+			}
+			err := unstructured.SetNestedField(extractedObj, value, fields...)
+			errors.CheckError(err)
+			extratedObjs = append(extratedObjs, extractedObj)
+		}
+	}
+	return extratedObjs
+}
+
+// reconstructObject rebuilds the original object structure by placing extracted items back into their proper nested location.
+func reconstructObject(extracted []any, fields []string, depth int) map[string]any {
+	obj := make(map[string]any)
+	err := unstructured.SetNestedField(obj, extracted, fields[:depth+1]...)
+	errors.CheckError(err)
+	return obj
+}
+
+// printManifests outputs resource manifests in the specified format (wide, JSON, or YAML).
+func printManifests(objs *[]unstructured.Unstructured, filteredFields bool, showName bool, output string) {
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+	if showName {
+		fmt.Fprintf(w, "FIELD\tRESOURCE NAME\tVALUE\n")
+	} else {
+		fmt.Fprintf(w, "FIELD\tVALUE\n")
+	}
+
+	for i, o := range *objs {
+		if output == "json" || output == "yaml" {
+			var formattedManifest []byte
+			var err error
+			if output == "json" {
+				formattedManifest, err = json.MarshalIndent(o.Object, "", " ")
+			} else {
+				formattedManifest, err = yaml.Marshal(o.Object)
+			}
+			errors.CheckError(err)
+
+			fmt.Println(string(formattedManifest))
+			if len(*objs) > 1 && i != len(*objs)-1 {
+				fmt.Println("---")
+			}
+		} else {
+			name := o.GetName()
+			if filteredFields {
+				unstructured.RemoveNestedField(o.Object, "metadata", "name")
+			}
+
+			printManifestAsTable(w, name, showName, o.Object, "")
+		}
+	}
+
+	if output != "json" && output != "yaml" {
+		err := w.Flush()
+		errors.CheckError(err)
+	}
+}
+
+// printManifestAsTable recursively prints a manifest object as a tabular view with nested fields flattened.
+func printManifestAsTable(w *tabwriter.Writer, name string, showName bool, obj map[string]any, parentField string) {
+	for key, value := range obj {
+		field := parentField + key
+		switch v := value.(type) {
+		case map[string]any:
+			printManifestAsTable(w, name, showName, v, field+".")
+		case []any:
+			for i, e := range v {
+				index := "[" + strconv.Itoa(i) + "]"
+
+				if innerObj, ok := e.(map[string]any); ok {
+					printManifestAsTable(w, name, showName, innerObj, field+index+".")
+				} else {
+					if showName {
+						fmt.Fprintf(w, "%v\t%v\t%v\n", field+index, name, e)
+					} else {
+						fmt.Fprintf(w, "%v\t%v\n", field+index, e)
+					}
+				}
+			}
+		default:
+			if showName {
+				fmt.Fprintf(w, "%v\t%v\t%v\n", field, name, v)
+			} else {
+				fmt.Fprintf(w, "%v\t%v\n", field, v)
+			}
+		}
+	}
+}
+
 func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var patch string
-	var patchType string
-	var resourceName string
-	var namespace string
-	var kind string
-	var group string
-	var all bool
-	var project string
+	var (
+		patch        string
+		patchType    string
+		resourceName string
+		namespace    string
+		kind         string
+		group        string
+		all          bool
+		project      string
+	)
 	command := &cobra.Command{
 		Use:   "patch-resource APPNAME",
 		Short: "Patch resource in an application",
@@ -90,14 +354,16 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions)
 }
 
 func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var resourceName string
-	var namespace string
-	var kind string
-	var group string
-	var force bool
-	var orphan bool
-	var all bool
-	var project string
+	var (
+		resourceName string
+		namespace    string
+		kind         string
+		group        string
+		force        bool
+		orphan       bool
+		all          bool
+		project      string
+	)
 	command := &cobra.Command{
 		Use:   "delete-resource APPNAME",
 		Short: "Delete resource in an application",
@@ -253,13 +519,16 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli
 			}
 		}
 	}
-	_ = w.Flush()
+	err := w.Flush()
+	errors.CheckError(err)
 }
 
 func NewApplicationListResourcesCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var orphaned bool
-	var output string
-	var project string
+	var (
+		orphaned bool
+		output   string
+		project  string
+	)
 	command := &cobra.Command{
 		Use:   "resources APPNAME",
 		Short: "List resource of application",
diff --git a/docs/user-guide/commands/argocd_app.md b/docs/user-guide/commands/argocd_app.md
index 6497de402cfe9..7e3627f3daae5 100644
--- a/docs/user-guide/commands/argocd_app.md
+++ b/docs/user-guide/commands/argocd_app.md
@@ -89,6 +89,7 @@ argocd app [flags]
 * [argocd app diff](argocd_app_diff.md)	 - Perform a diff against the target and live state.
 * [argocd app edit](argocd_app_edit.md)	 - Edit application
 * [argocd app get](argocd_app_get.md)	 - Get application details
+* [argocd app get-resource](argocd_app_get-resource.md)	 - Get details about the live Kubernetes manifests of a resource in an application. The filter-fields flag can be used to only display fields you want to see.
 * [argocd app history](argocd_app_history.md)	 - Show application deployment history
 * [argocd app list](argocd_app_list.md)	 - List applications
 * [argocd app logs](argocd_app_logs.md)	 - Get logs of application pods
diff --git a/docs/user-guide/commands/argocd_app_get-resource.md b/docs/user-guide/commands/argocd_app_get-resource.md
new file mode 100644
index 0000000000000..eeecff00c421a
--- /dev/null
+++ b/docs/user-guide/commands/argocd_app_get-resource.md
@@ -0,0 +1,83 @@
+# `argocd app get-resource` Command Reference
+
+## argocd app get-resource
+
+Get details about the live Kubernetes manifests of a resource in an application. The filter-fields flag can be used to only display fields you want to see.
+
+```
+argocd app get-resource APPNAME [flags]
+```
+
+### Examples
+
+```
+
+  # Get a specific resource, Pod my-app-pod, in 'my-app' by name in wide format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod
+
+  # Get a specific resource, Pod my-app-pod, in 'my-app' by name in yaml format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod -o yaml
+
+  # Get a specific resource, Pod my-app-pod, in 'my-app' by name in json format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod -o json
+
+  # Get details about all Pods in the application
+    argocd app get-resource my-app --kind Pod
+
+  # Get a specific resource with managed fields, Pod my-app-pod, in 'my-app' by name in wide format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod --show-managed-fields
+
+  # Get the the details of a specific field in a resource in 'my-app' in the wide format
+    argocd app get-resource my-app --kind Pod --filter-fields status.podIP
+
+  # Get the details of multiple specific fields in a specific resource in 'my-app' in the wide format
+    argocd app get-resource my-app --kind Pod --resource-name my-app-pod --filter-fields status.podIP,status.hostIP
+```
+
+### Options
+
+```
+      --filter-fields strings   A comma separated list of fields to display, if not provided will output the entire manifest
+  -h, --help                    help for get-resource
+      --kind string             Kind of resource [REQUIRED]
+  -o, --output string           Format of the output, wide, yaml, or json (default "wide")
+      --project string          Project of resource
+      --resource-name string    Name of resource, if none is included will output details of all resources with specified kind
+      --show-managed-fields     Show managed fields in the output manifest
+```
+
+### Options inherited from parent commands
+
+```
+      --argocd-context string           The name of the Argo-CD server context to use
+      --auth-token string               Authentication token; set this or the ARGOCD_AUTH_TOKEN environment variable
+      --client-crt string               Client certificate file
+      --client-crt-key string           Client certificate key file
+      --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")
+      --controller-name string          Name of the Argo CD Application controller; set this or the ARGOCD_APPLICATION_CONTROLLER_NAME environment variable when the controller's name label differs from the default, for example when installing via the Helm chart (default "argocd-application-controller")
+      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
+      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
+      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
+  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
+      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
+      --insecure                        Skip server certificate and domain verification
+      --kube-context string             Directs the command to the given kube-context
+      --logformat string                Set the logging format. One of: json|text (default "json")
+      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
+      --plaintext                       Disable TLS
+      --port-forward                    Connect to a random argocd-server port using port forwarding
+      --port-forward-namespace string   Namespace name which should be used for port forwarding
+      --prompts-enabled                 Force optional interactive prompts to be enabled or disabled, overriding local configuration. If not specified, the local configuration value will be used, which is false by default.
+      --redis-compress string           Enable this if the application controller is configured with redis compression enabled. (possible values: gzip, none) (default "gzip")
+      --redis-haproxy-name string       Name of the Redis HA Proxy; set this or the ARGOCD_REDIS_HAPROXY_NAME environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis-ha-haproxy")
+      --redis-name string               Name of the Redis deployment; set this or the ARGOCD_REDIS_NAME environment variable when the Redis's name label differs from the default, for example when installing via the Helm chart (default "argocd-redis")
+      --repo-server-name string         Name of the Argo CD Repo server; set this or the ARGOCD_REPO_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-repo-server")
+      --server string                   Argo CD server address
+      --server-crt string               Server certificate file
+      --server-name string              Name of the Argo CD API server; set this or the ARGOCD_SERVER_NAME environment variable when the server's name label differs from the default, for example when installing via the Helm chart (default "argocd-server")
+```
+
+### SEE ALSO
+
+* [argocd app](argocd_app.md)	 - Manage applications
+

From a7f949680f6957c72a8076445976d8dc5d8eea7c Mon Sep 17 00:00:00 2001
From: Laurent Rochette <laurent.rochette@octopus.com>
Date: Thu, 7 Aug 2025 10:45:06 -0700
Subject: [PATCH 239/383] docs: Incorporate grafana service doc change (#24069)

Signed-off-by: lrochette <laurent.rochette@codefresh.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../notifications/services/github.md          |  3 +++
 .../notifications/services/grafana.md         | 21 ++++++++++++++++---
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/docs/operator-manual/notifications/services/github.md b/docs/operator-manual/notifications/services/github.md
index 1dc72d83e14ce..faca3db44d252 100755
--- a/docs/operator-manual/notifications/services/github.md
+++ b/docs/operator-manual/notifications/services/github.md
@@ -84,6 +84,7 @@ template.app-deployed: |
       content: |
         Application {{.app.metadata.name}} is now running new version of deployments manifests.
         See more here: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true
+      commentTag: "continuous-delivery/{{.app.metadata.name}}"
     checkRun:
       name: "continuous-delivery/{{.app.metadata.name}}"
       details_url: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
@@ -107,4 +108,6 @@ template.app-deployed: |
   Setting this option to `false` is required if you would like to deploy older refs in your default branch.
   For more information see the [GitHub Deployment API Docs](https://docs.github.com/en/rest/deployments/deployments?apiVersion=2022-11-28#create-a-deployment).
 - If `github.pullRequestComment.content` is set to 65536 characters or more, it will be truncated.
+- The `github.pullRequestComment.commentTag` parameter is used to identify the comment. If a comment with the specified tag is found, it will be updated (upserted). If no comment with the tag is found, a new comment will be created.
 - Reference is optional. When set, it will be used as the ref to deploy. If not set, the revision will be used as the ref to deploy.
+
diff --git a/docs/operator-manual/notifications/services/grafana.md b/docs/operator-manual/notifications/services/grafana.md
index 1f3e77701f044..8f8f264cc34ad 100755
--- a/docs/operator-manual/notifications/services/grafana.md
+++ b/docs/operator-manual/notifications/services/grafana.md
@@ -37,7 +37,22 @@ stringData:
   grafana-api-key: api-key
 ```
 
-7. Create subscription for your Grafana integration
+7. Create a template in `argo-notifications-cm` Configmap
+This will be used to pass the (required) text of the annocation to Grafana (or re-use an existing one)
+As there is no specific template for Grafana, you must use the generic `message`:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-notifications-cm
+data:
+  templates:
+    template.app-deployed: |
+      messsage: Application {{.app.metadata.name}} is now running new version of deployments manifests.
+```
+
+8. Create subscription for your Grafana integration
 
 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -47,5 +62,5 @@ metadata:
     notifications.argoproj.io/subscribe.<trigger-name>.grafana: tag1|tag2 # list of tags separated with |
 ```
 
-8. Change the annotations settings
-![8](https://user-images.githubusercontent.com/18019529/112022083-47fb0600-8b75-11eb-849b-d25d41925909.png)
+9. Change the annotations settings
+![8](https://user-images.githubusercontent.com/18019529/112022083-47fb0600-8b75-11eb-849b-d25d41925909.png)
\ No newline at end of file
diff --git a/go.mod b/go.mod
index d107a1230663d..cb0b66dff17fd 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
 	github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf
-	github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872
+	github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
 	github.com/aws/aws-sdk-go v1.55.7
diff --git a/go.sum b/go.sum
index ef1117afe99e1..5523e9f52c71a 100644
--- a/go.sum
+++ b/go.sum
@@ -115,8 +115,8 @@ github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kd
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
 github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf h1:T6GGt8vYN2aRNnOwdY3DIzMX1AhGIEo+8SNhSlNBdvs=
 github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
-github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872 h1:ADGAdyN9ty0+RmTT/yn+xV9vwkqvLn9O1ccqeP0Zeas=
-github.com/argoproj/notifications-engine v0.4.1-0.20250309174002-87bf0576a872/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
+github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7 h1:DwrJWH9kySJgaJ6n5U543QSeFTNdMHDz5Iy+goyfQUw=
+github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
 github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM=
 github.com/argoproj/pkg v0.13.6/go.mod h1:I698DoJBKuvNFaixh4vFl2C88cNIT1WS7KCbz5ewyF8=
 github.com/argoproj/pkg/v2 v2.0.1 h1:O/gCETzB/3+/hyFL/7d/VM/6pSOIRWIiBOTb2xqAHvc=

From 47271125831fb486912488cede531187e85a8f56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Aug 2025 12:02:00 +0300
Subject: [PATCH 240/383] chore(deps): bump golang.org/x/net from 0.42.0 to
 0.43.0 (#24075)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 15 ++++++++-------
 go.sum | 32 ++++++++++++++++++--------------
 2 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index cb0b66dff17fd..5dad641a65354 100644
--- a/go.mod
+++ b/go.mod
@@ -91,11 +91,11 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
 	go.opentelemetry.io/otel/sdk v1.36.0
 	go.uber.org/automaxprocs v1.6.0
-	golang.org/x/crypto v0.40.0
-	golang.org/x/net v0.42.0
+	golang.org/x/crypto v0.41.0
+	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.16.0
-	golang.org/x/term v0.33.0
+	golang.org/x/term v0.34.0
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a
 	google.golang.org/grpc v1.74.0
@@ -267,10 +267,11 @@ require (
 	go.opentelemetry.io/proto/otlp v1.6.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
-	golang.org/x/mod v0.25.0 // indirect
-	golang.org/x/sys v0.34.0 // indirect
-	golang.org/x/text v0.27.0 // indirect
-	golang.org/x/tools v0.34.0 // indirect
+	golang.org/x/mod v0.26.0 // indirect
+	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/tools v0.35.0 // indirect
+	golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
 	gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	gomodules.xyz/notify v0.1.1 // indirect
diff --git a/go.sum b/go.sum
index 5523e9f52c71a..c85f37b60aea4 100644
--- a/go.sum
+++ b/go.sum
@@ -982,8 +982,8 @@ golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/
 golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
-golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
-golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1031,8 +1031,8 @@ golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
-golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w=
-golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
+golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1100,8 +1100,8 @@ golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
-golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1215,8 +1215,8 @@ golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -1244,8 +1244,8 @@ golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
-golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
-golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1268,8 +1268,8 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
-golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1340,8 +1340,12 @@ golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
-golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
-golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
+golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
+golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=
+golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
+golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=
+golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 6b4d5510ee4d4d3d53e8c24e651cb373bcbfcd8e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Aug 2025 12:02:53 +0300
Subject: [PATCH 241/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.111.0 to 2.116.0 (#24073)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5dad641a65354..b8bbbe1d5ccf7 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.111.0
+	github.com/casbin/casbin/v2 v2.116.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index c85f37b60aea4..354a7bd3adfc8 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.111.0 h1:UXN21o25OeoECw5Y/WunsBk3dSzuEJNP+SmCyzzR2TQ=
-github.com/casbin/casbin/v2 v2.111.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.116.0 h1:F4Ga+d0j2i2RRa3uXyDX5cwg9+irUwoO1v1Wmy8svOM=
+github.com/casbin/casbin/v2 v2.116.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From 21b5aefdc0478de552269dd7d8f8f51bac914334 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Aug 2025 12:04:09 +0300
Subject: [PATCH 242/383] chore(deps): bump actions/download-artifact from
 4.3.0 to 5.0.0 (#24052)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 2c0f1d9a0a716..038d12b0cc0e7 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -368,12 +368,12 @@ jobs:
         run: |
           rm -rf ui/node_modules/argo-ui/node_modules
       - name: Get e2e code coverage
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: e2e-code-coverage
           path: e2e-code-coverage
       - name: Get unit test code coverage
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: test-results
           path: test-results

From 049295364ec2158a576e876128e3623cbd901117 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Aug 2025 10:00:12 -0400
Subject: [PATCH 243/383] chore(deps): bump google.golang.org/protobuf from
 1.36.6 to 1.36.7 (#24077)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b8bbbe1d5ccf7..14daa989a48b8 100644
--- a/go.mod
+++ b/go.mod
@@ -99,7 +99,7 @@ require (
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a
 	google.golang.org/grpc v1.74.0
-	google.golang.org/protobuf v1.36.6
+	google.golang.org/protobuf v1.36.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.33.1
diff --git a/go.sum b/go.sum
index 354a7bd3adfc8..5e2c09c77d2ef 100644
--- a/go.sum
+++ b/go.sum
@@ -1447,8 +1447,8 @@ google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
+google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=

From 7ce52ecebdbc67695e993d0125f9c4b26c635ccf Mon Sep 17 00:00:00 2001
From: Noam Gal <atgardner@gmail.com>
Date: Sun, 10 Aug 2025 15:41:10 +0300
Subject: [PATCH 244/383] fix: "admin cluster generate-spec" fails on missing
 "argocd-cm" (#10429) (#24088)

Signed-off-by: Noam Gal <noam.gal@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/argocd/commands/admin/cluster.go | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go
index a0ce6910be684..64e69240a5087 100644
--- a/cmd/argocd/commands/admin/cluster.go
+++ b/cmd/argocd/commands/admin/cluster.go
@@ -14,6 +14,7 @@ import (
 	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
@@ -608,7 +609,31 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 			clientConfig := clientcmd.NewDefaultClientConfig(*cfgAccess, &overrides)
 			conf, err := clientConfig.ClientConfig()
 			errors.CheckError(err)
-			kubeClientset := fake.NewClientset()
+			// Seed a minimal in-memory Argo CD environment so settings retrieval succeeds
+			argoCDCM := &corev1.ConfigMap{
+				TypeMeta: metav1.TypeMeta{Kind: "ConfigMap", APIVersion: "v1"},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      common.ArgoCDConfigMapName,
+					Namespace: ArgoCDNamespace,
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+			}
+			argoCDSecret := &corev1.Secret{
+				TypeMeta: metav1.TypeMeta{Kind: "Secret", APIVersion: "v1"},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      common.ArgoCDSecretName,
+					Namespace: ArgoCDNamespace,
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+				Data: map[string][]byte{
+					"server.secretkey": []byte("test"),
+				},
+			}
+			kubeClientset := fake.NewClientset(argoCDCM, argoCDSecret)
 
 			var awsAuthConf *v1alpha1.AWSAuthConfig
 			var execProviderConf *v1alpha1.ExecProviderConfig

From 99ed67573be257c9b09f4d120c5b377b5f638da3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 10 Aug 2025 22:07:28 -0400
Subject: [PATCH 245/383] chore(deps): bump library/golang from 1.24.5 to
 1.24.6 in /test/remote (#24061)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/remote/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index 06b9fd54a41a6..24eaaee8d1ca4 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
-FROM docker.io/library/golang:1.24.5@sha256:ef5b4be1f94b36c90385abd9b6b4f201723ae28e71acacb76d00687333c17282 AS go
+FROM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS go
 
 RUN go install github.com/mattn/goreman@latest && \
     go install github.com/kisielk/godepgraph@latest

From d0891134b858afe1f560e5cd11a2729539b2e11d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Aug 2025 10:03:33 +0300
Subject: [PATCH 246/383] chore(deps): bump github.com/r3labs/diff/v3 from
 3.0.1 to 3.0.2 (#24098)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 5 ++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 14daa989a48b8..8cfe7d1c893bd 100644
--- a/go.mod
+++ b/go.mod
@@ -74,7 +74,7 @@ require (
 	github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible
 	github.com/prometheus/client_golang v1.23.0
 	github.com/prometheus/client_model v0.6.2
-	github.com/r3labs/diff/v3 v3.0.1
+	github.com/r3labs/diff/v3 v3.0.2
 	github.com/redis/go-redis/v9 v9.8.0
 	github.com/robfig/cron/v3 v3.0.2-0.20210106135023-bc59245fe10e
 	github.com/sirupsen/logrus v1.9.3
diff --git a/go.sum b/go.sum
index 5e2c09c77d2ef..ecbfa0f1f1cb1 100644
--- a/go.sum
+++ b/go.sum
@@ -792,8 +792,8 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
 github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
-github.com/r3labs/diff/v3 v3.0.1 h1:CBKqf3XmNRHXKmdU7mZP1w7TV0pDyVCis1AUHtA4Xtg=
-github.com/r3labs/diff/v3 v3.0.1/go.mod h1:f1S9bourRbiM66NskseyUdo0fTmEE0qKrikYJX63dgo=
+github.com/r3labs/diff/v3 v3.0.2 h1:yVuxAY1V6MeM4+HNur92xkS39kB/N+cFi2hMkY06BbA=
+github.com/r3labs/diff/v3 v3.0.2/go.mod h1:Cy542hv0BAEmhDYWtGxXRQ4kqRsVIcEjG9gChUlTmkw=
 github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA=
 github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
 github.com/redis/go-redis/v9 v9.8.0/go.mod h1:huWgSWd8mW6+m0VPhJjSSQ+d6Nh1VICQ6Q5lHuCH/Iw=
@@ -885,7 +885,6 @@ github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+
 github.com/vmihailenco/go-tinylfu v0.2.2 h1:H1eiG6HM36iniK6+21n9LLpzx1G9R3DJa2UjUjbynsI=
 github.com/vmihailenco/go-tinylfu v0.2.2/go.mod h1:CutYi2Q9puTxfcolkliPq4npPuofg9N9t8JVrjzwa3Q=
 github.com/vmihailenco/msgpack/v5 v5.3.4/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
-github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
 github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
 github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=

From e59e037d391577f25f692fb9269ac17207d737c5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Aug 2025 10:04:22 +0300
Subject: [PATCH 247/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.116.0 to 2.118.0 (#24099)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8cfe7d1c893bd..1a2391e4fdfda 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.116.0
+	github.com/casbin/casbin/v2 v2.118.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index ecbfa0f1f1cb1..c5177ea8fd71a 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.116.0 h1:F4Ga+d0j2i2RRa3uXyDX5cwg9+irUwoO1v1Wmy8svOM=
-github.com/casbin/casbin/v2 v2.116.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.118.0 h1:OS0E6J/KkWw3lvmW6f3h7xz4Bvlv8mv91fRk0J4QpFs=
+github.com/casbin/casbin/v2 v2.118.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From bf3e9fe0ed5ade7e3d41beb3b55df1707435d87d Mon Sep 17 00:00:00 2001
From: Ville Vesilehto <ville@vesilehto.fi>
Date: Mon, 11 Aug 2025 10:39:08 +0300
Subject: [PATCH 248/383] chore: update Go to 1.24.6 (#24090)

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 .github/workflows/image.yaml    | 4 ++--
 .github/workflows/release.yaml  | 4 ++--
 Dockerfile                      | 4 ++--
 go.mod                          | 2 +-
 test/container/Dockerfile       | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 038d12b0cc0e7..6476e0c17eb82 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -14,7 +14,7 @@ on:
 env:
   # Golang version to use across CI steps
   # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.24.4'
+  GOLANG_VERSION: '1.24.6'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index 5f1f7627fd077..8389f703f9656 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -53,7 +53,7 @@ jobs:
     with:
       # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
       # renovate: datasource=golang-version packageName=golang
-      go-version: 1.24.4
+      go-version: 1.24.6
       platforms: ${{ needs.set-vars.outputs.platforms }}
       push: false
 
@@ -70,7 +70,7 @@ jobs:
       ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
       # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
       # renovate: datasource=golang-version packageName=golang
-      go-version: 1.24.4
+      go-version: 1.24.6
       platforms: ${{ needs.set-vars.outputs.platforms }}
       push: true
     secrets:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index adf39ae022819..e50296c483c7d 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -11,7 +11,7 @@ permissions: {}
 
 env:
   # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.24.4' # Note: go-version must also be set in job argocd-image.with.go-version
+  GOLANG_VERSION: '1.24.6' # Note: go-version must also be set in job argocd-image.with.go-version
 
 jobs:
   argocd-image:
@@ -25,7 +25,7 @@ jobs:
       quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
       # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
       # renovate: datasource=golang-version packageName=golang
-      go-version: 1.24.4
+      go-version: 1.24.6
       platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
       push: true
     secrets:
diff --git a/Dockerfile b/Dockerfile
index 6c61140235400..eb6611da1615d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS builder
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS builder
 
 WORKDIR /tmp
 
@@ -103,7 +103,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.4@sha256:db5d0afbfb4ab648af2393b92e87eaae9ad5e01132803d80caef91b5752d289c AS argocd-build
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS argocd-build
 
 WORKDIR /go/src/github.com/argoproj/argo-cd
 
diff --git a/go.mod b/go.mod
index 1a2391e4fdfda..a4831ae04253a 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/argoproj/argo-cd/v3
 
-go 1.24.4
+go 1.24.6
 
 require (
 	code.gitea.io/sdk/gitea v0.21.0
diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 8b0df5038bc06..4ecc1b6b910d5 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -8,7 +8,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu
 # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version
 FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f35285eaf037ebe627a65a5cdf52 AS node
 
-FROM docker.io/library/golang:1.24.5@sha256:ef5b4be1f94b36c90385abd9b6b4f201723ae28e71acacb76d00687333c17282 AS golang
+FROM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS golang
 
 FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439b3f7c958c9c2fb941049ea6531d AS registry
 

From 5809db9b0f4b9c360a70edfc0726eae2224266d9 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Mon, 11 Aug 2025 13:16:06 +0530
Subject: [PATCH 249/383] chore: add @nitishfy for v3.2 release champion
 (#24097)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../release-process-and-cadence.md            | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/docs/developer-guide/release-process-and-cadence.md b/docs/developer-guide/release-process-and-cadence.md
index c85191d819e5f..c2ba5c20855c7 100644
--- a/docs/developer-guide/release-process-and-cadence.md
+++ b/docs/developer-guide/release-process-and-cadence.md
@@ -6,21 +6,21 @@
 
 These are the upcoming releases dates:
 
-| Release | Release Candidate 1   | General Availability | Release Champion                                      | Release Approver                                      | Checklist                                                     |
-|---------|-----------------------|----------------------|-------------------------------------------------------|-------------------------------------------------------|---------------------------------------------------------------|
-| v2.6    | Monday, Dec. 19, 2022 | Monday, Feb. 6, 2023 | [William Tam](https://github.com/wtam2018)            | [William Tam](https://github.com/wtam2018)            | [checklist](https://github.com/argoproj/argo-cd/issues/11563) |
-| v2.7    | Monday, Mar. 20, 2023 | Monday, May 1, 2023  | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/12762) |
-| v2.8    | Monday, Jun. 26, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.com/keithchong)          | [Keith Chong](https://github.com/keithchong)          | [checklist](https://github.com/argoproj/argo-cd/issues/13742) |
-| v2.9    | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 | [Leonardo Almeida](https://github.com/leoluz)         | [Leonardo Almeida](https://github.com/leoluz)         | [checklist](https://github.com/argoproj/argo-cd/issues/14078) |
-| v2.10   | Monday, Dec. 18, 2023 | Monday, Feb. 5, 2024 | [Katie Lamkin](https://github.com/kmlamkin9)          |                                                       | [checklist](https://github.com/argoproj/argo-cd/issues/16339) |
-| v2.11   | Friday, Apr. 5,  2024 | Monday, May 6, 2024  | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/17726) |
-| v2.12   | Monday, Jun. 17, 2024 | Monday, Aug. 5, 2024 | [Ishita Sequeira](https://github.com/ishitasequeira)  | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/19063) |
-| v2.13   | Monday, Sep. 16, 2024 | Monday, Nov. 4, 2024 | [Regina Voloshin](https://github.com/reggie-k)        | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/19513) |
-| v2.14   | Monday, Dec. 16, 2024 | Monday, Feb. 3, 2025 | [Ryan Umstead](https://github.com/rumstead)           | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/20869) |
-| v3.0    | Monday, Mar. 17, 2025 | Tuesday, May 6, 2025 | [Regina Voloshin](https://github.com/reggie-k)        |                                                       | [checklist](https://github.com/argoproj/argo-cd/issues/21735) |
+| Release | Release Candidate 1   | General Availability | Release Champion                                        | Release Approver                                      | Checklist                                                     |
+|---------|-----------------------|----------------------|---------------------------------------------------------|-------------------------------------------------------|---------------------------------------------------------------|
+| v2.6    | Monday, Dec. 19, 2022 | Monday, Feb. 6, 2023 | [William Tam](https://github.com/wtam2018)              | [William Tam](https://github.com/wtam2018)            | [checklist](https://github.com/argoproj/argo-cd/issues/11563) |
+| v2.7    | Monday, Mar. 20, 2023 | Monday, May 1, 2023  | [Pavel Kostohrys](https://github.com/pasha-codefresh)   | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/12762) |
+| v2.8    | Monday, Jun. 26, 2023 | Monday, Aug. 7, 2023 | [Keith Chong](https://github.com/keithchong)            | [Keith Chong](https://github.com/keithchong)          | [checklist](https://github.com/argoproj/argo-cd/issues/13742) |
+| v2.9    | Monday, Sep. 18, 2023 | Monday, Nov. 6, 2023 | [Leonardo Almeida](https://github.com/leoluz)           | [Leonardo Almeida](https://github.com/leoluz)         | [checklist](https://github.com/argoproj/argo-cd/issues/14078) |
+| v2.10   | Monday, Dec. 18, 2023 | Monday, Feb. 5, 2024 | [Katie Lamkin](https://github.com/kmlamkin9)            |                                                       | [checklist](https://github.com/argoproj/argo-cd/issues/16339) |
+| v2.11   | Friday, Apr. 5,  2024 | Monday, May 6, 2024  | [Pavel Kostohrys](https://github.com/pasha-codefresh)   | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/17726) |
+| v2.12   | Monday, Jun. 17, 2024 | Monday, Aug. 5, 2024 | [Ishita Sequeira](https://github.com/ishitasequeira)    | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/19063) |
+| v2.13   | Monday, Sep. 16, 2024 | Monday, Nov. 4, 2024 | [Regina Voloshin](https://github.com/reggie-k)          | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/19513) |
+| v2.14   | Monday, Dec. 16, 2024 | Monday, Feb. 3, 2025 | [Ryan Umstead](https://github.com/rumstead)             | [Pavel Kostohrys](https://github.com/pasha-codefresh) | [checklist](https://github.com/argoproj/argo-cd/issues/20869) |
+| v3.0    | Monday, Mar. 17, 2025 | Tuesday, May 6, 2025 | [Regina Voloshin](https://github.com/reggie-k)          |                                                       | [checklist](https://github.com/argoproj/argo-cd/issues/21735) |
 | v3.1    | Monday, Jun. 16, 2025 | Monday, Aug. 4, 2025 | [Christian Hernandez](https://github.com/christianh814) | [Alexandre Gaudreault](https://github.com/agaudreault) | [checklist](#) |
-| v3.2    | Monday, Sep. 15, 2025 | Monday, Nov. 3, 2025 |                                                       |                                                       |
-| v3.3    | Monday, Dec. 15, 2025 | Monday, Feb. 2, 2026 |                                                       |                                                       |
+| v3.2    | Monday, Sep. 15, 2025 | Monday, Nov. 3, 2025 | [Nitish Kumar](https://github.com/nitishfy)             |                                                       | [checklist](#) |
+| v3.3    | Monday, Dec. 15, 2025 | Monday, Feb. 2, 2026 |                                                         |                                                       |
 
 Actual release dates might differ from the plan by a few days.
 

From adcfd0f2e4cf557bcbb95514c2b09897ccc82e32 Mon Sep 17 00:00:00 2001
From: Honglian You <honglian.you@foxmail.com>
Date: Mon, 11 Aug 2025 17:02:20 +0800
Subject: [PATCH 250/383] fix(ui): catch AbortError during data fetch
 cancellation (#24054)

Signed-off-by: youhonglian <honglian.you@foxmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/src/app/shared/services/requests.ts | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/ui/src/app/shared/services/requests.ts b/ui/src/app/shared/services/requests.ts
index 6fa71a4cccb44..98bf35483b7d4 100644
--- a/ui/src/app/shared/services/requests.ts
+++ b/ui/src/app/shared/services/requests.ts
@@ -73,13 +73,20 @@ export default {
             const abortController = new AbortController();
 
             // If there is an error, show it beforehand
-            fetch(fullUrl, {signal: abortController.signal}).then(response => {
-                if (!response.ok) {
-                    return response.text().then(text => {
-                        observer.error({status: response.status, statusText: response.statusText, body: text});
-                    });
-                }
-            });
+            fetch(fullUrl, {signal: abortController.signal})
+                .then(response => {
+                    if (!response.ok) {
+                        return response.text().then(text => {
+                            observer.error({status: response.status, statusText: response.statusText, body: text});
+                        });
+                    }
+                })
+                .catch(err => {
+                    if (err.name === 'AbortError') {
+                        return;
+                    }
+                    observer.error(err);
+                });
 
             let eventSource = new EventSource(fullUrl);
             eventSource.onmessage = msg => observer.next(msg.data);

From c394e735dcfdd9006e46be2cbead14843283e853 Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Mon, 11 Aug 2025 11:04:17 +0200
Subject: [PATCH 251/383] fix: `kustomize edit add component` check (#24100)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/kustomize/kustomize.go      | 21 ++++++++++++---------
 util/kustomize/kustomize_test.go | 20 ++++++++++++++++++++
 2 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/util/kustomize/kustomize.go b/util/kustomize/kustomize.go
index bb19e25d20f9a..b07f54ddebd05 100644
--- a/util/kustomize/kustomize.go
+++ b/util/kustomize/kustomize.go
@@ -365,15 +365,18 @@ func (k *kustomize) Build(opts *v1alpha1.ApplicationSourceKustomize, kustomizeOp
 					foundComponents = append(foundComponents, c)
 				}
 			}
-			args := []string{"edit", "add", "component"}
-			args = append(args, foundComponents...)
-			cmd := exec.Command(k.getBinaryPath(), args...)
-			cmd.Dir = k.path
-			cmd.Env = env
-			commands = append(commands, executil.GetCommandArgsToLog(cmd))
-			_, err := executil.Run(cmd)
-			if err != nil {
-				return nil, nil, nil, err
+
+			if len(foundComponents) > 0 {
+				args := []string{"edit", "add", "component"}
+				args = append(args, foundComponents...)
+				cmd := exec.Command(k.getBinaryPath(), args...)
+				cmd.Dir = k.path
+				cmd.Env = env
+				commands = append(commands, executil.GetCommandArgsToLog(cmd))
+				_, err := executil.Run(cmd)
+				if err != nil {
+					return nil, nil, nil, err
+				}
 			}
 		}
 	}
diff --git a/util/kustomize/kustomize_test.go b/util/kustomize/kustomize_test.go
index 791f25ff58963..a0c8ab0bb52a4 100644
--- a/util/kustomize/kustomize_test.go
+++ b/util/kustomize/kustomize_test.go
@@ -615,6 +615,26 @@ func TestFailKustomizeBuildPatches(t *testing.T) {
 	require.EqualError(t, err, "kustomization file not found in the path")
 }
 
+func TestKustomizeBuildComponentsNoFoundComponents(t *testing.T) {
+	appPath, err := testDataDir(t, kustomization6)
+	require.NoError(t, err)
+	kustomize := NewKustomizeApp(appPath, appPath, git.NopCreds{}, "", "", "", "")
+
+	// Test with non-existent components and IgnoreMissingComponents = true
+	// This should result in foundComponents being empty, so no "edit add component" command should be executed
+	kustomizeSource := v1alpha1.ApplicationSourceKustomize{
+		Components:              []string{"./non-existent-component1", "./non-existent-component2"},
+		IgnoreMissingComponents: true,
+	}
+	_, _, commands, err := kustomize.Build(&kustomizeSource, nil, nil, nil)
+	require.NoError(t, err)
+
+	// Verify that no "edit add component" command was executed
+	for _, cmd := range commands {
+		assert.NotContains(t, cmd, "edit add component", "kustomize edit add component should not be invoked when foundComponents is empty")
+	}
+}
+
 func Test_getImageParameters_sorted(t *testing.T) {
 	apps := []*unstructured.Unstructured{
 		{

From 3479fa7a32ce655026185020e7471f8f789bbe66 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Mon, 11 Aug 2025 05:10:18 -0400
Subject: [PATCH 252/383] fix: revert kubeVersion change to preserve trailing
 `+` (#24066)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.0-3.1.md | 14 ---------
 docs/user-guide/build-environment.md      |  4 +--
 reposerver/repository/repository.go       | 35 +++++++++++++++++++++--
 reposerver/repository/repository_test.go  | 35 +++++++++++++++++++----
 4 files changed, 63 insertions(+), 25 deletions(-)

diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index ffefdb3cb2bce..4f37caf16f530 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -1,19 +1,5 @@
 # v3.0 to 3.1
 
-## No more KubeVersions variable modification
-
-Until v3.0, Argo CD removed `+` identifier from `kubeVersions` in Helm, Kustomize and Plugins. For example, if Argo CD receive `kubeVersions` as vX.Y.Z+, we convert to vX.Y.Z internally. Starting with v3.1, the internal conversion is entirely removed.
-
-### Detection
-
-To detect if you are affected, check the `kubeVersions` you are using. If you use `kubeVersions` including `+` identifier, the application must be failed when you upgrade from v3.0 to v3.1.
-
-### Remediation
-
-The plus symbol was originally removed [because Helm did not support it](https://github.com/argoproj/argo-cd/issues/2303). Helm no longer enforces this restriction, so apps should work fine even if your kubeVersions include `+`.
-
-However, since Argo CD now sends unmodified kubeVersions to Helm, the generated manifests may differ due to the changed kubeVersions. For apps which require extra caution, it may be advisable to disable auto-sync, upgrade, check any diffs, and then reenable auto-sync.
-
 ## Symlink protection in API `--staticassets` directory
 
 The `--staticassets` directory in the API server (`/app/shared` by default) is now protected against out-of-bounds
diff --git a/docs/user-guide/build-environment.md b/docs/user-guide/build-environment.md
index 7bd7b4ca461f6..de69645d03f46 100644
--- a/docs/user-guide/build-environment.md
+++ b/docs/user-guide/build-environment.md
@@ -3,7 +3,7 @@
 [Custom tools](../operator-manual/config-management-plugins.md), [Helm](helm.md), [Jsonnet](jsonnet.md), and [Kustomize](kustomize.md) support the following build env vars:
 
 | Variable                            | Description                                                             |
-|-------------------------------------|-------------------------------------------------------------------------|
+| ----------------------------------- | ----------------------------------------------------------------------- |
 | `ARGOCD_APP_NAME`                   | The name of the application.                                            |
 | `ARGOCD_APP_NAMESPACE`              | The destination namespace of the application.                           |
 | `ARGOCD_APP_PROJECT_NAME`           | The name of the project the application belongs to.                     |
@@ -13,7 +13,7 @@
 | `ARGOCD_APP_SOURCE_PATH`            | The path of the app within the source repo.                             |
 | `ARGOCD_APP_SOURCE_REPO_URL`        | The source repo URL.                                                    |
 | `ARGOCD_APP_SOURCE_TARGET_REVISION` | The target revision from the spec, e.g. `master`.                       |
-| `KUBE_VERSION`                      | The version of Kubernetes.                                              |
+| `KUBE_VERSION`                      | The semantic version of Kubernetes without trailing metadata.           |
 | `KUBE_API_VERSIONS`                 | The version of the Kubernetes API.                                      |
 
 In case you don't want a variable to be interpolated, `$` can be escaped via `$$`.
diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go
index 24d0f8fe89818..d67b9291bbd86 100644
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -40,6 +40,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+	k8sversion "k8s.io/apimachinery/pkg/util/version"
 	kubeyaml "k8s.io/apimachinery/pkg/util/yaml"
 
 	pluginclient "github.com/argoproj/argo-cd/v3/cmpserver/apiclient"
@@ -1168,6 +1169,20 @@ func isSourcePermitted(url string, repos []string) bool {
 	return p.IsSourcePermitted(v1alpha1.ApplicationSource{RepoURL: url})
 }
 
+// parseKubeVersion is an helper function to remove the non-semantic information supported by kubernetes
+// that may not be supported in all helm versions: https://github.com/helm/helm/pull/31091
+func parseKubeVersion(version string) (string, error) {
+	if version == "" {
+		return "", nil
+	}
+
+	kubeVersion, err := k8sversion.ParseGeneric(version)
+	if err != nil {
+		return "", err
+	}
+	return kubeVersion.String(), nil
+}
+
 func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclient.ManifestRequest, isLocal bool, gitRepoPaths utilio.TempPaths) ([]*unstructured.Unstructured, string, error) {
 	// We use the app name as Helm's release name property, which must not
 	// contain any underscore characters and must not exceed 53 characters.
@@ -1175,10 +1190,15 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie
 	// templating, thus, we just use the name part of the identifier.
 	appName, _ := argo.ParseInstanceName(q.AppName, "")
 
+	kubeVersion, err := parseKubeVersion(q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion))
+	if err != nil {
+		return nil, "", fmt.Errorf("could not parse kubernetes version %s: %w", q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion), err)
+	}
+
 	templateOpts := &helm.TemplateOpts{
 		Name:        appName,
 		Namespace:   q.ApplicationSource.GetNamespaceOrDefault(q.Namespace),
-		KubeVersion: q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion),
+		KubeVersion: kubeVersion,
 		APIVersions: q.ApplicationSource.GetAPIVersionsOrDefault(q.ApiVersions),
 		Set:         map[string]string{},
 		SetString:   map[string]string{},
@@ -1504,9 +1524,14 @@ func GenerateManifests(ctx context.Context, appPath, repoRoot, revision string,
 		if err != nil {
 			return nil, fmt.Errorf("error getting kustomize binary path: %w", err)
 		}
+		var kubeVersion string
+		kubeVersion, err = parseKubeVersion(q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion))
+		if err != nil {
+			return nil, fmt.Errorf("could not parse kubernetes version %s: %w", q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion), err)
+		}
 		k := kustomize.NewKustomizeApp(repoRoot, appPath, q.Repo.GetGitCreds(gitCredsStore), repoURL, kustomizeBinary, q.Repo.Proxy, q.Repo.NoProxy)
 		targetObjs, _, commands, err = k.Build(q.ApplicationSource.Kustomize, q.KustomizeOptions, env, &kustomize.BuildOpts{
-			KubeVersion: q.ApplicationSource.GetKubeVersionOrDefault(q.KubeVersion),
+			KubeVersion: kubeVersion,
 			APIVersions: q.ApplicationSource.GetAPIVersionsOrDefault(q.ApiVersions),
 		})
 	case v1alpha1.ApplicationSourceTypePlugin:
@@ -2026,8 +2051,12 @@ func makeJsonnetVM(appPath string, repoRoot string, sourceJsonnet v1alpha1.Appli
 }
 
 func getPluginEnvs(env *v1alpha1.Env, q *apiclient.ManifestRequest) ([]string, error) {
+	kubeVersion, err := parseKubeVersion(q.KubeVersion)
+	if err != nil {
+		return nil, fmt.Errorf("could not parse kubernetes version %s: %w", q.KubeVersion, err)
+	}
 	envVars := env.Environ()
-	envVars = append(envVars, "KUBE_VERSION="+q.KubeVersion)
+	envVars = append(envVars, "KUBE_VERSION="+kubeVersion)
 	envVars = append(envVars, "KUBE_API_VERSIONS="+strings.Join(q.ApiVersions, ","))
 
 	return getPluginParamEnvs(envVars, q.ApplicationSource.Plugin)
diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go
index db7ab383012a1..9857e7235526b 100644
--- a/reposerver/repository/repository_test.go
+++ b/reposerver/repository/repository_test.go
@@ -1134,6 +1134,27 @@ func TestManifestGenErrorCacheRespectsNoCache(t *testing.T) {
 	assert.True(t, strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix))
 }
 
+func TestGenerateHelmKubeVersion(t *testing.T) {
+	service := newService(t, "../../util/helm/testdata/redis")
+
+	res, err := service.GenerateManifest(t.Context(), &apiclient.ManifestRequest{
+		Repo:    &v1alpha1.Repository{},
+		AppName: "test",
+		ApplicationSource: &v1alpha1.ApplicationSource{
+			Path: ".",
+			Helm: &v1alpha1.ApplicationSourceHelm{
+				KubeVersion: "1.30.11+IKS",
+			},
+		},
+		ProjectName:        "something",
+		ProjectSourceRepos: []string{"*"},
+	})
+
+	require.NoError(t, err)
+	assert.Len(t, res.Commands, 1)
+	assert.Contains(t, res.Commands[0], "--kube-version 1.30.11")
+}
+
 func TestGenerateHelmWithValues(t *testing.T) {
 	service := newService(t, "../../util/helm/testdata/redis")
 
@@ -4333,7 +4354,7 @@ func Test_GenerateManifests_Commands(t *testing.T) {
 		q := apiclient.ManifestRequest{
 			AppName:     "test-app",
 			Namespace:   "test-namespace",
-			KubeVersion: "1.2.3",
+			KubeVersion: "1.2.3+something",
 			ApiVersions: []string{"v1/Test", "v2/Test"},
 			Repo:        &v1alpha1.Repository{},
 			ApplicationSource: &v1alpha1.ApplicationSource{
@@ -4379,7 +4400,7 @@ func Test_GenerateManifests_Commands(t *testing.T) {
 		t.Run("with overrides", func(t *testing.T) {
 			// These can be set explicitly instead of using inferred values. Make sure the overrides apply.
 			q.ApplicationSource.Helm.APIVersions = []string{"v3", "v4"}
-			q.ApplicationSource.Helm.KubeVersion = "5.6.7"
+			q.ApplicationSource.Helm.KubeVersion = "5.6.7+something"
 			q.ApplicationSource.Helm.Namespace = "different-namespace"
 			q.ApplicationSource.Helm.ReleaseName = "different-release-name"
 
@@ -4454,9 +4475,12 @@ images:
 		q := apiclient.ManifestRequest{
 			AppName:     "test-app",
 			Namespace:   "test-namespace",
-			KubeVersion: "1.2.3",
+			KubeVersion: "1.2.3+something",
 			ApiVersions: []string{"v1/Test", "v2/Test"},
 			Repo:        &v1alpha1.Repository{},
+			KustomizeOptions: &v1alpha1.KustomizeOptions{
+				BuildOptions: "--enable-helm",
+			},
 			ApplicationSource: &v1alpha1.ApplicationSource{
 				Path: ".",
 				Kustomize: &v1alpha1.ApplicationSourceKustomize{
@@ -4475,7 +4499,7 @@ images:
 					Images: v1alpha1.KustomizeImages{
 						"image=override",
 					},
-					KubeVersion:           "5.6.7",
+					KubeVersion:           "5.6.7+something",
 					LabelWithoutSelector:  true,
 					LabelIncludeTemplates: true,
 					NamePrefix:            "test-prefix",
@@ -4494,7 +4518,6 @@ images:
 		}
 
 		res, err := service.GenerateManifest(t.Context(), &q)
-
 		require.NoError(t, err)
 		assert.Equal(t, []string{
 			"kustomize edit set nameprefix -- test-prefix",
@@ -4505,7 +4528,7 @@ images:
 			"kustomize edit add annotation --force test:annotation-test-app",
 			"kustomize edit set namespace -- override-namespace",
 			"kustomize edit add component component",
-			"kustomize build .",
+			"kustomize build . --enable-helm --helm-kube-version 5.6.7 --helm-api-versions v1 --helm-api-versions v2",
 		}, res.Commands)
 	})
 }

From 963f9edc32dde5e3bfaf7736628938a00db1896a Mon Sep 17 00:00:00 2001
From: Adrian Berger <43774417+adberger@users.noreply.github.com>
Date: Mon, 11 Aug 2025 11:28:55 +0200
Subject: [PATCH 253/383] fix(dashboard): Allow quantile label as float and
 integer (#24087)

Signed-off-by: Adrian Berger <adrian.berger@bedag.ch>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 examples/dashboard.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/dashboard.json b/examples/dashboard.json
index b56f8a18c8917..aaf4809833e62 100644
--- a/examples/dashboard.json
+++ b/examples/dashboard.json
@@ -3280,7 +3280,7 @@
               "datasource": {
                 "uid": "$datasource"
               },
-              "expr": "go_gc_duration_seconds{job=\"argocd-server-metrics\", quantile=\"1\", namespace=~\"$namespace\"}",
+              "expr": "go_gc_duration_seconds{job=\"argocd-server-metrics\", quantile=~\"1.0|1\", namespace=~\"$namespace\"}",
               "format": "time_series",
               "intervalFactor": 2,
               "legendFormat": "{{pod}}",

From c72e08805db32fae604148d13d1082ad33b1832e Mon Sep 17 00:00:00 2001
From: jiwlee <53519832+jiwlee97@users.noreply.github.com>
Date: Tue, 12 Aug 2025 17:14:37 +0900
Subject: [PATCH 254/383] fix(ui): convert GroupWrapper to a functional
 component (#23796)

Signed-off-by: jiwlee <ddazi9576@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../project-role-groups-edit.tsx              | 37 +++++++++----------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/ui/src/app/settings/components/project-role-groups-edit/project-role-groups-edit.tsx b/ui/src/app/settings/components/project-role-groups-edit/project-role-groups-edit.tsx
index 131d8ed3e496e..db395918a848e 100644
--- a/ui/src/app/settings/components/project-role-groups-edit/project-role-groups-edit.tsx
+++ b/ui/src/app/settings/components/project-role-groups-edit/project-role-groups-edit.tsx
@@ -1,8 +1,9 @@
 import {FormField} from 'argo-ui';
-import * as React from 'react';
 import * as ReactForm from 'react-form';
 import {Form, Text} from 'react-form';
 
+import React from 'react';
+
 interface ProjectRoleGroupsProps {
     projName: string;
     roleName: string;
@@ -12,7 +13,7 @@ interface ProjectRoleGroupsProps {
 }
 
 export const ProjectRoleGroupsEdit = (props: ProjectRoleGroupsProps) => (
-    <React.Fragment>
+    <>
         <p>GROUPS</p>
         <div>OIDC group names to bind to this role</div>
         {
@@ -58,9 +59,14 @@ export const ProjectRoleGroupsEdit = (props: ProjectRoleGroupsProps) => (
                 </div>
             )}
         </Form>
-    </React.Fragment>
+    </>
 );
 
+function removeEl(items: any[], index: number) {
+    items.splice(index, 1);
+    return items;
+}
+
 interface GroupProps {
     projName: string;
     roleName: string;
@@ -69,22 +75,15 @@ interface GroupProps {
     deleteGroup: () => void;
 }
 
-function removeEl(items: any[], index: number) {
-    items.splice(index, 1);
-    return items;
-}
-
-class GroupWrapper extends React.Component<GroupProps, any> {
-    public render() {
-        return (
-            <div className='row'>
-                <div className='columns small-11'>{this.props.groupName}</div>
-                <div className='columns small-1'>
-                    <i className='fa fa-times' onClick={() => this.props.deleteGroup()} style={{cursor: 'pointer'}} />
-                </div>
+const GroupWrapper = ({groupName, deleteGroup}: GroupProps) => {
+    return (
+        <div className='row'>
+            <div className='columns small-11'>{groupName}</div>
+            <div className='columns small-1'>
+                <i className='fa fa-times' onClick={deleteGroup} style={{cursor: 'pointer'}} />
             </div>
-        );
-    }
-}
+        </div>
+    );
+};
 
 const Group = ReactForm.FormField(GroupWrapper);

From 62b95a3e48676f8314af78982b6ae67c791406bf Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Tue, 12 Aug 2025 10:02:21 -0700
Subject: [PATCH 255/383] feat(cli): Support Server-Side Diff CLI (#23978)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 assets/swagger.json                           |   64 +
 cmd/argocd/commands/app.go                    |  234 +++-
 cmd/argocd/commands/app_test.go               |    4 +
 docs/user-guide/commands/argocd_app_diff.md   |    1 +
 pkg/apiclient/application/application.pb.go   | 1108 ++++++++++++++---
 .../application/application.pb.gw.go          |  119 ++
 server/application/application.go             |  180 ++-
 server/application/application.proto          |   18 +
 server/application/application_test.go        |  142 +++
 test/e2e/app_management_test.go               |  195 +++
 10 files changed, 1812 insertions(+), 253 deletions(-)

diff --git a/assets/swagger.json b/assets/swagger.json
index d28d232d670c7..f71e81bda9266 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -374,6 +374,56 @@
         }
       }
     },
+    "/api/v1/applications/{appName}/server-side-diff": {
+      "get": {
+        "tags": [
+          "ApplicationService"
+        ],
+        "summary": "ServerSideDiff performs server-side diff calculation using dry-run apply",
+        "operationId": "ApplicationService_ServerSideDiff",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "appName",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "appNamespace",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "project",
+            "in": "query"
+          },
+          {
+            "type": "array",
+            "items": {
+              "type": "string"
+            },
+            "collectionFormat": "multi",
+            "name": "targetManifests",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/applicationApplicationServerSideDiffResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/runtimeError"
+            }
+          }
+        }
+      }
+    },
     "/api/v1/applications/{application.metadata.name}": {
       "put": {
         "tags": [
@@ -5019,6 +5069,20 @@
         }
       }
     },
+    "applicationApplicationServerSideDiffResponse": {
+      "type": "object",
+      "properties": {
+        "items": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/v1alpha1ResourceDiff"
+          }
+        },
+        "modified": {
+          "type": "boolean"
+        }
+      }
+    },
     "applicationApplicationSyncRequest": {
       "type": "object",
       "title": "ApplicationSyncRequest is a request to apply the config state to live state",
diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go
index f96612df728c7..7c916067faf3b 100644
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -39,9 +39,13 @@ import (
 	"github.com/argoproj/argo-cd/v3/cmd/argocd/commands/headless"
 	"github.com/argoproj/argo-cd/v3/cmd/argocd/commands/utils"
 	cmdutil "github.com/argoproj/argo-cd/v3/cmd/util"
+	argocommon "github.com/argoproj/argo-cd/v3/common"
 	"github.com/argoproj/argo-cd/v3/controller"
 	argocdclient "github.com/argoproj/argo-cd/v3/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v3/pkg/apiclient/application"
+
+	resourceutil "github.com/argoproj/gitops-engine/pkg/sync/resource"
+
 	clusterpkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/cluster"
 	projectpkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/project"
 	"github.com/argoproj/argo-cd/v3/pkg/apiclient/settings"
@@ -1282,6 +1286,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 		revision             string
 		localRepoRoot        string
 		serverSideGenerate   bool
+		serverSideDiff       bool
 		localIncludes        []string
 		appNamespace         string
 		revisions            []string
@@ -1344,6 +1349,22 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 			argoSettings, err := settingsIf.Get(ctx, &settings.SettingsQuery{})
 			errors.CheckError(err)
 			diffOption := &DifferenceOption{}
+
+			hasServerSideDiffAnnotation := resourceutil.HasAnnotationOption(app, argocommon.AnnotationCompareOptions, "ServerSideDiff=true")
+
+			// Use annotation if flag not explicitly set
+			if !c.Flags().Changed("server-side-diff") {
+				serverSideDiff = hasServerSideDiffAnnotation
+			} else if serverSideDiff && !hasServerSideDiffAnnotation {
+				// Flag explicitly set to true, but app annotation is not set
+				fmt.Fprintf(os.Stderr, "Warning: Application does not have ServerSideDiff=true annotation.\n")
+			}
+
+			// Server side diff with local requires server side generate to be set as there will be a mismatch with client-generated manifests.
+			if serverSideDiff && local != "" && !serverSideGenerate {
+				log.Fatal("--server-side-diff with --local requires --server-side-generate.")
+			}
+
 			switch {
 			case app.Spec.HasMultipleSources() && len(revisions) > 0 && len(sourcePositions) > 0:
 				numOfSources := int64(len(app.Spec.GetSources()))
@@ -1399,7 +1420,8 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 				}
 			}
 			proj := getProject(ctx, c, clientOpts, app.Spec.Project)
-			foundDiffs := findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption, ignoreNormalizerOpts)
+
+			foundDiffs := findAndPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption, ignoreNormalizerOpts, serverSideDiff, appIf, app.GetName(), app.GetNamespace())
 			if foundDiffs && exitCode {
 				os.Exit(diffExitCode)
 			}
@@ -1413,6 +1435,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().StringVar(&revision, "revision", "", "Compare live app to a particular revision")
 	command.Flags().StringVar(&localRepoRoot, "local-repo-root", "/", "Path to the repository root. Used together with --local allows setting the repository root")
 	command.Flags().BoolVar(&serverSideGenerate, "server-side-generate", false, "Used with --local, this will send your manifests to the server for diffing")
+	command.Flags().BoolVar(&serverSideDiff, "server-side-diff", false, "Use server-side diff to calculate the diff. This will default to true if the ServerSideDiff annotation is set on the application.")
 	command.Flags().StringArrayVar(&localIncludes, "local-include", []string{"*.yaml", "*.yml", "*.json"}, "Used with --server-side-generate, specify patterns of filenames to send. Matching is based on filename and not path.")
 	command.Flags().StringVarP(&appNamespace, "app-namespace", "N", "", "Only render the difference in namespace")
 	command.Flags().StringArrayVar(&revisions, "revisions", []string{}, "Show manifests at specific revisions for source position in source-positions")
@@ -1422,6 +1445,101 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	return command
 }
 
+// printResourceDiff prints the diff header and calls cli.PrintDiff for a resource
+func printResourceDiff(group, kind, namespace, name string, live, target *unstructured.Unstructured) {
+	fmt.Printf("\n===== %s/%s %s/%s ======\n", group, kind, namespace, name)
+	_ = cli.PrintDiff(name, live, target)
+}
+
+// findAndPrintServerSideDiff performs a server-side diff by making requests to the api server and prints the response
+func findAndPrintServerSideDiff(ctx context.Context, app *argoappv1.Application, items []objKeyLiveTarget, resources *application.ManagedResourcesResponse, appIf application.ApplicationServiceClient, appName, appNs string) bool {
+	// Process each item for server-side diff
+	foundDiffs := false
+	for _, item := range items {
+		if item.target != nil && hook.IsHook(item.target) || item.live != nil && hook.IsHook(item.live) {
+			continue
+		}
+
+		// For server-side diff, we need to create aligned arrays for this specific resource
+		var liveResource *argoappv1.ResourceDiff
+		var targetManifest string
+
+		if item.live != nil {
+			for _, res := range resources.Items {
+				if res.Group == item.key.Group && res.Kind == item.key.Kind &&
+					res.Namespace == item.key.Namespace && res.Name == item.key.Name {
+					liveResource = res
+					break
+				}
+			}
+		}
+
+		if liveResource == nil {
+			// Create empty live resource for creation case
+			liveResource = &argoappv1.ResourceDiff{
+				Group:       item.key.Group,
+				Kind:        item.key.Kind,
+				Namespace:   item.key.Namespace,
+				Name:        item.key.Name,
+				LiveState:   "",
+				TargetState: "",
+				Modified:    true,
+			}
+		}
+
+		if item.target != nil {
+			jsonBytes, err := json.Marshal(item.target)
+			if err != nil {
+				errors.CheckError(fmt.Errorf("error marshaling target object: %w", err))
+			}
+			targetManifest = string(jsonBytes)
+		}
+
+		// Call server-side diff for this individual resource
+		serverSideDiffQuery := &application.ApplicationServerSideDiffQuery{
+			AppName:         &appName,
+			AppNamespace:    &appNs,
+			Project:         &app.Spec.Project,
+			LiveResources:   []*argoappv1.ResourceDiff{liveResource},
+			TargetManifests: []string{targetManifest},
+		}
+
+		serverSideDiffRes, err := appIf.ServerSideDiff(ctx, serverSideDiffQuery)
+		if err != nil {
+			errors.CheckError(err)
+		}
+
+		// Extract diff for this resource
+		for _, resultItem := range serverSideDiffRes.Items {
+			if resultItem.Hook || (!resultItem.Modified && resultItem.TargetState != "" && resultItem.LiveState != "") {
+				continue
+			}
+
+			if resultItem.Modified || resultItem.TargetState == "" || resultItem.LiveState == "" {
+				var live, target *unstructured.Unstructured
+
+				if resultItem.TargetState != "" && resultItem.TargetState != "null" {
+					target = &unstructured.Unstructured{}
+					err = json.Unmarshal([]byte(resultItem.TargetState), target)
+					errors.CheckError(err)
+				}
+
+				if resultItem.LiveState != "" && resultItem.LiveState != "null" {
+					live = &unstructured.Unstructured{}
+					err = json.Unmarshal([]byte(resultItem.LiveState), live)
+					errors.CheckError(err)
+				}
+
+				// Print resulting diff for this resource
+				foundDiffs = true
+				printResourceDiff(resultItem.Group, resultItem.Kind, resultItem.Namespace, resultItem.Name, live, target)
+			}
+		}
+	}
+
+	return foundDiffs
+}
+
 // DifferenceOption struct to store diff options
 type DifferenceOption struct {
 	local         string
@@ -1433,47 +1551,15 @@ type DifferenceOption struct {
 	revisions     []string
 }
 
-// findandPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false
-func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts) bool {
+// findAndPrintDiff ... Prints difference between application current state and state stored in git or locally, returns boolean as true if difference is found else returns false
+func findAndPrintDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, useServerSideDiff bool, appIf application.ApplicationServiceClient, appName, appNs string) bool {
 	var foundDiffs bool
-	liveObjs, err := cmdutil.LiveObjects(resources.Items)
-	errors.CheckError(err)
-	items := make([]objKeyLiveTarget, 0)
-	switch {
-	case diffOptions.local != "":
-		localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace)
-		items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
-	case diffOptions.revision != "" || len(diffOptions.revisions) > 0:
-		var unstructureds []*unstructured.Unstructured
-		for _, mfst := range diffOptions.res.Manifests {
-			obj, err := argoappv1.UnmarshalToUnstructured(mfst)
-			errors.CheckError(err)
-			unstructureds = append(unstructureds, obj)
-		}
-		groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace)
-		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
-	case diffOptions.serversideRes != nil:
-		var unstructureds []*unstructured.Unstructured
-		for _, mfst := range diffOptions.serversideRes.Manifests {
-			obj, err := argoappv1.UnmarshalToUnstructured(mfst)
-			errors.CheckError(err)
-			unstructureds = append(unstructureds, obj)
-		}
-		groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace)
-		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
-	default:
-		for i := range resources.Items {
-			res := resources.Items[i]
-			live := &unstructured.Unstructured{}
-			err := json.Unmarshal([]byte(res.NormalizedLiveState), &live)
-			errors.CheckError(err)
 
-			target := &unstructured.Unstructured{}
-			err = json.Unmarshal([]byte(res.TargetState), &target)
-			errors.CheckError(err)
+	items, err := prepareObjectsForDiff(ctx, app, proj, resources, argoSettings, diffOptions)
+	errors.CheckError(err)
 
-			items = append(items, objKeyLiveTarget{kube.NewResourceKey(res.Group, res.Kind, res.Namespace, res.Name), live, target})
-		}
+	if useServerSideDiff {
+		return findAndPrintServerSideDiff(ctx, app, items, resources, appIf, appName, appNs)
 	}
 
 	for _, item := range items {
@@ -1500,7 +1586,6 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg
 		errors.CheckError(err)
 
 		if diffRes.Modified || item.target == nil || item.live == nil {
-			fmt.Printf("\n===== %s/%s %s/%s ======\n", item.key.Group, item.key.Kind, item.key.Namespace, item.key.Name)
 			var live *unstructured.Unstructured
 			var target *unstructured.Unstructured
 			if item.target != nil && item.live != nil {
@@ -1512,10 +1597,8 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg
 				live = item.live
 				target = item.target
 			}
-			if !foundDiffs {
-				foundDiffs = true
-			}
-			_ = cli.PrintDiff(item.key.Name, live, target)
+			foundDiffs = true
+			printResourceDiff(item.key.Group, item.key.Kind, item.key.Namespace, item.key.Name, live, target)
 		}
 	}
 	return foundDiffs
@@ -2297,7 +2380,11 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					fmt.Printf("====== Previewing differences between live and desired state of application %s ======\n", appQualifiedName)
 
 					proj := getProject(ctx, c, clientOpts, app.Spec.Project)
-					foundDiffs = findandPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption, ignoreNormalizerOpts)
+
+					// Check if application has ServerSideDiff annotation
+					serverSideDiff := resourceutil.HasAnnotationOption(app, argocommon.AnnotationCompareOptions, "ServerSideDiff=true")
+
+					foundDiffs = findAndPrintDiff(ctx, app, proj.Project, resources, argoSettings, diffOption, ignoreNormalizerOpts, serverSideDiff, appIf, appName, appNs)
 					if !foundDiffs {
 						fmt.Printf("====== No Differences found ======\n")
 						// if no differences found, then no need to sync
@@ -3520,3 +3607,60 @@ func NewApplicationConfirmDeletionCommand(clientOpts *argocdclient.ClientOptions
 	command.Flags().StringVarP(&appNamespace, "app-namespace", "N", "", "Namespace of the target application where the source will be appended")
 	return command
 }
+
+// prepareObjectsForDiff prepares objects for diffing using the switch statement
+// to handle different diff options and building the objKeyLiveTarget items
+func prepareObjectsForDiff(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, resources *application.ManagedResourcesResponse, argoSettings *settings.Settings, diffOptions *DifferenceOption) ([]objKeyLiveTarget, error) {
+	liveObjs, err := cmdutil.LiveObjects(resources.Items)
+	if err != nil {
+		return nil, err
+	}
+	items := make([]objKeyLiveTarget, 0)
+
+	switch {
+	case diffOptions.local != "":
+		localObjs := groupObjsByKey(getLocalObjects(ctx, app, proj, diffOptions.local, diffOptions.localRepoRoot, argoSettings.AppLabelKey, diffOptions.cluster.Info.ServerVersion, diffOptions.cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace)
+		items = groupObjsForDiff(resources, localObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
+	case diffOptions.revision != "" || len(diffOptions.revisions) > 0:
+		var unstructureds []*unstructured.Unstructured
+		for _, mfst := range diffOptions.res.Manifests {
+			obj, err := argoappv1.UnmarshalToUnstructured(mfst)
+			if err != nil {
+				return nil, err
+			}
+			unstructureds = append(unstructureds, obj)
+		}
+		groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace)
+		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
+	case diffOptions.serversideRes != nil:
+		var unstructureds []*unstructured.Unstructured
+		for _, mfst := range diffOptions.serversideRes.Manifests {
+			obj, err := argoappv1.UnmarshalToUnstructured(mfst)
+			if err != nil {
+				return nil, err
+			}
+			unstructureds = append(unstructureds, obj)
+		}
+		groupedObjs := groupObjsByKey(unstructureds, liveObjs, app.Spec.Destination.Namespace)
+		items = groupObjsForDiff(resources, groupedObjs, items, argoSettings, app.InstanceName(argoSettings.ControllerNamespace), app.Spec.Destination.Namespace)
+	default:
+		for i := range resources.Items {
+			res := resources.Items[i]
+			live := &unstructured.Unstructured{}
+			err := json.Unmarshal([]byte(res.NormalizedLiveState), &live)
+			if err != nil {
+				return nil, err
+			}
+
+			target := &unstructured.Unstructured{}
+			err = json.Unmarshal([]byte(res.TargetState), &target)
+			if err != nil {
+				return nil, err
+			}
+
+			items = append(items, objKeyLiveTarget{kube.NewResourceKey(res.Group, res.Kind, res.Namespace, res.Name), live, target})
+		}
+	}
+
+	return items, nil
+}
diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go
index 459e2a6cdaab0..4f983400c0898 100644
--- a/cmd/argocd/commands/app_test.go
+++ b/cmd/argocd/commands/app_test.go
@@ -2253,6 +2253,10 @@ func (c *fakeAppServiceClient) ListResourceLinks(_ context.Context, _ *applicati
 	return nil, nil
 }
 
+func (c *fakeAppServiceClient) ServerSideDiff(_ context.Context, _ *applicationpkg.ApplicationServerSideDiffQuery, _ ...grpc.CallOption) (*applicationpkg.ApplicationServerSideDiffResponse, error) {
+	return nil, nil
+}
+
 type fakeAcdClient struct {
 	simulateTimeout uint
 }
diff --git a/docs/user-guide/commands/argocd_app_diff.md b/docs/user-guide/commands/argocd_app_diff.md
index bc24299db0ffb..3e95e725ac7ee 100644
--- a/docs/user-guide/commands/argocd_app_diff.md
+++ b/docs/user-guide/commands/argocd_app_diff.md
@@ -30,6 +30,7 @@ argocd app diff APPNAME [flags]
       --refresh                                           Refresh application data when retrieving
       --revision string                                   Compare live app to a particular revision
       --revisions stringArray                             Show manifests at specific revisions for source position in source-positions
+      --server-side-diff                                  Use server-side diff to calculate the diff. This will default to true if the ServerSideDiff annotation is set on the application.
       --server-side-generate                              Used with --local, this will send your manifests to the server for diffing
       --source-names stringArray                          List of source names. Default is an empty array.
       --source-positions int64Slice                       List of source positions. Default is empty array. Counting start at 1. (default [])
diff --git a/pkg/apiclient/application/application.pb.go b/pkg/apiclient/application/application.pb.go
index 76b7859f2f0b0..4b56256a690b0 100644
--- a/pkg/apiclient/application/application.pb.go
+++ b/pkg/apiclient/application/application.pb.go
@@ -2804,6 +2804,140 @@ func (m *ManagedResourcesResponse) GetItems() []*v1alpha1.ResourceDiff {
 	return nil
 }
 
+type ApplicationServerSideDiffQuery struct {
+	AppName              *string                  `protobuf:"bytes,1,req,name=appName" json:"appName,omitempty"`
+	AppNamespace         *string                  `protobuf:"bytes,2,opt,name=appNamespace" json:"appNamespace,omitempty"`
+	Project              *string                  `protobuf:"bytes,3,opt,name=project" json:"project,omitempty"`
+	LiveResources        []*v1alpha1.ResourceDiff `protobuf:"bytes,4,rep,name=liveResources" json:"liveResources,omitempty"`
+	TargetManifests      []string                 `protobuf:"bytes,5,rep,name=targetManifests" json:"targetManifests,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_sizecache        int32                    `json:"-"`
+}
+
+func (m *ApplicationServerSideDiffQuery) Reset()         { *m = ApplicationServerSideDiffQuery{} }
+func (m *ApplicationServerSideDiffQuery) String() string { return proto.CompactTextString(m) }
+func (*ApplicationServerSideDiffQuery) ProtoMessage()    {}
+func (*ApplicationServerSideDiffQuery) Descriptor() ([]byte, []int) {
+	return fileDescriptor_df6e82b174b5eaec, []int{34}
+}
+func (m *ApplicationServerSideDiffQuery) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ApplicationServerSideDiffQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ApplicationServerSideDiffQuery.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ApplicationServerSideDiffQuery) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ApplicationServerSideDiffQuery.Merge(m, src)
+}
+func (m *ApplicationServerSideDiffQuery) XXX_Size() int {
+	return m.Size()
+}
+func (m *ApplicationServerSideDiffQuery) XXX_DiscardUnknown() {
+	xxx_messageInfo_ApplicationServerSideDiffQuery.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ApplicationServerSideDiffQuery proto.InternalMessageInfo
+
+func (m *ApplicationServerSideDiffQuery) GetAppName() string {
+	if m != nil && m.AppName != nil {
+		return *m.AppName
+	}
+	return ""
+}
+
+func (m *ApplicationServerSideDiffQuery) GetAppNamespace() string {
+	if m != nil && m.AppNamespace != nil {
+		return *m.AppNamespace
+	}
+	return ""
+}
+
+func (m *ApplicationServerSideDiffQuery) GetProject() string {
+	if m != nil && m.Project != nil {
+		return *m.Project
+	}
+	return ""
+}
+
+func (m *ApplicationServerSideDiffQuery) GetLiveResources() []*v1alpha1.ResourceDiff {
+	if m != nil {
+		return m.LiveResources
+	}
+	return nil
+}
+
+func (m *ApplicationServerSideDiffQuery) GetTargetManifests() []string {
+	if m != nil {
+		return m.TargetManifests
+	}
+	return nil
+}
+
+type ApplicationServerSideDiffResponse struct {
+	Items                []*v1alpha1.ResourceDiff `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"`
+	Modified             *bool                    `protobuf:"varint,2,req,name=modified" json:"modified,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
+	XXX_unrecognized     []byte                   `json:"-"`
+	XXX_sizecache        int32                    `json:"-"`
+}
+
+func (m *ApplicationServerSideDiffResponse) Reset()         { *m = ApplicationServerSideDiffResponse{} }
+func (m *ApplicationServerSideDiffResponse) String() string { return proto.CompactTextString(m) }
+func (*ApplicationServerSideDiffResponse) ProtoMessage()    {}
+func (*ApplicationServerSideDiffResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_df6e82b174b5eaec, []int{35}
+}
+func (m *ApplicationServerSideDiffResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ApplicationServerSideDiffResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ApplicationServerSideDiffResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ApplicationServerSideDiffResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ApplicationServerSideDiffResponse.Merge(m, src)
+}
+func (m *ApplicationServerSideDiffResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ApplicationServerSideDiffResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ApplicationServerSideDiffResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ApplicationServerSideDiffResponse proto.InternalMessageInfo
+
+func (m *ApplicationServerSideDiffResponse) GetItems() []*v1alpha1.ResourceDiff {
+	if m != nil {
+		return m.Items
+	}
+	return nil
+}
+
+func (m *ApplicationServerSideDiffResponse) GetModified() bool {
+	if m != nil && m.Modified != nil {
+		return *m.Modified
+	}
+	return false
+}
+
 type LinkInfo struct {
 	Title                *string  `protobuf:"bytes,1,req,name=title" json:"title,omitempty"`
 	Url                  *string  `protobuf:"bytes,2,req,name=url" json:"url,omitempty"`
@@ -2818,7 +2952,7 @@ func (m *LinkInfo) Reset()         { *m = LinkInfo{} }
 func (m *LinkInfo) String() string { return proto.CompactTextString(m) }
 func (*LinkInfo) ProtoMessage()    {}
 func (*LinkInfo) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{34}
+	return fileDescriptor_df6e82b174b5eaec, []int{36}
 }
 func (m *LinkInfo) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2886,7 +3020,7 @@ func (m *LinksResponse) Reset()         { *m = LinksResponse{} }
 func (m *LinksResponse) String() string { return proto.CompactTextString(m) }
 func (*LinksResponse) ProtoMessage()    {}
 func (*LinksResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{35}
+	return fileDescriptor_df6e82b174b5eaec, []int{37}
 }
 func (m *LinksResponse) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -2935,7 +3069,7 @@ func (m *ListAppLinksRequest) Reset()         { *m = ListAppLinksRequest{} }
 func (m *ListAppLinksRequest) String() string { return proto.CompactTextString(m) }
 func (*ListAppLinksRequest) ProtoMessage()    {}
 func (*ListAppLinksRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_df6e82b174b5eaec, []int{36}
+	return fileDescriptor_df6e82b174b5eaec, []int{38}
 }
 func (m *ListAppLinksRequest) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -3020,6 +3154,8 @@ func init() {
 	proto.RegisterType((*OperationTerminateResponse)(nil), "application.OperationTerminateResponse")
 	proto.RegisterType((*ResourcesQuery)(nil), "application.ResourcesQuery")
 	proto.RegisterType((*ManagedResourcesResponse)(nil), "application.ManagedResourcesResponse")
+	proto.RegisterType((*ApplicationServerSideDiffQuery)(nil), "application.ApplicationServerSideDiffQuery")
+	proto.RegisterType((*ApplicationServerSideDiffResponse)(nil), "application.ApplicationServerSideDiffResponse")
 	proto.RegisterType((*LinkInfo)(nil), "application.LinkInfo")
 	proto.RegisterType((*LinksResponse)(nil), "application.LinksResponse")
 	proto.RegisterType((*ListAppLinksRequest)(nil), "application.ListAppLinksRequest")
@@ -3030,188 +3166,195 @@ func init() {
 }
 
 var fileDescriptor_df6e82b174b5eaec = []byte{
-	// 2885 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5a, 0xcf, 0x8f, 0x1c, 0x47,
-	0xf5, 0xff, 0xd6, 0xcc, 0xce, 0xee, 0xec, 0x1b, 0xff, 0xac, 0xd8, 0xfe, 0x76, 0xc6, 0x1b, 0x33,
-	0x69, 0xff, 0x9a, 0xac, 0xbd, 0x33, 0xf6, 0xc4, 0xa0, 0x64, 0x93, 0x10, 0x9c, 0xb5, 0xe3, 0x2c,
-	0xac, 0x1d, 0xd3, 0xeb, 0xc4, 0x28, 0x1c, 0xa0, 0xd2, 0x5d, 0x3b, 0xd3, 0x6c, 0x4f, 0x77, 0xbb,
-	0xbb, 0x67, 0xc2, 0x2a, 0xe4, 0x12, 0x84, 0xc4, 0x21, 0x0a, 0x02, 0x72, 0xe0, 0xc0, 0x2f, 0x25,
-	0x8a, 0x84, 0x10, 0x88, 0x0b, 0x42, 0x48, 0x08, 0x09, 0x0e, 0x41, 0x70, 0x40, 0x8a, 0xe0, 0x1f,
-	0x40, 0x11, 0xe2, 0x48, 0x2e, 0x39, 0x23, 0x54, 0xd5, 0x55, 0xdd, 0xd5, 0xf3, 0xa3, 0x67, 0x96,
-	0x19, 0x14, 0x4b, 0xdc, 0xfa, 0xd5, 0x54, 0xbd, 0xf7, 0x79, 0xaf, 0x5e, 0xbd, 0x57, 0xf5, 0xde,
-	0xc0, 0x99, 0x90, 0x06, 0x7d, 0x1a, 0x34, 0x89, 0xef, 0x3b, 0xb6, 0x49, 0x22, 0xdb, 0x73, 0xd5,
-	0xef, 0x86, 0x1f, 0x78, 0x91, 0x87, 0x2b, 0xca, 0x50, 0x75, 0xa5, 0xed, 0x79, 0x6d, 0x87, 0x36,
-	0x89, 0x6f, 0x37, 0x89, 0xeb, 0x7a, 0x11, 0x1f, 0x0e, 0xe3, 0xa9, 0x55, 0x7d, 0xf7, 0xb1, 0xb0,
-	0x61, 0x7b, 0xfc, 0x57, 0xd3, 0x0b, 0x68, 0xb3, 0x7f, 0xb9, 0xd9, 0xa6, 0x2e, 0x0d, 0x48, 0x44,
-	0x2d, 0x31, 0xe7, 0x4a, 0x3a, 0xa7, 0x4b, 0xcc, 0x8e, 0xed, 0xd2, 0x60, 0xaf, 0xe9, 0xef, 0xb6,
-	0xd9, 0x40, 0xd8, 0xec, 0xd2, 0x88, 0x8c, 0x5a, 0xb5, 0xd5, 0xb6, 0xa3, 0x4e, 0xef, 0xe5, 0x86,
-	0xe9, 0x75, 0x9b, 0x24, 0x68, 0x7b, 0x7e, 0xe0, 0x7d, 0x85, 0x7f, 0xac, 0x99, 0x56, 0xb3, 0xff,
-	0x68, 0xca, 0x40, 0xd5, 0xa5, 0x7f, 0x99, 0x38, 0x7e, 0x87, 0x0c, 0x73, 0xbb, 0x3e, 0x81, 0x5b,
-	0x40, 0x7d, 0x4f, 0xd8, 0x86, 0x7f, 0xda, 0x91, 0x17, 0xec, 0x29, 0x9f, 0x31, 0x1b, 0xfd, 0x23,
-	0x04, 0x47, 0xae, 0xa6, 0xf2, 0x3e, 0xdf, 0xa3, 0xc1, 0x1e, 0xc6, 0xb0, 0xe0, 0x92, 0x2e, 0xd5,
-	0x50, 0x0d, 0xd5, 0x97, 0x0d, 0xfe, 0x8d, 0x35, 0x58, 0x0a, 0xe8, 0x4e, 0x40, 0xc3, 0x8e, 0x56,
-	0xe0, 0xc3, 0x92, 0xc4, 0x55, 0x28, 0x33, 0xe1, 0xd4, 0x8c, 0x42, 0xad, 0x58, 0x2b, 0xd6, 0x97,
-	0x8d, 0x84, 0xc6, 0x75, 0x38, 0x1c, 0xd0, 0xd0, 0xeb, 0x05, 0x26, 0x7d, 0x91, 0x06, 0xa1, 0xed,
-	0xb9, 0xda, 0x02, 0x5f, 0x3d, 0x38, 0xcc, 0xb8, 0x84, 0xd4, 0xa1, 0x66, 0xe4, 0x05, 0x5a, 0x89,
-	0x4f, 0x49, 0x68, 0x86, 0x87, 0x01, 0xd7, 0x16, 0x63, 0x3c, 0xec, 0x1b, 0xeb, 0x70, 0x80, 0xf8,
-	0xfe, 0x2d, 0xd2, 0xa5, 0xa1, 0x4f, 0x4c, 0xaa, 0x2d, 0xf1, 0xdf, 0x32, 0x63, 0x0c, 0xb3, 0x40,
-	0xa2, 0x95, 0x39, 0x30, 0x49, 0xea, 0x1b, 0xb0, 0x7c, 0xcb, 0xb3, 0xe8, 0x78, 0x75, 0x07, 0xd9,
-	0x17, 0x86, 0xd9, 0xeb, 0xef, 0x21, 0x38, 0x6e, 0xd0, 0xbe, 0xcd, 0xf0, 0xdf, 0xa4, 0x11, 0xb1,
-	0x48, 0x44, 0x06, 0x39, 0x16, 0x12, 0x8e, 0x55, 0x28, 0x07, 0x62, 0xb2, 0x56, 0xe0, 0xe3, 0x09,
-	0x3d, 0x24, 0xad, 0x98, 0xaf, 0x4c, 0x6c, 0x42, 0x49, 0xe2, 0x1a, 0x54, 0x62, 0x5b, 0x6e, 0xba,
-	0x16, 0xfd, 0x2a, 0xb7, 0x5e, 0xc9, 0x50, 0x87, 0xf0, 0x0a, 0x2c, 0xf7, 0x63, 0x3b, 0x6f, 0x5a,
-	0xdc, 0x8a, 0x25, 0x23, 0x1d, 0xd0, 0xff, 0x81, 0xe0, 0x94, 0xe2, 0x03, 0x86, 0xd8, 0x99, 0xeb,
-	0x7d, 0xea, 0x46, 0xe1, 0x78, 0x85, 0x2e, 0xc2, 0x51, 0xb9, 0x89, 0x83, 0x76, 0x1a, 0xfe, 0x81,
-	0xa9, 0xa8, 0x0e, 0x4a, 0x15, 0xd5, 0x31, 0xa6, 0x88, 0xa4, 0x5f, 0xd8, 0xbc, 0x26, 0xd4, 0x54,
-	0x87, 0x86, 0x0c, 0x55, 0xca, 0x37, 0xd4, 0x62, 0xc6, 0x50, 0xfa, 0xfb, 0x08, 0x34, 0x45, 0xd1,
-	0x9b, 0xc4, 0xb5, 0x77, 0x68, 0x18, 0x4d, 0xbb, 0x67, 0x68, 0x8e, 0x7b, 0x56, 0x87, 0xc3, 0xb1,
-	0x56, 0xb7, 0xd9, 0x79, 0x64, 0xf1, 0x47, 0x2b, 0xd5, 0x8a, 0xf5, 0xa2, 0x31, 0x38, 0xcc, 0xf6,
-	0x4e, 0xca, 0x0c, 0xb5, 0x45, 0xee, 0xc6, 0xe9, 0x80, 0xfe, 0x30, 0x2c, 0x3f, 0x6b, 0x3b, 0x74,
-	0xa3, 0xd3, 0x73, 0x77, 0xf1, 0x31, 0x28, 0x99, 0xec, 0x83, 0xeb, 0x70, 0xc0, 0x88, 0x09, 0xfd,
-	0xdb, 0x08, 0x1e, 0x1e, 0xa7, 0xf5, 0x5d, 0x3b, 0xea, 0xb0, 0xf5, 0xe1, 0x38, 0xf5, 0xcd, 0x0e,
-	0x35, 0x77, 0xc3, 0x5e, 0x57, 0xba, 0xac, 0xa4, 0x67, 0x53, 0x5f, 0xff, 0x29, 0x82, 0xfa, 0x44,
-	0x4c, 0x77, 0x03, 0xe2, 0xfb, 0x34, 0xc0, 0xcf, 0x42, 0xe9, 0x1e, 0xfb, 0x81, 0x1f, 0xd0, 0x4a,
-	0xab, 0xd1, 0x50, 0x03, 0xfc, 0x44, 0x2e, 0xcf, 0xfd, 0x9f, 0x11, 0x2f, 0xc7, 0x0d, 0x69, 0x9e,
-	0x02, 0xe7, 0x73, 0x22, 0xc3, 0x27, 0xb1, 0x22, 0x9b, 0xcf, 0xa7, 0x3d, 0xb3, 0x08, 0x0b, 0x3e,
-	0x09, 0x22, 0xfd, 0x38, 0x3c, 0x90, 0x3d, 0x1e, 0xbe, 0xe7, 0x86, 0x54, 0xff, 0x4d, 0xd6, 0x9b,
-	0x36, 0x02, 0x4a, 0x22, 0x6a, 0xd0, 0x7b, 0x3d, 0x1a, 0x46, 0x78, 0x17, 0xd4, 0x9c, 0xc3, 0xad,
-	0x5a, 0x69, 0x6d, 0x36, 0xd2, 0xa0, 0xdd, 0x90, 0x41, 0x9b, 0x7f, 0x7c, 0xc9, 0xb4, 0x1a, 0xfd,
-	0x47, 0x1b, 0xfe, 0x6e, 0xbb, 0xc1, 0x52, 0x40, 0x06, 0x99, 0x4c, 0x01, 0xaa, 0xaa, 0x86, 0xca,
-	0x1d, 0x9f, 0x80, 0xc5, 0x9e, 0x1f, 0xd2, 0x20, 0xe2, 0x9a, 0x95, 0x0d, 0x41, 0xb1, 0xfd, 0xeb,
-	0x13, 0xc7, 0xb6, 0x48, 0x14, 0xef, 0x4f, 0xd9, 0x48, 0x68, 0xfd, 0xb7, 0x59, 0xf4, 0x2f, 0xf8,
-	0xd6, 0xc7, 0x85, 0x5e, 0x45, 0x59, 0xc8, 0xa2, 0x54, 0x3d, 0xa8, 0x98, 0xf5, 0xa0, 0x5f, 0x66,
-	0xf1, 0x5f, 0xa3, 0x0e, 0x4d, 0xf1, 0x8f, 0x72, 0x66, 0x0d, 0x96, 0x4c, 0x12, 0x9a, 0xc4, 0x92,
-	0x52, 0x24, 0xc9, 0x02, 0x99, 0x1f, 0x78, 0x3e, 0x69, 0x73, 0x4e, 0xb7, 0x3d, 0xc7, 0x36, 0xf7,
-	0x84, 0xb8, 0xe1, 0x1f, 0x86, 0x1c, 0x7f, 0x21, 0xdf, 0xf1, 0x4b, 0x59, 0xd8, 0xa7, 0xa1, 0xb2,
-	0xbd, 0xe7, 0x9a, 0xcf, 0xfb, 0xf1, 0xe1, 0x3e, 0x06, 0x25, 0x3b, 0xa2, 0xdd, 0x50, 0x43, 0xfc,
-	0x60, 0xc7, 0x84, 0xfe, 0xaf, 0x12, 0x9c, 0x50, 0x74, 0x63, 0x0b, 0xf2, 0x34, 0xcb, 0x8b, 0x52,
-	0x27, 0x60, 0xd1, 0x0a, 0xf6, 0x8c, 0x9e, 0x2b, 0x1c, 0x40, 0x50, 0x4c, 0xb0, 0x1f, 0xf4, 0xdc,
-	0x18, 0x7e, 0xd9, 0x88, 0x09, 0xbc, 0x03, 0xe5, 0x30, 0x62, 0xb7, 0x8c, 0xf6, 0x1e, 0x07, 0x5e,
-	0x69, 0x7d, 0x76, 0xb6, 0x4d, 0x67, 0xd0, 0xb7, 0x05, 0x47, 0x23, 0xe1, 0x8d, 0xef, 0xb1, 0x98,
-	0x16, 0x07, 0xba, 0x50, 0x5b, 0xaa, 0x15, 0xeb, 0x95, 0xd6, 0xf6, 0xec, 0x82, 0x9e, 0xf7, 0xd9,
-	0x0d, 0x49, 0xc9, 0x60, 0x46, 0x2a, 0x85, 0x85, 0xd1, 0xae, 0x88, 0x0f, 0xa1, 0xb8, 0x0d, 0xa4,
-	0x03, 0xf8, 0x0b, 0x50, 0xb2, 0xdd, 0x1d, 0x2f, 0xd4, 0x96, 0x39, 0x98, 0x67, 0x66, 0x03, 0xb3,
-	0xe9, 0xee, 0x78, 0x46, 0xcc, 0x10, 0xdf, 0x83, 0x83, 0x01, 0x8d, 0x82, 0x3d, 0x69, 0x05, 0x0d,
-	0xb8, 0x5d, 0x3f, 0x37, 0x9b, 0x04, 0x43, 0x65, 0x69, 0x64, 0x25, 0xe0, 0x75, 0xa8, 0x84, 0xa9,
-	0x8f, 0x69, 0x15, 0x2e, 0x50, 0xcb, 0x30, 0x52, 0x7c, 0xd0, 0x50, 0x27, 0x0f, 0x79, 0xf7, 0x81,
-	0x7c, 0xef, 0x3e, 0x38, 0x31, 0xab, 0x1d, 0x9a, 0x22, 0xab, 0x1d, 0x1e, 0xcc, 0x6a, 0x1f, 0x22,
-	0x58, 0x19, 0x0a, 0x4e, 0xdb, 0x3e, 0xcd, 0x3d, 0x06, 0x04, 0x16, 0x42, 0x9f, 0x9a, 0x3c, 0x53,
-	0x55, 0x5a, 0x37, 0xe7, 0x16, 0xad, 0xb8, 0x5c, 0xce, 0x3a, 0x2f, 0xa0, 0xce, 0x18, 0x17, 0x7e,
-	0x84, 0xe0, 0xff, 0x15, 0x99, 0xb7, 0x49, 0x64, 0x76, 0xf2, 0x94, 0x65, 0xe7, 0x97, 0xcd, 0x11,
-	0x79, 0x39, 0x26, 0x98, 0x55, 0xf9, 0xc7, 0x9d, 0x3d, 0x9f, 0x01, 0x64, 0xbf, 0xa4, 0x03, 0x33,
-	0x5e, 0x9e, 0x7e, 0x86, 0xa0, 0xaa, 0xc6, 0x70, 0xcf, 0x71, 0x5e, 0x26, 0xe6, 0x6e, 0x1e, 0xc8,
-	0x43, 0x50, 0xb0, 0x2d, 0x8e, 0xb0, 0x68, 0x14, 0x6c, 0x6b, 0x9f, 0xc1, 0x68, 0x10, 0xee, 0x62,
-	0x3e, 0xdc, 0xa5, 0x2c, 0xdc, 0x8f, 0x06, 0xe0, 0xca, 0x90, 0x90, 0x03, 0x77, 0x05, 0x96, 0xdd,
-	0x81, 0x8b, 0x6c, 0x3a, 0x30, 0xe2, 0x02, 0x5b, 0x18, 0xba, 0xc0, 0x6a, 0xb0, 0xd4, 0x4f, 0x9e,
-	0x39, 0xec, 0x67, 0x49, 0x32, 0x15, 0xdb, 0x81, 0xd7, 0xf3, 0x85, 0xd1, 0x63, 0x82, 0xa1, 0xd8,
-	0xb5, 0x5d, 0x76, 0x25, 0xe7, 0x28, 0xd8, 0xf7, 0xfe, 0x1f, 0x36, 0x19, 0xb5, 0x7f, 0x5e, 0x80,
-	0x4f, 0x8c, 0x50, 0x7b, 0xa2, 0x3f, 0xdd, 0x1f, 0xba, 0x27, 0x5e, 0xbd, 0x34, 0xd6, 0xab, 0xcb,
-	0x93, 0xbc, 0x7a, 0x39, 0xdf, 0x5e, 0x90, 0xb5, 0xd7, 0x4f, 0x0a, 0x50, 0x1b, 0x61, 0xaf, 0xc9,
-	0xd7, 0x89, 0xfb, 0xc6, 0x60, 0x3b, 0x5e, 0x20, 0xbc, 0xa4, 0x6c, 0xc4, 0x04, 0x3b, 0x67, 0x5e,
-	0xe0, 0x77, 0x88, 0xcb, 0xbd, 0xa3, 0x6c, 0x08, 0x6a, 0x46, 0x53, 0x5d, 0x03, 0x4d, 0x9a, 0xe7,
-	0xaa, 0x19, 0x07, 0xa9, 0x80, 0x74, 0x69, 0x44, 0x83, 0x70, 0x5c, 0x88, 0xea, 0x13, 0xa7, 0x47,
-	0x65, 0x88, 0xe2, 0x84, 0xfe, 0x66, 0x61, 0x90, 0x8d, 0xd1, 0x73, 0xef, 0x7f, 0x43, 0x9f, 0x80,
-	0x45, 0xc2, 0xd1, 0x0a, 0xd7, 0x14, 0xd4, 0x90, 0x49, 0xcb, 0xf9, 0x26, 0x5d, 0xce, 0x98, 0x74,
-	0xbd, 0xa0, 0x21, 0xfd, 0xc3, 0x02, 0x54, 0xc7, 0x19, 0xe4, 0xc5, 0xd6, 0xff, 0x9a, 0x49, 0x30,
-	0x01, 0x2d, 0x18, 0xe3, 0x65, 0x1a, 0xf0, 0xcb, 0xd9, 0xd9, 0x4c, 0xc6, 0x1e, 0xe7, 0x92, 0xc6,
-	0x58, 0x36, 0xfa, 0x37, 0x10, 0x9c, 0xcc, 0x2e, 0x0b, 0xb7, 0xec, 0x30, 0x92, 0x0f, 0x3b, 0xbc,
-	0x03, 0x4b, 0xb1, 0x2a, 0xf1, 0xb5, 0xbc, 0xd2, 0xda, 0x9a, 0xf5, 0xb2, 0x96, 0xd9, 0x5d, 0xc9,
-	0x5c, 0x7f, 0x1c, 0x4e, 0x8e, 0xcc, 0x50, 0x02, 0x46, 0x15, 0xca, 0xf2, 0x82, 0x2a, 0x76, 0x3f,
-	0xa1, 0xf5, 0x77, 0x16, 0xb2, 0xd7, 0x05, 0xcf, 0xda, 0xf2, 0xda, 0x39, 0xb5, 0x9a, 0x7c, 0x8f,
-	0x61, 0xbb, 0xe1, 0x59, 0x4a, 0x59, 0x46, 0x92, 0x6c, 0x9d, 0xe9, 0xb9, 0x11, 0xb1, 0x5d, 0x1a,
-	0x88, 0x1b, 0x4d, 0x3a, 0xc0, 0x76, 0x3a, 0xb4, 0x5d, 0x93, 0x6e, 0x53, 0xd3, 0x73, 0xad, 0x90,
-	0xbb, 0x4c, 0xd1, 0xc8, 0x8c, 0xe1, 0xe7, 0x60, 0x99, 0xd3, 0x77, 0xec, 0x6e, 0x9c, 0xc2, 0x2b,
-	0xad, 0xd5, 0x46, 0x5c, 0x3f, 0x6d, 0xa8, 0xf5, 0xd3, 0xd4, 0x86, 0x5d, 0x1a, 0x91, 0x46, 0xff,
-	0x72, 0x83, 0xad, 0x30, 0xd2, 0xc5, 0x0c, 0x4b, 0x44, 0x6c, 0x67, 0xcb, 0x76, 0xf9, 0xa3, 0x81,
-	0x89, 0x4a, 0x07, 0x98, 0x37, 0xee, 0x78, 0x8e, 0xe3, 0xbd, 0x22, 0x63, 0x5e, 0x4c, 0xb1, 0x55,
-	0x3d, 0x37, 0xb2, 0x1d, 0x2e, 0x3f, 0xf6, 0xb5, 0x74, 0x80, 0xaf, 0xb2, 0x9d, 0x88, 0x06, 0x22,
-	0xd8, 0x09, 0x2a, 0xf1, 0xf7, 0x4a, 0x5c, 0x12, 0x94, 0xb1, 0x36, 0x3e, 0x19, 0x07, 0xd4, 0x93,
-	0x31, 0x78, 0xda, 0x0e, 0x8e, 0xa8, 0x6b, 0xf1, 0x0a, 0x29, 0xed, 0xdb, 0x5e, 0x8f, 0xdd, 0x87,
-	0xf9, 0xb5, 0x51, 0xd2, 0x43, 0xa7, 0xe5, 0x70, 0xfe, 0x69, 0x39, 0x92, 0x3d, 0x2d, 0xfc, 0x55,
-	0x13, 0x99, 0x9d, 0x0d, 0x12, 0x52, 0xed, 0x28, 0x67, 0x9d, 0x0e, 0xe8, 0xbf, 0x43, 0x50, 0xde,
-	0xf2, 0xda, 0xd7, 0xdd, 0x28, 0xd8, 0xe3, 0xef, 0x5f, 0xcf, 0x8d, 0xa8, 0x2b, 0xbd, 0x49, 0x92,
-	0x6c, 0x8b, 0x22, 0xbb, 0x4b, 0xb7, 0x23, 0xd2, 0xf5, 0xc5, 0xed, 0x79, 0x5f, 0x5b, 0x94, 0x2c,
-	0x66, 0x66, 0x73, 0x48, 0x18, 0xf1, 0x90, 0x53, 0x36, 0xf8, 0x37, 0x53, 0x30, 0x99, 0xb0, 0x1d,
-	0x05, 0x22, 0xde, 0x64, 0xc6, 0x54, 0x07, 0x2c, 0xc5, 0xd8, 0x04, 0xa9, 0x77, 0xe1, 0xc1, 0xe4,
-	0x59, 0x77, 0x87, 0x06, 0x5d, 0xdb, 0x25, 0xf9, 0x79, 0x79, 0x8a, 0xc2, 0x6d, 0x4e, 0x55, 0xc1,
-	0xcb, 0x1c, 0x49, 0xf6, 0x4a, 0xba, 0x6b, 0xbb, 0x96, 0xf7, 0x4a, 0xce, 0xd1, 0x9a, 0x4d, 0xe0,
-	0x5f, 0xb2, 0xb5, 0x57, 0x45, 0x62, 0x12, 0x07, 0x9e, 0x83, 0x83, 0x2c, 0x62, 0xf4, 0xa9, 0xf8,
-	0x41, 0x04, 0x25, 0x7d, 0x5c, 0x19, 0x2c, 0xe5, 0x61, 0x64, 0x17, 0xe2, 0x2d, 0x38, 0x4c, 0xc2,
-	0xd0, 0x6e, 0xbb, 0xd4, 0x92, 0xbc, 0x0a, 0x53, 0xf3, 0x1a, 0x5c, 0x1a, 0x17, 0x54, 0xf8, 0x0c,
-	0xb1, 0xdf, 0x92, 0xd4, 0xbf, 0x8e, 0xe0, 0xf8, 0x48, 0x26, 0xc9, 0xb9, 0x42, 0x4a, 0x1e, 0xa9,
-	0x42, 0x39, 0x34, 0x3b, 0xd4, 0xea, 0x39, 0xf2, 0xaa, 0x90, 0xd0, 0xec, 0x37, 0xab, 0x17, 0xef,
-	0xbe, 0xc8, 0x63, 0x09, 0x8d, 0x4f, 0x01, 0x74, 0x89, 0xdb, 0x23, 0x0e, 0x87, 0xb0, 0xc0, 0x21,
-	0x28, 0x23, 0xfa, 0x0a, 0x54, 0x47, 0xb9, 0x8e, 0xa8, 0xde, 0xfd, 0x13, 0xc1, 0x21, 0x19, 0x72,
-	0xc5, 0xee, 0xd6, 0xe1, 0xb0, 0x62, 0x86, 0x5b, 0xe9, 0x46, 0x0f, 0x0e, 0x4f, 0x08, 0xa7, 0xd2,
-	0x4b, 0x8a, 0xd9, 0xf6, 0x49, 0x3f, 0xd3, 0x00, 0x99, 0x3a, 0xe1, 0xa2, 0x39, 0xbd, 0x0c, 0xbe,
-	0x06, 0xda, 0x4d, 0xe2, 0x92, 0x36, 0xb5, 0x12, 0xb5, 0x13, 0x17, 0xfb, 0xb2, 0x5a, 0x86, 0x9a,
-	0xb9, 0xe8, 0x93, 0x5c, 0xa2, 0xed, 0x9d, 0x1d, 0x59, 0xd2, 0x0a, 0xa0, 0xbc, 0x65, 0xbb, 0xbb,
-	0x9b, 0xee, 0x8e, 0xc7, 0x34, 0x8e, 0xec, 0xc8, 0x91, 0xd6, 0x8d, 0x09, 0x7c, 0x04, 0x8a, 0xbd,
-	0xc0, 0x11, 0x1e, 0xc0, 0x3e, 0x71, 0x0d, 0x2a, 0x16, 0x0d, 0xcd, 0xc0, 0xf6, 0xc5, 0xfe, 0xf3,
-	0x76, 0x80, 0x32, 0xc4, 0xf6, 0xc1, 0x36, 0x3d, 0x77, 0xc3, 0x21, 0x61, 0x28, 0xd3, 0x53, 0x32,
-	0xa0, 0x3f, 0x09, 0x07, 0x99, 0xcc, 0x54, 0xcd, 0x0b, 0x59, 0x35, 0x8f, 0x67, 0xe0, 0x4b, 0x78,
-	0x12, 0x31, 0x81, 0x07, 0xd8, 0xad, 0xe0, 0xaa, 0xef, 0x0b, 0x26, 0x53, 0x5e, 0x51, 0x8b, 0xa3,
-	0xb2, 0xeb, 0xc8, 0x2a, 0x78, 0xeb, 0xbd, 0x73, 0x80, 0xd5, 0x73, 0x42, 0x83, 0xbe, 0x6d, 0x52,
-	0xfc, 0x1d, 0x04, 0x0b, 0x4c, 0x34, 0x7e, 0x68, 0xdc, 0xb1, 0xe4, 0xfe, 0x5a, 0x9d, 0x5f, 0x89,
-	0x83, 0x49, 0xd3, 0x57, 0x5e, 0xff, 0xeb, 0xdf, 0xbf, 0x5b, 0x38, 0x81, 0x8f, 0xf1, 0xde, 0x67,
-	0xff, 0xb2, 0xda, 0x87, 0x0c, 0xf1, 0x1b, 0x08, 0xb0, 0xb8, 0x25, 0x29, 0xdd, 0x21, 0x7c, 0x61,
-	0x1c, 0xc4, 0x11, 0x5d, 0xa4, 0xea, 0x43, 0x4a, 0x56, 0x69, 0x98, 0x5e, 0x40, 0x59, 0x0e, 0xe1,
-	0x13, 0x38, 0x80, 0x55, 0x0e, 0xe0, 0x0c, 0xd6, 0x47, 0x01, 0x68, 0xbe, 0xca, 0x2c, 0xfa, 0x5a,
-	0x93, 0xc6, 0x72, 0xdf, 0x46, 0x50, 0xba, 0xcb, 0x5f, 0x87, 0x13, 0x8c, 0xb4, 0x3d, 0x37, 0x23,
-	0x71, 0x71, 0x1c, 0xad, 0x7e, 0x9a, 0x23, 0x7d, 0x08, 0x9f, 0x94, 0x48, 0xc3, 0x28, 0xa0, 0xa4,
-	0x9b, 0x01, 0x7c, 0x09, 0xe1, 0x77, 0x11, 0x2c, 0xc6, 0x6d, 0x01, 0x7c, 0x76, 0x1c, 0xca, 0x4c,
-	0xdb, 0xa0, 0x3a, 0xbf, 0x1a, 0xbb, 0xfe, 0x08, 0xc7, 0x78, 0x5a, 0x1f, 0xb9, 0x9d, 0xeb, 0x99,
-	0x0a, 0xfc, 0x5b, 0x08, 0x8a, 0x37, 0xe8, 0x44, 0x7f, 0x9b, 0x23, 0xb8, 0x21, 0x03, 0x8e, 0xd8,
-	0x6a, 0xfc, 0x0e, 0x82, 0x07, 0x6f, 0xd0, 0x68, 0x74, 0x7a, 0xc4, 0xf5, 0xc9, 0x39, 0x4b, 0xb8,
-	0xdd, 0x85, 0x29, 0x66, 0x26, 0x79, 0xa1, 0xc9, 0x91, 0x3d, 0x82, 0xcf, 0xe7, 0x39, 0x61, 0xb8,
-	0xe7, 0x9a, 0xaf, 0x08, 0x1c, 0x7f, 0x42, 0x70, 0x64, 0xb0, 0x0b, 0x8c, 0xf5, 0x81, 0x37, 0xca,
-	0x88, 0x26, 0x71, 0xf5, 0xd6, 0xac, 0x51, 0x36, 0xcb, 0x54, 0xbf, 0xca, 0x91, 0x3f, 0x81, 0x1f,
-	0xcf, 0x43, 0x9e, 0xd4, 0x58, 0x9b, 0xaf, 0xca, 0xcf, 0xd7, 0xf8, 0x3f, 0x16, 0x38, 0xec, 0x3f,
-	0x23, 0x38, 0x26, 0xf9, 0x6e, 0x74, 0x48, 0x10, 0x5d, 0xa3, 0xec, 0x86, 0x1d, 0x4e, 0xa5, 0xcf,
-	0x8c, 0x59, 0x43, 0x95, 0xa7, 0x5f, 0xe7, 0xba, 0x3c, 0x8d, 0x9f, 0xda, 0xb7, 0x2e, 0x26, 0x63,
-	0x63, 0x09, 0xd8, 0xef, 0x21, 0x38, 0x74, 0x83, 0x46, 0xcf, 0x6f, 0x6c, 0xee, 0x6b, 0x67, 0x66,
-	0x74, 0x74, 0x45, 0x9c, 0x7e, 0x8d, 0x2b, 0xf2, 0x69, 0xfc, 0xe4, 0xbe, 0x15, 0xf1, 0x4c, 0x3b,
-	0xd9, 0x97, 0xd7, 0x11, 0x1c, 0xb8, 0x41, 0xa3, 0x9b, 0x49, 0xbf, 0xe2, 0xec, 0x54, 0x3d, 0xd0,
-	0xea, 0x4a, 0x43, 0xf9, 0xc3, 0x87, 0xfc, 0x29, 0x71, 0xf5, 0x35, 0x8e, 0xed, 0x3c, 0x3e, 0x9b,
-	0x87, 0x2d, 0xed, 0x91, 0xbc, 0x8d, 0xe0, 0xb8, 0x0a, 0x22, 0xed, 0x1d, 0x7f, 0x72, 0x7f, 0x1d,
-	0x59, 0xd1, 0xd7, 0x9d, 0x80, 0xae, 0xc5, 0xd1, 0x5d, 0xd4, 0x47, 0x1f, 0xc4, 0xee, 0x10, 0x8a,
-	0x75, 0xb4, 0x5a, 0x47, 0xf8, 0xf7, 0x08, 0x16, 0xe3, 0x76, 0xc1, 0x78, 0x1b, 0x65, 0x7a, 0x9d,
-	0xf3, 0x8c, 0x6a, 0xc2, 0x6b, 0xab, 0x97, 0x46, 0x1b, 0x54, 0x5d, 0x2f, 0xb7, 0xb6, 0xc1, 0xad,
-	0x9c, 0x0d, 0xc7, 0xbf, 0x42, 0x00, 0x69, 0xcb, 0x03, 0x3f, 0x92, 0xaf, 0x87, 0xd2, 0x16, 0xa9,
-	0xce, 0xb7, 0xe9, 0xa1, 0x37, 0xb8, 0x3e, 0xf5, 0x6a, 0x2d, 0x37, 0x16, 0xfa, 0xd4, 0x5c, 0x8f,
-	0xdb, 0x23, 0x3f, 0x46, 0x50, 0xe2, 0x95, 0x66, 0x7c, 0x66, 0x1c, 0x66, 0xb5, 0x10, 0x3d, 0x4f,
-	0xd3, 0x9f, 0xe3, 0x50, 0x6b, 0xad, 0xbc, 0x84, 0xb2, 0x8e, 0x56, 0x71, 0x1f, 0x16, 0xe3, 0xda,
-	0xee, 0x78, 0xf7, 0xc8, 0xd4, 0x7e, 0xab, 0xb5, 0x9c, 0x0b, 0x4e, 0xec, 0xa8, 0x22, 0x97, 0xad,
-	0x4e, 0xca, 0x65, 0x0b, 0x2c, 0xdd, 0xe0, 0xd3, 0x79, 0xc9, 0xe8, 0xbf, 0x60, 0x98, 0x0b, 0x1c,
-	0xdd, 0x59, 0xbd, 0x36, 0x29, 0x9f, 0x31, 0xeb, 0x7c, 0x0f, 0xc1, 0x91, 0xc1, 0x47, 0x02, 0x3e,
-	0x39, 0xb2, 0xde, 0x26, 0x72, 0x6b, 0xd6, 0x8a, 0xe3, 0x1e, 0x18, 0xfa, 0x67, 0x38, 0x8a, 0x75,
-	0xfc, 0xd8, 0xc4, 0x93, 0x71, 0x4b, 0x46, 0x1d, 0xc6, 0x68, 0x2d, 0xed, 0xdf, 0xfe, 0x1a, 0xc1,
-	0x01, 0xc9, 0xf7, 0x4e, 0x40, 0x69, 0x3e, 0xac, 0xf9, 0x1d, 0x04, 0x26, 0x4b, 0x7f, 0x92, 0xc3,
-	0xff, 0x14, 0xbe, 0x32, 0x25, 0x7c, 0x09, 0x7b, 0x2d, 0x62, 0x48, 0xff, 0x80, 0xe0, 0xe8, 0xdd,
-	0xd8, 0xef, 0x3f, 0x26, 0xfc, 0x1b, 0x1c, 0xff, 0x53, 0xf8, 0x89, 0x9c, 0xfb, 0xea, 0x24, 0x35,
-	0x2e, 0x21, 0xfc, 0x0b, 0x04, 0x65, 0xd9, 0xf7, 0xc3, 0xe7, 0xc7, 0x1e, 0x8c, 0x6c, 0x67, 0x70,
-	0x9e, 0xce, 0x2c, 0x2e, 0x67, 0xfa, 0x99, 0xdc, 0x6c, 0x2a, 0xe4, 0x33, 0x87, 0x7e, 0x0b, 0x01,
-	0x4e, 0xde, 0xfe, 0x49, 0x35, 0x00, 0x9f, 0xcb, 0x88, 0x1a, 0x5b, 0x60, 0xaa, 0x9e, 0x9f, 0x38,
-	0x2f, 0x9b, 0x4a, 0x57, 0x73, 0x53, 0xa9, 0x97, 0xc8, 0x7f, 0x13, 0x41, 0xe5, 0x06, 0x4d, 0xde,
-	0x52, 0x39, 0xb6, 0xcc, 0xb6, 0x2d, 0xab, 0xf5, 0xc9, 0x13, 0x05, 0xa2, 0x8b, 0x1c, 0xd1, 0x39,
-	0x9c, 0x6f, 0x2a, 0x09, 0xe0, 0xfb, 0x08, 0x0e, 0xde, 0x56, 0x5d, 0x14, 0x5f, 0x9c, 0x24, 0x29,
-	0x13, 0xc9, 0xa7, 0xc7, 0xf5, 0x28, 0xc7, 0xb5, 0xa6, 0x4f, 0x85, 0x6b, 0x5d, 0x74, 0x00, 0x7f,
-	0x88, 0xe2, 0xc7, 0xf8, 0x40, 0xd5, 0xfe, 0x3f, 0xb5, 0x5b, 0x4e, 0xf1, 0x5f, 0xbf, 0xc2, 0xf1,
-	0x35, 0xf0, 0xc5, 0x69, 0xf0, 0x35, 0x45, 0x29, 0x1f, 0xff, 0x00, 0xc1, 0x51, 0xde, 0xb6, 0x51,
-	0x19, 0xe3, 0xbc, 0x4e, 0x45, 0xda, 0xe4, 0x99, 0x22, 0xc5, 0x3c, 0x1d, 0xc7, 0x1f, 0x7d, 0x5f,
-	0xa0, 0xd6, 0x45, 0x43, 0xe6, 0x9b, 0x05, 0xc4, 0xf6, 0xf7, 0x81, 0x21, 0x7c, 0x2f, 0xb6, 0x06,
-	0x0c, 0x38, 0xbe, 0x0d, 0x35, 0x05, 0xc6, 0x75, 0x8e, 0xf1, 0x8a, 0xde, 0xdc, 0x0f, 0xc6, 0x66,
-	0xbf, 0xc5, 0x8e, 0xe9, 0xb7, 0x10, 0x1c, 0x92, 0x69, 0x57, 0xf8, 0xdf, 0xda, 0xa4, 0xad, 0xdd,
-	0x6f, 0x9a, 0x16, 0x07, 0x62, 0x75, 0xba, 0x03, 0xf1, 0x2e, 0x82, 0x25, 0xd1, 0x55, 0xc9, 0xb9,
-	0xcc, 0x28, 0x6d, 0x97, 0xea, 0x40, 0x35, 0x49, 0x94, 0xdd, 0xf5, 0x2f, 0x72, 0xb1, 0x2f, 0xe0,
-	0x5c, 0xb3, 0xf8, 0x9e, 0x15, 0x36, 0x5f, 0x15, 0x35, 0xef, 0xd7, 0x9a, 0x8e, 0xd7, 0x0e, 0x5f,
-	0xd2, 0x71, 0x6e, 0xca, 0x66, 0x73, 0x2e, 0x21, 0x1c, 0xc1, 0x32, 0x73, 0x5f, 0x5e, 0xa2, 0xc2,
-	0xb5, 0x81, 0x82, 0xd6, 0x50, 0xf5, 0xaa, 0x5a, 0x1d, 0x2a, 0x79, 0xa5, 0x39, 0x5a, 0x14, 0x0c,
-	0xf0, 0xc3, 0xb9, 0x62, 0xb9, 0xa0, 0x37, 0x10, 0x1c, 0x55, 0xcf, 0x63, 0x2c, 0x7e, 0xea, 0xd3,
-	0x98, 0x87, 0x42, 0x5c, 0xfb, 0xf1, 0xea, 0x54, 0x6e, 0xc4, 0xe1, 0x3c, 0xf3, 0xec, 0x1f, 0x3f,
-	0x38, 0x85, 0xde, 0xff, 0xe0, 0x14, 0xfa, 0xdb, 0x07, 0xa7, 0xd0, 0x4b, 0x8f, 0x4d, 0xf7, 0x3f,
-	0x7b, 0xd3, 0xb1, 0xa9, 0x1b, 0xa9, 0xec, 0xff, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x81, 0x66, 0x91,
-	0xb9, 0x4d, 0x30, 0x00, 0x00,
+	// 3004 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x5b, 0xcd, 0x8f, 0x1c, 0x47,
+	0x15, 0xa7, 0x66, 0x76, 0x76, 0x67, 0xdf, 0x78, 0xfd, 0x51, 0xb1, 0x4d, 0x67, 0xbc, 0x31, 0x9b,
+	0xb6, 0x1d, 0x6f, 0xd6, 0xde, 0x19, 0x7b, 0x62, 0x20, 0xd9, 0x24, 0x04, 0x67, 0xed, 0x38, 0x0b,
+	0x6b, 0xc7, 0xf4, 0x3a, 0x31, 0x0a, 0x07, 0xa8, 0x74, 0xd7, 0xce, 0x36, 0x3b, 0xd3, 0xdd, 0xee,
+	0xee, 0x99, 0xb0, 0x0a, 0xb9, 0x04, 0x21, 0x71, 0x88, 0x82, 0x80, 0x1c, 0x38, 0xf0, 0x99, 0x28,
+	0x08, 0x21, 0x10, 0x17, 0x84, 0x90, 0x10, 0x12, 0x1c, 0x82, 0xe0, 0x80, 0x14, 0xc1, 0x3f, 0x80,
+	0x22, 0xc4, 0x31, 0xb9, 0xe4, 0x8c, 0x50, 0x55, 0x57, 0x75, 0x57, 0xcd, 0x47, 0xcf, 0x2c, 0x33,
+	0x10, 0x4b, 0xdc, 0xfa, 0xd5, 0x74, 0xbf, 0xf7, 0x7b, 0xaf, 0xde, 0x7b, 0xf5, 0xea, 0xbd, 0x5d,
+	0x38, 0x1d, 0xd1, 0xb0, 0x4b, 0xc3, 0x3a, 0x09, 0x82, 0x96, 0x6b, 0x93, 0xd8, 0xf5, 0x3d, 0xf5,
+	0xb9, 0x16, 0x84, 0x7e, 0xec, 0xe3, 0x8a, 0xb2, 0x54, 0x5d, 0x6c, 0xfa, 0x7e, 0xb3, 0x45, 0xeb,
+	0x24, 0x70, 0xeb, 0xc4, 0xf3, 0xfc, 0x98, 0x2f, 0x47, 0xc9, 0xab, 0x55, 0x73, 0xf7, 0xe1, 0xa8,
+	0xe6, 0xfa, 0xfc, 0x57, 0xdb, 0x0f, 0x69, 0xbd, 0x7b, 0xb1, 0xde, 0xa4, 0x1e, 0x0d, 0x49, 0x4c,
+	0x1d, 0xf1, 0xce, 0xa5, 0xec, 0x9d, 0x36, 0xb1, 0x77, 0x5c, 0x8f, 0x86, 0x7b, 0xf5, 0x60, 0xb7,
+	0xc9, 0x16, 0xa2, 0x7a, 0x9b, 0xc6, 0x64, 0xd0, 0x57, 0x9b, 0x4d, 0x37, 0xde, 0xe9, 0xbc, 0x50,
+	0xb3, 0xfd, 0x76, 0x9d, 0x84, 0x4d, 0x3f, 0x08, 0xfd, 0x2f, 0xf3, 0x87, 0x55, 0xdb, 0xa9, 0x77,
+	0x1f, 0xca, 0x18, 0xa8, 0xba, 0x74, 0x2f, 0x92, 0x56, 0xb0, 0x43, 0xfa, 0xb9, 0x5d, 0x1d, 0xc1,
+	0x2d, 0xa4, 0x81, 0x2f, 0x6c, 0xc3, 0x1f, 0xdd, 0xd8, 0x0f, 0xf7, 0x94, 0xc7, 0x84, 0x8d, 0xf9,
+	0x01, 0x82, 0xc3, 0x97, 0x33, 0x79, 0x9f, 0xeb, 0xd0, 0x70, 0x0f, 0x63, 0x98, 0xf1, 0x48, 0x9b,
+	0x1a, 0x68, 0x09, 0x2d, 0xcf, 0x5b, 0xfc, 0x19, 0x1b, 0x30, 0x17, 0xd2, 0xed, 0x90, 0x46, 0x3b,
+	0x46, 0x81, 0x2f, 0x4b, 0x12, 0x57, 0xa1, 0xcc, 0x84, 0x53, 0x3b, 0x8e, 0x8c, 0xe2, 0x52, 0x71,
+	0x79, 0xde, 0x4a, 0x69, 0xbc, 0x0c, 0x87, 0x42, 0x1a, 0xf9, 0x9d, 0xd0, 0xa6, 0xcf, 0xd1, 0x30,
+	0x72, 0x7d, 0xcf, 0x98, 0xe1, 0x5f, 0xf7, 0x2e, 0x33, 0x2e, 0x11, 0x6d, 0x51, 0x3b, 0xf6, 0x43,
+	0xa3, 0xc4, 0x5f, 0x49, 0x69, 0x86, 0x87, 0x01, 0x37, 0x66, 0x13, 0x3c, 0xec, 0x19, 0x9b, 0x70,
+	0x80, 0x04, 0xc1, 0x0d, 0xd2, 0xa6, 0x51, 0x40, 0x6c, 0x6a, 0xcc, 0xf1, 0xdf, 0xb4, 0x35, 0x86,
+	0x59, 0x20, 0x31, 0xca, 0x1c, 0x98, 0x24, 0xcd, 0x75, 0x98, 0xbf, 0xe1, 0x3b, 0x74, 0xb8, 0xba,
+	0xbd, 0xec, 0x0b, 0xfd, 0xec, 0xcd, 0xb7, 0x11, 0x1c, 0xb3, 0x68, 0xd7, 0x65, 0xf8, 0xaf, 0xd3,
+	0x98, 0x38, 0x24, 0x26, 0xbd, 0x1c, 0x0b, 0x29, 0xc7, 0x2a, 0x94, 0x43, 0xf1, 0xb2, 0x51, 0xe0,
+	0xeb, 0x29, 0xdd, 0x27, 0xad, 0x98, 0xaf, 0x4c, 0x62, 0x42, 0x49, 0xe2, 0x25, 0xa8, 0x24, 0xb6,
+	0xdc, 0xf0, 0x1c, 0xfa, 0x15, 0x6e, 0xbd, 0x92, 0xa5, 0x2e, 0xe1, 0x45, 0x98, 0xef, 0x26, 0x76,
+	0xde, 0x70, 0xb8, 0x15, 0x4b, 0x56, 0xb6, 0x60, 0xfe, 0x13, 0xc1, 0x49, 0xc5, 0x07, 0x2c, 0xb1,
+	0x33, 0x57, 0xbb, 0xd4, 0x8b, 0xa3, 0xe1, 0x0a, 0x9d, 0x87, 0x23, 0x72, 0x13, 0x7b, 0xed, 0xd4,
+	0xff, 0x03, 0x53, 0x51, 0x5d, 0x94, 0x2a, 0xaa, 0x6b, 0x4c, 0x11, 0x49, 0x3f, 0xbb, 0x71, 0x45,
+	0xa8, 0xa9, 0x2e, 0xf5, 0x19, 0xaa, 0x94, 0x6f, 0xa8, 0x59, 0xcd, 0x50, 0xe6, 0x3b, 0x08, 0x0c,
+	0x45, 0xd1, 0xeb, 0xc4, 0x73, 0xb7, 0x69, 0x14, 0x8f, 0xbb, 0x67, 0x68, 0x8a, 0x7b, 0xb6, 0x0c,
+	0x87, 0x12, 0xad, 0x6e, 0xb2, 0x78, 0x64, 0xf9, 0xc7, 0x28, 0x2d, 0x15, 0x97, 0x8b, 0x56, 0xef,
+	0x32, 0xdb, 0x3b, 0x29, 0x33, 0x32, 0x66, 0xb9, 0x1b, 0x67, 0x0b, 0xe6, 0xfd, 0x30, 0xff, 0x94,
+	0xdb, 0xa2, 0xeb, 0x3b, 0x1d, 0x6f, 0x17, 0x1f, 0x85, 0x92, 0xcd, 0x1e, 0xb8, 0x0e, 0x07, 0xac,
+	0x84, 0x30, 0xbf, 0x85, 0xe0, 0xfe, 0x61, 0x5a, 0xdf, 0x76, 0xe3, 0x1d, 0xf6, 0x7d, 0x34, 0x4c,
+	0x7d, 0x7b, 0x87, 0xda, 0xbb, 0x51, 0xa7, 0x2d, 0x5d, 0x56, 0xd2, 0x93, 0xa9, 0x6f, 0xfe, 0x0c,
+	0xc1, 0xf2, 0x48, 0x4c, 0xb7, 0x43, 0x12, 0x04, 0x34, 0xc4, 0x4f, 0x41, 0xe9, 0x0e, 0xfb, 0x81,
+	0x07, 0x68, 0xa5, 0x51, 0xab, 0xa9, 0x09, 0x7e, 0x24, 0x97, 0xa7, 0x3f, 0x62, 0x25, 0x9f, 0xe3,
+	0x9a, 0x34, 0x4f, 0x81, 0xf3, 0x39, 0xae, 0xf1, 0x49, 0xad, 0xc8, 0xde, 0xe7, 0xaf, 0x3d, 0x39,
+	0x0b, 0x33, 0x01, 0x09, 0x63, 0xf3, 0x18, 0xdc, 0xa3, 0x87, 0x47, 0xe0, 0x7b, 0x11, 0x35, 0x7f,
+	0xab, 0x7b, 0xd3, 0x7a, 0x48, 0x49, 0x4c, 0x2d, 0x7a, 0xa7, 0x43, 0xa3, 0x18, 0xef, 0x82, 0x7a,
+	0xe6, 0x70, 0xab, 0x56, 0x1a, 0x1b, 0xb5, 0x2c, 0x69, 0xd7, 0x64, 0xd2, 0xe6, 0x0f, 0x5f, 0xb4,
+	0x9d, 0x5a, 0xf7, 0xa1, 0x5a, 0xb0, 0xdb, 0xac, 0xb1, 0x23, 0x40, 0x43, 0x26, 0x8f, 0x00, 0x55,
+	0x55, 0x4b, 0xe5, 0x8e, 0x8f, 0xc3, 0x6c, 0x27, 0x88, 0x68, 0x18, 0x73, 0xcd, 0xca, 0x96, 0xa0,
+	0xd8, 0xfe, 0x75, 0x49, 0xcb, 0x75, 0x48, 0x9c, 0xec, 0x4f, 0xd9, 0x4a, 0x69, 0xf3, 0x77, 0x3a,
+	0xfa, 0x67, 0x03, 0xe7, 0xc3, 0x42, 0xaf, 0xa2, 0x2c, 0xe8, 0x28, 0x55, 0x0f, 0x2a, 0xea, 0x1e,
+	0xf4, 0x2b, 0x1d, 0xff, 0x15, 0xda, 0xa2, 0x19, 0xfe, 0x41, 0xce, 0x6c, 0xc0, 0x9c, 0x4d, 0x22,
+	0x9b, 0x38, 0x52, 0x8a, 0x24, 0x59, 0x22, 0x0b, 0x42, 0x3f, 0x20, 0x4d, 0xce, 0xe9, 0xa6, 0xdf,
+	0x72, 0xed, 0x3d, 0x21, 0xae, 0xff, 0x87, 0x3e, 0xc7, 0x9f, 0xc9, 0x77, 0xfc, 0x92, 0x0e, 0xfb,
+	0x14, 0x54, 0xb6, 0xf6, 0x3c, 0xfb, 0x99, 0x20, 0x09, 0xee, 0xa3, 0x50, 0x72, 0x63, 0xda, 0x8e,
+	0x0c, 0xc4, 0x03, 0x3b, 0x21, 0xcc, 0x7f, 0x95, 0xe0, 0xb8, 0xa2, 0x1b, 0xfb, 0x20, 0x4f, 0xb3,
+	0xbc, 0x2c, 0x75, 0x1c, 0x66, 0x9d, 0x70, 0xcf, 0xea, 0x78, 0xc2, 0x01, 0x04, 0xc5, 0x04, 0x07,
+	0x61, 0xc7, 0x4b, 0xe0, 0x97, 0xad, 0x84, 0xc0, 0xdb, 0x50, 0x8e, 0x62, 0x56, 0x65, 0x34, 0xf7,
+	0x38, 0xf0, 0x4a, 0xe3, 0x33, 0x93, 0x6d, 0x3a, 0x83, 0xbe, 0x25, 0x38, 0x5a, 0x29, 0x6f, 0x7c,
+	0x87, 0xe5, 0xb4, 0x24, 0xd1, 0x45, 0xc6, 0xdc, 0x52, 0x71, 0xb9, 0xd2, 0xd8, 0x9a, 0x5c, 0xd0,
+	0x33, 0x01, 0xab, 0x90, 0x94, 0x13, 0xcc, 0xca, 0xa4, 0xb0, 0x34, 0xda, 0x16, 0xf9, 0x21, 0x12,
+	0xd5, 0x40, 0xb6, 0x80, 0x3f, 0x0f, 0x25, 0xd7, 0xdb, 0xf6, 0x23, 0x63, 0x9e, 0x83, 0x79, 0x72,
+	0x32, 0x30, 0x1b, 0xde, 0xb6, 0x6f, 0x25, 0x0c, 0xf1, 0x1d, 0x58, 0x08, 0x69, 0x1c, 0xee, 0x49,
+	0x2b, 0x18, 0xc0, 0xed, 0xfa, 0xd9, 0xc9, 0x24, 0x58, 0x2a, 0x4b, 0x4b, 0x97, 0x80, 0xd7, 0xa0,
+	0x12, 0x65, 0x3e, 0x66, 0x54, 0xb8, 0x40, 0x43, 0x63, 0xa4, 0xf8, 0xa0, 0xa5, 0xbe, 0xdc, 0xe7,
+	0xdd, 0x07, 0xf2, 0xbd, 0x7b, 0x61, 0xe4, 0xa9, 0x76, 0x70, 0x8c, 0x53, 0xed, 0x50, 0xef, 0xa9,
+	0xf6, 0x3e, 0x82, 0xc5, 0xbe, 0xe4, 0xb4, 0x15, 0xd0, 0xdc, 0x30, 0x20, 0x30, 0x13, 0x05, 0xd4,
+	0xe6, 0x27, 0x55, 0xa5, 0x71, 0x7d, 0x6a, 0xd9, 0x8a, 0xcb, 0xe5, 0xac, 0xf3, 0x12, 0xea, 0x84,
+	0x79, 0xe1, 0x87, 0x08, 0x3e, 0xaa, 0xc8, 0xbc, 0x49, 0x62, 0x7b, 0x27, 0x4f, 0x59, 0x16, 0xbf,
+	0xec, 0x1d, 0x71, 0x2e, 0x27, 0x04, 0xb3, 0x2a, 0x7f, 0xb8, 0xb5, 0x17, 0x30, 0x80, 0xec, 0x97,
+	0x6c, 0x61, 0xc2, 0xe2, 0xe9, 0xe7, 0x08, 0xaa, 0x6a, 0x0e, 0xf7, 0x5b, 0xad, 0x17, 0x88, 0xbd,
+	0x9b, 0x07, 0xf2, 0x20, 0x14, 0x5c, 0x87, 0x23, 0x2c, 0x5a, 0x05, 0xd7, 0xd9, 0x67, 0x32, 0xea,
+	0x85, 0x3b, 0x9b, 0x0f, 0x77, 0x4e, 0x87, 0xfb, 0x41, 0x0f, 0x5c, 0x99, 0x12, 0x72, 0xe0, 0x2e,
+	0xc2, 0xbc, 0xd7, 0x53, 0xc8, 0x66, 0x0b, 0x03, 0x0a, 0xd8, 0x42, 0x5f, 0x01, 0x6b, 0xc0, 0x5c,
+	0x37, 0xbd, 0xe6, 0xb0, 0x9f, 0x25, 0xc9, 0x54, 0x6c, 0x86, 0x7e, 0x27, 0x10, 0x46, 0x4f, 0x08,
+	0x86, 0x62, 0xd7, 0xf5, 0x58, 0x49, 0xce, 0x51, 0xb0, 0xe7, 0xfd, 0x5f, 0x6c, 0x34, 0xb5, 0x7f,
+	0x51, 0x80, 0x8f, 0x0d, 0x50, 0x7b, 0xa4, 0x3f, 0xdd, 0x1d, 0xba, 0xa7, 0x5e, 0x3d, 0x37, 0xd4,
+	0xab, 0xcb, 0xa3, 0xbc, 0x7a, 0x3e, 0xdf, 0x5e, 0xa0, 0xdb, 0xeb, 0xa7, 0x05, 0x58, 0x1a, 0x60,
+	0xaf, 0xd1, 0xe5, 0xc4, 0x5d, 0x63, 0xb0, 0x6d, 0x3f, 0x14, 0x5e, 0x52, 0xb6, 0x12, 0x82, 0xc5,
+	0x99, 0x1f, 0x06, 0x3b, 0xc4, 0xe3, 0xde, 0x51, 0xb6, 0x04, 0x35, 0xa1, 0xa9, 0xae, 0x80, 0x21,
+	0xcd, 0x73, 0xd9, 0x4e, 0x92, 0x54, 0x48, 0xda, 0x34, 0xa6, 0x61, 0x34, 0x2c, 0x45, 0x75, 0x49,
+	0xab, 0x43, 0x65, 0x8a, 0xe2, 0x84, 0xf9, 0x5a, 0xa1, 0x97, 0x8d, 0xd5, 0xf1, 0xee, 0x7e, 0x43,
+	0x1f, 0x87, 0x59, 0xc2, 0xd1, 0x0a, 0xd7, 0x14, 0x54, 0x9f, 0x49, 0xcb, 0xf9, 0x26, 0x9d, 0xd7,
+	0x4c, 0xba, 0x56, 0x30, 0x90, 0xf9, 0x7e, 0x01, 0xaa, 0xc3, 0x0c, 0xf2, 0x5c, 0xe3, 0xff, 0xcd,
+	0x24, 0x98, 0x80, 0x11, 0x0e, 0xf1, 0x32, 0x03, 0x78, 0x71, 0x76, 0x46, 0x3b, 0xb1, 0x87, 0xb9,
+	0xa4, 0x35, 0x94, 0x8d, 0xf9, 0x75, 0x04, 0x27, 0xf4, 0xcf, 0xa2, 0x4d, 0x37, 0x8a, 0xe5, 0xc5,
+	0x0e, 0x6f, 0xc3, 0x5c, 0xa2, 0x4a, 0x52, 0x96, 0x57, 0x1a, 0x9b, 0x93, 0x16, 0x6b, 0xda, 0xee,
+	0x4a, 0xe6, 0xe6, 0x23, 0x70, 0x62, 0xe0, 0x09, 0x25, 0x60, 0x54, 0xa1, 0x2c, 0x0b, 0x54, 0xb1,
+	0xfb, 0x29, 0x6d, 0xbe, 0x39, 0xa3, 0x97, 0x0b, 0xbe, 0xb3, 0xe9, 0x37, 0x73, 0x7a, 0x35, 0xf9,
+	0x1e, 0xc3, 0x76, 0xc3, 0x77, 0x94, 0xb6, 0x8c, 0x24, 0xd9, 0x77, 0xb6, 0xef, 0xc5, 0xc4, 0xf5,
+	0x68, 0x28, 0x2a, 0x9a, 0x6c, 0x81, 0xed, 0x74, 0xe4, 0x7a, 0x36, 0xdd, 0xa2, 0xb6, 0xef, 0x39,
+	0x11, 0x77, 0x99, 0xa2, 0xa5, 0xad, 0xe1, 0xa7, 0x61, 0x9e, 0xd3, 0xb7, 0xdc, 0x76, 0x72, 0x84,
+	0x57, 0x1a, 0x2b, 0xb5, 0xa4, 0x7f, 0x5a, 0x53, 0xfb, 0xa7, 0x99, 0x0d, 0xdb, 0x34, 0x26, 0xb5,
+	0xee, 0xc5, 0x1a, 0xfb, 0xc2, 0xca, 0x3e, 0x66, 0x58, 0x62, 0xe2, 0xb6, 0x36, 0x5d, 0x8f, 0x5f,
+	0x1a, 0x98, 0xa8, 0x6c, 0x81, 0x79, 0xe3, 0xb6, 0xdf, 0x6a, 0xf9, 0x2f, 0xca, 0x9c, 0x97, 0x50,
+	0xec, 0xab, 0x8e, 0x17, 0xbb, 0x2d, 0x2e, 0x3f, 0xf1, 0xb5, 0x6c, 0x81, 0x7f, 0xe5, 0xb6, 0x62,
+	0x1a, 0x8a, 0x64, 0x27, 0xa8, 0xd4, 0xdf, 0x2b, 0x49, 0x4b, 0x50, 0xe6, 0xda, 0x24, 0x32, 0x0e,
+	0xa8, 0x91, 0xd1, 0x1b, 0x6d, 0x0b, 0x03, 0xfa, 0x5a, 0xbc, 0x43, 0x4a, 0xbb, 0xae, 0xdf, 0x61,
+	0xf5, 0x30, 0x2f, 0x1b, 0x25, 0xdd, 0x17, 0x2d, 0x87, 0xf2, 0xa3, 0xe5, 0xb0, 0x1e, 0x2d, 0xfc,
+	0x56, 0x13, 0xdb, 0x3b, 0xeb, 0x24, 0xa2, 0xc6, 0x11, 0xce, 0x3a, 0x5b, 0x30, 0x7f, 0x8f, 0xa0,
+	0xbc, 0xe9, 0x37, 0xaf, 0x7a, 0x71, 0xb8, 0xc7, 0xef, 0xbf, 0xbe, 0x17, 0x53, 0x4f, 0x7a, 0x93,
+	0x24, 0xd9, 0x16, 0xc5, 0x6e, 0x9b, 0x6e, 0xc5, 0xa4, 0x1d, 0x88, 0xea, 0x79, 0x5f, 0x5b, 0x94,
+	0x7e, 0xcc, 0xcc, 0xd6, 0x22, 0x51, 0xcc, 0x53, 0x4e, 0xd9, 0xe2, 0xcf, 0x4c, 0xc1, 0xf4, 0x85,
+	0xad, 0x38, 0x14, 0xf9, 0x46, 0x5b, 0x53, 0x1d, 0xb0, 0x94, 0x60, 0x13, 0xa4, 0xd9, 0x86, 0x7b,
+	0xd3, 0x6b, 0xdd, 0x2d, 0x1a, 0xb6, 0x5d, 0x8f, 0xe4, 0x9f, 0xcb, 0x63, 0x34, 0x6e, 0x73, 0xba,
+	0x0a, 0xbe, 0x16, 0x92, 0xec, 0x96, 0x74, 0xdb, 0xf5, 0x1c, 0xff, 0xc5, 0x9c, 0xd0, 0x9a, 0x4c,
+	0xe0, 0x5f, 0xf5, 0xde, 0xab, 0x22, 0x31, 0xcd, 0x03, 0x4f, 0xc3, 0x02, 0xcb, 0x18, 0x5d, 0x2a,
+	0x7e, 0x10, 0x49, 0xc9, 0x1c, 0xd6, 0x06, 0xcb, 0x78, 0x58, 0xfa, 0x87, 0x78, 0x13, 0x0e, 0x91,
+	0x28, 0x72, 0x9b, 0x1e, 0x75, 0x24, 0xaf, 0xc2, 0xd8, 0xbc, 0x7a, 0x3f, 0x4d, 0x1a, 0x2a, 0xfc,
+	0x0d, 0xb1, 0xdf, 0x92, 0x34, 0xbf, 0x86, 0xe0, 0xd8, 0x40, 0x26, 0x69, 0x5c, 0x21, 0xe5, 0x1c,
+	0xa9, 0x42, 0x39, 0xb2, 0x77, 0xa8, 0xd3, 0x69, 0xc9, 0x52, 0x21, 0xa5, 0xd9, 0x6f, 0x4e, 0x27,
+	0xd9, 0x7d, 0x71, 0x8e, 0xa5, 0x34, 0x3e, 0x09, 0xd0, 0x26, 0x5e, 0x87, 0xb4, 0x38, 0x84, 0x19,
+	0x0e, 0x41, 0x59, 0x31, 0x17, 0xa1, 0x3a, 0xc8, 0x75, 0x44, 0xf7, 0xee, 0x3d, 0x04, 0x07, 0x65,
+	0xca, 0x15, 0xbb, 0xbb, 0x0c, 0x87, 0x14, 0x33, 0xdc, 0xc8, 0x36, 0xba, 0x77, 0x79, 0x44, 0x3a,
+	0x95, 0x5e, 0x52, 0xd4, 0xc7, 0x27, 0x5d, 0x6d, 0x00, 0x32, 0xf6, 0x81, 0x8b, 0xa6, 0x74, 0x33,
+	0xf8, 0x2a, 0x18, 0xd7, 0x89, 0x47, 0x9a, 0xd4, 0x49, 0xd5, 0x4e, 0x5d, 0xec, 0x4b, 0x6a, 0x1b,
+	0x6a, 0xe2, 0xa6, 0x4f, 0x5a, 0x44, 0xbb, 0xdb, 0xdb, 0xb2, 0xa5, 0xf5, 0x7a, 0x41, 0xf7, 0x73,
+	0x3e, 0x99, 0xda, 0x72, 0x1d, 0xfe, 0x52, 0x62, 0x7e, 0x03, 0xe6, 0x84, 0x2a, 0x32, 0x41, 0x09,
+	0x72, 0xb2, 0x10, 0xc3, 0x01, 0x2c, 0xb4, 0xdc, 0x2e, 0x4d, 0xb5, 0x36, 0x66, 0xa6, 0xae, 0xa4,
+	0x2e, 0x80, 0x39, 0x52, 0x4c, 0xc2, 0x26, 0x8d, 0xaf, 0xa7, 0x1d, 0xa7, 0x12, 0x6f, 0x71, 0xf4,
+	0x2e, 0x9b, 0x3f, 0xd6, 0x7b, 0xf3, 0xba, 0x59, 0xfe, 0x77, 0xdb, 0xc3, 0x6b, 0x0d, 0xdf, 0x71,
+	0xb7, 0x5d, 0x9a, 0xdc, 0xd7, 0xcb, 0x56, 0x4a, 0x9b, 0x21, 0x94, 0x37, 0x5d, 0x6f, 0x77, 0xc3,
+	0xdb, 0xf6, 0x99, 0xb3, 0xc6, 0x6e, 0xdc, 0x92, 0x3b, 0x94, 0x10, 0xf8, 0x30, 0x14, 0x3b, 0x61,
+	0x4b, 0x04, 0x2f, 0x7b, 0xc4, 0x4b, 0x50, 0x71, 0x68, 0x64, 0x87, 0x6e, 0x20, 0x42, 0x97, 0x4f,
+	0x72, 0x94, 0x25, 0x16, 0x42, 0xae, 0xed, 0x7b, 0xeb, 0x2d, 0x12, 0x45, 0xb2, 0xb2, 0x48, 0x17,
+	0xcc, 0xc7, 0x60, 0x81, 0xc9, 0xcc, 0x3c, 0xf4, 0x9c, 0x6e, 0x82, 0x63, 0x9a, 0x6a, 0x12, 0x9e,
+	0x74, 0x36, 0x02, 0xf7, 0xb0, 0x82, 0xee, 0x72, 0x10, 0x08, 0x26, 0x63, 0xde, 0x2e, 0x8a, 0x83,
+	0x0a, 0xa3, 0x81, 0x03, 0x8c, 0xc6, 0x7b, 0x67, 0x01, 0xf7, 0x6c, 0x9c, 0x6b, 0x53, 0xfc, 0x6d,
+	0x04, 0x33, 0x4c, 0x34, 0xbe, 0x6f, 0x58, 0x46, 0xe5, 0xbe, 0x5e, 0x9d, 0x5e, 0x77, 0x8a, 0x49,
+	0x33, 0x17, 0x5f, 0xf9, 0xdb, 0x3f, 0xbe, 0x53, 0x38, 0x8e, 0x8f, 0xf2, 0xb1, 0x75, 0xf7, 0xa2,
+	0x3a, 0x42, 0x8e, 0xf0, 0xab, 0x08, 0xb0, 0x28, 0x70, 0x95, 0xc1, 0x1e, 0x3e, 0x37, 0x0c, 0xe2,
+	0x80, 0x01, 0x60, 0xf5, 0x3e, 0xa5, 0x20, 0xa8, 0xd9, 0x7e, 0x48, 0xd9, 0xf1, 0xcf, 0x5f, 0xe0,
+	0x00, 0x56, 0x38, 0x80, 0xd3, 0xd8, 0x1c, 0x04, 0xa0, 0xfe, 0x12, 0xb3, 0xe8, 0xcb, 0x75, 0x9a,
+	0xc8, 0x7d, 0x03, 0x41, 0xe9, 0x36, 0xbf, 0xd8, 0x8f, 0x30, 0xd2, 0xd6, 0xd4, 0x8c, 0xc4, 0xc5,
+	0x71, 0xb4, 0xe6, 0x29, 0x8e, 0xf4, 0x3e, 0x7c, 0x42, 0x22, 0x8d, 0xe2, 0x90, 0x92, 0xb6, 0x06,
+	0xf8, 0x02, 0xc2, 0x6f, 0x21, 0x98, 0x4d, 0x26, 0x3a, 0xf8, 0xcc, 0x30, 0x94, 0xda, 0xc4, 0xa7,
+	0x3a, 0xbd, 0xf1, 0x88, 0xf9, 0x20, 0xc7, 0x78, 0xca, 0x1c, 0xb8, 0x9d, 0x6b, 0xda, 0xf0, 0xe4,
+	0x75, 0x04, 0xc5, 0x6b, 0x74, 0xa4, 0xbf, 0x4d, 0x11, 0x5c, 0x9f, 0x01, 0x07, 0x6c, 0x35, 0x7e,
+	0x13, 0xc1, 0xbd, 0xd7, 0x68, 0x3c, 0xb8, 0xb2, 0xc1, 0xcb, 0xa3, 0xcb, 0x0d, 0xe1, 0x76, 0xe7,
+	0xc6, 0x78, 0x33, 0x3d, 0xd2, 0xeb, 0x1c, 0xd9, 0x83, 0xf8, 0x6c, 0x9e, 0x13, 0x46, 0x7b, 0x9e,
+	0xfd, 0xa2, 0xc0, 0xf1, 0x67, 0x04, 0x87, 0x7b, 0x07, 0xf8, 0xd8, 0xec, 0xb9, 0x5e, 0x0e, 0x98,
+	0xef, 0x57, 0x6f, 0x4c, 0x9a, 0x81, 0x75, 0xa6, 0xe6, 0x65, 0x8e, 0xfc, 0x51, 0xfc, 0x48, 0x1e,
+	0xf2, 0xb4, 0x3d, 0x5e, 0x7f, 0x49, 0x3e, 0xbe, 0xcc, 0xff, 0xd8, 0x84, 0xc3, 0xfe, 0x0b, 0x82,
+	0xa3, 0x92, 0xef, 0xfa, 0x0e, 0x09, 0xe3, 0x2b, 0x94, 0x5d, 0x8e, 0xa2, 0xb1, 0xf4, 0x99, 0xf0,
+	0x44, 0x51, 0xe5, 0x99, 0x57, 0xb9, 0x2e, 0x4f, 0xe0, 0xc7, 0xf7, 0xad, 0x8b, 0xcd, 0xd8, 0x38,
+	0x02, 0xf6, 0xdb, 0x08, 0x0e, 0x5e, 0xa3, 0xf1, 0x33, 0xeb, 0x1b, 0xfb, 0xda, 0x99, 0x09, 0x1d,
+	0x5d, 0x11, 0x67, 0x5e, 0xe1, 0x8a, 0x7c, 0x0a, 0x3f, 0xb6, 0x6f, 0x45, 0x7c, 0xdb, 0x4d, 0xf7,
+	0xe5, 0x15, 0x04, 0x07, 0xae, 0x29, 0x47, 0xfe, 0xf0, 0x74, 0xa2, 0x8d, 0xaf, 0xab, 0x8b, 0x35,
+	0xe5, 0x6f, 0x75, 0xe4, 0x4f, 0xa9, 0xab, 0xaf, 0x72, 0x6c, 0x67, 0xf1, 0x99, 0x3c, 0x6c, 0xd9,
+	0x78, 0xeb, 0x0d, 0x04, 0xc7, 0x54, 0x10, 0xd9, 0xd8, 0xff, 0xe3, 0xfb, 0x1b, 0xa6, 0x8b, 0x91,
+	0xfc, 0x08, 0x74, 0x0d, 0x8e, 0xee, 0xbc, 0x39, 0x38, 0x10, 0xdb, 0x7d, 0x28, 0xd6, 0xd0, 0xca,
+	0x32, 0xc2, 0x7f, 0x40, 0x30, 0x9b, 0x4c, 0x7a, 0x86, 0xdb, 0x48, 0x1b, 0x53, 0x4f, 0x33, 0xab,
+	0x09, 0xaf, 0xad, 0x5e, 0x18, 0x6c, 0x50, 0xf5, 0x7b, 0xb9, 0xb5, 0x35, 0x6e, 0x65, 0x3d, 0x1d,
+	0xff, 0x1a, 0x01, 0x64, 0xd3, 0x2a, 0xfc, 0x60, 0xbe, 0x1e, 0xca, 0x44, 0xab, 0x3a, 0xdd, 0x79,
+	0x95, 0x59, 0xe3, 0xfa, 0x2c, 0x57, 0x97, 0x72, 0x73, 0x61, 0x40, 0xed, 0xb5, 0x64, 0xb2, 0xf5,
+	0x23, 0x04, 0x25, 0x3e, 0x24, 0xc0, 0xa7, 0x87, 0x61, 0x56, 0x67, 0x08, 0xd3, 0x34, 0xfd, 0x03,
+	0x1c, 0xea, 0x52, 0x23, 0xef, 0x40, 0x59, 0x43, 0x2b, 0xb8, 0x0b, 0xb3, 0x49, 0x5b, 0x7e, 0xb8,
+	0x7b, 0x68, 0x6d, 0xfb, 0xea, 0x52, 0x4e, 0x81, 0x93, 0x38, 0xaa, 0x38, 0xcb, 0x56, 0x46, 0x9d,
+	0x65, 0x33, 0xec, 0xb8, 0xc1, 0xa7, 0xf2, 0x0e, 0xa3, 0xff, 0x82, 0x61, 0xce, 0x71, 0x74, 0x67,
+	0xcc, 0xa5, 0x51, 0xe7, 0x19, 0xb3, 0xce, 0x77, 0x11, 0x1c, 0xee, 0xbd, 0xdf, 0xe1, 0x13, 0x03,
+	0x5b, 0xa5, 0xe2, 0x6c, 0xd5, 0xad, 0x38, 0xec, 0x6e, 0x68, 0x7e, 0x9a, 0xa3, 0x58, 0xc3, 0x0f,
+	0x8f, 0x8c, 0x8c, 0x1b, 0x32, 0xeb, 0x30, 0x46, 0xab, 0xd9, 0xe8, 0xfd, 0x27, 0x08, 0x0e, 0xea,
+	0x37, 0x9b, 0xe1, 0xb5, 0xe7, 0x80, 0x8b, 0x61, 0xb5, 0x36, 0xde, 0xcb, 0x29, 0xe2, 0x4f, 0x72,
+	0xc4, 0x17, 0x71, 0x7d, 0x28, 0xe2, 0x04, 0x69, 0xf2, 0xe7, 0x91, 0xab, 0x91, 0xeb, 0xd0, 0x55,
+	0x87, 0xa1, 0xfa, 0x0d, 0x82, 0x03, 0xd2, 0x00, 0xb7, 0x42, 0x4a, 0xf3, 0xed, 0x37, 0xbd, 0x88,
+	0x65, 0xb2, 0xcc, 0xc7, 0x38, 0xea, 0x4f, 0xe0, 0x4b, 0x63, 0xda, 0x59, 0xda, 0x77, 0x35, 0x66,
+	0x48, 0xff, 0x88, 0xe0, 0xc8, 0xed, 0x24, 0x40, 0x3f, 0x24, 0xfc, 0xeb, 0x1c, 0xff, 0xe3, 0xf8,
+	0xd1, 0x9c, 0xc2, 0x7a, 0x94, 0x1a, 0x17, 0x10, 0xfe, 0x25, 0x82, 0xb2, 0x9c, 0x2d, 0xe3, 0xb3,
+	0x43, 0x23, 0x58, 0x9f, 0x3e, 0x4f, 0x33, 0xea, 0x44, 0x15, 0x69, 0x9e, 0xce, 0x3d, 0xf6, 0x85,
+	0x7c, 0x16, 0x79, 0xaf, 0x23, 0xc0, 0x69, 0x7f, 0x29, 0xed, 0x38, 0xe1, 0x07, 0x34, 0x51, 0x43,
+	0x9b, 0x98, 0xd5, 0xb3, 0x23, 0xdf, 0xd3, 0xcf, 0xfc, 0x95, 0xdc, 0x33, 0xdf, 0x4f, 0xe5, 0xbf,
+	0x86, 0xa0, 0x72, 0x8d, 0xa6, 0x97, 0xbe, 0x1c, 0x5b, 0xea, 0xa3, 0xf1, 0xea, 0xf2, 0xe8, 0x17,
+	0x05, 0xa2, 0xf3, 0x1c, 0xd1, 0x03, 0x38, 0xdf, 0x54, 0x12, 0xc0, 0xf7, 0x10, 0x2c, 0xdc, 0x54,
+	0x5d, 0x14, 0x9f, 0x1f, 0x25, 0x49, 0x3b, 0x72, 0xc6, 0xc7, 0xf5, 0x10, 0xc7, 0xb5, 0x6a, 0x8e,
+	0x85, 0x6b, 0x4d, 0x4c, 0x99, 0x7f, 0x80, 0x92, 0xae, 0x41, 0xcf, 0x64, 0xe8, 0x3f, 0xb5, 0x5b,
+	0xce, 0x80, 0xc9, 0xbc, 0xc4, 0xf1, 0xd5, 0xf0, 0xf9, 0x71, 0xf0, 0xd5, 0xc5, 0xb8, 0x08, 0x7f,
+	0x1f, 0xc1, 0x11, 0x3e, 0x1a, 0x54, 0x19, 0xe3, 0xbc, 0x69, 0x58, 0x36, 0x48, 0x1c, 0xe3, 0x2c,
+	0x7c, 0x22, 0xc9, 0x3f, 0xe6, 0xbe, 0x40, 0xad, 0x89, 0xa1, 0xdf, 0x37, 0x0a, 0x88, 0xed, 0xef,
+	0x3d, 0x7d, 0xf8, 0x9e, 0x6b, 0xf4, 0x18, 0x70, 0xf8, 0xa8, 0x73, 0x0c, 0x8c, 0x6b, 0x1c, 0xe3,
+	0x25, 0xb3, 0xbe, 0x1f, 0x8c, 0xf5, 0x6e, 0x83, 0x85, 0xe9, 0x37, 0x11, 0x1c, 0x94, 0xf5, 0x81,
+	0xf0, 0xbf, 0xd5, 0x51, 0x5b, 0xbb, 0xdf, 0x7a, 0x42, 0x04, 0xc4, 0xca, 0x78, 0x01, 0xf1, 0x16,
+	0x82, 0x39, 0x31, 0xb9, 0xcb, 0xa9, 0xba, 0x94, 0xd1, 0x5e, 0xb5, 0xa7, 0xed, 0x25, 0x46, 0x3b,
+	0xe6, 0x17, 0xb8, 0xd8, 0x67, 0x71, 0xae, 0x59, 0x02, 0xdf, 0x89, 0xea, 0x2f, 0x89, 0xb9, 0xca,
+	0xcb, 0xf5, 0x96, 0xdf, 0x8c, 0x9e, 0x37, 0x71, 0x6e, 0x6d, 0xc1, 0xde, 0xb9, 0x80, 0x70, 0x0c,
+	0xf3, 0xcc, 0x7d, 0x79, 0x2f, 0x0d, 0x2f, 0xf5, 0x74, 0xde, 0xfa, 0xda, 0x6c, 0xd5, 0x6a, 0x5f,
+	0x6f, 0x2e, 0x2b, 0x26, 0x44, 0x67, 0x03, 0xdf, 0x9f, 0x2b, 0x96, 0x0b, 0x7a, 0x15, 0xc1, 0x11,
+	0x35, 0x1e, 0x13, 0xf1, 0x63, 0x47, 0x63, 0x1e, 0x0a, 0x71, 0x3f, 0xc1, 0x2b, 0x63, 0xb9, 0x11,
+	0x87, 0xf3, 0xe4, 0x53, 0x7f, 0x7a, 0xf7, 0x24, 0x7a, 0xe7, 0xdd, 0x93, 0xe8, 0xef, 0xef, 0x9e,
+	0x44, 0xcf, 0x3f, 0x3c, 0xde, 0xff, 0x72, 0xd8, 0x2d, 0x97, 0x7a, 0xb1, 0xca, 0xfe, 0xdf, 0x01,
+	0x00, 0x00, 0xff, 0xff, 0x01, 0x8b, 0x96, 0x0f, 0xb1, 0x32, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -3260,6 +3403,8 @@ type ApplicationServiceClient interface {
 	Sync(ctx context.Context, in *ApplicationSyncRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error)
 	// ManagedResources returns list of managed resources
 	ManagedResources(ctx context.Context, in *ResourcesQuery, opts ...grpc.CallOption) (*ManagedResourcesResponse, error)
+	// ServerSideDiff performs server-side diff calculation using dry-run apply
+	ServerSideDiff(ctx context.Context, in *ApplicationServerSideDiffQuery, opts ...grpc.CallOption) (*ApplicationServerSideDiffResponse, error)
 	// ResourceTree returns resource tree
 	ResourceTree(ctx context.Context, in *ResourcesQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationTree, error)
 	// Watch returns stream of application resource tree
@@ -3500,6 +3645,15 @@ func (c *applicationServiceClient) ManagedResources(ctx context.Context, in *Res
 	return out, nil
 }
 
+func (c *applicationServiceClient) ServerSideDiff(ctx context.Context, in *ApplicationServerSideDiffQuery, opts ...grpc.CallOption) (*ApplicationServerSideDiffResponse, error) {
+	out := new(ApplicationServerSideDiffResponse)
+	err := c.cc.Invoke(ctx, "/application.ApplicationService/ServerSideDiff", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 func (c *applicationServiceClient) ResourceTree(ctx context.Context, in *ResourcesQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationTree, error) {
 	out := new(v1alpha1.ApplicationTree)
 	err := c.cc.Invoke(ctx, "/application.ApplicationService/ResourceTree", in, out, opts...)
@@ -3700,6 +3854,8 @@ type ApplicationServiceServer interface {
 	Sync(context.Context, *ApplicationSyncRequest) (*v1alpha1.Application, error)
 	// ManagedResources returns list of managed resources
 	ManagedResources(context.Context, *ResourcesQuery) (*ManagedResourcesResponse, error)
+	// ServerSideDiff performs server-side diff calculation using dry-run apply
+	ServerSideDiff(context.Context, *ApplicationServerSideDiffQuery) (*ApplicationServerSideDiffResponse, error)
 	// ResourceTree returns resource tree
 	ResourceTree(context.Context, *ResourcesQuery) (*v1alpha1.ApplicationTree, error)
 	// Watch returns stream of application resource tree
@@ -3786,6 +3942,9 @@ func (*UnimplementedApplicationServiceServer) Sync(ctx context.Context, req *App
 func (*UnimplementedApplicationServiceServer) ManagedResources(ctx context.Context, req *ResourcesQuery) (*ManagedResourcesResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ManagedResources not implemented")
 }
+func (*UnimplementedApplicationServiceServer) ServerSideDiff(ctx context.Context, req *ApplicationServerSideDiffQuery) (*ApplicationServerSideDiffResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ServerSideDiff not implemented")
+}
 func (*UnimplementedApplicationServiceServer) ResourceTree(ctx context.Context, req *ResourcesQuery) (*v1alpha1.ApplicationTree, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ResourceTree not implemented")
 }
@@ -4147,6 +4306,24 @@ func _ApplicationService_ManagedResources_Handler(srv interface{}, ctx context.C
 	return interceptor(ctx, in, info, handler)
 }
 
+func _ApplicationService_ServerSideDiff_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ApplicationServerSideDiffQuery)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ApplicationServiceServer).ServerSideDiff(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/application.ApplicationService/ServerSideDiff",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ApplicationServiceServer).ServerSideDiff(ctx, req.(*ApplicationServerSideDiffQuery))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 func _ApplicationService_ResourceTree_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ResourcesQuery)
 	if err := dec(in); err != nil {
@@ -4451,6 +4628,10 @@ var _ApplicationService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "ManagedResources",
 			Handler:    _ApplicationService_ManagedResources_Handler,
 		},
+		{
+			MethodName: "ServerSideDiff",
+			Handler:    _ApplicationService_ServerSideDiff_Handler,
+		},
 		{
 			MethodName: "ResourceTree",
 			Handler:    _ApplicationService_ResourceTree_Handler,
@@ -6944,6 +7125,132 @@ func (m *ManagedResourcesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error
 	return len(dAtA) - i, nil
 }
 
+func (m *ApplicationServerSideDiffQuery) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ApplicationServerSideDiffQuery) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ApplicationServerSideDiffQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.TargetManifests) > 0 {
+		for iNdEx := len(m.TargetManifests) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.TargetManifests[iNdEx])
+			copy(dAtA[i:], m.TargetManifests[iNdEx])
+			i = encodeVarintApplication(dAtA, i, uint64(len(m.TargetManifests[iNdEx])))
+			i--
+			dAtA[i] = 0x2a
+		}
+	}
+	if len(m.LiveResources) > 0 {
+		for iNdEx := len(m.LiveResources) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.LiveResources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApplication(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0x22
+		}
+	}
+	if m.Project != nil {
+		i -= len(*m.Project)
+		copy(dAtA[i:], *m.Project)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Project)))
+		i--
+		dAtA[i] = 0x1a
+	}
+	if m.AppNamespace != nil {
+		i -= len(*m.AppNamespace)
+		copy(dAtA[i:], *m.AppNamespace)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.AppNamespace)))
+		i--
+		dAtA[i] = 0x12
+	}
+	if m.AppName == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("appName")
+	} else {
+		i -= len(*m.AppName)
+		copy(dAtA[i:], *m.AppName)
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.AppName)))
+		i--
+		dAtA[i] = 0xa
+	}
+	return len(dAtA) - i, nil
+}
+
+func (m *ApplicationServerSideDiffResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ApplicationServerSideDiffResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ApplicationServerSideDiffResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if m.Modified == nil {
+		return 0, github_com_gogo_protobuf_proto.NewRequiredNotSetError("modified")
+	} else {
+		i--
+		if *m.Modified {
+			dAtA[i] = 1
+		} else {
+			dAtA[i] = 0
+		}
+		i--
+		dAtA[i] = 0x10
+	}
+	if len(m.Items) > 0 {
+		for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintApplication(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
 func (m *LinkInfo) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -8226,27 +8533,35 @@ func (m *ManagedResourcesResponse) Size() (n int) {
 	return n
 }
 
-func (m *LinkInfo) Size() (n int) {
+func (m *ApplicationServerSideDiffQuery) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
-	if m.Title != nil {
-		l = len(*m.Title)
+	if m.AppName != nil {
+		l = len(*m.AppName)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	if m.Url != nil {
-		l = len(*m.Url)
+	if m.AppNamespace != nil {
+		l = len(*m.AppNamespace)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	if m.Description != nil {
-		l = len(*m.Description)
+	if m.Project != nil {
+		l = len(*m.Project)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	if m.IconClass != nil {
-		l = len(*m.IconClass)
-		n += 1 + l + sovApplication(uint64(l))
+	if len(m.LiveResources) > 0 {
+		for _, e := range m.LiveResources {
+			l = e.Size()
+			n += 1 + l + sovApplication(uint64(l))
+		}
+	}
+	if len(m.TargetManifests) > 0 {
+		for _, s := range m.TargetManifests {
+			l = len(s)
+			n += 1 + l + sovApplication(uint64(l))
+		}
 	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
@@ -8254,7 +8569,7 @@ func (m *LinkInfo) Size() (n int) {
 	return n
 }
 
-func (m *LinksResponse) Size() (n int) {
+func (m *ApplicationServerSideDiffResponse) Size() (n int) {
 	if m == nil {
 		return 0
 	}
@@ -8266,33 +8581,82 @@ func (m *LinksResponse) Size() (n int) {
 			n += 1 + l + sovApplication(uint64(l))
 		}
 	}
+	if m.Modified != nil {
+		n += 2
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
 	return n
 }
 
-func (m *ListAppLinksRequest) Size() (n int) {
+func (m *LinkInfo) Size() (n int) {
 	if m == nil {
 		return 0
 	}
 	var l int
 	_ = l
-	if m.Name != nil {
-		l = len(*m.Name)
+	if m.Title != nil {
+		l = len(*m.Title)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	if m.Namespace != nil {
-		l = len(*m.Namespace)
+	if m.Url != nil {
+		l = len(*m.Url)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	if m.Project != nil {
-		l = len(*m.Project)
+	if m.Description != nil {
+		l = len(*m.Description)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	if m.XXX_unrecognized != nil {
-		n += len(m.XXX_unrecognized)
-	}
+	if m.IconClass != nil {
+		l = len(*m.IconClass)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *LinksResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.Items) > 0 {
+		for _, e := range m.Items {
+			l = e.Size()
+			n += 1 + l + sovApplication(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
+func (m *ListAppLinksRequest) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if m.Name != nil {
+		l = len(*m.Name)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Namespace != nil {
+		l = len(*m.Namespace)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.Project != nil {
+		l = len(*m.Project)
+		n += 1 + l + sovApplication(uint64(l))
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
 	return n
 }
 
@@ -15821,6 +16185,338 @@ func (m *ManagedResourcesResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *ApplicationServerSideDiffQuery) Unmarshal(dAtA []byte) error {
+	var hasFields [1]uint64
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApplication
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ApplicationServerSideDiffQuery: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ApplicationServerSideDiffQuery: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AppName", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.AppName = &s
+			iNdEx = postIndex
+			hasFields[0] |= uint64(0x00000001)
+		case 2:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field AppNamespace", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.AppNamespace = &s
+			iNdEx = postIndex
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			s := string(dAtA[iNdEx:postIndex])
+			m.Project = &s
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field LiveResources", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.LiveResources = append(m.LiveResources, &v1alpha1.ResourceDiff{})
+			if err := m.LiveResources[len(m.LiveResources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 5:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field TargetManifests", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.TargetManifests = append(m.TargetManifests, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApplication(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+	if hasFields[0]&uint64(0x00000001) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("appName")
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
+func (m *ApplicationServerSideDiffResponse) Unmarshal(dAtA []byte) error {
+	var hasFields [1]uint64
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowApplication
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ApplicationServerSideDiffResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ApplicationServerSideDiffResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthApplication
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Items = append(m.Items, &v1alpha1.ResourceDiff{})
+			if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Modified", wireType)
+			}
+			var v int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowApplication
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				v |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			b := bool(v != 0)
+			m.Modified = &b
+			hasFields[0] |= uint64(0x00000001)
+		default:
+			iNdEx = preIndex
+			skippy, err := skipApplication(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthApplication
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+	if hasFields[0]&uint64(0x00000001) == 0 {
+		return github_com_gogo_protobuf_proto.NewRequiredNotSetError("modified")
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *LinkInfo) Unmarshal(dAtA []byte) error {
 	var hasFields [1]uint64
 	l := len(dAtA)
diff --git a/pkg/apiclient/application/application.pb.gw.go b/pkg/apiclient/application/application.pb.gw.go
index 80c8dec506be6..dfd53ee6c440b 100644
--- a/pkg/apiclient/application/application.pb.gw.go
+++ b/pkg/apiclient/application/application.pb.gw.go
@@ -1223,6 +1223,78 @@ func local_request_ApplicationService_ManagedResources_0(ctx context.Context, ma
 
 }
 
+var (
+	filter_ApplicationService_ServerSideDiff_0 = &utilities.DoubleArray{Encoding: map[string]int{"appName": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
+)
+
+func request_ApplicationService_ServerSideDiff_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq ApplicationServerSideDiffQuery
+	var metadata runtime.ServerMetadata
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["appName"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "appName")
+	}
+
+	protoReq.AppName, err = runtime.StringP(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "appName", err)
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationService_ServerSideDiff_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := client.ServerSideDiff(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	return msg, metadata, err
+
+}
+
+func local_request_ApplicationService_ServerSideDiff_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq ApplicationServerSideDiffQuery
+	var metadata runtime.ServerMetadata
+
+	var (
+		val string
+		ok  bool
+		err error
+		_   = err
+	)
+
+	val, ok = pathParams["appName"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "appName")
+	}
+
+	protoReq.AppName, err = runtime.StringP(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "appName", err)
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationService_ServerSideDiff_0); err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	}
+
+	msg, err := server.ServerSideDiff(ctx, &protoReq)
+	return msg, metadata, err
+
+}
+
 var (
 	filter_ApplicationService_ResourceTree_0 = &utilities.DoubleArray{Encoding: map[string]int{"applicationName": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
 )
@@ -2557,6 +2629,29 @@ func RegisterApplicationServiceHandlerServer(ctx context.Context, mux *runtime.S
 
 	})
 
+	mux.Handle("GET", pattern_ApplicationService_ServerSideDiff_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		var stream runtime.ServerTransportStream
+		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := local_request_ApplicationService_ServerSideDiff_0(rctx, inboundMarshaler, server, req, pathParams)
+		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_ApplicationService_ServerSideDiff_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	mux.Handle("GET", pattern_ApplicationService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -3212,6 +3307,26 @@ func RegisterApplicationServiceHandlerClient(ctx context.Context, mux *runtime.S
 
 	})
 
+	mux.Handle("GET", pattern_ApplicationService_ServerSideDiff_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+		ctx, cancel := context.WithCancel(req.Context())
+		defer cancel()
+		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
+		rctx, err := runtime.AnnotateContext(ctx, mux, req)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+		resp, md, err := request_ApplicationService_ServerSideDiff_0(rctx, inboundMarshaler, client, req, pathParams)
+		ctx = runtime.NewServerMetadataContext(ctx, md)
+		if err != nil {
+			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
+			return
+		}
+
+		forward_ApplicationService_ServerSideDiff_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+
+	})
+
 	mux.Handle("GET", pattern_ApplicationService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -3530,6 +3645,8 @@ var (
 
 	pattern_ApplicationService_ManagedResources_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applications", "applicationName", "managed-resources"}, "", runtime.AssumeColonVerbOpt(true)))
 
+	pattern_ApplicationService_ServerSideDiff_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applications", "appName", "server-side-diff"}, "", runtime.AssumeColonVerbOpt(true)))
+
 	pattern_ApplicationService_ResourceTree_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applications", "applicationName", "resource-tree"}, "", runtime.AssumeColonVerbOpt(true)))
 
 	pattern_ApplicationService_WatchResourceTree_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 1, 0, 4, 1, 5, 4, 2, 5}, []string{"api", "v1", "stream", "applications", "applicationName", "resource-tree"}, "", runtime.AssumeColonVerbOpt(true)))
@@ -3594,6 +3711,8 @@ var (
 
 	forward_ApplicationService_ManagedResources_0 = runtime.ForwardResponseMessage
 
+	forward_ApplicationService_ServerSideDiff_0 = runtime.ForwardResponseMessage
+
 	forward_ApplicationService_ResourceTree_0 = runtime.ForwardResponseMessage
 
 	forward_ApplicationService_WatchResourceTree_0 = runtime.ForwardResponseStream
diff --git a/server/application/application.go b/server/application/application.go
index 45b1a1af43945..f8fd0f5fc4256 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -13,12 +13,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/argoproj/gitops-engine/pkg/health"
-
 	cacheutil "github.com/argoproj/argo-cd/v3/util/cache"
 
 	kubecache "github.com/argoproj/gitops-engine/pkg/cache"
 	"github.com/argoproj/gitops-engine/pkg/diff"
+	"github.com/argoproj/gitops-engine/pkg/health"
 	"github.com/argoproj/gitops-engine/pkg/sync/common"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/argoproj/gitops-engine/pkg/utils/text"
@@ -44,6 +43,7 @@ import (
 	argocommon "github.com/argoproj/argo-cd/v3/common"
 	"github.com/argoproj/argo-cd/v3/pkg/apiclient/application"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+
 	appclientset "github.com/argoproj/argo-cd/v3/pkg/client/clientset/versioned"
 	applisters "github.com/argoproj/argo-cd/v3/pkg/client/listers/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
@@ -63,7 +63,12 @@ import (
 	"github.com/argoproj/argo-cd/v3/util/session"
 	"github.com/argoproj/argo-cd/v3/util/settings"
 
+	resourceutil "github.com/argoproj/gitops-engine/pkg/sync/resource"
+
 	applicationType "github.com/argoproj/argo-cd/v3/pkg/apis/application"
+	argodiff "github.com/argoproj/argo-cd/v3/util/argo/diff"
+	"github.com/argoproj/argo-cd/v3/util/argo/normalizers"
+	kubeutil "github.com/argoproj/argo-cd/v3/util/kube"
 )
 
 type AppResourceTreeFn func(ctx context.Context, app *v1alpha1.Application) (*v1alpha1.ApplicationTree, error)
@@ -243,6 +248,9 @@ func (s *Server) getAppEnforceRBAC(ctx context.Context, action, project, namespa
 func (s *Server) getApplicationEnforceRBACInformer(ctx context.Context, action, project, namespace, name string) (*v1alpha1.Application, *v1alpha1.AppProject, error) {
 	namespaceOrDefault := s.appNamespaceOrDefault(namespace)
 	return s.getAppEnforceRBAC(ctx, action, project, namespaceOrDefault, name, func() (*v1alpha1.Application, error) {
+		if !s.isNamespaceEnabled(namespaceOrDefault) {
+			return nil, security.NamespaceNotPermittedError(namespaceOrDefault)
+		}
 		return s.appLister.Applications(namespaceOrDefault).Get(name)
 	})
 }
@@ -2824,3 +2832,171 @@ func getProjectsFromApplicationQuery(q application.ApplicationQuery) []string {
 	}
 	return q.Projects
 }
+
+// ServerSideDiff gets the destination cluster and creates a server-side dry run applier and performs the diff
+// It returns the diff result in the form of a list of ResourceDiffs.
+func (s *Server) ServerSideDiff(ctx context.Context, q *application.ApplicationServerSideDiffQuery) (*application.ApplicationServerSideDiffResponse, error) {
+	a, _, err := s.getApplicationEnforceRBACInformer(ctx, rbac.ActionGet, q.GetProject(), q.GetAppNamespace(), q.GetAppName())
+	if err != nil {
+		return nil, fmt.Errorf("error getting application: %w", err)
+	}
+
+	argoSettings, err := s.settingsMgr.GetSettings()
+	if err != nil {
+		return nil, fmt.Errorf("error getting ArgoCD settings: %w", err)
+	}
+
+	resourceOverrides, err := s.settingsMgr.GetResourceOverrides()
+	if err != nil {
+		return nil, fmt.Errorf("error getting resource overrides: %w", err)
+	}
+
+	// Convert to map format expected by DiffConfigBuilder
+	overrides := make(map[string]v1alpha1.ResourceOverride)
+	for k, v := range resourceOverrides {
+		overrides[k] = v
+	}
+
+	// Get cluster connection for server-side dry run
+	cluster, err := argo.GetDestinationCluster(ctx, a.Spec.Destination, s.db)
+	if err != nil {
+		return nil, fmt.Errorf("error getting destination cluster: %w", err)
+	}
+
+	clusterConfig, err := cluster.RawRestConfig()
+	if err != nil {
+		return nil, fmt.Errorf("error getting cluster raw REST config: %w", err)
+	}
+
+	// Create server-side diff dry run applier
+	openAPISchema, gvkParser, err := s.kubectl.LoadOpenAPISchema(clusterConfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get OpenAPI schema: %w", err)
+	}
+
+	applier, cleanup, err := kubeutil.ManageServerSideDiffDryRuns(clusterConfig, openAPISchema, func(_ string) (kube.CleanupFunc, error) {
+		return func() {}, nil
+	})
+	if err != nil {
+		return nil, fmt.Errorf("error creating server-side dry run applier: %w", err)
+	}
+	defer cleanup()
+
+	dryRunner := diff.NewK8sServerSideDryRunner(applier)
+
+	appLabelKey, err := s.settingsMgr.GetAppInstanceLabelKey()
+	if err != nil {
+		return nil, fmt.Errorf("error getting app instance label key: %w", err)
+	}
+
+	// Build diff config like the CLI does, but with server-side diff enabled
+	ignoreAggregatedRoles := false
+	diffConfig, err := argodiff.NewDiffConfigBuilder().
+		WithDiffSettings(a.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, normalizers.IgnoreNormalizerOpts{}).
+		WithTracking(appLabelKey, argoSettings.TrackingMethod).
+		WithNoCache().
+		WithManager(argocommon.ArgoCDSSAManager).
+		WithServerSideDiff(true).
+		WithServerSideDryRunner(dryRunner).
+		WithGVKParser(gvkParser).
+		WithIgnoreMutationWebhook(!resourceutil.HasAnnotationOption(a, argocommon.AnnotationCompareOptions, "IncludeMutationWebhook=true")).
+		Build()
+	if err != nil {
+		return nil, fmt.Errorf("error building diff config: %w", err)
+	}
+
+	// Convert live resources to unstructured objects
+	liveObjs := make([]*unstructured.Unstructured, 0, len(q.GetLiveResources()))
+	for _, liveResource := range q.GetLiveResources() {
+		if liveResource.LiveState != "" && liveResource.LiveState != "null" {
+			liveObj := &unstructured.Unstructured{}
+			err := json.Unmarshal([]byte(liveResource.LiveState), liveObj)
+			if err != nil {
+				return nil, fmt.Errorf("error unmarshaling live state for %s/%s: %w", liveResource.Kind, liveResource.Name, err)
+			}
+			liveObjs = append(liveObjs, liveObj)
+		} else {
+			liveObjs = append(liveObjs, nil)
+		}
+	}
+
+	// Convert target manifests to unstructured objects
+	targetObjs := make([]*unstructured.Unstructured, 0, len(q.GetTargetManifests()))
+	for i, manifestStr := range q.GetTargetManifests() {
+		obj, err := v1alpha1.UnmarshalToUnstructured(manifestStr)
+		if err != nil {
+			return nil, fmt.Errorf("error unmarshaling target manifest %d: %w", i, err)
+		}
+		targetObjs = append(targetObjs, obj)
+	}
+
+	diffResults, err := argodiff.StateDiffs(liveObjs, targetObjs, diffConfig)
+	if err != nil {
+		return nil, fmt.Errorf("error performing state diffs: %w", err)
+	}
+
+	// Convert StateDiffs results to ResourceDiff format for API response
+	responseDiffs := make([]*v1alpha1.ResourceDiff, 0, len(diffResults.Diffs))
+	modified := false
+
+	for i, diffRes := range diffResults.Diffs {
+		if diffRes.Modified {
+			modified = true
+		}
+
+		// Extract resource metadata for the diff result. Resources should be pre-aligned by the CLI.
+		var group, kind, namespace, name string
+		var hook bool
+		var resourceVersion string
+
+		// Extract resource metadata for the ResourceDiff response. The CLI sends aligned arrays
+		// of live resources and target manifests, but individual resources may only exist in one
+		// array depending on the operation
+		switch {
+		case i < len(q.GetLiveResources()):
+			// A live resource exists at this index
+			lr := q.GetLiveResources()[i]
+			group = lr.Group
+			kind = lr.Kind
+			namespace = lr.Namespace
+			name = lr.Name
+			hook = lr.Hook
+			resourceVersion = lr.ResourceVersion
+		case i < len(targetObjs) && targetObjs[i] != nil:
+			// A target resource exists at this index, but no live resource exists at this index
+			obj := targetObjs[i]
+			group = obj.GroupVersionKind().Group
+			kind = obj.GroupVersionKind().Kind
+			namespace = obj.GetNamespace()
+			name = obj.GetName()
+			hook = false
+			resourceVersion = ""
+		default:
+			return nil, fmt.Errorf("diff result index %d out of bounds: live resources (%d), target objects (%d)",
+				i, len(q.GetLiveResources()), len(targetObjs))
+		}
+
+		// Create ResourceDiff with StateDiffs results
+		// TargetState = PredictedLive (what the target should be after applying)
+		// LiveState = NormalizedLive (current normalized live state)
+		responseDiffs = append(responseDiffs, &v1alpha1.ResourceDiff{
+			Group:           group,
+			Kind:            kind,
+			Namespace:       namespace,
+			Name:            name,
+			TargetState:     string(diffRes.PredictedLive),
+			LiveState:       string(diffRes.NormalizedLive),
+			Diff:            "", // Diff string is generated client-side
+			Hook:            hook,
+			Modified:        diffRes.Modified,
+			ResourceVersion: resourceVersion,
+		})
+	}
+
+	log.Infof("ServerSideDiff completed with %d results, overall modified: %t", len(responseDiffs), modified)
+
+	return &application.ApplicationServerSideDiffResponse{
+		Items:    responseDiffs,
+		Modified: &modified,
+	}, nil
+}
diff --git a/server/application/application.proto b/server/application/application.proto
index 6cbfd77687774..cf203f5e0258a 100644
--- a/server/application/application.proto
+++ b/server/application/application.proto
@@ -318,6 +318,19 @@ message ManagedResourcesResponse {
 	repeated github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ResourceDiff items = 1;
 }
 
+message ApplicationServerSideDiffQuery {
+	required string appName = 1;
+	optional string appNamespace = 2;
+	optional string project = 3;
+	repeated github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ResourceDiff liveResources = 4;
+	repeated string targetManifests = 5;
+}
+
+message ApplicationServerSideDiffResponse {
+	repeated github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ResourceDiff items = 1;
+	required bool modified = 2;
+}
+
 message LinkInfo {
 	required string title = 1;
 	required string url = 2;
@@ -442,6 +455,11 @@ service ApplicationService {
 		option (google.api.http).get = "/api/v1/applications/{applicationName}/managed-resources";
 	}
 
+	// ServerSideDiff performs server-side diff calculation using dry-run apply
+	rpc ServerSideDiff(ApplicationServerSideDiffQuery) returns (ApplicationServerSideDiffResponse) {
+		option (google.api.http).get = "/api/v1/applications/{appName}/server-side-diff";
+	}
+
 	// ResourceTree returns resource tree
 	rpc ResourceTree(ResourcesQuery) returns (github.zerozr99.workers.dev.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1.ApplicationTree) {
 		option (google.api.http).get = "/api/v1/applications/{applicationName}/resource-tree";
diff --git a/server/application/application_test.go b/server/application/application_test.go
index 16ce0923e8006..a97c8efc84b4f 100644
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -3590,3 +3590,145 @@ func Test_DeepCopyInformers(t *testing.T) {
 		assert.NotSame(t, p, &spList[i])
 	}
 }
+
+func TestServerSideDiff(t *testing.T) {
+	// Create test projects (avoid "default" which is already created by newTestAppServerWithEnforcerConfigure)
+	testProj := &v1alpha1.AppProject{
+		ObjectMeta: metav1.ObjectMeta{Name: "test-project", Namespace: testNamespace},
+		Spec: v1alpha1.AppProjectSpec{
+			SourceRepos:  []string{"*"},
+			Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "*"}},
+		},
+	}
+
+	forbiddenProj := &v1alpha1.AppProject{
+		ObjectMeta: metav1.ObjectMeta{Name: "forbidden-project", Namespace: testNamespace},
+		Spec: v1alpha1.AppProjectSpec{
+			SourceRepos:  []string{"*"},
+			Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "*"}},
+		},
+	}
+
+	// Create test applications that will exist in the server
+	testApp := newTestApp(func(app *v1alpha1.Application) {
+		app.Name = "test-app"
+		app.Namespace = testNamespace
+		app.Spec.Project = "test-project"
+	})
+
+	forbiddenApp := newTestApp(func(app *v1alpha1.Application) {
+		app.Name = "forbidden-app"
+		app.Namespace = testNamespace
+		app.Spec.Project = "forbidden-project"
+	})
+
+	appServer := newTestAppServer(t, testProj, forbiddenProj, testApp, forbiddenApp)
+
+	t.Run("InputValidation", func(t *testing.T) {
+		// Test missing application name
+		query := &application.ApplicationServerSideDiffQuery{
+			AppName:         ptr.To(""), // Empty name instead of nil
+			AppNamespace:    ptr.To(testNamespace),
+			Project:         ptr.To("test-project"),
+			LiveResources:   []*v1alpha1.ResourceDiff{},
+			TargetManifests: []string{},
+		}
+
+		_, err := appServer.ServerSideDiff(t.Context(), query)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "not found")
+
+		// Test nil application name
+		queryNil := &application.ApplicationServerSideDiffQuery{
+			AppName:         nil,
+			AppNamespace:    ptr.To(testNamespace),
+			Project:         ptr.To("test-project"),
+			LiveResources:   []*v1alpha1.ResourceDiff{},
+			TargetManifests: []string{},
+		}
+
+		_, err = appServer.ServerSideDiff(t.Context(), queryNil)
+		assert.Error(t, err)
+		// Should get an error when name is nil
+	})
+
+	t.Run("InvalidManifest", func(t *testing.T) {
+		// Test error handling for malformed JSON in target manifests
+		query := &application.ApplicationServerSideDiffQuery{
+			AppName:         ptr.To("test-app"),
+			AppNamespace:    ptr.To(testNamespace),
+			Project:         ptr.To("test-project"),
+			LiveResources:   []*v1alpha1.ResourceDiff{},
+			TargetManifests: []string{`invalid json`},
+		}
+
+		_, err := appServer.ServerSideDiff(t.Context(), query)
+
+		// Should return error for invalid JSON
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "error unmarshaling target manifest")
+	})
+
+	t.Run("InvalidLiveState", func(t *testing.T) {
+		// Test error handling for malformed JSON in live state
+		liveResource := &v1alpha1.ResourceDiff{
+			Group:       "apps",
+			Kind:        "Deployment",
+			Namespace:   "default",
+			Name:        "test-deployment",
+			LiveState:   `invalid json`,
+			TargetState: "",
+			Modified:    true,
+		}
+
+		query := &application.ApplicationServerSideDiffQuery{
+			AppName:         ptr.To("test-app"),
+			AppNamespace:    ptr.To(testNamespace),
+			Project:         ptr.To("test-project"),
+			LiveResources:   []*v1alpha1.ResourceDiff{liveResource},
+			TargetManifests: []string{`{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"name":"test"}}`},
+		}
+
+		_, err := appServer.ServerSideDiff(t.Context(), query)
+
+		// Should return error for invalid JSON in live state
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "error unmarshaling live state")
+	})
+
+	t.Run("EmptyRequest", func(t *testing.T) {
+		// Test with empty resources - should succeed without errors but no diffs
+		query := &application.ApplicationServerSideDiffQuery{
+			AppName:         ptr.To("test-app"),
+			AppNamespace:    ptr.To(testNamespace),
+			Project:         ptr.To("test-project"),
+			LiveResources:   []*v1alpha1.ResourceDiff{},
+			TargetManifests: []string{},
+		}
+
+		resp, err := appServer.ServerSideDiff(t.Context(), query)
+
+		// Should succeed with empty response
+		require.NoError(t, err)
+		assert.NotNil(t, resp)
+		assert.False(t, *resp.Modified)
+		assert.Empty(t, resp.Items)
+	})
+
+	t.Run("MissingAppPermission", func(t *testing.T) {
+		// Test RBAC enforcement
+		query := &application.ApplicationServerSideDiffQuery{
+			AppName:         ptr.To("nonexistent-app"),
+			AppNamespace:    ptr.To(testNamespace),
+			Project:         ptr.To("nonexistent-project"),
+			LiveResources:   []*v1alpha1.ResourceDiff{},
+			TargetManifests: []string{},
+		}
+
+		_, err := appServer.ServerSideDiff(t.Context(), query)
+
+		// Should fail with permission error since nonexistent-app doesn't exist
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "application")
+	})
+}
diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go
index c7b38d5a54918..df302e8641911 100644
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@@ -3075,3 +3075,198 @@ status:
 			assert.Equal(t, "2023-01-01T00:00:00Z", app.Status.Health.LastTransitionTime.UTC().Format(time.RFC3339))
 		})
 }
+
+// TestServerSideDiffCommand tests the --server-side-diff flag for the app diff command
+func TestServerSideDiffCommand(t *testing.T) {
+	Given(t).
+		Path("two-nice-pods").
+		When().
+		CreateApp().
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		When().
+		// Create a diff by modifying a pod
+		PatchFile("pod-1.yaml", `[{"op": "add", "path": "/metadata/annotations", "value": {"test": "server-side-diff"}}]`).
+		AddFile("pod-3.yaml", `apiVersion: v1
+kind: Pod
+metadata:
+  name: pod-3
+  annotations:
+    new: "pod"
+spec:
+  containers:
+    - name: main
+      image: quay.io/argoprojlabs/argocd-e2e-container:0.1
+      imagePullPolicy: IfNotPresent
+      command:
+        - "true"
+  restartPolicy: Never
+`).
+		Refresh(RefreshTypeHard).
+		Then().
+		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
+		And(func(app *Application) {
+			// Test regular diff command
+			regularOutput, err := fixture.RunCli("app", "diff", app.Name)
+			require.Error(t, err) // diff command returns non-zero exit code when differences found
+			assert.Contains(t, regularOutput, "===== /Pod")
+			assert.Contains(t, regularOutput, "pod-1")
+			assert.Contains(t, regularOutput, "pod-3")
+
+			// Test server-side diff command
+			serverSideOutput, err := fixture.RunCli("app", "diff", app.Name, "--server-side-diff")
+			require.Error(t, err) // diff command returns non-zero exit code when differences found
+			assert.Contains(t, serverSideOutput, "===== /Pod")
+			assert.Contains(t, serverSideOutput, "pod-1")
+			assert.Contains(t, serverSideOutput, "pod-3")
+
+			// Both outputs should contain similar resource headers
+			assert.Contains(t, regularOutput, "test: server-side-diff")
+			assert.Contains(t, serverSideOutput, "test: server-side-diff")
+			assert.Contains(t, regularOutput, "new: pod")
+			assert.Contains(t, serverSideOutput, "new: pod")
+		})
+}
+
+// TestServerSideDiffWithSyncedApp tests server-side diff when app is already synced (no differences)
+func TestServerSideDiffWithSyncedApp(t *testing.T) {
+	Given(t).
+		Path("guestbook").
+		When().
+		CreateApp().
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		And(func(app *Application) {
+			// Test regular diff command with synced app
+			regularOutput, err := fixture.RunCli("app", "diff", app.Name)
+			require.NoError(t, err) // no differences, should return 0
+
+			// Test server-side diff command with synced app
+			serverSideOutput, err := fixture.RunCli("app", "diff", app.Name, "--server-side-diff")
+			require.NoError(t, err) // no differences, should return 0
+
+			// Both should produce similar output (minimal/no diff output)
+			// The exact output may vary, but both should succeed without errors
+			assert.NotContains(t, regularOutput, "===== ")
+			assert.NotContains(t, serverSideOutput, "===== ")
+		})
+}
+
+// TestServerSideDiffWithRevision tests server-side diff with a specific revision
+func TestServerSideDiffWithRevision(t *testing.T) {
+	Given(t).
+		Path("two-nice-pods").
+		When().
+		CreateApp().
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		When().
+		PatchFile("pod-1.yaml", `[{"op": "add", "path": "/metadata/labels", "value": {"version": "v1.1"}}]`).
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		And(func(app *Application) {
+			// Get the current revision
+			currentRevision := ""
+			if len(app.Status.History) > 0 {
+				currentRevision = app.Status.History[len(app.Status.History)-1].Revision
+			}
+
+			if currentRevision != "" {
+				// Test server-side diff with current revision (should show no differences)
+				output, err := fixture.RunCli("app", "diff", app.Name, "--server-side-diff", "--revision", currentRevision)
+				require.NoError(t, err) // no differences expected
+				assert.NotContains(t, output, "===== ")
+			}
+		})
+}
+
+// TestServerSideDiffErrorHandling tests error scenarios for server-side diff
+func TestServerSideDiffErrorHandling(t *testing.T) {
+	Given(t).
+		Path("two-nice-pods").
+		When().
+		CreateApp().
+		Then().
+		And(func(_ *Application) {
+			// Test server-side diff with non-existent app should fail gracefully
+			_, err := fixture.RunCli("app", "diff", "non-existent-app", "--server-side-diff")
+			require.Error(t, err)
+			// Error occurred as expected - this verifies the command fails gracefully
+		})
+}
+
+// TestServerSideDiffWithLocal tests server-side diff with --local flag
+func TestServerSideDiffWithLocal(t *testing.T) {
+	Given(t).
+		Path("guestbook").
+		When().
+		CreateApp().
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		And(func(_ *Application) {
+			// Modify the live deployment in the cluster to create differences
+			// Apply patches to the deployment
+			_, err := fixture.KubeClientset.AppsV1().Deployments(fixture.DeploymentNamespace()).Patch(t.Context(),
+				"guestbook-ui", types.JSONPatchType, []byte(`[
+					{"op": "add", "path": "/spec/template/spec/containers/0/env", "value": [{"name": "LOCAL_CHANGE", "value": "true"}]},
+					{"op": "replace", "path": "/spec/replicas", "value": 2}
+				]`), metav1.PatchOptions{})
+			require.NoError(t, err)
+
+			// Verify the patch was applied by reading back the deployment
+			modifiedDeployment, err := fixture.KubeClientset.AppsV1().Deployments(fixture.DeploymentNamespace()).Get(t.Context(), "guestbook-ui", metav1.GetOptions{})
+			require.NoError(t, err)
+			assert.Equal(t, int32(2), *modifiedDeployment.Spec.Replicas, "Replica count should be updated to 2")
+			assert.Len(t, modifiedDeployment.Spec.Template.Spec.Containers[0].Env, 1, "Should have one environment variable")
+			assert.Equal(t, "LOCAL_CHANGE", modifiedDeployment.Spec.Template.Spec.Containers[0].Env[0].Name)
+		}).
+		When().
+		Refresh(RefreshTypeNormal).
+		Then().
+		Expect(SyncStatusIs(SyncStatusCodeOutOfSync)).
+		And(func(app *Application) {
+			// Test regular diff with --local (add --server-side-generate to avoid deprecation warning)
+			regularOutput, err := fixture.RunCli("app", "diff", app.Name, "--local", "testdata", "--server-side-generate")
+			require.Error(t, err) // diff command returns non-zero exit code when differences found
+			assert.Contains(t, regularOutput, "===== apps/Deployment")
+			assert.Contains(t, regularOutput, "guestbook-ui")
+			assert.Contains(t, regularOutput, "replicas:")
+
+			// Test server-side diff with --local (add --server-side-generate for consistency)
+			serverSideOutput, err := fixture.RunCli("app", "diff", app.Name, "--server-side-diff", "--local", "testdata", "--server-side-generate")
+			require.Error(t, err) // diff command returns non-zero exit code when differences found
+			assert.Contains(t, serverSideOutput, "===== apps/Deployment")
+			assert.Contains(t, serverSideOutput, "guestbook-ui")
+			assert.Contains(t, serverSideOutput, "replicas:")
+
+			// Both outputs should show similar differences
+			assert.Contains(t, regularOutput, "replicas: 2")
+			assert.Contains(t, serverSideOutput, "replicas: 2")
+		})
+}
+
+func TestServerSideDiffWithLocalValidation(t *testing.T) {
+	Given(t).
+		Path("guestbook").
+		When().
+		CreateApp().
+		Sync().
+		Then().
+		Expect(OperationPhaseIs(OperationSucceeded)).
+		Expect(SyncStatusIs(SyncStatusCodeSynced)).
+		And(func(app *Application) {
+			// Test that --server-side-diff with --local without --server-side-generate fails with proper error
+			_, err := fixture.RunCli("app", "diff", app.Name, "--server-side-diff", "--local", "testdata")
+			require.Error(t, err)
+			assert.Contains(t, err.Error(), "--server-side-diff with --local requires --server-side-generate")
+		})
+}

From c1b778a925e407b3ffc10d2a7fba7eef1f038a65 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 08:41:58 +0300
Subject: [PATCH 256/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.118.0 to 2.119.0 (#24123)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a4831ae04253a..27e4c60bc166d 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.118.0
+	github.com/casbin/casbin/v2 v2.119.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index c5177ea8fd71a..e55859d537496 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.118.0 h1:OS0E6J/KkWw3lvmW6f3h7xz4Bvlv8mv91fRk0J4QpFs=
-github.com/casbin/casbin/v2 v2.118.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.119.0 h1:lUfR0NOw9SMS0XQ+tuYJim8+T+zE9olsepnjDfAI68w=
+github.com/casbin/casbin/v2 v2.119.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From b72310160baef502977d52d2bb440dde53b61c40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 08:43:05 +0300
Subject: [PATCH 257/383] chore(deps): bump github.com/expr-lang/expr from
 1.17.5 to 1.17.6 (#24124)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 27e4c60bc166d..2ae7be56adb9b 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/dlclark/regexp2 v1.11.5
 	github.com/dustin/go-humanize v1.0.1
 	github.com/evanphx/json-patch v5.9.11+incompatible
-	github.com/expr-lang/expr v1.17.5
+	github.com/expr-lang/expr v1.17.6
 	github.com/felixge/httpsnoop v1.0.4
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68
diff --git a/go.sum b/go.sum
index e55859d537496..93bb2b866f2aa 100644
--- a/go.sum
+++ b/go.sum
@@ -257,8 +257,8 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT
 github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
 github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
-github.com/expr-lang/expr v1.17.5 h1:i1WrMvcdLF249nSNlpQZN1S6NXuW9WaOfF5tPi3aw3k=
-github.com/expr-lang/expr v1.17.5/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
+github.com/expr-lang/expr v1.17.6 h1:1h6i8ONk9cexhDmowO/A64VPxHScu7qfSl2k8OlINec=
+github.com/expr-lang/expr v1.17.6/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4=
 github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64=
 github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
 github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=

From a3440f24fcd1bcdf9394913d0cc01bf971070c1b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 08:44:44 +0300
Subject: [PATCH 258/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.137.0 to 0.138.0 (#24125)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2ae7be56adb9b..7c8831ab6dd57 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.137.0
+	gitlab.com/gitlab-org/api/client-go v0.138.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index 93bb2b866f2aa..4433b52020482 100644
--- a/go.sum
+++ b/go.sum
@@ -903,8 +903,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.137.0 h1:H26yL44qnb38Czl20pEINCJrcj63W6/BX8iKPVUKQP0=
-gitlab.com/gitlab-org/api/client-go v0.137.0/go.mod h1:AcAYES3lfkIS4zhso04S/wyUaWQmDYve2Fd9AF7C6qc=
+gitlab.com/gitlab-org/api/client-go v0.138.0 h1:2BmPq3or7PU0HqDXPsmgA2dwopRZ1RsOHbVBKNKqAAE=
+gitlab.com/gitlab-org/api/client-go v0.138.0/go.mod h1:vY0XbE86FvL7v5jCGDiaFgDyCV8YbmjIIkBhXx+ZDWM=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 1eb1bbf5f6c87d0333b0a8e0b431d8e1ea4d2a56 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 06:27:20 +0000
Subject: [PATCH 259/383] chore(deps): bump google.golang.org/grpc from 1.74.0
 to 1.74.2 (#23894)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7c8831ab6dd57..d702f8e7fd76e 100644
--- a/go.mod
+++ b/go.mod
@@ -98,7 +98,7 @@ require (
 	golang.org/x/term v0.34.0
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a
-	google.golang.org/grpc v1.74.0
+	google.golang.org/grpc v1.74.2
 	google.golang.org/protobuf v1.36.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
diff --git a/go.sum b/go.sum
index 4433b52020482..e877597839802 100644
--- a/go.sum
+++ b/go.sum
@@ -1432,8 +1432,8 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.74.0 h1:sxRSkyLxlceWQiqDofxDot3d4u7DyoHPc7SBXMj8gGY=
-google.golang.org/grpc v1.74.0/go.mod h1:NZUaK8dAMUfzhK6uxZ+9511LtOrk73UGWOFoNvz7z+s=
+google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4=
+google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=

From afcdc41f34a158c4ddb2eb5a926ff6326ba95dca Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Wed, 13 Aug 2025 07:52:19 -0700
Subject: [PATCH 260/383] docs: promote server-side diff from beta to stable
 (#24119)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/diff-strategies.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md
index 79711c6f20479..e7a5933a70f9b 100644
--- a/docs/user-guide/diff-strategies.md
+++ b/docs/user-guide/diff-strategies.md
@@ -28,9 +28,6 @@ that define default values.
 
 ## Server-Side Diff
 
-!!! warning "Beta Feature (Since v2.10.0)"
-    This feature is in the [Beta][1] stage. It is generally considered stable, but there may be unhandled edge cases.
-
 This diff strategy will execute a Server-Side Apply in dryrun mode for
 each resource of the application. The response of this operation is then
 compared with the live state in order to provide the diff results. The

From 2b3df9a1526269ce9a7326903a14ad4f5c9ffe18 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 13 Aug 2025 14:38:07 -0400
Subject: [PATCH 261/383] chore(deps): bump library/ubuntu from 25.04 to 25.10
 in /test/container (#23961)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 4ecc1b6b910d5..79fe2f7156819 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,7 +14,7 @@ FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
-FROM docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
+FROM docker.io/library/ubuntu:25.10@sha256:10b61aabaaf0123f3670112057c3b3ccf27c808ddb892ba5a4e32366bff7f3fe
 
 ENV DEBIAN_FRONTEND=noninteractive
 

From 5441b615e26bd403b503fa93a1e9ac267812c73d Mon Sep 17 00:00:00 2001
From: Jesse Hitch <jessebot@linux.com>
Date: Wed, 13 Aug 2025 20:43:52 +0200
Subject: [PATCH 262/383] docs: add Content-Type header to example curl command
 in api doc (#24127)

Signed-off-by: Jesse Hitch <jessebot@linux.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/developer-guide/api-docs.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/developer-guide/api-docs.md b/docs/developer-guide/api-docs.md
index 63e3cd901e3d3..2fb8d75185736 100644
--- a/docs/developer-guide/api-docs.md
+++ b/docs/developer-guide/api-docs.md
@@ -7,7 +7,7 @@ You can find the Swagger docs by setting the path to `/swagger-ui` in your Argo
 You'll need to authorize your API using a bearer token. To get a token:
 
 ```bash
-$ curl $ARGOCD_SERVER/api/v1/session -d $'{"username":"admin","password":"password"}'
+$ curl -H "Content-Type: application/json" $ARGOCD_SERVER/api/v1/session -d $'{"username":"admin","password":"password"}'
 {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1Njc4MTIzODcsImlzcyI6ImFyZ29jZCIsIm5iZiI6MTU2NzgxMjM4Nywic3ViIjoiYWRtaW4ifQ.ejyTgFxLhuY9mOBtKhcnvobg3QZXJ4_RusN_KIdVwao"} 
 ```
 
@@ -29,4 +29,4 @@ is specified, and the specified Application does not exist, the API will return
 
 Additionally, if the `project` query string parameter is specified and the Application exists but is not in 
 the given `project`, the API will return a `403` error. This is to prevent leaking information about the 
-existence of Applications to users who do not have access to them.
\ No newline at end of file
+existence of Applications to users who do not have access to them.

From b3e26ecb06b2345191f064acfa386b187518bd4b Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 13 Aug 2025 16:08:24 -0400
Subject: [PATCH 263/383] feat(health): CronJob health and suspend, resume and
 terminate Job actions (#23991)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/health.go                          |   3 +-
 controller/health_test.go                     |   2 +-
 docs/operator-manual/resource_actions.md      |   2 +-
 .../resource_actions_builtin.md               |   5 +
 .../CronWorkflow/actions/discovery.lua        |   4 +-
 .../WorkflowTemplate/actions/discovery.lua    |   4 +-
 .../batch/CronJob/actions/action_test.yaml    |  35 ++++-
 .../batch/CronJob/actions/discovery.lua       |  14 +-
 .../batch/CronJob/actions/resume/action.lua   |   4 +
 .../batch/CronJob/actions/suspend/action.lua  |   2 +
 .../actions/testdata/cronjob-resumed.yaml     |  34 ++++
 .../actions/testdata/cronjob-suspended.yaml   |  34 ++++
 .../batch/CronJob/actions/testdata/job.yaml   |  21 ++-
 .../batch/CronJob/health.lua                  |  40 +++++
 .../batch/CronJob/health_test.yaml            |  25 +++
 .../batch/CronJob/testdata/active.yaml        |  34 ++++
 .../batch/CronJob/testdata/degraded.yaml      |  27 ++++
 .../batch/CronJob/testdata/healthy.yaml       |  27 ++++
 .../CronJob/testdata/never-scheduled.yaml     |  25 +++
 .../CronJob/testdata/never-succeeded.yaml     |  26 ++++
 .../batch/CronJob/testdata/suspended.yaml     |  35 +++++
 .../batch/Job/actions/action_test.yaml        |  42 +++++
 .../batch/Job/actions/discovery.lua           |  30 ++++
 .../batch/Job/actions/resume/action.lua       |   4 +
 .../batch/Job/actions/suspend/action.lua      |   2 +
 .../batch/Job/actions/terminate/action.lua    |  32 ++++
 .../batch/Job/actions/testdata/active.yaml    |  21 +++
 .../batch/Job/actions/testdata/completed.yaml |  35 +++++
 .../Job/actions/testdata/created-output.yaml  |  17 ++
 .../batch/Job/actions/testdata/created.yaml   |  16 ++
 .../batch/Job/actions/testdata/failed.yaml    |  33 ++++
 .../Job/actions/testdata/resumed-output.yaml  |  28 ++++
 .../testdata/resumed-terminated-output.yaml   |  33 ++++
 .../batch/Job/actions/testdata/resumed.yaml   |  28 ++++
 .../actions/testdata/suspended-output.yaml    |  28 ++++
 .../batch/Job/actions/testdata/suspended.yaml |  28 ++++
 .../Job/actions/testdata/terminated.yaml      |  27 ++++
 util/lua/custom_actions_test.go               |  33 +++-
 util/lua/lua.go                               |   7 +-
 util/lua/lua_test.go                          | 146 ++++++++++++++++--
 40 files changed, 945 insertions(+), 48 deletions(-)
 create mode 100644 resource_customizations/batch/CronJob/actions/resume/action.lua
 create mode 100644 resource_customizations/batch/CronJob/actions/suspend/action.lua
 create mode 100644 resource_customizations/batch/CronJob/actions/testdata/cronjob-resumed.yaml
 create mode 100644 resource_customizations/batch/CronJob/actions/testdata/cronjob-suspended.yaml
 create mode 100644 resource_customizations/batch/CronJob/health.lua
 create mode 100644 resource_customizations/batch/CronJob/health_test.yaml
 create mode 100644 resource_customizations/batch/CronJob/testdata/active.yaml
 create mode 100644 resource_customizations/batch/CronJob/testdata/degraded.yaml
 create mode 100644 resource_customizations/batch/CronJob/testdata/healthy.yaml
 create mode 100644 resource_customizations/batch/CronJob/testdata/never-scheduled.yaml
 create mode 100644 resource_customizations/batch/CronJob/testdata/never-succeeded.yaml
 create mode 100644 resource_customizations/batch/CronJob/testdata/suspended.yaml
 create mode 100644 resource_customizations/batch/Job/actions/action_test.yaml
 create mode 100644 resource_customizations/batch/Job/actions/discovery.lua
 create mode 100644 resource_customizations/batch/Job/actions/resume/action.lua
 create mode 100644 resource_customizations/batch/Job/actions/suspend/action.lua
 create mode 100644 resource_customizations/batch/Job/actions/terminate/action.lua
 create mode 100644 resource_customizations/batch/Job/actions/testdata/active.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/completed.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/created-output.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/created.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/failed.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/resumed-output.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/resumed-terminated-output.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/resumed.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/suspended-output.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/suspended.yaml
 create mode 100644 resource_customizations/batch/Job/actions/testdata/terminated.yaml

diff --git a/controller/health.go b/controller/health.go
index ba2270629db81..2fe4cfc0a5f14 100644
--- a/controller/health.go
+++ b/controller/health.go
@@ -27,10 +27,9 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource
 		if res.Target != nil && hookutil.Skip(res.Target) {
 			continue
 		}
-		if res.Target != nil && res.Target.GetAnnotations() != nil && res.Target.GetAnnotations()[common.AnnotationIgnoreHealthCheck] == "true" {
+		if res.Live != nil && res.Live.GetAnnotations() != nil && res.Live.GetAnnotations()[common.AnnotationIgnoreHealthCheck] == "true" {
 			continue
 		}
-
 		if res.Live != nil && (hookutil.IsHook(res.Live) || ignore.Ignore(res.Live)) {
 			continue
 		}
diff --git a/controller/health_test.go b/controller/health_test.go
index fff2adce7373a..c09a5839408b0 100644
--- a/controller/health_test.go
+++ b/controller/health_test.go
@@ -82,7 +82,7 @@ func TestSetApplicationHealth(t *testing.T) {
 	// The app is considered healthy
 	failedJob.SetAnnotations(nil)
 	failedJobIgnoreHealthcheck := resourceFromFile("./testdata/job-failed-ignore-healthcheck.yaml")
-	resources[1].Target = &failedJobIgnoreHealthcheck
+	resources[1].Live = &failedJobIgnoreHealthcheck
 	healthStatus, err = setApplicationHealth(resources, resourceStatuses, nil, app, true)
 	require.NoError(t, err)
 	assert.Equal(t, health.HealthStatusHealthy, healthStatus)
diff --git a/docs/operator-manual/resource_actions.md b/docs/operator-manual/resource_actions.md
index f5532245f9a8f..0ab52926b46e9 100644
--- a/docs/operator-manual/resource_actions.md
+++ b/docs/operator-manual/resource_actions.md
@@ -216,7 +216,7 @@ The `fa-fw` class ensures that the icon is displayed with a fixed width, to avoi
 ```lua
 local actions = {}
 actions["create-workflow"] = {
-  ["iconClass"] = "fa fa-fw fa-play",
+  ["iconClass"] = "fa fa-fw fa-plus",
   ["displayName"] = "Create Workflow"
 }
 return actions
diff --git a/docs/operator-manual/resource_actions_builtin.md b/docs/operator-manual/resource_actions_builtin.md
index d4a59380d4a8b..4e07afa89404e 100644
--- a/docs/operator-manual/resource_actions_builtin.md
+++ b/docs/operator-manual/resource_actions_builtin.md
@@ -16,6 +16,11 @@
 - [argoproj.io/Rollout/skip-current-step](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/argoproj.io/Rollout/actions/skip-current-step/action.lua)
 - [argoproj.io/WorkflowTemplate/create-workflow](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/argoproj.io/WorkflowTemplate/actions/create-workflow/action.lua)
 - [batch/CronJob/create-job](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/batch/CronJob/actions/create-job/action.lua)
+- [batch/CronJob/resume](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/batch/CronJob/actions/resume/action.lua)
+- [batch/CronJob/suspend](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/batch/CronJob/actions/suspend/action.lua)
+- [batch/Job/resume](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/batch/Job/actions/resume/action.lua)
+- [batch/Job/suspend](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/batch/Job/actions/suspend/action.lua)
+- [batch/Job/terminate](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/batch/Job/actions/terminate/action.lua)
 - [external-secrets.io/ExternalSecret/refresh](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/external-secrets.io/ExternalSecret/actions/refresh/action.lua)
 - [external-secrets.io/PushSecret/push](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/external-secrets.io/PushSecret/actions/push/action.lua)
 - [helm.toolkit.fluxcd.io/HelmRelease/reconcile](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/helm.toolkit.fluxcd.io/HelmRelease/actions/reconcile/action.lua)
diff --git a/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua b/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua
index 9a76d96643218..80b897333c119 100644
--- a/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua
+++ b/resource_customizations/argoproj.io/CronWorkflow/actions/discovery.lua
@@ -1,6 +1,6 @@
 local actions = {}
 actions["create-workflow"] = {
-  ["iconClass"] = "fa fa-fw fa-play",
+  ["iconClass"] = "fa fa-fw fa-plus",
   ["displayName"] = "Create Workflow"
 }
-return actions
\ No newline at end of file
+return actions
diff --git a/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua b/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua
index 9a76d96643218..80b897333c119 100644
--- a/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua
+++ b/resource_customizations/argoproj.io/WorkflowTemplate/actions/discovery.lua
@@ -1,6 +1,6 @@
 local actions = {}
 actions["create-workflow"] = {
-  ["iconClass"] = "fa fa-fw fa-play",
+  ["iconClass"] = "fa fa-fw fa-plus",
   ["displayName"] = "Create Workflow"
 }
-return actions
\ No newline at end of file
+return actions
diff --git a/resource_customizations/batch/CronJob/actions/action_test.yaml b/resource_customizations/batch/CronJob/actions/action_test.yaml
index a9b5320db5721..839fe138c2a9d 100644
--- a/resource_customizations/batch/CronJob/actions/action_test.yaml
+++ b/resource_customizations/batch/CronJob/actions/action_test.yaml
@@ -1,4 +1,33 @@
+discoveryTests:
+  - inputPath: testdata/cronjob.yaml
+    result:
+      - name: create-job
+        displayName: 'Create Job'
+        iconClass: 'fa fa-fw fa-plus'
+      - name: suspend
+        iconClass: 'fa fa-fw fa-pause'
+  - inputPath: testdata/cronjob-resumed.yaml
+    result:
+      - name: create-job
+        displayName: 'Create Job'
+        iconClass: 'fa fa-fw fa-plus'
+      - name: suspend
+        iconClass: 'fa fa-fw fa-pause'
+  - inputPath: testdata/cronjob-suspended.yaml
+    result:
+      - name: create-job
+        displayName: 'Create Job'
+        iconClass: 'fa fa-fw fa-plus'
+      - name: resume
+        iconClass: 'fa fa-fw fa-play'
+
 actionTests:
-- action: create-job
-  inputPath: testdata/cronjob.yaml
-  expectedOutputPath: testdata/job.yaml
+  - action: create-job
+    inputPath: testdata/cronjob.yaml
+    expectedOutputPath: testdata/job.yaml
+  - action: suspend
+    inputPath: testdata/cronjob.yaml
+    expectedOutputPath: testdata/cronjob-suspended.yaml
+  - action: resume
+    inputPath: testdata/cronjob-suspended.yaml
+    expectedOutputPath: testdata/cronjob-resumed.yaml
diff --git a/resource_customizations/batch/CronJob/actions/discovery.lua b/resource_customizations/batch/CronJob/actions/discovery.lua
index 61be2c3500122..e11003f261a14 100644
--- a/resource_customizations/batch/CronJob/actions/discovery.lua
+++ b/resource_customizations/batch/CronJob/actions/discovery.lua
@@ -1,6 +1,10 @@
 local actions = {}
-actions["create-job"] = {
-  ["iconClass"] = "fa fa-fw fa-play",
-  ["displayName"] = "Create Job"
-}
-return actions
\ No newline at end of file
+actions["create-job"] = {["iconClass"] = "fa fa-fw fa-plus", ["displayName"] = "Create Job"}
+
+if obj.spec.suspend ~= nil and obj.spec.suspend then
+    actions["resume"] = {["iconClass"] = "fa fa-fw fa-play" }
+else
+    actions["suspend"] = {["iconClass"] = "fa fa-fw fa-pause"}
+end
+
+return actions
diff --git a/resource_customizations/batch/CronJob/actions/resume/action.lua b/resource_customizations/batch/CronJob/actions/resume/action.lua
new file mode 100644
index 0000000000000..50808c26a2e0d
--- /dev/null
+++ b/resource_customizations/batch/CronJob/actions/resume/action.lua
@@ -0,0 +1,4 @@
+if obj.spec.suspend ~= nil and obj.spec.suspend then
+    obj.spec.suspend = false
+end
+return obj
diff --git a/resource_customizations/batch/CronJob/actions/suspend/action.lua b/resource_customizations/batch/CronJob/actions/suspend/action.lua
new file mode 100644
index 0000000000000..a9bfa3db9c6fe
--- /dev/null
+++ b/resource_customizations/batch/CronJob/actions/suspend/action.lua
@@ -0,0 +1,2 @@
+obj.spec.suspend = true
+return obj
diff --git a/resource_customizations/batch/CronJob/actions/testdata/cronjob-resumed.yaml b/resource_customizations/batch/CronJob/actions/testdata/cronjob-resumed.yaml
new file mode 100644
index 0000000000000..fa7a9afbd0b5f
--- /dev/null
+++ b/resource_customizations/batch/CronJob/actions/testdata/cronjob-resumed.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: hello
+  namespace: test-ns
+  uid: '123'
+spec:
+  suspend: false
+  schedule: '* * * * *'
+  jobTemplate:
+    metadata:
+      labels:
+        my: label
+      annotations:
+        my: annotation
+    spec:
+      ttlSecondsAfterFinished: 100
+      template:
+        metadata:
+          labels:
+            pod: label
+          annotations:
+            pod: annotation
+        spec:
+          containers:
+            - name: hello
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              command:
+                - /bin/sh
+                - -c
+                - date; echo Hello from the Kubernetes cluster
+              resources: {}
+          restartPolicy: OnFailure
diff --git a/resource_customizations/batch/CronJob/actions/testdata/cronjob-suspended.yaml b/resource_customizations/batch/CronJob/actions/testdata/cronjob-suspended.yaml
new file mode 100644
index 0000000000000..15822d7ccc0d7
--- /dev/null
+++ b/resource_customizations/batch/CronJob/actions/testdata/cronjob-suspended.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: hello
+  namespace: test-ns
+  uid: '123'
+spec:
+  suspend: true
+  schedule: '* * * * *'
+  jobTemplate:
+    metadata:
+      labels:
+        my: label
+      annotations:
+        my: annotation
+    spec:
+      ttlSecondsAfterFinished: 100
+      template:
+        metadata:
+          labels:
+            pod: label
+          annotations:
+            pod: annotation
+        spec:
+          containers:
+            - name: hello
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              command:
+                - /bin/sh
+                - -c
+                - date; echo Hello from the Kubernetes cluster
+              resources: {}
+          restartPolicy: OnFailure
diff --git a/resource_customizations/batch/CronJob/actions/testdata/job.yaml b/resource_customizations/batch/CronJob/actions/testdata/job.yaml
index 322ab0480beb5..85d1997d7ca22 100644
--- a/resource_customizations/batch/CronJob/actions/testdata/job.yaml
+++ b/resource_customizations/batch/CronJob/actions/testdata/job.yaml
@@ -3,6 +3,13 @@
     apiVersion: batch/v1
     kind: Job
     metadata:
+      ownerReferences:
+        - apiVersion: batch/v1
+          blockOwnerDeletion: true
+          controller: true
+          kind: CronJob
+          name: hello
+          uid: '123'
       name: hello-00000000000
       namespace: test-ns
       labels:
@@ -20,11 +27,11 @@
             pod: annotation
         spec:
           containers:
-          - name: hello
-            image: busybox:1.28
-            imagePullPolicy: IfNotPresent
-            command:
-            - /bin/sh
-            - -c
-            - date; echo Hello from the Kubernetes cluster
+            - name: hello
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              command:
+                - /bin/sh
+                - -c
+                - date; echo Hello from the Kubernetes cluster
           restartPolicy: OnFailure
diff --git a/resource_customizations/batch/CronJob/health.lua b/resource_customizations/batch/CronJob/health.lua
new file mode 100644
index 0000000000000..4e442e4958a5d
--- /dev/null
+++ b/resource_customizations/batch/CronJob/health.lua
@@ -0,0 +1,40 @@
+hs = {}
+
+if obj.spec.suspend == true then
+    hs.status = "Suspended"
+    hs.message = "CronJob is Suspended"
+    return hs
+end
+
+if obj.status ~= nil then
+    if obj.status.active ~= nil and table.getn(obj.status.active) > 0 then
+        -- We could be Progressing very often, depending on the Cron schedule, which would bubble up
+        -- to the Application health. If this is undesired, the annotation `argocd.argoproj.io/ignore-healthcheck: "true"`
+        -- can be added on the CronJob.
+        hs.status = "Progressing"
+        hs.message = string.format("Waiting for %d Jobs to complete", table.getn(obj.status.active))
+        return hs
+    end
+
+    -- If the CronJob has no active jobs and the lastSuccessfulTime < lastScheduleTime
+    -- then we know it failed the last execution
+    if obj.status.lastScheduleTime ~= nil then
+        -- No issue comparing time as text
+        if obj.status.lastSuccessfulTime == nil or obj.status.lastSuccessfulTime < obj.status.lastScheduleTime then
+            hs.status = "Degraded"
+            hs.message = "CronJob has not completed its last execution successfully"
+            return hs
+        end
+        hs.message = "CronJob has completed its last execution successfully"
+    end
+
+    -- There is no way to know if as CronJob missed its execution based on status
+    -- so we assume Healthy even if a cronJob is not getting scheduled.
+    -- https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#job-creation
+    hs.status = "Healthy"
+    return hs
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for CronJob"
+return hs
diff --git a/resource_customizations/batch/CronJob/health_test.yaml b/resource_customizations/batch/CronJob/health_test.yaml
new file mode 100644
index 0000000000000..370ab11e66ae8
--- /dev/null
+++ b/resource_customizations/batch/CronJob/health_test.yaml
@@ -0,0 +1,25 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: CronJob has completed its last execution successfully
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Healthy
+      message: ''
+    inputPath: testdata/never-scheduled.yaml
+  - healthStatus:
+      status: Degraded
+      message: CronJob has not completed its last execution successfully
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Degraded
+      message: CronJob has not completed its last execution successfully
+    inputPath: testdata/never-succeeded.yaml
+  - healthStatus:
+      status: Progressing
+      message: Waiting for 1 Jobs to complete
+    inputPath: testdata/active.yaml
+  - healthStatus:
+      status: Suspended
+      message: CronJob is Suspended
+    inputPath: testdata/suspended.yaml
diff --git a/resource_customizations/batch/CronJob/testdata/active.yaml b/resource_customizations/batch/CronJob/testdata/active.yaml
new file mode 100644
index 0000000000000..f71ddb632073d
--- /dev/null
+++ b/resource_customizations/batch/CronJob/testdata/active.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    argocd.argoproj.io/tracking-id: test-cronjob:batch/CronJob:test-cronjob/hello
+  labels:
+    app.kubernetes.io/instance: test-cronjob
+  name: hello
+  namespace: test-cronjob
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - command:
+                - /bin/sh
+                - '-c'
+                - date; echo Hello from the Kubernetes cluster
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              name: hello
+          restartPolicy: OnFailure
+  schedule: '* * * * *'
+status:
+  active:
+    - apiVersion: batch/v1
+      kind: Job
+      name: hello-29231490
+      namespace: test-cronjob
+      resourceVersion: '21226'
+      uid: 996e6ed6-8494-4c9a-9862-93de4af310cb
+  lastScheduleTime: '2025-07-30T13:46:00Z'
+  lastSuccessfulTime: '2025-07-30T13:44:19Z'
diff --git a/resource_customizations/batch/CronJob/testdata/degraded.yaml b/resource_customizations/batch/CronJob/testdata/degraded.yaml
new file mode 100644
index 0000000000000..a734cca460db6
--- /dev/null
+++ b/resource_customizations/batch/CronJob/testdata/degraded.yaml
@@ -0,0 +1,27 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    argocd.argoproj.io/tracking-id: test-cronjob:batch/CronJob:test-cronjob/hello
+  labels:
+    app.kubernetes.io/instance: test-cronjob
+  name: hello
+  namespace: test-cronjob
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - command:
+                - /bin/sh
+                - '-c'
+                - date; echo Hello from the Kubernetes cluster
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              name: hello
+          restartPolicy: OnFailure
+  schedule: '* * * * *'
+status:
+  lastScheduleTime: '2025-07-30T13:46:00Z'
+  lastSuccessfulTime: '2025-07-30T13:44:19Z'
diff --git a/resource_customizations/batch/CronJob/testdata/healthy.yaml b/resource_customizations/batch/CronJob/testdata/healthy.yaml
new file mode 100644
index 0000000000000..8347d7f0d4486
--- /dev/null
+++ b/resource_customizations/batch/CronJob/testdata/healthy.yaml
@@ -0,0 +1,27 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    argocd.argoproj.io/tracking-id: test-cronjob:batch/CronJob:test-cronjob/hello
+  labels:
+    app.kubernetes.io/instance: test-cronjob
+  name: hello
+  namespace: test-cronjob
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - command:
+                - /bin/sh
+                - '-c'
+                - date; echo Hello from the Kubernetes cluster
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              name: hello
+          restartPolicy: OnFailure
+  schedule: '* * * * *'
+status:
+  lastScheduleTime: '2025-07-30T13:42:00Z'
+  lastSuccessfulTime: '2025-07-30T13:44:19Z'
diff --git a/resource_customizations/batch/CronJob/testdata/never-scheduled.yaml b/resource_customizations/batch/CronJob/testdata/never-scheduled.yaml
new file mode 100644
index 0000000000000..a2296ad4a693c
--- /dev/null
+++ b/resource_customizations/batch/CronJob/testdata/never-scheduled.yaml
@@ -0,0 +1,25 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    argocd.argoproj.io/tracking-id: test-cronjob:batch/CronJob:test-cronjob/hello
+  labels:
+    app.kubernetes.io/instance: test-cronjob
+  name: hello
+  namespace: test-cronjob
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - command:
+                - /bin/sh
+                - '-c'
+                - date; echo Hello from the Kubernetes cluster
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              name: hello
+          restartPolicy: OnFailure
+  schedule: '* * * * *'
+status: {}
diff --git a/resource_customizations/batch/CronJob/testdata/never-succeeded.yaml b/resource_customizations/batch/CronJob/testdata/never-succeeded.yaml
new file mode 100644
index 0000000000000..3416c309ec8d0
--- /dev/null
+++ b/resource_customizations/batch/CronJob/testdata/never-succeeded.yaml
@@ -0,0 +1,26 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    argocd.argoproj.io/tracking-id: test-cronjob:batch/CronJob:test-cronjob/hello
+  labels:
+    app.kubernetes.io/instance: test-cronjob
+  name: hello
+  namespace: test-cronjob
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - command:
+                - /bin/sh
+                - '-c'
+                - date; echo Hello from the Kubernetes cluster
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              name: hello
+          restartPolicy: OnFailure
+  schedule: '* * * * *'
+status:
+  lastScheduleTime: '2025-07-30T13:46:00Z'
diff --git a/resource_customizations/batch/CronJob/testdata/suspended.yaml b/resource_customizations/batch/CronJob/testdata/suspended.yaml
new file mode 100644
index 0000000000000..77b1f73eec029
--- /dev/null
+++ b/resource_customizations/batch/CronJob/testdata/suspended.yaml
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  annotations:
+    argocd.argoproj.io/tracking-id: test-cronjob:batch/CronJob:test-cronjob/hello
+  labels:
+    app.kubernetes.io/instance: test-cronjob
+  name: hello
+  namespace: test-cronjob
+spec:
+  suspend: true
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+            - command:
+                - /bin/sh
+                - '-c'
+                - date; echo Hello from the Kubernetes cluster
+              image: busybox:1.28
+              imagePullPolicy: IfNotPresent
+              name: hello
+          restartPolicy: OnFailure
+  schedule: '* * * * *'
+status:
+  active:
+    - apiVersion: batch/v1
+      kind: Job
+      name: hello-29231490
+      namespace: test-cronjob
+      resourceVersion: '21226'
+      uid: 996e6ed6-8494-4c9a-9862-93de4af310cb
+  lastScheduleTime: '2025-07-30T13:46:00Z'
+  lastSuccessfulTime: '2025-07-30T13:44:19Z'
diff --git a/resource_customizations/batch/Job/actions/action_test.yaml b/resource_customizations/batch/Job/actions/action_test.yaml
new file mode 100644
index 0000000000000..4375765e139c9
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/action_test.yaml
@@ -0,0 +1,42 @@
+discoveryTests:
+  - inputPath: testdata/suspended.yaml
+    result:
+      - name: resume
+        iconClass: 'fa fa-fw fa-play'
+      - name: terminate
+        iconClass: 'fa fa-fw fa-stop'
+  - inputPath: testdata/active.yaml
+    result:
+      - name: suspend
+        iconClass: 'fa fa-fw fa-pause'
+      - name: terminate
+        iconClass: 'fa fa-fw fa-stop'
+  - inputPath: testdata/completed.yaml
+    result: []
+  - inputPath: testdata/failed.yaml
+    result: []
+  - inputPath: testdata/terminated.yaml
+    result: []
+
+actionTests:
+  - action: resume
+    inputPath: testdata/suspended.yaml
+    expectedOutputPath: testdata/suspended-output.yaml
+  - action: suspend
+    inputPath: testdata/resumed.yaml
+    expectedOutputPath: testdata/resumed-output.yaml
+  - action: suspend
+    inputPath: testdata/created.yaml
+    expectedOutputPath: testdata/created-output.yaml
+  - action: terminate
+    inputPath: testdata/active.yaml
+    expectedOutputPath: testdata/terminated.yaml
+  - action: terminate
+    inputPath: testdata/resumed.yaml
+    expectedOutputPath: testdata/resumed-terminated-output.yaml
+  - action: terminate
+    inputPath: testdata/completed.yaml
+    expectedOutputPath: testdata/completed.yaml
+  - action: terminate
+    inputPath: testdata/failed.yaml
+    expectedOutputPath: testdata/failed.yaml
diff --git a/resource_customizations/batch/Job/actions/discovery.lua b/resource_customizations/batch/Job/actions/discovery.lua
new file mode 100644
index 0000000000000..1541b8e0a3b95
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/discovery.lua
@@ -0,0 +1,30 @@
+local actions = {}
+
+local completed = false
+if obj.status ~= nil then
+  if obj.status.conditions ~= nil then
+    for i, condition in pairs(obj.status.conditions) do
+      if condition.type == "Complete" and condition.status == "True" then
+        completed = true
+      elseif condition.type == "Failed" and condition.status == "True" then
+        completed = true
+      elseif condition.type == "FailureTarget" and condition.status == "True" then
+        completed = true
+      elseif condition.type == "SuccessCriteriaMet" and condition.status == "True" then
+        completed = true
+      end
+    end
+  end
+end
+
+if not(completed) and obj.spec.suspend then
+  actions["resume"] = {["iconClass"] = "fa fa-fw fa-play" }
+elseif not(completed) and (obj.spec.suspend == nil or not(obj.spec.suspend)) then
+  actions["suspend"] = {["iconClass"] = "fa fa-fw fa-pause" }
+end
+
+if not(completed) and obj.status ~= nil then
+  actions["terminate"] = {["iconClass"] = "fa fa-fw fa-stop" }
+end
+
+return actions
diff --git a/resource_customizations/batch/Job/actions/resume/action.lua b/resource_customizations/batch/Job/actions/resume/action.lua
new file mode 100644
index 0000000000000..50808c26a2e0d
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/resume/action.lua
@@ -0,0 +1,4 @@
+if obj.spec.suspend ~= nil and obj.spec.suspend then
+    obj.spec.suspend = false
+end
+return obj
diff --git a/resource_customizations/batch/Job/actions/suspend/action.lua b/resource_customizations/batch/Job/actions/suspend/action.lua
new file mode 100644
index 0000000000000..a9bfa3db9c6fe
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/suspend/action.lua
@@ -0,0 +1,2 @@
+obj.spec.suspend = true
+return obj
diff --git a/resource_customizations/batch/Job/actions/terminate/action.lua b/resource_customizations/batch/Job/actions/terminate/action.lua
new file mode 100644
index 0000000000000..7cc06261a7487
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/terminate/action.lua
@@ -0,0 +1,32 @@
+local os = require("os")
+
+local completed = false
+if obj.status ~= nil then
+
+  if obj.status.conditions ~= nil then
+    for i, condition in pairs(obj.status.conditions) do
+      if condition.type == "Complete" and condition.status == "True" then
+        completed = true
+      elseif condition.type == "Failed" and condition.status == "True" then
+        completed = true
+      elseif condition.type == "FailureTarget" and condition.status == "True" then
+        completed = true
+      elseif condition.type == "SuccessCriteriaMet" and condition.status == "True" then
+        completed = true
+      end
+    end
+  end
+
+  if not(completed) then
+    obj.status.conditions = obj.status.conditions or {}
+    table.insert(obj.status.conditions, {
+      lastTransitionTime = os.date("!%Y-%m-%dT%XZ"),
+      message = "Job was terminated explicitly through Argo CD",
+      reason = "ManuallyTerminated",
+      status = "True",
+      type = "FailureTarget"
+    })
+  end
+
+end
+return obj
diff --git a/resource_customizations/batch/Job/actions/testdata/active.yaml b/resource_customizations/batch/Job/actions/testdata/active.yaml
new file mode 100644
index 0000000000000..c179fe68b9275
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/active.yaml
@@ -0,0 +1,21 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: false
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  ready: 0
+  startTime: '2025-07-28T19:37:00Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/completed.yaml b/resource_customizations/batch/Job/actions/testdata/completed.yaml
new file mode 100644
index 0000000000000..4983c785c5d51
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/completed.yaml
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  completionTime: '2025-07-28T22:15:24Z'
+  conditions:
+    - lastProbeTime: '2025-07-28T22:15:24Z'
+      lastTransitionTime: '2025-07-28T22:15:24Z'
+      message: Reached expected number of succeeded pods
+      reason: CompletionsReached
+      status: 'True'
+      type: SuccessCriteriaMet
+    - lastProbeTime: '2025-07-28T22:15:24Z'
+      lastTransitionTime: '2025-07-28T22:15:24Z'
+      message: Reached expected number of succeeded pods
+      reason: CompletionsReached
+      status: 'True'
+      type: Complete
+  ready: 0
+  startTime: '2025-07-28T19:37:00Z'
+  succeeded: 1
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/created-output.yaml b/resource_customizations/batch/Job/actions/testdata/created-output.yaml
new file mode 100644
index 0000000000000..68de6a93ccebc
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/created-output.yaml
@@ -0,0 +1,17 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: true
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
diff --git a/resource_customizations/batch/Job/actions/testdata/created.yaml b/resource_customizations/batch/Job/actions/testdata/created.yaml
new file mode 100644
index 0000000000000..9ea5ac5f8c56d
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/created.yaml
@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
diff --git a/resource_customizations/batch/Job/actions/testdata/failed.yaml b/resource_customizations/batch/Job/actions/testdata/failed.yaml
new file mode 100644
index 0000000000000..d138d9c87f6b3
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/failed.yaml
@@ -0,0 +1,33 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: false
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastTransitionTime: '0001-01-01T00:00:00Z'
+      message: Job was terminated explicitly through Argo CD
+      reason: ManuallyTerminated
+      status: 'True'
+      type: FailureTarget
+    - lastProbeTime: '2025-07-28T20:47:17Z'
+      lastTransitionTime: '2025-07-28T20:47:17Z'
+      message: Job was terminated explicitly through Argo CD
+      reason: ManuallyTerminated
+      status: 'True'
+      type: Failed
+  ready: 0
+  startTime: '2025-07-28T19:37:00Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/resumed-output.yaml b/resource_customizations/batch/Job/actions/testdata/resumed-output.yaml
new file mode 100644
index 0000000000000..d1a01c753ad91
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/resumed-output.yaml
@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: true
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastProbeTime: '2025-07-28T22:02:46Z'
+      lastTransitionTime: '2025-07-28T22:02:46Z'
+      message: Job resumed
+      reason: JobResumed
+      status: 'False'
+      type: Suspended
+  ready: 0
+  startTime: '2025-07-28T22:02:46Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/resumed-terminated-output.yaml b/resource_customizations/batch/Job/actions/testdata/resumed-terminated-output.yaml
new file mode 100644
index 0000000000000..c92e422396cc9
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/resumed-terminated-output.yaml
@@ -0,0 +1,33 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: false
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastProbeTime: '2025-07-28T22:02:46Z'
+      lastTransitionTime: '2025-07-28T22:02:46Z'
+      message: Job resumed
+      reason: JobResumed
+      status: 'False'
+      type: Suspended
+    - lastTransitionTime: '0001-01-01T00:00:00Z'
+      message: Job was terminated explicitly through Argo CD
+      reason: ManuallyTerminated
+      status: 'True'
+      type: FailureTarget
+  ready: 0
+  startTime: '2025-07-28T22:02:46Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/resumed.yaml b/resource_customizations/batch/Job/actions/testdata/resumed.yaml
new file mode 100644
index 0000000000000..aaf121ce54884
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/resumed.yaml
@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: false
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastProbeTime: '2025-07-28T22:02:46Z'
+      lastTransitionTime: '2025-07-28T22:02:46Z'
+      message: Job resumed
+      reason: JobResumed
+      status: 'False'
+      type: Suspended
+  ready: 0
+  startTime: '2025-07-28T22:02:46Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/suspended-output.yaml b/resource_customizations/batch/Job/actions/testdata/suspended-output.yaml
new file mode 100644
index 0000000000000..c486066505491
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/suspended-output.yaml
@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: false
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastProbeTime: '2025-07-28T20:01:53Z'
+      lastTransitionTime: '2025-07-28T20:01:53Z'
+      message: Job suspended
+      reason: JobSuspended
+      status: 'True'
+      type: Suspended
+  ready: 0
+  startTime: '2025-07-28T19:37:00Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/suspended.yaml b/resource_customizations/batch/Job/actions/testdata/suspended.yaml
new file mode 100644
index 0000000000000..a546336ce0b64
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/suspended.yaml
@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: true
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastProbeTime: '2025-07-28T20:01:53Z'
+      lastTransitionTime: '2025-07-28T20:01:53Z'
+      message: Job suspended
+      reason: JobSuspended
+      status: 'True'
+      type: Suspended
+  ready: 0
+  startTime: '2025-07-28T19:37:00Z'
+  terminating: 0
diff --git a/resource_customizations/batch/Job/actions/testdata/terminated.yaml b/resource_customizations/batch/Job/actions/testdata/terminated.yaml
new file mode 100644
index 0000000000000..e258dab1b96e0
--- /dev/null
+++ b/resource_customizations/batch/Job/actions/testdata/terminated.yaml
@@ -0,0 +1,27 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: test-29228857
+spec:
+  suspend: false
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - date; echo Hello from the Kubernetes cluster
+          image: busybox:1.28
+          imagePullPolicy: IfNotPresent
+          name: hello
+      restartPolicy: OnFailure
+status:
+  conditions:
+    - lastTransitionTime: '0001-01-01T00:00:00Z'
+      message: Job was terminated explicitly through Argo CD
+      reason: ManuallyTerminated
+      status: 'True'
+      type: FailureTarget
+  ready: 0
+  startTime: '2025-07-28T19:37:00Z'
+  terminating: 0
diff --git a/util/lua/custom_actions_test.go b/util/lua/custom_actions_test.go
index 1e525906628e7..ff2f4dad31a62 100644
--- a/util/lua/custom_actions_test.go
+++ b/util/lua/custom_actions_test.go
@@ -26,13 +26,9 @@ func (t testNormalizer) Normalize(un *unstructured.Unstructured) error {
 	if un == nil {
 		return nil
 	}
-	if un.GetKind() == "Job" {
-		err := unstructured.SetNestedField(un.Object, map[string]any{"name": "not sure why this works"}, "metadata")
-		if err != nil {
-			return fmt.Errorf("failed to normalize Job: %w", err)
-		}
-	}
 	switch un.GetKind() {
+	case "Job":
+		return t.normalizeJob(un)
 	case "DaemonSet", "Deployment", "StatefulSet":
 		err := unstructured.SetNestedStringMap(un.Object, map[string]string{"kubectl.kubernetes.io/restartedAt": "0001-01-01T00:00:00Z"}, "spec", "template", "metadata", "annotations")
 		if err != nil {
@@ -85,6 +81,28 @@ func (t testNormalizer) Normalize(un *unstructured.Unstructured) error {
 	return nil
 }
 
+func (t testNormalizer) normalizeJob(un *unstructured.Unstructured) error {
+	if conditions, exist, err := unstructured.NestedSlice(un.Object, "status", "conditions"); err != nil {
+		return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err)
+	} else if exist {
+		changed := false
+		for i := range conditions {
+			condition := conditions[i].(map[string]any)
+			cType := condition["type"].(string)
+			if cType == "FailureTarget" {
+				condition["lastTransitionTime"] = "0001-01-01T00:00:00Z"
+				changed = true
+			}
+		}
+		if changed {
+			if err := unstructured.SetNestedSlice(un.Object, conditions, "status", "conditions"); err != nil {
+				return fmt.Errorf("failed to normalize %s: %w", un.GetKind(), err)
+			}
+		}
+	}
+	return nil
+}
+
 type ActionTestStructure struct {
 	DiscoveryTests []IndividualDiscoveryTest `yaml:"discoveryTests"`
 	ActionTests    []IndividualActionTest    `yaml:"actionTests"`
@@ -208,8 +226,7 @@ func TestLuaResourceActionsScript(t *testing.T) {
 						assert.Equal(t, sourceObj.GetNamespace(), result.GetNamespace())
 					case CreateOperation:
 						switch result.GetKind() {
-						case "Job":
-						case "Workflow":
+						case "Job", "Workflow":
 							// The name of the created resource is derived from the source object name, so the returned name is not actually equal to the testdata output name
 							result.SetName(expectedObj.GetName())
 						}
diff --git a/util/lua/lua.go b/util/lua/lua.go
index abdc88f84a961..ddc1aff788833 100644
--- a/util/lua/lua.go
+++ b/util/lua/lua.go
@@ -290,7 +290,8 @@ func cleanReturnedObj(newObj, obj map[string]any) map[string]any {
 				switch oldValue := oldValueInterface.(type) {
 				case map[string]any:
 					if len(newValue) == 0 {
-						mapToReturn[key] = oldValue
+						// Lua incorrectly decoded the empty object as an empty array, so set it to an empty object
+						mapToReturn[key] = map[string]any{}
 					}
 				case []any:
 					newArray := cleanReturnedArray(newValue, oldValue)
@@ -307,6 +308,10 @@ func cleanReturnedObj(newObj, obj map[string]any) map[string]any {
 func cleanReturnedArray(newObj, obj []any) []any {
 	arrayToReturn := newObj
 	for i := range newObj {
+		if i >= len(obj) {
+			// If the new object is longer than the old one, we added an item to the array
+			break
+		}
 		switch newValue := newObj[i].(type) {
 		case map[string]any:
 			if oldValue, ok := obj[i].(map[string]any); ok {
diff --git a/util/lua/lua_test.go b/util/lua/lua_test.go
index 7e0a49fc05c3c..3f1f59aace9cf 100644
--- a/util/lua/lua_test.go
+++ b/util/lua/lua_test.go
@@ -705,7 +705,9 @@ func TestExecuteResourceActionInvalidUnstructured(t *testing.T) {
 	require.Error(t, err)
 }
 
-const objWithEmptyStruct = `
+func TestCleanPatch(t *testing.T) {
+	t.Run("Empty Struct preserved", func(t *testing.T) {
+		const obj = `
 apiVersion: argoproj.io/v1alpha1
 kind: Test
 metadata:
@@ -717,7 +719,8 @@ metadata:
   resourceVersion: "123"
 spec:
   resources: {}
-  paused: true
+  updated:
+    something: true
   containers:
    - name: name1
      test: {}
@@ -725,8 +728,7 @@ spec:
      - name: name2
        test2: {}
 `
-
-const expectedUpdatedObjWithEmptyStruct = `
+		const expected = `
 apiVersion: argoproj.io/v1alpha1
 kind: Test
 metadata:
@@ -738,7 +740,7 @@ metadata:
   resourceVersion: "123"
 spec:
   resources: {}
-  paused: false
+  updated: {}
   containers:
    - name: name1
      test: {}
@@ -746,21 +748,133 @@ spec:
      - name: name2
        test2: {}
 `
+		const luaAction = `
+obj.spec.updated = {}
+return obj
+`
+		testObj := StrToUnstructured(obj)
+		expectedObj := StrToUnstructured(expected)
+		vm := VM{}
+		newObjects, err := vm.ExecuteResourceAction(testObj, luaAction, nil)
+		require.NoError(t, err)
+		assert.Len(t, newObjects, 1)
+		assert.Equal(t, newObjects[0].K8SOperation, K8SOperation("patch"))
+		assert.Equal(t, expectedObj, newObjects[0].UnstructuredObj)
+	})
 
-const pausedToFalseLua = `
-obj.spec.paused = false
+	t.Run("New item added to array", func(t *testing.T) {
+		const obj = `
+apiVersion: argoproj.io/v1alpha1
+kind: Test
+metadata:
+  labels:
+    app.kubernetes.io/instance: helm-guestbook
+    test: test
+  name: helm-guestbook
+  namespace: default
+  resourceVersion: "123"
+spec:
+  containers:
+   - name: name1
+     test: {}
+     anotherList:
+     - name: name2
+       test2: {}
+`
+		const expected = `
+apiVersion: argoproj.io/v1alpha1
+kind: Test
+metadata:
+  labels:
+    app.kubernetes.io/instance: helm-guestbook
+    test: test
+  name: helm-guestbook
+  namespace: default
+  resourceVersion: "123"
+spec:
+  containers:
+   - name: name1
+     test: {}
+     anotherList:
+     - name: name2
+       test2: {}
+   - name: added
+     #test: {}       ### would be decoded as an empty array and is not supported. The type is unknown
+     testArray: []   ### works since it is decoded in the correct type
+     another:
+       supported: true
+`
+		// `test: {}` in new container would be decoded as an empty array and is not supported. The type is unknown
+		// `testArray: []` works since it is decoded in the correct type
+		const luaAction = `
+table.insert(obj.spec.containers, {name = "added", testArray = {}, another = {supported = true}})
 return obj
 `
+		testObj := StrToUnstructured(obj)
+		expectedObj := StrToUnstructured(expected)
+		vm := VM{}
+		newObjects, err := vm.ExecuteResourceAction(testObj, luaAction, nil)
+		require.NoError(t, err)
+		assert.Len(t, newObjects, 1)
+		assert.Equal(t, newObjects[0].K8SOperation, K8SOperation("patch"))
+		assert.Equal(t, expectedObj, newObjects[0].UnstructuredObj)
+	})
 
-func TestCleanPatch(t *testing.T) {
-	testObj := StrToUnstructured(objWithEmptyStruct)
-	expectedObj := StrToUnstructured(expectedUpdatedObjWithEmptyStruct)
-	vm := VM{}
-	newObjects, err := vm.ExecuteResourceAction(testObj, pausedToFalseLua, nil)
-	require.NoError(t, err)
-	assert.Len(t, newObjects, 1)
-	assert.Equal(t, newObjects[0].K8SOperation, K8SOperation("patch"))
-	assert.Equal(t, expectedObj, newObjects[0].UnstructuredObj)
+	t.Run("Last item removed from array", func(t *testing.T) {
+		const obj = `
+apiVersion: argoproj.io/v1alpha1
+kind: Test
+metadata:
+  labels:
+    app.kubernetes.io/instance: helm-guestbook
+    test: test
+  name: helm-guestbook
+  namespace: default
+  resourceVersion: "123"
+spec:
+  containers:
+   - name: name1
+     test: {}
+     anotherList:
+     - name: name2
+       test2: {}
+   - name: name3
+     test: {}
+     anotherList:
+     - name: name4
+       test2: {}
+`
+		const expected = `
+apiVersion: argoproj.io/v1alpha1
+kind: Test
+metadata:
+  labels:
+    app.kubernetes.io/instance: helm-guestbook
+    test: test
+  name: helm-guestbook
+  namespace: default
+  resourceVersion: "123"
+spec:
+  containers:
+   - name: name1
+     test: {}
+     anotherList:
+     - name: name2
+       test2: {}
+`
+		const luaAction = `
+table.remove(obj.spec.containers)
+return obj
+`
+		testObj := StrToUnstructured(obj)
+		expectedObj := StrToUnstructured(expected)
+		vm := VM{}
+		newObjects, err := vm.ExecuteResourceAction(testObj, luaAction, nil)
+		require.NoError(t, err)
+		assert.Len(t, newObjects, 1)
+		assert.Equal(t, newObjects[0].K8SOperation, K8SOperation("patch"))
+		assert.Equal(t, expectedObj, newObjects[0].UnstructuredObj)
+	})
 }
 
 func TestGetResourceHealth(t *testing.T) {

From aa3d1c904d9825e1a876f1abbff3eaa89e811b2e Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Wed, 13 Aug 2025 19:41:24 -0700
Subject: [PATCH 264/383] docs: promote server-side diff stable (#24138)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/feature-maturity.md | 5 -----
 docs/user-guide/diff-strategies.md       | 1 +
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/docs/operator-manual/feature-maturity.md b/docs/operator-manual/feature-maturity.md
index 84f26772388c4..bcaa5a84e13a8 100644
--- a/docs/operator-manual/feature-maturity.md
+++ b/docs/operator-manual/feature-maturity.md
@@ -22,7 +22,6 @@ to indicate their stability and maturity. These are the statuses of non-stable f
 | [AppSets in any Namespace][5]             | v2.8.0     | Beta   |
 | [Cluster Sharding: round-robin][6]        | v2.8.0     | Alpha  |
 | [Dynamic Cluster Distribution][7]         | v2.9.0     | Alpha  |
-| [Server Side Diff][8]                     | v2.10.0    | Beta   |
 | [Cluster Sharding: consistent-hashing][9] | v2.12.0    | Alpha  |
 | [Service Account Impersonation][10]       | v2.13.0    | Alpha  |
 | [Source Hydrator][11]                     | v2.14.0    | Alpha  |
@@ -33,8 +32,6 @@ to indicate their stability and maturity. These are the statuses of non-stable f
 
 | Feature                         | Property                                                                                | Status |
 | ------------------------------- | --------------------------------------------------------------------------------------- | ------ |
-| [Server Side Diff][8]           | `metadata.annotations[argocd.argoproj.io/compare-options]: ServerSideDiff=true`         | Beta   |
-| [Server Side Diff][8]           | `metadata.annotations[argocd.argoproj.io/compare-options]: IncludeMutationWebhook=true` | Beta   |
 | [Skip Application Reconcile][4] | `metadata.annotations[argocd.argoproj.io/skip-reconcile]`                               | Alpha  |
 
 ### AppProject CRD
@@ -60,8 +57,6 @@ to indicate their stability and maturity. These are the statuses of non-stable f
 | [AppSets in any Namespace][5]             | `Deployment/argocd-applicationset-controller` | `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS`     | Beta   |
 | [AppSets in any Namespace][5]             | `Deployment/argocd-applicationset-controller` | `ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES`               | Beta   |
 | [AppSets in any Namespace][5]             | `ConfigMap/argocd-cmd-params-cm`              | `applicationsetcontroller.namespaces`                       | Beta   |
-| [Server Side Diff][8]                     | `ConfigMap/argocd-cmd-params-cm`              | `controller.diff.server.side`                               | Beta   |
-| [Server Side Diff][8]                     | `StatefulSet/argocd-application-controller`   | `ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF`            | Beta   |
 | [AppSet Progressive Syncs][2]             | `ConfigMap/argocd-cmd-params-cm`              | `applicationsetcontroller.enable.progressive.syncs`         | Alpha  |
 | [AppSet Progressive Syncs][2]             | `Deployment/argocd-applicationset-controller` | `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS` | Alpha  |
 | [Proxy Extensions][3]                     | `ConfigMap/argocd-cmd-params-cm`              | `server.enable.proxy.extension`                             | Alpha  |
diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md
index e7a5933a70f9b..d8d6f4f9328df 100644
--- a/docs/user-guide/diff-strategies.md
+++ b/docs/user-guide/diff-strategies.md
@@ -27,6 +27,7 @@ are some challenges using this strategy to calculate diffs for CRDs
 that define default values.
 
 ## Server-Side Diff
+*Current Status: Stable (Since v3.1.0)*
 
 This diff strategy will execute a Server-Side Apply in dryrun mode for
 each resource of the application. The response of this operation is then

From baab05d89821cace6d0bcb36285c694bb07e502f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 14 Aug 2025 08:15:56 +0300
Subject: [PATCH 265/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.138.0 to 0.139.0 (#24141)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d702f8e7fd76e..967c5d2270313 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.138.0
+	gitlab.com/gitlab-org/api/client-go v0.139.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index e877597839802..d7ddb2d9a9f46 100644
--- a/go.sum
+++ b/go.sum
@@ -903,8 +903,8 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.138.0 h1:2BmPq3or7PU0HqDXPsmgA2dwopRZ1RsOHbVBKNKqAAE=
-gitlab.com/gitlab-org/api/client-go v0.138.0/go.mod h1:vY0XbE86FvL7v5jCGDiaFgDyCV8YbmjIIkBhXx+ZDWM=
+gitlab.com/gitlab-org/api/client-go v0.139.0 h1:vowWNd02ifl0dv7RulWpGDmTgD42SGFEZ28FQg9yDQA=
+gitlab.com/gitlab-org/api/client-go v0.139.0/go.mod h1:vY0XbE86FvL7v5jCGDiaFgDyCV8YbmjIIkBhXx+ZDWM=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From ac41feaf4dbe2c1ee176222d65fc11635fe74f37 Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Thu, 14 Aug 2025 00:01:55 -1000
Subject: [PATCH 266/383] chore: upgrade to go 1.25 (#24148)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml             |   4 +-
 .github/workflows/image.yaml                |   4 +-
 .github/workflows/release.yaml              |   4 +-
 Dockerfile                                  |   4 +-
 Dockerfile.tilt                             |   2 +-
 go.mod                                      |   9 +-
 go.sum                                      | 121 +++-----------------
 hack/installers/install-codegen-go-tools.sh |   7 +-
 hack/installers/install-lint-tools.sh       |   2 +-
 test/container/Dockerfile                   |   2 +-
 test/remote/Dockerfile                      |   2 +-
 11 files changed, 40 insertions(+), 121 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 6476e0c17eb82..7b8d8a72d6bba 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -14,7 +14,7 @@ on:
 env:
   # Golang version to use across CI steps
   # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.24.6'
+  GOLANG_VERSION: '1.25.0'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -112,7 +112,7 @@ jobs:
         uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
         with:
           # renovate: datasource=go packageName=github.com/golangci/golangci-lint versioning=regex:^v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)?$
-          version: v2.3.0
+          version: v2.4.0
           args: --verbose
 
   test-go:
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index 8389f703f9656..79223da2e657a 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -53,7 +53,7 @@ jobs:
     with:
       # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
       # renovate: datasource=golang-version packageName=golang
-      go-version: 1.24.6
+      go-version: 1.25.0
       platforms: ${{ needs.set-vars.outputs.platforms }}
       push: false
 
@@ -70,7 +70,7 @@ jobs:
       ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }}
       # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
       # renovate: datasource=golang-version packageName=golang
-      go-version: 1.24.6
+      go-version: 1.25.0
       platforms: ${{ needs.set-vars.outputs.platforms }}
       push: true
     secrets:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e50296c483c7d..ed1838125b555 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -11,7 +11,7 @@ permissions: {}
 
 env:
   # renovate: datasource=golang-version packageName=golang
-  GOLANG_VERSION: '1.24.6' # Note: go-version must also be set in job argocd-image.with.go-version
+  GOLANG_VERSION: '1.25.0' # Note: go-version must also be set in job argocd-image.with.go-version
 
 jobs:
   argocd-image:
@@ -25,7 +25,7 @@ jobs:
       quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }}
       # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations)
       # renovate: datasource=golang-version packageName=golang
-      go-version: 1.24.6
+      go-version: 1.25.0
       platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
       push: true
     secrets:
diff --git a/Dockerfile b/Dockerfile
index eb6611da1615d..7e304b9221d2a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS builder
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.25.0@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8f5129b8885bed9d43f058f7f3ed6 AS builder
 
 WORKDIR /tmp
 
@@ -103,7 +103,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP
 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS argocd-build
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.25.0@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8f5129b8885bed9d43f058f7f3ed6 AS argocd-build
 
 WORKDIR /go/src/github.com/argoproj/argo-cd
 
diff --git a/Dockerfile.tilt b/Dockerfile.tilt
index 6e1b2d4624763..94840ac179559 100644
--- a/Dockerfile.tilt
+++ b/Dockerfile.tilt
@@ -1,4 +1,4 @@
-FROM docker.io/library/golang:1.24.1@sha256:c5adecdb7b3f8c5ca3c88648a861882849cc8b02fed68ece31e25de88ad13418 
+FROM docker.io/library/golang:1.25.0@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8f5129b8885bed9d43f058f7f3ed6
 
 ENV DEBIAN_FRONTEND=noninteractive
 
diff --git a/go.mod b/go.mod
index 967c5d2270313..bc92901707f46 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/argoproj/argo-cd/v3
 
-go 1.24.6
+go 1.25.0
 
 require (
 	code.gitea.io/sdk/gitea v0.21.0
@@ -108,7 +108,7 @@ require (
 	k8s.io/client-go v0.33.1
 	k8s.io/code-generator v0.33.1
 	k8s.io/klog/v2 v2.130.1
-	k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a
+	k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e
 	k8s.io/kubectl v0.33.1
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
 	layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427
@@ -192,7 +192,7 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang/glog v1.2.5 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
-	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-github/v72 v72.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
@@ -288,7 +288,7 @@ require (
 	k8s.io/component-base v0.33.1 // indirect
 	k8s.io/component-helpers v0.33.1 // indirect
 	k8s.io/controller-manager v0.33.1 // indirect
-	k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 // indirect
+	k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect
 	k8s.io/kube-aggregator v0.33.1 // indirect
 	k8s.io/kubernetes v1.33.1 // indirect
 	nhooyr.io/websocket v1.8.7 // indirect
@@ -301,6 +301,7 @@ require (
 replace (
 	github.com/golang/protobuf => github.com/golang/protobuf v1.5.4
 	github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0
+	golang.org/x/tools => golang.org/x/tools v0.35.0
 
 	// Avoid CVE-2022-3064
 	gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0
diff --git a/go.sum b/go.sum
index d7ddb2d9a9f46..befc9df2b0e6c 100644
--- a/go.sum
+++ b/go.sum
@@ -421,8 +421,9 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
 github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
 github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
+github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
+github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -895,11 +896,6 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
 github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
@@ -964,13 +960,10 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
@@ -981,6 +974,8 @@ golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/
 golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
 golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
 golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1015,21 +1010,15 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
-golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
 golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1064,13 +1053,11 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -1086,9 +1073,7 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
 golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
@@ -1099,6 +1084,8 @@ golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
 golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
 golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -1118,18 +1105,12 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1180,7 +1161,6 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1202,7 +1182,6 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
@@ -1214,10 +1193,11 @@ golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
-golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
+golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1230,9 +1210,7 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
-golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
@@ -1243,6 +1221,8 @@ golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
 golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
 golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1267,6 +1247,8 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
 golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
 golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1275,77 +1257,12 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
-golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
-golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
-golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
-golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
-golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
-golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
-golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
-golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
-golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=
 golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1503,8 +1420,8 @@ k8s.io/component-helpers v0.33.1/go.mod h1:LQwxW5L3dH7341Unj+phndJu0Ic5UjxA//7FT
 k8s.io/controller-manager v0.33.1 h1:ZYTzGp2f9TVhHCvrgSQtc367yR+D3UditkHDHCZc2GU=
 k8s.io/controller-manager v0.33.1/go.mod h1:p1yW7I5NFIuhXvSW9Wa/MdN3oIqXd2DRDgacb/hcUF0=
 k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
-k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7 h1:2OX19X59HxDprNCVrWi6jb7LW1PoqTlYqEq5H2oetog=
-k8s.io/gengo/v2 v2.0.0-20250207200755-1244d31929d7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
+k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q=
+k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
@@ -1513,8 +1430,8 @@ k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-aggregator v0.33.1 h1:PigQUqAvd6Y4hBjQAqhKz3lEJC2VHLL4bSOEuS06a40=
 k8s.io/kube-aggregator v0.33.1/go.mod h1:16/wlU5Lj7hNJSv7JSu5FLvxyrgiJVLCHzfVoECAsuI=
 k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
-k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a h1:ZV3Zr+/7s7aVbjNGICQt+ppKWsF1tehxggNfbM7XnG8=
-k8s.io/kube-openapi v0.0.0-20250610211856-8b98d1ed966a/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
+k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e h1:UGI9rv1A2cV87NhXr4s+AUBxIuoo/SME/IyJ3b6KztE=
+k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e/go.mod h1:GLOk5B+hDbRROvt0X2+hqX64v/zO3vXN7J78OUmBSKw=
 k8s.io/kubectl v0.33.1 h1:OJUXa6FV5bap6iRy345ezEjU9dTLxqv1zFTVqmeHb6A=
 k8s.io/kubectl v0.33.1/go.mod h1:Z07pGqXoP4NgITlPRrnmiM3qnoo1QrK1zjw85Aiz8J0=
 k8s.io/kubernetes v1.33.1 h1:86+VVY/f11taZdpEZrNciLw1MIQhu6BFXf/OMFn5EUg=
diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh
index 76d1b084115b8..dd55a448b645c 100755
--- a/hack/installers/install-codegen-go-tools.sh
+++ b/hack/installers/install-codegen-go-tools.sh
@@ -41,8 +41,9 @@ go_mod_install k8s.io/code-generator/cmd/defaulter-gen
 go_mod_install k8s.io/code-generator/cmd/informer-gen
 go_mod_install k8s.io/code-generator/cmd/lister-gen
 
-# We still install openapi-gen from go.mod since upstream does not utilize release tags
-go_mod_install k8s.io/kube-openapi/cmd/openapi-gen
+# We still install openapi-gen from go.mod since upstream does not utilize release tags. Use go install in order for
+# replace directives to be respected.
+go install k8s.io/kube-openapi/cmd/openapi-gen
 
 # controller-gen is run by ./hack/gen-crd-spec to generate the CRDs
 go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.18.0
@@ -51,7 +52,7 @@ go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.18.0
 go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0
 
 # goimports is used to auto-format generated code
-go install golang.org/x/tools/cmd/goimports@v0.1.8
+go install golang.org/x/tools/cmd/goimports@v0.35.0
 
 # mockery is used to generate mock
 # renovate: datasource=go packageName=github.com/vektra/mockery/v3
diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh
index c727cc2c4fb9f..5dfcfc39483a3 100755
--- a/hack/installers/install-lint-tools.sh
+++ b/hack/installers/install-lint-tools.sh
@@ -2,6 +2,6 @@
 set -eux -o pipefail
 
 # renovate: datasource=go packageName=github.com/golangci/golangci-lint
-GOLANGCI_LINT_VERSION=2.3.0
+GOLANGCI_LINT_VERSION=2.4.0
 
 GO111MODULE=on go install "github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v${GOLANGCI_LINT_VERSION}"
diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 79fe2f7156819..c714471d09824 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -8,7 +8,7 @@ RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu
 # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version
 FROM docker.io/library/node:22.9.0@sha256:69e667a79aa41ec0db50bc452a60e705ca16f35285eaf037ebe627a65a5cdf52 AS node
 
-FROM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS golang
+FROM docker.io/library/golang:1.25.0@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8f5129b8885bed9d43f058f7f3ed6 AS golang
 
 FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439b3f7c958c9c2fb941049ea6531d AS registry
 
diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile
index 24eaaee8d1ca4..f15c0d2292549 100644
--- a/test/remote/Dockerfile
+++ b/test/remote/Dockerfile
@@ -1,6 +1,6 @@
 ARG BASE_IMAGE=docker.io/library/ubuntu:25.04@sha256:10bb10bb062de665d4dc3e0ea36715270ead632cfcb74d08ca2273712a0dfb42
 
-FROM docker.io/library/golang:1.24.6@sha256:2c89c41fb9efc3807029b59af69645867cfe978d2b877d475be0d72f6c6ce6f6 AS go
+FROM docker.io/library/golang:1.25.0@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8f5129b8885bed9d43f058f7f3ed6 AS go
 
 RUN go install github.com/mattn/goreman@latest && \
     go install github.com/kisielk/godepgraph@latest

From 965532b8ad23ba71f53a35a3cba1bac0626ba52c Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Thu, 14 Aug 2025 00:27:40 -1000
Subject: [PATCH 267/383] chore: add oci env vars to manifests (#24113)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/argocd-cmd-params-cm.yaml |  6 ++++++
 .../argocd-repo-server-deployment.yaml         | 18 ++++++++++++++++++
 manifests/core-install-with-hydrator.yaml      | 18 ++++++++++++++++++
 manifests/core-install.yaml                    | 18 ++++++++++++++++++
 manifests/ha/install-with-hydrator.yaml        | 18 ++++++++++++++++++
 manifests/ha/install.yaml                      | 18 ++++++++++++++++++
 .../ha/namespace-install-with-hydrator.yaml    | 18 ++++++++++++++++++
 manifests/ha/namespace-install.yaml            | 18 ++++++++++++++++++
 manifests/install-with-hydrator.yaml           | 18 ++++++++++++++++++
 manifests/install.yaml                         | 18 ++++++++++++++++++
 manifests/namespace-install-with-hydrator.yaml | 18 ++++++++++++++++++
 manifests/namespace-install.yaml               | 18 ++++++++++++++++++
 12 files changed, 204 insertions(+)

diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml
index ed79acfaabe11..f2edfd644d381 100644
--- a/docs/operator-manual/argocd-cmd-params-cm.yaml
+++ b/docs/operator-manual/argocd-cmd-params-cm.yaml
@@ -205,6 +205,12 @@ data:
   reposerver.streamed.manifest.max.tar.size: "100M"
   # Maximum size of extracted manifests when streaming manifests to the repo server for generation
   reposerver.streamed.manifest.max.extracted.size: "1G"
+  # Maximum size of extracted manifests when streaming manifests to the repo server for generation
+  reposerver.oci.manifest.max.extracted.size: "1G"
+  # Whether to disable manifest size check for OCI artifacts
+  reposerver.disable.oci.manifest.max.extracted.size: "false"
+  # The allowlist of the OCI media types which the repo-server will make use of. If an OCI media type for a given artifact is not in the given list, the repo-server will return an error.
+  reposerver.oci.layer.media.types: "application/vnd.oci.image.layer.v1.tar,application/vnd.oci.image.layer.v1.tar+gzip,application/vnd.cncf.helm.chart.content.v1.tar+gzip"
   # Enable git submodule support
   reposerver.enable.git.submodule: "true"
   # Number of concurrent git ls-remote requests. Any value less than 1 means no limit.
diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml
index f5237c41f0d85..615520d04a60f 100644
--- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml
+++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml
@@ -199,6 +199,24 @@ spec:
                 name: argocd-cmd-params-cm
                 key: reposerver.disable.helm.manifest.max.extracted.size
                 optional: true
+          - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+            valueFrom:
+              configMapKeyRef:
+                key: reposerver.oci.manifest.max.extracted.size
+                name: argocd-cmd-params-cm
+                optional: true
+          - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+            valueFrom:
+              configMapKeyRef:
+                key: reposerver.disable.oci.manifest.max.extracted.size
+                name: argocd-cmd-params-cm
+                optional: true
+          - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+            valueFrom:
+              configMapKeyRef:
+                key: reposerver.oci.layer.media.types
+                name: argocd-cmd-params-cm
+                optional: true
           - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
             valueFrom:
               configMapKeyRef:
diff --git a/manifests/core-install-with-hydrator.yaml b/manifests/core-install-with-hydrator.yaml
index 497fed3b7c75b..e96ef9f328beb 100644
--- a/manifests/core-install-with-hydrator.yaml
+++ b/manifests/core-install-with-hydrator.yaml
@@ -25299,6 +25299,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml
index 3388c5a672d14..d34a4c765a22c 100644
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -25133,6 +25133,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/ha/install-with-hydrator.yaml b/manifests/ha/install-with-hydrator.yaml
index 9f53494363e17..90293769549c0 100644
--- a/manifests/ha/install-with-hydrator.yaml
+++ b/manifests/ha/install-with-hydrator.yaml
@@ -27005,6 +27005,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml
index 40cdb52ec9171..4c811416ed719 100644
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -26841,6 +26841,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/ha/namespace-install-with-hydrator.yaml b/manifests/ha/namespace-install-with-hydrator.yaml
index 2bef545941eeb..5be9f93260872 100644
--- a/manifests/ha/namespace-install-with-hydrator.yaml
+++ b/manifests/ha/namespace-install-with-hydrator.yaml
@@ -2810,6 +2810,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml
index 460233cf9cacb..58853911d58a6 100644
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -2646,6 +2646,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/install-with-hydrator.yaml b/manifests/install-with-hydrator.yaml
index fcd0c63d0bd11..37a49f17ef3df 100644
--- a/manifests/install-with-hydrator.yaml
+++ b/manifests/install-with-hydrator.yaml
@@ -25964,6 +25964,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/install.yaml b/manifests/install.yaml
index 6753c57f4b9d4..dbd944cb23334 100644
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -25798,6 +25798,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/namespace-install-with-hydrator.yaml b/manifests/namespace-install-with-hydrator.yaml
index fd115ff4d0cab..2c5b72242bc55 100644
--- a/manifests/namespace-install-with-hydrator.yaml
+++ b/manifests/namespace-install-with-hydrator.yaml
@@ -1769,6 +1769,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:
diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml
index 4d64743c092f1..d8d45a81490a1 100644
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -1603,6 +1603,24 @@ spec:
               key: reposerver.disable.helm.manifest.max.extracted.size
               name: argocd-cmd-params-cm
               optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.disable.oci.manifest.max.extracted.size
+              name: argocd-cmd-params-cm
+              optional: true
+        - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
+          valueFrom:
+            configMapKeyRef:
+              key: reposerver.oci.layer.media.types
+              name: argocd-cmd-params-cm
+              optional: true
         - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
           valueFrom:
             configMapKeyRef:

From 4a0c77c1ae5f0cfa2a6d5295879b8c6e3a36b8d5 Mon Sep 17 00:00:00 2001
From: Anand Francis Joseph <anjoseph@redhat.com>
Date: Thu, 14 Aug 2025 18:31:19 +0530
Subject: [PATCH 268/383] fix(util): Fix default key exchange algorthims used
 for SSH connection to be FIPS compliant (#24086)

Signed-off-by: anandf <anjoseph@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/git/ssh.go | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/util/git/ssh.go b/util/git/ssh.go
index a1cb337a80e63..36e4ab67a4698 100644
--- a/util/git/ssh.go
+++ b/util/git/ssh.go
@@ -1,13 +1,14 @@
 package git
 
 import (
+	"crypto/fips140"
 	"fmt"
 
 	gitssh "github.com/go-git/go-git/v5/plumbing/transport/ssh"
 	"golang.org/x/crypto/ssh"
 )
 
-// List of all currently supported algorithms for SSH key exchange
+// SupportedSSHKeyExchangeAlgorithms is a list of all currently supported algorithms for SSH key exchange
 // Unfortunately, crypto/ssh does not offer public constants or list for
 // this.
 var SupportedSSHKeyExchangeAlgorithms = []string{
@@ -21,10 +22,15 @@ var SupportedSSHKeyExchangeAlgorithms = []string{
 	"diffie-hellman-group14-sha1",
 }
 
-// List of default key exchange algorithms to use. We use those that are
-// available by default, we can become more opinionated later on (when
-// we support configuration of algorithms to use).
-var DefaultSSHKeyExchangeAlgorithms = SupportedSSHKeyExchangeAlgorithms
+// SupportedFIPSCompliantSSHKeyExchangeAlgorithms is a list of all currently supported algorithms for SSH key exchange
+// that are FIPS compliant
+var SupportedFIPSCompliantSSHKeyExchangeAlgorithms = []string{
+	"ecdh-sha2-nistp256",
+	"ecdh-sha2-nistp384",
+	"ecdh-sha2-nistp521",
+	"diffie-hellman-group-exchange-sha256",
+	"diffie-hellman-group14-sha256",
+}
 
 // PublicKeysWithOptions is an auth method for go-git's SSH client that
 // inherits from PublicKeys, but provides the possibility to override
@@ -51,9 +57,17 @@ func (a *PublicKeysWithOptions) ClientConfig() (*ssh.ClientConfig, error) {
 	if len(a.KexAlgorithms) > 0 {
 		kexAlgos = a.KexAlgorithms
 	} else {
-		kexAlgos = DefaultSSHKeyExchangeAlgorithms
+		kexAlgos = getDefaultSSHKeyExchangeAlgorithms()
 	}
 	config := ssh.Config{KeyExchanges: kexAlgos}
 	opts := &ssh.ClientConfig{Config: config, User: a.User, Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)}}
 	return a.SetHostKeyCallback(opts)
 }
+
+// getDefaultSSHKeyExchangeAlgorithms returns the default key exchange algorithms to be used
+func getDefaultSSHKeyExchangeAlgorithms() []string {
+	if fips140.Enabled() {
+		return SupportedFIPSCompliantSSHKeyExchangeAlgorithms
+	}
+	return SupportedSSHKeyExchangeAlgorithms
+}

From 09c22384bf82c56df60c705be1851a69160aef59 Mon Sep 17 00:00:00 2001
From: Kanika Rana <46766610+ranakan19@users.noreply.github.com>
Date: Thu, 14 Aug 2025 13:17:54 -0400
Subject: [PATCH 269/383] docs(progressivesync): Proposal of Deletion strategy
 for progressive sync (#22843)

Signed-off-by: Kanika Rana <krana@redhat.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../deletion-strategy-progressive-sync.md     | 341 ++++++++++++++++++
 1 file changed, 341 insertions(+)
 create mode 100644 docs/proposals/deletion-strategy-progressive-sync.md

diff --git a/docs/proposals/deletion-strategy-progressive-sync.md b/docs/proposals/deletion-strategy-progressive-sync.md
new file mode 100644
index 0000000000000..31a0bd5b17ce1
--- /dev/null
+++ b/docs/proposals/deletion-strategy-progressive-sync.md
@@ -0,0 +1,341 @@
+---
+title: Neat-enhancement-idea
+authors:
+  - "@ranakan19" # Authors' github accounts here.
+sponsors:
+  - TBD        # List all interested parties here.
+reviewers:
+  - TBD
+approvers:
+  - TBD
+
+creation-date: 2025-04-30
+last-updated: 2025-05-01
+---
+
+# Deletion Strategy for Progressive Sync
+
+This proposal is building upon the ideas presented in https://github.com/argoproj/argo-cd/pull/14892 to introduce 
+deletion strategy for progressive sync. While the original proposal laid the groundwork, this proposal extends to address
+some unanswered sections and changes implementation details.
+
+Introduce a new functionality of ArgoCD ProgressiveSync that will allow users to configure order 
+of deletion for applicationSet's deployed applications. The deletion strategies can be:
+
+- AllAtOnce (current behaviour - where all applications are deleted in no particular order without waiting for an application 
+to be deleted; can be the default value)
+- reverse ( delete applications in the reverse order of deployment, configured in progressiveSync. This expects the 
+rollingSync field to have a specified order and implements deletion in the reverse order specified. 
+Waits for one application to be fully deleted before moving onto the next application.)
+
+## Open Questions [optional]
+
+The original proposal mentions another strategy - `custom` wherein the user can provide a specific order of deletion. 
+Is such a usecase needed? 
+
+
+## Summary
+
+This feature can extend the application dependency from deployment to deletion as well. Ability to provide deletion order 
+can complete the ProgressiveSync feature.
+
+## Motivation
+
+Current deletion/removal strategy which ArgoCD use works fine if there aren't any dependencies between the different applications. 
+However, it does not work when there are dependencies between the applications. This was noticed when some kubernetes core services 
+were deployed in specific order and to be removed in reverse order.
+
+### Goals
+
+Following goals should be achieved in order to conclude this proposal:
+1. Deletion strategy `AllAtOnce` as default value - deletes all applications at once as the current behavior of deletion.
+2. Deletion strategy `Reverse` lets applications be deleted in the reverse order of the steps configured in RollingSync strategy.
+
+### Non-Goals
+
+custom deletion strategy - this will be a separate goal if there is enough demand for it.
+
+## Proposal
+
+Ability to provide configuration related to the deletion/removal process when progressive sync is used. Implementation detail provides 
+two options of introducing this field in ApplicationSet. The following use cases assumes Option 1 for the yaml file examples.
+
+### Use cases
+
+Add a list of detailed use cases this enhancement intends to take care of.
+
+#### AllAtOnce deletionStrategy:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: pricelist
+  namespace: argocd
+spec:
+  generators:
+  - list:
+      elements:
+      - srv: config
+        path: applicationsets/rollingsync/apps/pricelist-config
+      - srv: db
+        path: applicationsets/rollingsync/apps/pricelist-db
+      - srv: frontend
+        path: applicationsets/rollingsync/apps/pricelist-frontend
+  strategy:
+    type: RollingSync
+    rollingSync:
+      steps:
+        - matchExpressions:
+            - key: pricelist-component # the "key" is based on the label (below as "pricelist-component: {{srv}}")
+              operator: In
+              values:
+                - config
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - db
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - frontend
+  ### Deletion configuration ###
+    deletionOrder: AllAtOnce  # available options to be AllAtOnce/Reverse (maybe custom as well)
+  ### Deletion configuration ###
+  template:
+    metadata:
+      name: 'pricelist-{{srv}}'
+      labels:
+        pricelist-component: '{{srv}}'
+    spec:
+      project: default
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        retry:
+          limit: 5
+          backoff:
+            duration: 5s
+            maxDuration: 3m0s
+            factor: 2
+      source:
+        repoURL: https://github.com/christianh814/gitops-examples
+        targetRevision: main
+        path: '{{path}}'
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: pricelist
+```
+
+#### Reverse deletionStrategy:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: pricelist
+  namespace: argocd
+spec:
+  generators:
+  - list:
+      elements:
+      - srv: config
+        path: applicationsets/rollingsync/apps/pricelist-config
+      - srv: db
+        path: applicationsets/rollingsync/apps/pricelist-db
+      - srv: frontend
+        path: applicationsets/rollingsync/apps/pricelist-frontend
+  strategy:
+    type: RollingSync
+    rollingSync:
+      steps:
+        - matchExpressions:
+            - key: pricelist-component # the "key" is based on the label (below as "pricelist-component: {{srv}}")
+              operator: In
+              values:
+                - config
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - db
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - frontend
+    ### Deletion configuration ###
+    deletionOrder: Reverse  # available options to be AllAtOnce/Reverse (maybe custom as well)
+    ### Deletion configuration ###        
+  template:
+    metadata:
+      name: 'pricelist-{{srv}}'
+      labels:
+        pricelist-component: '{{srv}}'
+    spec:
+      project: default
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        retry:
+          limit: 5
+          backoff:
+            duration: 5s
+            maxDuration: 3m0s
+            factor: 2
+      source:
+        repoURL: https://github.com/christianh814/gitops-examples
+        targetRevision: main
+        path: '{{path}}'
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: pricelist  
+```
+#### If custom deletionStrategy:
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: pricelist
+  namespace: argocd
+spec:
+  generators:
+  - list:
+      elements:
+      - srv: config
+        path: applicationsets/rollingsync/apps/pricelist-config
+      - srv: db
+        path: applicationsets/rollingsync/apps/pricelist-db
+      - srv: frontend
+        path: applicationsets/rollingsync/apps/pricelist-frontend
+  strategy:
+    type: RollingSync
+    rollingSync:
+      steps:
+        - matchExpressions:
+            - key: pricelist-component # the "key" is based on the label (below as "pricelist-component: {{srv}}")
+              operator: In
+              values:
+                - config
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - db
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - frontend
+    ### Deletion configuration ###
+    deletionOrder: Custom # available options to be default/reverse/custom
+    deletionSync:
+      steps:
+        - matchExpressions:
+            - key: pricelist-component # the "key" is based on the label (below as "pricelist-component: {{srv}}")
+              operator: In
+              values:
+                - config
+        - matchExpressions:
+            - key: pricelist-component
+              operator: In
+              values:
+                - frontend
+        - matchExpressions:
+                - key: pricelist-component
+                  operator: In
+                  values:
+                    - db
+    ### Deletion configuration ###
+  template:
+    metadata:
+      name: 'pricelist-{{srv}}'
+      labels:
+        pricelist-component: '{{srv}}'
+    spec:
+      project: default
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        retry:
+          limit: 5
+          backoff:
+            duration: 5s
+            maxDuration: 3m0s
+            factor: 2
+      source:
+        repoURL: https://github.com/christianh814/gitops-examples
+        targetRevision: main
+        path: '{{path}}'
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: pricelist
+```
+
+### Implementation Details/Notes/Constraints [optional]
+
+There should be a check that correlates the deletionStrategy to ApplicationSet strategy. For example can only select reverse 
+if rollingSync lists out an order of application deployment, otherwise should error out.
+
+It was decided to have this field within strategy (which is a field associated with progressiveSync)
+
+To be introduced in ApplicationSetStrategy as follows:
+```yaml
+type ApplicationSetStrategy struct {
+Type        string                         `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"`
+RollingSync *ApplicationSetRolloutStrategy `json:"rollingSync,omitempty" protobuf:"bytes,2,opt,name=rollingSync"`
+// RollingUpdate *ApplicationSetRolloutStrategy `json:"rollingUpdate,omitempty" protobuf:"bytes,3,opt,name=rollingUpdate"`
+// Add DeletionSync Strategy here
+DeletionOrder string `json:"deletionOrder,omitempty" protobuf:"bytes,4,opt,name=deletionOrder"` // takes value AllAtOnce/Reverse
+}
+
+```
+
+Looked at the following names for this field:
+1. DeletionSyncType
+2. DeletionSyncStrategy
+
+But decided on having DeletionOrder for the following reasons:
+1. simpler to understand - Order is straightforward and thus sets expectation to user
+2. Since it's nested within `strategy`, suffix of strategy isn't needed.
+3. Leaving room for when/if it scales to have custom deletion strategy. i.e 
+```yaml
+type ApplicationSetStrategy struct {
+Type        string                         `json:"type,omitempty" protobuf:"bytes,1,opt,name=type"`
+RollingSync *ApplicationSetRolloutStrategy `json:"rollingSync,omitempty" protobuf:"bytes,2,opt,name=rollingSync"`
+// Add DeletionSync Strategy here
+DeletionOrder string `json:"deletionOrder,omitempty" protobuf:"bytes,3,opt,name=deletionOrder"` // takes value AllAtOnce/Reverse/Custom
+DeletionSync *ApplicationSetRolloutStrategy `json:"deletionSync,omitempty" protobuf:"bytes,4,opt,name=deletionSync"`
+}
+```
+
+### Detailed examples
+Already covered in Use cases
+
+### Security Considerations
+
+Since no additional roles or privileges are needed to be able to delete deployed applications in a specific order, 
+so no impact on the security aspects of Argo CD workloads.
+
+
+### Risks and Mitigations
+
+No immediate Risks to consider
+
+
+### Upgrade / Downgrade Strategy
+Introducing new fields to the ApplicationSet CRD, however, no existing fields are being changed. 
+This means that a new ApplicationSet version is unnecessary, and upgrading to the new spec with added fields will be a clean operation.
+
+Downgrading could risk users receiving K8s API errors if they continue to try to apply the deletionStrategy field to a downgraded version of the ApplicationSet resource. 
+Downgrading the controller while keeping the upgraded version of the CRD should cleanly downgrade/revert the behavior of the controller to the previous version without requiring users to adjust their existing ApplicationSet specs.
+
+
+## Drawbacks
+Slight increase in Argo CD code base complexity
+
+## Alternatives
+TBD
\ No newline at end of file

From 1611f5f57b97cce763e0c573cbdac5cc3a6c756f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 10:20:17 +0200
Subject: [PATCH 270/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.119.0 to 2.120.0 (#24159)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index bc92901707f46..cb90d3178a6d1 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.119.0
+	github.com/casbin/casbin/v2 v2.120.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index befc9df2b0e6c..320ac6efaff13 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.119.0 h1:lUfR0NOw9SMS0XQ+tuYJim8+T+zE9olsepnjDfAI68w=
-github.com/casbin/casbin/v2 v2.119.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.120.0 h1:Mo9R/EKZk9aoagFs0OmuCmBYjWJfvbWJiX4aenIJOKY=
+github.com/casbin/casbin/v2 v2.120.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From 899e6493df4ccc3617ea3bb087cb0e9bed20e6c0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 10:33:47 +0200
Subject: [PATCH 271/383] chore(deps): bump actions/cache from 4.2.3 to 4.2.4
 (#24072)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 7b8d8a72d6bba..2932cc5060113 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -82,7 +82,7 @@ jobs:
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -153,7 +153,7 @@ jobs:
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -217,7 +217,7 @@ jobs:
         run: |
           echo "/usr/local/bin" >> $GITHUB_PATH
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -311,7 +311,7 @@ jobs:
           node-version: '22.9.0'
       - name: Restore node dependency cache
         id: cache-dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -360,7 +360,7 @@ jobs:
           fetch-depth: 0
       - name: Restore node dependency cache
         id: cache-dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ui/node_modules
           key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -468,7 +468,7 @@ jobs:
           sudo chmod go-r $HOME/.kube/config
           kubectl version
       - name: Restore go build cache
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: ~/.cache/go-build
           key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}

From 5626f84fa8966af5b453cfb68b542e46f11bb3e3 Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Thu, 14 Aug 2025 23:15:49 -1000
Subject: [PATCH 272/383] chore: remove automaxprocs (#24164)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 cmd/main.go          |  2 --
 cmd/util/app.go      | 15 ---------------
 cmd/util/app_test.go | 25 -------------------------
 go.mod               |  1 -
 go.sum               |  4 ----
 5 files changed, 47 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index fb3efd9547be2..d0334be47ff47 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -20,7 +20,6 @@ import (
 	reposerver "github.com/argoproj/argo-cd/v3/cmd/argocd-repo-server/commands"
 	apiserver "github.com/argoproj/argo-cd/v3/cmd/argocd-server/commands"
 	cli "github.com/argoproj/argo-cd/v3/cmd/argocd/commands"
-	"github.com/argoproj/argo-cd/v3/cmd/util"
 	"github.com/argoproj/argo-cd/v3/util/log"
 )
 
@@ -74,7 +73,6 @@ func main() {
 		command = cli.NewCommand()
 		isArgocdCLI = true
 	}
-	util.SetAutoMaxProcs(isArgocdCLI)
 
 	if isArgocdCLI {
 		// silence errors and usages since we'll be printing them manually.
diff --git a/cmd/util/app.go b/cmd/util/app.go
index 8ee222149c22a..4f858e3851054 100644
--- a/cmd/util/app.go
+++ b/cmd/util/app.go
@@ -10,8 +10,6 @@ import (
 	"strings"
 	"time"
 
-	"go.uber.org/automaxprocs/maxprocs"
-
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
@@ -102,19 +100,6 @@ type AppOptions struct {
 	hydrateToBranch                 string
 }
 
-// SetAutoMaxProcs sets the GOMAXPROCS value based on the binary name.
-// It suppresses logs for CLI binaries and logs the setting for services.
-func SetAutoMaxProcs(isCLI bool) {
-	if isCLI {
-		_, _ = maxprocs.Set() // Intentionally ignore errors for CLI binaries
-	} else {
-		_, err := maxprocs.Set(maxprocs.Logger(log.Infof))
-		if err != nil {
-			log.Errorf("Error setting GOMAXPROCS: %v", err)
-		}
-	}
-}
-
 func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().StringVar(&opts.repoURL, "repo", "", "Repository URL, ignored if a file is set")
 	command.Flags().StringVar(&opts.appPath, "path", "", "Path in repository to the app directory, ignored if a file is set")
diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go
index 0f767fbb70c8f..72742049bc112 100644
--- a/cmd/util/app_test.go
+++ b/cmd/util/app_test.go
@@ -1,7 +1,6 @@
 package util
 
 import (
-	"bytes"
 	"log"
 	"os"
 	"testing"
@@ -573,27 +572,3 @@ func TestFilterResources(t *testing.T) {
 		assert.Nil(t, filteredResources)
 	})
 }
-
-func TestSetAutoMaxProcs(t *testing.T) {
-	t.Run("CLI mode ignores errors", func(t *testing.T) {
-		logBuffer := &bytes.Buffer{}
-		oldLogger := log.Default()
-		log.SetOutput(logBuffer)
-		defer log.SetOutput(oldLogger.Writer())
-
-		SetAutoMaxProcs(true)
-
-		assert.Empty(t, logBuffer.String(), "Expected no log output when isCLI is true")
-	})
-
-	t.Run("Non-CLI mode logs error on failure", func(t *testing.T) {
-		logBuffer := &bytes.Buffer{}
-		oldLogger := log.Default()
-		log.SetOutput(logBuffer)
-		defer log.SetOutput(oldLogger.Writer())
-
-		SetAutoMaxProcs(false)
-
-		assert.NotContains(t, logBuffer.String(), "Error setting GOMAXPROCS", "Unexpected log output detected")
-	})
-}
diff --git a/go.mod b/go.mod
index cb90d3178a6d1..8edfd1891341c 100644
--- a/go.mod
+++ b/go.mod
@@ -90,7 +90,6 @@ require (
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
 	go.opentelemetry.io/otel/sdk v1.36.0
-	go.uber.org/automaxprocs v1.6.0
 	golang.org/x/crypto v0.41.0
 	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.30.0
diff --git a/go.sum b/go.sum
index 320ac6efaff13..97ffe67c3d0d8 100644
--- a/go.sum
+++ b/go.sum
@@ -765,8 +765,6 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
-github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
@@ -931,8 +929,6 @@ go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2
 go.opentelemetry.io/proto/otlp v1.6.0 h1:jQjP+AQyTf+Fe7OKj/MfkDrmK4MNVtw2NpXsf9fefDI=
 go.opentelemetry.io/proto/otlp v1.6.0/go.mod h1:cicgGehlFuNdgZkcALOCh3VE6K/u2tAjzlRhDwmVpZc=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
-go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=

From f595c863c80d8295d6f2227698c667835f13bd63 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 13:34:50 +0200
Subject: [PATCH 273/383] chore(deps): bump goreleaser/goreleaser-action from
 6.3.0 to 6.4.0 (#24161)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ed1838125b555..0a5e20c7d210f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -96,7 +96,7 @@ jobs:
           tool-cache: false
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
         id: run-goreleaser
         with:
           version: latest

From e9ff6ede8edb68e84b92c78d674c3bd7ed699c84 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 11:45:07 -0400
Subject: [PATCH 274/383] chore(deps): bump library/ubuntu from `10b61aa` to
 `fcdea13` in /test/container (#24158)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index c714471d09824..817da88f3de9d 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,7 +14,7 @@ FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
-FROM docker.io/library/ubuntu:25.10@sha256:10b61aabaaf0123f3670112057c3b3ccf27c808ddb892ba5a4e32366bff7f3fe
+FROM docker.io/library/ubuntu:25.10@sha256:fcdea13661343a0113773e1f3c481336462222a08993a9a83eae58268746d139
 
 ENV DEBIAN_FRONTEND=noninteractive
 

From 064d63435a4f2843bad235944c60542d27a10d09 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 11:45:46 -0400
Subject: [PATCH 275/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.139.0 to 0.139.2 (#24160)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8edfd1891341c..c97ba8bd65821 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.139.0
+	gitlab.com/gitlab-org/api/client-go v0.139.2
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.36.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index 97ffe67c3d0d8..f78d0e02e9755 100644
--- a/go.sum
+++ b/go.sum
@@ -897,8 +897,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.139.0 h1:vowWNd02ifl0dv7RulWpGDmTgD42SGFEZ28FQg9yDQA=
-gitlab.com/gitlab-org/api/client-go v0.139.0/go.mod h1:vY0XbE86FvL7v5jCGDiaFgDyCV8YbmjIIkBhXx+ZDWM=
+gitlab.com/gitlab-org/api/client-go v0.139.2 h1:Le1/q+ZBYSr3HG9mSJa+/ci36S9tFsa9nEG3b2Cq6kk=
+gitlab.com/gitlab-org/api/client-go v0.139.2/go.mod h1:vY0XbE86FvL7v5jCGDiaFgDyCV8YbmjIIkBhXx+ZDWM=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From b6c413da4fb7df6138b85bf2ffc4837d541707f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 15 Aug 2025 11:53:54 -0400
Subject: [PATCH 276/383] chore(deps): bump library/busybox from `f9a104f` to
 `ab33eac` in /test/e2e/multiarch-container (#24162)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/e2e/multiarch-container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile
index e45936f1f37e1..3ff61f7fda2b9 100644
--- a/test/e2e/multiarch-container/Dockerfile
+++ b/test/e2e/multiarch-container/Dockerfile
@@ -1,2 +1,2 @@
-FROM docker.io/library/busybox@sha256:f9a104fddb33220ec80fc45a4e606c74aadf1ef7a3832eb0b05be9e90cd61f5f
+FROM docker.io/library/busybox@sha256:ab33eacc8251e3807b85bb6dba570e4698c3998eca6f0fc2ccb60575a563ea74
 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null"

From 678da10316a57239ea60d8302a4cfdd01aa14b2c Mon Sep 17 00:00:00 2001
From: anthisfan <gtpgx305@gmail.com>
Date: Sat, 16 Aug 2025 04:25:37 +0900
Subject: [PATCH 277/383] feat(ui): add prune option to application rollback
 (#23861) (#23932)

Signed-off-by: anthisfan <gtpgx305@gmail.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../application-details.tsx                   | 43 ++++++++++++++-----
 .../shared/services/applications-service.ts   |  4 +-
 2 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx
index 4f1e922183dc4..9f3480940c81e 100644
--- a/ui/src/app/applications/components/application-details/application-details.tsx
+++ b/ui/src/app/applications/components/application-details/application-details.tsx
@@ -8,7 +8,7 @@ import {RouteComponentProps} from 'react-router';
 import {BehaviorSubject, combineLatest, from, merge, Observable} from 'rxjs';
 import {delay, filter, map, mergeMap, repeat, retryWhen} from 'rxjs/operators';
 
-import {DataLoader, EmptyState, ErrorNotification, ObservableQuery, Page, Paginate, Revision, Timestamp} from '../../../shared/components';
+import {DataLoader, EmptyState, ErrorNotification, ObservableQuery, Page, Paginate, Revision, Timestamp, CheckboxField} from '../../../shared/components';
 import {AppContext, ContextApis} from '../../../shared/context';
 import * as appModels from '../../../shared/models';
 import {AppDetailsPreferences, AppsDetailsViewKey, AppsDetailsViewType, services} from '../../../shared/services';
@@ -1298,17 +1298,38 @@ export class ApplicationDetails extends React.Component<RouteComponentProps<{app
 Are you sure you want to disable auto-sync and rollback application '${this.props.match.params.name}'?`;
             }
 
-            const confirmed = await this.appContext.apis.popup.confirm('Rollback application', confirmationMessage);
-            if (confirmed) {
-                if (needDisableRollback) {
-                    const update = JSON.parse(JSON.stringify(application)) as appModels.Application;
-                    update.spec.syncPolicy.automated = null;
-                    await services.applications.update(update, {validate: false});
+            await this.appContext.apis.popup.prompt(
+                'Rollback application',
+                api => (
+                    <div>
+                        <p>{confirmationMessage}</p>
+                        <div className='argo-form-row'>
+                            <CheckboxField id='rollback-prune' field='prune' formApi={api} />
+                            <label htmlFor='rollback-prune'>PRUNE</label>
+                        </div>
+                    </div>
+                ),
+                {
+                    submit: async (vals, _, close) => {
+                        try {
+                            if (needDisableRollback) {
+                                const update = JSON.parse(JSON.stringify(application)) as appModels.Application;
+                                update.spec.syncPolicy.automated = null;
+                                await services.applications.update(update, {validate: false});
+                            }
+                            await services.applications.rollback(this.props.match.params.name, this.getAppNamespace(), revisionHistory.id, vals.prune);
+                            this.appChanged.next(await services.applications.get(this.props.match.params.name, this.getAppNamespace()));
+                            this.setRollbackPanelVisible(-1);
+                            close();
+                        } catch (e) {
+                            this.appContext.apis.notifications.show({
+                                content: <ErrorNotification title='Unable to rollback application' e={e} />,
+                                type: NotificationType.Error
+                            });
+                        }
+                    }
                 }
-                await services.applications.rollback(this.props.match.params.name, this.getAppNamespace(), revisionHistory.id);
-                this.appChanged.next(await services.applications.get(this.props.match.params.name, this.getAppNamespace()));
-                this.setRollbackPanelVisible(-1);
-            }
+            );
         } catch (e) {
             this.appContext.apis.notifications.show({
                 content: <ErrorNotification title='Unable to rollback application' e={e} />,
diff --git a/ui/src/app/shared/services/applications-service.ts b/ui/src/app/shared/services/applications-service.ts
index 6d05369b310a9..f4a6902c974aa 100644
--- a/ui/src/app/shared/services/applications-service.ts
+++ b/ui/src/app/shared/services/applications-service.ts
@@ -241,10 +241,10 @@ export class ApplicationsService {
             .then(() => true);
     }
 
-    public rollback(name: string, appNamespace: string, id: number): Promise<boolean> {
+    public rollback(name: string, appNamespace: string, id: number, prune?: boolean): Promise<boolean> {
         return requests
             .post(`/applications/${name}/rollback`)
-            .send({id, appNamespace})
+            .send({id, appNamespace, prune})
             .then(() => true);
     }
 

From a2b13cd7f5f1f088131bc39f4ff7fd6ddb88a63e Mon Sep 17 00:00:00 2001
From: Anthony Fiddes <11233666+Anthony-Fiddes@users.noreply.github.com>
Date: Sun, 17 Aug 2025 11:11:59 +0000
Subject: [PATCH 278/383] docs: mention that applicationsets resource can be
 used with project roles (#24182)

Signed-off-by: Anthony Fiddes <11233666+Anthony-Fiddes@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/projects.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/user-guide/projects.md b/docs/user-guide/projects.md
index 8ca1e63af266a..6ccf464857112 100644
--- a/docs/user-guide/projects.md
+++ b/docs/user-guide/projects.md
@@ -173,7 +173,7 @@ Argo CD will use the policies defined in the AppProject roles while authorizing
 
 _Note 1_: It is very important that policy roles follow the pattern `proj:<project-name>:<role-name>` or they won't be effective during the Argo CD authorization process.
 
-_Note 2_: The example above used `applications` as the resource for the policy definition. However other types of resources can also be used: `repositories`, `clusters`, `logs` and `exec`. See the [RBAC documentation](../operator-manual/rbac.md) for more details about those resources.
+_Note 2_: The example above used `applications` as the resource for the policy definition. However other types of resources can also be used: `applicationsets`, `repositories`, `clusters`, `logs` and `exec`. See the [RBAC documentation](../operator-manual/rbac.md) for more details about those resources.
 
 In order to create roles in a project and add policies to a role, a user will need permission to update a project.  The following commands can be used to manage a role.
 

From b49138ca93fc79fb8d11f205087c1438047d0190 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 17 Aug 2025 15:45:04 -0400
Subject: [PATCH 279/383] chore(deps): bump github.com/Azure/kubelogin from
 0.2.9 to 0.2.10 (#23825)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c97ba8bd65821..24fe1cc0961e9 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	dario.cat/mergo v1.0.2
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
-	github.com/Azure/kubelogin v0.2.9
+	github.com/Azure/kubelogin v0.2.10
 	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
diff --git a/go.sum b/go.sum
index f78d0e02e9755..e5b7fdc0e6843 100644
--- a/go.sum
+++ b/go.sum
@@ -70,8 +70,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
-github.com/Azure/kubelogin v0.2.9 h1:WxTkf0K8o+cj97K37V8HTqR1Yr1NexRXGmPkHDJwBOY=
-github.com/Azure/kubelogin v0.2.9/go.mod h1:QS1EFQffesODbanqwj1BEUgcgssjYH/Qv0WJGEcRQCk=
+github.com/Azure/kubelogin v0.2.10 h1:6CBXJt/RtnTPI1R1E4cfEdL+BnCKMuywtglX//FZPD0=
+github.com/Azure/kubelogin v0.2.10/go.mod h1:JtR+7h3NHAwQPZ+CagUZ+F1Uk3/JU0eRFwpESSnRNGU=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
 github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=

From 6ee0105212070b691d37b859e31d3625114f8d6d Mon Sep 17 00:00:00 2001
From: Suraj yadav <harrypotter1108@gmail.com>
Date: Mon, 18 Aug 2025 08:57:42 +0530
Subject: [PATCH 280/383] feat(ui): Added repo connection state message
 (#24175)

Signed-off-by: Surajyadav <harrypotter1108@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/src/app/settings/components/repo-details/repo-details.tsx | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ui/src/app/settings/components/repo-details/repo-details.tsx b/ui/src/app/settings/components/repo-details/repo-details.tsx
index 6070d555785d4..e13dd8737c807 100644
--- a/ui/src/app/settings/components/repo-details/repo-details.tsx
+++ b/ui/src/app/settings/components/repo-details/repo-details.tsx
@@ -25,6 +25,10 @@ export const RepoDetails = (props: {repo: models.Repository; save?: (params: New
                 view: repository.name || '',
                 edit: (formApi: FormApi) => <FormField formApi={formApi} field='name' component={Text} />
             },
+            {
+                title: 'Connection State Details',
+                view: repository.connectionState.message
+            },
             {
                 title: 'Username (optional)',
                 view: repository.username || '',

From 76251ee19fd8b8c0d3b9ff3f857349f6139070bd Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Sun, 17 Aug 2025 23:29:22 -0400
Subject: [PATCH 281/383] fix(server): validate new project on update (#23970)
 (#23973)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 server/application/application.go      |   6 ++
 server/application/application_test.go | 130 +++++++++++++++++++++++--
 util/argo/argo.go                      |  35 ++++---
 3 files changed, 146 insertions(+), 25 deletions(-)

diff --git a/server/application/application.go b/server/application/application.go
index f8fd0f5fc4256..dadff6ae99a39 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -1317,6 +1317,12 @@ func (s *Server) validateAndNormalizeApp(ctx context.Context, app *v1alpha1.Appl
 		if err := s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceApplications, rbac.ActionUpdate, currApp.RBACName(s.ns)); err != nil {
 			return err
 		}
+		// Validate that the new project exists and the application is allowed to use it
+		newProj, err := s.getAppProject(ctx, app, log.WithFields(applog.GetAppLogFields(app)))
+		if err != nil {
+			return err
+		}
+		proj = newProj
 	}
 
 	if _, err := argo.GetDestinationCluster(ctx, app.Spec.Destination, s.db); err != nil {
diff --git a/server/application/application_test.go b/server/application/application_test.go
index a97c8efc84b4f..48dc0d551ecd0 100644
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -1608,14 +1608,130 @@ func TestCreateAppUpsert(t *testing.T) {
 }
 
 func TestUpdateApp(t *testing.T) {
-	testApp := newTestApp()
-	appServer := newTestAppServer(t, testApp)
-	testApp.Spec.Project = ""
-	app, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
-		Application: testApp,
+	t.Parallel()
+	t.Run("Same spec", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		appServer := newTestAppServer(t, testApp)
+		testApp.Spec.Project = ""
+		app, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: testApp,
+		})
+		require.NoError(t, err)
+		assert.Equal(t, "default", app.Spec.Project)
+	})
+	t.Run("Invalid existing app can be updated", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		testApp.Spec.Destination.Server = "https://invalid-cluster"
+		appServer := newTestAppServer(t, testApp)
+
+		updateApp := newTestAppWithDestName()
+		updateApp.TypeMeta = testApp.TypeMeta
+		updateApp.Spec.Source.Name = "updated"
+		app, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: updateApp,
+		})
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Equal(t, "updated", app.Spec.Source.Name)
+	})
+	t.Run("Can update application project from invalid", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		restrictedProj := &v1alpha1.AppProject{
+			ObjectMeta: metav1.ObjectMeta{Name: "restricted-proj", Namespace: "default"},
+			Spec: v1alpha1.AppProjectSpec{
+				SourceRepos:  []string{"not-your-repo"},
+				Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "not-your-namespace"}},
+			},
+		}
+		testApp.Spec.Project = restrictedProj.Name
+		appServer := newTestAppServer(t, testApp, restrictedProj)
+
+		updateApp := newTestAppWithDestName()
+		updateApp.TypeMeta = testApp.TypeMeta
+		updateApp.Spec.Project = "my-proj"
+		app, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: updateApp,
+		})
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Equal(t, "my-proj", app.Spec.Project)
+	})
+	t.Run("Cannot update application project to invalid", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		restrictedProj := &v1alpha1.AppProject{
+			ObjectMeta: metav1.ObjectMeta{Name: "restricted-proj", Namespace: "default"},
+			Spec: v1alpha1.AppProjectSpec{
+				SourceRepos:  []string{"not-your-repo"},
+				Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "not-your-namespace"}},
+			},
+		}
+		appServer := newTestAppServer(t, testApp, restrictedProj)
+
+		updateApp := newTestAppWithDestName()
+		updateApp.TypeMeta = testApp.TypeMeta
+		updateApp.Spec.Project = restrictedProj.Name
+		_, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: updateApp,
+		})
+		require.Error(t, err)
+		require.ErrorContains(t, err, "application repo https://github.com/argoproj/argocd-example-apps.git is not permitted in project 'restricted-proj'")
+		require.ErrorContains(t, err, "application destination server 'fake-cluster' and namespace 'fake-dest-ns' do not match any of the allowed destinations in project 'restricted-proj'")
+	})
+	t.Run("Cannot update application project to inexisting", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		appServer := newTestAppServer(t, testApp)
+
+		updateApp := newTestAppWithDestName()
+		updateApp.TypeMeta = testApp.TypeMeta
+		updateApp.Spec.Project = "i-do-not-exist"
+		_, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: updateApp,
+		})
+		require.Error(t, err)
+		require.ErrorContains(t, err, "app is not allowed in project \"i-do-not-exist\", or the project does not exist")
+	})
+	t.Run("Can update application project with project argument", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		appServer := newTestAppServer(t, testApp)
+
+		updateApp := newTestAppWithDestName()
+		updateApp.TypeMeta = testApp.TypeMeta
+		updateApp.Spec.Project = "my-proj"
+		app, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: updateApp,
+			Project:     ptr.To("default"),
+		})
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Equal(t, "my-proj", app.Spec.Project)
+	})
+	t.Run("Existing label and annotations are replaced", func(t *testing.T) {
+		t.Parallel()
+		testApp := newTestApp()
+		testApp.Annotations = map[string]string{"test": "test-value", "update": "old"}
+		testApp.Labels = map[string]string{"test": "test-value", "update": "old"}
+		appServer := newTestAppServer(t, testApp)
+
+		updateApp := newTestAppWithDestName()
+		updateApp.TypeMeta = testApp.TypeMeta
+		updateApp.Annotations = map[string]string{"update": "new"}
+		updateApp.Labels = map[string]string{"update": "new"}
+		app, err := appServer.Update(t.Context(), &application.ApplicationUpdateRequest{
+			Application: updateApp,
+		})
+		require.NoError(t, err)
+		require.NotNil(t, app)
+		assert.Len(t, app.Annotations, 1)
+		assert.Equal(t, "new", app.GetAnnotations()["update"])
+		assert.Len(t, app.Labels, 1)
+		assert.Equal(t, "new", app.GetLabels()["update"])
 	})
-	require.NoError(t, err)
-	assert.Equal(t, "default", app.Spec.Project)
 }
 
 func TestUpdateAppSpec(t *testing.T) {
diff --git a/util/argo/argo.go b/util/argo/argo.go
index e7020c4d12cad..5ac7b91d2b21f 100644
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -589,7 +589,7 @@ func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, p
 		if !proj.IsSourcePermitted(spec.SourceHydrator.GetDrySource()) {
 			conditions = append(conditions, argoappv1.ApplicationCondition{
 				Type:    argoappv1.ApplicationConditionInvalidSpecError,
-				Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.GetSource().RepoURL, spec.Project),
+				Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.SourceHydrator.GetDrySource().RepoURL, proj.Name),
 			})
 		}
 	case spec.HasMultipleSources():
@@ -603,7 +603,7 @@ func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, p
 			if !proj.IsSourcePermitted(source) {
 				conditions = append(conditions, argoappv1.ApplicationCondition{
 					Type:    argoappv1.ApplicationConditionInvalidSpecError,
-					Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", source.RepoURL, spec.Project),
+					Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", source.RepoURL, proj.Name),
 				})
 			}
 		}
@@ -616,7 +616,7 @@ func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, p
 		if !proj.IsSourcePermitted(spec.GetSource()) {
 			conditions = append(conditions, argoappv1.ApplicationCondition{
 				Type:    argoappv1.ApplicationConditionInvalidSpecError,
-				Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.GetSource().RepoURL, spec.Project),
+				Message: fmt.Sprintf("application repo %s is not permitted in project '%s'", spec.GetSource().RepoURL, proj.Name),
 			})
 		}
 	}
@@ -629,22 +629,21 @@ func ValidatePermissions(ctx context.Context, spec *argoappv1.ApplicationSpec, p
 		})
 		return conditions, nil
 	}
-
-	if destCluster.Server != "" {
-		permitted, err := proj.IsDestinationPermitted(destCluster, spec.Destination.Namespace, func(project string) ([]*argoappv1.Cluster, error) {
-			return db.GetProjectClusters(ctx, project)
-		})
-		if err != nil {
-			return nil, err
-		}
-		if !permitted {
-			conditions = append(conditions, argoappv1.ApplicationCondition{
-				Type:    argoappv1.ApplicationConditionInvalidSpecError,
-				Message: fmt.Sprintf("application destination server '%s' and namespace '%s' do not match any of the allowed destinations in project '%s'", spec.Destination.Server, spec.Destination.Namespace, spec.Project),
-			})
+	permitted, err := proj.IsDestinationPermitted(destCluster, spec.Destination.Namespace, func(project string) ([]*argoappv1.Cluster, error) {
+		return db.GetProjectClusters(ctx, project)
+	})
+	if err != nil {
+		return nil, err
+	}
+	if !permitted {
+		server := destCluster.Server
+		if spec.Destination.Name != "" {
+			server = destCluster.Name
 		}
-	} else if destCluster.Server == "" {
-		conditions = append(conditions, argoappv1.ApplicationCondition{Type: argoappv1.ApplicationConditionInvalidSpecError, Message: ErrDestinationMissing})
+		conditions = append(conditions, argoappv1.ApplicationCondition{
+			Type:    argoappv1.ApplicationConditionInvalidSpecError,
+			Message: fmt.Sprintf("application destination server '%s' and namespace '%s' do not match any of the allowed destinations in project '%s'", server, spec.Destination.Namespace, proj.Name),
+		})
 	}
 	return conditions, nil
 }

From d2cfd89f0d16ecd33be61ba22a7a47c3e5b2d06e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Aug 2025 12:05:28 -0400
Subject: [PATCH 282/383] chore(deps): bump library/ubuntu from `fcdea13` to
 `acdb2d3` in /test/container (#24184)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 817da88f3de9d..2e045b08c6802 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,7 +14,7 @@ FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
-FROM docker.io/library/ubuntu:25.10@sha256:fcdea13661343a0113773e1f3c481336462222a08993a9a83eae58268746d139
+FROM docker.io/library/ubuntu:25.10@sha256:acdb2d352183cf75a2cb296fe82514f8b983f461b5d8832b8968ec202db59952
 
 ENV DEBIAN_FRONTEND=noninteractive
 

From 22db0eb867a44004ae7654d36e8d0fda08c22915 Mon Sep 17 00:00:00 2001
From: SoMin Park <92261242+somln@users.noreply.github.com>
Date: Tue, 19 Aug 2025 01:33:11 +0900
Subject: [PATCH 283/383] feat(appset): enhance ApplicationSet status debugging
 logs (#23869)

Signed-off-by: Somin Park <ps4708@naver.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../controllers/applicationset_controller.go  | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go
index 13ce12e09a228..0ec5ae03a4a2f 100644
--- a/applicationset/controllers/applicationset_controller.go
+++ b/applicationset/controllers/applicationset_controller.go
@@ -1433,17 +1433,37 @@ func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Contex
 	needToUpdateStatus := false
 
 	if len(applicationStatuses) != len(applicationSet.Status.ApplicationStatus) {
+		logCtx.WithFields(log.Fields{
+			"current_count":  len(applicationSet.Status.ApplicationStatus),
+			"expected_count": len(applicationStatuses),
+		}).Debug("application status count changed")
 		needToUpdateStatus = true
 	} else {
 		for i := range applicationStatuses {
 			appStatus := applicationStatuses[i]
 			idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appStatus.Application)
 			if idx == -1 {
+				logCtx.WithFields(log.Fields{"application": appStatus.Application}).Debug("application not found in current status")
 				needToUpdateStatus = true
 				break
 			}
 			currentStatus := applicationSet.Status.ApplicationStatus[idx]
-			if currentStatus.Message != appStatus.Message || currentStatus.Status != appStatus.Status || currentStatus.Step != appStatus.Step {
+			statusChanged := currentStatus.Status != appStatus.Status
+			stepChanged := currentStatus.Step != appStatus.Step
+			messageChanged := currentStatus.Message != appStatus.Message
+
+			if statusChanged || stepChanged || messageChanged {
+				if statusChanged {
+					logCtx.WithFields(log.Fields{"application": appStatus.Application, "previous_status": currentStatus.Status, "new_status": appStatus.Status}).
+						Debug("application status changed")
+				}
+				if stepChanged {
+					logCtx.WithFields(log.Fields{"application": appStatus.Application, "previous_step": currentStatus.Step, "new_step": appStatus.Step}).
+						Debug("application step changed")
+				}
+				if messageChanged {
+					logCtx.WithFields(log.Fields{"application": appStatus.Application}).Debug("application message changed")
+				}
 				needToUpdateStatus = true
 				break
 			}

From d9a16c7e3d196c028db08ab4c82972ae84bdd3a0 Mon Sep 17 00:00:00 2001
From: Lee Jiny <ok373737@naver.com>
Date: Tue, 19 Aug 2025 02:46:34 +0900
Subject: [PATCH 284/383] fix(cli): honor ALL_PROXY and other proxy environment
 variables (#24177)

Signed-off-by: SinnoLn <sintmtn69@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/grpc/grpc.go      |   3 +-
 util/grpc/grpc_test.go | 108 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 util/grpc/grpc_test.go

diff --git a/util/grpc/grpc.go b/util/grpc/grpc.go
index cce7c1258d492..28265b73887fa 100644
--- a/util/grpc/grpc.go
+++ b/util/grpc/grpc.go
@@ -48,7 +48,8 @@ func BlockingDial(ctx context.Context, network, address string, creds credential
 	}
 
 	dialer := func(ctx context.Context, address string) (net.Conn, error) {
-		conn, err := proxy.Dial(ctx, network, address)
+		proxyDialer := proxy.FromEnvironment()
+		conn, err := proxyDialer.Dial(network, address)
 		if err != nil {
 			writeResult(err)
 			return nil, fmt.Errorf("error dial proxy: %w", err)
diff --git a/util/grpc/grpc_test.go b/util/grpc/grpc_test.go
new file mode 100644
index 0000000000000..a42b47dfca2e5
--- /dev/null
+++ b/util/grpc/grpc_test.go
@@ -0,0 +1,108 @@
+package grpc
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var proxyEnvKeys = []string{"ALL_PROXY", "HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY"}
+
+func clearProxyEnv(t *testing.T) {
+	t.Helper()
+	for _, k := range proxyEnvKeys {
+		t.Setenv(k, "")
+	}
+}
+
+func applyProxyEnv(t *testing.T, envs map[string]string) {
+	t.Helper()
+	for k, v := range envs {
+		t.Setenv(k, v)
+	}
+}
+
+func TestBlockingDial_ProxyEnvironmentHandling(t *testing.T) {
+	tests := []struct {
+		name        string
+		proxyEnv    map[string]string
+		address     string
+		expectError bool
+	}{
+		{
+			name:        "No proxy environment variables",
+			proxyEnv:    map[string]string{},
+			address:     "127.0.0.1:8080",
+			expectError: true,
+		},
+		{
+			name: "ALL_PROXY environment variable set",
+			proxyEnv: map[string]string{
+				"ALL_PROXY": "http://proxy.example.com:8080",
+			},
+			address:     "remote.example.com:443",
+			expectError: true,
+		},
+		{
+			name: "HTTP_PROXY environment variable set",
+			proxyEnv: map[string]string{
+				"HTTP_PROXY": "http://proxy.example.com:3128",
+			},
+			address:     "api.example.com:80",
+			expectError: true,
+		},
+		{
+			name: "HTTPS_PROXY environment variable set",
+			proxyEnv: map[string]string{
+				"HTTPS_PROXY": "https://secure-proxy.example.com:8080",
+			},
+			address:     "secure.example.com:443",
+			expectError: true,
+		},
+		{
+			name: "NO_PROXY bypass configuration",
+			proxyEnv: map[string]string{
+				"ALL_PROXY": "http://proxy.example.com:8080",
+				"NO_PROXY":  "localhost,127.0.0.1,*.local",
+			},
+			address:     "127.0.0.1:8080",
+			expectError: true,
+		},
+		{
+			name: "Multiple proxy environment variables",
+			proxyEnv: map[string]string{
+				"ALL_PROXY":   "socks5://all-proxy.example.com:1080",
+				"HTTP_PROXY":  "http://http-proxy.example.com:8080",
+				"HTTPS_PROXY": "https://https-proxy.example.com:8080",
+				"NO_PROXY":    "localhost,*.local",
+			},
+			address:     "external.example.com:443",
+			expectError: true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			clearProxyEnv(t)
+			applyProxyEnv(t, tt.proxyEnv)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+			defer cancel()
+
+			conn, err := BlockingDial(ctx, "tcp", tt.address, nil)
+
+			if tt.expectError {
+				require.Error(t, err)
+				assert.Nil(t, conn)
+			} else {
+				require.NoError(t, err)
+				assert.NotNil(t, conn)
+				require.NoError(t, conn.Close())
+			}
+		})
+	}
+}

From 7c130b8f03338971358797a9fa1be8821dcc2a37 Mon Sep 17 00:00:00 2001
From: Dillen Padhiar <38965141+dpadhiar@users.noreply.github.com>
Date: Mon, 18 Aug 2025 12:12:46 -0700
Subject: [PATCH 285/383] feat: update unpause action for Numaproj CRDs
 (#24036)

Signed-off-by: Dillen Padhiar <dillen_padhiar@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../resource_actions_builtin.md               |  12 +-
 .../MonoVertex/actions/action_test.yaml       |   7 +-
 .../MonoVertex/actions/discovery.lua          |  24 +++-
 .../actions/testdata/monovertex-paused.yaml   |   2 +
 .../testdata/monovertex-unpause-fast.yaml     |  59 ++++++++++
 .../testdata/monovertex-unpause-gradual.yaml  |  59 ++++++++++
 .../actions/testdata/monovertex.yaml          |   2 +
 .../{unpause => unpause-fast}/action.lua      |   0
 .../actions/unpause-gradual}/action.lua       |   1 +
 .../Pipeline/actions/action_test.yaml         |   7 +-
 .../Pipeline/actions/discovery.lua            |  24 +++-
 .../actions/testdata/pipeline-paused.yaml     |   2 +
 .../testdata/pipeline-unpause-fast.yaml       | 103 ++++++++++++++++++
 .../testdata/pipeline-unpause-gradual.yaml    | 103 ++++++++++++++++++
 .../Pipeline/actions/testdata/pipeline.yaml   |   2 +
 .../Pipeline/actions/unpause-fast/action.lua  |   6 +
 .../actions/unpause-gradual/action.lua        |   6 +
 .../actions/action_test.yaml                  |   7 +-
 .../MonoVertexRollout/actions/discovery.lua   |  23 +++-
 .../rollout-disable-force-promote.yaml        |  70 ------------
 .../rollout-enable-force-promote.yaml         |  70 ------------
 .../MonoVertexRollout/rollout-paused.yaml     |   3 +
 ...running.yaml => rollout-running-fast.yaml} |   5 +-
 .../rollout-running-gradual.yaml              |  53 +++++++++
 .../testdata/MonoVertexRollout/rollout.yaml   |   3 +
 .../{unpause => unpause-fast}/action.lua      |   0
 .../actions/unpause-gradual/action.lua        |   3 +
 .../PipelineRollout/actions/action_test.yaml  |   7 +-
 .../PipelineRollout/actions/discovery.lua     |  25 ++++-
 .../PipelineRollout/rollout-paused.yaml       |   3 +
 ...running.yaml => rollout-running-fast.yaml} |   4 +
 .../rollout-running-gradual.yaml              |  67 ++++++++++++
 .../testdata/PipelineRollout/rollout.yaml     |   3 +
 .../actions/unpause-fast/action.lua           |   9 ++
 .../actions/unpause-gradual/action.lua        |   9 ++
 .../actions/unpause/action.lua                |   2 -
 36 files changed, 621 insertions(+), 164 deletions(-)
 create mode 100644 resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-fast.yaml
 create mode 100644 resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-gradual.yaml
 rename resource_customizations/numaflow.numaproj.io/MonoVertex/actions/{unpause => unpause-fast}/action.lua (100%)
 rename resource_customizations/numaflow.numaproj.io/{Pipeline/actions/unpause => MonoVertex/actions/unpause-gradual}/action.lua (68%)
 create mode 100644 resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-fast.yaml
 create mode 100644 resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-gradual.yaml
 create mode 100644 resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-fast/action.lua
 create mode 100644 resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-gradual/action.lua
 delete mode 100644 resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-disable-force-promote.yaml
 delete mode 100644 resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-enable-force-promote.yaml
 rename resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/{rollout-running.yaml => rollout-running-fast.yaml} (92%)
 create mode 100644 resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml
 rename resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/{unpause => unpause-fast}/action.lua (100%)
 create mode 100644 resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-gradual/action.lua
 rename resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/{rollout-running.yaml => rollout-running-fast.yaml} (92%)
 create mode 100644 resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml
 create mode 100644 resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua
 create mode 100644 resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua
 delete mode 100644 resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause/action.lua

diff --git a/docs/operator-manual/resource_actions_builtin.md b/docs/operator-manual/resource_actions_builtin.md
index 4e07afa89404e..4b18eca52821d 100644
--- a/docs/operator-manual/resource_actions_builtin.md
+++ b/docs/operator-manual/resource_actions_builtin.md
@@ -45,16 +45,20 @@
 - [numaflow.numaproj.io/InterStepBufferService/force-promote](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/InterStepBufferService/actions/force-promote/action.lua)
 - [numaflow.numaproj.io/MonoVertex/force-promote](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/force-promote/action.lua)
 - [numaflow.numaproj.io/MonoVertex/pause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/pause/action.lua)
-- [numaflow.numaproj.io/MonoVertex/unpause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause/action.lua)
+- [numaflow.numaproj.io/MonoVertex/unpause-fast](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-fast/action.lua)
+- [numaflow.numaproj.io/MonoVertex/unpause-gradual](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-gradual/action.lua)
 - [numaflow.numaproj.io/Pipeline/force-promote](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/Pipeline/actions/force-promote/action.lua)
 - [numaflow.numaproj.io/Pipeline/pause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/Pipeline/actions/pause/action.lua)
-- [numaflow.numaproj.io/Pipeline/unpause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause/action.lua)
+- [numaflow.numaproj.io/Pipeline/unpause-fast](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-fast/action.lua)
+- [numaflow.numaproj.io/Pipeline/unpause-gradual](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-gradual/action.lua)
 - [numaplane.numaproj.io/MonoVertexRollout/pause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/pause/action.lua)
-- [numaplane.numaproj.io/MonoVertexRollout/unpause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause/action.lua)
+- [numaplane.numaproj.io/MonoVertexRollout/unpause-fast](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-fast/action.lua)
+- [numaplane.numaproj.io/MonoVertexRollout/unpause-gradual](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-gradual/action.lua)
 - [numaplane.numaproj.io/PipelineRollout/allow-data-loss](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/allow-data-loss/action.lua)
 - [numaplane.numaproj.io/PipelineRollout/disallow-data-loss](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/disallow-data-loss/action.lua)
 - [numaplane.numaproj.io/PipelineRollout/pause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/pause/action.lua)
-- [numaplane.numaproj.io/PipelineRollout/unpause](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause/action.lua)
+- [numaplane.numaproj.io/PipelineRollout/unpause-fast](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua)
+- [numaplane.numaproj.io/PipelineRollout/unpause-gradual](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua)
 - [source.toolkit.fluxcd.io/Bucket/reconcile](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/reconcile/action.lua)
 - [source.toolkit.fluxcd.io/Bucket/resume](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/resume/action.lua)
 - [source.toolkit.fluxcd.io/Bucket/suspend](https://github.com/argoproj/argo-cd/blob/master/resource_customizations/source.toolkit.fluxcd.io/Bucket/actions/suspend/action.lua)
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml
index eb495db76d812..b76a545e543c7 100644
--- a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml
@@ -2,9 +2,12 @@ actionTests:
 - action: pause
   inputPath: testdata/monovertex.yaml
   expectedOutputPath: testdata/monovertex-paused.yaml
-- action: unpause
+- action: unpause-gradual
   inputPath: testdata/monovertex-paused.yaml
-  expectedOutputPath: testdata/monovertex.yaml
+  expectedOutputPath: testdata/monovertex-unpause-gradual.yaml
+- action: unpause-fast
+  inputPath: testdata/monovertex-paused.yaml
+  expectedOutputPath: testdata/monovertex-unpause-fast.yaml
 - action: force-promote
   inputPath: testdata/monovertex.yaml
   expectedOutputPath: testdata/monovertex-force-promote.yaml
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua
index 3bece51e29d01..a7cd59aa1cc8e 100644
--- a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua
@@ -3,12 +3,19 @@ actions["pause"] = {
   ["disabled"] = true,
   ["iconClass"] = "fa-solid fa-fw fa-pause"
 }
-actions["unpause"] = {
+actions["unpause-gradual"] = {
   ["disabled"] = true,
+  ["displayName"] = "Unpause (gradual)",
+  ["iconClass"] = "fa-solid fa-fw fa-play"
+}
+actions["unpause-fast"] = {
+  ["disabled"] = true,
+  ["displayName"] = "Unpause (fast)",
   ["iconClass"] = "fa-solid fa-fw fa-play"
 }
 actions["force-promote"] = {
   ["disabled"] = true,
+  ["displayName"] = "Force Promote",
   ["iconClass"] = "fa-solid fa-fw fa-forward"
 }
 
@@ -18,7 +25,20 @@ if obj.spec.lifecycle ~= nil and obj.spec.lifecycle.desiredPhase ~= nil and obj.
   paused = true
 end
 if paused then
-  actions["unpause"]["disabled"] = false
+  if obj.spec.metadata ~= nil and  obj.spec.metadata.annotations ~= nil and obj.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
+    -- determine which unpausing strategies will be enabled
+    -- if annotation not found, default will be resume slow
+    if obj.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
+      actions["unpause-fast"]["disabled"] = false
+    elseif obj.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
+      actions["unpause-gradual"]["disabled"] = false
+      actions["unpause-fast"]["disabled"] = false
+    else
+      actions["unpause-gradual"]["disabled"] = false
+    end
+  else
+    actions["unpause-gradual"]["disabled"] = false
+  end
 else
   actions["pause"]["disabled"] = false
 end
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-paused.yaml b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-paused.yaml
index 7b3640bcfd5aa..6a9ffefdcbb9f 100644
--- a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-paused.yaml
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-paused.yaml
@@ -9,6 +9,8 @@ metadata:
   uid: b7b9e4f8-cd4b-4771-9e4b-2880cc50467a
   labels:
     numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
 spec:
   lifecycle:
     desiredPhase: Paused
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-fast.yaml b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-fast.yaml
new file mode 100644
index 0000000000000..df7427bb6a0ba
--- /dev/null
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-fast.yaml
@@ -0,0 +1,59 @@
+apiVersion: numaflow.numaproj.io/v1alpha1
+kind: MonoVertex
+metadata:
+  creationTimestamp: "2024-10-09T21:18:37Z"
+  generation: 1
+  name: simple-mono-vertex
+  namespace: numaflow-system
+  resourceVersion: "1382"
+  uid: b7b9e4f8-cd4b-4771-9e4b-2880cc50467a
+  labels:
+    numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
+spec:
+  lifecycle:
+    desiredPhase: Running
+  replicas: 1
+  sink:
+    udsink:
+      container:
+        image: quay.io/numaio/numaflow-java/simple-sink:stable
+  source:
+    transformer:
+      container:
+        image: quay.io/numaio/numaflow-rs/source-transformer-now:stable
+    udsource:
+      container:
+        image: quay.io/numaio/numaflow-java/source-simple-source:stable
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 25%
+    type: RollingUpdate
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-09T21:18:41Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: DaemonHealthy
+  - lastTransitionTime: "2024-10-09T21:18:37Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: Deployed
+  - lastTransitionTime: "2024-10-09T21:18:37Z"
+    message: All pods are healthy
+    reason: Running
+    status: "True"
+    type: PodsHealthy
+  currentHash: 8ed34d9058faa60997ee13083ccb3d80691df37b45a34eaa347af99f237e8df6
+  desiredReplicas: 1
+  lastScaledAt: "2024-10-09T21:18:37Z"
+  lastUpdated: "2024-10-09T21:18:41Z"
+  observedGeneration: 1
+  phase: Running
+  replicas: 1
+  selector: app.kubernetes.io/component=mono-vertex,numaflow.numaproj.io/mono-vertex-name=simple-mono-vertex
+  updateHash: 8ed34d9058faa60997ee13083ccb3d80691df37b45a34eaa347af99f237e8df6
+  updatedReplicas: 1
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-gradual.yaml b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-gradual.yaml
new file mode 100644
index 0000000000000..e37f2f7b915ac
--- /dev/null
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex-unpause-gradual.yaml
@@ -0,0 +1,59 @@
+apiVersion: numaflow.numaproj.io/v1alpha1
+kind: MonoVertex
+metadata:
+  creationTimestamp: "2024-10-09T21:18:37Z"
+  generation: 1
+  name: simple-mono-vertex
+  namespace: numaflow-system
+  resourceVersion: "1382"
+  uid: b7b9e4f8-cd4b-4771-9e4b-2880cc50467a
+  labels:
+    numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
+spec:
+  lifecycle:
+    desiredPhase: Running
+  replicas: null
+  sink:
+    udsink:
+      container:
+        image: quay.io/numaio/numaflow-java/simple-sink:stable
+  source:
+    transformer:
+      container:
+        image: quay.io/numaio/numaflow-rs/source-transformer-now:stable
+    udsource:
+      container:
+        image: quay.io/numaio/numaflow-java/source-simple-source:stable
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 25%
+    type: RollingUpdate
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-09T21:18:41Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: DaemonHealthy
+  - lastTransitionTime: "2024-10-09T21:18:37Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: Deployed
+  - lastTransitionTime: "2024-10-09T21:18:37Z"
+    message: All pods are healthy
+    reason: Running
+    status: "True"
+    type: PodsHealthy
+  currentHash: 8ed34d9058faa60997ee13083ccb3d80691df37b45a34eaa347af99f237e8df6
+  desiredReplicas: 1
+  lastScaledAt: "2024-10-09T21:18:37Z"
+  lastUpdated: "2024-10-09T21:18:41Z"
+  observedGeneration: 1
+  phase: Running
+  replicas: 1
+  selector: app.kubernetes.io/component=mono-vertex,numaflow.numaproj.io/mono-vertex-name=simple-mono-vertex
+  updateHash: 8ed34d9058faa60997ee13083ccb3d80691df37b45a34eaa347af99f237e8df6
+  updatedReplicas: 1
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex.yaml b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex.yaml
index 455d6a8a0297a..df7427bb6a0ba 100644
--- a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex.yaml
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/testdata/monovertex.yaml
@@ -9,6 +9,8 @@ metadata:
   uid: b7b9e4f8-cd4b-4771-9e4b-2880cc50467a
   labels:
     numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
 spec:
   lifecycle:
     desiredPhase: Running
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause/action.lua b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-fast/action.lua
similarity index 100%
rename from resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause/action.lua
rename to resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-fast/action.lua
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause/action.lua b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-gradual/action.lua
similarity index 68%
rename from resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause/action.lua
rename to resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-gradual/action.lua
index 2d0265fc4ff4b..885300574988d 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause/action.lua
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/unpause-gradual/action.lua
@@ -1,2 +1,3 @@
 obj.spec.lifecycle.desiredPhase = "Running"
+obj.spec.replicas = null
 return obj
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml
index 9d5783a730b7e..78fa26e8591f4 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml
@@ -2,9 +2,12 @@ actionTests:
 - action: pause
   inputPath: testdata/pipeline.yaml
   expectedOutputPath: testdata/pipeline-paused.yaml
-- action: unpause
+- action: unpause-gradual
   inputPath: testdata/pipeline-paused.yaml
-  expectedOutputPath: testdata/pipeline.yaml
+  expectedOutputPath: testdata/pipeline-unpause-gradual.yaml
+- action: unpause-fast
+  inputPath: testdata/pipeline-paused.yaml
+  expectedOutputPath: testdata/pipeline-unpause-fast.yaml
 - action: force-promote
   inputPath: testdata/pipeline.yaml
   expectedOutputPath: testdata/pipeline-force-promote.yaml
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua
index 3bece51e29d01..a7cd59aa1cc8e 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua
@@ -3,12 +3,19 @@ actions["pause"] = {
   ["disabled"] = true,
   ["iconClass"] = "fa-solid fa-fw fa-pause"
 }
-actions["unpause"] = {
+actions["unpause-gradual"] = {
   ["disabled"] = true,
+  ["displayName"] = "Unpause (gradual)",
+  ["iconClass"] = "fa-solid fa-fw fa-play"
+}
+actions["unpause-fast"] = {
+  ["disabled"] = true,
+  ["displayName"] = "Unpause (fast)",
   ["iconClass"] = "fa-solid fa-fw fa-play"
 }
 actions["force-promote"] = {
   ["disabled"] = true,
+  ["displayName"] = "Force Promote",
   ["iconClass"] = "fa-solid fa-fw fa-forward"
 }
 
@@ -18,7 +25,20 @@ if obj.spec.lifecycle ~= nil and obj.spec.lifecycle.desiredPhase ~= nil and obj.
   paused = true
 end
 if paused then
-  actions["unpause"]["disabled"] = false
+  if obj.spec.metadata ~= nil and  obj.spec.metadata.annotations ~= nil and obj.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
+    -- determine which unpausing strategies will be enabled
+    -- if annotation not found, default will be resume slow
+    if obj.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
+      actions["unpause-fast"]["disabled"] = false
+    elseif obj.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
+      actions["unpause-gradual"]["disabled"] = false
+      actions["unpause-fast"]["disabled"] = false
+    else
+      actions["unpause-gradual"]["disabled"] = false
+    end
+  else
+    actions["unpause-gradual"]["disabled"] = false
+  end
 else
   actions["pause"]["disabled"] = false
 end
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-paused.yaml b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-paused.yaml
index 5836caf79daaf..36d0e671206af 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-paused.yaml
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-paused.yaml
@@ -11,6 +11,8 @@ metadata:
   uid: bb6cc91c-eb05-4fe7-9380-63b9532a85db
   labels:
     numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
 spec:
   edges:
   - from: in
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-fast.yaml b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-fast.yaml
new file mode 100644
index 0000000000000..28a9d300a018b
--- /dev/null
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-fast.yaml
@@ -0,0 +1,103 @@
+apiVersion: numaflow.numaproj.io/v1alpha1
+kind: Pipeline
+metadata:
+  creationTimestamp: "2024-10-08T18:22:18Z"
+  finalizers:
+  - pipeline-controller
+  generation: 1
+  name: simple-pipeline
+  namespace: numaflow-system
+  resourceVersion: "382381"
+  uid: bb6cc91c-eb05-4fe7-9380-63b9532a85db
+  labels:
+    numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
+    numaflow.numaproj.io/resume-strategy: "fast"
+spec:
+  edges:
+  - from: in
+    to: cat
+  - from: cat
+    to: out
+  lifecycle:
+    deleteGracePeriodSeconds: 30
+    desiredPhase: Running
+    pauseGracePeriodSeconds: 30
+  limits:
+    bufferMaxLength: 30000
+    bufferUsageLimit: 80
+    readBatchSize: 500
+    readTimeout: 1s
+  vertices:
+  - name: in
+    scale:
+      min: 1
+    source:
+      generator:
+        duration: 1s
+        jitter: 0s
+        msgSize: 8
+        rpu: 5
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 25%
+      type: RollingUpdate
+  - name: cat
+    scale:
+      min: 1
+    udf:
+      builtin:
+        name: cat
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 25%
+      type: RollingUpdate
+  - name: out
+    scale:
+      min: 1
+    sink:
+      log: {}
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 25%
+      type: RollingUpdate
+  watermark:
+    disabled: false
+    maxDelay: 0s
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: Configured
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: DaemonServiceHealthy
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: Deployed
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: No Side Inputs attached to the pipeline
+    reason: NoSideInputs
+    status: "True"
+    type: SideInputsManagersHealthy
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: All vertices are healthy
+    reason: Successful
+    status: "True"
+    type: VerticesHealthy
+  lastUpdated: "2024-10-09T20:26:54Z"
+  mapUDFCount: 1
+  observedGeneration: 1
+  phase: Running
+  reduceUDFCount: 0
+  sinkCount: 1
+  sourceCount: 1
+  udfCount: 1
+  vertexCount: 3
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-gradual.yaml b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-gradual.yaml
new file mode 100644
index 0000000000000..866772405e874
--- /dev/null
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline-unpause-gradual.yaml
@@ -0,0 +1,103 @@
+apiVersion: numaflow.numaproj.io/v1alpha1
+kind: Pipeline
+metadata:
+  creationTimestamp: "2024-10-08T18:22:18Z"
+  finalizers:
+  - pipeline-controller
+  generation: 1
+  name: simple-pipeline
+  namespace: numaflow-system
+  resourceVersion: "382381"
+  uid: bb6cc91c-eb05-4fe7-9380-63b9532a85db
+  labels:
+    numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
+    numaflow.numaproj.io/resume-strategy: "slow"
+spec:
+  edges:
+  - from: in
+    to: cat
+  - from: cat
+    to: out
+  lifecycle:
+    deleteGracePeriodSeconds: 30
+    desiredPhase: Running
+    pauseGracePeriodSeconds: 30
+  limits:
+    bufferMaxLength: 30000
+    bufferUsageLimit: 80
+    readBatchSize: 500
+    readTimeout: 1s
+  vertices:
+  - name: in
+    scale:
+      min: 1
+    source:
+      generator:
+        duration: 1s
+        jitter: 0s
+        msgSize: 8
+        rpu: 5
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 25%
+      type: RollingUpdate
+  - name: cat
+    scale:
+      min: 1
+    udf:
+      builtin:
+        name: cat
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 25%
+      type: RollingUpdate
+  - name: out
+    scale:
+      min: 1
+    sink:
+      log: {}
+    updateStrategy:
+      rollingUpdate:
+        maxUnavailable: 25%
+      type: RollingUpdate
+  watermark:
+    disabled: false
+    maxDelay: 0s
+status:
+  conditions:
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: Configured
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: DaemonServiceHealthy
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: Successful
+    reason: Successful
+    status: "True"
+    type: Deployed
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: No Side Inputs attached to the pipeline
+    reason: NoSideInputs
+    status: "True"
+    type: SideInputsManagersHealthy
+  - lastTransitionTime: "2024-10-09T20:26:54Z"
+    message: All vertices are healthy
+    reason: Successful
+    status: "True"
+    type: VerticesHealthy
+  lastUpdated: "2024-10-09T20:26:54Z"
+  mapUDFCount: 1
+  observedGeneration: 1
+  phase: Running
+  reduceUDFCount: 0
+  sinkCount: 1
+  sourceCount: 1
+  udfCount: 1
+  vertexCount: 3
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline.yaml b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline.yaml
index 0e9527264a23a..bc30b2f595c5c 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline.yaml
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/testdata/pipeline.yaml
@@ -11,6 +11,8 @@ metadata:
   uid: bb6cc91c-eb05-4fe7-9380-63b9532a85db
   labels:
     numaplane.numaproj.io/upgrade-state: "in-progress"
+  annotations:
+    numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
 spec:
   edges:
   - from: in
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-fast/action.lua b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-fast/action.lua
new file mode 100644
index 0000000000000..141cbb401e09e
--- /dev/null
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-fast/action.lua
@@ -0,0 +1,6 @@
+obj.spec.lifecycle.desiredPhase = "Running"
+if obj.metadata.annotations == nil then
+    obj.metadata.annotations = {}
+end
+obj.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "fast"
+return obj
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-gradual/action.lua b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-gradual/action.lua
new file mode 100644
index 0000000000000..557df4d2bae7a
--- /dev/null
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/unpause-gradual/action.lua
@@ -0,0 +1,6 @@
+obj.spec.lifecycle.desiredPhase = "Running"
+if obj.metadata.annotations == nil then
+    obj.metadata.annotations = {}
+end
+obj.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "slow"
+return obj
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/action_test.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/action_test.yaml
index 516e32f793df5..0b75736b13222 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/action_test.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/action_test.yaml
@@ -2,6 +2,9 @@ actionTests:
 - action: pause
   inputPath: testdata/MonoVertexRollout/rollout.yaml
   expectedOutputPath: testdata/MonoVertexRollout/rollout-paused.yaml
-- action: unpause
+- action: unpause-gradual
   inputPath: testdata/MonoVertexRollout/rollout-paused.yaml
-  expectedOutputPath: testdata/MonoVertexRollout/rollout-running.yaml
\ No newline at end of file
+  expectedOutputPath: testdata/MonoVertexRollout/rollout-running-gradual.yaml
+- action: unpause-fast
+  inputPath: testdata/MonoVertexRollout/rollout-paused.yaml
+  expectedOutputPath: testdata/MonoVertexRollout/rollout-running-fast.yaml
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua
index 212fc49a04e63..adb34b1fab854 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua
@@ -3,8 +3,14 @@ actions["pause"] = {
   ["disabled"] = true,
   ["iconClass"] = "fa-solid fa-fw fa-pause"
 }
-actions["unpause"] = {
+actions["unpause-gradual"] = {
   ["disabled"] = true,
+  ["displayName"] = "Unpause (gradual)",
+  ["iconClass"] = "fa-solid fa-fw fa-play"
+}
+actions["unpause-fast"] = {
+  ["disabled"] = true,
+  ["displayName"] = "Unpause (fast)",
   ["iconClass"] = "fa-solid fa-fw fa-play"
 }
 
@@ -14,7 +20,20 @@ if obj.spec.monoVertex.spec.lifecycle ~= nil and obj.spec.monoVertex.spec.lifecy
   paused = true
 end
 if paused then
-  actions["unpause"]["disabled"] = false
+  if obj.spec.monoVertex.spec.metadata ~= nil and  obj.spec.monoVertex.spec.metadata.annotations ~= nil and obj.spec.monoVertex.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
+    -- determine which unpausing strategies will be enabled
+    -- if annotation not found, default will be resume slow
+    if obj.spec.monoVertex.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
+      actions["unpause-fast"]["disabled"] = false
+    elseif obj.spec.monoVertex.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
+      actions["unpause-gradual"]["disabled"] = false
+      actions["unpause-fast"]["disabled"] = false
+    else
+      actions["unpause-gradual"]["disabled"] = false
+    end
+  else
+    actions["unpause-gradual"]["disabled"] = false
+  end
 else
   actions["pause"]["disabled"] = false
 end
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-disable-force-promote.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-disable-force-promote.yaml
deleted file mode 100644
index a1bf0d601ff36..0000000000000
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-disable-force-promote.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-apiVersion: numaplane.numaproj.io/v1alpha1
-kind: MonoVertexRollout
-metadata:
-  annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-go/sink-log:stable"}}},"source":{"udsource":{"container":{"image":"quay.io/numaio/numaflow-go/source-simple-source:bad-image"}}}}},"strategy":{"progressive":{"assessmentSchedule":"60,60,10"}}}}
-  creationTimestamp: "2025-03-03T18:51:52Z"
-  finalizers:
-  - numaplane.numaproj.io/numaplane-controller
-  generation: 3
-  name: my-monovertex
-  namespace: example-namespace
-  resourceVersion: "314047"
-  uid: d948cd56-e383-4a18-8100-34b513976614
-spec:
-  monoVertex:
-    metadata: {}
-    spec:
-      sink:
-        udsink:
-          container:
-            image: quay.io/numaio/numaflow-go/sink-log:stable
-      source:
-        udsource:
-          container:
-            image: quay.io/numaio/numaflow-go/source-simple-source:bad-image
-  strategy:
-    progressive:
-      assessmentSchedule: 60,60,10
-      forcePromote: true
-status:
-  conditions:
-  - lastTransitionTime: "2025-03-03T18:51:52Z"
-    message: Successful
-    observedGeneration: 2
-    reason: Successful
-    status: "True"
-    type: ChildResourceDeployed
-  - lastTransitionTime: "2025-03-03T18:54:08Z"
-    message: Successful
-    observedGeneration: 3
-    reason: Successful
-    status: "True"
-    type: ChildResourcesHealthy
-  - lastTransitionTime: "2025-03-03T18:51:52Z"
-    message: MonoVertex unpaused
-    observedGeneration: 3
-    reason: Unpaused
-    status: "False"
-    type: MonoVertexPausingOrPaused
-  - lastTransitionTime: "2025-03-03T18:54:02Z"
-    message: New Child Object example-namespace/my-monovertex-1 Failed
-    observedGeneration: 3
-    reason: Failed
-    status: "False"
-    type: ProgressiveUpgradeSucceeded
-  message: Progressing
-  nameCount: 2
-  observedGeneration: 3
-  phase: Pending
-  progressiveStatus:
-    promotedMonoVertexStatus:
-      name: my-monovertex-0
-      scaleValuesRestoredToOriginal: true
-    upgradingMonoVertexStatus:
-      assessmentEndTime: "2025-03-03T18:54:56Z"
-      assessmentResult: Failure
-      assessmentStartTime: "2025-03-03T18:53:53Z"
-      name: my-monovertex-1
-  upgradeInProgress: Progressive
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-enable-force-promote.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-enable-force-promote.yaml
deleted file mode 100644
index 78243c959d58a..0000000000000
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-enable-force-promote.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-apiVersion: numaplane.numaproj.io/v1alpha1
-kind: MonoVertexRollout
-metadata:
-  annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-go/sink-log:stable"}}},"source":{"udsource":{"container":{"image":"quay.io/numaio/numaflow-go/source-simple-source:bad-image"}}}}},"strategy":{"progressive":{"assessmentSchedule":"60,60,10"}}}}
-  creationTimestamp: "2025-03-03T18:51:52Z"
-  finalizers:
-  - numaplane.numaproj.io/numaplane-controller
-  generation: 3
-  name: my-monovertex
-  namespace: example-namespace
-  resourceVersion: "314047"
-  uid: d948cd56-e383-4a18-8100-34b513976614
-spec:
-  monoVertex:
-    metadata: {}
-    spec:
-      sink:
-        udsink:
-          container:
-            image: quay.io/numaio/numaflow-go/sink-log:stable
-      source:
-        udsource:
-          container:
-            image: quay.io/numaio/numaflow-go/source-simple-source:bad-image
-  strategy:
-    progressive:
-      assessmentSchedule: 60,60,10
-      forcePromote: false
-status:
-  conditions:
-  - lastTransitionTime: "2025-03-03T18:51:52Z"
-    message: Successful
-    observedGeneration: 2
-    reason: Successful
-    status: "True"
-    type: ChildResourceDeployed
-  - lastTransitionTime: "2025-03-03T18:54:08Z"
-    message: Successful
-    observedGeneration: 3
-    reason: Successful
-    status: "True"
-    type: ChildResourcesHealthy
-  - lastTransitionTime: "2025-03-03T18:51:52Z"
-    message: MonoVertex unpaused
-    observedGeneration: 3
-    reason: Unpaused
-    status: "False"
-    type: MonoVertexPausingOrPaused
-  - lastTransitionTime: "2025-03-03T18:54:02Z"
-    message: New Child Object example-namespace/my-monovertex-1 Failed
-    observedGeneration: 3
-    reason: Failed
-    status: "False"
-    type: ProgressiveUpgradeSucceeded
-  message: Progressing
-  nameCount: 2
-  observedGeneration: 3
-  phase: Pending
-  progressiveStatus:
-    promotedMonoVertexStatus:
-      name: my-monovertex-0
-      scaleValuesRestoredToOriginal: true
-    upgradingMonoVertexStatus:
-      assessmentEndTime: "2025-03-03T18:54:56Z"
-      assessmentResult: Failure
-      assessmentStartTime: "2025-03-03T18:53:53Z"
-      name: my-monovertex-1
-  upgradeInProgress: Progressive
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml
index 2035d668963cc..dfe4b12cd3896 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml
@@ -17,6 +17,9 @@ metadata:
 spec:
   monoVertex:
     spec:
+      metadata:
+        annotations:
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Paused
       sink:
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml
similarity index 92%
rename from resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running.yaml
rename to resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml
index e1f47e521846e..5ffa3f5c4ce59 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml
@@ -9,7 +9,7 @@ metadata:
     - numaplane.numaproj.io/numaplane-controller
   generation: 1
   labels:
-    argocd.argoproj.io/instance: demo-app
+    argocd.argoproj.io/instance: demo-app    
   name: my-monovertex
   namespace: example-namespace
   resourceVersion: '947414'
@@ -17,6 +17,9 @@ metadata:
 spec:
   monoVertex:
     spec:
+      metadata:
+        annotations:
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Running
       sink:
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml
new file mode 100644
index 0000000000000..c9063dfb99102
--- /dev/null
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml
@@ -0,0 +1,53 @@
+apiVersion: numaplane.numaproj.io/v1alpha1
+kind: MonoVertexRollout
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: >
+      {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"MonoVertexRollout","metadata":{"annotations":{},"labels":{"argocd.argoproj.io/instance":"demo-app"},"name":"my-monovertex","namespace":"example-namespace"},"spec":{"monoVertex":{"spec":{"sink":{"udsink":{"container":{"image":"quay.io/numaio/numaflow-java/simple-sink:stable"}}},"source":{"transformer":{"container":{"image":"quay.io/numaio/numaflow-rs/source-transformer-now:stable"}},"udsource":{"container":{"image":"quay.io/numaio/numaflow-java/source-simple-source:stable"}}}}}}}
+  creationTimestamp: '2024-08-21T20:44:18Z'
+  finalizers:
+    - numaplane.numaproj.io/numaplane-controller
+  generation: 1
+  labels:
+    argocd.argoproj.io/instance: demo-app    
+  name: my-monovertex
+  namespace: example-namespace
+  resourceVersion: '947414'
+  uid: a63f377e-1500-437e-9267-579f4a790518
+spec:
+  monoVertex:
+    spec:
+      metadata:
+        annotations:  
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
+      replicas: null
+      lifecycle:
+        desiredPhase: Running
+      sink:
+        udsink:
+          container:
+            image: 'quay.io/numaio/numaflow-java/simple-sink:stable'
+      source:
+        transformer:
+          container:
+            image: 'quay.io/numaio/numaflow-rs/source-transformer-now:stable'
+        udsource:
+          container:
+            image: 'quay.io/numaio/numaflow-java/source-simple-source:stable'
+status:
+  conditions:
+    - lastTransitionTime: '2024-08-21T20:44:18Z'
+      message: Successful
+      observedGeneration: 1
+      reason: Successful
+      status: 'True'
+      type: ChildResourceDeployed
+    - lastTransitionTime: '2024-08-22T21:10:23Z'
+      message: Successful
+      observedGeneration: 1
+      reason: Successful
+      status: 'True'
+      type: ChildResourcesHealthy
+  message: Deployed
+  observedGeneration: 1
+  phase: Deployed
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml
index ee9d76c826dc4..53ca0656046f5 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml
@@ -17,6 +17,9 @@ metadata:
 spec:
   monoVertex:
     spec:
+      metadata:
+        annotations:
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       sink:
         udsink:
           container:
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause/action.lua b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-fast/action.lua
similarity index 100%
rename from resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause/action.lua
rename to resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-fast/action.lua
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-gradual/action.lua b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-gradual/action.lua
new file mode 100644
index 0000000000000..40a4d05b55ce9
--- /dev/null
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/unpause-gradual/action.lua
@@ -0,0 +1,3 @@
+obj.spec.monoVertex.spec.lifecycle.desiredPhase = "Running"
+obj.spec.monoVertex.spec.replicas = null
+return obj
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/action_test.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/action_test.yaml
index b9652682b8c59..5bc9961100d7c 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/action_test.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/action_test.yaml
@@ -2,9 +2,12 @@ actionTests:
 - action: pause
   inputPath: testdata/PipelineRollout/rollout.yaml
   expectedOutputPath: testdata/PipelineRollout/rollout-paused.yaml
-- action: unpause
+- action: unpause-gradual
   inputPath: testdata/PipelineRollout/rollout-paused.yaml
-  expectedOutputPath: testdata/PipelineRollout/rollout-running.yaml
+  expectedOutputPath: testdata/PipelineRollout/rollout-running-gradual.yaml
+- action: unpause-fast
+  inputPath: testdata/PipelineRollout/rollout-paused.yaml
+  expectedOutputPath: testdata/PipelineRollout/rollout-running-fast.yaml
 - action: allow-data-loss
   inputPath: testdata/PipelineRollout/rollout-in-ppnd.yaml
   expectedOutputPath: testdata/PipelineRollout/rollout-allowing-data-loss.yaml
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua
index 4083a80d8986d..3338dccd7360e 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua
@@ -3,13 +3,19 @@ actions["pause"] = {
   ["disabled"] = true,
   ["iconClass"] = "fa-solid fa-fw fa-pause"
 }
-actions["unpause"] = {
+actions["unpause-gradual"] = {
   ["disabled"] = true,
+  ["displayName"] = "Unpause (gradual)",
+  ["iconClass"] = "fa-solid fa-fw fa-play"
+}
+actions["unpause-fast"] = {
+  ["disabled"] = true,
+  ["displayName"] = "Unpause (fast)",
   ["iconClass"] = "fa-solid fa-fw fa-play"
 }
 actions["allow-data-loss"] = {
   ["disabled"] = true,
-  ["displayName"] = "Allow Data Loss",
+  ["displayName"] = "Allow (Possible) Data Loss",
   ["iconClass"] = "fa-solid fa-fw fa-unlock"
 }
 actions["disallow-data-loss"] = {
@@ -24,7 +30,20 @@ if obj.spec.pipeline.spec.lifecycle ~= nil and obj.spec.pipeline.spec.lifecycle.
   paused = true
 end
 if paused then
-  actions["unpause"]["disabled"] = false
+  if obj.spec.pipeline.spec.metadata ~= nil and  obj.spec.pipeline.spec.metadata.annotations ~= nil and obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
+    -- determine which unpausing strategies will be enabled
+    -- if annotation not found, default will be resume slow
+    if obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
+      actions["unpause-fast"]["disabled"] = false
+    elseif obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
+      actions["unpause-gradual"]["disabled"] = false
+      actions["unpause-fast"]["disabled"] = false
+    else
+      actions["unpause-gradual"]["disabled"] = false
+    end
+  else
+    actions["unpause-gradual"]["disabled"] = false
+  end
 else
   actions["pause"]["disabled"] = false
 end
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml
index ac89952fbca54..d44e4ca480703 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml
@@ -15,6 +15,9 @@ metadata:
 spec:
   pipeline:
     spec:
+      metadata:
+        annotations:
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Paused
       edges:
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml
similarity index 92%
rename from resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running.yaml
rename to resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml
index 81504a82da4df..d2f748c57f4a0 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml
@@ -15,6 +15,10 @@ metadata:
 spec:
   pipeline:
     spec:
+      metadata:
+        annotations:
+          numaflow.numaproj.io/resume-strategy: "fast"
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Running
       edges:
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml
new file mode 100644
index 0000000000000..68a5453baad54
--- /dev/null
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml
@@ -0,0 +1,67 @@
+apiVersion: numaplane.numaproj.io/v1alpha1
+kind: PipelineRollout
+metadata:
+  annotations:
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"numaplane.numaproj.io/v1alpha1","kind":"PipelineRollout","metadata":{"annotations":{},"name":"my-pipeline","namespace":"example-namespace"},"spec":{"pipeline":{"spec":{"edges":[{"from":"in","to":"cat"},{"from":"cat","to":"out"}],"interStepBufferServiceName":"my-isbsvc","vertices":[{"name":"in","source":{"generator":{"duration":"1s","rpu":5}}},{"name":"cat","udf":{"builtin":{"name":"cat"}}},{"name":"out","sink":{"log":{}}}]}}}}
+  creationTimestamp: "2024-09-26T20:54:55Z"
+  finalizers:
+  - numaplane.numaproj.io/numaplane-controller
+  generation: 1
+  name: my-pipeline
+  namespace: example-namespace
+  resourceVersion: "14008"
+  uid: ab9286a1-f453-433e-846e-48900ab2068a
+spec:
+  pipeline:
+    spec:
+      metadata:
+        annotations:
+          numaflow.numaproj.io/resume-strategy: "slow"
+          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
+      lifecycle:
+        desiredPhase: Running
+      edges:
+      - from: in
+        to: cat
+      - from: cat
+        to: out
+      interStepBufferServiceName: my-isbsvc
+      vertices:
+      - name: in
+        source:
+          generator:
+            duration: 1s
+            rpu: 5
+      - name: cat
+        udf:
+          builtin:
+            name: cat
+      - name: out
+        sink:
+          log: {}
+status:
+  conditions:
+  - lastTransitionTime: "2024-09-26T20:54:55Z"
+    message: Successful
+    observedGeneration: 1
+    reason: Successful
+    status: "True"
+    type: ChildResourceDeployed
+  - lastTransitionTime: "2024-09-26T20:55:07Z"
+    message: Pipeline Phase=Failed
+    observedGeneration: 1
+    reason: PipelineFailed
+    status: "False"
+    type: ChildResourcesHealthy
+  - lastTransitionTime: "2024-09-26T20:54:55Z"
+    message: Pipeline unpaused
+    observedGeneration: 1
+    reason: Unpaused
+    status: "False"
+    type: PipelinePausingOrPaused
+  message: Deployed
+  nameCount: 0
+  observedGeneration: 1
+  pauseStatus: {}
+  phase: Deployed
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml
index 7011e9fd73bad..78fb219d9b245 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml
@@ -15,6 +15,9 @@ metadata:
 spec:
   pipeline:
     spec:
+      metadata:
+          annotations:
+            numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       edges:
       - from: in
         to: cat
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua
new file mode 100644
index 0000000000000..49940daa97065
--- /dev/null
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua
@@ -0,0 +1,9 @@
+obj.spec.pipeline.spec.lifecycle.desiredPhase = "Running"
+if obj.spec.pipeline.spec.metadata == nil then
+    obj.spec.pipeline.spec.metadata = {}
+end
+if obj.spec.pipeline.spec.metadata.annotations == nil then
+    obj.spec.pipeline.spec.metadata.annotations = {}
+end
+obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "fast"
+return obj
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua
new file mode 100644
index 0000000000000..132462e1c6a4f
--- /dev/null
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua
@@ -0,0 +1,9 @@
+obj.spec.pipeline.spec.lifecycle.desiredPhase = "Running"
+if obj.spec.pipeline.spec.metadata == nil then
+    obj.spec.pipeline.spec.metadata = {}
+end
+if obj.spec.pipeline.spec.metadata.annotations == nil then
+    obj.spec.pipeline.spec.metadata.annotations = {}
+end
+obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "slow"
+return obj
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause/action.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause/action.lua
deleted file mode 100644
index 5f0802bc9b743..0000000000000
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause/action.lua
+++ /dev/null
@@ -1,2 +0,0 @@
-obj.spec.pipeline.spec.lifecycle.desiredPhase = "Running"
-return obj
\ No newline at end of file

From 1f35c3a1a3b675cfd95425b2a5dffe684afc6c27 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 19 Aug 2025 09:27:43 -0400
Subject: [PATCH 286/383] fix(sync): do not retry when sync timeout has elapsed
 (#24020)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go      |  36 ++++--
 controller/appcontroller_test.go | 196 ++++++++++++++++++++++---------
 2 files changed, 166 insertions(+), 66 deletions(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index 1395c540b30ac..3e56010358e2b 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1395,12 +1395,19 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 		logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds())
 		logCtx.Debug("Finished processing requested app operation")
 	}()
-	terminating := false
+	terminatingCause := ""
 	if isOperationInProgress(app) {
 		state = app.Status.OperationState.DeepCopy()
-		terminating = state.Phase == synccommon.OperationTerminating
 		switch {
-		case state.FinishedAt != nil && !terminating:
+		case state.Phase == synccommon.OperationTerminating:
+			logCtx.Infof("Resuming in-progress operation. phase: %s, message: %s", state.Phase, state.Message)
+		case ctrl.syncTimeout != time.Duration(0) && time.Now().After(state.StartedAt.Add(ctrl.syncTimeout)):
+			state.Phase = synccommon.OperationTerminating
+			state.Message = "operation is terminating due to timeout"
+			terminatingCause = "controller sync timeout"
+			ctrl.setOperationState(app, state)
+			logCtx.Infof("Terminating in-progress operation due to timeout. Started at: %v, timeout: %v", state.StartedAt, ctrl.syncTimeout)
+		case state.Phase == synccommon.OperationRunning && state.FinishedAt != nil:
 			// Failed operation with retry strategy might be in-progress and has completion time
 			retryAt, err := app.Status.OperationState.Operation.Retry.NextRetryAt(state.FinishedAt.Time, state.RetryCount)
 			if err != nil {
@@ -1417,14 +1424,11 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 			}
 			// Get rid of sync results and null out previous operation completion time
 			// This will start the retry attempt
+			state.Message = fmt.Sprintf("Retrying operation. Attempt #%d", state.RetryCount)
 			state.FinishedAt = nil
 			state.SyncResult = nil
 			ctrl.setOperationState(app, state)
-		case ctrl.syncTimeout != time.Duration(0) && time.Now().After(state.StartedAt.Add(ctrl.syncTimeout)) && !terminating:
-			state.Phase = synccommon.OperationTerminating
-			state.Message = "operation is terminating due to timeout"
-			ctrl.setOperationState(app, state)
-			logCtx.Infof("Terminating in-progress operation due to timeout. Started at: %v, timeout: %v", state.StartedAt, ctrl.syncTimeout)
+			logCtx.Infof("Retrying operation. Attempt #%d", state.RetryCount)
 		default:
 			logCtx.Infof("Resuming in-progress operation. phase: %s, message: %s", state.Phase, state.Message)
 		}
@@ -1439,6 +1443,7 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 	}
 	ts.AddCheckpoint("initial_operation_stage_ms")
 
+	terminating := state.Phase == synccommon.OperationTerminating
 	project, err := ctrl.getAppProj(app)
 	if err == nil {
 		// Start or resume the sync
@@ -1466,17 +1471,24 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli
 	case synccommon.OperationFailed, synccommon.OperationError:
 		if !terminating && (state.RetryCount < state.Operation.Retry.Limit || state.Operation.Retry.Limit < 0) {
 			now := metav1.Now()
-			state.FinishedAt = &now
 			if retryAt, err := state.Operation.Retry.NextRetryAt(now.Time, state.RetryCount); err != nil {
 				state.Phase = synccommon.OperationError
 				state.Message = fmt.Sprintf("%s (failed to retry: %v)", state.Message, err)
 			} else {
+				// Set FinishedAt explicitly on a Running phase. This is a unique condition that will allow this
+				// function to perform a retry the next time the operation is processed.
 				state.Phase = synccommon.OperationRunning
+				state.FinishedAt = &now
 				state.RetryCount++
-				state.Message = fmt.Sprintf("%s due to application controller sync timeout. Retrying attempt #%d at %s.", state.Message, state.RetryCount, retryAt.Format(time.Kitchen))
+				state.Message = fmt.Sprintf("%s. Retrying attempt #%d at %s.", state.Message, state.RetryCount, retryAt.Format(time.Kitchen))
+			}
+		} else {
+			if terminating && terminatingCause != "" {
+				state.Message = fmt.Sprintf("%s, triggered by %s", state.Message, terminatingCause)
+			}
+			if state.RetryCount > 0 {
+				state.Message = fmt.Sprintf("%s (retried %d times).", state.Message, state.RetryCount)
 			}
-		} else if state.RetryCount > 0 {
-			state.Message = fmt.Sprintf("%s (retried %d times).", state.Message, state.RetryCount)
 		}
 	}
 
diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go
index 325ef1b56a31d..95079ec10a919 100644
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -2096,7 +2096,9 @@ func TestProcessRequestedAppOperation_FailedNoRetries(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
+	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
 	assert.Equal(t, string(synccommon.OperationError), phase)
+	assert.Equal(t, "Failed to load application project: error getting app project \"default\": appproject.argoproj.io \"default\" not found", message)
 }
 
 func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) {
@@ -2125,8 +2127,8 @@ func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
-	assert.Equal(t, string(synccommon.OperationError), phase)
 	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
+	assert.Equal(t, string(synccommon.OperationError), phase)
 	assert.Contains(t, message, "application destination can't have both name and server defined: another-cluster https://localhost:6443")
 }
 
@@ -2150,20 +2152,24 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
-	assert.Equal(t, string(synccommon.OperationRunning), phase)
 	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
-	assert.Contains(t, message, "due to application controller sync timeout. Retrying attempt #1")
 	retryCount, _, _ := unstructured.NestedFloat64(receivedPatch, "status", "operationState", "retryCount")
+	assert.Equal(t, string(synccommon.OperationRunning), phase)
+	assert.Contains(t, message, "Failed to load application project: error getting app project \"invalid-project\": appproject.argoproj.io \"invalid-project\" not found. Retrying attempt #1")
 	assert.InEpsilon(t, float64(1), retryCount, 0.0001)
 }
 
 func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) {
+	failedAttemptFinisedAt := time.Now().Add(-time.Minute * 5)
 	app := newFakeApp()
 	app.Operation = &v1alpha1.Operation{
 		Sync:  &v1alpha1.SyncOperation{},
 		Retry: v1alpha1.RetryStrategy{Limit: 1},
 	}
+	app.Status.OperationState.Operation = *app.Operation
 	app.Status.OperationState.Phase = synccommon.OperationRunning
+	app.Status.OperationState.RetryCount = 1
+	app.Status.OperationState.FinishedAt = &metav1.Time{Time: failedAttemptFinisedAt}
 	app.Status.OperationState.SyncResult.Resources = []*v1alpha1.ResourceResult{{
 		Name:   "guestbook",
 		Kind:   "Deployment",
@@ -2193,7 +2199,58 @@ func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
+	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
+	finishedAtStr, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "finishedAt")
+	finishedAt, err := time.Parse(time.RFC3339, finishedAtStr)
+	require.NoError(t, err)
 	assert.Equal(t, string(synccommon.OperationSucceeded), phase)
+	assert.Equal(t, "successfully synced (no more tasks)", message)
+	assert.Truef(t, finishedAt.After(failedAttemptFinisedAt), "finishedAt was expected to be updated. The retry was not performed.")
+}
+
+func TestProcessRequestedAppOperation_RunningPreviouslyFailedBackoff(t *testing.T) {
+	failedAttemptFinisedAt := time.Now().Add(-time.Second)
+	app := newFakeApp()
+	app.Operation = &v1alpha1.Operation{
+		Sync: &v1alpha1.SyncOperation{},
+		Retry: v1alpha1.RetryStrategy{
+			Limit: 1,
+			Backoff: &v1alpha1.Backoff{
+				Duration:    "1h",
+				Factor:      ptr.To(int64(100)),
+				MaxDuration: "1h",
+			},
+		},
+	}
+	app.Status.OperationState.Operation = *app.Operation
+	app.Status.OperationState.Phase = synccommon.OperationRunning
+	app.Status.OperationState.Message = "pending retry"
+	app.Status.OperationState.RetryCount = 1
+	app.Status.OperationState.FinishedAt = &metav1.Time{Time: failedAttemptFinisedAt}
+	app.Status.OperationState.SyncResult.Resources = []*v1alpha1.ResourceResult{{
+		Name:   "guestbook",
+		Kind:   "Deployment",
+		Group:  "apps",
+		Status: synccommon.ResultCodeSyncFailed,
+	}}
+
+	data := &fakeData{
+		apps: []runtime.Object{app, &defaultProj},
+		manifestResponse: &apiclient.ManifestResponse{
+			Manifests: []string{},
+			Namespace: test.FakeDestNamespace,
+			Server:    test.FakeClusterURL,
+			Revision:  "abc123",
+		},
+	}
+	ctrl := newFakeController(data, nil)
+	fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset)
+	fakeAppCs.PrependReactor("patch", "*", func(_ kubetesting.Action) (handled bool, ret runtime.Object, err error) {
+		require.FailNow(t, "A patch should not have been called if the backoff has not passed")
+		return true, &v1alpha1.Application{}, nil
+	})
+
+	ctrl.processRequestedAppOperation(app)
 }
 
 func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) {
@@ -2202,6 +2259,7 @@ func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) {
 		Sync:  &v1alpha1.SyncOperation{},
 		Retry: v1alpha1.RetryStrategy{Limit: 10},
 	}
+	app.Status.OperationState.Operation = *app.Operation
 	app.Status.OperationState.Phase = synccommon.OperationTerminating
 
 	data := &fakeData{
@@ -2226,7 +2284,9 @@ func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
+	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
 	assert.Equal(t, string(synccommon.OperationFailed), phase)
+	assert.Equal(t, "Operation terminated", message)
 }
 
 func TestProcessRequestedAppOperation_Successful(t *testing.T) {
@@ -2253,12 +2313,91 @@ func TestProcessRequestedAppOperation_Successful(t *testing.T) {
 	ctrl.processRequestedAppOperation(app)
 
 	phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase")
+	message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message")
 	assert.Equal(t, string(synccommon.OperationSucceeded), phase)
+	assert.Equal(t, "successfully synced (no more tasks)", message)
 	ok, level := ctrl.isRefreshRequested(ctrl.toAppKey(app.Name))
 	assert.True(t, ok)
 	assert.Equal(t, CompareWithLatestForceResolve, level)
 }
 
+func TestProcessRequestedAppOperation_SyncTimeout(t *testing.T) {
+	testCases := []struct {
+		name            string
+		startedSince    time.Duration
+		syncTimeout     time.Duration
+		retryAttempt    int
+		currentPhase    synccommon.OperationPhase
+		expectedPhase   synccommon.OperationPhase
+		expectedMessage string
+	}{{
+		name:            "Continue when running operation has not exceeded timeout",
+		syncTimeout:     time.Minute,
+		startedSince:    30 * time.Second,
+		currentPhase:    synccommon.OperationRunning,
+		expectedPhase:   synccommon.OperationSucceeded,
+		expectedMessage: "successfully synced (no more tasks)",
+	}, {
+		name:            "Continue when terminating operation has exceeded timeout",
+		syncTimeout:     time.Minute,
+		startedSince:    2 * time.Minute,
+		currentPhase:    synccommon.OperationTerminating,
+		expectedPhase:   synccommon.OperationFailed,
+		expectedMessage: "Operation terminated",
+	}, {
+		name:            "Terminate when running operation exceeded timeout",
+		syncTimeout:     time.Minute,
+		startedSince:    2 * time.Minute,
+		currentPhase:    synccommon.OperationRunning,
+		expectedPhase:   synccommon.OperationFailed,
+		expectedMessage: "Operation terminated, triggered by controller sync timeout",
+	}, {
+		name:            "Terminate when retried operation exceeded timeout",
+		syncTimeout:     time.Minute,
+		startedSince:    15 * time.Minute,
+		currentPhase:    synccommon.OperationRunning,
+		retryAttempt:    1,
+		expectedPhase:   synccommon.OperationFailed,
+		expectedMessage: "Operation terminated, triggered by controller sync timeout (retried 1 times).",
+	}}
+	for i := range testCases {
+		tc := testCases[i]
+		t.Run(fmt.Sprintf("case %d: %s", i, tc.name), func(t *testing.T) {
+			app := newFakeApp()
+			app.Spec.Project = "default"
+			app.Operation = &v1alpha1.Operation{
+				Sync: &v1alpha1.SyncOperation{
+					Revision: "HEAD",
+				},
+			}
+			ctrl := newFakeController(&fakeData{
+				apps: []runtime.Object{app, &defaultProj},
+				manifestResponses: []*apiclient.ManifestResponse{{
+					Manifests: []string{},
+				}},
+			}, nil)
+
+			ctrl.syncTimeout = tc.syncTimeout
+			app.Status.OperationState = &v1alpha1.OperationState{
+				Operation: *app.Operation,
+				Phase:     tc.currentPhase,
+				StartedAt: metav1.NewTime(time.Now().Add(-tc.startedSince)),
+			}
+			if tc.retryAttempt > 0 {
+				app.Status.OperationState.FinishedAt = ptr.To(metav1.NewTime(time.Now().Add(-tc.startedSince)))
+				app.Status.OperationState.RetryCount = int64(tc.retryAttempt)
+			}
+
+			ctrl.processRequestedAppOperation(app)
+
+			app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace).Get(t.Context(), app.Name, metav1.GetOptions{})
+			require.NoError(t, err)
+			assert.Equal(t, tc.expectedPhase, app.Status.OperationState.Phase)
+			assert.Equal(t, tc.expectedMessage, app.Status.OperationState.Message)
+		})
+	}
+}
+
 func TestGetAppHosts(t *testing.T) {
 	app := newFakeApp()
 	data := &fakeData{
@@ -2826,54 +2965,3 @@ func TestSelfHealBackoffCooldownElapsed(t *testing.T) {
 		assert.False(t, elapsed)
 	})
 }
-
-func TestSyncTimeout(t *testing.T) {
-	testCases := []struct {
-		delta           time.Duration
-		expectedPhase   synccommon.OperationPhase
-		expectedMessage string
-	}{{
-		delta:           2 * time.Minute,
-		expectedPhase:   synccommon.OperationFailed,
-		expectedMessage: "Operation terminated",
-	}, {
-		delta:           30 * time.Second,
-		expectedPhase:   synccommon.OperationSucceeded,
-		expectedMessage: "successfully synced (no more tasks)",
-	}}
-	for i := range testCases {
-		tc := testCases[i]
-		t.Run(fmt.Sprintf("test case %d", i), func(t *testing.T) {
-			app := newFakeApp()
-			app.Spec.Project = "default"
-			app.Operation = &v1alpha1.Operation{
-				Sync: &v1alpha1.SyncOperation{
-					Revision: "HEAD",
-				},
-			}
-			ctrl := newFakeController(&fakeData{
-				apps: []runtime.Object{app, &defaultProj},
-				manifestResponses: []*apiclient.ManifestResponse{{
-					Manifests: []string{},
-				}},
-			}, nil)
-
-			ctrl.syncTimeout = time.Minute
-			app.Status.OperationState = &v1alpha1.OperationState{
-				Operation: v1alpha1.Operation{
-					Sync: &v1alpha1.SyncOperation{
-						Revision: "HEAD",
-					},
-				},
-				Phase:     synccommon.OperationRunning,
-				StartedAt: metav1.NewTime(time.Now().Add(-tc.delta)),
-			}
-			ctrl.processRequestedAppOperation(app)
-
-			app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace).Get(t.Context(), app.Name, metav1.GetOptions{})
-			require.NoError(t, err)
-			require.Equal(t, tc.expectedPhase, app.Status.OperationState.Phase)
-			require.Equal(t, tc.expectedMessage, app.Status.OperationState.Message)
-		})
-	}
-}

From d1d3b41434266b6796d90e3ef8ded7f48fabdd90 Mon Sep 17 00:00:00 2001
From: Denis Iskandarov <den-is@users.noreply.github.com>
Date: Tue, 19 Aug 2025 18:43:23 +0400
Subject: [PATCH 287/383] docs: Document ARGOCD_CONFIG_DIR env variable
 (#24193) (#24194)

Signed-off-by: Denis Iskandarov <d.iskandarov@gmail.com>
Signed-off-by: Denis Iskandarov <den-is@users.noreply.github.com>
Co-authored-by: Afzal Ansari <afzal442@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/environment-variables.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/user-guide/environment-variables.md b/docs/user-guide/environment-variables.md
index cff6446617fa3..ee3f40006fa19 100644
--- a/docs/user-guide/environment-variables.md
+++ b/docs/user-guide/environment-variables.md
@@ -3,13 +3,14 @@
 The following environment variables can be used with `argocd` CLI:
 
 | Environment Variable                 | Description                                                                                                                                                                                               |
-|--------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `ARGOCD_SERVER`                      | the address of the Argo CD server without `https://` prefix <br> (instead of specifying `--server` for every command) <br> eg. `ARGOCD_SERVER=argocd.example.com` if served through an ingress with DNS |
+| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `ARGOCD_SERVER`                      | the address of the Argo CD server without `https://` prefix <br> (instead of specifying `--server` for every command) <br> eg. `ARGOCD_SERVER=argocd.example.com` if served through an ingress with DNS   |
 | `ARGOCD_AUTH_TOKEN`                  | the Argo CD `apiKey` for your Argo CD user to be able to authenticate                                                                                                                                     |
 | `ARGOCD_OPTS`                        | command-line options to pass to `argocd` CLI <br> eg. `ARGOCD_OPTS="--grpc-web"`                                                                                                                          |
+| `ARGOCD_CONFIG_DIR`                  | sets the directory hosting `argocd` CLI config, e.g., `~/.config/argocd/config`. (if ENV var not provided, defaults to `$XDG_CONFIG_HOME/argocd`, or `~/.config/argocd`, or if exists legacy `~/.argocd`) |
 | `ARGOCD_SERVER_NAME`                 | the Argo CD API Server name (default "argocd-server")                                                                                                                                                     |
 | `ARGOCD_REPO_SERVER_NAME`            | the Argo CD Repository Server name (default "argocd-repo-server")                                                                                                                                         |
 | `ARGOCD_APPLICATION_CONTROLLER_NAME` | the Argo CD Application Controller name (default "argocd-application-controller")                                                                                                                         |
 | `ARGOCD_REDIS_NAME`                  | the Argo CD Redis name (default "argocd-redis")                                                                                                                                                           |
 | `ARGOCD_REDIS_HAPROXY_NAME`          | the Argo CD Redis HA Proxy name (default "argocd-redis-ha-haproxy")                                                                                                                                       |
-| `ARGOCD_GRPC_KEEP_ALIVE_MIN`         | defines the GRPCKeepAliveEnforcementMinimum, used in the grpc.KeepaliveEnforcementPolicy. Expects a "Duration" format (default `10s`).                                                                       |
+| `ARGOCD_GRPC_KEEP_ALIVE_MIN`         | defines the GRPCKeepAliveEnforcementMinimum, used in the grpc.KeepaliveEnforcementPolicy. Expects a "Duration" format (default `10s`).                                                                    |

From 9e60687c31f54b530a7646e3fdea9c7feadff1c1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Aug 2025 11:11:05 -0400
Subject: [PATCH 288/383] chore(deps): bump library/ubuntu from `acdb2d3` to
 `1041699` in /test/container (#24207)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 2e045b08c6802..34b21b04bf38c 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,7 +14,7 @@ FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439
 
 FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
-FROM docker.io/library/ubuntu:25.10@sha256:acdb2d352183cf75a2cb296fe82514f8b983f461b5d8832b8968ec202db59952
+FROM docker.io/library/ubuntu:25.10@sha256:1041699615b625b6bb6fbcdb7876bb1379f52b954374ab457360d9444a05cd7d
 
 ENV DEBIAN_FRONTEND=noninteractive
 

From caee2fe399daae6a6babc1056945de9dafb1e15e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Aug 2025 11:11:25 -0400
Subject: [PATCH 289/383] chore(deps): bump google.golang.org/grpc from 1.74.2
 to 1.75.0 (#24206)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 14 +++++++-------
 go.sum | 34 ++++++++++++++++++----------------
 2 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/go.mod b/go.mod
index 24fe1cc0961e9..c3cefdf662d10 100644
--- a/go.mod
+++ b/go.mod
@@ -87,17 +87,17 @@ require (
 	github.com/yuin/gopher-lua v1.1.1
 	gitlab.com/gitlab-org/api/client-go v0.139.2
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
-	go.opentelemetry.io/otel v1.36.0
+	go.opentelemetry.io/otel v1.37.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
-	go.opentelemetry.io/otel/sdk v1.36.0
+	go.opentelemetry.io/otel/sdk v1.37.0
 	golang.org/x/crypto v0.41.0
 	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.16.0
 	golang.org/x/term v0.34.0
 	golang.org/x/time v0.12.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a
-	google.golang.org/grpc v1.74.2
+	google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7
+	google.golang.org/grpc v1.75.0
 	google.golang.org/protobuf v1.36.7
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -261,8 +261,8 @@ require (
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
-	go.opentelemetry.io/otel/metric v1.36.0 // indirect
-	go.opentelemetry.io/otel/trace v1.36.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.6.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
@@ -276,7 +276,7 @@ require (
 	gomodules.xyz/notify v0.1.1 // indirect
 	google.golang.org/api v0.223.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
diff --git a/go.sum b/go.sum
index e5b7fdc0e6843..62eba3eed058f 100644
--- a/go.sum
+++ b/go.sum
@@ -912,20 +912,20 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.6
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
-go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg=
-go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E=
+go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
+go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 h1:dNzwXjZKpMpE2JhmO+9HsPl42NIXFIFSUSSs0fiqra0=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0/go.mod h1:90PoxvaEB5n6AOdZvi+yWJQoE95U8Dhhw2bSyRqnTD0=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 h1:JgtbA0xkWHnTmYk7YusopJFX6uleBmAuZ8n05NEh8nQ=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0/go.mod h1:179AK5aar5R3eS9FucPy6rggvU0g52cvKId8pv4+v0c=
-go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE=
-go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs=
-go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
-go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
-go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
-go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
-go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w=
-go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA=
+go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
+go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
+go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI=
+go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg=
+go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc=
+go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps=
+go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
+go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
 go.opentelemetry.io/proto/otlp v1.6.0 h1:jQjP+AQyTf+Fe7OKj/MfkDrmK4MNVtw2NpXsf9fefDI=
 go.opentelemetry.io/proto/otlp v1.6.0/go.mod h1:cicgGehlFuNdgZkcALOCh3VE6K/u2tAjzlRhDwmVpZc=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
@@ -1269,6 +1269,8 @@ gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuB
 gomodules.xyz/notify v0.1.1 h1:1tTuoyswmPvzqPCTEDQK8SZ3ukCxLsonAAwst2+y1a0=
 gomodules.xyz/notify v0.1.1/go.mod h1:QgQyU4xEA/plJcDeT66J2Go2V7U4c0pD9wjo7HfFil4=
 gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKSjU=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1327,10 +1329,10 @@ google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
-google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a h1:SGktgSolFCo75dnHJF2yMvnns6jCmHFJ0vE4Vn2JKvQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a h1:v2PbRU4K3llS09c7zodFpNePeamkAwG3mPrAery9VeE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 h1:FiusG7LWj+4byqhbvmB+Q93B/mOxJLN2DTozDuZm4EU=
+google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:kXqgZtrWaf6qS3jZOCnCH7WYfrvFjkC51bM8fz3RsCA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1345,8 +1347,8 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4=
-google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM=
+google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4=
+google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=

From b61c089d4132989f509260678882e7bd4db19ed7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 20 Aug 2025 20:44:03 +0000
Subject: [PATCH 290/383] chore(deps): bump github.com/jarcoal/httpmock from
 1.4.0 to 1.4.1 (#24205)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c3cefdf662d10..bc387512fd1af 100644
--- a/go.mod
+++ b/go.mod
@@ -60,7 +60,7 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.8
 	github.com/improbable-eng/grpc-web v0.15.1-0.20230209220825-1d9bbb09a099
 	github.com/itchyny/gojq v0.12.17
-	github.com/jarcoal/httpmock v1.4.0
+	github.com/jarcoal/httpmock v1.4.1
 	github.com/jeremywohl/flatten v1.0.2-0.20211013061545-07e4a09fb8e4
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/ktrysmt/go-bitbucket v0.9.86
diff --git a/go.sum b/go.sum
index 62eba3eed058f..c51c67d498c8a 100644
--- a/go.sum
+++ b/go.sum
@@ -541,8 +541,8 @@ github.com/itchyny/gojq v0.12.17 h1:8av8eGduDb5+rvEdaOO+zQUjA04MS0m3Ps8HiD+fceg=
 github.com/itchyny/gojq v0.12.17/go.mod h1:WBrEMkgAfAGO1LUcGOckBl5O726KPp+OlkKug0I/FEY=
 github.com/itchyny/timefmt-go v0.1.6 h1:ia3s54iciXDdzWzwaVKXZPbiXzxxnv1SPGFfM/myJ5Q=
 github.com/itchyny/timefmt-go v0.1.6/go.mod h1:RRDZYC5s9ErkjQvTvvU7keJjxUYzIISJGxm9/mAERQg=
-github.com/jarcoal/httpmock v1.4.0 h1:BvhqnH0JAYbNudL2GMJKgOHe2CtKlzJ/5rWKyp+hc2k=
-github.com/jarcoal/httpmock v1.4.0/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
+github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2A=
+github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0=
 github.com/jaytaylor/html2text v0.0.0-20190408195923-01ec452cbe43/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=

From 70eceb3eff6c2e609177dacc9b87f8e96e96e0fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Aug 2025 05:13:22 -0400
Subject: [PATCH 291/383] chore(deps): bump codecov/codecov-action from 5.4.3
 to 5.5.0 (#24219)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 2932cc5060113..cb38671eff94c 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -385,7 +385,7 @@ jobs:
         run: |
           go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
       - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
         with:
           files: test-results/full-coverage.out
           fail_ci_if_error: true

From fdacd5cb057354a50224f58288dde70e45e3030f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Aug 2025 05:14:32 -0400
Subject: [PATCH 292/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.139.2 to 0.141.2 (#24216)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod |  4 ++--
 go.sum | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index bc387512fd1af..1e19a1975fadd 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.139.2
+	gitlab.com/gitlab-org/api/client-go v0.141.2
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.37.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
@@ -98,7 +98,7 @@ require (
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7
 	google.golang.org/grpc v1.75.0
-	google.golang.org/protobuf v1.36.7
+	google.golang.org/protobuf v1.36.8
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.33.1
diff --git a/go.sum b/go.sum
index c51c67d498c8a..8e078d19b20d4 100644
--- a/go.sum
+++ b/go.sum
@@ -897,8 +897,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.139.2 h1:Le1/q+ZBYSr3HG9mSJa+/ci36S9tFsa9nEG3b2Cq6kk=
-gitlab.com/gitlab-org/api/client-go v0.139.2/go.mod h1:vY0XbE86FvL7v5jCGDiaFgDyCV8YbmjIIkBhXx+ZDWM=
+gitlab.com/gitlab-org/api/client-go v0.141.2 h1:Ijlg+4sYV6WQgiw7rbNHYdHqrnt+bR0CTOm7u5n243M=
+gitlab.com/gitlab-org/api/client-go v0.141.2/go.mod h1:3YuWlZCirs2TTcaAzM6qNwVHB7WvV67ATb0GGpBCdlQ=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -931,8 +931,8 @@ go.opentelemetry.io/proto/otlp v1.6.0/go.mod h1:cicgGehlFuNdgZkcALOCh3VE6K/u2tAj
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/mock v0.5.2 h1:LbtPTcP8A5k9WPXj54PPPbjcI4Y6lhyOZXn+VS7wNko=
-go.uber.org/mock v0.5.2/go.mod h1:wLlUxC2vVTPTaE3UD51E0BGOAElKrILxhVSDYQLld5o=
+go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
+go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
@@ -1361,8 +1361,8 @@ google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
-google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc=
+google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=

From 4c0c463165837de71c26a20d4b4125dcd9585a1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 21 Aug 2025 05:15:03 -0400
Subject: [PATCH 293/383] chore(deps): bump google.golang.org/protobuf from
 1.36.7 to 1.36.8 (#24218)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>

From f2d62a304256927f4f2b5fb060392e5cb8bd47dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 22 Aug 2025 09:42:46 -0400
Subject: [PATCH 294/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.141.2 to 0.142.0 (#24226)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1e19a1975fadd..85678ecd163bf 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.141.2
+	gitlab.com/gitlab-org/api/client-go v0.142.0
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
 	go.opentelemetry.io/otel v1.37.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
diff --git a/go.sum b/go.sum
index 8e078d19b20d4..587809e7393d4 100644
--- a/go.sum
+++ b/go.sum
@@ -897,8 +897,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.141.2 h1:Ijlg+4sYV6WQgiw7rbNHYdHqrnt+bR0CTOm7u5n243M=
-gitlab.com/gitlab-org/api/client-go v0.141.2/go.mod h1:3YuWlZCirs2TTcaAzM6qNwVHB7WvV67ATb0GGpBCdlQ=
+gitlab.com/gitlab-org/api/client-go v0.142.0 h1:cR8+RhDc7ooH0SiGNhgm3Nf5ZpW5D1R3DLshfAXJZmQ=
+gitlab.com/gitlab-org/api/client-go v0.142.0/go.mod h1:3YuWlZCirs2TTcaAzM6qNwVHB7WvV67ATb0GGpBCdlQ=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From cf9dd201d655174d18c8993d7220864dde89407f Mon Sep 17 00:00:00 2001
From: Hugues Alary <hugues.alary@gmail.com>
Date: Fri, 22 Aug 2025 06:43:23 -0700
Subject: [PATCH 295/383] docs: Update rbac.md (#24224)

Signed-off-by: Hugues Alary <hugues.alary@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/rbac.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md
index d7b558c6c00c8..734da202ac4fb 100644
--- a/docs/operator-manual/rbac.md
+++ b/docs/operator-manual/rbac.md
@@ -341,7 +341,7 @@ spec:
     - name: admin
       description: Admin privileges to team-beta
       policies:
-        - p, proj:team-beta-project:admin, applications, *, *, allow
+        - p, proj:team-beta-project:admin, applications, *, team-beta-project/*, allow
       groups:
         - user@example.org # Value from the email scope
         - my-org:team-beta # Value from the groups scope

From f762d899e31856f08ec50b8234d6fb57ab99bfd6 Mon Sep 17 00:00:00 2001
From: jiwlee <53519832+jiwlee97@users.noreply.github.com>
Date: Fri, 22 Aug 2025 23:40:54 +0900
Subject: [PATCH 296/383] chore(ui/refactor): convert Login component to
 functional component (#23780)

Signed-off-by: jiwlee <ddazi9576@gmail.com>
Signed-off-by: jiwlee <53519832+jiwlee97@users.noreply.github.com>
Co-authored-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/src/app/login/components/login.tsx | 231 ++++++++++++--------------
 1 file changed, 106 insertions(+), 125 deletions(-)

diff --git a/ui/src/app/login/components/login.tsx b/ui/src/app/login/components/login.tsx
index a61a4c4698c39..de02e7c59ef47 100644
--- a/ui/src/app/login/components/login.tsx
+++ b/ui/src/app/login/components/login.tsx
@@ -1,12 +1,10 @@
 import {FormField} from 'argo-ui';
-import * as PropTypes from 'prop-types';
-import * as React from 'react';
+import React, {useContext, useEffect, useState} from 'react';
 import {Form, Text} from 'react-form';
 import {RouteComponentProps} from 'react-router';
-
-import {AppContext} from '../../shared/context';
 import {AuthSettings} from '../../shared/models';
 import {services} from '../../shared/services';
+import {Context} from '../../shared/context';
 
 require('./login.scss');
 
@@ -15,141 +13,124 @@ export interface LoginForm {
     password: string;
 }
 
-interface State {
-    authSettings: AuthSettings;
-    loginError: string;
-    loginInProgress: boolean;
-    returnUrl: string;
-    hasSsoLoginError: boolean;
-}
-
-export class Login extends React.Component<RouteComponentProps<{}>, State> {
-    public static contextTypes = {
-        apis: PropTypes.object
-    };
-
-    public static getDerivedStateFromProps(props: RouteComponentProps<{}>): Partial<State> {
-        const search = new URLSearchParams(props.history.location.search);
-        const returnUrl = search.get('return_url') || '';
-        const hasSsoLoginError = search.get('has_sso_error') === 'true';
-        return {hasSsoLoginError, returnUrl};
-    }
+export function Login(props: RouteComponentProps<{}>) {
+    const appContext = useContext(Context);
 
-    constructor(props: RouteComponentProps<{}>) {
-        super(props);
-        this.state = {authSettings: null, loginError: null, returnUrl: null, hasSsoLoginError: false, loginInProgress: false};
-    }
+    const search = new URLSearchParams(props.history.location.search);
+    const returnUrl = search.get('return_url') || '';
+    const hasSsoLoginError = search.get('has_sso_error') === 'true';
 
-    public async componentDidMount() {
-        this.setState({
-            authSettings: await services.authService.settings()
-        });
-    }
+    const [authSettings, setAuthSettings] = useState<AuthSettings | null>(null);
+    const [loginError, setLoginError] = useState<string | null>(null);
+    const [loginInProgress, setLoginInProgress] = useState<boolean>(false);
 
-    public render() {
-        const authSettings = this.state.authSettings;
-        const ssoConfigured = authSettings && ((authSettings.dexConfig && (authSettings.dexConfig.connectors || []).length > 0) || authSettings.oidcConfig);
-        return (
-            <div className='login'>
-                <div className='login__content show-for-medium'>
-                    <div className='login__text'>Let's get stuff deployed!</div>
-                    <div className='argo__logo' />
-                </div>
-                <div className='login__box'>
-                    <div className='login__logo width-control'>
-                        <img className='logo-image' src='assets/images/argo_o.svg' alt='argo' />
-                    </div>
-                    {ssoConfigured && (
-                        <div className='login__box_saml width-control'>
-                            <a href={`auth/login?return_url=${encodeURIComponent(this.state.returnUrl)}`}>
-                                <button className='argo-button argo-button--base argo-button--full-width argo-button--xlg'>
-                                    {(authSettings.oidcConfig && <span>Log in via {authSettings.oidcConfig.name}</span>) ||
-                                        (authSettings.dexConfig.connectors.length === 1 && <span>Log in via {authSettings.dexConfig.connectors[0].name}</span>) || (
-                                            <span>SSO Login</span>
-                                        )}
-                                </button>
-                            </a>
-                            {this.state.hasSsoLoginError && <div className='argo-form-row__error-msg'>Login failed.</div>}
-                            {authSettings && !authSettings.userLoginsDisabled && (
-                                <div className='login__saml-separator'>
-                                    <span>or</span>
-                                </div>
-                            )}
-                        </div>
-                    )}
-                    {authSettings && !authSettings.userLoginsDisabled && (
-                        <Form
-                            onSubmit={(params: LoginForm) => this.login(params.username, params.password, this.state.returnUrl)}
-                            validateError={(params: LoginForm) => ({
-                                username: !params.username && 'Username is required',
-                                password: !params.password && 'Password is required'
-                            })}>
-                            {formApi => (
-                                <form role='form' className='width-control' onSubmit={formApi.submitForm}>
-                                    <div className='argo-form-row'>
-                                        <FormField
-                                            formApi={formApi}
-                                            label='Username'
-                                            field='username'
-                                            component={Text}
-                                            componentProps={{name: 'username', autoCapitalize: 'none', autoComplete: 'username'}}
-                                        />
-                                    </div>
-                                    <div className='argo-form-row'>
-                                        <FormField
-                                            formApi={formApi}
-                                            label='Password'
-                                            field='password'
-                                            component={Text}
-                                            componentProps={{name: 'password', type: 'password', autoComplete: 'password'}}
-                                        />
-                                        {this.state.loginError && <div className='argo-form-row__error-msg'>{this.state.loginError}</div>}
-                                    </div>
-                                    <div className='login__form-row'>
-                                        <button disabled={this.state.loginInProgress} className='argo-button argo-button--full-width argo-button--xlg' type='submit'>
-                                            Sign In
-                                        </button>
-                                    </div>
-                                </form>
-                            )}
-                        </Form>
-                    )}
-                    {authSettings && authSettings.userLoginsDisabled && !ssoConfigured && (
-                        <div className='argo-form-row__error-msg'>Login is disabled. Please contact your system administrator.</div>
-                    )}
-                    <div className='login__footer'>
-                        <a href='https://argoproj.io' target='_blank'>
-                            <img className='logo-image' src='assets/images/argologo.svg' alt='argo' />
-                        </a>
-                    </div>
-                </div>
-            </div>
-        );
-    }
+    useEffect(() => {
+        (async () => {
+            const authSettings = await services.authService.settings();
+            setAuthSettings(authSettings);
+        })();
+    }, []);
 
-    private async login(username: string, password: string, returnURL: string) {
+    const login = async (username: string, password: string, returnURL: string) => {
         try {
-            this.setState({loginError: '', loginInProgress: true});
-            this.appContext.apis.navigation.goto('.', {sso_error: null});
+            setLoginError('');
+            setLoginInProgress(true);
+            appContext.navigation.goto('.', {sso_error: null});
             await services.users.login(username, password);
-            this.setState({loginInProgress: false});
+            setLoginInProgress(false);
             if (returnURL) {
                 const url = new URL(returnURL);
                 let redirectURL = url.pathname + url.search;
                 // return url already contains baseHref, so we need to remove it
-                if (this.appContext.apis.baseHref != '/' && redirectURL.startsWith(this.appContext.apis.baseHref)) {
-                    redirectURL = redirectURL.substring(this.appContext.apis.baseHref.length);
+                if (appContext.baseHref != '/' && redirectURL.startsWith(appContext.baseHref)) {
+                    redirectURL = redirectURL.substring(appContext.baseHref.length);
                 }
-                this.appContext.apis.navigation.goto(redirectURL);
+                appContext.navigation.goto(redirectURL);
             } else {
-                this.appContext.apis.navigation.goto('/applications');
+                appContext.navigation.goto('/applications');
             }
         } catch (e) {
-            this.setState({loginError: e.response.body.error, loginInProgress: false});
+            setLoginError(e.response.body.error);
+            setLoginInProgress(false);
         }
-    }
+    };
+
+    const ssoConfigured = authSettings && ((authSettings.dexConfig && (authSettings.dexConfig.connectors || []).length > 0) || authSettings.oidcConfig);
 
-    private get appContext(): AppContext {
-        return this.context as AppContext;
-    }
+    return (
+        <div className='login'>
+            <div className='login__content show-for-medium'>
+                <div className='login__text'>Let's get stuff deployed!</div>
+                <div className='argo__logo' />
+            </div>
+            <div className='login__box'>
+                <div className='login__logo width-control'>
+                    <img className='logo-image' src='assets/images/argo_o.svg' alt='argo' />
+                </div>
+                {ssoConfigured && (
+                    <div className='login__box_saml width-control'>
+                        <a href={`auth/login?return_url=${encodeURIComponent(returnUrl)}`}>
+                            <button className='argo-button argo-button--base argo-button--full-width argo-button--xlg'>
+                                {(authSettings.oidcConfig && <span>Log in via {authSettings.oidcConfig.name}</span>) ||
+                                    (authSettings.dexConfig.connectors.length === 1 && <span>Log in via {authSettings.dexConfig.connectors[0].name}</span>) || (
+                                        <span>SSO Login</span>
+                                    )}
+                            </button>
+                        </a>
+                        {hasSsoLoginError && <div className='argo-form-row__error-msg'>Login failed.</div>}
+                        {authSettings && !authSettings.userLoginsDisabled && (
+                            <div className='login__saml-separator'>
+                                <span>or</span>
+                            </div>
+                        )}
+                    </div>
+                )}
+                {authSettings && !authSettings.userLoginsDisabled && (
+                    <Form
+                        onSubmit={(params: LoginForm) => login(params.username, params.password, returnUrl)}
+                        validateError={(params: LoginForm) => ({
+                            username: !params.username && 'Username is required',
+                            password: !params.password && 'Password is required'
+                        })}>
+                        {formApi => (
+                            <form role='form' className='width-control' onSubmit={formApi.submitForm}>
+                                <div className='argo-form-row'>
+                                    <FormField
+                                        formApi={formApi}
+                                        label='Username'
+                                        field='username'
+                                        component={Text}
+                                        componentProps={{name: 'username', autoCapitalize: 'none', autoComplete: 'username'}}
+                                    />
+                                </div>
+                                <div className='argo-form-row'>
+                                    <FormField
+                                        formApi={formApi}
+                                        label='Password'
+                                        field='password'
+                                        component={Text}
+                                        componentProps={{name: 'password', type: 'password', autoComplete: 'password'}}
+                                    />
+                                    {loginError && <div className='argo-form-row__error-msg'>{loginError}</div>}
+                                </div>
+                                <div className='login__form-row'>
+                                    <button disabled={loginInProgress} className='argo-button argo-button--full-width argo-button--xlg' type='submit'>
+                                        Sign In
+                                    </button>
+                                </div>
+                            </form>
+                        )}
+                    </Form>
+                )}
+                {authSettings && authSettings.userLoginsDisabled && !ssoConfigured && (
+                    <div className='argo-form-row__error-msg'>Login is disabled. Please contact your system administrator.</div>
+                )}
+                <div className='login__footer'>
+                    <a href='https://argoproj.io' target='_blank'>
+                        <img className='logo-image' src='assets/images/argologo.svg' alt='argo' />
+                    </a>
+                </div>
+            </div>
+        </div>
+    );
 }

From ea23caa6342c1006ebac21e40627ac3b86d04f6f Mon Sep 17 00:00:00 2001
From: Kanika Rana <46766610+ranakan19@users.noreply.github.com>
Date: Fri, 22 Aug 2025 12:06:09 -0400
Subject: [PATCH 297/383] docs: add docs for Progressive Sync's deletionOrder
 feature (#24201)

Signed-off-by: Kanika Rana <krana@redhat.com>
Signed-off-by: Kanika Rana <46766610+ranakan19@users.noreply.github.com>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../applicationset/Progressive-Syncs.md       | 96 ++++++++++++++++++-
 1 file changed, 92 insertions(+), 4 deletions(-)

diff --git a/docs/operator-manual/applicationset/Progressive-Syncs.md b/docs/operator-manual/applicationset/Progressive-Syncs.md
index 63066ffe3511a..2c931a176d747 100644
--- a/docs/operator-manual/applicationset/Progressive-Syncs.md
+++ b/docs/operator-manual/applicationset/Progressive-Syncs.md
@@ -21,15 +21,30 @@ As an experimental feature, progressive syncs must be explicitly enabled, in one
 
 ## Strategies
 
-* AllAtOnce (default)
-* RollingSync
+ApplicationSet strategies control both how applications are created (or updated) and deleted. These operations are configured using two separate fields:
 
-### AllAtOnce
+* **Creation Strategy** (`type` field): Controls application creation and updates
+* **Deletion Strategy** (`deletionOrder` field): Controls application deletion order
+
+### Creation Strategies
+
+The `type` field controls how applications are created and updated. Available values:
+
+* **AllAtOnce** (default)
+* **RollingSync**
+
+#### AllAtOnce
 This default Application update behavior is unchanged from the original ApplicationSet implementation.
 
 All Applications managed by the ApplicationSet resource are updated simultaneously when the ApplicationSet is updated.
 
-### RollingSync
+```yaml
+spec:
+  strategy:
+    type: AllAtOnce  # explicit, but this is the default
+```
+
+#### RollingSync
 This update strategy allows you to group Applications by labels present on the generated Application resources.
 When the ApplicationSet changes, the changes will be applied to each group of Application resources sequentially.
 
@@ -46,6 +61,78 @@ When the ApplicationSet changes, the changes will be applied to each group of Ap
 * If an Application is considered "Pending" for `applicationsetcontroller.default.application.progressing.timeout` seconds, the Application is automatically moved to Healthy status (default 300).
 * If an Application is not selected in any step, it will be excluded from the rolling sync and needs to be manually synced through the CLI or UI.
 
+```yaml
+spec:
+  strategy:
+    type: RollingSync
+    rollingSync:
+      steps:
+        - matchExpressions:
+            - key: envLabel
+              operator: In
+              values:
+                - env-dev
+        - matchExpressions:
+            - key: envLabel
+              operator: In
+              values:
+                - env-prod
+          maxUpdate: 10%
+```
+
+### Deletion Strategies
+
+The `deletionOrder` field controls the order in which applications are deleted when they are removed from the ApplicationSet. Available values:
+
+* **AllAtOnce** (default)
+* **Reverse**
+
+#### AllAtOnce Deletion
+This is the default behavior where all applications that need to be deleted are removed simultaneously. This works with both `AllAtOnce` and `RollingSync` creation strategies.
+
+```yaml
+spec:
+  strategy:
+    type: RollingSync  # or AllAtOnce
+    deletionOrder: AllAtOnce  # explicit, but this is the default
+```
+
+#### Reverse Deletion
+When using `deletionOrder: Reverse` with RollingSync strategy, applications are deleted in reverse order of the steps defined in `rollingSync.steps`. This ensures that applications deployed in later steps are deleted before applications deployed in earlier steps.
+This strategy is particularly useful when you need to tear down dependent services in the particular sequence.
+
+**Requirements for Reverse deletion:**
+- Must be used with `type: RollingSync` 
+- Requires `rollingSync.steps` to be defined
+- Applications are deleted in reverse order of step sequence
+
+**Important:** The ApplicationSet finalizer is not removed until all applications are successfully deleted. This ensures proper cleanup and prevents the ApplicationSet from being removed before its managed applications.
+
+```yaml
+spec:
+  strategy:
+    type: RollingSync
+    deletionOrder: Reverse
+    rollingSync:
+      steps:
+        - matchExpressions:
+            - key: envLabel
+              operator: In
+              values:
+                - env-dev        # Step 1: Created first, deleted last
+        - matchExpressions:
+            - key: envLabel  
+              operator: In
+              values:
+                - env-prod       # Step 2: Created second, deleted first
+```
+
+In this example, when applications are deleted:
+1. `env-prod` applications (Step 2) are deleted first
+2. `env-dev` applications (Step 1) are deleted second
+
+This deletion order is useful for scenarios where you need to tear down dependent services in the correct sequence, such as deleting frontend services before backend dependencies.
+
 #### Example
 The following example illustrates how to stage a progressive sync over Applications with explicitly configured environment labels.
 
@@ -75,6 +162,7 @@ spec:
         env: env-prod
   strategy:
     type: RollingSync
+    deletionOrder: Reverse  # Applications will be deleted in reverse order of steps
     rollingSync:
       steps:
         - matchExpressions:

From 9a72fb1076d0e26d7d54877b05be7e18689a3103 Mon Sep 17 00:00:00 2001
From: raweber <99535319+raweber42@users.noreply.github.com>
Date: Fri, 22 Aug 2025 18:41:55 +0200
Subject: [PATCH 298/383] fix: resolve argocd ui error for externalSecrets,
 fixes #23886 (#24232)

Signed-off-by: ralf.weber <ralf.weber@cistec.com>
Co-authored-by: ralf.weber <ralf.weber@cistec.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../ExternalSecret/actions/action_test.yaml          |  5 +++++
 .../ExternalSecret/actions/discovery.lua             | 12 +++++++-----
 .../PushSecret/actions/action_test.yaml              |  5 +++++
 .../PushSecret/actions/discovery.lua                 | 12 +++++++-----
 4 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml b/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml
index 83f49fcff7439..5b3f79bcebdef 100644
--- a/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml
+++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/action_test.yaml
@@ -2,3 +2,8 @@ actionTests:
   - action: refresh
     inputPath: testdata/external-secret.yaml
     expectedOutputPath: testdata/external-secret-updated.yaml
+
+discoveryTests:
+  - inputPath: testdata/external-secret.yaml
+    result:
+      - name: "refresh"
diff --git a/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua b/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua
index 7afe48d9c13e0..1b295650b9471 100644
--- a/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua
+++ b/resource_customizations/external-secrets.io/ExternalSecret/actions/discovery.lua
@@ -3,11 +3,13 @@ local actions = {}
 local disable_refresh = false
 local time_units = {"ns", "us", "µs", "ms", "s", "m", "h"}
 local digits = obj.spec.refreshInterval
-for _, time_unit in ipairs(time_units) do
-  digits, _ = digits:gsub(time_unit, "")
-  if tonumber(digits) == 0 then
-    disable_refresh = true
-    break
+if digits ~= nil then
+  digits = tostring(digits)
+  for _, time_unit in ipairs(time_units) do
+    if digits == "0" or digits == "0" .. time_unit then
+      disable_refresh = true
+      break
+    end
   end
 end
 
diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml b/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml
index 457e5892667a3..d340106dbd868 100644
--- a/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/action_test.yaml
@@ -2,3 +2,8 @@ actionTests:
   - action: push
     inputPath: testdata/push-secret.yaml
     expectedOutputPath: testdata/push-secret-updated.yaml
+
+discoveryTests:
+  - inputPath: testdata/push-secret.yaml
+    result:
+      - name: "push"
diff --git a/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua b/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua
index ab0b8883af659..19e384542e955 100644
--- a/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua
+++ b/resource_customizations/external-secrets.io/PushSecret/actions/discovery.lua
@@ -3,11 +3,13 @@ local actions = {}
 local disable_push = false
 local time_units = {"ns", "us", "µs", "ms", "s", "m", "h"}
 local digits = obj.spec.refreshInterval
-for _, time_unit in ipairs(time_units) do
-  digits, _ = digits:gsub(time_unit, "")
-  if tonumber(digits) == 0 then
-    disable_push = true
-    break
+if digits ~= nil then
+  digits = tostring(digits)
+  for _, time_unit in ipairs(time_units) do
+    if digits == "0" or digits == "0" .. time_unit then
+      disable_push = true
+      break
+    end
   end
 end
 

From 670276af433557ee88379633c70b0e465e0e9d2c Mon Sep 17 00:00:00 2001
From: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Date: Fri, 22 Aug 2025 13:28:20 -0400
Subject: [PATCH 299/383] fix: High Application Controller CPU Usage - Reduce
 calls to db.GetSettings (#24235)

Signed-off-by: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Co-authored-by: Matthew Bennett <mtbennett@godaddy.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/db/cluster.go | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/util/db/cluster.go b/util/db/cluster.go
index 947f2b553e160..f43ca842697f6 100644
--- a/util/db/cluster.go
+++ b/util/db/cluster.go
@@ -94,12 +94,14 @@ func (db *db) ListClusters(_ context.Context) (*appv1.ClusterList, error) {
 
 // CreateCluster creates a cluster
 func (db *db) CreateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Cluster, error) {
-	settings, err := db.settingsMgr.GetSettings()
-	if err != nil {
-		return nil, err
-	}
-	if c.Server == appv1.KubernetesInternalAPIServerAddr && !settings.InClusterEnabled {
-		return nil, status.Errorf(codes.InvalidArgument, "cannot register cluster: in-cluster has been disabled")
+	if c.Server == appv1.KubernetesInternalAPIServerAddr {
+		settings, err := db.settingsMgr.GetSettings()
+		if err != nil {
+			return nil, err
+		}
+		if !settings.InClusterEnabled {
+			return nil, status.Errorf(codes.InvalidArgument, "cannot register cluster: in-cluster has been disabled")
+		}
 	}
 	secName, err := URIToSecretName("cluster", c.Server)
 	if err != nil {
@@ -226,12 +228,14 @@ func (db *db) getClusterSecret(server string) (*corev1.Secret, error) {
 
 // GetCluster returns a cluster from a query
 func (db *db) GetCluster(_ context.Context, server string) (*appv1.Cluster, error) {
-	argoSettings, err := db.settingsMgr.GetSettings()
-	if err != nil {
-		return nil, err
-	}
-	if server == appv1.KubernetesInternalAPIServerAddr && !argoSettings.InClusterEnabled {
-		return nil, status.Errorf(codes.NotFound, "cluster %q is disabled", server)
+	if server == appv1.KubernetesInternalAPIServerAddr {
+		argoSettings, err := db.settingsMgr.GetSettings()
+		if err != nil {
+			return nil, err
+		}
+		if !argoSettings.InClusterEnabled {
+			return nil, status.Errorf(codes.NotFound, "cluster %q is disabled", server)
+		}
 	}
 
 	informer, err := db.settingsMgr.GetSecretsInformer()

From 96a50c16b8d1ef5aad5dc6157ebb96d676c16279 Mon Sep 17 00:00:00 2001
From: portly-halicore-76
 <170707699+portly-halicore-76@users.noreply.github.com>
Date: Sat, 23 Aug 2025 13:23:41 +0200
Subject: [PATCH 300/383] fix: prevent idle connection buildup by cloning
 http.DefaultTransport in Bitbucket SCM/PR generator #24209 (#24210)

Signed-off-by: portly-halicore-76 <170707699+portly-halicore-76@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../services/pull_request/bitbucket_server.go | 11 ++----
 .../services/scm_provider/bitbucket_server.go | 11 ++----
 applicationset/services/util.go               | 22 +++++++++++
 applicationset/services/util_test.go          | 37 +++++++++++++++++++
 4 files changed, 65 insertions(+), 16 deletions(-)
 create mode 100644 applicationset/services/util.go
 create mode 100644 applicationset/services/util_test.go

diff --git a/applicationset/services/pull_request/bitbucket_server.go b/applicationset/services/pull_request/bitbucket_server.go
index c48c6cb01ef1f..264e9c08fd5aa 100644
--- a/applicationset/services/pull_request/bitbucket_server.go
+++ b/applicationset/services/pull_request/bitbucket_server.go
@@ -8,7 +8,7 @@ import (
 	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
 	log "github.com/sirupsen/logrus"
 
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/applicationset/services"
 )
 
 type BitbucketService struct {
@@ -49,15 +49,10 @@ func NewBitbucketServiceNoAuth(ctx context.Context, url, projectKey, repositoryS
 }
 
 func newBitbucketService(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey, repositorySlug string, scmRootCAPath string, insecure bool, caCerts []byte) (PullRequestService, error) {
-	bitbucketConfig.BasePath = utils.NormalizeBitbucketBasePath(bitbucketConfig.BasePath)
-	tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
-	bitbucketConfig.HTTPClient = &http.Client{Transport: &http.Transport{
-		TLSClientConfig: tlsConfig,
-	}}
-	bitbucketClient := bitbucketv1.NewAPIClient(ctx, bitbucketConfig)
+	bbClient := services.SetupBitbucketClient(ctx, bitbucketConfig, scmRootCAPath, insecure, caCerts)
 
 	return &BitbucketService{
-		client:         bitbucketClient,
+		client:         bbClient,
 		projectKey:     projectKey,
 		repositorySlug: repositorySlug,
 	}, nil
diff --git a/applicationset/services/scm_provider/bitbucket_server.go b/applicationset/services/scm_provider/bitbucket_server.go
index cbe0c6aad42da..2b3763e087943 100644
--- a/applicationset/services/scm_provider/bitbucket_server.go
+++ b/applicationset/services/scm_provider/bitbucket_server.go
@@ -10,7 +10,7 @@ import (
 	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
 	log "github.com/sirupsen/logrus"
 
-	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+	"github.com/argoproj/argo-cd/v3/applicationset/services"
 )
 
 type BitbucketServerProvider struct {
@@ -49,15 +49,10 @@ func NewBitbucketServerProviderNoAuth(ctx context.Context, url, projectKey strin
 }
 
 func newBitbucketServerProvider(ctx context.Context, bitbucketConfig *bitbucketv1.Configuration, projectKey string, allBranches bool, scmRootCAPath string, insecure bool, caCerts []byte) (*BitbucketServerProvider, error) {
-	bitbucketConfig.BasePath = utils.NormalizeBitbucketBasePath(bitbucketConfig.BasePath)
-	tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
-	bitbucketConfig.HTTPClient = &http.Client{Transport: &http.Transport{
-		TLSClientConfig: tlsConfig,
-	}}
-	bitbucketClient := bitbucketv1.NewAPIClient(ctx, bitbucketConfig)
+	bbClient := services.SetupBitbucketClient(ctx, bitbucketConfig, scmRootCAPath, insecure, caCerts)
 
 	return &BitbucketServerProvider{
-		client:      bitbucketClient,
+		client:      bbClient,
 		projectKey:  projectKey,
 		allBranches: allBranches,
 	}, nil
diff --git a/applicationset/services/util.go b/applicationset/services/util.go
new file mode 100644
index 0000000000000..742f629c2d4af
--- /dev/null
+++ b/applicationset/services/util.go
@@ -0,0 +1,22 @@
+package services
+
+import (
+	"context"
+	"net/http"
+
+	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
+
+	"github.com/argoproj/argo-cd/v3/applicationset/utils"
+)
+
+// SetupBitbucketClient configures and creates a Bitbucket API client with TLS settings
+func SetupBitbucketClient(ctx context.Context, config *bitbucketv1.Configuration, scmRootCAPath string, insecure bool, caCerts []byte) *bitbucketv1.APIClient {
+	config.BasePath = utils.NormalizeBitbucketBasePath(config.BasePath)
+	tlsConfig := utils.GetTlsConfig(scmRootCAPath, insecure, caCerts)
+
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+	transport.TLSClientConfig = tlsConfig
+	config.HTTPClient = &http.Client{Transport: transport}
+
+	return bitbucketv1.NewAPIClient(ctx, config)
+}
diff --git a/applicationset/services/util_test.go b/applicationset/services/util_test.go
new file mode 100644
index 0000000000000..c27a9bc17f861
--- /dev/null
+++ b/applicationset/services/util_test.go
@@ -0,0 +1,37 @@
+package services
+
+import (
+	"context"
+	"crypto/tls"
+	"net/http"
+	"testing"
+	"time"
+
+	bitbucketv1 "github.com/gfleury/go-bitbucket-v1"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSetupBitbucketClient(t *testing.T) {
+	ctx := context.Background()
+	cfg := &bitbucketv1.Configuration{}
+
+	// Act
+	client := SetupBitbucketClient(ctx, cfg, "", false, nil)
+
+	// Assert
+	require.NotNil(t, client, "expected client to be created")
+	require.NotNil(t, cfg.HTTPClient, "expected HTTPClient to be set")
+
+	// The transport should be a clone of DefaultTransport
+	tr, ok := cfg.HTTPClient.Transport.(*http.Transport)
+	require.True(t, ok, "expected HTTPClient.Transport to be *http.Transport")
+	require.NotSame(t, http.DefaultTransport, tr, "transport should be a clone, not the global DefaultTransport")
+
+	// Ensure TLSClientConfig is set
+	require.IsType(t, &tls.Config{}, tr.TLSClientConfig)
+
+	// Defaults from http.DefaultTransport.Clone() should be preserved
+	require.Greater(t, tr.IdleConnTimeout, time.Duration(0), "IdleConnTimeout should be non-zero")
+	require.Positive(t, tr.MaxIdleConns, "MaxIdleConns should be non-zero")
+	require.Greater(t, tr.TLSHandshakeTimeout, time.Duration(0), "TLSHandshakeTimeout should be non-zero")
+}

From 158b8919552a4cbb0c29b85004290d129a94cc79 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 23 Aug 2025 16:19:07 -0400
Subject: [PATCH 301/383] chore(deps): bump
 github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.18.2 to 1.19.0 (#24227)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 85678ecd163bf..e59c1715c3b0c 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.25.0
 require (
 	code.gitea.io/sdk/gitea v0.21.0
 	dario.cat/mergo v1.0.2
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
 	github.com/Azure/kubelogin v0.2.10
 	github.com/Masterminds/semver/v3 v3.4.0
diff --git a/go.sum b/go.sum
index 587809e7393d4..e0a52b67b0a03 100644
--- a/go.sum
+++ b/go.sum
@@ -44,8 +44,8 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
 github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 h1:Hr5FTipp7SL07o2FvoVOX9HRiRH3CR3Mj8pxqCcdD5A=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0 h1:ci6Yd6nysBRLEodoziB6ah1+YOzZbZk+NYneoA6q+6E=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=

From 97bf2d0176c4bde61ea7c92dc366e62b80b1a14d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 23 Aug 2025 17:20:30 -0400
Subject: [PATCH 302/383] chore(deps): bump
 github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.10.1 to 1.11.0
 (#24050)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e59c1715c3b0c..75ce3d4b4a704 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	code.gitea.io/sdk/gitea v0.21.0
 	dario.cat/mergo v1.0.2
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0
 	github.com/Azure/kubelogin v0.2.10
 	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/Masterminds/sprig/v3 v3.3.0
diff --git a/go.sum b/go.sum
index e0a52b67b0a03..5f1b05c797b13 100644
--- a/go.sum
+++ b/go.sum
@@ -46,8 +46,8 @@ github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
 github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0 h1:ci6Yd6nysBRLEodoziB6ah1+YOzZbZk+NYneoA6q+6E=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1 h1:B+blDbyVIG3WaikNxPnhPiJ1MThR03b3vKGtER95TP4=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.10.1/go.mod h1:JdM5psgjfBf5fo2uWOZhflPWyDBZ/O/CNAH9CtsuZE4=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 h1:MhRfI58HblXzCtWEZCO0feHs8LweePB3s90r7WaR1KU=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0/go.mod h1:okZ+ZURbArNdlJ+ptXoyHNuOETzOl1Oww19rm8I2WLA=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=

From b8f2905079aa2d82bee04776157c6e6bbc356950 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 24 Aug 2025 21:24:25 -0400
Subject: [PATCH 303/383] chore(deps): bump the otel group across 1 directory
 with 2 updates (#24217)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 75ce3d4b4a704..fc963840d1f93 100644
--- a/go.mod
+++ b/go.mod
@@ -86,9 +86,9 @@ require (
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
 	gitlab.com/gitlab-org/api/client-go v0.142.0
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0
 	go.opentelemetry.io/otel v1.37.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0
 	go.opentelemetry.io/otel/sdk v1.37.0
 	golang.org/x/crypto v0.41.0
 	golang.org/x/net v0.43.0
@@ -200,7 +200,7 @@ require (
 	github.com/gosimple/unidecode v1.0.1 // indirect
 	github.com/gregdel/pushover v1.3.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
@@ -260,10 +260,10 @@ require (
 	go.mongodb.org/mongo-driver v1.17.1 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect
 	go.opentelemetry.io/otel/metric v1.37.0 // indirect
 	go.opentelemetry.io/otel/trace v1.37.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.6.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.7.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
 	golang.org/x/mod v0.26.0 // indirect
diff --git a/go.sum b/go.sum
index 5f1b05c797b13..e342058a80960 100644
--- a/go.sum
+++ b/go.sum
@@ -511,8 +511,8 @@ github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2/go.mod h1:wd1YpapPLivG6nQ
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 h1:X5VWvz21y3gzm9Nw/kaUeku/1+uBhcekkmy4IkffJww=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
@@ -908,16 +908,16 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0 h1:rbRJ8BBoVMsQShESYZ0FkvcITu8X8QNwJogcLUmDNNw=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0/go.mod h1:ru6KHrNtNHxM4nD/vd6QrLVWgKhxPYgblq4VAtNawTQ=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
 go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
 go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 h1:dNzwXjZKpMpE2JhmO+9HsPl42NIXFIFSUSSs0fiqra0=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0/go.mod h1:90PoxvaEB5n6AOdZvi+yWJQoE95U8Dhhw2bSyRqnTD0=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0 h1:JgtbA0xkWHnTmYk7YusopJFX6uleBmAuZ8n05NEh8nQ=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.36.0/go.mod h1:179AK5aar5R3eS9FucPy6rggvU0g52cvKId8pv4+v0c=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 h1:Ahq7pZmv87yiyn3jeFz/LekZmPLLdKejuO3NcK9MssM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0/go.mod h1:MJTqhM0im3mRLw1i8uGHnCvUEeS7VwRyxlLC78PA18M=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 h1:EtFWSnwW9hGObjkIdmlnWSydO+Qs8OwzfzXLUPg4xOc=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0/go.mod h1:QjUEoiGCPkvFZ/MjK6ZZfNOS6mfVEVKYE99dFhuN2LI=
 go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
 go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
 go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI=
@@ -926,8 +926,8 @@ go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFh
 go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps=
 go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
 go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
-go.opentelemetry.io/proto/otlp v1.6.0 h1:jQjP+AQyTf+Fe7OKj/MfkDrmK4MNVtw2NpXsf9fefDI=
-go.opentelemetry.io/proto/otlp v1.6.0/go.mod h1:cicgGehlFuNdgZkcALOCh3VE6K/u2tAjzlRhDwmVpZc=
+go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os=
+go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=

From 43909b99edf0c0a417224d4f92cdebd1e005b3f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 24 Aug 2025 21:44:45 -0400
Subject: [PATCH 304/383] chore(deps): bump library/redis from 7.4.3 to 8.2.1
 in /test/container (#24200)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 34b21b04bf38c..3ff52ca408d64 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/redis:7.4.3@sha256:7df1eeff67eb0ba84f6b9d2940765a6bb1158081426745c185a03b1507de6a09 AS redis
+FROM docker.io/library/redis:8.2.1@sha256:cc2dfb8f5151da2684b4a09bd04b567f92d07591d91980eb3eca21df07e12760 AS redis
 
 # There are libraries we will want to copy from here in the final stage of the
 # build, but the COPY directive does not have a way to determine system

From a4ac8647b6f26665176b08e4b32688e22f2600f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Aug 2025 09:12:58 +0200
Subject: [PATCH 305/383] chore(deps): bump github.com/stretchr/testify from
 1.10.0 to 1.11.0 (#24248)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index fc963840d1f93..19ced6e5f65e9 100644
--- a/go.mod
+++ b/go.mod
@@ -82,7 +82,7 @@ require (
 	github.com/soheilhy/cmux v0.1.5
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.7
-	github.com/stretchr/testify v1.10.0
+	github.com/stretchr/testify v1.11.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
 	gitlab.com/gitlab-org/api/client-go v0.142.0
diff --git a/go.sum b/go.sum
index e342058a80960..158d639422f05 100644
--- a/go.sum
+++ b/go.sum
@@ -871,8 +871,9 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8=
+github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=

From f08a637823a71217b06c6e200980d53df04a20ed Mon Sep 17 00:00:00 2001
From: Archy <6429715+archy-rock3t-cloud@users.noreply.github.com>
Date: Mon, 25 Aug 2025 09:13:25 +0200
Subject: [PATCH 306/383] docs: Add Sophotech to adopters list (#24247)

Signed-off-by: Artem Muterko <artem@sopho.tech>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 785beb10fe449..9b38351345dc5 100644
--- a/USERS.md
+++ b/USERS.md
@@ -339,6 +339,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Snapp](https://snapp.ir/)
 1. [Snyk](https://snyk.io/)
 1. [Softway Medical](https://www.softwaymedical.fr/)
+1. [Sophotech](https://sopho.tech)
 1. [South China Morning Post (SCMP)](https://www.scmp.com/)
 1. [Speee](https://speee.jp/)
 1. [Spendesk](https://spendesk.com/)

From 5b60c90b72d63257845a61569e9dfbea7114ddf5 Mon Sep 17 00:00:00 2001
From: Matthew Bennett <82049070+mtbennett-godaddy@users.noreply.github.com>
Date: Mon, 25 Aug 2025 01:38:08 -0700
Subject: [PATCH 307/383] fix: cache external TLS cert to avoid `Loading TLS
 config` log spam (#17277) (#23965) (#24080)

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/settings/settings.go      | 100 +++++++------
 util/settings/settings_test.go | 247 ++++++++++++++++++++++++++++++++-
 2 files changed, 307 insertions(+), 40 deletions(-)

diff --git a/util/settings/settings.go b/util/settings/settings.go
index f71ec02b403a4..d44dcc586329c 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -562,9 +562,13 @@ type SettingsManager struct {
 	// subscribers is a list of subscribers to settings updates
 	subscribers []chan<- *ArgoCDSettings
 	// mutex protects concurrency sensitive parts of settings manager: access to subscribers list and initialization flag
-	mutex                 *sync.Mutex
-	initContextCancel     func()
-	reposOrClusterChanged func()
+	mutex                     *sync.Mutex
+	initContextCancel         func()
+	reposOrClusterChanged     func()
+	tlsCertParser             func([]byte, []byte) (tls.Certificate, error)
+	tlsCertCache              *tls.Certificate
+	tlsCertCacheSecretName    string
+	tlsCertCacheSecretVersion string
 }
 
 type incompleteSettingsError struct {
@@ -1485,28 +1489,16 @@ func (mgr *SettingsManager) updateSettingsFromSecret(settings *ArgoCDSettings, a
 	// The TLS certificate may be externally managed. We try to load it from an
 	// external secret first. If the external secret doesn't exist, we either
 	// load it from argocd-secret or generate (and persist) a self-signed one.
-	cert, err := mgr.externalServerTLSCertificate()
-	if err != nil {
+	externalSecret, err := mgr.GetSecretByName(externalServerTLSSecretName)
+	if err != nil && !apierrors.IsNotFound(err) {
 		errs = append(errs, &incompleteSettingsError{message: fmt.Sprintf("could not read from secret %s/%s: %v", mgr.namespace, externalServerTLSSecretName, err)})
 	} else {
-		if cert != nil {
-			settings.Certificate = cert
-			settings.CertificateIsExternal = true
-			log.Infof("Loading TLS configuration from secret %s/%s", mgr.namespace, externalServerTLSSecretName)
-		} else {
-			serverCert, certOk := argoCDSecret.Data[settingServerCertificate]
-			serverKey, keyOk := argoCDSecret.Data[settingServerPrivateKey]
-			if certOk && keyOk {
-				cert, err := tls.X509KeyPair(serverCert, serverKey)
-				if err != nil {
-					errs = append(errs, &incompleteSettingsError{message: fmt.Sprintf("invalid x509 key pair %s/%s in secret: %s", settingServerCertificate, settingServerPrivateKey, err)})
-				} else {
-					settings.Certificate = &cert
-					settings.CertificateIsExternal = false
-				}
-			}
+		err = mgr.loadTLSCertificate(settings, externalSecret, argoCDSecret)
+		if err != nil {
+			errs = append(errs, err)
 		}
 	}
+
 	secretValues := make(map[string]string, len(argoCDSecret.Data))
 	for _, s := range secrets {
 		for k, v := range s.Data {
@@ -1533,25 +1525,54 @@ func (mgr *SettingsManager) updateSettingsFromSecret(settings *ArgoCDSettings, a
 	return nil
 }
 
-// externalServerTLSCertificate will try and load a TLS certificate from an
-// external secret, instead of tls.crt and tls.key in argocd-secret. If both
-// return values are nil, no external secret has been configured.
-func (mgr *SettingsManager) externalServerTLSCertificate() (*tls.Certificate, error) {
-	var cert tls.Certificate
-	secret, err := mgr.GetSecretByName(externalServerTLSSecretName)
-	if err != nil {
-		if apierrors.IsNotFound(err) {
-			return nil, nil
+func (mgr *SettingsManager) loadTLSCertificate(settings *ArgoCDSettings, externalSecret *corev1.Secret, argoCDSecret *corev1.Secret) error {
+	mgr.mutex.Lock()
+	defer mgr.mutex.Unlock()
+	if externalSecret != nil {
+		cert, err := mgr.loadTLSCertificateFromSecret(externalSecret)
+
+		if err != nil {
+			return err
+		} else if cert != nil {
+			settings.Certificate = cert
+			settings.CertificateIsExternal = true
 		}
 	}
-	tlsCert, certOK := secret.Data[settingServerCertificate]
-	tlsKey, keyOK := secret.Data[settingServerPrivateKey]
-	if certOK && keyOK {
-		cert, err = tls.X509KeyPair(tlsCert, tlsKey)
+	// if there was no external cert found, check internal
+	if !settings.CertificateIsExternal {
+		cert, err := mgr.loadTLSCertificateFromSecret(argoCDSecret)
+
 		if err != nil {
-			return nil, err
+			return err
+		} else if cert != nil {
+			settings.Certificate = cert
+			settings.CertificateIsExternal = false
 		}
 	}
+	return nil
+}
+
+func (mgr *SettingsManager) loadTLSCertificateFromSecret(secret *corev1.Secret) (*tls.Certificate, error) {
+	if mgr.tlsCertCache != nil && mgr.tlsCertCacheSecretName == secret.Name && mgr.tlsCertCacheSecretVersion == secret.ResourceVersion {
+		return mgr.tlsCertCache, nil
+	}
+
+	tlsCert, certOK := secret.Data[settingServerCertificate]
+	tlsKey, keyOK := secret.Data[settingServerPrivateKey]
+	if !certOK || !keyOK {
+		return nil, nil
+	}
+
+	log.Infof("Loading TLS configuration from secret %s/%s", mgr.namespace, secret.Name)
+	cert, err := mgr.tlsCertParser(tlsCert, tlsKey)
+	if err != nil {
+		return nil, err
+	}
+
+	mgr.tlsCertCache = &cert
+	mgr.tlsCertCacheSecretName = secret.Name
+	mgr.tlsCertCacheSecretVersion = secret.ResourceVersion
+
 	return &cert, nil
 }
 
@@ -1687,10 +1708,11 @@ func WithRepoOrClusterChangedHandler(handler func()) SettingsManagerOpts {
 // NewSettingsManager generates a new SettingsManager pointer and returns it
 func NewSettingsManager(ctx context.Context, clientset kubernetes.Interface, namespace string, opts ...SettingsManagerOpts) *SettingsManager {
 	mgr := &SettingsManager{
-		ctx:       ctx,
-		clientset: clientset,
-		namespace: namespace,
-		mutex:     &sync.Mutex{},
+		ctx:           ctx,
+		clientset:     clientset,
+		namespace:     namespace,
+		mutex:         &sync.Mutex{},
+		tlsCertParser: tls.X509KeyPair,
 	}
 	for i := range opts {
 		opts[i](mgr)
diff --git a/util/settings/settings_test.go b/util/settings/settings_test.go
index 4a4d5d934ba8c..11b2fe60f561e 100644
--- a/util/settings/settings_test.go
+++ b/util/settings/settings_test.go
@@ -1278,9 +1278,254 @@ func Test_GetTLSConfiguration(t *testing.T) {
 		)
 		settingsManager := NewSettingsManager(t.Context(), kubeClient, "default")
 		settings, err := settingsManager.GetSettings()
-		require.ErrorContains(t, err, "could not read from secret")
+		require.ErrorContains(t, err, "failed to find any PEM data in certificate input")
 		assert.NotNil(t, settings)
 	})
+	t.Run("Does not parse TLS cert key pair on cache hit", func(t *testing.T) {
+		cm := &corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      common.ArgoCDConfigMapName,
+				Namespace: "default",
+				Labels: map[string]string{
+					"app.kubernetes.io/part-of": "argocd",
+				},
+			},
+		}
+		secret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            common.ArgoCDSecretName,
+				Namespace:       "default",
+				ResourceVersion: "1",
+				Labels: map[string]string{
+					"app.kubernetes.io/part-of": "argocd",
+				},
+			},
+			Data: map[string][]byte{
+				"server.secretkey": nil,
+			},
+		}
+		tlsSecret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            externalServerTLSSecretName,
+				Namespace:       "default",
+				ResourceVersion: "1",
+			},
+			Data: map[string][]byte{
+				"tls.crt": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.crt")),
+				"tls.key": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.key")),
+			},
+		}
+
+		kubeClient := fake.NewClientset(cm, secret, tlsSecret)
+		callCount := 0
+		settingsManager := NewSettingsManager(context.Background(), kubeClient, "default", func(mgr *SettingsManager) {
+			mgr.tlsCertParser = func(certpem []byte, keypem []byte) (tls.Certificate, error) {
+				callCount++
+
+				return tls.X509KeyPair(certpem, keypem)
+			}
+		})
+
+		// should not be called by initialization
+		assert.Equal(t, 0, callCount)
+
+		// should be called by first call to GetSettings
+		_, err := settingsManager.GetSettings()
+		require.NoError(t, err)
+		assert.Equal(t, 1, callCount)
+
+		// should not be called by subsequent call to GetSettings
+		_, err = settingsManager.GetSettings()
+		require.NoError(t, err)
+		assert.Equal(t, 1, callCount)
+	})
+	t.Run("Parses TLS cert key pair when TLS secret update causes cache miss", func(t *testing.T) {
+		cm := &corev1.ConfigMap{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      common.ArgoCDConfigMapName,
+				Namespace: "default",
+				Labels: map[string]string{
+					"app.kubernetes.io/part-of": "argocd",
+				},
+			},
+		}
+		secret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            common.ArgoCDSecretName,
+				Namespace:       "default",
+				ResourceVersion: "1",
+				Labels: map[string]string{
+					"app.kubernetes.io/part-of": "argocd",
+				},
+			},
+			Data: map[string][]byte{
+				"server.secretkey": nil,
+			},
+		}
+		tlsSecret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            externalServerTLSSecretName,
+				Namespace:       "default",
+				ResourceVersion: "1",
+			},
+			Data: map[string][]byte{
+				"tls.crt": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.crt")),
+				"tls.key": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.key")),
+			},
+		}
+
+		kubeClient := fake.NewClientset(cm, secret, tlsSecret)
+		callCount := 0
+		settingsManager := NewSettingsManager(context.Background(), kubeClient, "default", func(mgr *SettingsManager) {
+			mgr.tlsCertParser = func(certpem []byte, keypem []byte) (tls.Certificate, error) {
+				callCount++
+
+				return tls.X509KeyPair(certpem, keypem)
+			}
+		})
+
+		// should be called by first call to GetSettings
+		settings, err := settingsManager.GetSettings()
+		require.NoError(t, err)
+		assert.Equal(t, 1, callCount)
+		assert.NotNil(t, settings.Certificate)
+		assert.True(t, settings.CertificateIsExternal)
+		assert.Equal(t, "localhost", getCNFromCertificate(settings.Certificate))
+
+		// update secret
+		tlsSecret.SetResourceVersion("2")
+		_, err = kubeClient.CoreV1().Secrets("default").Update(t.Context(), tlsSecret, metav1.UpdateOptions{})
+		require.NoError(t, err)
+
+		// allow time for the udpate to resolve to avoid timing issues below
+		time.Sleep(250 * time.Millisecond)
+
+		// should be called again after secret update resolves
+		settings, err = settingsManager.GetSettings()
+		require.NoError(t, err)
+		assert.Equal(t, 2, callCount)
+		assert.NotNil(t, settings.Certificate)
+		assert.True(t, settings.CertificateIsExternal)
+		assert.Equal(t, "localhost", getCNFromCertificate(settings.Certificate))
+	})
+	t.Run("Overrides cached internal TLS cert when external TLS secret added", func(t *testing.T) {
+		kubeClient := fake.NewClientset(
+			&corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      common.ArgoCDConfigMapName,
+					Namespace: "default",
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+			},
+			&corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:            common.ArgoCDSecretName,
+					Namespace:       "default",
+					ResourceVersion: "1",
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+				Data: map[string][]byte{
+					"server.secretkey": nil,
+					"tls.crt":          []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-e2e-server.crt")),
+					"tls.key":          []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-e2e-server.key")),
+				},
+			},
+		)
+		settingsManager := NewSettingsManager(t.Context(), kubeClient, "default")
+		settings, err := settingsManager.GetSettings()
+		require.NoError(t, err)
+		// should have internal cert at this point
+		assert.NotNil(t, settings.Certificate)
+		assert.False(t, settings.CertificateIsExternal)
+		assert.Equal(t, "Argo CD E2E", getCNFromCertificate(settings.Certificate))
+
+		externalTLSSecret := &corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:            externalServerTLSSecretName,
+				Namespace:       "default",
+				ResourceVersion: "1",
+			},
+			Data: map[string][]byte{
+				"tls.crt": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.crt")),
+				"tls.key": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.key")),
+			},
+		}
+		_, err = kubeClient.CoreV1().Secrets("default").Create(t.Context(), externalTLSSecret, metav1.CreateOptions{})
+		require.NoError(t, err)
+
+		// allow time for the create to resolve to avoid timing issues below
+		time.Sleep(250 * time.Millisecond)
+
+		settings, err = settingsManager.GetSettings()
+		require.NoError(t, err)
+		// should now have an external cert
+		assert.NotNil(t, settings.Certificate)
+		assert.True(t, settings.CertificateIsExternal)
+		assert.Equal(t, "localhost", getCNFromCertificate(settings.Certificate))
+	})
+	t.Run("Falls back to internal TLS cert when external TLS secret deleted", func(t *testing.T) {
+		kubeClient := fake.NewClientset(
+			&corev1.ConfigMap{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      common.ArgoCDConfigMapName,
+					Namespace: "default",
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+			},
+			&corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:            common.ArgoCDSecretName,
+					Namespace:       "default",
+					ResourceVersion: "1",
+					Labels: map[string]string{
+						"app.kubernetes.io/part-of": "argocd",
+					},
+				},
+				Data: map[string][]byte{
+					"server.secretkey": nil,
+					"tls.crt":          []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-e2e-server.crt")),
+					"tls.key":          []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-e2e-server.key")),
+				},
+			},
+			&corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:            externalServerTLSSecretName,
+					Namespace:       "default",
+					ResourceVersion: "1",
+				},
+				Data: map[string][]byte{
+					"tls.crt": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.crt")),
+					"tls.key": []byte(testutil.MustLoadFileToString("../../test/fixture/certs/argocd-test-server.key")),
+				},
+			},
+		)
+		settingsManager := NewSettingsManager(t.Context(), kubeClient, "default")
+		settings, err := settingsManager.GetSettings()
+		require.NoError(t, err)
+		// should have external cert at this point
+		assert.NotNil(t, settings.Certificate)
+		assert.True(t, settings.CertificateIsExternal)
+		assert.Equal(t, "localhost", getCNFromCertificate(settings.Certificate))
+
+		err = kubeClient.CoreV1().Secrets("default").Delete(t.Context(), externalServerTLSSecretName, metav1.DeleteOptions{})
+		require.NoError(t, err)
+
+		// allow time for the delete to resolve to avoid timing issues below
+		time.Sleep(250 * time.Millisecond)
+
+		settings, err = settingsManager.GetSettings()
+		require.NoError(t, err)
+		// should now have an internal cert
+		assert.NotNil(t, settings.Certificate)
+		assert.False(t, settings.CertificateIsExternal)
+		assert.Equal(t, "Argo CD E2E", getCNFromCertificate(settings.Certificate))
+	})
 	t.Run("No external TLS secret", func(t *testing.T) {
 		kubeClient := fake.NewClientset(
 			&corev1.ConfigMap{

From 016f6dcb724abb6f4162509f722d0fa1bf2f1de5 Mon Sep 17 00:00:00 2001
From: jan-mrm <67435696+jan-mrm@users.noreply.github.com>
Date: Mon, 25 Aug 2025 21:08:34 +0200
Subject: [PATCH 308/383] fix(discovery): add missing lua syntax and return to
 discovery (fixes #24257) (#24262)

Signed-off-by: jan-mrm <67435696+jan-mrm@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../actions/discovery.lua                     |  5 ++-
 .../MonoVertex/actions/action_test.yaml       | 38 ++++++++++++++++++-
 .../MonoVertex/actions/discovery.lua          |  5 ++-
 .../Pipeline/actions/action_test.yaml         | 38 ++++++++++++++++++-
 .../Pipeline/actions/discovery.lua            |  5 ++-
 5 files changed, 86 insertions(+), 5 deletions(-)

diff --git a/resource_customizations/numaflow.numaproj.io/InterStepBufferService/actions/discovery.lua b/resource_customizations/numaflow.numaproj.io/InterStepBufferService/actions/discovery.lua
index 4758edab6c873..8f6cea0665672 100644
--- a/resource_customizations/numaflow.numaproj.io/InterStepBufferService/actions/discovery.lua
+++ b/resource_customizations/numaflow.numaproj.io/InterStepBufferService/actions/discovery.lua
@@ -15,4 +15,7 @@ end
 if forcePromote then
   actions["force-promote"]["disabled"] = false
 else
-  actions["force-promote"]["disabled"] = true
\ No newline at end of file
+  actions["force-promote"]["disabled"] = true
+end
+
+return actions
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml
index b76a545e543c7..2b936d2c312ce 100644
--- a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/action_test.yaml
@@ -10,4 +10,40 @@ actionTests:
   expectedOutputPath: testdata/monovertex-unpause-fast.yaml
 - action: force-promote
   inputPath: testdata/monovertex.yaml
-  expectedOutputPath: testdata/monovertex-force-promote.yaml
\ No newline at end of file
+  expectedOutputPath: testdata/monovertex-force-promote.yaml
+
+discoveryTests:
+  - inputPath: testdata/monovertex.yaml
+    result:
+      - name: pause
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-pause'
+      - name: unpause-gradual
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (gradual)'
+      - name: unpause-fast
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (fast)'
+      - name: force-promote
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-forward'
+        displayName: 'Force Promote'
+  - inputPath: testdata/monovertex-paused.yaml
+    result:
+      - name: pause
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-pause'
+      - name: unpause-gradual
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (gradual)'
+      - name: unpause-fast
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (fast)'
+      - name: force-promote
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-forward'
+        displayName: 'Force Promote'
diff --git a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua
index a7cd59aa1cc8e..075a05bf58180 100644
--- a/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua
+++ b/resource_customizations/numaflow.numaproj.io/MonoVertex/actions/discovery.lua
@@ -54,4 +54,7 @@ end
 if forcePromote then
   actions["force-promote"]["disabled"] = false
 else
-  actions["force-promote"]["disabled"] = true
\ No newline at end of file
+  actions["force-promote"]["disabled"] = true
+end
+
+return actions
\ No newline at end of file
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml
index 78fa26e8591f4..2962a6a397300 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/action_test.yaml
@@ -10,4 +10,40 @@ actionTests:
   expectedOutputPath: testdata/pipeline-unpause-fast.yaml
 - action: force-promote
   inputPath: testdata/pipeline.yaml
-  expectedOutputPath: testdata/pipeline-force-promote.yaml
\ No newline at end of file
+  expectedOutputPath: testdata/pipeline-force-promote.yaml
+
+discoveryTests:
+  - inputPath: testdata/pipeline.yaml
+    result:
+      - name: pause
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-pause'
+      - name: unpause-gradual
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (gradual)'
+      - name: unpause-fast
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (fast)'
+      - name: force-promote
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-forward'
+        displayName: 'Force Promote'
+  - inputPath: testdata/pipeline-paused.yaml
+    result:
+      - name: pause
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-pause'
+      - name: unpause-gradual
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (gradual)'
+      - name: unpause-fast
+        disabled: true
+        iconClass: 'fa-solid fa-fw fa-play'
+        displayName: 'Unpause (fast)'
+      - name: force-promote
+        disabled: false
+        iconClass: 'fa-solid fa-fw fa-forward'
+        displayName: 'Force Promote'
diff --git a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua
index a7cd59aa1cc8e..075a05bf58180 100644
--- a/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua
+++ b/resource_customizations/numaflow.numaproj.io/Pipeline/actions/discovery.lua
@@ -54,4 +54,7 @@ end
 if forcePromote then
   actions["force-promote"]["disabled"] = false
 else
-  actions["force-promote"]["disabled"] = true
\ No newline at end of file
+  actions["force-promote"]["disabled"] = true
+end
+
+return actions
\ No newline at end of file

From 2ec4602763b873f57c2b7c01ac6102aab618ca7d Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Tue, 26 Aug 2025 15:43:01 +0530
Subject: [PATCH 309/383] chore: check for `gotestsum` installation when
 running tests locally (#24271)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 hack/test.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hack/test.sh b/hack/test.sh
index 45a07c2750745..8241aed4de3d9 100755
--- a/hack/test.sh
+++ b/hack/test.sh
@@ -1,8 +1,12 @@
 #!/bin/bash
 set -eux -o pipefail
 
+# check for local installation of go-junit-report otherwise install locally
 which go-junit-report || go install github.com/jstemmer/go-junit-report@latest
 
+# check for local installation of gotestsum otherwise install locally
+which gotestsum || go install gotest.tools/gotestsum@latest
+
 TEST_RESULTS=${TEST_RESULTS:-test-results}
 TEST_FLAGS=${TEST_FLAGS:-}
 

From 7628ec20966f60e7b63e9815312f9e54e9a7dda4 Mon Sep 17 00:00:00 2001
From: ygit <ygit@users.noreply.github.com>
Date: Tue, 26 Aug 2025 19:24:44 +0530
Subject: [PATCH 310/383] docs(users): Add 100ms to the list of users (#24265)

Signed-off-by: ygit <ygit@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 USERS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/USERS.md b/USERS.md
index 9b38351345dc5..7fed91925123e 100644
--- a/USERS.md
+++ b/USERS.md
@@ -5,6 +5,7 @@ PR with your organization name if you are using Argo CD.
 
 Currently, the following organizations are **officially** using Argo CD:
 
+1. [100ms](https://www.100ms.ai/)
 1. [127Labs](https://127labs.com/)
 1. [3Rein](https://www.3rein.com/)
 1. [42 School](https://42.fr/)

From 5dbc378317928a0450796dc442d07390c033b5ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Aug 2025 15:22:37 -0400
Subject: [PATCH 311/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.142.0 to 0.142.1 (#24249)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 19ced6e5f65e9..1a4e2749e80a0 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/stretchr/testify v1.11.0
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.142.0
+	gitlab.com/gitlab-org/api/client-go v0.142.1
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0
 	go.opentelemetry.io/otel v1.37.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0
diff --git a/go.sum b/go.sum
index 158d639422f05..67a32673020aa 100644
--- a/go.sum
+++ b/go.sum
@@ -898,8 +898,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.142.0 h1:cR8+RhDc7ooH0SiGNhgm3Nf5ZpW5D1R3DLshfAXJZmQ=
-gitlab.com/gitlab-org/api/client-go v0.142.0/go.mod h1:3YuWlZCirs2TTcaAzM6qNwVHB7WvV67ATb0GGpBCdlQ=
+gitlab.com/gitlab-org/api/client-go v0.142.1 h1:PFMUo/MPVjLlUDUE0RPpufrsjaMQbyZHSmhP25MHsZw=
+gitlab.com/gitlab-org/api/client-go v0.142.1/go.mod h1:Pht8kWkFX+obFPjQK3fct8gk+kILqH/ur5v31+VFsKc=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From eb3ebe7b924d2d373bf95bfa9dfef7244d2e4ac7 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Wed, 27 Aug 2025 13:59:49 +0530
Subject: [PATCH 312/383] chore: replace bitnami images (#24101)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile                     |   2 +-
 util/helm/testdata/redis/README.md            | 190 +++++++++---------
 .../testdata/redis/values-production.yaml     |   2 +-
 util/helm/testdata/redis/values.yaml          |   2 +-
 4 files changed, 98 insertions(+), 98 deletions(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index 3ff52ca408d64..d61fb6cf31110 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -12,7 +12,7 @@ FROM docker.io/library/golang:1.25.0@sha256:9e56f0d0f043a68bb8c47c819e47dc29f6e8
 
 FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439b3f7c958c9c2fb941049ea6531d AS registry
 
-FROM docker.io/bitnami/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
+FROM docker.io/bitnamilegacy/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
 FROM docker.io/library/ubuntu:25.10@sha256:1041699615b625b6bb6fbcdb7876bb1379f52b954374ab457360d9444a05cd7d
 
diff --git a/util/helm/testdata/redis/README.md b/util/helm/testdata/redis/README.md
index a17fb83b2e619..112ab8f947b1a 100644
--- a/util/helm/testdata/redis/README.md
+++ b/util/helm/testdata/redis/README.md
@@ -49,101 +49,101 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following table lists the configurable parameters of the Redis chart and their default values.
 
-| Parameter                                  | Description                                                                                                    | Default                              |
-|--------------------------------------------|----------------------------------------------------------------------------------------------------------------|--------------------------------------|
-| `image.registry`                           | Redis Image registry                                                                                           | `docker.io`                                          |
-| `image.repository`                         | Redis Image name                                                                                               | `bitnami/redis`                                      |
-| `image.tag`                                | Redis Image tag                                                                                                | `{VERSION}`                                          |
-| `image.pullPolicy`                         | Image pull policy                                                                                              | `Always`                                             |
-| `image.pullSecrets`                        | Specify docker-registry secret names as an array                                                               | `nil`                                                |
-| `cluster.enabled`                          | Use master-slave topology                                                                                      | `true`                                               |
-| `cluster.slaveCount`                       | Number of slaves                                                                                               | 1                                                    |
-| `existingSecret`                           | Name of existing secret object (for password authentication)                                                   | `nil`                                                |
-| `usePassword`                              | Use password                                                                                                   | `true`                                               |
-| `password`                                 | Redis password (ignored if existingSecret set)                                                                 | Randomly generated                                   |
-| `networkPolicy.enabled`                    | Enable NetworkPolicy                                                                                           | `false`                                              |
-| `networkPolicy.allowExternal`              | Don't require client label for connections                                                                     | `true`                                               |
-| `serviceAccount.create`                    | Specifies whether a ServiceAccount should be created                                                           | `false`                                              |
-| `serviceAccount.name`                      | The name of the ServiceAccount to create                                                                       | Generated using the fullname template                |
-| `rbac.create`                              | Specifies whether RBAC resources should be created                                                             | `false`                                              |
-| `rbac.role.rules`                          | Rules to create                                                                                                | `[]`                                                 |
-| `metrics.enabled`                          | Start a side-car prometheus exporter                                                                           | `false`                                              |
-| `metrics.image.registry`                   | Redis exporter image registry                                                                                  | `docker.io`                                          |
-| `metrics.image.repository`                 | Redis exporter image name                                                                                      | `bitnami/redis`                                      |
-| `metrics.image.tag`                        | Redis exporter image tag                                                                                       | `v0.20.2`                                            |
-| `metrics.image.pullPolicy`                 | Image pull policy                                                                                              | `IfNotPresent`                                       |
-| `metrics.image.pullSecrets`                | Specify docker-registry secret names as an array                                                               | `nil`                                                |
-| `metrics.podLabels`                        | Additional labels for Metrics exporter pod                                                                     | {}                                                   |
-| `metrics.podAnnotations`                   | Additional annotations for Metrics exporter pod                                                                | {}                                                   |
-| `master.service.type`                      | Kubernetes Service type (redis metrics)                                                                        | `LoadBalancer`                                       |
-| `metrics.service.annotations`              | Annotations for the services to monitor  (redis master and redis slave service)                                | {}                                                   |
-| `metrics.service.loadBalancerIP`           | loadBalancerIP if redis metrics service type is `LoadBalancer`                                                 | `nil`                                                |
-| `metrics.resources`                        | Exporter resource requests/limit                                                                               | Memory: `256Mi`, CPU: `100m`                         |
-| `persistence.existingClaim`                | Provide an existing PersistentVolumeClaim                                                                      | `nil`                                                |
-| `master.persistence.enabled`               | Use a PVC to persist data (master node)                                                                        | `true`                                               |
-| `master.persistence.path`                  | Path to mount the volume at, to use other images                                                               | `/bitnami`                                           |
-| `master.persistence.subPath`               | Subdirectory of the volume to mount at                                                                         | `""`                                                 |
-| `master.persistence.storageClass`          | Storage class of backing PVC                                                                                   | `generic`                                            |
-| `master.persistence.accessModes`           | Persistent Volume Access Modes                                                                                 | `[ReadWriteOnce]`                                    |
-| `master.persistence.size`                  | Size of data volume                                                                                            | `8Gi`                                                |
-| `master.statefulset.updateStrategy`        | Update strategy for StatefulSet                                                                                | onDelete                                             |
-| `master.statefulset.rollingUpdatePartition`| Partition update strategy                                                                                      | `nil`                                                |
-| `master.podLabels`                         | Additional labels for Redis master pod                                                                         | {}                                                   |
-| `master.podAnnotations`                    | Additional annotations for Redis master pod                                                                    | {}                                                   |
-| `master.port`                              | Redis master port                                                                                              | 6379                                                 |
-| `master.args`                              | Redis master command-line args                                                                                 | []                                                   |
-| `master.disableCommands`                   | Comma-separated list of Redis commands to disable (master)                                                     | `FLUSHDB,FLUSHALL`                                   |
-| `master.extraFlags`                        | Redis master additional command line flags                                                                     | []                                                   |
-| `master.nodeSelector`                      | Redis master Node labels for pod assignment                                                                    | {"kubernetes.io/arch": "amd64"}                 |
-| `master.tolerations`                       | Toleration labels for Redis master pod assignment                                                              | []                                                   |
-| `master.affinity   `                       | Affinity settings for Redis master pod assignment                                                              | []                                                   |
-| `master.schedulerName`                     | Name of an alternate scheduler                                                                                 | `nil`                                                |
-| `master.service.type`                      | Kubernetes Service type (redis master)                                                                         | `ClusterIP`                                          |
-| `master.service.annotations`               | annotations for redis master service                                                                           | {}                                                   |
-| `master.service.loadBalancerIP`            | loadBalancerIP if redis master service type is `LoadBalancer`                                                  | `nil`                                                |
-| `master.securityContext.enabled`           | Enable security context (redis master pod)                                                                     | `true`                                               |
-| `master.securityContext.fsGroup`           | Group ID for the container (redis master pod)                                                                  | `1001`                                               |
-| `master.securityContext.runAsUser`         | User ID for the container (redis master pod)                                                                   | `1001`                                               |
-| `master.resources`                         | Redis master CPU/Memory resource requests/limits                                                               | Memory: `256Mi`, CPU: `100m`                         |
-| `master.livenessProbe.enabled`             | Turn on and off liveness probe (redis master pod)                                                              | `true`                                               |
-| `master.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (redis master pod)                                                    | `30`                                                 |
-| `master.livenessProbe.periodSeconds`       | How often to perform the probe (redis master pod)                                                              | `30`                                                 |
-| `master.livenessProbe.timeoutSeconds`      | When the probe times out (redis master pod)                                                                    | `5`                                                  |
-| `master.livenessProbe.successThreshold`    | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1`                                                  |
-| `master.livenessProbe.failureThreshold`    | Minimum consecutive failures for the probe to be considered failed after having succeeded.                     | `5`                                                  |
-| `master.readinessProbe.enabled`            | Turn on and off readiness probe (redis master pod)                                                             | `true`                                               |
-| `master.readinessProbe.initialDelaySeconds`| Delay before readiness probe is initiated (redis master pod)                                                   | `5`                                                  |
-| `master.readinessProbe.periodSeconds`      | How often to perform the probe (redis master pod)                                                              | `10`                                                 |
-| `master.readinessProbe.timeoutSeconds`     | When the probe times out (redis master pod)                                                                    | `1`                                                  |
-| `master.readinessProbe.successThreshold`   | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1`                                                  |
-| `master.readinessProbe.failureThreshold`   | Minimum consecutive failures for the probe to be considered failed after having succeeded.                     | `5`                                                  |
-| `slave.serviceType`                        | Kubernetes Service type (redis slave)                                                                          | `LoadBalancer`                                       |
-| `slave.service.annotations`                | annotations for redis slave service                                                                            | {}                                                   |
-| `slave.service.loadBalancerIP`             | LoadBalancerIP if Redis slave service type is `LoadBalancer`                                                   | `nil`                                                |
-| `slave.port`                               | Redis slave port                                                                                               | `master.port`                                        |
-| `slave.args`                               | Redis slave command-line args                                                                                  | `master.args`                                        |
-| `slave.disableCommands`                    | Comma-separated list of Redis commands to disable (slave)                                                      | `master.disableCommands`                             |
-| `slave.extraFlags`                         | Redis slave additional command line flags                                                                      | `master.extraFlags`                                  |
-| `slave.livenessProbe.enabled`              | Turn on and off liveness probe (redis slave pod)                                                               | `master.livenessProbe.enabled`                       |
-| `slave.livenessProbe.initialDelaySeconds`  | Delay before liveness probe is initiated (redis slave pod)                                                     | `master.livenessProbe.initialDelaySeconds`           |
-| `slave.livenessProbe.periodSeconds`        | How often to perform the probe (redis slave pod)                                                               | `master.livenessProbe.periodSeconds`                 |
-| `slave.livenessProbe.timeoutSeconds`       | When the probe times out (redis slave pod)                                                                     | `master.livenessProbe.timeoutSeconds`                |
-| `slave.livenessProbe.successThreshold`     | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod)  | `master.livenessProbe.successThreshold`              |
-| `slave.livenessProbe.failureThreshold`     | Minimum consecutive failures for the probe to be considered failed after having succeeded.                     | `master.livenessProbe.failureThreshold`              |
-| `slave.readinessProbe.enabled`             | Turn on and off slave.readiness probe (redis slave pod)                                                        | `master.readinessProbe.enabled`                      |
-| `slave.readinessProbe.initialDelaySeconds` | Delay before slave.readiness probe is initiated (redis slave pod)                                              | `master.readinessProbe.initialDelaySeconds`          |
-| `slave.readinessProbe.periodSeconds`       | How often to perform the probe (redis slave pod)                                                               | `master.readinessProbe.periodSeconds`                |
-| `slave.readinessProbe.timeoutSeconds`      | When the probe times out (redis slave pod)                                                                     | `master.readinessProbe.timeoutSeconds`               |
-| `slave.readinessProbe.successThreshold`    | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod)  | `master.readinessProbe.successThreshold`             |
-| `slave.readinessProbe.failureThreshold`    | Minimum consecutive failures for the probe to be considered failed after having succeeded. (redis slave pod)   | `master.readinessProbe.failureThreshold`             |
-| `slave.podLabels`                          | Additional labels for Redis slave pod                                                                          | `master.podLabels`                                   |
-| `slave.podAnnotations`                     | Additional annotations for Redis slave pod                                                                     | `master.podAnnotations`                              |
-| `slave.schedulerName`                      | Name of an alternate scheduler                                                                                 | `nil`                                                |
-| `slave.securityContext.enabled`            | Enable security context (redis slave pod)                                                                      | `master.securityContext.enabled`                     |
-| `slave.securityContext.fsGroup`            | Group ID for the container (redis slave pod)                                                                   | `master.securityContext.fsGroup`                     |
-| `slave.securityContext.runAsUser`          | User ID for the container (redis slave pod)                                                                    | `master.securityContext.runAsUser`                   |
-| `slave.resources`                          | Redis slave CPU/Memory resource requests/limits                                                                | `master.resources`                                   |
-| `slave.affinity`                          | Enable node/pod affinity for slaves                                                                | {}                                   |
+| Parameter                                  | Description                                                                                                    | Default                                     |
+|--------------------------------------------|----------------------------------------------------------------------------------------------------------------|---------------------------------------------|
+| `image.registry`                           | Redis Image registry                                                                                           | `docker.io`                                 |
+| `image.repository`                         | Redis Image name                                                                                               | `bitnamilegacy/redis`                       |
+| `image.tag`                                | Redis Image tag                                                                                                | `{VERSION}`                                 |
+| `image.pullPolicy`                         | Image pull policy                                                                                              | `Always`                                    |
+| `image.pullSecrets`                        | Specify docker-registry secret names as an array                                                               | `nil`                                       |
+| `cluster.enabled`                          | Use master-slave topology                                                                                      | `true`                                      |
+| `cluster.slaveCount`                       | Number of slaves                                                                                               | 1                                           |
+| `existingSecret`                           | Name of existing secret object (for password authentication)                                                   | `nil`                                       |
+| `usePassword`                              | Use password                                                                                                   | `true`                                      |
+| `password`                                 | Redis password (ignored if existingSecret set)                                                                 | Randomly generated                          |
+| `networkPolicy.enabled`                    | Enable NetworkPolicy                                                                                           | `false`                                     |
+| `networkPolicy.allowExternal`              | Don't require client label for connections                                                                     | `true`                                      |
+| `serviceAccount.create`                    | Specifies whether a ServiceAccount should be created                                                           | `false`                                     |
+| `serviceAccount.name`                      | The name of the ServiceAccount to create                                                                       | Generated using the fullname template       |
+| `rbac.create`                              | Specifies whether RBAC resources should be created                                                             | `false`                                     |
+| `rbac.role.rules`                          | Rules to create                                                                                                | `[]`                                        |
+| `metrics.enabled`                          | Start a side-car prometheus exporter                                                                           | `false`                                     |
+| `metrics.image.registry`                   | Redis exporter image registry                                                                                  | `docker.io`                                 |
+| `metrics.image.repository`                 | Redis exporter image name                                                                                      | `bitnamilegacy/redis`                       |
+| `metrics.image.tag`                        | Redis exporter image tag                                                                                       | `v0.20.2`                                   |
+| `metrics.image.pullPolicy`                 | Image pull policy                                                                                              | `IfNotPresent`                              |
+| `metrics.image.pullSecrets`                | Specify docker-registry secret names as an array                                                               | `nil`                                       |
+| `metrics.podLabels`                        | Additional labels for Metrics exporter pod                                                                     | {}                                          |
+| `metrics.podAnnotations`                   | Additional annotations for Metrics exporter pod                                                                | {}                                          |
+| `master.service.type`                      | Kubernetes Service type (redis metrics)                                                                        | `LoadBalancer`                              |
+| `metrics.service.annotations`              | Annotations for the services to monitor  (redis master and redis slave service)                                | {}                                          |
+| `metrics.service.loadBalancerIP`           | loadBalancerIP if redis metrics service type is `LoadBalancer`                                                 | `nil`                                       |
+| `metrics.resources`                        | Exporter resource requests/limit                                                                               | Memory: `256Mi`, CPU: `100m`                |
+| `persistence.existingClaim`                | Provide an existing PersistentVolumeClaim                                                                      | `nil`                                       |
+| `master.persistence.enabled`               | Use a PVC to persist data (master node)                                                                        | `true`                                      |
+| `master.persistence.path`                  | Path to mount the volume at, to use other images                                                               | `/bitnami`                                  |
+| `master.persistence.subPath`               | Subdirectory of the volume to mount at                                                                         | `""`                                        |
+| `master.persistence.storageClass`          | Storage class of backing PVC                                                                                   | `generic`                                   |
+| `master.persistence.accessModes`           | Persistent Volume Access Modes                                                                                 | `[ReadWriteOnce]`                           |
+| `master.persistence.size`                  | Size of data volume                                                                                            | `8Gi`                                       |
+| `master.statefulset.updateStrategy`        | Update strategy for StatefulSet                                                                                | onDelete                                    |
+| `master.statefulset.rollingUpdatePartition`| Partition update strategy                                                                                      | `nil`                                       |
+| `master.podLabels`                         | Additional labels for Redis master pod                                                                         | {}                                          |
+| `master.podAnnotations`                    | Additional annotations for Redis master pod                                                                    | {}                                          |
+| `master.port`                              | Redis master port                                                                                              | 6379                                        |
+| `master.args`                              | Redis master command-line args                                                                                 | []                                          |
+| `master.disableCommands`                   | Comma-separated list of Redis commands to disable (master)                                                     | `FLUSHDB,FLUSHALL`                          |
+| `master.extraFlags`                        | Redis master additional command line flags                                                                     | []                                          |
+| `master.nodeSelector`                      | Redis master Node labels for pod assignment                                                                    | {"kubernetes.io/arch": "amd64"}             |
+| `master.tolerations`                       | Toleration labels for Redis master pod assignment                                                              | []                                          |
+| `master.affinity   `                       | Affinity settings for Redis master pod assignment                                                              | []                                          |
+| `master.schedulerName`                     | Name of an alternate scheduler                                                                                 | `nil`                                       |
+| `master.service.type`                      | Kubernetes Service type (redis master)                                                                         | `ClusterIP`                                 |
+| `master.service.annotations`               | annotations for redis master service                                                                           | {}                                          |
+| `master.service.loadBalancerIP`            | loadBalancerIP if redis master service type is `LoadBalancer`                                                  | `nil`                                       |
+| `master.securityContext.enabled`           | Enable security context (redis master pod)                                                                     | `true`                                      |
+| `master.securityContext.fsGroup`           | Group ID for the container (redis master pod)                                                                  | `1001`                                      |
+| `master.securityContext.runAsUser`         | User ID for the container (redis master pod)                                                                   | `1001`                                      |
+| `master.resources`                         | Redis master CPU/Memory resource requests/limits                                                               | Memory: `256Mi`, CPU: `100m`                |
+| `master.livenessProbe.enabled`             | Turn on and off liveness probe (redis master pod)                                                              | `true`                                      |
+| `master.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (redis master pod)                                                    | `30`                                        |
+| `master.livenessProbe.periodSeconds`       | How often to perform the probe (redis master pod)                                                              | `30`                                        |
+| `master.livenessProbe.timeoutSeconds`      | When the probe times out (redis master pod)                                                                    | `5`                                         |
+| `master.livenessProbe.successThreshold`    | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1`                                         |
+| `master.livenessProbe.failureThreshold`    | Minimum consecutive failures for the probe to be considered failed after having succeeded.                     | `5`                                         |
+| `master.readinessProbe.enabled`            | Turn on and off readiness probe (redis master pod)                                                             | `true`                                      |
+| `master.readinessProbe.initialDelaySeconds`| Delay before readiness probe is initiated (redis master pod)                                                   | `5`                                         |
+| `master.readinessProbe.periodSeconds`      | How often to perform the probe (redis master pod)                                                              | `10`                                        |
+| `master.readinessProbe.timeoutSeconds`     | When the probe times out (redis master pod)                                                                    | `1`                                         |
+| `master.readinessProbe.successThreshold`   | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1`                                         |
+| `master.readinessProbe.failureThreshold`   | Minimum consecutive failures for the probe to be considered failed after having succeeded.                     | `5`                                         |
+| `slave.serviceType`                        | Kubernetes Service type (redis slave)                                                                          | `LoadBalancer`                              |
+| `slave.service.annotations`                | annotations for redis slave service                                                                            | {}                                          |
+| `slave.service.loadBalancerIP`             | LoadBalancerIP if Redis slave service type is `LoadBalancer`                                                   | `nil`                                       |
+| `slave.port`                               | Redis slave port                                                                                               | `master.port`                               |
+| `slave.args`                               | Redis slave command-line args                                                                                  | `master.args`                               |
+| `slave.disableCommands`                    | Comma-separated list of Redis commands to disable (slave)                                                      | `master.disableCommands`                    |
+| `slave.extraFlags`                         | Redis slave additional command line flags                                                                      | `master.extraFlags`                         |
+| `slave.livenessProbe.enabled`              | Turn on and off liveness probe (redis slave pod)                                                               | `master.livenessProbe.enabled`              |
+| `slave.livenessProbe.initialDelaySeconds`  | Delay before liveness probe is initiated (redis slave pod)                                                     | `master.livenessProbe.initialDelaySeconds`  |
+| `slave.livenessProbe.periodSeconds`        | How often to perform the probe (redis slave pod)                                                               | `master.livenessProbe.periodSeconds`        |
+| `slave.livenessProbe.timeoutSeconds`       | When the probe times out (redis slave pod)                                                                     | `master.livenessProbe.timeoutSeconds`       |
+| `slave.livenessProbe.successThreshold`     | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod)  | `master.livenessProbe.successThreshold`     |
+| `slave.livenessProbe.failureThreshold`     | Minimum consecutive failures for the probe to be considered failed after having succeeded.                     | `master.livenessProbe.failureThreshold`     |
+| `slave.readinessProbe.enabled`             | Turn on and off slave.readiness probe (redis slave pod)                                                        | `master.readinessProbe.enabled`             |
+| `slave.readinessProbe.initialDelaySeconds` | Delay before slave.readiness probe is initiated (redis slave pod)                                              | `master.readinessProbe.initialDelaySeconds` |
+| `slave.readinessProbe.periodSeconds`       | How often to perform the probe (redis slave pod)                                                               | `master.readinessProbe.periodSeconds`       |
+| `slave.readinessProbe.timeoutSeconds`      | When the probe times out (redis slave pod)                                                                     | `master.readinessProbe.timeoutSeconds`      |
+| `slave.readinessProbe.successThreshold`    | Minimum consecutive successes for the probe to be considered successful after having failed (redis slave pod)  | `master.readinessProbe.successThreshold`    |
+| `slave.readinessProbe.failureThreshold`    | Minimum consecutive failures for the probe to be considered failed after having succeeded. (redis slave pod)   | `master.readinessProbe.failureThreshold`    |
+| `slave.podLabels`                          | Additional labels for Redis slave pod                                                                          | `master.podLabels`                          |
+| `slave.podAnnotations`                     | Additional annotations for Redis slave pod                                                                     | `master.podAnnotations`                     |
+| `slave.schedulerName`                      | Name of an alternate scheduler                                                                                 | `nil`                                       |
+| `slave.securityContext.enabled`            | Enable security context (redis slave pod)                                                                      | `master.securityContext.enabled`            |
+| `slave.securityContext.fsGroup`            | Group ID for the container (redis slave pod)                                                                   | `master.securityContext.fsGroup`            |
+| `slave.securityContext.runAsUser`          | User ID for the container (redis slave pod)                                                                    | `master.securityContext.runAsUser`          |
+| `slave.resources`                          | Redis slave CPU/Memory resource requests/limits                                                                | `master.resources`                          |
+| `slave.affinity`                          | Enable node/pod affinity for slaves                                                                | {}                                          |
 
 The above parameters map to the env variables defined in [bitnami/redis](https://github.com/bitnami/bitnami-docker-redis). For more information please refer to the [bitnami/redis](https://github.com/bitnami/bitnami-docker-redis) image documentation.
 
diff --git a/util/helm/testdata/redis/values-production.yaml b/util/helm/testdata/redis/values-production.yaml
index 07a108153380c..ec30c0f7f9b0c 100644
--- a/util/helm/testdata/redis/values-production.yaml
+++ b/util/helm/testdata/redis/values-production.yaml
@@ -3,7 +3,7 @@
 ##
 image:
   registry: docker.io
-  repository: bitnami/redis
+  repository: bitnamilegacy/redis
   tag: 4.0.10-debian-9
   pullPolicy: IfNotPresent
   ## Optionally specify an array of imagePullSecrets.
diff --git a/util/helm/testdata/redis/values.yaml b/util/helm/testdata/redis/values.yaml
index 9ec7bce636ad1..0097453e8e385 100644
--- a/util/helm/testdata/redis/values.yaml
+++ b/util/helm/testdata/redis/values.yaml
@@ -3,7 +3,7 @@
 ##
 image:
   registry: docker.io
-  repository: bitnami/redis
+  repository: bitnamilegacy/redis
   tag: 4.0.10-debian-9
   ## Specify a imagePullPolicy
   ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'

From cf83f410f2babaa6cbc9d524f1c2745079ed6533 Mon Sep 17 00:00:00 2001
From: pbhatnagar-oss <pbhatifiwork@gmail.com>
Date: Wed, 27 Aug 2025 07:13:42 -0700
Subject: [PATCH 313/383] feat(hydrator): Credential template to source
 hydrator (#23999)

Signed-off-by: pbhatnagar-oss <pbhatifiwork@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 common/common.go                   |   2 +
 docs/user-guide/source-hydrator.md |  26 ++++-
 util/db/db_test.go                 | 156 +++++++++++++++++++++++++++++
 util/db/repository.go              |  44 ++++----
 util/db/repository_secrets.go      |  17 +++-
 util/db/repository_secrets_test.go |  50 ++++++++-
 util/db/repository_test.go         |  75 ++++++++++++++
 7 files changed, 341 insertions(+), 29 deletions(-)

diff --git a/common/common.go b/common/common.go
index 2c8809be58017..1575c9eef6512 100644
--- a/common/common.go
+++ b/common/common.go
@@ -192,6 +192,8 @@ const (
 	LabelValueSecretTypeRepoCreds = "repo-creds"
 	// LabelValueSecretTypeRepositoryWrite indicates a secret type of repository credentials for writing
 	LabelValueSecretTypeRepositoryWrite = "repository-write"
+	// LabelValueSecretTypeRepoCredsWrite indicates a secret type of repository credentials for writing for templating
+	LabelValueSecretTypeRepoCredsWrite = "repo-write-creds"
 	// LabelValueSecretTypeSCMCreds indicates a secret type of SCM credentials
 	LabelValueSecretTypeSCMCreds = "scm-creds"
 
diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md
index e2dab29d98661..f6084e0f1d855 100644
--- a/docs/user-guide/source-hydrator.md
+++ b/docs/user-guide/source-hydrator.md
@@ -263,6 +263,27 @@ specified more than once, the last one will be used.
 
 All trailers are optional. If a trailer is not specified, the corresponding field in the metadata will be omitted.
 
+### Credential Templates
+
+Credential templates allow a single credential to be used for multiple repositories. The source hydrator supports credential templates. For example, if you setup credential templates for the URL prefix `https://github.com/argoproj`, these credentials will be used for all repositories with this URL as prefix (e.g. `https://github.com/argoproj/argocd-example-apps`) that do not have their own credentials configured.
+For more information please refer [credential-template](private-repositories.md#credential-templates). 
+An example of repo-write-creds secret.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-repo
+  namespace: argocd
+  labels:
+    argocd.argoproj.io/secret-type: repo-write-creds
+stringData:
+  type: git
+  url: https://github.com/argoproj
+  password: my-password
+  username: my-username
+```
+
 ## Limitations
 
 ### Signature Verification
@@ -277,11 +298,6 @@ If all the Applications for a given destination repo/branch are under the same p
 available project-scoped push secrets. If two Applications for a given repo/branch are in different projects, then the
 hydrator will not be able to use a project-scoped push secret and will require a global push secret.
 
-### Credential Templates
-
-Credential templates allow a single credential to be used for multiple repositories. The source hydrator does not 
-currently support credential templates. You will need a separate credential for each repository.
-
 ### `manifest-generate-paths` Annotation Support
 
 The source hydrator does not currently support the [manifest-generate-paths annotation](../operator-manual/high_availability.md#manifest-paths-annotation) 
diff --git a/util/db/db_test.go b/util/db/db_test.go
index 2c8c67bd92680..50cd2abdaabec 100644
--- a/util/db/db_test.go
+++ b/util/db/db_test.go
@@ -151,6 +151,38 @@ func TestCreateRepoCredentials(t *testing.T) {
 	assert.Equal(t, "test-password", repo.Password)
 }
 
+func TestCreateWriteRepoCredentials(t *testing.T) {
+	clientset := getClientset()
+	db := NewDB(testNamespace, settings.NewSettingsManager(t.Context(), clientset, testNamespace), clientset)
+
+	creds, err := db.CreateWriteRepositoryCredentials(t.Context(), &v1alpha1.RepoCreds{
+		URL:      "https://github.com/argoproj/",
+		Username: "test-username",
+		Password: "test-password",
+	})
+	require.NoError(t, err)
+	assert.Equal(t, "https://github.com/argoproj/", creds.URL)
+
+	secret, err := clientset.CoreV1().Secrets(testNamespace).Get(t.Context(), RepoURLToSecretName(credSecretPrefix, creds.URL, ""), metav1.GetOptions{})
+	require.NoError(t, err)
+
+	assert.Equal(t, common.AnnotationValueManagedByArgoCD, secret.Annotations[common.AnnotationKeyManagedBy])
+	assert.Equal(t, "test-username", string(secret.Data[username]))
+	assert.Equal(t, "test-password", string(secret.Data[password]))
+	assert.Empty(t, secret.Data[sshPrivateKey])
+
+	created, err := db.CreateWriteRepository(t.Context(), &v1alpha1.Repository{
+		Repo: "https://github.com/argoproj/argo-cd",
+	})
+	require.NoError(t, err)
+	assert.Equal(t, "https://github.com/argoproj/argo-cd", created.Repo)
+
+	repo, err := db.GetWriteRepository(t.Context(), created.Repo, "")
+	require.NoError(t, err)
+	assert.Equal(t, "test-username", repo.Username)
+	assert.Equal(t, "test-password", repo.Password)
+}
+
 func TestGetRepositoryCredentials(t *testing.T) {
 	clientset := getClientset()
 	db := NewDB(testNamespace, settings.NewSettingsManager(t.Context(), clientset, testNamespace), clientset)
@@ -197,6 +229,52 @@ func TestGetRepositoryCredentials(t *testing.T) {
 	}
 }
 
+func TestGetWriteRepositoryCredentials(t *testing.T) {
+	clientset := getClientset()
+	db := NewDB(testNamespace, settings.NewSettingsManager(t.Context(), clientset, testNamespace), clientset)
+	_, err := db.CreateWriteRepositoryCredentials(t.Context(), &v1alpha1.RepoCreds{
+		URL:      "https://secured",
+		Username: "test-username",
+		Password: "test-password",
+	})
+	require.NoError(t, err)
+
+	tests := []struct {
+		name    string
+		repoURL string
+		want    *v1alpha1.RepoCreds
+	}{
+		{
+			name:    "TestUnknownRepo",
+			repoURL: "https://unknown/repo",
+			want:    nil,
+		},
+		{
+			name:    "TestKnownRepo",
+			repoURL: "https://known/repo",
+			want:    nil,
+		},
+		{
+			name:    "TestSecuredRepo",
+			repoURL: "https://secured/repo",
+			want:    &v1alpha1.RepoCreds{URL: "https://secured", Username: "test-username", Password: "test-password"},
+		},
+		{
+			name:    "TestMissingRepo",
+			repoURL: "https://missing/repo",
+			want:    nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := db.GetWriteRepositoryCredentials(t.Context(), tt.repoURL)
+
+			require.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
 func TestCreateExistingRepository(t *testing.T) {
 	clientset := getClientset()
 	db := NewDB(testNamespace, settings.NewSettingsManager(t.Context(), clientset, testNamespace), clientset)
@@ -295,6 +373,84 @@ func TestGetRepository(t *testing.T) {
 	}
 }
 
+func TestGetWriteRepository(t *testing.T) {
+	clientset := getClientset(&corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: testNamespace,
+			Name:      "known-repo-secret",
+			Annotations: map[string]string{
+				common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD,
+			},
+			Labels: map[string]string{
+				common.LabelKeySecretType: common.LabelValueSecretTypeRepositoryWrite,
+			},
+		},
+		Data: map[string][]byte{
+			"url": []byte("https://known/repo"),
+		},
+	}, &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: testNamespace,
+			Name:      "secured-repo-secret",
+			Annotations: map[string]string{
+				common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD,
+			},
+			Labels: map[string]string{
+				common.LabelKeySecretType: common.LabelValueSecretTypeRepositoryWrite,
+			},
+		},
+		Data: map[string][]byte{
+			"url": []byte("https://secured/repo"),
+		},
+	}, &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: testNamespace,
+			Name:      "secured-repo-creds-secret",
+			Annotations: map[string]string{
+				common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD,
+			},
+			Labels: map[string]string{
+				common.LabelKeySecretType: common.LabelValueSecretTypeRepoCredsWrite,
+			},
+		},
+		Data: map[string][]byte{
+			"url":      []byte("https://secured"),
+			"username": []byte("test-username"),
+			"password": []byte("test-password"),
+		},
+	})
+	db := NewDB(testNamespace, settings.NewSettingsManager(t.Context(), clientset, testNamespace), clientset)
+
+	tests := []struct {
+		name    string
+		repoURL string
+		want    *v1alpha1.Repository
+	}{
+		{
+			name:    "TestUnknownRepo",
+			repoURL: "https://unknown/repo",
+			want:    &v1alpha1.Repository{Repo: "https://unknown/repo"},
+		},
+		{
+			name:    "TestKnownRepo",
+			repoURL: "https://known/repo",
+			want:    &v1alpha1.Repository{Repo: "https://known/repo"},
+		},
+		{
+			name:    "TestSecuredRepo",
+			repoURL: "https://secured/repo",
+			want:    &v1alpha1.Repository{Repo: "https://secured/repo", Username: "test-username", Password: "test-password", InheritedCreds: true},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := db.GetWriteRepository(t.Context(), tt.repoURL, "")
+			require.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
 func TestCreateClusterSuccessful(t *testing.T) {
 	server := "https://mycluster"
 	clientset := getClientset()
diff --git a/util/db/repository.go b/util/db/repository.go
index 651cecfb881b9..052719fc606fa 100644
--- a/util/db/repository.go
+++ b/util/db/repository.go
@@ -99,10 +99,9 @@ func (db *db) GetWriteRepository(ctx context.Context, repoURL, project string) (
 		return repository, fmt.Errorf("unable to get write repository %q: %w", repoURL, err)
 	}
 
-	// TODO: enrich with write credentials.
-	// if err := db.enrichCredsToRepo(ctx, repository); err != nil {
-	//	 return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err)
-	// }
+	if err := db.enrichWriteCredsToRepo(ctx, repository); err != nil {
+		return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err)
+	}
 
 	return repository, err
 }
@@ -292,25 +291,17 @@ func (db *db) GetRepositoryCredentials(ctx context.Context, repoURL string) (*v1
 // GetWriteRepositoryCredentials retrieves a repository write credential set
 func (db *db) GetWriteRepositoryCredentials(ctx context.Context, repoURL string) (*v1alpha1.RepoCreds, error) {
 	secretBackend := db.repoWriteBackend()
-	exists, err := secretBackend.RepoCredsExists(ctx, repoURL)
+	creds, err := secretBackend.GetRepoCreds(ctx, repoURL)
 	if err != nil {
-		return nil, fmt.Errorf("unable to check if repository write credentials for %q exists from secrets backend: %w", repoURL, err)
+		if creds == nil {
+			return nil, fmt.Errorf("unable to check if repo write credentials for %q exists from secrets backend: %w", repoURL, err)
+		}
+		return nil, fmt.Errorf("unable to get repo write credentials for %q from secrets backend: %w", repoURL, err)
 	}
-
-	if !exists {
+	if creds == nil { // to cover for not found. In that case both creds and err are nil
 		return nil, nil
 	}
 
-	// TODO: enrich with write credentials.
-	// if err := db.enrichCredsToRepo(ctx, repository); err != nil {
-	//	 return repository, fmt.Errorf("unable to enrich write repository %q info with credentials: %w", repoURL, err)
-	// }
-
-	creds, err := secretBackend.GetRepoCreds(ctx, repoURL)
-	if err != nil {
-		return nil, fmt.Errorf("unable to get repository write credentials for %q from secrets backend: %w", repoURL, err)
-	}
-
 	return creds, nil
 }
 
@@ -454,6 +445,23 @@ func (db *db) enrichCredsToRepo(ctx context.Context, repository *v1alpha1.Reposi
 	return nil
 }
 
+func (db *db) enrichWriteCredsToRepo(ctx context.Context, repository *v1alpha1.Repository) error {
+	if !repository.HasCredentials() {
+		creds, err := db.GetWriteRepositoryCredentials(ctx, repository.Repo)
+		if err != nil {
+			return fmt.Errorf("failed to get repository credentials for %q: %w", repository.Repo, err)
+		}
+		if creds != nil {
+			repository.CopyCredentialsFrom(creds)
+			repository.InheritedCreds = true
+		}
+	} else {
+		log.Debugf("%s has credentials", repository.Repo)
+	}
+
+	return nil
+}
+
 // RepoURLToSecretName hashes repo URL to a secret name using a formula. This is used when
 // repositories are _imperatively_ created and need its credentials to be stored in a secret.
 // NOTE: this formula should not be considered stable and may change in future releases.
diff --git a/util/db/repository_secrets.go b/util/db/repository_secrets.go
index f39a7658b87a5..13c8a02e786d3 100644
--- a/util/db/repository_secrets.go
+++ b/util/db/repository_secrets.go
@@ -187,7 +187,7 @@ func (s *secretsRepositoryBackend) CreateRepoCreds(ctx context.Context, repoCred
 		},
 	}
 
-	repoCredsToSecret(repoCreds, repoCredsSecret)
+	s.repoCredsToSecret(repoCreds, repoCredsSecret)
 
 	_, err := s.db.createSecret(ctx, repoCredsSecret)
 	if err != nil {
@@ -237,7 +237,7 @@ func (s *secretsRepositoryBackend) UpdateRepoCreds(ctx context.Context, repoCred
 		return nil, err
 	}
 
-	repoCredsToSecret(repoCreds, repoCredsSecret)
+	s.repoCredsToSecret(repoCreds, repoCredsSecret)
 
 	repoCredsSecret, err = s.db.kubeclientset.CoreV1().Secrets(s.db.ns).Update(ctx, repoCredsSecret, metav1.UpdateOptions{})
 	if err != nil {
@@ -486,7 +486,7 @@ func (s *secretsRepositoryBackend) secretToRepoCred(secret *corev1.Secret) (*app
 	return repository, nil
 }
 
-func repoCredsToSecret(repoCreds *appsv1.RepoCreds, secret *corev1.Secret) {
+func (s *secretsRepositoryBackend) repoCredsToSecret(repoCreds *appsv1.RepoCreds, secret *corev1.Secret) {
 	if secret.Data == nil {
 		secret.Data = make(map[string][]byte)
 	}
@@ -510,7 +510,7 @@ func repoCredsToSecret(repoCreds *appsv1.RepoCreds, secret *corev1.Secret) {
 	updateSecretString(secret, "noProxy", repoCreds.NoProxy)
 	updateSecretBool(secret, "forceHttpBasicAuth", repoCreds.ForceHttpBasicAuth)
 	updateSecretBool(secret, "useAzureWorkloadIdentity", repoCreds.UseAzureWorkloadIdentity)
-	addSecretMetadata(secret, common.LabelValueSecretTypeRepoCreds)
+	addSecretMetadata(secret, s.getRepoCredSecretType())
 }
 
 func (s *secretsRepositoryBackend) getRepositorySecret(repoURL, project string, allowFallback bool) (*corev1.Secret, error) {
@@ -549,7 +549,7 @@ func (s *secretsRepositoryBackend) getRepositorySecret(repoURL, project string,
 }
 
 func (s *secretsRepositoryBackend) getRepoCredsSecret(repoURL string) (*corev1.Secret, error) {
-	secrets, err := s.db.listSecretsByType(common.LabelValueSecretTypeRepoCreds)
+	secrets, err := s.db.listSecretsByType(s.getRepoCredSecretType())
 	if err != nil {
 		return nil, err
 	}
@@ -586,3 +586,10 @@ func (s *secretsRepositoryBackend) getSecretType() string {
 	}
 	return common.LabelValueSecretTypeRepository
 }
+
+func (s *secretsRepositoryBackend) getRepoCredSecretType() string {
+	if s.writeCreds {
+		return common.LabelValueSecretTypeRepoCredsWrite
+	}
+	return common.LabelValueSecretTypeRepoCreds
+}
diff --git a/util/db/repository_secrets_test.go b/util/db/repository_secrets_test.go
index 7f40dc3e560e4..3fb0fc6e493b4 100644
--- a/util/db/repository_secrets_test.go
+++ b/util/db/repository_secrets_test.go
@@ -931,6 +931,12 @@ func TestSecretsRepositoryBackend_GetAllHelmRepoCreds(t *testing.T) {
 }
 
 func TestRepoCredsToSecret(t *testing.T) {
+	clientset := getClientset()
+	testee := &secretsRepositoryBackend{db: &db{
+		ns:            testNamespace,
+		kubeclientset: clientset,
+		settingsMgr:   settings.NewSettingsManager(t.Context(), clientset, testNamespace),
+	}}
 	s := &corev1.Secret{}
 	creds := &appsv1.RepoCreds{
 		URL:                        "URL",
@@ -946,7 +952,7 @@ func TestRepoCredsToSecret(t *testing.T) {
 		GithubAppInstallationId:    456,
 		GitHubAppEnterpriseBaseURL: "GitHubAppEnterpriseBaseURL",
 	}
-	repoCredsToSecret(creds, s)
+	testee.repoCredsToSecret(creds, s)
 	assert.Equal(t, []byte(creds.URL), s.Data["url"])
 	assert.Equal(t, []byte(creds.Username), s.Data["username"])
 	assert.Equal(t, []byte(creds.Password), s.Data["password"])
@@ -962,3 +968,45 @@ func TestRepoCredsToSecret(t *testing.T) {
 	assert.Equal(t, map[string]string{common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD}, s.Annotations)
 	assert.Equal(t, map[string]string{common.LabelKeySecretType: common.LabelValueSecretTypeRepoCreds}, s.Labels)
 }
+
+func TestRepoWriteCredsToSecret(t *testing.T) {
+	clientset := getClientset()
+	testee := &secretsRepositoryBackend{
+		db: &db{
+			ns:            testNamespace,
+			kubeclientset: clientset,
+			settingsMgr:   settings.NewSettingsManager(t.Context(), clientset, testNamespace),
+		},
+		writeCreds: true,
+	}
+	s := &corev1.Secret{}
+	creds := &appsv1.RepoCreds{
+		URL:                        "URL",
+		Username:                   "Username",
+		Password:                   "Password",
+		SSHPrivateKey:              "SSHPrivateKey",
+		EnableOCI:                  true,
+		TLSClientCertData:          "TLSClientCertData",
+		TLSClientCertKey:           "TLSClientCertKey",
+		Type:                       "Type",
+		GithubAppPrivateKey:        "GithubAppPrivateKey",
+		GithubAppId:                123,
+		GithubAppInstallationId:    456,
+		GitHubAppEnterpriseBaseURL: "GitHubAppEnterpriseBaseURL",
+	}
+	testee.repoCredsToSecret(creds, s)
+	assert.Equal(t, []byte(creds.URL), s.Data["url"])
+	assert.Equal(t, []byte(creds.Username), s.Data["username"])
+	assert.Equal(t, []byte(creds.Password), s.Data["password"])
+	assert.Equal(t, []byte(creds.SSHPrivateKey), s.Data["sshPrivateKey"])
+	assert.Equal(t, []byte(strconv.FormatBool(creds.EnableOCI)), s.Data["enableOCI"])
+	assert.Equal(t, []byte(creds.TLSClientCertData), s.Data["tlsClientCertData"])
+	assert.Equal(t, []byte(creds.TLSClientCertKey), s.Data["tlsClientCertKey"])
+	assert.Equal(t, []byte(creds.Type), s.Data["type"])
+	assert.Equal(t, []byte(creds.GithubAppPrivateKey), s.Data["githubAppPrivateKey"])
+	assert.Equal(t, []byte(strconv.FormatInt(creds.GithubAppId, 10)), s.Data["githubAppID"])
+	assert.Equal(t, []byte(strconv.FormatInt(creds.GithubAppInstallationId, 10)), s.Data["githubAppInstallationID"])
+	assert.Equal(t, []byte(creds.GitHubAppEnterpriseBaseURL), s.Data["githubAppEnterpriseBaseUrl"])
+	assert.Equal(t, map[string]string{common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD}, s.Annotations)
+	assert.Equal(t, map[string]string{common.LabelKeySecretType: common.LabelValueSecretTypeRepoCredsWrite}, s.Labels)
+}
diff --git a/util/db/repository_test.go b/util/db/repository_test.go
index 90552ab847155..5e08a5f25e00f 100644
--- a/util/db/repository_test.go
+++ b/util/db/repository_test.go
@@ -53,6 +53,46 @@ var repoArgoProj = &corev1.Secret{
 	},
 }
 
+var repoArgoCDWrite = &corev1.Secret{
+	ObjectMeta: metav1.ObjectMeta{
+		Namespace: testNamespace,
+		Name:      "some-repo-secret",
+		Annotations: map[string]string{
+			common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD,
+		},
+		Labels: map[string]string{
+			common.LabelKeySecretType: common.LabelValueSecretTypeRepositoryWrite,
+		},
+	},
+	Data: map[string][]byte{
+		"name":     []byte("SomeRepo"),
+		"url":      []byte("git@github.com:argoproj/argo-cd.git"),
+		"username": []byte("someUsername"),
+		"password": []byte("somePassword"),
+		"type":     []byte("git"),
+	},
+}
+
+var repoArgoProjWrite = &corev1.Secret{
+	ObjectMeta: metav1.ObjectMeta{
+		Namespace: testNamespace,
+		Name:      "some-other-repo-secret",
+		Annotations: map[string]string{
+			common.AnnotationKeyManagedBy: common.AnnotationValueManagedByArgoCD,
+		},
+		Labels: map[string]string{
+			common.LabelKeySecretType: common.LabelValueSecretTypeRepositoryWrite,
+		},
+	},
+	Data: map[string][]byte{
+		"name":     []byte("OtherRepo"),
+		"url":      []byte("git@github.com:argoproj/argoproj.git"),
+		"username": []byte("someUsername"),
+		"password": []byte("somePassword"),
+		"type":     []byte("git"),
+	},
+}
+
 func TestDb_CreateRepository(t *testing.T) {
 	clientset := getClientset()
 	settingsManager := settings.NewSettingsManager(t.Context(), clientset, testNamespace)
@@ -108,6 +148,41 @@ func TestDb_GetRepository(t *testing.T) {
 	assert.Equal(t, "git@github.com:argoproj/not-existing.git", repository.Repo)
 }
 
+func TestDb_GetWriteRepository(t *testing.T) {
+	clientset := getClientset(repoArgoCDWrite, repoArgoProjWrite)
+	settingsManager := settings.NewSettingsManager(t.Context(), clientset, testNamespace)
+	testee := &db{
+		ns:            testNamespace,
+		kubeclientset: clientset,
+		settingsMgr:   settingsManager,
+	}
+
+	repository, err := testee.GetWriteRepository(t.Context(), "git@github.com:argoproj/argoproj.git", "")
+	require.NoError(t, err)
+	require.NotNil(t, repository)
+	assert.Equal(t, "OtherRepo", repository.Name)
+
+	repository, err = testee.GetWriteRepository(t.Context(), "git@github.com:argoproj/argo-cd.git", "")
+	require.NoError(t, err)
+	require.NotNil(t, repository)
+	assert.Equal(t, "SomeRepo", repository.Name)
+}
+
+func TestDb_GetWriteRepository_SecretNotFound_DefaultRepo(t *testing.T) {
+	clientset := getClientset(repoArgoCD)
+	settingsManager := settings.NewSettingsManager(t.Context(), clientset, testNamespace)
+	testee := &db{
+		ns:            testNamespace,
+		kubeclientset: clientset,
+		settingsMgr:   settingsManager,
+	}
+
+	repository, err := testee.GetWriteRepository(t.Context(), "git@github.com:argoproj/argo-cd.git", "")
+	require.NoError(t, err)
+	require.NotNil(t, repository)
+	assert.Empty(t, repository.Name)
+}
+
 func TestDb_ListRepositories(t *testing.T) {
 	clientset := getClientset(repoArgoCD, repoArgoProj)
 	settingsManager := settings.NewSettingsManager(t.Context(), clientset, testNamespace)

From 598f5bb2500f1d83bab0ce0bffd23b372ff084a3 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 27 Aug 2025 10:28:00 -0400
Subject: [PATCH 314/383] docs(hydrator): remove trailer that doesn't exist
 (#23923)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/source-hydrator.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md
index f6084e0f1d855..1a602d833b360 100644
--- a/docs/user-guide/source-hydrator.md
+++ b/docs/user-guide/source-hydrator.md
@@ -174,10 +174,9 @@ code commit.
 git commit -m "Bump image to v1.2.3" \
   # Must be an RFC 5322 name
   --trailer "Argocd-reference-commit-author: Author Name <author@example.com>" \
-  # Must be a valid email address per RFC 5322
-  --trailer "Argocd-reference-commit-author-email: author@example.com" \
   # Must be a hex string 5-40 characters long
   --trailer "Argocd-reference-commit-sha: <code-commit-sha>" \
+  # The subject is the first line of the commit message. It cannot contain newlines.
   --trailer "Argocd-reference-commit-subject: Commit message of the code commit" \
    # The body must be a valid JSON string, including opening and closing quotes
   --trailer 'Argocd-reference-commit-body: "Commit message of the code commit\n\nSigned-off-by: Author Name <author@example.com>"' \

From bcc8d26a6a5f521cae01f7ca26be52190c8d8214 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 27 Aug 2025 13:05:26 -0400
Subject: [PATCH 315/383] chore(hydrator): simplify dupe destination detection
 (#23566)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/hydrator/hydrator.go | 30 +++++-------------------------
 1 file changed, 5 insertions(+), 25 deletions(-)

diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go
index 8c64d6f915fd5..2f27c1c76fb48 100644
--- a/controller/hydrator/hydrator.go
+++ b/controller/hydrator/hydrator.go
@@ -136,21 +136,6 @@ func getHydrationQueueKey(app *appv1.Application) types.HydrationQueueKey {
 	return key
 }
 
-// uniqueHydrationDestination is used to detect duplicate hydrate destinations.
-type uniqueHydrationDestination struct {
-	// sourceRepoURL must be normalized with git.NormalizeGitURL to ensure that two apps with different URL formats
-	// don't end up in two different hydration queue items. Failing to normalize would result in one hydrated commit for
-	// each unique URL.
-	//nolint:unused // used as part of a map key
-	sourceRepoURL string
-	//nolint:unused // used as part of a map key
-	sourceTargetRevision string
-	//nolint:unused // used as part of a map key
-	destinationBranch string
-	//nolint:unused // used as part of a map key
-	destinationPath string
-}
-
 // ProcessHydrationQueueItem processes a hydration queue item. It retrieves the relevant applications for the given
 // hydration key, hydrates their latest commit, and updates their status accordingly. If the hydration fails, it marks
 // the operation as failed and logs the error. If successful, it updates the operation to indicate that hydration was
@@ -234,7 +219,7 @@ func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey t
 	}
 
 	var relevantApps []*appv1.Application
-	uniqueDestinations := make(map[uniqueHydrationDestination]bool, len(apps.Items))
+	uniquePaths := make(map[string]bool, len(apps.Items))
 	for _, app := range apps.Items {
 		if app.Spec.SourceHydrator == nil {
 			continue
@@ -264,17 +249,12 @@ func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey t
 			continue
 		}
 
-		uniqueDestinationKey := uniqueHydrationDestination{
-			sourceRepoURL:        git.NormalizeGitURLAllowInvalid(app.Spec.SourceHydrator.DrySource.RepoURL),
-			sourceTargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
-			destinationBranch:    destinationBranch,
-			destinationPath:      app.Spec.SourceHydrator.SyncSource.Path,
-		}
 		// TODO: test the dupe detection
-		if _, ok := uniqueDestinations[uniqueDestinationKey]; ok {
-			return nil, fmt.Errorf("multiple app hydrators use the same destination: %v", uniqueDestinationKey)
+		// TODO: normalize the path to avoid "path/.." from being treated as different from "."
+		if _, ok := uniquePaths[app.Spec.SourceHydrator.SyncSource.Path]; ok {
+			return nil, fmt.Errorf("multiple app hydrators use the same destination: %v", app.Spec.SourceHydrator.SyncSource.Path)
 		}
-		uniqueDestinations[uniqueDestinationKey] = true
+		uniquePaths[app.Spec.SourceHydrator.SyncSource.Path] = true
 
 		relevantApps = append(relevantApps, &app)
 	}

From c7c57ccef754de060d93bfc17196eae62e2312d3 Mon Sep 17 00:00:00 2001
From: Dillen Padhiar <38965141+dpadhiar@users.noreply.github.com>
Date: Wed, 27 Aug 2025 11:59:59 -0700
Subject: [PATCH 316/383] fix: set correct path to metadata for numa rollout
 pause actions (#24280)

Signed-off-by: Dillen Padhiar <dillen_padhiar@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../MonoVertexRollout/actions/discovery.lua            |  6 +++---
 .../testdata/MonoVertexRollout/rollout-paused.yaml     |  6 +++---
 .../MonoVertexRollout/rollout-running-fast.yaml        |  6 +++---
 .../MonoVertexRollout/rollout-running-gradual.yaml     |  6 +++---
 .../actions/testdata/MonoVertexRollout/rollout.yaml    |  6 +++---
 .../PipelineRollout/actions/discovery.lua              |  6 +++---
 .../testdata/PipelineRollout/rollout-paused.yaml       |  6 +++---
 .../testdata/PipelineRollout/rollout-running-fast.yaml |  8 ++++----
 .../PipelineRollout/rollout-running-gradual.yaml       |  8 ++++----
 .../actions/testdata/PipelineRollout/rollout.yaml      |  6 +++---
 .../PipelineRollout/actions/unpause-fast/action.lua    | 10 +++++-----
 .../PipelineRollout/actions/unpause-gradual/action.lua | 10 +++++-----
 12 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua
index adb34b1fab854..8753e264e4d03 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/discovery.lua
@@ -20,12 +20,12 @@ if obj.spec.monoVertex.spec.lifecycle ~= nil and obj.spec.monoVertex.spec.lifecy
   paused = true
 end
 if paused then
-  if obj.spec.monoVertex.spec.metadata ~= nil and  obj.spec.monoVertex.spec.metadata.annotations ~= nil and obj.spec.monoVertex.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
+  if obj.spec.monoVertex.metadata ~= nil and  obj.spec.monoVertex.metadata.annotations ~= nil and obj.spec.monoVertex.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
     -- determine which unpausing strategies will be enabled
     -- if annotation not found, default will be resume slow
-    if obj.spec.monoVertex.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
+    if obj.spec.monoVertex.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
       actions["unpause-fast"]["disabled"] = false
-    elseif obj.spec.monoVertex.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
+    elseif obj.spec.monoVertex.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
       actions["unpause-gradual"]["disabled"] = false
       actions["unpause-fast"]["disabled"] = false
     else
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml
index dfe4b12cd3896..427880b519088 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-paused.yaml
@@ -16,10 +16,10 @@ metadata:
   uid: a63f377e-1500-437e-9267-579f4a790518
 spec:
   monoVertex:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Paused
       sink:
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml
index 5ffa3f5c4ce59..5298209fdaa6a 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-fast.yaml
@@ -16,10 +16,10 @@ metadata:
   uid: a63f377e-1500-437e-9267-579f4a790518
 spec:
   monoVertex:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Running
       sink:
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml
index c9063dfb99102..a26c3e168fe7f 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout-running-gradual.yaml
@@ -16,10 +16,10 @@ metadata:
   uid: a63f377e-1500-437e-9267-579f4a790518
 spec:
   monoVertex:
+    metadata:
+      annotations:  
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:  
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       replicas: null
       lifecycle:
         desiredPhase: Running
diff --git a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml
index 53ca0656046f5..c96b347cf4e2a 100644
--- a/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml
+++ b/resource_customizations/numaplane.numaproj.io/MonoVertexRollout/actions/testdata/MonoVertexRollout/rollout.yaml
@@ -16,10 +16,10 @@ metadata:
   uid: a63f377e-1500-437e-9267-579f4a790518
 spec:
   monoVertex:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       sink:
         udsink:
           container:
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua
index 3338dccd7360e..76d362fef1e2a 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/discovery.lua
@@ -30,12 +30,12 @@ if obj.spec.pipeline.spec.lifecycle ~= nil and obj.spec.pipeline.spec.lifecycle.
   paused = true
 end
 if paused then
-  if obj.spec.pipeline.spec.metadata ~= nil and  obj.spec.pipeline.spec.metadata.annotations ~= nil and obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
+  if obj.spec.pipeline.metadata ~= nil and  obj.spec.pipeline.metadata.annotations ~= nil and obj.spec.pipeline.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] ~= nil then
     -- determine which unpausing strategies will be enabled
     -- if annotation not found, default will be resume slow
-    if obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
+    if obj.spec.pipeline.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "fast" then
       actions["unpause-fast"]["disabled"] = false
-    elseif obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
+    elseif obj.spec.pipeline.metadata.annotations["numaflow.numaproj.io/allowed-resume-strategies"] == "slow, fast" then
       actions["unpause-gradual"]["disabled"] = false
       actions["unpause-fast"]["disabled"] = false
     else
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml
index d44e4ca480703..17b1170704592 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-paused.yaml
@@ -14,10 +14,10 @@ metadata:
   uid: ab9286a1-f453-433e-846e-48900ab2068a
 spec:
   pipeline:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Paused
       edges:
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml
index d2f748c57f4a0..2ebd81924d713 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-fast.yaml
@@ -14,11 +14,11 @@ metadata:
   uid: ab9286a1-f453-433e-846e-48900ab2068a
 spec:
   pipeline:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/resume-strategy: "fast"
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:
-          numaflow.numaproj.io/resume-strategy: "fast"
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Running
       edges:
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml
index 68a5453baad54..ef30b97e7211e 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout-running-gradual.yaml
@@ -14,11 +14,11 @@ metadata:
   uid: ab9286a1-f453-433e-846e-48900ab2068a
 spec:
   pipeline:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/resume-strategy: "slow"
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-        annotations:
-          numaflow.numaproj.io/resume-strategy: "slow"
-          numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       lifecycle:
         desiredPhase: Running
       edges:
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml
index 78fb219d9b245..ca5fef9ee1b6f 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/testdata/PipelineRollout/rollout.yaml
@@ -14,10 +14,10 @@ metadata:
   uid: ab9286a1-f453-433e-846e-48900ab2068a
 spec:
   pipeline:
+    metadata:
+      annotations:
+        numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
     spec:
-      metadata:
-          annotations:
-            numaflow.numaproj.io/allowed-resume-strategies: "slow, fast"
       edges:
       - from: in
         to: cat
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua
index 49940daa97065..e67e2b98789e5 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-fast/action.lua
@@ -1,9 +1,9 @@
 obj.spec.pipeline.spec.lifecycle.desiredPhase = "Running"
-if obj.spec.pipeline.spec.metadata == nil then
-    obj.spec.pipeline.spec.metadata = {}
+if obj.spec.pipeline.metadata == nil then
+    obj.spec.pipeline.metadata = {}
 end
-if obj.spec.pipeline.spec.metadata.annotations == nil then
-    obj.spec.pipeline.spec.metadata.annotations = {}
+if obj.spec.pipeline.metadata.annotations == nil then
+    obj.spec.pipeline.metadata.annotations = {}
 end
-obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "fast"
+obj.spec.pipeline.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "fast"
 return obj
\ No newline at end of file
diff --git a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua
index 132462e1c6a4f..bab9104f56d70 100644
--- a/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua
+++ b/resource_customizations/numaplane.numaproj.io/PipelineRollout/actions/unpause-gradual/action.lua
@@ -1,9 +1,9 @@
 obj.spec.pipeline.spec.lifecycle.desiredPhase = "Running"
-if obj.spec.pipeline.spec.metadata == nil then
-    obj.spec.pipeline.spec.metadata = {}
+if obj.spec.pipeline.metadata == nil then
+    obj.spec.pipeline.metadata = {}
 end
-if obj.spec.pipeline.spec.metadata.annotations == nil then
-    obj.spec.pipeline.spec.metadata.annotations = {}
+if obj.spec.pipeline.metadata.annotations == nil then
+    obj.spec.pipeline.metadata.annotations = {}
 end
-obj.spec.pipeline.spec.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "slow"
+obj.spec.pipeline.metadata.annotations["numaflow.numaproj.io/resume-strategy"] = "slow"
 return obj
\ No newline at end of file

From 47e210173a449c84ec5a46546912d200405be63c Mon Sep 17 00:00:00 2001
From: Viktor Oreshkin <imselfish@stek29.rocks>
Date: Wed, 27 Aug 2025 22:56:27 +0300
Subject: [PATCH 317/383] docs: document server-side diff requests being issued
 on resource change (#24299)

Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/diff-strategies.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md
index d8d6f4f9328df..232bd19d9eac5 100644
--- a/docs/user-guide/diff-strategies.md
+++ b/docs/user-guide/diff-strategies.md
@@ -39,6 +39,7 @@ are only triggered when:
 - There is a new revision in the repo which the Argo CD Application is
   targeting.
 - The Argo CD Application spec changed.
+- The [Resource Version][3] of the resource itself in live state changed
 
 One advantage of Server-Side Diff is that Kubernetes Admission
 Controllers will participate in the diff calculation. If for example
@@ -135,3 +136,4 @@ metadata:
 
 [1]: https://github.com/argoproj/argoproj/blob/main/community/feature-status.md#beta
 [2]: https://github.com/kubernetes-sigs/structured-merge-diff
+[3]: https://kubernetes.io/docs/reference/using-api/api-concepts/#resourceversion-in-metadata

From fe980e4237b9bf7461f3307e33afee660a0faa1f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 03:16:35 -1000
Subject: [PATCH 318/383] chore(deps): bump github.com/stretchr/testify from
 1.11.0 to 1.11.1 (#24306)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1a4e2749e80a0..d81916be01b0e 100644
--- a/go.mod
+++ b/go.mod
@@ -82,7 +82,7 @@ require (
 	github.com/soheilhy/cmux v0.1.5
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.7
-	github.com/stretchr/testify v1.11.0
+	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
 	gitlab.com/gitlab-org/api/client-go v0.142.1
diff --git a/go.sum b/go.sum
index 67a32673020aa..82f9d691aea3b 100644
--- a/go.sum
+++ b/go.sum
@@ -872,8 +872,8 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.11.0 h1:ib4sjIrwZKxE5u/Japgo/7SJV3PvgjGiRNAvTVGqQl8=
-github.com/stretchr/testify v1.11.0/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=

From b9cca5ee5f893e3ba17e28c2b04979244ceb0866 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 03:17:19 -1000
Subject: [PATCH 319/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.120.0 to 2.121.0 (#24302)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d81916be01b0e..2aeac3457fac3 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.120.0
+	github.com/casbin/casbin/v2 v2.121.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index 82f9d691aea3b..79a49868f2968 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.120.0 h1:Mo9R/EKZk9aoagFs0OmuCmBYjWJfvbWJiX4aenIJOKY=
-github.com/casbin/casbin/v2 v2.120.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.121.0 h1:lrgTnLJTsdpe8Kdgi+NedM9+K7ftYBaK19OE+IZUwdk=
+github.com/casbin/casbin/v2 v2.121.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From 5192b52ffc13ff3e8cd2d1b4c79138a971fd5275 Mon Sep 17 00:00:00 2001
From: Blake Pettersson <blake.pettersson@gmail.com>
Date: Thu, 28 Aug 2025 03:18:32 -1000
Subject: [PATCH 320/383] fix: downgrade go-git (#24288)

Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 3 ++-
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2aeac3457fac3..2456092bbf4a2 100644
--- a/go.mod
+++ b/go.mod
@@ -33,7 +33,8 @@ require (
 	github.com/felixge/httpsnoop v1.0.4
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68
-	github.com/go-git/go-git/v5 v5.16.2
+	// DO NOT BUMP UNTIL go-git/go-git#1551 is fixed
+	github.com/go-git/go-git/v5 v5.14.0
 	github.com/go-jose/go-jose/v4 v4.1.2
 	github.com/go-logr/logr v1.4.3
 	github.com/go-openapi/loads v0.22.0
diff --git a/go.sum b/go.sum
index 79a49868f2968..699c25417a9ff 100644
--- a/go.sum
+++ b/go.sum
@@ -301,8 +301,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM=
-github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-git/go-git/v5 v5.14.0 h1:/MD3lCrGjCen5WfEAzKg00MJJffKhC8gzS80ycmCi60=
+github.com/go-git/go-git/v5 v5.14.0/go.mod h1:Z5Xhoia5PcWA3NF8vRLURn9E5FRhSl7dGj9ItW3Wk5k=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=

From 6e7f6398c366d9bfc4f27590a26c13c616a6f040 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Thu, 28 Aug 2025 09:47:57 -0400
Subject: [PATCH 321/383] chore(refactor): use new root.Mkdirall (#24298)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 commitserver/commit/hydratorhelper.go | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go
index b7ab2bfa10db0..19b4e4bf613fa 100644
--- a/commitserver/commit/hydratorhelper.go
+++ b/commitserver/commit/hydratorhelper.go
@@ -2,9 +2,7 @@ package commit
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
-	"io/fs"
 	"os"
 	"path/filepath"
 	"strings"
@@ -73,7 +71,7 @@ func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *app
 			hydratePath = ""
 		}
 
-		err = mkdirAll(root, hydratePath)
+		err = root.MkdirAll(hydratePath, 0o755)
 		if err != nil {
 			return fmt.Errorf("failed to create path: %w", err)
 		}
@@ -212,25 +210,3 @@ func writeManifests(root *os.Root, dirPath string, manifests []*apiclient.Hydrat
 
 	return nil
 }
-
-// mkdirAll creates the directory and all its parents if they do not exist. It returns an error if the directory
-// cannot be.
-func mkdirAll(root *os.Root, dirPath string) error {
-	parts := strings.Split(dirPath, string(os.PathSeparator))
-	builtPath := ""
-	for _, part := range parts {
-		if part == "" {
-			continue
-		}
-		builtPath = filepath.Join(builtPath, part)
-		err := root.Mkdir(builtPath, os.ModePerm)
-		if err != nil {
-			if errors.Is(err, fs.ErrExist) {
-				log.WithError(err).Warnf("path %s already exists, skipping", dirPath)
-				continue
-			}
-			return fmt.Errorf("failed to create path: %w", err)
-		}
-	}
-	return nil
-}

From 60f82614e02b01d9093e74803df8b48b981a9a23 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 28 Aug 2025 14:37:39 -0400
Subject: [PATCH 322/383] chore(deps): bump code.gitea.io/sdk/gitea from 0.21.0
 to 0.22.0 (#24304)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 2456092bbf4a2..91f253befa080 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/argoproj/argo-cd/v3
 go 1.25.0
 
 require (
-	code.gitea.io/sdk/gitea v0.21.0
+	code.gitea.io/sdk/gitea v0.22.0
 	dario.cat/mergo v1.0.2
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0
@@ -122,7 +122,7 @@ require (
 	cloud.google.com/go/auth v0.15.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
 	cloud.google.com/go/compute/metadata v0.7.0 // indirect
-	github.com/42wim/httpsig v1.2.2 // indirect
+	github.com/42wim/httpsig v1.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
diff --git a/go.sum b/go.sum
index 699c25417a9ff..ad3f6f3446e5d 100644
--- a/go.sum
+++ b/go.sum
@@ -37,13 +37,13 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
-code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
+code.gitea.io/sdk/gitea v0.22.0 h1:HCKq7bX/HQ85Nw7c/HAhWgRye+vBp5nQOE8Md1+9Ef0=
+code.gitea.io/sdk/gitea v0.22.0/go.mod h1:yyF5+GhljqvA30sRDreoyHILruNiy4ASufugzYg0VHM=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/42wim/httpsig v1.2.2 h1:ofAYoHUNs/MJOLqQ8hIxeyz2QxOz8qdSVvp3PX/oPgA=
-github.com/42wim/httpsig v1.2.2/go.mod h1:P/UYo7ytNBFwc+dg35IubuAUIs8zj5zzFIgUCEl55WY=
+github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs=
+github.com/42wim/httpsig v1.2.3/go.mod h1:nZq9OlYKDrUBhptd77IHx4/sZZD+IxTBADvAPI9G/EM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0 h1:ci6Yd6nysBRLEodoziB6ah1+YOzZbZk+NYneoA6q+6E=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.0/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 h1:MhRfI58HblXzCtWEZCO0feHs8LweePB3s90r7WaR1KU=

From eafe31b0ed3aad90c8133952d69d45fe5d6bb1a0 Mon Sep 17 00:00:00 2001
From: Adrian Berger <43774417+adberger@users.noreply.github.com>
Date: Thu, 28 Aug 2025 20:39:44 +0200
Subject: [PATCH 323/383] fix(health): custom resource health for flux helm
 repository of type oci (#24294)

Signed-off-by: Adrian Berger <adrian.berger@bedag.ch>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../source.toolkit.fluxcd.io/HelmRepository/health.lua |  7 +++++++
 .../HelmRepository/health_test.yaml                    |  4 ++++
 .../HelmRepository/testdata/oci.yaml                   | 10 ++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/oci.yaml

diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua
index 9ad39cb708294..18eba69b4ffb2 100644
--- a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua
+++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health.lua
@@ -4,6 +4,13 @@ if obj.spec.suspend ~= nil and obj.spec.suspend == true then
   hs.status = "Suspended"
   return hs
 end
+-- Helm repositories of type "oci" do not contain any information in the status
+-- https://fluxcd.io/flux/components/source/helmrepositories/#helmrepository-status
+if obj.spec.type ~= nil and obj.spec.type == "oci" then
+  hs.message = "Helm repositories of type 'oci' do not contain any information in the status."
+  hs.status = "Healthy"
+  return hs
+end
 if obj.status ~= nil then
   if obj.status.conditions ~= nil then
     local numProgressing = 0
diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml
index 2093ed4de070f..bcef617ab2a7d 100644
--- a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml
+++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/health_test.yaml
@@ -11,3 +11,7 @@ tests:
       status: Healthy
       message: Succeeded
     inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Healthy
+      message: "Helm repositories of type 'oci' do not contain any information in the status."
+    inputPath: testdata/oci.yaml
diff --git a/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/oci.yaml b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/oci.yaml
new file mode 100644
index 0000000000000..be8ac927510e9
--- /dev/null
+++ b/resource_customizations/source.toolkit.fluxcd.io/HelmRepository/testdata/oci.yaml
@@ -0,0 +1,10 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: podinfo
+  namespace: default
+spec:
+  type: "oci"
+  interval: 5m0s
+  url: oci://ghcr.io/stefanprodan/charts
+status: {}

From 37239b53da0e83575b2d12e588cc5bac079662a5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 29 Aug 2025 10:57:00 -0400
Subject: [PATCH 324/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.142.1 to 0.142.4 (#24316)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 91f253befa080..8d32ee307d85f 100644
--- a/go.mod
+++ b/go.mod
@@ -86,7 +86,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.142.1
+	gitlab.com/gitlab-org/api/client-go v0.142.4
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0
 	go.opentelemetry.io/otel v1.37.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0
diff --git a/go.sum b/go.sum
index ad3f6f3446e5d..7d1fdd4362010 100644
--- a/go.sum
+++ b/go.sum
@@ -898,8 +898,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.142.1 h1:PFMUo/MPVjLlUDUE0RPpufrsjaMQbyZHSmhP25MHsZw=
-gitlab.com/gitlab-org/api/client-go v0.142.1/go.mod h1:Pht8kWkFX+obFPjQK3fct8gk+kILqH/ur5v31+VFsKc=
+gitlab.com/gitlab-org/api/client-go v0.142.4 h1:tTm+hUPrOcTavmKpM9YIP503IE0EdAkg4TG3t6QGbiw=
+gitlab.com/gitlab-org/api/client-go v0.142.4/go.mod h1:Ru5IRauphXt9qwmTzJD7ou1dH7Gc6pnsdFWEiMMpmB0=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 3f12a8588b0def76f07c681b7d726a4a8d98174e Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Fri, 29 Aug 2025 11:03:13 -0400
Subject: [PATCH 325/383] fix(appset): add applicationsets to the built-in
 readonly role (#24190) (#24318)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 assets/builtin-policy.csv | 1 +
 1 file changed, 1 insertion(+)

diff --git a/assets/builtin-policy.csv b/assets/builtin-policy.csv
index 088f5fbd08ad3..adc8be17cfbe0 100644
--- a/assets/builtin-policy.csv
+++ b/assets/builtin-policy.csv
@@ -7,6 +7,7 @@
 # p, <role/user/group>, <resource>, <action>, <object>, <allow/deny>
 
 p, role:readonly, applications, get, */*, allow
+p, role:readonly, applicationsets, get, */*, allow
 p, role:readonly, certificates, get, *, allow
 p, role:readonly, clusters, get, *, allow
 p, role:readonly, repositories, get, *, allow

From 0d2665358bc4893bdb0e4eee3edf5c5fec08f2b1 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Fri, 29 Aug 2025 21:16:47 +0530
Subject: [PATCH 326/383] chore(migrate): migrate renovate to renovate GH
 action (#24253)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/configs/renovate-config.js | 15 +++++++++++++++
 .github/workflows/renovate.yaml    | 31 ++++++++++++++++++++++++++++++
 renovate.json                      | 12 ------------
 3 files changed, 46 insertions(+), 12 deletions(-)
 create mode 100644 .github/configs/renovate-config.js
 create mode 100644 .github/workflows/renovate.yaml
 delete mode 100644 renovate.json

diff --git a/.github/configs/renovate-config.js b/.github/configs/renovate-config.js
new file mode 100644
index 0000000000000..ae6ca2bec0bb5
--- /dev/null
+++ b/.github/configs/renovate-config.js
@@ -0,0 +1,15 @@
+module.exports = {
+    platform: 'github',
+    gitAuthor: 'renovate[bot] <renovate[bot]@users.noreply.github.com>',
+    autodiscover: false,
+    allowPostUpgradeCommandTemplating: true,
+    allowedPostUpgradeCommands: ["make mockgen"],
+    extends: [
+        "github>argoproj/argo-cd//renovate-presets/commons.json5",
+        "github>argoproj/argo-cd//renovate-presets/custom-managers/shell.json5",
+        "github>argoproj/argo-cd//renovate-presets/custom-managers/yaml.json5",
+        "github>argoproj/argo-cd//renovate-presets/fix/disable-all-updates.json5",
+        "github>argoproj/argo-cd//renovate-presets/devtool.json5",
+        "github>argoproj/argo-cd//renovate-presets/docs.json5"
+    ]
+}
\ No newline at end of file
diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
new file mode 100644
index 0000000000000..d55502bf3d4dc
--- /dev/null
+++ b/.github/workflows/renovate.yaml
@@ -0,0 +1,31 @@
+name: Renovate
+on:
+  schedule:
+    - cron: '0 * * * *'
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: get_token
+        uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1
+        with:
+          app-id: ${{ vars.RENOVATE_APP_ID }}
+          private-key: ${{ secrets.RENOVATE_APP_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@b11417b9eaac3145fe9a8544cee66503724e32b6 #43.0.8
+        with:
+          configurationFile: .github/configs/renovate-config.js
+          token: '${{ steps.get_token.outputs.token }}'
+        env:
+          LOG_LEVEL: 'debug'
+          RENOVATE_REPOSITORIES: '${{ github.repository }}'
diff --git a/renovate.json b/renovate.json
deleted file mode 100644
index 704064c33650f..0000000000000
--- a/renovate.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "github>argoproj/argo-cd//renovate-presets/commons.json5",
-    "github>argoproj/argo-cd//renovate-presets/custom-managers/shell.json5",
-    "github>argoproj/argo-cd//renovate-presets/custom-managers/yaml.json5",
-    "github>argoproj/argo-cd//renovate-presets/fix/disable-all-updates.json5",
-    "github>argoproj/argo-cd//renovate-presets/devtool.json5",
-    "github>argoproj/argo-cd//renovate-presets/docs.json5"
-  ],
-  "allowedCommands": ["make mockgen"]
-}

From c347b33baa0e723fe51ea98c9182430e01fb4537 Mon Sep 17 00:00:00 2001
From: Aditya Raj <161347394+adityaraj178@users.noreply.github.com>
Date: Sun, 31 Aug 2025 01:53:36 +0530
Subject: [PATCH 327/383] fix: Hydrator wipes out entire branch when multiple
 Applications hydrate to the same branch with different path (fixes #24179)
 (#24185)

Signed-off-by: Aditya Raj <adityaraj10600@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 commitserver/commit/commit.go      |  19 +++-
 commitserver/commit/commit_test.go | 173 ++++++++++++++++++++++++++++-
 util/git/client.go                 |  16 ++-
 util/git/client_test.go            |  22 ++--
 util/git/mocks/Client.go           |  33 +++---
 5 files changed, 226 insertions(+), 37 deletions(-)

diff --git a/commitserver/commit/commit.go b/commitserver/commit/commit.go
index c3cf08997eb60..3374a38115288 100644
--- a/commitserver/commit/commit.go
+++ b/commitserver/commit/commit.go
@@ -118,10 +118,21 @@ func (s *Service) handleCommitRequest(logCtx *log.Entry, r *apiclient.CommitHydr
 		return out, "", fmt.Errorf("failed to checkout target branch: %w", err)
 	}
 
-	logCtx.Debug("Clearing repo contents")
-	out, err = gitClient.RemoveContents()
-	if err != nil {
-		return out, "", fmt.Errorf("failed to clear repo: %w", err)
+	logCtx.Debug("Clearing and preparing paths")
+	var pathsToClear []string
+	for _, p := range r.Paths {
+		if p.Path == "" || p.Path == "." {
+			logCtx.Debug("Using root directory for manifests, no directory removal needed")
+		} else {
+			pathsToClear = append(pathsToClear, p.Path)
+		}
+	}
+	if len(pathsToClear) > 0 {
+		logCtx.Debugf("Clearing paths: %v", pathsToClear)
+		out, err := gitClient.RemoveContents(pathsToClear)
+		if err != nil {
+			return out, "", fmt.Errorf("failed to clear paths %v: %w", pathsToClear, err)
+		}
 	}
 
 	logCtx.Debug("Writing manifests")
diff --git a/commitserver/commit/commit_test.go b/commitserver/commit/commit_test.go
index 547561a9061ea..4acd6c03b0444 100644
--- a/commitserver/commit/commit_test.go
+++ b/commitserver/commit/commit_test.go
@@ -99,7 +99,6 @@ func Test_CommitHydratedManifests(t *testing.T) {
 		mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once()
 		mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once()
 		mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once()
-		mockGitClient.On("RemoveContents").Return("", nil).Once()
 		mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once()
 		mockGitClient.On("CommitSHA").Return("it-worked!", nil).Once()
 		mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once()
@@ -109,6 +108,178 @@ func Test_CommitHydratedManifests(t *testing.T) {
 		require.NotNil(t, resp)
 		assert.Equal(t, "it-worked!", resp.HydratedSha)
 	})
+
+	t.Run("root path with dot and blank - no directory removal", func(t *testing.T) {
+		t.Parallel()
+
+		service, mockRepoClientFactory := newServiceWithMocks(t)
+		mockGitClient := gitmocks.NewClient(t)
+		mockGitClient.On("Init").Return(nil).Once()
+		mockGitClient.On("Fetch", mock.Anything).Return(nil).Once()
+		mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once()
+		mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once()
+		mockGitClient.On("CommitSHA").Return("root-and-blank-sha", nil).Once()
+		mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once()
+
+		requestWithRootAndBlank := &apiclient.CommitHydratedManifestsRequest{
+			Repo: &v1alpha1.Repository{
+				Repo: "https://github.com/argoproj/argocd-example-apps.git",
+			},
+			TargetBranch:  "main",
+			SyncBranch:    "env/test",
+			CommitMessage: "test commit message",
+			Paths: []*apiclient.PathDetails{
+				{
+					Path: ".",
+					Manifests: []*apiclient.HydratedManifestDetails{
+						{
+							ManifestJSON: `{"apiVersion":"v1","kind":"ConfigMap","metadata":{"name":"test-dot"}}`,
+						},
+					},
+				},
+				{
+					Path: "",
+					Manifests: []*apiclient.HydratedManifestDetails{
+						{
+							ManifestJSON: `{"apiVersion":"v1","kind":"ConfigMap","metadata":{"name":"test-blank"}}`,
+						},
+					},
+				},
+			},
+		}
+
+		resp, err := service.CommitHydratedManifests(t.Context(), requestWithRootAndBlank)
+		require.NoError(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, "root-and-blank-sha", resp.HydratedSha)
+	})
+
+	t.Run("subdirectory path - triggers directory removal", func(t *testing.T) {
+		t.Parallel()
+
+		service, mockRepoClientFactory := newServiceWithMocks(t)
+		mockGitClient := gitmocks.NewClient(t)
+		mockGitClient.On("Init").Return(nil).Once()
+		mockGitClient.On("Fetch", mock.Anything).Return(nil).Once()
+		mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once()
+		mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("RemoveContents", []string{"apps/staging"}).Return("", nil).Once()
+		mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once()
+		mockGitClient.On("CommitSHA").Return("subdir-path-sha", nil).Once()
+		mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once()
+
+		requestWithSubdirPath := &apiclient.CommitHydratedManifestsRequest{
+			Repo: &v1alpha1.Repository{
+				Repo: "https://github.com/argoproj/argocd-example-apps.git",
+			},
+			TargetBranch:  "main",
+			SyncBranch:    "env/test",
+			CommitMessage: "test commit message",
+			Paths: []*apiclient.PathDetails{
+				{
+					Path: "apps/staging", // subdirectory path
+					Manifests: []*apiclient.HydratedManifestDetails{
+						{
+							ManifestJSON: `{"apiVersion":"v1","kind":"Deployment","metadata":{"name":"test-app"}}`,
+						},
+					},
+				},
+			},
+		}
+
+		resp, err := service.CommitHydratedManifests(t.Context(), requestWithSubdirPath)
+		require.NoError(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, "subdir-path-sha", resp.HydratedSha)
+	})
+
+	t.Run("mixed paths - root and subdirectory", func(t *testing.T) {
+		t.Parallel()
+
+		service, mockRepoClientFactory := newServiceWithMocks(t)
+		mockGitClient := gitmocks.NewClient(t)
+		mockGitClient.On("Init").Return(nil).Once()
+		mockGitClient.On("Fetch", mock.Anything).Return(nil).Once()
+		mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once()
+		mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("RemoveContents", []string{"apps/production", "apps/staging"}).Return("", nil).Once()
+		mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once()
+		mockGitClient.On("CommitSHA").Return("mixed-paths-sha", nil).Once()
+		mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once()
+
+		requestWithMixedPaths := &apiclient.CommitHydratedManifestsRequest{
+			Repo: &v1alpha1.Repository{
+				Repo: "https://github.com/argoproj/argocd-example-apps.git",
+			},
+			TargetBranch:  "main",
+			SyncBranch:    "env/test",
+			CommitMessage: "test commit message",
+			Paths: []*apiclient.PathDetails{
+				{
+					Path: ".", // root path - should NOT trigger removal
+					Manifests: []*apiclient.HydratedManifestDetails{
+						{
+							ManifestJSON: `{"apiVersion":"v1","kind":"ConfigMap","metadata":{"name":"global-config"}}`,
+						},
+					},
+				},
+				{
+					Path: "apps/production", // subdirectory path - SHOULD trigger removal
+					Manifests: []*apiclient.HydratedManifestDetails{
+						{
+							ManifestJSON: `{"apiVersion":"v1","kind":"Deployment","metadata":{"name":"prod-app"}}`,
+						},
+					},
+				},
+				{
+					Path: "apps/staging", // another subdirectory path - SHOULD trigger removal
+					Manifests: []*apiclient.HydratedManifestDetails{
+						{
+							ManifestJSON: `{"apiVersion":"v1","kind":"Deployment","metadata":{"name":"staging-app"}}`,
+						},
+					},
+				},
+			},
+		}
+
+		resp, err := service.CommitHydratedManifests(t.Context(), requestWithMixedPaths)
+		require.NoError(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, "mixed-paths-sha", resp.HydratedSha)
+	})
+
+	t.Run("empty paths array", func(t *testing.T) {
+		t.Parallel()
+
+		service, mockRepoClientFactory := newServiceWithMocks(t)
+		mockGitClient := gitmocks.NewClient(t)
+		mockGitClient.On("Init").Return(nil).Once()
+		mockGitClient.On("Fetch", mock.Anything).Return(nil).Once()
+		mockGitClient.On("SetAuthor", "Argo CD", "argo-cd@example.com").Return("", nil).Once()
+		mockGitClient.On("CheckoutOrOrphan", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("CheckoutOrNew", "main", "env/test", false).Return("", nil).Once()
+		mockGitClient.On("CommitAndPush", "main", "test commit message").Return("", nil).Once()
+		mockGitClient.On("CommitSHA").Return("it-worked!", nil).Once()
+		mockRepoClientFactory.On("NewClient", mock.Anything, mock.Anything).Return(mockGitClient, nil).Once()
+
+		requestWithEmptyPaths := &apiclient.CommitHydratedManifestsRequest{
+			Repo: &v1alpha1.Repository{
+				Repo: "https://github.com/argoproj/argocd-example-apps.git",
+			},
+			TargetBranch:  "main",
+			SyncBranch:    "env/test",
+			CommitMessage: "test commit message",
+		}
+
+		resp, err := service.CommitHydratedManifests(t.Context(), requestWithEmptyPaths)
+		require.NoError(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, "it-worked!", resp.HydratedSha)
+	})
 }
 
 func newServiceWithMocks(t *testing.T) (*Service, *mocks.RepoClientFactory) {
diff --git a/util/git/client.go b/util/git/client.go
index 557dc584488bd..eec07d5175ebc 100644
--- a/util/git/client.go
+++ b/util/git/client.go
@@ -128,8 +128,8 @@ type Client interface {
 	// CheckoutOrNew checks out the given branch. If the branch does not exist, it creates an empty branch based on
 	// the base branch.
 	CheckoutOrNew(branch, base string, submoduleEnabled bool) (string, error)
-	// RemoveContents removes all files from the git repository.
-	RemoveContents() (string, error)
+	// RemoveContents removes all files from the given paths in the git repository.
+	RemoveContents(paths []string) (string, error)
 	// CommitAndPush commits and pushes changes to the target branch.
 	CommitAndPush(branch, message string) (string, error)
 }
@@ -1022,11 +1022,15 @@ func (m *nativeGitClient) CheckoutOrNew(branch, base string, submoduleEnabled bo
 	return "", nil
 }
 
-// RemoveContents removes all files from the git repository.
-func (m *nativeGitClient) RemoveContents() (string, error) {
-	out, err := m.runCmd("rm", "-r", "--ignore-unmatch", ".")
+// RemoveContents removes all files from the path of git repository.
+func (m *nativeGitClient) RemoveContents(paths []string) (string, error) {
+	if len(paths) == 0 {
+		return "", nil
+	}
+	args := append([]string{"rm", "-r", "--ignore-unmatch"}, paths...)
+	out, err := m.runCmd(args...)
 	if err != nil {
-		return out, fmt.Errorf("failed to clear repo contents: %w", err)
+		return out, fmt.Errorf("failed to clear paths %v: %w", paths, err)
 	}
 	return "", nil
 }
diff --git a/util/git/client_test.go b/util/git/client_test.go
index 14bb5df1486d7..448ad33e50513 100644
--- a/util/git/client_test.go
+++ b/util/git/client_test.go
@@ -803,12 +803,6 @@ func Test_nativeGitClient_CheckoutOrNew(t *testing.T) {
 }
 
 func Test_nativeGitClient_RemoveContents(t *testing.T) {
-	// Example status
-	// 2 files :
-	//   * <RepoRoot>/README.md
-	//   * <RepoRoot>/scripts/startup.sh
-
-	// given
 	tempDir, err := _createEmptyGitRepo()
 	require.NoError(t, err)
 
@@ -836,14 +830,16 @@ func Test_nativeGitClient_RemoveContents(t *testing.T) {
 	err = runCmd(client.Root(), "git", "commit", "-m", "Make files")
 	require.NoError(t, err)
 
-	// when
-	out, err = client.RemoveContents()
-	require.NoError(t, err, "error output: ", out)
-
-	// then
-	ls, err := outputCmd(client.Root(), "ls", "-l")
+	// when: remove only "scripts" directory
+	_, err = client.RemoveContents([]string{"scripts"})
 	require.NoError(t, err)
-	require.Equal(t, "total 0", strings.TrimSpace(string(ls)))
+
+	// then: "scripts" should be gone, "README.md" should still exist
+	_, err = os.Stat(filepath.Join(client.Root(), "README.md"))
+	require.NoError(t, err, "README.md should not be removed")
+
+	_, err = os.Stat(filepath.Join(client.Root(), "scripts"))
+	require.Error(t, err, "scripts directory should be removed")
 }
 
 func Test_nativeGitClient_CommitAndPush(t *testing.T) {
diff --git a/util/git/mocks/Client.go b/util/git/mocks/Client.go
index a294d66123de0..5150d285e2540 100644
--- a/util/git/mocks/Client.go
+++ b/util/git/mocks/Client.go
@@ -863,8 +863,8 @@ func (_c *Client_LsRemote_Call) RunAndReturn(run func(revision string) (string,
 }
 
 // RemoveContents provides a mock function for the type Client
-func (_mock *Client) RemoveContents() (string, error) {
-	ret := _mock.Called()
+func (_mock *Client) RemoveContents(paths []string) (string, error) {
+	ret := _mock.Called(paths)
 
 	if len(ret) == 0 {
 		panic("no return value specified for RemoveContents")
@@ -872,16 +872,16 @@ func (_mock *Client) RemoveContents() (string, error) {
 
 	var r0 string
 	var r1 error
-	if returnFunc, ok := ret.Get(0).(func() (string, error)); ok {
-		return returnFunc()
+	if returnFunc, ok := ret.Get(0).(func([]string) (string, error)); ok {
+		return returnFunc(paths)
 	}
-	if returnFunc, ok := ret.Get(0).(func() string); ok {
-		r0 = returnFunc()
+	if returnFunc, ok := ret.Get(0).(func([]string) string); ok {
+		r0 = returnFunc(paths)
 	} else {
 		r0 = ret.Get(0).(string)
 	}
-	if returnFunc, ok := ret.Get(1).(func() error); ok {
-		r1 = returnFunc()
+	if returnFunc, ok := ret.Get(1).(func([]string) error); ok {
+		r1 = returnFunc(paths)
 	} else {
 		r1 = ret.Error(1)
 	}
@@ -894,13 +894,20 @@ type Client_RemoveContents_Call struct {
 }
 
 // RemoveContents is a helper method to define mock.On call
-func (_e *Client_Expecter) RemoveContents() *Client_RemoveContents_Call {
-	return &Client_RemoveContents_Call{Call: _e.mock.On("RemoveContents")}
+//   - paths []string
+func (_e *Client_Expecter) RemoveContents(paths interface{}) *Client_RemoveContents_Call {
+	return &Client_RemoveContents_Call{Call: _e.mock.On("RemoveContents", paths)}
 }
 
-func (_c *Client_RemoveContents_Call) Run(run func()) *Client_RemoveContents_Call {
+func (_c *Client_RemoveContents_Call) Run(run func(paths []string)) *Client_RemoveContents_Call {
 	_c.Call.Run(func(args mock.Arguments) {
-		run()
+		var arg0 []string
+		if args[0] != nil {
+			arg0 = args[0].([]string)
+		}
+		run(
+			arg0,
+		)
 	})
 	return _c
 }
@@ -910,7 +917,7 @@ func (_c *Client_RemoveContents_Call) Return(s string, err error) *Client_Remove
 	return _c
 }
 
-func (_c *Client_RemoveContents_Call) RunAndReturn(run func() (string, error)) *Client_RemoveContents_Call {
+func (_c *Client_RemoveContents_Call) RunAndReturn(run func(paths []string) (string, error)) *Client_RemoveContents_Call {
 	_c.Call.Return(run)
 	return _c
 }

From c238950332d9d429ee8b410de755d778cf02b415 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 2 Sep 2025 13:54:06 -0400
Subject: [PATCH 328/383] fix(hydrator): handle empty path (#24349)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Akhil Singh <singhakhil69@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 commitserver/commit/hydratorhelper.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go
index 19b4e4bf613fa..8d8c55bd24a37 100644
--- a/commitserver/commit/hydratorhelper.go
+++ b/commitserver/commit/hydratorhelper.go
@@ -71,9 +71,12 @@ func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *app
 			hydratePath = ""
 		}
 
-		err = root.MkdirAll(hydratePath, 0o755)
-		if err != nil {
-			return fmt.Errorf("failed to create path: %w", err)
+		// Only create directory if path is not empty (root directory case)
+		if hydratePath != "" {
+			err = root.MkdirAll(hydratePath, 0o755)
+			if err != nil {
+				return fmt.Errorf("failed to create path: %w", err)
+			}
 		}
 
 		// Write the manifests

From 729739927abed1be1d18d48d4e9171cd3f8a8561 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 2 Sep 2025 14:51:47 -0400
Subject: [PATCH 329/383] fix: do not change CronJob to progressing (#24269)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.1-3.2.md | 33 ++++++++++++++++-------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/docs/operator-manual/upgrading/3.1-3.2.md b/docs/operator-manual/upgrading/3.1-3.2.md
index 4431414205ea1..b2eff599c7210 100644
--- a/docs/operator-manual/upgrading/3.1-3.2.md
+++ b/docs/operator-manual/upgrading/3.1-3.2.md
@@ -2,7 +2,7 @@
 
 ## Argo CD Now Respects Kustomize Version in `.argocd-source.yaml`
 
-Argo CD provides a way to [override Application `spec.source` values](../../user-guide/parameters.md#store-overrides-in-git) 
+Argo CD provides a way to [override Application `spec.source` values](../../user-guide/parameters.md#store-overrides-in-git)
 using the `.argocd-source.yaml` file.
 
 Before Argo CD v3.2, you could set the Kustomize version in the Application's `.spec.source.kustomize.version` field,
@@ -17,23 +17,38 @@ kustomize:
 
 ## Deprecated fields in the repo-server GRPC service
 
-The repo-server's GRPC service is generally considered an internal API and is not recommended for use by external 
-clients. No user-facing services or functionality have changed. However, if you are using the repo-server's GRPC service 
+The repo-server's GRPC service is generally considered an internal API and is not recommended for use by external
+clients. No user-facing services or functionality have changed. However, if you are using the repo-server's GRPC service
 directly, please note field deprecations in the following messages.
 
-The `kustomizeOptions.binaryPath` field in the `ManifestRequest` and `RepoServerAppDetailsQuery` messages has been 
-deprecated. Instead of calculating the correct binary path client-side, the client is expected to populate the 
-`kustomizeOptions.versions` field with the [configured Kustomize binary paths](../../user-guide/kustomize.md#custom-kustomize-versions). 
-This allows the repo-server to select the correct binary path based on the Kustomize version configured in the 
+The `kustomizeOptions.binaryPath` field in the `ManifestRequest` and `RepoServerAppDetailsQuery` messages has been
+deprecated. Instead of calculating the correct binary path client-side, the client is expected to populate the
+`kustomizeOptions.versions` field with the [configured Kustomize binary paths](../../user-guide/kustomize.md#custom-kustomize-versions).
+This allows the repo-server to select the correct binary path based on the Kustomize version configured in the
 Application's source field as well as any [overrides configured via git](../../user-guide/parameters.md#store-overrides-in-git).
 
 The `kustomizeOptions.binaryPath` will continue to be respected when `kustomizeOptions.versions` is not set, but this is
-not recommended. It will prevent overrides configured via git from being respected. The `kustomizeOptions.binaryPath` 
+not recommended. It will prevent overrides configured via git from being respected. The `kustomizeOptions.binaryPath`
 field will be removed in a future release.
 
 If the repo-server encounters a request with the `kustomizeOptions.binaryPath` field set, it will log a warning message:
 
 > kustomizeOptions.binaryPath is deprecated, use KustomizeOptions.versions instead
 
-The `ManifestRequest` and `RepoServerAppDetailsQuery` messages are used by the following GRPC services: 
+The `ManifestRequest` and `RepoServerAppDetailsQuery` messages are used by the following GRPC services:
 `GenerateManifest`, `GenerateManifestWithFiles`, and `GetAppDetails`.
+
+## CronJob Health
+
+This realease introduce the addition of CronJob's health, a longtime omitted heath status for a native Kubernetes resource.
+The health of a CronJob is based on whether or not Jobs are currently running, and if the last completed Job was successful.
+
+After the upgrade, Application's status may transition to `Degraded`, `Progressing` or `Suspended` depending on the CronJob health.
+
+If the CronJob is permanently `Suspended`, then the aggregated health of the Application will now be `Suspended` instead of `Healthy`.
+If the CronJob is permanently running jobs, then the aggregated health of the Application will now be `Progressing` instead of `Healthy`.
+
+If you do not want your CronJob to affect the Application's aggregated Health, you can configure the annotation
+`argocd.argoproj.io/ignore-healthcheck: "true"` on the CronJob resource.
+
+The health can also be configured globally using the `resource.customizations.health.batch_CronJob` configuration to change the default behaviour.

From 53893bc963953cedcd19493ef0285b92f9c7f9cf Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Tue, 2 Sep 2025 14:26:56 -0700
Subject: [PATCH 330/383] fix(ui): handle missing resources on UI (#24355)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 ui/src/app/applications/components/utils.tsx | 152 ++++++++++---------
 1 file changed, 81 insertions(+), 71 deletions(-)

diff --git a/ui/src/app/applications/components/utils.tsx b/ui/src/app/applications/components/utils.tsx
index 0c7afe41b24ac..d50f780643906 100644
--- a/ui/src/app/applications/components/utils.tsx
+++ b/ui/src/app/applications/components/utils.tsx
@@ -546,65 +546,73 @@ export const deletePopup = async (
 };
 
 export async function getResourceActionsMenuItems(resource: ResourceTreeNode, metadata: models.ObjectMeta, apis: ContextApis): Promise<ActionMenuItem[]> {
-    return services.applications.getResourceActions(metadata.name, metadata.namespace, resource).then(actions => {
-        return actions.map(action => ({
-            title: action.displayName ?? action.name,
-            disabled: !!action.disabled,
-            iconClassName: action.iconClass,
-            action: async () => {
-                const confirmed = false;
-                const title = action.params ? `Enter input parameters for action: ${action.name}` : `Perform ${action.name} action?`;
-                await apis.popup.prompt(
-                    title,
-                    api => (
-                        <div>
-                            {!action.params && (
-                                <div className='argo-form-row'>
-                                    <div> Are you sure you want to perform {action.name} action?</div>
-                                </div>
-                            )}
-                            {action.params &&
-                                action.params.map((param, index) => (
-                                    <div className='argo-form-row' key={index}>
-                                        <FormField label={param.name} field={param.name} formApi={api} component={Text} />
+    // Don't call API for missing resources
+    if (!resource.uid) {
+        return [];
+    }
+
+    return services.applications
+        .getResourceActions(metadata.name, metadata.namespace, resource)
+        .then(actions => {
+            return actions.map(action => ({
+                title: action.displayName ?? action.name,
+                disabled: !!action.disabled,
+                iconClassName: action.iconClass,
+                action: async () => {
+                    const confirmed = false;
+                    const title = action.params ? `Enter input parameters for action: ${action.name}` : `Perform ${action.name} action?`;
+                    await apis.popup.prompt(
+                        title,
+                        api => (
+                            <div>
+                                {!action.params && (
+                                    <div className='argo-form-row'>
+                                        <div> Are you sure you want to perform {action.name} action?</div>
                                     </div>
-                                ))}
-                        </div>
-                    ),
-                    {
-                        submit: async (vals, _, close) => {
-                            try {
-                                const resourceActionParameters = action.params
-                                    ? action.params.map(param => ({
-                                          name: param.name,
-                                          value: vals[param.name] || param.default,
-                                          type: param.type,
-                                          default: param.default
-                                      }))
-                                    : [];
-                                await services.applications.runResourceAction(metadata.name, metadata.namespace, resource, action.name, resourceActionParameters);
-                                close();
-                            } catch (e) {
-                                apis.notifications.show({
-                                    content: <ErrorNotification title='Unable to execute resource action' e={e} />,
-                                    type: NotificationType.Error
-                                });
+                                )}
+                                {action.params &&
+                                    action.params.map((param, index) => (
+                                        <div className='argo-form-row' key={index}>
+                                            <FormField label={param.name} field={param.name} formApi={api} component={Text} />
+                                        </div>
+                                    ))}
+                            </div>
+                        ),
+                        {
+                            submit: async (vals, _, close) => {
+                                try {
+                                    const resourceActionParameters = action.params
+                                        ? action.params.map(param => ({
+                                              name: param.name,
+                                              value: vals[param.name] || param.default,
+                                              type: param.type,
+                                              default: param.default
+                                          }))
+                                        : [];
+                                    await services.applications.runResourceAction(metadata.name, metadata.namespace, resource, action.name, resourceActionParameters);
+                                    close();
+                                } catch (e) {
+                                    apis.notifications.show({
+                                        content: <ErrorNotification title='Unable to execute resource action' e={e} />,
+                                        type: NotificationType.Error
+                                    });
+                                }
                             }
-                        }
-                    },
-                    null,
-                    null,
-                    action.params
-                        ? action.params.reduce((acc, res) => {
-                              acc[res.name] = res.default;
-                              return acc;
-                          }, {} as any)
-                        : {}
-                );
-                return confirmed;
-            }
-        }));
-    });
+                        },
+                        null,
+                        null,
+                        action.params
+                            ? action.params.reduce((acc, res) => {
+                                  acc[res.name] = res.default;
+                                  return acc;
+                              }, {} as any)
+                            : {}
+                    );
+                    return confirmed;
+                }
+            }));
+        })
+        .catch(() => [] as ActionMenuItem[]);
 }
 
 function getActionItems(
@@ -692,20 +700,22 @@ function getActionItems(
 
     const resourceActions = getResourceActionsMenuItems(resource, application.metadata, apis);
 
-    const links = services.applications
-        .getResourceLinks(application.metadata.name, application.metadata.namespace, resource)
-        .then(data => {
-            return (data.items || []).map(
-                link =>
-                    ({
-                        title: link.title,
-                        iconClassName: `fa fa-fw ${link.iconClass ? link.iconClass : 'fa-external-link'}`,
-                        action: () => window.open(link.url, '_blank'),
-                        tooltip: link.description
-                    }) as MenuItem
-            );
-        })
-        .catch(() => [] as MenuItem[]);
+    const links = !resource.uid
+        ? Promise.resolve([])
+        : services.applications
+              .getResourceLinks(application.metadata.name, application.metadata.namespace, resource)
+              .then(data => {
+                  return (data.items || []).map(
+                      link =>
+                          ({
+                              title: link.title,
+                              iconClassName: `fa fa-fw ${link.iconClass ? link.iconClass : 'fa-external-link'}`,
+                              action: () => window.open(link.url, '_blank'),
+                              tooltip: link.description
+                          }) as MenuItem
+                  );
+              })
+              .catch(() => [] as MenuItem[]);
 
     return combineLatest(
         from([items]), // this resolves immediately

From b6f0e780a38d00837bd6f6b9718a1437caab917f Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Tue, 2 Sep 2025 18:29:11 -0400
Subject: [PATCH 331/383] feat(server): pass authenticated userId as header to
 extensions (#24356)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../extensions/proxy-extensions.md            | 59 +++++++++------
 server/extension/extension.go                 | 31 ++++++--
 server/extension/extension_test.go            | 26 ++++---
 server/extension/mocks/UserGetter.go          | 73 ++++++++++++++++---
 4 files changed, 137 insertions(+), 52 deletions(-)

diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md
index e47c25b081848..31300056761bb 100644
--- a/docs/developer-guide/extensions/proxy-extensions.md
+++ b/docs/developer-guide/extensions/proxy-extensions.md
@@ -1,7 +1,8 @@
 # Proxy Extensions
 
 !!! warning "Beta Feature (Since 2.7.0)"
-    This feature is in the [Beta](https://github.com/argoproj/argoproj/blob/main/community/feature-status.md#beta) stage. 
+
+    This feature is in the [Beta](https://github.com/argoproj/argoproj/blob/main/community/feature-status.md#beta) stage.
     It is generally considered stable, but there may be unhandled edge cases.
 
 ## Overview
@@ -29,7 +30,7 @@ metadata:
   name: argocd-cmd-params-cm
   namespace: argocd
 data:
-  server.enable.proxy.extension: "true"
+  server.enable.proxy.extension: 'true'
 ```
 
 Once the proxy extension is enabled, it can be configured in the main
@@ -102,11 +103,12 @@ respect the new configuration.
 
 Every configuration entry is explained below:
 
-#### `extensions` (*list*)
+#### `extensions` (_list_)
 
 Defines configurations for all extensions enabled.
 
-#### `extensions.name` (*string*)
+#### `extensions.name` (_string_)
+
 (mandatory)
 
 Defines the endpoint that will be used to register the extension
@@ -116,54 +118,61 @@ following url:
 
     <argocd-host>/extensions/my-extension
 
-#### `extensions.backend.connectionTimeout` (*duration string*)
+#### `extensions.backend.connectionTimeout` (_duration string_)
+
 (optional. Default: 2s)
 
 Is the maximum amount of time a dial to the extension server will wait
-for a connect to complete. 
+for a connect to complete.
+
+#### `extensions.backend.keepAlive` (_duration string_)
 
-#### `extensions.backend.keepAlive` (*duration string*)
 (optional. Default: 15s)
 
 Specifies the interval between keep-alive probes for an active network
 connection between the API server and the extension server.
 
-#### `extensions.backend.idleConnectionTimeout` (*duration string*)
+#### `extensions.backend.idleConnectionTimeout` (_duration string_)
+
 (optional. Default: 60s)
 
 Is the maximum amount of time an idle (keep-alive) connection between
 the API server and the extension server will remain idle before
 closing itself.
 
-#### `extensions.backend.maxIdleConnections` (*int*)
+#### `extensions.backend.maxIdleConnections` (_int_)
+
 (optional. Default: 30)
 
 Controls the maximum number of idle (keep-alive) connections between
 the API server and the extension server.
 
-#### `extensions.backend.services` (*list*)
+#### `extensions.backend.services` (_list_)
 
 Defines a list with backend url by cluster.
 
-#### `extensions.backend.services.url` (*string*)
+#### `extensions.backend.services.url` (_string_)
+
 (mandatory)
 
 Is the address where the extension backend must be available.
 
-#### `extensions.backend.services.headers` (*list*)
+#### `extensions.backend.services.headers` (_list_)
 
 If provided, the headers list will be added on all outgoing requests
 for this service config. Existing headers in the incoming request with
 the same name will be overridden by the one in this list. Reserved header
 names will be ignored (see the [headers](#incoming-request-headers) below).
 
-#### `extensions.backend.services.headers.name` (*string*)
+#### `extensions.backend.services.headers.name` (_string_)
+
 (mandatory)
 
 Defines the name of the header. It is a mandatory field if a header is
 provided.
 
-#### `extensions.backend.services.headers.value` (*string*)
+#### `extensions.backend.services.headers.value` (_string_)
+
 (mandatory)
 
 Defines the value of the header. It is a mandatory field if a header is
@@ -178,7 +187,8 @@ Example:
 In the example above, the value will be replaced with the one from
 the argocd-secret with key 'some.argocd.secret.key'.
 
-#### `extensions.backend.services.cluster` (*object*)
+#### `extensions.backend.services.cluster` (_object_)
+
 (optional)
 
 If provided, and multiple services are configured, will have to match
@@ -190,17 +200,19 @@ send requests to the proper backend service. If only one backend
 service is configured, this field is ignored, and all requests are
 forwarded to the configured one.
 
-#### `extensions.backend.services.cluster.name` (*string*)
+#### `extensions.backend.services.cluster.name` (_string_)
+
 (optional)
 
 It will be matched with the value from
 `Application.Spec.Destination.Name`
 
-#### `extensions.backend.services.cluster.server` (*string*)
+#### `extensions.backend.services.cluster.server` (_string_)
+
 (optional)
 
 It will be matched with the value from
-`Application.Spec.Destination.Server`. 
+`Application.Spec.Destination.Server`.
 
 ## Usage
 
@@ -245,7 +257,7 @@ Argo CD UI keeps the authentication token stored in a cookie
 (`argocd.token`). This value needs to be sent in the `Cookie` header
 so the API server can validate its authenticity.
 
-Example: 
+Example:
 
     Cookie: argocd.token=eyJhbGciOiJIUzI1Ni...
 
@@ -299,11 +311,16 @@ section for more details.
 
 #### `Argocd-Username`
 
-Will be populated with the username logged in Argo CD.
+Will be populated with the username logged in Argo CD. This is primarily useful for display purposes. 
+To identify a user for programmatic needs, `Argocd-User-Id` is probably a better choice.
+
+#### `Argocd-User-Id`
+
+Will be populated with the internal user id, most often defined by the `sub` claim, logged in Argo CD.
 
 #### `Argocd-User-Groups`
 
-Will be populated with the 'groups' claim from the user logged in Argo CD.
+Will be populated with the configured RBAC scopes, most often the `groups` claim, from the user logged in Argo CD.
 
 ### Multi Backend Use-Case
 
diff --git a/server/extension/extension.go b/server/extension/extension.go
index c03272b07f50a..b9abbf9dfe8fd 100644
--- a/server/extension/extension.go
+++ b/server/extension/extension.go
@@ -74,10 +74,14 @@ const (
 	// handler.
 	HeaderArgoCDTargetClusterName = "Argocd-Target-Cluster-Name"
 
-	// HeaderArgoCDUsername is the header name that defines the logged
+	// HeaderArgoCDUsername is the header name that defines the username of the logged
 	// in user authenticated by Argo CD.
 	HeaderArgoCDUsername = "Argocd-Username"
 
+	// HeaderArgoCDUserId is the header name that defines the internal user id of the logged
+	// in user authenticated by Argo CD.
+	HeaderArgoCDUserId = "Argocd-User-Id"
+
 	// HeaderArgoCDGroups is the header name that provides the 'groups'
 	// claim from the users authenticated in Argo CD.
 	HeaderArgoCDGroups = "Argocd-User-Groups"
@@ -284,7 +288,8 @@ func (p *DefaultProjectGetter) GetClusters(project string) ([]*v1alpha1.Cluster,
 
 // UserGetter defines the contract to retrieve info from the logged in user.
 type UserGetter interface {
-	GetUser(ctx context.Context) string
+	GetUserId(ctx context.Context) string
+	GetUsername(ctx context.Context) string
 	GetGroups(ctx context.Context) []string
 }
 
@@ -300,11 +305,16 @@ func NewDefaultUserGetter(policyEnf *rbacpolicy.RBACPolicyEnforcer) *DefaultUser
 	}
 }
 
-// GetUser will return the current logged in user
-func (u *DefaultUserGetter) GetUser(ctx context.Context) string {
+// GetUsername will return the username of the current logged in user
+func (u *DefaultUserGetter) GetUsername(ctx context.Context) string {
 	return session.Username(ctx)
 }
 
+// GetUserId will return the user id of the current logged in user
+func (u *DefaultUserGetter) GetUserId(ctx context.Context) string {
+	return session.GetUserIdentifier(ctx)
+}
+
 // GetGroups will return the groups associated with the logged in user.
 func (u *DefaultUserGetter) GetGroups(ctx context.Context) []string {
 	return session.Groups(ctx, u.policyEnf.GetScopes())
@@ -783,11 +793,13 @@ func (m *Manager) CallExtension() func(http.ResponseWriter, *http.Request) {
 			return
 		}
 
-		user := m.userGetter.GetUser(r.Context())
+		userId := m.userGetter.GetUserId(r.Context())
+		username := m.userGetter.GetUsername(r.Context())
 		groups := m.userGetter.GetGroups(r.Context())
-		prepareRequest(r, m.namespace, extName, app, user, groups)
+		prepareRequest(r, m.namespace, extName, app, userId, username, groups)
 		m.log.WithFields(log.Fields{
-			HeaderArgoCDUsername:        user,
+			HeaderArgoCDUserId:          userId,
+			HeaderArgoCDUsername:        username,
 			HeaderArgoCDGroups:          strings.Join(groups, ","),
 			HeaderArgoCDNamespace:       m.namespace,
 			HeaderArgoCDApplicationName: fmt.Sprintf("%s:%s", app.GetNamespace(), app.GetName()),
@@ -819,7 +831,7 @@ func registerMetrics(extName string, metrics httpsnoop.Metrics, extensionMetrics
 //   - Cluster destination name
 //   - Cluster destination server
 //   - Argo CD authenticated username
-func prepareRequest(r *http.Request, namespace string, extName string, app *v1alpha1.Application, username string, groups []string) {
+func prepareRequest(r *http.Request, namespace string, extName string, app *v1alpha1.Application, userId string, username string, groups []string) {
 	r.URL.Path = strings.TrimPrefix(r.URL.Path, fmt.Sprintf("%s/%s", URLPrefix, extName))
 	r.Header.Set(HeaderArgoCDNamespace, namespace)
 	if app.Spec.Destination.Name != "" {
@@ -828,6 +840,9 @@ func prepareRequest(r *http.Request, namespace string, extName string, app *v1al
 	if app.Spec.Destination.Server != "" {
 		r.Header.Set(HeaderArgoCDTargetClusterURL, app.Spec.Destination.Server)
 	}
+	if userId != "" {
+		r.Header.Set(HeaderArgoCDUserId, userId)
+	}
 	if username != "" {
 		r.Header.Set(HeaderArgoCDUsername, username)
 	}
diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go
index 6141c9b7bd8c4..377ab7623da61 100644
--- a/server/extension/extension_test.go
+++ b/server/extension/extension_test.go
@@ -352,8 +352,9 @@ func TestCallExtension(t *testing.T) {
 		f.rbacMock.On("EnforceErr", mock.Anything, rbac.ResourceExtensions, rbac.ActionInvoke, mock.Anything).Return(extAccessError)
 	}
 
-	withUser := func(f *fixture, username string, groups []string) {
-		f.userMock.On("GetUser", mock.Anything).Return(username)
+	withUser := func(f *fixture, userId string, username string, groups []string) {
+		f.userMock.On("GetUserId", mock.Anything).Return(userId)
+		f.userMock.On("GetUsername", mock.Anything).Return(username)
 		f.userMock.On("GetGroups", mock.Anything).Return(groups)
 	}
 
@@ -411,7 +412,7 @@ func TestCallExtension(t *testing.T) {
 		}))
 		defer backendSrv.Close()
 		withRbac(f, true, true)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		withExtensionConfig(getExtensionConfig(backendEndpoint, backendSrv.URL), f)
 		ts := startTestServer(t, f)
 		defer ts.Close()
@@ -448,6 +449,7 @@ func TestCallExtension(t *testing.T) {
 		assert.Equal(t, clusterURL, resp.Header.Get(extension.HeaderArgoCDTargetClusterURL))
 		assert.Equal(t, "Bearer some-bearer-token", resp.Header.Get("Authorization"))
 		assert.Equal(t, "some-user", resp.Header.Get(extension.HeaderArgoCDUsername))
+		assert.Equal(t, "some-user-id", resp.Header.Get(extension.HeaderArgoCDUserId))
 		assert.Equal(t, "group1,group2", resp.Header.Get(extension.HeaderArgoCDGroups))
 
 		// waitgroup is necessary to make sure assertions aren't executed before
@@ -464,7 +466,7 @@ func TestCallExtension(t *testing.T) {
 		withExtensionConfig(getExtensionConfigString(), f)
 		withRbac(f, true, true)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		cluster1Name := "cluster1"
 		f.appGetterMock.On("Get", "namespace", "app-name").Return(getApp(cluster1Name, "", defaultProjectName), nil)
 		withProject(getProjectWithDestinations("project-name", []string{cluster1Name}, []string{"some-url"}), f)
@@ -507,7 +509,7 @@ func TestCallExtension(t *testing.T) {
 		withExtensionConfig(getExtensionConfigWith2Backends(extName, beSrv1.URL, cluster1Name, cluster1URL, beSrv2.URL, cluster2Name, cluster2URL), f)
 		withProject(getProjectWithDestinations("project-name", []string{cluster1Name}, []string{cluster2URL}), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 
 		ts := startTestServer(t, f)
 		defer ts.Close()
@@ -554,7 +556,7 @@ func TestCallExtension(t *testing.T) {
 		withRbac(f, allowApp, allowExtension)
 		withExtensionConfig(getExtensionConfig(extName, "http://fake"), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		ts := startTestServer(t, f)
 		defer ts.Close()
 		r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName))
@@ -578,7 +580,7 @@ func TestCallExtension(t *testing.T) {
 		withRbac(f, allowApp, allowExtension)
 		withExtensionConfig(getExtensionConfig(extName, "http://fake"), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		ts := startTestServer(t, f)
 		defer ts.Close()
 		r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName))
@@ -603,7 +605,7 @@ func TestCallExtension(t *testing.T) {
 		withRbac(f, allowApp, allowExtension)
 		withExtensionConfig(getExtensionConfig(extName, "http://fake"), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		ts := startTestServer(t, f)
 		defer ts.Close()
 		r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName))
@@ -629,7 +631,7 @@ func TestCallExtension(t *testing.T) {
 		withRbac(f, allowApp, allowExtension)
 		withExtensionConfig(getExtensionConfig(extName, "http://fake"), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		ts := startTestServer(t, f)
 		defer ts.Close()
 		r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName))
@@ -655,7 +657,7 @@ func TestCallExtension(t *testing.T) {
 		withRbac(f, allowApp, allowExtension)
 		withExtensionConfig(getExtensionConfig(extName, "http://fake"), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		ts := startTestServer(t, f)
 		defer ts.Close()
 		r := newExtensionRequest(t, "Get", fmt.Sprintf("%s/extensions/%s/", ts.URL, extName))
@@ -687,7 +689,7 @@ func TestCallExtension(t *testing.T) {
 		withExtensionConfig(getExtensionConfigWith2Backends(extName, "url1", "cluster1Name", "cluster1URL", "url2", "cluster2Name", "cluster2URL"), f)
 		withProject(getProjectWithDestinations("project-name", nil, []string{"srv1", destinationServer}), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 
 		ts := startTestServer(t, f)
 		defer ts.Close()
@@ -721,7 +723,7 @@ func TestCallExtension(t *testing.T) {
 		withRbac(f, allowApp, allowExtension)
 		withExtensionConfig(getExtensionConfig(extName, "http://fake"), f)
 		withMetrics(f)
-		withUser(f, "some-user", []string{"group1", "group2"})
+		withUser(f, "some-user-id", "some-user", []string{"group1", "group2"})
 		ts := startTestServer(t, f)
 		defer ts.Close()
 		r := newExtensionRequest(t, "Get", ts.URL+"/extensions/")
diff --git a/server/extension/mocks/UserGetter.go b/server/extension/mocks/UserGetter.go
index 978e7d1385229..669a801c9543a 100644
--- a/server/extension/mocks/UserGetter.go
+++ b/server/extension/mocks/UserGetter.go
@@ -90,12 +90,12 @@ func (_c *UserGetter_GetGroups_Call) RunAndReturn(run func(ctx context.Context)
 	return _c
 }
 
-// GetUser provides a mock function for the type UserGetter
-func (_mock *UserGetter) GetUser(ctx context.Context) string {
+// GetUserId provides a mock function for the type UserGetter
+func (_mock *UserGetter) GetUserId(ctx context.Context) string {
 	ret := _mock.Called(ctx)
 
 	if len(ret) == 0 {
-		panic("no return value specified for GetUser")
+		panic("no return value specified for GetUserId")
 	}
 
 	var r0 string
@@ -107,18 +107,18 @@ func (_mock *UserGetter) GetUser(ctx context.Context) string {
 	return r0
 }
 
-// UserGetter_GetUser_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetUser'
-type UserGetter_GetUser_Call struct {
+// UserGetter_GetUserId_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetUserId'
+type UserGetter_GetUserId_Call struct {
 	*mock.Call
 }
 
-// GetUser is a helper method to define mock.On call
+// GetUserId is a helper method to define mock.On call
 //   - ctx context.Context
-func (_e *UserGetter_Expecter) GetUser(ctx interface{}) *UserGetter_GetUser_Call {
-	return &UserGetter_GetUser_Call{Call: _e.mock.On("GetUser", ctx)}
+func (_e *UserGetter_Expecter) GetUserId(ctx interface{}) *UserGetter_GetUserId_Call {
+	return &UserGetter_GetUserId_Call{Call: _e.mock.On("GetUserId", ctx)}
 }
 
-func (_c *UserGetter_GetUser_Call) Run(run func(ctx context.Context)) *UserGetter_GetUser_Call {
+func (_c *UserGetter_GetUserId_Call) Run(run func(ctx context.Context)) *UserGetter_GetUserId_Call {
 	_c.Call.Run(func(args mock.Arguments) {
 		var arg0 context.Context
 		if args[0] != nil {
@@ -131,12 +131,63 @@ func (_c *UserGetter_GetUser_Call) Run(run func(ctx context.Context)) *UserGette
 	return _c
 }
 
-func (_c *UserGetter_GetUser_Call) Return(s string) *UserGetter_GetUser_Call {
+func (_c *UserGetter_GetUserId_Call) Return(s string) *UserGetter_GetUserId_Call {
 	_c.Call.Return(s)
 	return _c
 }
 
-func (_c *UserGetter_GetUser_Call) RunAndReturn(run func(ctx context.Context) string) *UserGetter_GetUser_Call {
+func (_c *UserGetter_GetUserId_Call) RunAndReturn(run func(ctx context.Context) string) *UserGetter_GetUserId_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// GetUsername provides a mock function for the type UserGetter
+func (_mock *UserGetter) GetUsername(ctx context.Context) string {
+	ret := _mock.Called(ctx)
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetUsername")
+	}
+
+	var r0 string
+	if returnFunc, ok := ret.Get(0).(func(context.Context) string); ok {
+		r0 = returnFunc(ctx)
+	} else {
+		r0 = ret.Get(0).(string)
+	}
+	return r0
+}
+
+// UserGetter_GetUsername_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetUsername'
+type UserGetter_GetUsername_Call struct {
+	*mock.Call
+}
+
+// GetUsername is a helper method to define mock.On call
+//   - ctx context.Context
+func (_e *UserGetter_Expecter) GetUsername(ctx interface{}) *UserGetter_GetUsername_Call {
+	return &UserGetter_GetUsername_Call{Call: _e.mock.On("GetUsername", ctx)}
+}
+
+func (_c *UserGetter_GetUsername_Call) Run(run func(ctx context.Context)) *UserGetter_GetUsername_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *UserGetter_GetUsername_Call) Return(s string) *UserGetter_GetUsername_Call {
+	_c.Call.Return(s)
+	return _c
+}
+
+func (_c *UserGetter_GetUsername_Call) RunAndReturn(run func(ctx context.Context) string) *UserGetter_GetUsername_Call {
 	_c.Call.Return(run)
 	return _c
 }

From 9661f7ddd96cbf54bec8a53b216f78576c0663a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 11:05:19 +0300
Subject: [PATCH 332/383] chore(deps): bump the otel group with 4 updates
 (#24364)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 26 +++++++++++++-------------
 go.sum | 56 ++++++++++++++++++++++++++++----------------------------
 2 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/go.mod b/go.mod
index 8d32ee307d85f..a522d8258b286 100644
--- a/go.mod
+++ b/go.mod
@@ -87,17 +87,17 @@ require (
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
 	gitlab.com/gitlab-org/api/client-go v0.142.4
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0
-	go.opentelemetry.io/otel v1.37.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0
-	go.opentelemetry.io/otel/sdk v1.37.0
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0
+	go.opentelemetry.io/otel v1.38.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
+	go.opentelemetry.io/otel/sdk v1.38.0
 	golang.org/x/crypto v0.41.0
 	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.16.0
 	golang.org/x/term v0.34.0
 	golang.org/x/time v0.12.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7
+	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5
 	google.golang.org/grpc v1.75.0
 	google.golang.org/protobuf v1.36.8
 	gopkg.in/yaml.v2 v2.4.0
@@ -159,7 +159,7 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/cenkalti/backoff/v5 v5.0.2 // indirect
+	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/chai2010/gettext-go v1.0.3 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
@@ -201,7 +201,7 @@ require (
 	github.com/gosimple/unidecode v1.0.1 // indirect
 	github.com/gregdel/pushover v1.3.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
@@ -261,12 +261,12 @@ require (
 	go.mongodb.org/mongo-driver v1.17.1 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 // indirect
-	go.opentelemetry.io/otel/metric v1.37.0 // indirect
-	go.opentelemetry.io/otel/trace v1.37.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.7.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect
+	go.opentelemetry.io/otel/metric v1.38.0 // indirect
+	go.opentelemetry.io/otel/trace v1.38.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.7.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
-	go.yaml.in/yaml/v3 v3.0.3 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/mod v0.26.0 // indirect
 	golang.org/x/sys v0.35.0 // indirect
 	golang.org/x/text v0.28.0 // indirect
@@ -277,7 +277,7 @@ require (
 	gomodules.xyz/notify v0.1.1 // indirect
 	google.golang.org/api v0.223.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
diff --git a/go.sum b/go.sum
index 7d1fdd4362010..e0993df2c1414 100644
--- a/go.sum
+++ b/go.sum
@@ -184,8 +184,8 @@ github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/cenkalti/backoff/v5 v5.0.2 h1:rIfFVxEf1QsI7E1ZHfp/B4DF/6QBAUhmgkxc0H7Zss8=
-github.com/cenkalti/backoff/v5 v5.0.2/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
+github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
+github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -511,8 +511,8 @@ github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.2/go.mod h1:wd1YpapPLivG6nQ
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1 h1:X5VWvz21y3gzm9Nw/kaUeku/1+uBhcekkmy4IkffJww=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.1/go.mod h1:Zanoh4+gvIgluNqcfMVTJueD4wSS5hT7zTt4Mrutd90=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
@@ -909,26 +909,26 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
 go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0 h1:rbRJ8BBoVMsQShESYZ0FkvcITu8X8QNwJogcLUmDNNw=
-go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.62.0/go.mod h1:ru6KHrNtNHxM4nD/vd6QrLVWgKhxPYgblq4VAtNawTQ=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 h1:YH4g8lQroajqUwWbq/tr2QX1JFmEXaDLgG+ew9bLMWo=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0/go.mod h1:fvPi2qXDqFs8M4B4fmJhE92TyQs9Ydjlg3RvfUp+NbQ=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
-go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ=
-go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0 h1:Ahq7pZmv87yiyn3jeFz/LekZmPLLdKejuO3NcK9MssM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.37.0/go.mod h1:MJTqhM0im3mRLw1i8uGHnCvUEeS7VwRyxlLC78PA18M=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0 h1:EtFWSnwW9hGObjkIdmlnWSydO+Qs8OwzfzXLUPg4xOc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0/go.mod h1:QjUEoiGCPkvFZ/MjK6ZZfNOS6mfVEVKYE99dFhuN2LI=
-go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE=
-go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E=
-go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI=
-go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg=
-go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc=
-go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps=
-go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4=
-go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0=
-go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os=
-go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo=
+go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
+go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk=
+go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
+go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
+go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
+go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
+go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
+go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
+go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
+go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
+go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=
+go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
@@ -942,8 +942,8 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
-go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=
-go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -1330,10 +1330,10 @@ google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
-google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 h1:FiusG7LWj+4byqhbvmB+Q93B/mOxJLN2DTozDuZm4EU=
-google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:kXqgZtrWaf6qS3jZOCnCH7WYfrvFjkC51bM8fz3RsCA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY=
+google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 h1:eaY8u2EuxbRv7c3NiGK0/NedzVsCcV6hDuU5qPX5EGE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5/go.mod h1:M4/wBTSeyLxupu3W3tJtOgB14jILAS/XWPSSa3TAlJc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=

From 6959b32ce017586c71e9ccba58816931e5bf0544 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 11:06:29 +0300
Subject: [PATCH 333/383] chore(deps): bump renovatebot/github-action from
 43.0.8 to 43.0.10 (#24363)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/renovate.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
index d55502bf3d4dc..fcbb320e2780d 100644
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
 
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@b11417b9eaac3145fe9a8544cee66503724e32b6 #43.0.8
+        uses: renovatebot/github-action@7876d7a812254599d262d62b6b2c2706018258a2 #43.0.10
         with:
           configurationFile: .github/configs/renovate-config.js
           token: '${{ steps.get_token.outputs.token }}'

From 070753a048b8498fe76cbccde04faa4e836ed79a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 11:09:55 +0300
Subject: [PATCH 334/383] chore(deps): bump github.com/spf13/cobra from 1.9.1
 to 1.10.1 (#24362)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index a522d8258b286..264a58d7d1598 100644
--- a/go.mod
+++ b/go.mod
@@ -81,8 +81,8 @@ require (
 	github.com/sirupsen/logrus v1.9.3
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/soheilhy/cmux v0.1.5
-	github.com/spf13/cobra v1.9.1
-	github.com/spf13/pflag v1.0.7
+	github.com/spf13/cobra v1.10.1
+	github.com/spf13/pflag v1.0.9
 	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
diff --git a/go.sum b/go.sum
index e0993df2c1414..88b44af1baf8d 100644
--- a/go.sum
+++ b/go.sum
@@ -844,13 +844,12 @@ github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
 github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
-github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
-github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
+github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M=
-github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

From 647306f1a6842cb4a3257d5ccdf1c5a208ed7e4b Mon Sep 17 00:00:00 2001
From: Donghyun Kang <49312806+augustkang@users.noreply.github.com>
Date: Wed, 3 Sep 2025 18:11:03 +0900
Subject: [PATCH 335/383] fix: correct typo in applicationset/utils/utils.go
 (#24352)

Signed-off-by: augustkang <iamaugustkang@gmail.com>
Co-authored-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/utils/utils.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go
index c8491e2956a01..0777e8cf3d61e 100644
--- a/applicationset/utils/utils.go
+++ b/applicationset/utils/utils.go
@@ -405,13 +405,13 @@ func addInvalidGeneratorNames(names map[string]bool, applicationSetInfo *argoapp
 
 	spec, ok := values["spec"].(map[string]any)
 	if !ok {
-		log.Warn("coundn't get spec from kubectl.kubernetes.io/last-applied-configuration annotation")
+		log.Warn("couldn't get spec from kubectl.kubernetes.io/last-applied-configuration annotation")
 		return
 	}
 
 	generators, ok := spec["generators"].([]any)
 	if !ok {
-		log.Warn("coundn't get generators from kubectl.kubernetes.io/last-applied-configuration annotation")
+		log.Warn("couldn't get generators from kubectl.kubernetes.io/last-applied-configuration annotation")
 		return
 	}
 
@@ -422,7 +422,7 @@ func addInvalidGeneratorNames(names map[string]bool, applicationSetInfo *argoapp
 
 	generator, ok := generators[index].(map[string]any)
 	if !ok {
-		log.Warn("coundn't get generator from kubectl.kubernetes.io/last-applied-configuration annotation")
+		log.Warn("couldn't get generator from kubectl.kubernetes.io/last-applied-configuration annotation")
 		return
 	}
 

From 6b3fcf94cbf99dca7b0c04e4fa627ace9aa8b37f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 12:44:17 +0300
Subject: [PATCH 336/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.142.4 to 0.142.5 (#24361)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Regina Voloshin <regina.voloshin@codefresh.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Regina Voloshin <regina.voloshin@codefresh.io>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 264a58d7d1598..749cba99d08b5 100644
--- a/go.mod
+++ b/go.mod
@@ -86,7 +86,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.142.4
+	gitlab.com/gitlab-org/api/client-go v0.142.5
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0
 	go.opentelemetry.io/otel v1.38.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
diff --git a/go.sum b/go.sum
index 88b44af1baf8d..680b364142526 100644
--- a/go.sum
+++ b/go.sum
@@ -897,8 +897,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.142.4 h1:tTm+hUPrOcTavmKpM9YIP503IE0EdAkg4TG3t6QGbiw=
-gitlab.com/gitlab-org/api/client-go v0.142.4/go.mod h1:Ru5IRauphXt9qwmTzJD7ou1dH7Gc6pnsdFWEiMMpmB0=
+gitlab.com/gitlab-org/api/client-go v0.142.5 h1:zvengEU958Fjwasi1V+9QNRw0viqNKkqUwvFD15XDZI=
+gitlab.com/gitlab-org/api/client-go v0.142.5/go.mod h1:Ru5IRauphXt9qwmTzJD7ou1dH7Gc6pnsdFWEiMMpmB0=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 28c78eb5cff4b0c5a6794e8ac1688036a0a3ac9e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Sep 2025 06:58:50 -0400
Subject: [PATCH 337/383] chore(deps): bump SonarSource/sonarqube-scan-action
 from 5.3.0 to 5.3.1 (#24358)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index cb38671eff94c..7b510135dce7f 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -402,7 +402,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        uses: SonarSource/sonarqube-scan-action@8c71dc039c2dd71d3821e89a2b58ecc7fee6ced9 # v5.3.0
+        uses: SonarSource/sonarqube-scan-action@1a6d90ebcb0e6a6b1d87e37ba693fe453195ae25 # v5.3.1
         if: env.sonar_secret != ''
   test-e2e:
     name: Run end-to-end tests

From 9414606aec7515e1de78b54c9e1cbd673c5b26a7 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Wed, 3 Sep 2025 09:39:42 -0400
Subject: [PATCH 338/383] chore: bump gitops-engine w/ finalizer fix (#24348)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 749cba99d08b5..8ad5042d799f4 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
-	github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf
+	github.com/argoproj/gitops-engine v0.7.1-0.20250902195153-dab4cc0b8ad1
 	github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
diff --git a/go.sum b/go.sum
index 680b364142526..c72c533061fb7 100644
--- a/go.sum
+++ b/go.sum
@@ -113,8 +113,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
-github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf h1:T6GGt8vYN2aRNnOwdY3DIzMX1AhGIEo+8SNhSlNBdvs=
-github.com/argoproj/gitops-engine v0.7.1-0.20250724135328-38f73a75c3cf/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
+github.com/argoproj/gitops-engine v0.7.1-0.20250902195153-dab4cc0b8ad1 h1:hScjnyzYqKBK4Dp/CLl46yK7GxWc5bHIxh4ndydNTGs=
+github.com/argoproj/gitops-engine v0.7.1-0.20250902195153-dab4cc0b8ad1/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
 github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7 h1:DwrJWH9kySJgaJ6n5U543QSeFTNdMHDz5Iy+goyfQUw=
 github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
 github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM=

From 4145289f439441383a74897cd10f23b70f8ee7ea Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 3 Sep 2025 11:21:28 -0400
Subject: [PATCH 339/383] chore(refactor): simplify logic that generates server
 cert (#24335)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/settings/settings.go | 98 +++++++++------------------------------
 1 file changed, 21 insertions(+), 77 deletions(-)

diff --git a/util/settings/settings.go b/util/settings/settings.go
index d44dcc586329c..ac74206cfaefc 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -1576,66 +1576,10 @@ func (mgr *SettingsManager) loadTLSCertificateFromSecret(secret *corev1.Secret)
 	return &cert, nil
 }
 
-// SaveSettings serializes ArgoCDSettings and upserts it into K8s secret/configmap
-func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error {
-	err := mgr.updateConfigMap(func(argoCDCM *corev1.ConfigMap) error {
-		if settings.URL != "" {
-			argoCDCM.Data[settingURLKey] = settings.URL
-		} else {
-			delete(argoCDCM.Data, settingURLKey)
-		}
-		if settings.DexConfig != "" {
-			argoCDCM.Data[settingDexConfigKey] = settings.DexConfig
-		} else {
-			delete(argoCDCM.Data, settings.DexConfig)
-		}
-		if settings.OIDCConfigRAW != "" {
-			argoCDCM.Data[settingsOIDCConfigKey] = settings.OIDCConfigRAW
-		} else {
-			delete(argoCDCM.Data, settingsOIDCConfigKey)
-		}
-		if settings.UiCssURL != "" {
-			argoCDCM.Data[settingUICSSURLKey] = settings.UiCssURL
-		}
-		if settings.UiBannerContent != "" {
-			argoCDCM.Data[settingUIBannerContentKey] = settings.UiBannerContent
-		} else {
-			delete(argoCDCM.Data, settingUIBannerContentKey)
-		}
-		if settings.UiBannerURL != "" {
-			argoCDCM.Data[settingUIBannerURLKey] = settings.UiBannerURL
-		} else {
-			delete(argoCDCM.Data, settingUIBannerURLKey)
-		}
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
+// saveSignatureAndCertificate serializes the server Signature and Certificate ArgoCDSettings and upserts it into the secret
+func (mgr *SettingsManager) saveSignatureAndCertificate(settings *ArgoCDSettings) error {
 	return mgr.updateSecret(func(argoCDSecret *corev1.Secret) error {
 		argoCDSecret.Data[settingServerSignatureKey] = settings.ServerSignature
-		if settings.WebhookGitHubSecret != "" {
-			argoCDSecret.Data[settingsWebhookGitHubSecretKey] = []byte(settings.WebhookGitHubSecret)
-		}
-		if settings.WebhookGitLabSecret != "" {
-			argoCDSecret.Data[settingsWebhookGitLabSecretKey] = []byte(settings.WebhookGitLabSecret)
-		}
-		if settings.WebhookBitbucketUUID != "" {
-			argoCDSecret.Data[settingsWebhookBitbucketUUIDKey] = []byte(settings.WebhookBitbucketUUID)
-		}
-		if settings.WebhookBitbucketServerSecret != "" {
-			argoCDSecret.Data[settingsWebhookBitbucketServerSecretKey] = []byte(settings.WebhookBitbucketServerSecret)
-		}
-		if settings.WebhookGogsSecret != "" {
-			argoCDSecret.Data[settingsWebhookGogsSecretKey] = []byte(settings.WebhookGogsSecret)
-		}
-		if settings.WebhookAzureDevOpsUsername != "" {
-			argoCDSecret.Data[settingsWebhookAzureDevOpsUsernameKey] = []byte(settings.WebhookAzureDevOpsUsername)
-		}
-		if settings.WebhookAzureDevOpsPassword != "" {
-			argoCDSecret.Data[settingsWebhookAzureDevOpsPasswordKey] = []byte(settings.WebhookAzureDevOpsPassword)
-		}
 		// we only write the certificate to the secret if it's not externally
 		// managed.
 		if settings.Certificate != nil && !settings.CertificateIsExternal {
@@ -2095,24 +2039,7 @@ func isIncompleteSettingsError(err error) bool {
 // InitializeSettings is used to initialize empty admin password, signature, certificate etc if missing
 func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error) {
 	const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
-
-	cdSettings, err := mgr.GetSettings()
-	if err != nil && !isIncompleteSettingsError(err) {
-		return nil, err
-	}
-	if cdSettings == nil {
-		cdSettings = &ArgoCDSettings{}
-	}
-	if cdSettings.ServerSignature == nil {
-		// set JWT signature
-		signature, err := util.MakeSignature(32)
-		if err != nil {
-			return nil, fmt.Errorf("error setting JWT signature: %w", err)
-		}
-		cdSettings.ServerSignature = signature
-		log.Info("Initialized server signature")
-	}
-	err = mgr.UpdateAccount(common.ArgoCDAdminUsername, func(adminAccount *Account) error {
+	err := mgr.UpdateAccount(common.ArgoCDAdminUsername, func(adminAccount *Account) error {
 		if adminAccount.Enabled {
 			now := time.Now().UTC()
 			if adminAccount.PasswordHash == "" {
@@ -2152,6 +2079,23 @@ func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoC
 		return nil, err
 	}
 
+	cdSettings, err := mgr.GetSettings()
+	if err != nil && !isIncompleteSettingsError(err) {
+		return nil, err
+	}
+	if cdSettings == nil {
+		cdSettings = &ArgoCDSettings{}
+	}
+	if cdSettings.ServerSignature == nil {
+		// set JWT signature
+		signature, err := util.MakeSignature(32)
+		if err != nil {
+			return nil, fmt.Errorf("error setting JWT signature: %w", err)
+		}
+		cdSettings.ServerSignature = signature
+		log.Info("Initialized server signature")
+	}
+
 	if cdSettings.Certificate == nil && !insecureModeEnabled {
 		// generate TLS cert
 		hosts := []string{
@@ -2174,7 +2118,7 @@ func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoC
 		log.Info("Initialized TLS certificate")
 	}
 
-	err = mgr.SaveSettings(cdSettings)
+	err = mgr.saveSignatureAndCertificate(cdSettings)
 	if apierrors.IsConflict(err) {
 		// assume settings are initialized by another instance of api server
 		log.Warnf("conflict when initializing settings. assuming updated by another replica")

From ff6c806f9f0df24653aecd108c9b7cf1e7028aad Mon Sep 17 00:00:00 2001
From: downfa11 <124482256+downfa11@users.noreply.github.com>
Date: Thu, 4 Sep 2025 01:03:59 +0900
Subject: [PATCH 340/383] fix: `syncPolicy.automated.enabled=false` does not
 disable automated sync  (#24254)

Signed-off-by: downfa11 <downfa11@naver.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 assets/swagger.json                           |    2 +-
 pkg/apis/application/v1alpha1/generated.pb.go | 1548 ++++++++---------
 pkg/apis/application/v1alpha1/generated.proto |    2 +-
 pkg/apis/application/v1alpha1/types.go        |    2 +-
 .../application-status-panel.tsx              |    2 +-
 .../application-auto-sync.test.tsx            |   47 +
 .../application-summary.tsx                   |    8 +-
 .../applications-filter.test.tsx              |   46 +
 .../applications-list/applications-filter.tsx |    4 +-
 9 files changed, 879 insertions(+), 782 deletions(-)
 create mode 100644 ui/src/app/applications/components/application-summary/application-auto-sync.test.tsx
 create mode 100644 ui/src/app/applications/components/applications-list/applications-filter.test.tsx

diff --git a/assets/swagger.json b/assets/swagger.json
index f71e81bda9266..6145747f2dc7d 100644
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -10540,7 +10540,7 @@
           "type": "boolean",
           "title": "AllowEmpty allows apps have zero live resources (default: false)"
         },
-        "enable": {
+        "enabled": {
           "type": "boolean",
           "title": "Enable allows apps to explicitly control automated sync"
         },
diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go
index 158d6bfc472de..978120efcff36 100644
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -4914,780 +4914,780 @@ func init() {
 }
 
 var fileDescriptor_c078c3c476799f44 = []byte{
-	// 12358 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6b, 0x70, 0x24, 0x59,
-	0x56, 0x18, 0xbc, 0x59, 0xa5, 0x92, 0xaa, 0x8e, 0x5e, 0xad, 0xdb, 0xdd, 0x33, 0xea, 0x9e, 0x87,
-	0x9a, 0x1c, 0x98, 0x5d, 0xbe, 0x9d, 0x91, 0x98, 0x9e, 0x99, 0x65, 0x3e, 0x06, 0x16, 0xf4, 0xe8,
-	0x87, 0xba, 0xa5, 0x96, 0xe6, 0x96, 0xba, 0x9b, 0x9d, 0x65, 0x76, 0x36, 0x95, 0x75, 0x25, 0x65,
-	0x2b, 0x2b, 0xb3, 0x26, 0x33, 0x4b, 0xad, 0x1a, 0x86, 0x65, 0x97, 0xdd, 0x85, 0x85, 0x7d, 0x8d,
-	0xc1, 0x61, 0x06, 0xdb, 0xe0, 0xc5, 0xe0, 0x47, 0x84, 0x63, 0x03, 0x6c, 0x7e, 0x98, 0x08, 0x20,
-	0x08, 0x1e, 0x41, 0x80, 0x5f, 0x60, 0x02, 0x03, 0x36, 0x20, 0xef, 0xb6, 0xed, 0x80, 0x70, 0x84,
-	0x89, 0x00, 0xfb, 0x87, 0xa3, 0xed, 0x20, 0x1c, 0xf7, 0x7d, 0x33, 0x2b, 0x4b, 0x2a, 0xb5, 0x52,
-	0xdd, 0xbd, 0x30, 0xff, 0xaa, 0xee, 0x39, 0x79, 0xce, 0xcd, 0x9b, 0xf7, 0x9e, 0x73, 0xee, 0xb9,
-	0xe7, 0x9c, 0x0b, 0x4b, 0x9b, 0x5e, 0xb2, 0xd5, 0x5e, 0x9f, 0x76, 0xc3, 0xe6, 0x8c, 0x13, 0x6d,
-	0x86, 0xad, 0x28, 0xbc, 0xc5, 0x7e, 0x3c, 0xeb, 0x36, 0x66, 0x76, 0x9e, 0x9f, 0x69, 0x6d, 0x6f,
-	0xce, 0x38, 0x2d, 0x2f, 0x9e, 0x71, 0x5a, 0x2d, 0xdf, 0x73, 0x9d, 0xc4, 0x0b, 0x83, 0x99, 0x9d,
-	0xe7, 0x1c, 0xbf, 0xb5, 0xe5, 0x3c, 0x37, 0xb3, 0x49, 0x02, 0x12, 0x39, 0x09, 0x69, 0x4c, 0xb7,
-	0xa2, 0x30, 0x09, 0xd1, 0xb7, 0x6a, 0x6a, 0xd3, 0x92, 0x1a, 0xfb, 0xf1, 0xba, 0xdb, 0x98, 0xde,
-	0x79, 0x7e, 0xba, 0xb5, 0xbd, 0x39, 0x4d, 0xa9, 0x4d, 0x1b, 0xd4, 0xa6, 0x25, 0xb5, 0xb3, 0xcf,
-	0x1a, 0x7d, 0xd9, 0x0c, 0x37, 0xc3, 0x19, 0x46, 0x74, 0xbd, 0xbd, 0xc1, 0xfe, 0xb1, 0x3f, 0xec,
-	0x17, 0x67, 0x76, 0xd6, 0xde, 0x7e, 0x29, 0x9e, 0xf6, 0x42, 0xda, 0xbd, 0x19, 0x37, 0x8c, 0xc8,
-	0xcc, 0x4e, 0x57, 0x87, 0xce, 0x5e, 0xd6, 0x38, 0x64, 0x37, 0x21, 0x41, 0xec, 0x85, 0x41, 0xfc,
-	0x2c, 0xed, 0x02, 0x89, 0x76, 0x48, 0x64, 0xbe, 0x9e, 0x81, 0x90, 0x47, 0xe9, 0x05, 0x4d, 0xa9,
-	0xe9, 0xb8, 0x5b, 0x5e, 0x40, 0xa2, 0x8e, 0x7e, 0xbc, 0x49, 0x12, 0x27, 0xef, 0xa9, 0x99, 0x5e,
-	0x4f, 0x45, 0xed, 0x20, 0xf1, 0x9a, 0xa4, 0xeb, 0x81, 0x0f, 0x1c, 0xf4, 0x40, 0xec, 0x6e, 0x91,
-	0xa6, 0xd3, 0xf5, 0xdc, 0xf3, 0xbd, 0x9e, 0x6b, 0x27, 0x9e, 0x3f, 0xe3, 0x05, 0x49, 0x9c, 0x44,
-	0xd9, 0x87, 0xec, 0xbf, 0x6f, 0xc1, 0xe8, 0xec, 0xcd, 0xfa, 0x6c, 0x3b, 0xd9, 0x9a, 0x0f, 0x83,
-	0x0d, 0x6f, 0x13, 0xbd, 0x08, 0xc3, 0xae, 0xdf, 0x8e, 0x13, 0x12, 0x5d, 0x73, 0x9a, 0x64, 0xd2,
-	0x3a, 0x67, 0xbd, 0xaf, 0x36, 0x77, 0xf2, 0x37, 0xf7, 0xa6, 0xde, 0x73, 0x67, 0x6f, 0x6a, 0x78,
-	0x5e, 0x83, 0xb0, 0x89, 0x87, 0xbe, 0x11, 0x86, 0xa2, 0xd0, 0x27, 0xb3, 0xf8, 0xda, 0x64, 0x89,
-	0x3d, 0x32, 0x2e, 0x1e, 0x19, 0xc2, 0xbc, 0x19, 0x4b, 0x38, 0x45, 0x6d, 0x45, 0xe1, 0x86, 0xe7,
-	0x93, 0xc9, 0x72, 0x1a, 0x75, 0x95, 0x37, 0x63, 0x09, 0xb7, 0x7f, 0xac, 0x04, 0xe3, 0xb3, 0xad,
-	0xd6, 0x65, 0xe2, 0xf8, 0xc9, 0x56, 0x3d, 0x71, 0x92, 0x76, 0x8c, 0x36, 0x61, 0x30, 0x66, 0xbf,
-	0x44, 0xdf, 0x56, 0xc4, 0xd3, 0x83, 0x1c, 0x7e, 0x77, 0x6f, 0xea, 0xdb, 0xf2, 0x66, 0xf4, 0xa6,
-	0x97, 0x84, 0xad, 0xf8, 0x59, 0x12, 0x6c, 0x7a, 0x01, 0x61, 0xe3, 0xb2, 0xc5, 0xa8, 0x4e, 0x9b,
-	0xc4, 0xe7, 0xc3, 0x06, 0xc1, 0x82, 0x3c, 0xed, 0x67, 0x93, 0xc4, 0xb1, 0xb3, 0x49, 0xb2, 0xaf,
-	0xb4, 0xcc, 0x9b, 0xb1, 0x84, 0xa3, 0x08, 0x90, 0xef, 0xc4, 0xc9, 0x5a, 0xe4, 0x04, 0xb1, 0x47,
-	0xa7, 0xf4, 0x9a, 0xd7, 0xe4, 0x6f, 0x37, 0x7c, 0xfe, 0xff, 0x9b, 0xe6, 0x1f, 0x66, 0xda, 0xfc,
-	0x30, 0x7a, 0x1d, 0xd0, 0x79, 0x33, 0xbd, 0xf3, 0xdc, 0x34, 0x7d, 0x62, 0xee, 0x91, 0x3b, 0x7b,
-	0x53, 0x68, 0xa9, 0x8b, 0x12, 0xce, 0xa1, 0x6e, 0xff, 0x7e, 0x09, 0x60, 0xb6, 0xd5, 0x5a, 0x8d,
-	0xc2, 0x5b, 0xc4, 0x4d, 0xd0, 0x47, 0xa1, 0x4a, 0x49, 0x35, 0x9c, 0xc4, 0x61, 0x03, 0x33, 0x7c,
-	0xfe, 0x9b, 0xfa, 0x63, 0xbc, 0xb2, 0x4e, 0x9f, 0x5f, 0x26, 0x89, 0x33, 0x87, 0xc4, 0x0b, 0x82,
-	0x6e, 0xc3, 0x8a, 0x2a, 0x0a, 0x60, 0x20, 0x6e, 0x11, 0x97, 0x0d, 0xc6, 0xf0, 0xf9, 0xa5, 0xe9,
-	0xa3, 0xac, 0xf4, 0x69, 0xdd, 0xf3, 0x7a, 0x8b, 0xb8, 0x73, 0x23, 0x82, 0xf3, 0x00, 0xfd, 0x87,
-	0x19, 0x1f, 0xb4, 0xa3, 0x3e, 0x34, 0x1f, 0xc8, 0x6b, 0x85, 0x71, 0x64, 0x54, 0xe7, 0xc6, 0xd2,
-	0x13, 0x47, 0x7e, 0x77, 0xfb, 0x4f, 0x2c, 0x18, 0xd3, 0xc8, 0x4b, 0x5e, 0x9c, 0xa0, 0xef, 0xea,
-	0x1a, 0xdc, 0xe9, 0xfe, 0x06, 0x97, 0x3e, 0xcd, 0x86, 0xf6, 0x84, 0x60, 0x56, 0x95, 0x2d, 0xc6,
-	0xc0, 0x36, 0xa1, 0xe2, 0x25, 0xa4, 0x19, 0x4f, 0x96, 0xce, 0x95, 0xdf, 0x37, 0x7c, 0xfe, 0x72,
-	0x51, 0xef, 0x39, 0x37, 0x2a, 0x98, 0x56, 0x16, 0x29, 0x79, 0xcc, 0xb9, 0xd8, 0x7f, 0x39, 0x6a,
-	0xbe, 0x1f, 0x1d, 0x70, 0xf4, 0x1c, 0x0c, 0xc7, 0x61, 0x3b, 0x72, 0x09, 0x26, 0xad, 0x90, 0x2e,
-	0xac, 0x32, 0x9d, 0xee, 0x74, 0xc1, 0xd7, 0x75, 0x33, 0x36, 0x71, 0xd0, 0x17, 0x2c, 0x18, 0x69,
-	0x90, 0x38, 0xf1, 0x02, 0xc6, 0x5f, 0x76, 0x7e, 0xed, 0xc8, 0x9d, 0x97, 0x8d, 0x0b, 0x9a, 0xf8,
-	0xdc, 0x29, 0xf1, 0x22, 0x23, 0x46, 0x63, 0x8c, 0x53, 0xfc, 0xa9, 0xe0, 0x6a, 0x90, 0xd8, 0x8d,
-	0xbc, 0x16, 0xfd, 0x2f, 0x44, 0x8b, 0x12, 0x5c, 0x0b, 0x1a, 0x84, 0x4d, 0x3c, 0x14, 0x40, 0x85,
-	0x0a, 0xa6, 0x78, 0x72, 0x80, 0xf5, 0x7f, 0xf1, 0x68, 0xfd, 0x17, 0x83, 0x4a, 0x65, 0x9e, 0x1e,
-	0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xbc, 0x05, 0x93, 0x42, 0x70, 0x62, 0xc2, 0x07, 0xf4,
-	0xe6, 0x96, 0x97, 0x10, 0xdf, 0x8b, 0x93, 0xc9, 0x0a, 0xeb, 0xc3, 0x4c, 0x7f, 0x73, 0xeb, 0x52,
-	0x14, 0xb6, 0x5b, 0x57, 0xbd, 0xa0, 0x31, 0x77, 0x4e, 0x70, 0x9a, 0x9c, 0xef, 0x41, 0x18, 0xf7,
-	0x64, 0x89, 0x7e, 0xc4, 0x82, 0xb3, 0x81, 0xd3, 0x24, 0x71, 0xcb, 0xa1, 0x9f, 0x96, 0x83, 0xe7,
-	0x7c, 0xc7, 0xdd, 0x66, 0x3d, 0x1a, 0xbc, 0xb7, 0x1e, 0xd9, 0xa2, 0x47, 0x67, 0xaf, 0xf5, 0x24,
-	0x8d, 0xf7, 0x61, 0x8b, 0x7e, 0xca, 0x82, 0x89, 0x30, 0x6a, 0x6d, 0x39, 0x01, 0x69, 0x48, 0x68,
-	0x3c, 0x39, 0xc4, 0x96, 0xde, 0x47, 0x8e, 0xf6, 0x89, 0x56, 0xb2, 0x64, 0x97, 0xc3, 0xc0, 0x4b,
-	0xc2, 0xa8, 0x4e, 0x92, 0xc4, 0x0b, 0x36, 0xe3, 0xb9, 0xd3, 0x77, 0xf6, 0xa6, 0x26, 0xba, 0xb0,
-	0x70, 0x77, 0x7f, 0xd0, 0x77, 0xc3, 0x70, 0xdc, 0x09, 0xdc, 0x9b, 0x5e, 0xd0, 0x08, 0x6f, 0xc7,
-	0x93, 0xd5, 0x22, 0x96, 0x6f, 0x5d, 0x11, 0x14, 0x0b, 0x50, 0x33, 0xc0, 0x26, 0xb7, 0xfc, 0x0f,
-	0xa7, 0xa7, 0x52, 0xad, 0xe8, 0x0f, 0xa7, 0x27, 0xd3, 0x3e, 0x6c, 0xd1, 0x0f, 0x58, 0x30, 0x1a,
-	0x7b, 0x9b, 0x81, 0x93, 0xb4, 0x23, 0x72, 0x95, 0x74, 0xe2, 0x49, 0x60, 0x1d, 0xb9, 0x72, 0xc4,
-	0x51, 0x31, 0x48, 0xce, 0x9d, 0x16, 0x7d, 0x1c, 0x35, 0x5b, 0x63, 0x9c, 0xe6, 0x9b, 0xb7, 0xd0,
-	0xf4, 0xb4, 0x1e, 0x2e, 0x76, 0xa1, 0xe9, 0x49, 0xdd, 0x93, 0x25, 0xfa, 0x0e, 0x38, 0xc1, 0x9b,
-	0xd4, 0xc8, 0xc6, 0x93, 0x23, 0x4c, 0xd0, 0x9e, 0xba, 0xb3, 0x37, 0x75, 0xa2, 0x9e, 0x81, 0xe1,
-	0x2e, 0x6c, 0xf4, 0x06, 0x4c, 0xb5, 0x48, 0xd4, 0xf4, 0x92, 0x95, 0xc0, 0xef, 0x48, 0xf1, 0xed,
-	0x86, 0x2d, 0xd2, 0x10, 0xdd, 0x89, 0x27, 0x47, 0xcf, 0x59, 0xef, 0xab, 0xce, 0xbd, 0x57, 0x74,
-	0x73, 0x6a, 0x75, 0x7f, 0x74, 0x7c, 0x10, 0x3d, 0xf4, 0x1b, 0x16, 0x9c, 0x35, 0xa4, 0x6c, 0x9d,
-	0x44, 0x3b, 0x9e, 0x4b, 0x66, 0x5d, 0x37, 0x6c, 0x07, 0x49, 0x3c, 0x39, 0xc6, 0x86, 0x71, 0xfd,
-	0x38, 0x64, 0x7e, 0x9a, 0x95, 0x9e, 0x97, 0x3d, 0x51, 0x62, 0xbc, 0x4f, 0x4f, 0xed, 0xdf, 0x2a,
-	0xc1, 0x89, 0xac, 0x05, 0x80, 0xfe, 0xb1, 0x05, 0xe3, 0xb7, 0x6e, 0x27, 0x6b, 0xe1, 0x36, 0x09,
-	0xe2, 0xb9, 0x0e, 0x95, 0xd3, 0x4c, 0xf7, 0x0d, 0x9f, 0x77, 0x8b, 0xb5, 0x35, 0xa6, 0xaf, 0xa4,
-	0xb9, 0x5c, 0x08, 0x92, 0xa8, 0x33, 0xf7, 0xa8, 0x78, 0xa7, 0xf1, 0x2b, 0x37, 0xd7, 0x4c, 0x28,
-	0xce, 0x76, 0xea, 0xec, 0x67, 0x2d, 0x38, 0x95, 0x47, 0x02, 0x9d, 0x80, 0xf2, 0x36, 0xe9, 0x70,
-	0x4b, 0x18, 0xd3, 0x9f, 0xe8, 0x35, 0xa8, 0xec, 0x38, 0x7e, 0x9b, 0x08, 0x33, 0xed, 0xd2, 0xd1,
-	0x5e, 0x44, 0xf5, 0x0c, 0x73, 0xaa, 0xdf, 0x52, 0x7a, 0xc9, 0xb2, 0x7f, 0xbb, 0x0c, 0xc3, 0xc6,
-	0x47, 0xbb, 0x0f, 0xa6, 0x67, 0x98, 0x32, 0x3d, 0x97, 0x0b, 0x9b, 0x6f, 0x3d, 0x6d, 0xcf, 0xdb,
-	0x19, 0xdb, 0x73, 0xa5, 0x38, 0x96, 0xfb, 0x1a, 0x9f, 0x28, 0x81, 0x5a, 0xd8, 0xa2, 0x5b, 0x34,
-	0x6a, 0xc3, 0x0c, 0x14, 0xf1, 0x09, 0x57, 0x24, 0xb9, 0xb9, 0xd1, 0x3b, 0x7b, 0x53, 0x35, 0xf5,
-	0x17, 0x6b, 0x46, 0xf6, 0x1f, 0x58, 0x70, 0xca, 0xe8, 0xe3, 0x7c, 0x18, 0x34, 0xd8, 0x46, 0x03,
-	0x9d, 0x83, 0x81, 0xa4, 0xd3, 0x92, 0xdb, 0x40, 0x35, 0x52, 0x6b, 0x9d, 0x16, 0xc1, 0x0c, 0xf2,
-	0xb0, 0xef, 0x92, 0x7e, 0xc4, 0x82, 0x47, 0xf2, 0x05, 0x0c, 0x7a, 0x1a, 0x06, 0xb9, 0x0f, 0x40,
-	0xbc, 0x9d, 0xfe, 0x24, 0xac, 0x15, 0x0b, 0x28, 0x9a, 0x81, 0x9a, 0x52, 0x78, 0xe2, 0x1d, 0x27,
-	0x04, 0x6a, 0x4d, 0x6b, 0x49, 0x8d, 0x43, 0x07, 0x8d, 0xfe, 0x11, 0x26, 0xa8, 0x1a, 0x34, 0xb6,
-	0x69, 0x66, 0x10, 0xfb, 0xf7, 0x2c, 0xf8, 0xfa, 0x7e, 0xc4, 0xde, 0xf1, 0xf5, 0xb1, 0x0e, 0xa7,
-	0x1b, 0x64, 0xc3, 0x69, 0xfb, 0x49, 0x9a, 0xa3, 0xe8, 0xf4, 0x13, 0xe2, 0xe1, 0xd3, 0x0b, 0x79,
-	0x48, 0x38, 0xff, 0x59, 0xfb, 0x3f, 0x5b, 0x6c, 0xbb, 0x2e, 0x5f, 0xeb, 0x3e, 0x6c, 0x9d, 0x82,
-	0xf4, 0xd6, 0x69, 0xb1, 0xb0, 0x65, 0xda, 0x63, 0xef, 0xf4, 0x79, 0x0b, 0xce, 0x1a, 0x58, 0xcb,
-	0x4e, 0xe2, 0x6e, 0x5d, 0xd8, 0x6d, 0x45, 0x24, 0x8e, 0xe9, 0x94, 0x7a, 0xc2, 0x10, 0xc7, 0x73,
-	0xc3, 0x82, 0x42, 0xf9, 0x2a, 0xe9, 0x70, 0xd9, 0xfc, 0x0c, 0x54, 0xf9, 0x9a, 0x0b, 0x23, 0xf1,
-	0x91, 0xd4, 0xbb, 0xad, 0x88, 0x76, 0xac, 0x30, 0x90, 0x0d, 0x83, 0x4c, 0xe6, 0x52, 0x19, 0x44,
-	0xcd, 0x04, 0xa0, 0xdf, 0xfd, 0x06, 0x6b, 0xc1, 0x02, 0x62, 0xc7, 0xa9, 0xee, 0xac, 0x46, 0x84,
-	0xcd, 0x87, 0xc6, 0x45, 0x8f, 0xf8, 0x8d, 0x98, 0x6e, 0xeb, 0x9c, 0x20, 0x08, 0x13, 0xb1, 0x43,
-	0x33, 0xb6, 0x75, 0xb3, 0xba, 0x19, 0x9b, 0x38, 0x94, 0xa9, 0xef, 0xac, 0x13, 0x9f, 0x8f, 0xa8,
-	0x60, 0xba, 0xc4, 0x5a, 0xb0, 0x80, 0xd8, 0x77, 0x4a, 0x6c, 0x03, 0xa9, 0x24, 0x1a, 0xb9, 0x1f,
-	0xde, 0x87, 0x28, 0xa5, 0x02, 0x56, 0x8b, 0x93, 0xc7, 0xa4, 0xb7, 0x07, 0xe2, 0xcd, 0x8c, 0x16,
-	0xc0, 0x85, 0x72, 0xdd, 0xdf, 0x0b, 0xf1, 0xf1, 0x32, 0x4c, 0xa5, 0x1f, 0xe8, 0x52, 0x22, 0x74,
-	0xcb, 0x6b, 0x30, 0xca, 0xfa, 0xea, 0x0c, 0x7c, 0x6c, 0xe2, 0xf5, 0x90, 0xc3, 0xa5, 0xe3, 0x94,
-	0xc3, 0xa6, 0x9a, 0x28, 0x1f, 0xa0, 0x26, 0x9e, 0x56, 0xa3, 0x3e, 0x90, 0x91, 0x79, 0x69, 0x55,
-	0x79, 0x0e, 0x06, 0xe2, 0x84, 0xb4, 0x26, 0x2b, 0x69, 0x31, 0x5b, 0x4f, 0x48, 0x0b, 0x33, 0x08,
-	0xfa, 0x36, 0x18, 0x4f, 0x9c, 0x68, 0x93, 0x24, 0x11, 0xd9, 0xf1, 0x98, 0x5f, 0x97, 0xed, 0x67,
-	0x6b, 0x73, 0x27, 0xa9, 0xd5, 0xb5, 0xc6, 0x40, 0x58, 0x82, 0x70, 0x16, 0xd7, 0xfe, 0xef, 0x25,
-	0x78, 0x34, 0xfd, 0x09, 0xb4, 0x62, 0xfc, 0xf6, 0x94, 0x62, 0x7c, 0xbf, 0xa9, 0x18, 0xef, 0xee,
-	0x4d, 0x3d, 0xd6, 0xe3, 0xb1, 0xaf, 0x19, 0xbd, 0x89, 0x2e, 0x65, 0x3e, 0xc2, 0x4c, 0x97, 0x97,
-	0xf5, 0x89, 0x1e, 0xef, 0x98, 0xf9, 0x4a, 0x4f, 0xc3, 0x60, 0x44, 0x9c, 0x38, 0x0c, 0xc4, 0x77,
-	0x52, 0x5f, 0x13, 0xb3, 0x56, 0x2c, 0xa0, 0xf6, 0xef, 0xd6, 0xb2, 0x83, 0x7d, 0x89, 0xfb, 0xaa,
-	0xc3, 0x08, 0x79, 0x30, 0xc0, 0x76, 0x6d, 0x5c, 0xb2, 0x5c, 0x3d, 0xda, 0x2a, 0xa4, 0x5a, 0x44,
-	0x91, 0x9e, 0xab, 0xd2, 0xaf, 0x46, 0x9b, 0x30, 0x63, 0x81, 0x76, 0xa1, 0xea, 0xca, 0xcd, 0x54,
-	0xa9, 0x08, 0xb7, 0xa3, 0xd8, 0x4a, 0x69, 0x8e, 0x23, 0x54, 0xdc, 0xab, 0x1d, 0x98, 0xe2, 0x86,
-	0x08, 0x94, 0x37, 0xbd, 0x44, 0x7c, 0xd6, 0x23, 0x6e, 0x97, 0x2f, 0x79, 0xc6, 0x2b, 0x0e, 0x51,
-	0x1d, 0x74, 0xc9, 0x4b, 0x30, 0xa5, 0x8f, 0x3e, 0x6d, 0xc1, 0x70, 0xec, 0x36, 0x57, 0xa3, 0x70,
-	0xc7, 0x6b, 0x90, 0x48, 0xd8, 0x98, 0x47, 0x94, 0x6c, 0xf5, 0xf9, 0x65, 0x49, 0x50, 0xf3, 0xe5,
-	0xee, 0x0b, 0x0d, 0xc1, 0x26, 0x5f, 0xba, 0xf7, 0x7a, 0x54, 0xbc, 0xfb, 0x02, 0x71, 0xd9, 0x8a,
-	0x93, 0x7b, 0x66, 0x36, 0x53, 0x8e, 0x6c, 0x73, 0x2f, 0xb4, 0xdd, 0x6d, 0xba, 0xde, 0x74, 0x87,
-	0x1e, 0xbb, 0xb3, 0x37, 0xf5, 0xe8, 0x7c, 0x3e, 0x4f, 0xdc, 0xab, 0x33, 0x6c, 0xc0, 0x5a, 0x6d,
-	0xdf, 0xc7, 0xe4, 0x8d, 0x36, 0x61, 0x1e, 0xb1, 0x02, 0x06, 0x6c, 0x55, 0x13, 0xcc, 0x0c, 0x98,
-	0x01, 0xc1, 0x26, 0x5f, 0xf4, 0x06, 0x0c, 0x36, 0x9d, 0x24, 0xf2, 0x76, 0x85, 0x1b, 0xec, 0x88,
-	0xbb, 0xa0, 0x65, 0x46, 0x4b, 0x33, 0x67, 0x8a, 0x9e, 0x37, 0x62, 0xc1, 0x08, 0x35, 0xa1, 0xd2,
-	0x24, 0xd1, 0x26, 0x99, 0xac, 0x16, 0xe1, 0xf2, 0x5f, 0xa6, 0xa4, 0x34, 0xc3, 0x1a, 0x35, 0xae,
-	0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0x6b, 0x50, 0x8d, 0x89, 0x4f, 0x5c, 0x6a, 0x1e, 0xd5, 0x18, 0xc7,
-	0xe7, 0xfb, 0x34, 0x15, 0xa9, 0x5d, 0x52, 0x17, 0x8f, 0xf2, 0x05, 0x26, 0xff, 0x61, 0x45, 0x92,
-	0x0e, 0x60, 0xcb, 0x6f, 0x6f, 0x7a, 0xc1, 0x24, 0x14, 0x31, 0x80, 0xab, 0x8c, 0x56, 0x66, 0x00,
-	0x79, 0x23, 0x16, 0x8c, 0xec, 0xff, 0x66, 0x01, 0x4a, 0x0b, 0xb5, 0xfb, 0x60, 0x13, 0xbf, 0x91,
-	0xb6, 0x89, 0x97, 0x8a, 0x34, 0x5a, 0x7a, 0x98, 0xc5, 0xbf, 0x50, 0x83, 0x8c, 0x3a, 0xb8, 0x46,
-	0xe2, 0x84, 0x34, 0xde, 0x15, 0xe1, 0xef, 0x8a, 0xf0, 0x77, 0x45, 0xb8, 0x12, 0xe1, 0xeb, 0x19,
-	0x11, 0xfe, 0x41, 0x63, 0xd5, 0xeb, 0xd8, 0x83, 0xd7, 0x55, 0x70, 0x82, 0xd9, 0x03, 0x03, 0x81,
-	0x4a, 0x82, 0x2b, 0xf5, 0x95, 0x6b, 0xb9, 0x32, 0xfb, 0xf5, 0xb4, 0xcc, 0x3e, 0x2a, 0x8b, 0xbf,
-	0x09, 0x52, 0xfa, 0x37, 0x2c, 0x78, 0x6f, 0x5a, 0x7a, 0xc9, 0x99, 0xb3, 0xb8, 0x19, 0x84, 0x11,
-	0x59, 0xf0, 0x36, 0x36, 0x48, 0x44, 0x02, 0x97, 0xc4, 0xca, 0xb7, 0x63, 0xf5, 0xf2, 0xed, 0xa0,
-	0x17, 0x60, 0xe4, 0x56, 0x1c, 0x06, 0xab, 0xa1, 0x17, 0x08, 0x11, 0x44, 0x77, 0x1c, 0x27, 0xee,
-	0xec, 0x4d, 0x8d, 0xd0, 0x11, 0x95, 0xed, 0x38, 0x85, 0x85, 0xe6, 0x61, 0xe2, 0xd6, 0x1b, 0xab,
-	0x4e, 0x62, 0x78, 0x13, 0xe4, 0xbe, 0x9f, 0x9d, 0x47, 0x5d, 0x79, 0x25, 0x03, 0xc4, 0xdd, 0xf8,
-	0xf6, 0xdf, 0x2b, 0xc1, 0x99, 0xcc, 0x8b, 0x84, 0xbe, 0x1f, 0xb6, 0x13, 0xba, 0x27, 0x42, 0x3f,
-	0x61, 0xc1, 0x89, 0x66, 0xda, 0x61, 0x11, 0x0b, 0x77, 0xf7, 0x77, 0x16, 0xa6, 0x23, 0x32, 0x1e,
-	0x91, 0xb9, 0x49, 0x31, 0x42, 0x27, 0x32, 0x80, 0x18, 0x77, 0xf5, 0x05, 0xbd, 0x06, 0xb5, 0xa6,
-	0xb3, 0x7b, 0xbd, 0xd5, 0x70, 0x12, 0xb9, 0x1d, 0xed, 0xed, 0x45, 0x68, 0x27, 0x9e, 0x3f, 0xcd,
-	0xa3, 0x5a, 0xa6, 0x17, 0x83, 0x64, 0x25, 0xaa, 0x27, 0x91, 0x17, 0x6c, 0x72, 0x27, 0xe7, 0xb2,
-	0x24, 0x83, 0x35, 0x45, 0xfb, 0xc7, 0xad, 0xac, 0x92, 0x52, 0xa3, 0x13, 0x39, 0x09, 0xd9, 0xec,
-	0xa0, 0xb7, 0xa0, 0x42, 0xf7, 0x8d, 0x72, 0x54, 0x6e, 0x16, 0xa9, 0x39, 0x8d, 0x2f, 0xa1, 0x95,
-	0x28, 0xfd, 0x17, 0x63, 0xce, 0xd4, 0xfe, 0x89, 0x5a, 0xd6, 0x58, 0x60, 0x67, 0xf3, 0xe7, 0x01,
-	0x36, 0xc3, 0x35, 0xd2, 0x6c, 0xf9, 0x74, 0x58, 0x2c, 0x76, 0xc0, 0xa3, 0x5c, 0x25, 0x97, 0x14,
-	0x04, 0x1b, 0x58, 0xe8, 0x07, 0x2d, 0x80, 0x4d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, 0xc8, 0xd7,
-	0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0x7d, 0x16, 0x54, 0x13, 0xd9, 0x7d,
-	0xae, 0x1a, 0xd7, 0x8a, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, 0xd1, 0xf7,
-	0x5b, 0x00, 0x71, 0x27, 0x70, 0x57, 0x43, 0xdf, 0x73, 0x3b, 0x42, 0x63, 0xde, 0x28, 0xd4, 0x9d,
-	0xa3, 0xa8, 0xcf, 0x8d, 0xd1, 0xd1, 0xd0, 0xff, 0xb1, 0xc1, 0x19, 0x7d, 0x0c, 0xaa, 0xb1, 0x98,
-	0x6e, 0x42, 0x47, 0xae, 0x15, 0xeb, 0x54, 0xe2, 0xb4, 0x85, 0x78, 0x15, 0xff, 0xb0, 0xe2, 0x89,
-	0x7e, 0xd4, 0x82, 0xf1, 0x56, 0xda, 0x4d, 0x28, 0xd4, 0x61, 0x71, 0x32, 0x20, 0xe3, 0x86, 0xe4,
-	0xde, 0x96, 0x4c, 0x23, 0xce, 0xf6, 0x82, 0x4a, 0x40, 0x3d, 0x83, 0x57, 0x5a, 0xdc, 0x65, 0x39,
-	0xa4, 0x25, 0xe0, 0xa5, 0x2c, 0x10, 0x77, 0xe3, 0xa3, 0x55, 0x38, 0x45, 0x7b, 0xd7, 0xe1, 0xe6,
-	0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xb9, 0xc7, 0xc5, 0x0c, 0x61, 0x67, 0x1d, 0x59, 0x1c,
-	0x9c, 0xfb, 0x24, 0xfa, 0x6d, 0x0b, 0x1e, 0xf7, 0x98, 0x1a, 0x30, 0x1d, 0xf6, 0x5a, 0x23, 0x88,
-	0x83, 0x76, 0x52, 0xa8, 0xac, 0xe8, 0xa5, 0x7e, 0xe6, 0xbe, 0x5e, 0xbc, 0xc1, 0xe3, 0x8b, 0xfb,
-	0x74, 0x09, 0xef, 0xdb, 0x61, 0xf4, 0xcd, 0x30, 0x2a, 0xd7, 0xc5, 0x2a, 0x15, 0xc1, 0x4c, 0xd1,
-	0xd6, 0xe6, 0x26, 0xee, 0xec, 0x4d, 0x8d, 0xae, 0x99, 0x00, 0x9c, 0xc6, 0xb3, 0xff, 0x55, 0x39,
-	0x75, 0x4a, 0xa4, 0x7c, 0x98, 0x4c, 0xdc, 0xb8, 0xd2, 0xff, 0x23, 0xa5, 0x67, 0xa1, 0xe2, 0x46,
-	0x79, 0x97, 0xb4, 0xb8, 0x51, 0x4d, 0x31, 0x36, 0x98, 0x53, 0xa3, 0x74, 0xc2, 0xc9, 0x7a, 0x4a,
-	0x85, 0x04, 0x7c, 0xad, 0xc8, 0x2e, 0x75, 0x9f, 0xe9, 0x9d, 0x11, 0x5d, 0x9b, 0xe8, 0x02, 0xe1,
-	0xee, 0x2e, 0xa1, 0xef, 0x81, 0x5a, 0xa4, 0x22, 0x5b, 0xca, 0x45, 0x6c, 0xd5, 0xe4, 0xb4, 0x11,
-	0xdd, 0x51, 0x07, 0x40, 0x3a, 0x86, 0x45, 0x73, 0xb4, 0x3f, 0x53, 0x4a, 0x1d, 0x8c, 0x19, 0xb2,
-	0xa3, 0x8f, 0x43, 0xbf, 0x2f, 0x58, 0x30, 0x1c, 0x85, 0xbe, 0xef, 0x05, 0x9b, 0x54, 0xce, 0x09,
-	0x65, 0xfd, 0xe1, 0x63, 0xd1, 0x97, 0x42, 0xa0, 0x31, 0xcb, 0x1a, 0x6b, 0x9e, 0xd8, 0xec, 0x00,
-	0x7a, 0x19, 0x46, 0x1b, 0xc4, 0x27, 0xf4, 0xd9, 0x95, 0x88, 0xee, 0x89, 0xb8, 0x93, 0x59, 0x45,
-	0x8a, 0x2c, 0x98, 0x40, 0x9c, 0xc6, 0xb5, 0xff, 0xc4, 0x82, 0xc9, 0x5e, 0xc2, 0x1c, 0x11, 0x78,
-	0x4c, 0x4a, 0x2a, 0x35, 0x8e, 0x2b, 0x81, 0xa4, 0x27, 0xf4, 0xf1, 0x53, 0x82, 0xcf, 0x63, 0xab,
-	0xbd, 0x51, 0xf1, 0x7e, 0x74, 0xd0, 0xab, 0x70, 0xc2, 0x18, 0x94, 0x58, 0x8d, 0x6a, 0x6d, 0x6e,
-	0x9a, 0x5a, 0x4f, 0xb3, 0x19, 0xd8, 0xdd, 0xbd, 0xa9, 0x47, 0xb2, 0x6d, 0x42, 0xdb, 0x74, 0xd1,
-	0xb1, 0x7f, 0xba, 0xeb, 0x53, 0x2b, 0x43, 0xe1, 0x1d, 0xab, 0xcb, 0x15, 0xf1, 0x9d, 0xc7, 0xa1,
-	0x9c, 0x99, 0xd3, 0x42, 0xc5, 0x70, 0xf4, 0xc6, 0x79, 0x80, 0x67, 0xfe, 0xf6, 0xbf, 0x19, 0x80,
-	0x7d, 0x7a, 0xd6, 0x87, 0xe5, 0x7f, 0xe8, 0x43, 0xd8, 0xcf, 0x59, 0xea, 0xb4, 0x8d, 0x0b, 0x80,
-	0xc6, 0x71, 0x8d, 0x3d, 0xdf, 0x7c, 0xc5, 0x3c, 0xee, 0x44, 0xb9, 0xe0, 0xd3, 0xe7, 0x7a, 0xe8,
-	0x4b, 0x56, 0xfa, 0xbc, 0x90, 0x47, 0x44, 0x7a, 0xc7, 0xd6, 0x27, 0xe3, 0x10, 0x92, 0x77, 0x4c,
-	0x1f, 0x5d, 0xf5, 0x3a, 0x9e, 0x9c, 0x06, 0xd8, 0xf0, 0x02, 0xc7, 0xf7, 0xde, 0xa4, 0x5b, 0xab,
-	0x0a, 0xb3, 0x0e, 0x98, 0xb9, 0x75, 0x51, 0xb5, 0x62, 0x03, 0xe3, 0xec, 0xff, 0x0f, 0xc3, 0xc6,
-	0x9b, 0xe7, 0x84, 0xcb, 0x9c, 0x32, 0xc3, 0x65, 0x6a, 0x46, 0x94, 0xcb, 0xd9, 0x0f, 0xc2, 0x89,
-	0x6c, 0x07, 0x0f, 0xf3, 0xbc, 0xfd, 0xbf, 0x87, 0xb2, 0x07, 0x78, 0x6b, 0x24, 0x6a, 0xd2, 0xae,
-	0xbd, 0xeb, 0x15, 0x7b, 0xd7, 0x2b, 0xf6, 0xae, 0x57, 0xcc, 0x3c, 0xd8, 0x10, 0x1e, 0x9f, 0xa1,
-	0xfb, 0xe4, 0xf1, 0x49, 0xf9, 0xb0, 0xaa, 0x85, 0xfb, 0xb0, 0xec, 0x4f, 0x77, 0xb9, 0xfd, 0xd7,
-	0x22, 0x42, 0x50, 0x08, 0x95, 0x20, 0x6c, 0x10, 0x69, 0x20, 0x5f, 0x29, 0xc6, 0xda, 0xbb, 0x16,
-	0x36, 0x8c, 0x58, 0x73, 0xfa, 0x2f, 0xc6, 0x9c, 0x8f, 0xfd, 0xa9, 0x41, 0x48, 0xd9, 0xa2, 0xfc,
-	0xbb, 0x7f, 0x23, 0x0c, 0x45, 0xa4, 0x15, 0x5e, 0xc7, 0x4b, 0x42, 0x97, 0xe9, 0x54, 0x1d, 0xde,
-	0x8c, 0x25, 0x9c, 0xea, 0xbc, 0x96, 0x93, 0x6c, 0x09, 0x65, 0xa6, 0x74, 0xde, 0xaa, 0x93, 0x6c,
-	0x61, 0x06, 0x41, 0x1f, 0x84, 0xb1, 0x24, 0x75, 0x8e, 0x2e, 0xce, 0x8b, 0x1f, 0x11, 0xb8, 0x63,
-	0xe9, 0x53, 0x76, 0x9c, 0xc1, 0x46, 0x6f, 0xc0, 0xc0, 0x16, 0xf1, 0x9b, 0xe2, 0xd3, 0xd7, 0x8b,
-	0xd3, 0x35, 0xec, 0x5d, 0x2f, 0x13, 0xbf, 0xc9, 0x25, 0x21, 0xfd, 0x85, 0x19, 0x2b, 0x3a, 0xef,
-	0x6b, 0xdb, 0xed, 0x38, 0x09, 0x9b, 0xde, 0x9b, 0xd2, 0x4d, 0xfa, 0x9d, 0x05, 0x33, 0xbe, 0x2a,
-	0xe9, 0x73, 0x7f, 0x94, 0xfa, 0x8b, 0x35, 0x67, 0xd6, 0x8f, 0x86, 0x17, 0xb1, 0x29, 0xd3, 0x11,
-	0xde, 0xce, 0xa2, 0xfb, 0xb1, 0x20, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, 0x46, 0x1d, 0xb5,
-	0xfe, 0x86, 0x59, 0x1f, 0xae, 0x17, 0xdc, 0x07, 0xbe, 0xf6, 0x72, 0xd7, 0xe1, 0x53, 0x50, 0x71,
-	0xb7, 0x9c, 0x28, 0x99, 0x1c, 0x61, 0x93, 0x46, 0xcd, 0xe2, 0x79, 0xda, 0x88, 0x39, 0x0c, 0x3d,
-	0x01, 0xe5, 0x88, 0x6c, 0xb0, 0xd0, 0x66, 0x23, 0xa8, 0x0a, 0x93, 0x0d, 0x4c, 0xdb, 0x95, 0x5d,
-	0x36, 0xd6, 0x33, 0xda, 0xee, 0x27, 0x4b, 0x69, 0xc3, 0x2e, 0x3d, 0x32, 0x7c, 0x3d, 0xb8, 0xed,
-	0x28, 0x96, 0xde, 0x35, 0x63, 0x3d, 0xb0, 0x66, 0x2c, 0xe1, 0xe8, 0x13, 0x16, 0x0c, 0xdd, 0x8a,
-	0xc3, 0x20, 0x20, 0x89, 0x50, 0xa2, 0x37, 0x0a, 0x1e, 0xac, 0x2b, 0x9c, 0xba, 0xee, 0x83, 0x68,
-	0xc0, 0x92, 0x2f, 0xed, 0x2e, 0xd9, 0x75, 0xfd, 0x76, 0xa3, 0x2b, 0x92, 0xe6, 0x02, 0x6f, 0xc6,
-	0x12, 0x4e, 0x51, 0xbd, 0x80, 0xa3, 0x0e, 0xa4, 0x51, 0x17, 0x03, 0x81, 0x2a, 0xe0, 0xf6, 0xcf,
-	0x55, 0xe1, 0x74, 0xee, 0xf2, 0xa1, 0x26, 0x17, 0x33, 0x6a, 0x2e, 0x7a, 0x3e, 0x91, 0x31, 0x64,
-	0xcc, 0xe4, 0xba, 0xa1, 0x5a, 0xb1, 0x81, 0x81, 0xbe, 0x17, 0xa0, 0xe5, 0x44, 0x4e, 0x93, 0x28,
-	0xef, 0xf7, 0x91, 0x2d, 0x1b, 0xda, 0x8f, 0x55, 0x49, 0x53, 0x7b, 0x00, 0x54, 0x53, 0x8c, 0x0d,
-	0x96, 0xe8, 0x45, 0x18, 0x8e, 0x88, 0x4f, 0x9c, 0x98, 0xc5, 0xce, 0x67, 0x13, 0x81, 0xb0, 0x06,
-	0x61, 0x13, 0x0f, 0x3d, 0xad, 0xc2, 0xed, 0x32, 0x61, 0x47, 0xe9, 0x90, 0x3b, 0xf4, 0x45, 0x0b,
-	0xc6, 0x36, 0x3c, 0x9f, 0x68, 0xee, 0x22, 0x6d, 0x67, 0xe5, 0xe8, 0x2f, 0x79, 0xd1, 0xa4, 0xab,
-	0x65, 0x68, 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0xef, 0x90, 0x88, 0x09, 0xdf, 0xc1, 0xf4,
-	0x67, 0xbe, 0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x59, 0x18, 0x6f, 0x39, 0x71, 0x3c, 0x1f, 0x91, 0x06,
-	0x09, 0x12, 0xcf, 0xf1, 0x79, 0x52, 0x4d, 0x55, 0xc7, 0xa2, 0xaf, 0xa6, 0xc1, 0x38, 0x8b, 0x8f,
-	0x3e, 0x04, 0x8f, 0x72, 0xf7, 0xd2, 0xb2, 0x17, 0xc7, 0x5e, 0xb0, 0xa9, 0xa7, 0x81, 0xf0, 0xb2,
-	0x4d, 0x09, 0x52, 0x8f, 0x2e, 0xe6, 0xa3, 0xe1, 0x5e, 0xcf, 0xa3, 0x67, 0xa0, 0x1a, 0x6f, 0x7b,
-	0xad, 0xf9, 0xa8, 0x11, 0xb3, 0xa3, 0xa5, 0xaa, 0xf6, 0xe9, 0xd6, 0x45, 0x3b, 0x56, 0x18, 0xc8,
-	0x85, 0x11, 0xfe, 0x49, 0x78, 0xbc, 0xa0, 0x90, 0xa0, 0xcf, 0xf6, 0x54, 0xe4, 0x22, 0x7f, 0x76,
-	0x1a, 0x3b, 0xb7, 0x2f, 0xc8, 0x83, 0x2e, 0x7e, 0x2e, 0x73, 0xc3, 0x20, 0x83, 0x53, 0x44, 0xd3,
-	0x7b, 0xba, 0xe1, 0x3e, 0xf6, 0x74, 0x2f, 0xc2, 0xf0, 0x76, 0x7b, 0x9d, 0x88, 0x91, 0x17, 0x82,
-	0x4d, 0xcd, 0xbe, 0xab, 0x1a, 0x84, 0x4d, 0x3c, 0x16, 0xaa, 0xd9, 0xf2, 0xc4, 0xbf, 0x78, 0x72,
-	0xd4, 0x08, 0xd5, 0x5c, 0x5d, 0x94, 0xcd, 0xd8, 0xc4, 0xa1, 0x5d, 0xa3, 0x63, 0xb1, 0x46, 0x62,
-	0x96, 0x89, 0x41, 0x87, 0x4b, 0x75, 0xad, 0x2e, 0x01, 0x58, 0xe3, 0xa0, 0x55, 0x38, 0x45, 0xff,
-	0xd4, 0x59, 0xfe, 0xf0, 0x0d, 0xc7, 0xf7, 0x1a, 0x3c, 0x6e, 0x70, 0x3c, 0xed, 0x1c, 0xad, 0xe7,
-	0xe0, 0xe0, 0xdc, 0x27, 0xed, 0x1f, 0x2b, 0xa5, 0x3d, 0x27, 0xa6, 0x08, 0x43, 0x31, 0x15, 0x54,
-	0xc9, 0x0d, 0x27, 0x92, 0x06, 0xcf, 0x11, 0x33, 0xa3, 0x04, 0xdd, 0x1b, 0x4e, 0x64, 0x8a, 0x3c,
-	0xc6, 0x00, 0x4b, 0x4e, 0xe8, 0x16, 0x0c, 0x24, 0xbe, 0x53, 0x50, 0x2a, 0xa5, 0xc1, 0x51, 0x7b,
-	0xc1, 0x96, 0x66, 0x63, 0xcc, 0x78, 0xa0, 0xc7, 0xe9, 0xee, 0x6d, 0x5d, 0x1e, 0xd3, 0x89, 0x0d,
-	0xd7, 0x7a, 0x8c, 0x59, 0xab, 0xfd, 0xb7, 0x47, 0x73, 0xb4, 0x8e, 0x32, 0x04, 0xd0, 0x79, 0x00,
-	0x3a, 0x69, 0x56, 0x23, 0xb2, 0xe1, 0xed, 0x0a, 0x43, 0x4c, 0x49, 0xb6, 0x6b, 0x0a, 0x82, 0x0d,
-	0x2c, 0xf9, 0x4c, 0xbd, 0xbd, 0x41, 0x9f, 0x29, 0x75, 0x3f, 0xc3, 0x21, 0xd8, 0xc0, 0x42, 0x2f,
-	0xc0, 0xa0, 0xd7, 0x74, 0x36, 0x55, 0x14, 0xf1, 0xe3, 0x54, 0xa4, 0x2d, 0xb2, 0x96, 0xbb, 0x7b,
-	0x53, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, 0xf4, 0xd3, 0x16, 0x8c, 0xb8, 0x61, 0xb3, 0x19,
-	0x06, 0x7c, 0xfb, 0x2c, 0x7c, 0x01, 0xb7, 0x8e, 0xcb, 0x4c, 0x9a, 0x9e, 0x37, 0x98, 0x71, 0x67,
-	0x80, 0xca, 0xf9, 0x34, 0x41, 0x38, 0xd5, 0x2b, 0x53, 0xf2, 0x55, 0x0e, 0x90, 0x7c, 0x3f, 0x6f,
-	0xc1, 0x04, 0x7f, 0xd6, 0xd8, 0xd5, 0x8b, 0xf4, 0xc6, 0xf0, 0x98, 0x5f, 0xab, 0xcb, 0xd1, 0xa1,
-	0x3c, 0xc5, 0x5d, 0x70, 0xdc, 0xdd, 0x49, 0x74, 0x09, 0x26, 0x36, 0xc2, 0xc8, 0x25, 0xe6, 0x40,
-	0x08, 0xb1, 0xad, 0x08, 0x5d, 0xcc, 0x22, 0xe0, 0xee, 0x67, 0xd0, 0x0d, 0x78, 0xc4, 0x68, 0x34,
-	0xc7, 0x81, 0x4b, 0xee, 0x27, 0x05, 0xb5, 0x47, 0x2e, 0xe6, 0x62, 0xe1, 0x1e, 0x4f, 0xa7, 0x85,
-	0x64, 0xad, 0x0f, 0x21, 0xf9, 0x3a, 0x9c, 0x71, 0xbb, 0x47, 0x66, 0x27, 0x6e, 0xaf, 0xc7, 0x5c,
-	0x8e, 0x57, 0xe7, 0xbe, 0x4e, 0x10, 0x38, 0x33, 0xdf, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0xde, 0x82,
-	0x6a, 0x44, 0xd8, 0x57, 0x89, 0x45, 0xae, 0xdf, 0x11, 0xbd, 0x1d, 0xda, 0x82, 0xe7, 0x64, 0xb5,
-	0x66, 0x12, 0x0d, 0x31, 0x56, 0x1c, 0xd1, 0x6d, 0x18, 0x6a, 0x39, 0x89, 0xbb, 0x25, 0x32, 0xfc,
-	0x8e, 0xec, 0xd8, 0x57, 0xcc, 0xd9, 0x39, 0x8c, 0x51, 0x2f, 0x81, 0x33, 0xc1, 0x92, 0x1b, 0xb5,
-	0xd5, 0xdc, 0xb0, 0xd9, 0x0a, 0x03, 0x12, 0x24, 0x52, 0x89, 0x8c, 0xf1, 0xc3, 0x12, 0xd9, 0x8a,
-	0x0d, 0x8c, 0x2e, 0x5d, 0xae, 0xd1, 0x26, 0x27, 0xf6, 0xd1, 0xe5, 0x06, 0xb5, 0x5e, 0xcf, 0x53,
-	0x65, 0xc3, 0xdc, 0x8a, 0x37, 0xbd, 0x64, 0x2b, 0x6c, 0x27, 0x72, 0x97, 0x2c, 0x14, 0x95, 0x52,
-	0x36, 0x4b, 0x39, 0x38, 0x38, 0xf7, 0xc9, 0xac, 0x66, 0x1d, 0xbf, 0x37, 0xcd, 0x7a, 0xa2, 0x0f,
-	0xcd, 0x5a, 0x87, 0xd3, 0xac, 0x07, 0xc2, 0x4a, 0x96, 0x4e, 0xcb, 0x78, 0x12, 0xb1, 0xce, 0xab,
-	0xe4, 0x98, 0xa5, 0x3c, 0x24, 0x9c, 0xff, 0xec, 0xd9, 0x6f, 0x87, 0x89, 0x2e, 0x21, 0x77, 0x28,
-	0x87, 0xe4, 0x02, 0x3c, 0x92, 0x2f, 0x4e, 0x0e, 0xe5, 0x96, 0xfc, 0xb9, 0x4c, 0x50, 0xbb, 0xb1,
-	0x45, 0xeb, 0xc3, 0xc5, 0xed, 0x40, 0x99, 0x04, 0x3b, 0x42, 0xbb, 0x5e, 0x3c, 0xda, 0xac, 0xbe,
-	0x10, 0xec, 0x70, 0x69, 0xc8, 0xfc, 0x78, 0x17, 0x82, 0x1d, 0x4c, 0x69, 0xa3, 0x1f, 0xb6, 0x52,
-	0x1b, 0x08, 0xee, 0x18, 0xff, 0xc8, 0xb1, 0xec, 0x49, 0xfb, 0xde, 0x53, 0xd8, 0xff, 0xb6, 0x04,
-	0xe7, 0x0e, 0x22, 0xd2, 0xc7, 0xf0, 0x3d, 0x05, 0x83, 0x31, 0x0b, 0x53, 0x11, 0xea, 0x6a, 0x98,
-	0xae, 0x62, 0x1e, 0xb8, 0xf2, 0x3a, 0x16, 0x20, 0xe4, 0x43, 0xb9, 0xe9, 0xb4, 0x84, 0xbf, 0x74,
-	0xf1, 0xa8, 0xc9, 0x7f, 0xf4, 0xbf, 0xe3, 0x2f, 0x3b, 0x2d, 0x3e, 0xe7, 0x8d, 0x06, 0x4c, 0xd9,
-	0xa0, 0x04, 0x2a, 0x4e, 0x14, 0x39, 0x32, 0x26, 0xe2, 0x6a, 0x31, 0xfc, 0x66, 0x29, 0x49, 0x7e,
-	0xa4, 0x9c, 0x6a, 0xc2, 0x9c, 0x99, 0xfd, 0xa3, 0xd5, 0x54, 0xa6, 0x18, 0x0b, 0x74, 0x89, 0x61,
-	0x50, 0xb8, 0x49, 0xad, 0xa2, 0x73, 0x2e, 0x79, 0x2a, 0x36, 0xf3, 0x40, 0x88, 0x82, 0x16, 0x82,
-	0x15, 0xfa, 0xac, 0xc5, 0xca, 0x46, 0xc8, 0xf4, 0x3b, 0xb1, 0xab, 0x3f, 0x9e, 0x2a, 0x16, 0x66,
-	0x31, 0x0a, 0xd9, 0x88, 0x4d, 0xee, 0xa2, 0x34, 0x0e, 0xdb, 0xcd, 0x74, 0x97, 0xc6, 0x61, 0xbb,
-	0x13, 0x09, 0x47, 0xbb, 0x39, 0x01, 0x2d, 0x05, 0x94, 0x1e, 0xe8, 0x23, 0x84, 0xe5, 0x4b, 0x16,
-	0x4c, 0x78, 0xd9, 0xc8, 0x04, 0xb1, 0x07, 0xbe, 0x59, 0x8c, 0x4f, 0xb3, 0x3b, 0xf0, 0x41, 0x19,
-	0x3a, 0x5d, 0x20, 0xdc, 0xdd, 0x19, 0xd4, 0x80, 0x01, 0x2f, 0xd8, 0x08, 0x85, 0x79, 0x37, 0x77,
-	0xb4, 0x4e, 0x2d, 0x06, 0x1b, 0xa1, 0x5e, 0xcd, 0xf4, 0x1f, 0x66, 0xd4, 0xd1, 0x12, 0x9c, 0x92,
-	0xc9, 0x42, 0x97, 0xbd, 0x38, 0x09, 0xa3, 0xce, 0x92, 0xd7, 0xf4, 0x12, 0x66, 0x9a, 0x95, 0xe7,
-	0x26, 0xa9, 0x7a, 0xc3, 0x39, 0x70, 0x9c, 0xfb, 0x14, 0x7a, 0x13, 0x86, 0x64, 0x34, 0x40, 0xb5,
-	0x08, 0x7f, 0x42, 0xf7, 0xfc, 0x57, 0x93, 0xa9, 0x2e, 0xc2, 0x01, 0x24, 0x43, 0xf4, 0x19, 0x0b,
-	0xc6, 0xf8, 0xef, 0xcb, 0x9d, 0x06, 0xcf, 0x4f, 0xac, 0x15, 0x11, 0xf2, 0x5f, 0x4f, 0xd1, 0x9c,
-	0x43, 0x77, 0xf6, 0xa6, 0xc6, 0xd2, 0x6d, 0x38, 0xc3, 0xd7, 0xfe, 0x27, 0x23, 0xd0, 0x1d, 0x3f,
-	0x91, 0x0e, 0x96, 0xb0, 0xee, 0x77, 0xb0, 0x04, 0xdd, 0x55, 0xc6, 0x3a, 0xce, 0xa1, 0x80, 0x65,
-	0x26, 0xb8, 0xea, 0x63, 0xe8, 0x4e, 0xe0, 0x62, 0xc6, 0x03, 0xb5, 0x61, 0x90, 0x57, 0xa6, 0x12,
-	0x1a, 0xe0, 0xe8, 0x27, 0xdf, 0x66, 0x85, 0x2b, 0xed, 0xd6, 0xe2, 0xad, 0x58, 0x30, 0x43, 0xbb,
-	0x30, 0xb4, 0xc5, 0xa7, 0xa3, 0xd8, 0xeb, 0x2d, 0x1f, 0x75, 0x7c, 0x53, 0x73, 0x5c, 0x4f, 0x3e,
-	0xd1, 0x80, 0x25, 0x3b, 0x16, 0x9b, 0x67, 0x44, 0x0f, 0x71, 0x41, 0x52, 0x5c, 0xaa, 0x65, 0xff,
-	0xa1, 0x43, 0x1f, 0x85, 0x91, 0x88, 0xb8, 0x61, 0xe0, 0x7a, 0x3e, 0x69, 0xcc, 0xca, 0x03, 0xb1,
-	0xc3, 0x64, 0xd8, 0x31, 0x6f, 0x12, 0x36, 0x68, 0xe0, 0x14, 0x45, 0xb6, 0xce, 0x54, 0xd6, 0x3d,
-	0xfd, 0x20, 0x44, 0x1c, 0x7c, 0x2c, 0x15, 0x94, 0xe3, 0xcf, 0x68, 0xf2, 0x75, 0x96, 0x6e, 0xc3,
-	0x19, 0xbe, 0xe8, 0x55, 0x80, 0x70, 0x9d, 0x07, 0xe0, 0xcd, 0x26, 0xe2, 0x14, 0xe4, 0x30, 0xaf,
-	0x3a, 0xc6, 0x33, 0x75, 0x25, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x01, 0xf8, 0xca, 0x59, 0xeb, 0xb4,
-	0xe4, 0x86, 0x50, 0xa6, 0x48, 0x42, 0x5d, 0x41, 0xee, 0xee, 0x4d, 0x75, 0xfb, 0x9c, 0x59, 0x94,
-	0x91, 0xf1, 0x38, 0xfa, 0x6e, 0x18, 0x8a, 0xdb, 0xcd, 0xa6, 0xa3, 0xce, 0x48, 0x0a, 0xcc, 0xfd,
-	0xe5, 0x74, 0x0d, 0xc1, 0xc8, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0x11, 0x2f, 0x24, 0x14, 0x5f,
-	0x45, 0xdc, 0x42, 0xe1, 0x9e, 0xc0, 0x0f, 0xc8, 0x5d, 0x0c, 0xce, 0xc1, 0xb9, 0xbb, 0x37, 0xf5,
-	0x48, 0xba, 0x7d, 0x29, 0x14, 0xd9, 0xb8, 0xb9, 0x34, 0xd1, 0x15, 0x59, 0x84, 0x8b, 0xbe, 0xb6,
-	0xac, 0x0d, 0xf3, 0x3e, 0x5d, 0x84, 0x8b, 0x35, 0xf7, 0x1e, 0x33, 0xf3, 0x61, 0xb4, 0x0c, 0x27,
-	0xdd, 0x30, 0x48, 0xa2, 0xd0, 0xf7, 0x79, 0x81, 0x3e, 0xbe, 0x37, 0xe7, 0x67, 0x28, 0x8f, 0x89,
-	0x6e, 0x9f, 0x9c, 0xef, 0x46, 0xc1, 0x79, 0xcf, 0x51, 0x9b, 0x3c, 0xab, 0x1f, 0xc6, 0x0a, 0x39,
-	0x5e, 0x4f, 0xd1, 0x14, 0x12, 0x4a, 0xb9, 0xbd, 0x0f, 0xd0, 0x14, 0x41, 0xfa, 0x90, 0x55, 0x7c,
-	0xb1, 0x17, 0x60, 0x84, 0xec, 0x26, 0x24, 0x0a, 0x1c, 0xff, 0x3a, 0x5e, 0x92, 0x07, 0x16, 0x6c,
-	0x61, 0x5e, 0x30, 0xda, 0x71, 0x0a, 0x0b, 0xd9, 0xca, 0x4b, 0x66, 0xa4, 0xbd, 0x73, 0x2f, 0x99,
-	0xf4, 0x89, 0xd9, 0x3f, 0x5b, 0x4e, 0xd9, 0xac, 0x0f, 0xe4, 0x48, 0x97, 0xd5, 0x57, 0x92, 0x85,
-	0xa8, 0x18, 0x40, 0xec, 0xc5, 0x8a, 0xe4, 0xac, 0xa2, 0xe6, 0x56, 0x4c, 0x46, 0x38, 0xcd, 0x17,
-	0x6d, 0x43, 0x65, 0x2b, 0x8c, 0x13, 0xb9, 0x43, 0x3b, 0xe2, 0x66, 0xf0, 0x72, 0x18, 0x27, 0xcc,
-	0xd0, 0x52, 0xaf, 0x4d, 0x5b, 0x62, 0xcc, 0x79, 0xd0, 0xbd, 0x7f, 0xbc, 0xe5, 0x44, 0x8d, 0x78,
-	0x9e, 0x15, 0xa9, 0x18, 0x60, 0x16, 0x96, 0xb2, 0xa7, 0xeb, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x4f,
-	0xad, 0xd4, 0xa9, 0xd6, 0x4d, 0x96, 0x71, 0xb0, 0x43, 0x02, 0x2a, 0xa2, 0xcc, 0x18, 0xc7, 0x6f,
-	0xce, 0xe4, 0x6f, 0xbf, 0xb7, 0x57, 0x2d, 0xcd, 0xdb, 0x94, 0xc2, 0x34, 0x23, 0x61, 0x84, 0x43,
-	0x7e, 0xdc, 0x4a, 0x27, 0xe2, 0x97, 0x8a, 0xd8, 0xba, 0x99, 0xc5, 0x28, 0x0e, 0xcc, 0xe9, 0xb7,
-	0x7f, 0xd8, 0x82, 0xa1, 0x39, 0xc7, 0xdd, 0x0e, 0x37, 0x36, 0xd0, 0x33, 0x50, 0x6d, 0xb4, 0x23,
-	0xb3, 0x26, 0x80, 0x72, 0x56, 0x2d, 0x88, 0x76, 0xac, 0x30, 0xe8, 0xd4, 0xdf, 0x70, 0x5c, 0x59,
-	0x92, 0xa2, 0xcc, 0xa7, 0xfe, 0x45, 0xd6, 0x82, 0x05, 0x84, 0x0e, 0x7f, 0xd3, 0xd9, 0x95, 0x0f,
-	0x67, 0x8f, 0xd4, 0x96, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0xaf, 0x5b, 0x30, 0x39, 0xe7, 0xc4, 0x9e,
-	0x3b, 0xdb, 0x4e, 0xb6, 0xe6, 0xbc, 0x64, 0xbd, 0xed, 0x6e, 0x93, 0x84, 0x97, 0x2e, 0xa1, 0xbd,
-	0x6c, 0xc7, 0x74, 0x05, 0xaa, 0x1d, 0xb3, 0xea, 0xe5, 0x75, 0xd1, 0x8e, 0x15, 0x06, 0x7a, 0x13,
-	0x86, 0x5b, 0x4e, 0x1c, 0xdf, 0x0e, 0xa3, 0x06, 0x26, 0x1b, 0xc5, 0x14, 0x37, 0xaa, 0x13, 0x37,
-	0x22, 0x09, 0x26, 0x1b, 0x22, 0x40, 0x45, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x07, 0x2d, 0x38, 0x35,
-	0x47, 0x9c, 0x88, 0x44, 0xac, 0x16, 0x92, 0x7a, 0x11, 0xf4, 0x06, 0x54, 0x13, 0xda, 0x42, 0x7b,
-	0x64, 0x15, 0xdb, 0x23, 0x16, 0x5a, 0xb2, 0x26, 0x88, 0x63, 0xc5, 0xc6, 0xfe, 0x82, 0x05, 0x67,
-	0xf2, 0xfa, 0x32, 0xef, 0x87, 0xed, 0xc6, 0x83, 0xe8, 0xd0, 0xdf, 0xb5, 0x60, 0x84, 0x1d, 0xd7,
-	0x2f, 0x90, 0xc4, 0xf1, 0xfc, 0xae, 0x3a, 0x8c, 0x56, 0x9f, 0x75, 0x18, 0xcf, 0xc1, 0xc0, 0x56,
-	0xd8, 0x24, 0xd9, 0x50, 0x93, 0xcb, 0x61, 0x93, 0x60, 0x06, 0x41, 0xcf, 0xd1, 0x49, 0xe8, 0x05,
-	0x89, 0x43, 0x97, 0xa3, 0x3c, 0xce, 0x18, 0xe7, 0x13, 0x50, 0x35, 0x63, 0x13, 0xc7, 0xfe, 0x95,
-	0x1a, 0x0c, 0x89, 0xb8, 0xa8, 0xbe, 0x4b, 0xe9, 0x48, 0x2f, 0x4e, 0xa9, 0xa7, 0x17, 0x27, 0x86,
-	0x41, 0x97, 0x15, 0xcb, 0x15, 0x16, 0xfa, 0xd5, 0x42, 0x02, 0xe9, 0x78, 0xfd, 0x5d, 0xdd, 0x2d,
-	0xfe, 0x1f, 0x0b, 0x56, 0xe8, 0x6d, 0x0b, 0xc6, 0xdd, 0x30, 0x08, 0x88, 0xab, 0x6d, 0xc7, 0x81,
-	0x22, 0x36, 0x08, 0xf3, 0x69, 0xa2, 0xfa, 0x24, 0x38, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0x65, 0x18,
-	0xe5, 0x63, 0x76, 0x23, 0x75, 0x06, 0xa3, 0xcb, 0xf3, 0x99, 0x40, 0x9c, 0xc6, 0x45, 0xd3, 0xfc,
-	0x2c, 0x4b, 0x14, 0xc2, 0x1b, 0xd4, 0xae, 0x6a, 0xa3, 0x04, 0x9e, 0x81, 0x81, 0x22, 0x40, 0x11,
-	0xd9, 0x88, 0x48, 0xbc, 0x25, 0xe2, 0xc6, 0x98, 0xdd, 0x3a, 0x74, 0x6f, 0x45, 0x30, 0x70, 0x17,
-	0x25, 0x9c, 0x43, 0x1d, 0x6d, 0x0b, 0x37, 0x42, 0xb5, 0x08, 0x79, 0x2e, 0x3e, 0x73, 0x4f, 0x6f,
-	0xc2, 0x14, 0x54, 0x98, 0xea, 0x62, 0xf6, 0x72, 0x99, 0x27, 0x5e, 0x32, 0xc5, 0x86, 0x79, 0x3b,
-	0x5a, 0x80, 0x13, 0x99, 0xe2, 0x82, 0xb1, 0x38, 0x2b, 0x51, 0x49, 0x76, 0x99, 0xb2, 0x84, 0x31,
-	0xee, 0x7a, 0xc2, 0x74, 0x31, 0x0d, 0x1f, 0xe0, 0x62, 0xea, 0xa8, 0xe8, 0x64, 0x7e, 0x8a, 0xf1,
-	0x4a, 0x21, 0x03, 0xd0, 0x57, 0x28, 0xf2, 0xe7, 0x33, 0xa1, 0xc8, 0xa3, 0xac, 0x03, 0x37, 0x8a,
-	0xe9, 0xc0, 0xe1, 0xe3, 0x8e, 0x1f, 0x64, 0x1c, 0xf1, 0xff, 0xb2, 0x40, 0x7e, 0xd7, 0x79, 0xc7,
-	0xdd, 0x22, 0x74, 0xca, 0xa0, 0x0f, 0xc2, 0x98, 0xf2, 0x4e, 0x70, 0x93, 0xc8, 0x62, 0xb3, 0x46,
-	0xd9, 0xce, 0x38, 0x05, 0xc5, 0x19, 0x6c, 0x34, 0x03, 0x35, 0x3a, 0x4e, 0xfc, 0x51, 0xae, 0xf7,
-	0x95, 0x07, 0x64, 0x76, 0x75, 0x51, 0x3c, 0xa5, 0x71, 0x50, 0x08, 0x13, 0xbe, 0x13, 0x27, 0xac,
-	0x07, 0xf5, 0x4e, 0xe0, 0xde, 0x63, 0x09, 0x1a, 0x96, 0xc9, 0xb5, 0x94, 0x25, 0x84, 0xbb, 0x69,
-	0xdb, 0xff, 0xbe, 0x02, 0xa3, 0x29, 0xc9, 0x78, 0x48, 0x83, 0xe1, 0x19, 0xa8, 0x4a, 0x1d, 0x9e,
-	0xad, 0xb5, 0xa5, 0x14, 0xbd, 0xc2, 0xa0, 0x4a, 0x6b, 0x5d, 0x6b, 0xd5, 0xac, 0x81, 0x63, 0x28,
-	0x5c, 0x6c, 0xe2, 0x31, 0xa1, 0x9c, 0xf8, 0xf1, 0xbc, 0xef, 0x91, 0x20, 0xe1, 0xdd, 0x2c, 0x46,
-	0x28, 0xaf, 0x2d, 0xd5, 0x4d, 0xa2, 0x5a, 0x28, 0x67, 0x00, 0x38, 0xcb, 0x1e, 0x7d, 0xca, 0x82,
-	0x51, 0xe7, 0x76, 0xac, 0x2b, 0xba, 0x8b, 0xa0, 0xe3, 0x23, 0x2a, 0xa9, 0x54, 0x91, 0x78, 0xee,
-	0xd8, 0x4f, 0x35, 0xe1, 0x34, 0x53, 0xf4, 0x8e, 0x05, 0x88, 0xec, 0x12, 0x57, 0x86, 0x45, 0x8b,
-	0xbe, 0x0c, 0x16, 0xb1, 0x83, 0xbf, 0xd0, 0x45, 0x97, 0x4b, 0xf5, 0xee, 0x76, 0x9c, 0xd3, 0x07,
-	0x74, 0x05, 0x50, 0xc3, 0x8b, 0x9d, 0x75, 0x9f, 0xcc, 0x87, 0x4d, 0x99, 0x7d, 0x2c, 0xce, 0xd3,
-	0xcf, 0x8a, 0x71, 0x46, 0x0b, 0x5d, 0x18, 0x38, 0xe7, 0x29, 0x36, 0xcb, 0xa2, 0x70, 0xb7, 0x73,
-	0x3d, 0xf2, 0x99, 0x96, 0x30, 0x67, 0x99, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xb3, 0xb2, 0x5a, 0xca,
-	0x3a, 0x07, 0xc0, 0x31, 0x62, 0x91, 0xad, 0x7b, 0x8f, 0x45, 0xd6, 0x91, 0x52, 0xdd, 0x39, 0xf5,
-	0xa9, 0x14, 0xdc, 0xd2, 0x03, 0x4a, 0xc1, 0xfd, 0x3e, 0x2b, 0x55, 0xcf, 0x6e, 0xf8, 0xfc, 0xab,
-	0xc5, 0xe6, 0x1f, 0x4c, 0xf3, 0x28, 0xae, 0x8c, 0x5e, 0xc9, 0x04, 0xef, 0x3d, 0x03, 0xd5, 0x0d,
-	0xdf, 0x61, 0x55, 0x58, 0xd8, 0x42, 0x35, 0x22, 0xcc, 0x2e, 0x8a, 0x76, 0xac, 0x30, 0xa8, 0xd4,
-	0x37, 0x88, 0x1e, 0x4a, 0x6a, 0xff, 0xa7, 0x32, 0x0c, 0x1b, 0x1a, 0x3f, 0xd7, 0x7c, 0xb3, 0x1e,
-	0x32, 0xf3, 0xad, 0x74, 0x08, 0xf3, 0xed, 0x7b, 0xa1, 0xe6, 0x4a, 0x6d, 0x54, 0x4c, 0x7d, 0xfe,
-	0xac, 0x8e, 0xd3, 0x0a, 0x49, 0x35, 0x61, 0xcd, 0x13, 0x5d, 0x4a, 0xa5, 0x79, 0xa6, 0xfc, 0x02,
-	0x79, 0x79, 0x98, 0x42, 0xa3, 0x75, 0x3f, 0x93, 0x8d, 0x0f, 0xa8, 0x1c, 0x1c, 0x1f, 0x60, 0xff,
-	0x81, 0xa5, 0x3e, 0xee, 0x7d, 0xa8, 0xe7, 0x73, 0x2b, 0x5d, 0xcf, 0xe7, 0x42, 0x21, 0xc3, 0xdc,
-	0xa3, 0x90, 0xcf, 0x35, 0x18, 0x9a, 0x0f, 0x9b, 0x4d, 0x27, 0x68, 0xa0, 0x6f, 0x80, 0x21, 0x97,
-	0xff, 0x14, 0x3e, 0x34, 0x76, 0x58, 0x2d, 0xa0, 0x58, 0xc2, 0xd0, 0xe3, 0x30, 0xe0, 0x44, 0x9b,
-	0xd2, 0x6f, 0xc6, 0x82, 0xe0, 0x66, 0xa3, 0xcd, 0x18, 0xb3, 0x56, 0xfb, 0x2f, 0x2c, 0x18, 0xa3,
-	0x8f, 0x78, 0xec, 0xa5, 0xd8, 0xeb, 0x3c, 0x0d, 0x83, 0x4e, 0x3b, 0xd9, 0x0a, 0xbb, 0xf6, 0x61,
-	0xb3, 0xac, 0x15, 0x0b, 0x28, 0xdd, 0x87, 0xa9, 0x42, 0x10, 0xc6, 0x3e, 0x6c, 0x81, 0xce, 0x65,
-	0x06, 0xa1, 0xa6, 0x6c, 0xdc, 0x5e, 0xcf, 0x3b, 0x2d, 0xad, 0xf3, 0x66, 0x2c, 0xe1, 0x94, 0xd8,
-	0x7a, 0xd8, 0xe8, 0x88, 0xd0, 0x5e, 0x45, 0x6c, 0x2e, 0x6c, 0x74, 0x30, 0x83, 0xa0, 0x27, 0xa0,
-	0x1c, 0x6f, 0x39, 0xf2, 0x5c, 0x5e, 0x46, 0x99, 0xd7, 0x2f, 0xcf, 0x62, 0xda, 0xae, 0x92, 0x26,
-	0x22, 0x3f, 0x1b, 0x63, 0x9b, 0x4e, 0x9a, 0x88, 0x7c, 0xfb, 0x5f, 0x0c, 0x00, 0x8b, 0xb7, 0x71,
-	0x22, 0xd2, 0x58, 0x0b, 0x59, 0x29, 0xe1, 0x63, 0x3d, 0xd6, 0xd6, 0x1b, 0xd9, 0x87, 0xf9, 0x68,
-	0xdb, 0x38, 0xde, 0x2c, 0xdf, 0xef, 0xe3, 0xcd, 0xfc, 0x13, 0xeb, 0x81, 0x87, 0xe8, 0xc4, 0xda,
-	0xfe, 0x9c, 0x05, 0x48, 0x45, 0x4f, 0xe9, 0x90, 0x92, 0x19, 0xa8, 0xa9, 0x70, 0x2d, 0xb1, 0x5e,
-	0xb4, 0x58, 0x94, 0x00, 0xac, 0x71, 0xfa, 0xf0, 0x5e, 0x3c, 0x25, 0x75, 0x56, 0x39, 0x9d, 0x73,
-	0xc1, 0x34, 0x9d, 0x50, 0x61, 0xf6, 0xaf, 0x96, 0xe0, 0x11, 0x6e, 0x2e, 0x2d, 0x3b, 0x81, 0xb3,
-	0x49, 0x9a, 0xb4, 0x57, 0xfd, 0x06, 0x09, 0xb9, 0x74, 0xdb, 0xec, 0xc9, 0x0c, 0x89, 0xa3, 0xca,
-	0x2b, 0x2e, 0x67, 0xb8, 0x64, 0x59, 0x0c, 0xbc, 0x04, 0x33, 0xe2, 0x28, 0x86, 0xaa, 0xbc, 0xcc,
-	0x48, 0xe8, 0x9f, 0x82, 0x18, 0x29, 0x51, 0x2c, 0x2c, 0x0b, 0x82, 0x15, 0x23, 0x6a, 0x3e, 0xf8,
-	0xa1, 0xbb, 0x4d, 0x97, 0x7c, 0xd6, 0x7c, 0x58, 0x12, 0xed, 0x58, 0x61, 0xd8, 0x4d, 0x18, 0x97,
-	0x63, 0xd8, 0xba, 0x4a, 0x3a, 0x98, 0x6c, 0x50, 0x9d, 0xeb, 0xca, 0x26, 0xe3, 0x7e, 0x25, 0xa5,
-	0x73, 0xe7, 0x4d, 0x20, 0x4e, 0xe3, 0xca, 0xea, 0xc2, 0xa5, 0xfc, 0xea, 0xc2, 0xf6, 0xaf, 0x5a,
-	0x90, 0x55, 0xfa, 0x46, 0x2d, 0x55, 0x6b, 0xdf, 0x5a, 0xaa, 0x87, 0xa8, 0x46, 0xfa, 0x5d, 0x30,
-	0xec, 0x24, 0xd4, 0xaa, 0xe3, 0x1e, 0x98, 0xf2, 0xbd, 0x9d, 0x1c, 0x2e, 0x87, 0x0d, 0x6f, 0xc3,
-	0x63, 0x9e, 0x17, 0x93, 0x9c, 0xfd, 0x8e, 0x05, 0xb5, 0x85, 0xa8, 0x73, 0xf8, 0x54, 0xb5, 0xee,
-	0x44, 0xb4, 0xd2, 0xa1, 0x12, 0xd1, 0x64, 0xaa, 0x5b, 0xb9, 0x57, 0xaa, 0x9b, 0xfd, 0x97, 0x03,
-	0x30, 0xd1, 0x95, 0x7b, 0x89, 0x5e, 0x82, 0x11, 0xf5, 0x95, 0xa4, 0xdb, 0xb5, 0x66, 0x06, 0x2f,
-	0x6b, 0x18, 0x4e, 0x61, 0xf6, 0xb1, 0x54, 0x17, 0xe1, 0x64, 0x44, 0xde, 0x68, 0x93, 0x36, 0x99,
-	0xdd, 0x48, 0x48, 0x54, 0x27, 0x6e, 0x18, 0x34, 0x78, 0x31, 0xe2, 0xf2, 0xdc, 0xa3, 0x77, 0xf6,
-	0xa6, 0x4e, 0xe2, 0x6e, 0x30, 0xce, 0x7b, 0x06, 0xb5, 0x60, 0xd4, 0x37, 0xf7, 0x0b, 0x62, 0x9b,
-	0x7a, 0x4f, 0x5b, 0x0d, 0x35, 0x5b, 0x53, 0xcd, 0x38, 0xcd, 0x20, 0xbd, 0xe9, 0xa8, 0x3c, 0xa0,
-	0x4d, 0xc7, 0x27, 0xf5, 0xa6, 0x83, 0xc7, 0x02, 0x7d, 0xb8, 0xe0, 0xdc, 0xdb, 0x7e, 0x76, 0x1d,
-	0x47, 0xd9, 0x47, 0xbc, 0x02, 0x55, 0x19, 0x27, 0xd9, 0x57, 0x7c, 0xa1, 0x49, 0xa7, 0x87, 0x6c,
-	0xbf, 0x5b, 0x82, 0x9c, 0xad, 0x32, 0x5d, 0x6b, 0xda, 0xde, 0x4b, 0xad, 0xb5, 0xc3, 0xd9, 0x7c,
-	0x68, 0x97, 0xc7, 0x88, 0x72, 0x2d, 0xff, 0xa1, 0xa2, 0xb7, 0xfa, 0x3a, 0x6c, 0x54, 0x49, 0x40,
-	0x15, 0x3a, 0x7a, 0x1e, 0x40, 0x9b, 0xe9, 0xc2, 0xd6, 0x53, 0x41, 0x1f, 0xda, 0x9a, 0xc7, 0x06,
-	0x16, 0x7a, 0x11, 0x86, 0xbd, 0x20, 0x4e, 0x1c, 0xdf, 0xbf, 0xec, 0x05, 0x89, 0xb0, 0xff, 0x94,
-	0x39, 0xb3, 0xa8, 0x41, 0xd8, 0xc4, 0x3b, 0xfb, 0x01, 0xe3, 0xbb, 0x1c, 0xe6, 0x7b, 0x6e, 0xc1,
-	0x99, 0x4b, 0x5e, 0xa2, 0x92, 0x0f, 0xd5, 0x3c, 0xa2, 0x56, 0xb8, 0x92, 0x41, 0x56, 0xcf, 0x74,
-	0x5b, 0x23, 0xf9, 0xaf, 0x94, 0xce, 0x55, 0xcc, 0x26, 0xff, 0xd9, 0x2e, 0x9c, 0xba, 0xe4, 0x25,
-	0x17, 0x3d, 0x9f, 0x1c, 0x23, 0x93, 0x5f, 0x1e, 0x84, 0x11, 0x33, 0x27, 0xff, 0x30, 0x12, 0xfb,
-	0x0b, 0xd4, 0x3e, 0x15, 0x03, 0xe1, 0xa9, 0x83, 0xec, 0x9b, 0x47, 0x2e, 0x10, 0x90, 0x3f, 0xb8,
-	0x86, 0x89, 0xaa, 0x79, 0x62, 0xb3, 0x03, 0xe8, 0x36, 0x54, 0x36, 0x58, 0x1e, 0x5b, 0xb9, 0x88,
-	0x10, 0xa4, 0xbc, 0xc1, 0xd7, 0x2b, 0x92, 0x67, 0xc2, 0x71, 0x7e, 0xd4, 0xac, 0x88, 0xd2, 0xe9,
-	0xd3, 0x46, 0x76, 0x81, 0xd0, 0x57, 0x0a, 0xa3, 0x97, 0x56, 0xa8, 0xdc, 0x83, 0x56, 0x48, 0xc9,
-	0xe8, 0xc1, 0x07, 0x24, 0xa3, 0x59, 0x4e, 0x62, 0xb2, 0xc5, 0x8c, 0x5e, 0x91, 0x0e, 0x35, 0xc4,
-	0x06, 0xc1, 0xc8, 0x49, 0x4c, 0x81, 0x71, 0x16, 0x1f, 0x7d, 0x4c, 0x49, 0xf9, 0x6a, 0x11, 0x07,
-	0x05, 0xe6, 0x8c, 0x3e, 0x6e, 0x01, 0xff, 0xb9, 0x12, 0x8c, 0x5d, 0x0a, 0xda, 0xab, 0x97, 0x56,
-	0xdb, 0xeb, 0xbe, 0xe7, 0x5e, 0x25, 0x1d, 0x2a, 0xc5, 0xb7, 0x49, 0x67, 0x71, 0x41, 0xac, 0x20,
-	0x35, 0x67, 0xae, 0xd2, 0x46, 0xcc, 0x61, 0x54, 0x6e, 0x6d, 0x78, 0xc1, 0x26, 0x89, 0x5a, 0x91,
-	0x27, 0x7c, 0xf8, 0x86, 0xdc, 0xba, 0xa8, 0x41, 0xd8, 0xc4, 0xa3, 0xb4, 0xc3, 0xdb, 0x81, 0x2a,
-	0x90, 0xa4, 0x68, 0xaf, 0xd0, 0x46, 0xcc, 0x61, 0x14, 0x29, 0x89, 0xda, 0xc2, 0x45, 0x66, 0x20,
-	0xad, 0xd1, 0x46, 0xcc, 0x61, 0x62, 0xf7, 0xcd, 0x22, 0xbc, 0x2a, 0x5d, 0xbb, 0x6f, 0x16, 0x1c,
-	0x21, 0xe1, 0x14, 0x75, 0x9b, 0x74, 0x16, 0x9c, 0xc4, 0xc9, 0x6e, 0x9e, 0xaf, 0xf2, 0x66, 0x2c,
-	0xe1, 0xac, 0x62, 0x72, 0x7a, 0x38, 0xbe, 0xe6, 0x2a, 0x26, 0xa7, 0xbb, 0xdf, 0xc3, 0xd1, 0xf2,
-	0x77, 0x4a, 0x30, 0xf2, 0xee, 0xb5, 0xa6, 0x39, 0x17, 0xf6, 0xdc, 0x84, 0x89, 0xae, 0x4c, 0xe8,
-	0x3e, 0x2c, 0x9f, 0x03, 0x2b, 0x55, 0xd8, 0x18, 0x86, 0x29, 0x61, 0x59, 0x29, 0x70, 0x1e, 0x26,
-	0xf8, 0xe2, 0xa5, 0x9c, 0x58, 0x62, 0xab, 0xca, 0x6e, 0x67, 0x87, 0x54, 0x37, 0xb2, 0x40, 0xdc,
-	0x8d, 0x6f, 0x7f, 0xde, 0x82, 0xd1, 0x54, 0x72, 0x7a, 0x41, 0x36, 0x1a, 0x5b, 0xdd, 0x21, 0x8b,
-	0x4e, 0x66, 0xd9, 0x22, 0x65, 0xa6, 0x86, 0xf5, 0xea, 0xd6, 0x20, 0x6c, 0xe2, 0xd9, 0xbf, 0x55,
-	0x86, 0xaa, 0x8c, 0xa4, 0xea, 0xa3, 0x2b, 0x9f, 0xb5, 0x60, 0x54, 0x1d, 0x0c, 0x32, 0x4f, 0x6e,
-	0xa9, 0x88, 0x5c, 0x39, 0xda, 0x03, 0xe5, 0x17, 0x09, 0x36, 0x42, 0xbd, 0x61, 0xc0, 0x26, 0x33,
-	0x9c, 0xe6, 0x8d, 0x6e, 0x00, 0xc4, 0x9d, 0x38, 0x21, 0x4d, 0xc3, 0xa7, 0x6c, 0x1b, 0xb3, 0x6c,
-	0xda, 0x0d, 0x23, 0x42, 0xe7, 0xd4, 0xb5, 0xb0, 0x41, 0xea, 0x0a, 0x53, 0x5b, 0x78, 0xba, 0x0d,
-	0x1b, 0x94, 0xd0, 0x9b, 0xea, 0x18, 0x7b, 0xa0, 0x08, 0xbd, 0x2e, 0xc7, 0xb7, 0x9f, 0x73, 0xec,
-	0x23, 0x9c, 0x1b, 0xdb, 0x3f, 0x53, 0x82, 0x13, 0xd9, 0x91, 0x44, 0x1f, 0x86, 0x11, 0x39, 0x68,
-	0x86, 0xfb, 0x40, 0x86, 0xaf, 0x8d, 0x60, 0x03, 0x76, 0x77, 0x6f, 0x6a, 0xaa, 0xfb, 0x7e, 0xec,
-	0x69, 0x13, 0x05, 0xa7, 0x88, 0xf1, 0x43, 0x65, 0x11, 0xfd, 0x30, 0xd7, 0x99, 0x6d, 0xb5, 0xc4,
-	0xc9, 0xb0, 0x71, 0xa8, 0x6c, 0x42, 0x71, 0x06, 0x1b, 0xad, 0xc2, 0x29, 0xa3, 0xe5, 0x1a, 0xf1,
-	0x36, 0xb7, 0xd6, 0xc3, 0x48, 0xee, 0x57, 0x1f, 0xd7, 0xc1, 0xb2, 0xdd, 0x38, 0x38, 0xf7, 0x49,
-	0x6a, 0x18, 0xb9, 0x4e, 0xcb, 0x71, 0xbd, 0xa4, 0x23, 0x7c, 0xfb, 0x4a, 0x8c, 0xcf, 0x8b, 0x76,
-	0xac, 0x30, 0xec, 0x7f, 0x38, 0x00, 0x27, 0x78, 0x74, 0x28, 0x51, 0xc1, 0xcf, 0xe8, 0xc3, 0x50,
-	0x8b, 0x13, 0x27, 0xe2, 0xce, 0x0a, 0xeb, 0xd0, 0xa2, 0x4b, 0x67, 0xd4, 0x4b, 0x22, 0x58, 0xd3,
-	0x43, 0xaf, 0xb2, 0x72, 0x64, 0x5e, 0xbc, 0xc5, 0xa8, 0x97, 0xee, 0xcd, 0x15, 0x72, 0x51, 0x51,
-	0xc0, 0x06, 0x35, 0xf4, 0xad, 0x50, 0x69, 0x6d, 0x39, 0xb1, 0xf4, 0xd3, 0x3d, 0x2d, 0xe5, 0xc4,
-	0x2a, 0x6d, 0xbc, 0xbb, 0x37, 0x75, 0x3a, 0xfb, 0xaa, 0x0c, 0x80, 0xf9, 0x43, 0xa6, 0x94, 0x1f,
-	0x38, 0xf8, 0xbe, 0x9d, 0x46, 0xd4, 0xa9, 0x5f, 0x9e, 0xcd, 0xde, 0xd0, 0xb2, 0xc0, 0x5a, 0xb1,
-	0x80, 0x52, 0x99, 0xb4, 0xc5, 0x59, 0x36, 0x28, 0xf2, 0x60, 0xda, 0xe2, 0xb8, 0xac, 0x41, 0xd8,
-	0xc4, 0x43, 0x9f, 0xeb, 0x8e, 0x1d, 0x1e, 0x3a, 0x86, 0xdc, 0x92, 0x7e, 0xa3, 0x86, 0x2f, 0x40,
-	0x4d, 0x74, 0x75, 0x2d, 0x44, 0x2f, 0xc1, 0x08, 0x77, 0x03, 0xcd, 0x45, 0x4e, 0xe0, 0x6e, 0x65,
-	0x9d, 0x37, 0x6b, 0x06, 0x0c, 0xa7, 0x30, 0xed, 0x65, 0x18, 0xe8, 0x53, 0xc8, 0xf6, 0xb5, 0x27,
-	0x7f, 0x05, 0xaa, 0x94, 0x9c, 0xdc, 0xa0, 0x15, 0x41, 0x32, 0x84, 0xaa, 0xbc, 0xbd, 0x11, 0xd9,
-	0x50, 0xf6, 0x1c, 0x19, 0x23, 0xa2, 0x96, 0xd0, 0x62, 0x1c, 0xb7, 0xd9, 0xb4, 0xa3, 0x40, 0xf4,
-	0x14, 0x94, 0xc9, 0x6e, 0x2b, 0x1b, 0x0c, 0x72, 0x61, 0xb7, 0xe5, 0x45, 0x24, 0xa6, 0x48, 0x64,
-	0xb7, 0x85, 0xce, 0x42, 0xc9, 0x6b, 0x88, 0x19, 0x09, 0x02, 0xa7, 0xb4, 0xb8, 0x80, 0x4b, 0x5e,
-	0xc3, 0xde, 0x85, 0x9a, 0xba, 0x2e, 0x12, 0x6d, 0x4b, 0x93, 0xca, 0x2a, 0x22, 0x3a, 0x58, 0xd2,
-	0xed, 0x61, 0x4c, 0xb5, 0x01, 0x74, 0xa9, 0x86, 0xa2, 0x54, 0xf0, 0x39, 0x18, 0x70, 0x43, 0x51,
-	0x64, 0xa7, 0xaa, 0xc9, 0x30, 0x5b, 0x8a, 0x41, 0xec, 0x9b, 0x30, 0x76, 0x35, 0x08, 0x6f, 0xb3,
-	0x5b, 0x9d, 0x58, 0x11, 0x63, 0x4a, 0x78, 0x83, 0xfe, 0xc8, 0x5a, 0xee, 0x0c, 0x8a, 0x39, 0x4c,
-	0x95, 0x57, 0x2d, 0xf5, 0x2a, 0xaf, 0x6a, 0x7f, 0xdc, 0x82, 0x11, 0x95, 0xf3, 0x7d, 0x69, 0x67,
-	0x9b, 0xd2, 0xdd, 0x8c, 0xc2, 0x76, 0x2b, 0x4b, 0x97, 0xdd, 0x4c, 0x8b, 0x39, 0xcc, 0x2c, 0x86,
-	0x50, 0x3a, 0xa0, 0x18, 0xc2, 0x39, 0x18, 0xd8, 0xf6, 0x82, 0x46, 0xd6, 0xd9, 0x79, 0xd5, 0x0b,
-	0x1a, 0x98, 0x41, 0xec, 0xbf, 0xb2, 0xe0, 0x84, 0xea, 0x82, 0xb4, 0x99, 0x5e, 0x82, 0x91, 0xf5,
-	0xb6, 0xe7, 0x37, 0x64, 0x75, 0xe6, 0xcc, 0x72, 0x99, 0x33, 0x60, 0x38, 0x85, 0x89, 0xce, 0x03,
-	0xac, 0x7b, 0x81, 0x13, 0x75, 0x56, 0xb5, 0x91, 0xa6, 0xf4, 0xf6, 0x9c, 0x82, 0x60, 0x03, 0x0b,
-	0xbd, 0x05, 0xd5, 0x1d, 0x79, 0x2a, 0x5b, 0x2e, 0x34, 0x87, 0x5f, 0x8c, 0x87, 0x5e, 0x09, 0xea,
-	0x98, 0x57, 0x71, 0xb4, 0xbf, 0x58, 0x86, 0xb1, 0x74, 0xde, 0x7d, 0x1f, 0x9e, 0x93, 0xa7, 0xa0,
-	0xc2, 0x52, 0xf1, 0xb3, 0x13, 0x8b, 0x97, 0x53, 0xe6, 0x30, 0x14, 0xc3, 0x20, 0x17, 0x25, 0xc5,
-	0xdc, 0x2d, 0xaa, 0x3a, 0xa9, 0xfc, 0xb3, 0x2c, 0x82, 0x5b, 0xb8, 0xbb, 0x05, 0x2b, 0xf4, 0x29,
-	0x0b, 0x86, 0xc2, 0x96, 0x59, 0xd7, 0xf3, 0x43, 0x45, 0xd6, 0x24, 0x10, 0x89, 0xbf, 0xc2, 0x1a,
-	0x52, 0x13, 0x4f, 0x4e, 0x06, 0xc9, 0xfa, 0xec, 0xb7, 0xc0, 0x88, 0x89, 0x79, 0x90, 0x41, 0x54,
-	0x35, 0x0d, 0xa2, 0xcf, 0x9a, 0x53, 0x52, 0x54, 0x5d, 0xe8, 0x63, 0xb1, 0x5f, 0x87, 0x8a, 0xab,
-	0xc2, 0xdc, 0xee, 0xe9, 0x46, 0x01, 0x55, 0x95, 0x8c, 0x85, 0x10, 0x70, 0x6a, 0xf6, 0x1f, 0x58,
-	0xc6, 0xfc, 0xc0, 0x24, 0x5e, 0x6c, 0xa0, 0x08, 0xca, 0x9b, 0x3b, 0xdb, 0xc2, 0xc8, 0xb8, 0x52,
-	0xd0, 0xf0, 0x5e, 0xda, 0xd9, 0xd6, 0x2b, 0xcc, 0x6c, 0xc5, 0x94, 0x59, 0x1f, 0x87, 0x08, 0xa9,
-	0xe2, 0x1c, 0xe5, 0x83, 0x8b, 0x73, 0xd8, 0xef, 0x94, 0x60, 0xa2, 0x6b, 0x52, 0xa1, 0x37, 0xa1,
-	0x12, 0xd1, 0xb7, 0x14, 0xaf, 0xb7, 0x54, 0x58, 0x39, 0x8d, 0x78, 0xb1, 0xa1, 0x95, 0x77, 0xba,
-	0x1d, 0x73, 0x96, 0xe8, 0x0a, 0x20, 0x1d, 0x8c, 0xa9, 0x4e, 0x30, 0xf8, 0x2b, 0xab, 0x88, 0xad,
-	0xd9, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x7a, 0x39, 0x7b, 0x10, 0x92, 0xa9, 0x14, 0xbd, 0xdf, 0x99,
-	0x86, 0xfd, 0xb6, 0x39, 0x05, 0x6f, 0x68, 0x61, 0x7a, 0xd4, 0xcd, 0x69, 0x97, 0x64, 0x2d, 0xf7,
-	0x2b, 0x59, 0xed, 0x5f, 0x2c, 0xc1, 0x68, 0xaa, 0xf2, 0x2b, 0xf2, 0xa1, 0x4a, 0x7c, 0x76, 0x62,
-	0x2b, 0xb5, 0xef, 0x51, 0x2f, 0x81, 0x51, 0x72, 0xf2, 0x82, 0xa0, 0x8b, 0x15, 0x87, 0x87, 0x23,
-	0xb6, 0xec, 0x25, 0x18, 0x91, 0x1d, 0xfa, 0x90, 0xd3, 0xf4, 0xb3, 0xc3, 0x77, 0xc1, 0x80, 0xe1,
-	0x14, 0xa6, 0xfd, 0x6b, 0x65, 0x98, 0xe4, 0x47, 0xdc, 0x0d, 0xb5, 0x18, 0x54, 0xa8, 0xca, 0x0f,
-	0xe9, 0xfa, 0xcc, 0x56, 0x11, 0x37, 0x9d, 0xf7, 0x62, 0xd4, 0x57, 0x48, 0xf4, 0x4f, 0x64, 0x42,
-	0xa2, 0xf9, 0x56, 0x7d, 0xf3, 0x98, 0x7a, 0xf4, 0xb5, 0x15, 0x23, 0xfd, 0x4f, 0x4b, 0x30, 0x9e,
-	0xb9, 0xd0, 0x0e, 0x7d, 0x31, 0x7d, 0x07, 0x8a, 0x55, 0xc4, 0xf1, 0xdf, 0xbe, 0x77, 0x9c, 0x1d,
-	0xee, 0x26, 0x94, 0x07, 0xb4, 0x54, 0xec, 0xdf, 0x2b, 0xc1, 0x58, 0xfa, 0x26, 0xbe, 0x87, 0x70,
-	0xa4, 0xde, 0x0f, 0x35, 0x76, 0xd9, 0xd4, 0x55, 0xd2, 0x91, 0xa7, 0x8c, 0xfc, 0x5e, 0x1f, 0xd9,
-	0x88, 0x35, 0xfc, 0xa1, 0xb8, 0x60, 0xc6, 0xfe, 0x67, 0x16, 0x9c, 0xe6, 0x6f, 0x99, 0x9d, 0x87,
-	0x7f, 0x2b, 0x6f, 0x74, 0x5f, 0x2b, 0xb6, 0x83, 0x99, 0xba, 0xe2, 0x07, 0x8d, 0x2f, 0xbb, 0xef,
-	0x5d, 0xf4, 0x36, 0x3d, 0x15, 0x1e, 0xc2, 0xce, 0x1e, 0x6a, 0x32, 0xd8, 0xff, 0xa1, 0x04, 0xc3,
-	0x2b, 0xf3, 0x8b, 0x4a, 0x84, 0xcf, 0x40, 0xcd, 0x8d, 0x88, 0xa3, 0xdd, 0x3f, 0x66, 0x00, 0x95,
-	0x04, 0x60, 0x8d, 0x43, 0x77, 0x51, 0x3c, 0x00, 0x31, 0xce, 0xee, 0xa2, 0x78, 0x7c, 0x62, 0x8c,
-	0x25, 0x1c, 0x3d, 0x03, 0x55, 0x96, 0x1a, 0x7c, 0x3d, 0x92, 0x1a, 0x47, 0x6f, 0xad, 0x59, 0x3b,
-	0x5e, 0xc2, 0x0a, 0x83, 0x12, 0x6e, 0x84, 0x6e, 0x4c, 0x91, 0x33, 0x1e, 0x99, 0x05, 0xda, 0x8c,
-	0x97, 0xb0, 0x84, 0xb3, 0xca, 0x8e, 0xcc, 0x6b, 0x41, 0x91, 0x2b, 0xe9, 0x4e, 0x73, 0xf7, 0x06,
-	0x45, 0xd7, 0x38, 0x87, 0xa9, 0x00, 0x9a, 0x49, 0xcf, 0x1b, 0xea, 0x2f, 0x3d, 0xcf, 0xfe, 0xbd,
-	0x32, 0xd4, 0xb4, 0x53, 0xcd, 0x13, 0xf5, 0x30, 0x0a, 0xa9, 0x5b, 0x5f, 0xef, 0x04, 0xae, 0x22,
-	0xcd, 0xa3, 0x09, 0x8c, 0x72, 0x18, 0x3f, 0x60, 0xc1, 0xb0, 0x17, 0x78, 0x89, 0xe7, 0x30, 0xdf,
-	0x60, 0x31, 0xf7, 0x7f, 0x2b, 0x76, 0x8b, 0x9c, 0x72, 0x18, 0x99, 0x47, 0xfe, 0x8a, 0x19, 0x36,
-	0x39, 0xa3, 0x8f, 0x8a, 0x6c, 0xb0, 0x72, 0x61, 0x45, 0x65, 0xaa, 0x99, 0x14, 0xb0, 0x16, 0xb5,
-	0xb1, 0x93, 0xa8, 0xa0, 0x5a, 0x4c, 0x98, 0x92, 0x52, 0xf7, 0xa7, 0xa8, 0x5d, 0x0c, 0x6b, 0xc6,
-	0x9c, 0x91, 0x1d, 0x03, 0xea, 0x1e, 0x8b, 0x43, 0x66, 0xda, 0xcc, 0x40, 0xcd, 0x69, 0x27, 0x61,
-	0x93, 0x0e, 0x93, 0x08, 0x18, 0xd0, 0xb9, 0x44, 0x12, 0x80, 0x35, 0x8e, 0xfd, 0xc5, 0x0a, 0x64,
-	0xaa, 0x53, 0xa0, 0x5d, 0xa8, 0xa9, 0xfa, 0x14, 0xc5, 0x64, 0xae, 0xea, 0x19, 0xa5, 0x3a, 0xa3,
-	0x9a, 0xb0, 0x66, 0x86, 0x36, 0xa5, 0x9b, 0x95, 0xaf, 0xf6, 0x57, 0xb2, 0x6e, 0xd6, 0xef, 0xe8,
-	0xef, 0xd4, 0x8d, 0xce, 0xd5, 0x19, 0x5e, 0x8f, 0x70, 0xfa, 0x40, 0x8f, 0xec, 0x41, 0x37, 0xa0,
-	0x7f, 0x42, 0xdc, 0x56, 0x86, 0x49, 0xdc, 0xf6, 0x13, 0x31, 0x1b, 0x5e, 0x29, 0x70, 0x95, 0x71,
-	0xc2, 0xba, 0xca, 0x13, 0xff, 0x8f, 0x0d, 0xa6, 0x69, 0xbf, 0xf9, 0xe0, 0xb1, 0xfa, 0xcd, 0x87,
-	0x0a, 0xf5, 0x9b, 0x9f, 0x07, 0x60, 0x73, 0x9b, 0x67, 0x04, 0x54, 0x99, 0x3b, 0x53, 0xa9, 0x18,
-	0xac, 0x20, 0xd8, 0xc0, 0xb2, 0xbf, 0x09, 0xd2, 0x65, 0xca, 0xd0, 0x94, 0xac, 0x8a, 0xc6, 0x4f,
-	0x04, 0x59, 0x32, 0x66, 0xaa, 0x80, 0xd9, 0xcf, 0x5b, 0x60, 0xd6, 0x52, 0x43, 0x6f, 0xf0, 0xa2,
-	0x6d, 0x56, 0x11, 0x27, 0x4c, 0x06, 0xdd, 0xe9, 0x65, 0xa7, 0x95, 0x89, 0x76, 0x92, 0x95, 0xdb,
-	0xce, 0x7e, 0x00, 0xaa, 0x12, 0x7a, 0x28, 0x63, 0xf9, 0x63, 0x70, 0x52, 0x16, 0x76, 0x90, 0x87,
-	0x41, 0x22, 0xea, 0xe0, 0x60, 0x1f, 0xa3, 0x74, 0x1c, 0x96, 0x7a, 0x39, 0x0e, 0xd5, 0x6e, 0xb8,
-	0xdc, 0xb3, 0x1c, 0xfb, 0x2f, 0x58, 0x70, 0x2e, 0xdb, 0x81, 0x78, 0x39, 0x0c, 0xbc, 0x24, 0x8c,
-	0xea, 0x24, 0x49, 0xbc, 0x60, 0x93, 0xd5, 0xd6, 0xbd, 0xed, 0x44, 0xf2, 0x7e, 0x25, 0x26, 0x28,
-	0x6f, 0x3a, 0x51, 0x80, 0x59, 0x2b, 0xea, 0xc0, 0x20, 0x0f, 0xa1, 0x16, 0xbb, 0xa0, 0x23, 0xae,
-	0x8d, 0x9c, 0xe1, 0xd0, 0xdb, 0x30, 0x1e, 0xbe, 0x8d, 0x05, 0x43, 0xfb, 0x2b, 0x16, 0xa0, 0x95,
-	0x1d, 0x12, 0x45, 0x5e, 0xc3, 0x08, 0xfa, 0x66, 0xb7, 0x7e, 0x1a, 0xb7, 0x7b, 0x9a, 0x65, 0x47,
-	0x32, 0xb7, 0x7e, 0x1a, 0xff, 0xf2, 0x6f, 0xfd, 0x2c, 0x1d, 0xee, 0xd6, 0x4f, 0xb4, 0x02, 0xa7,
-	0x9b, 0x7c, 0x1b, 0xc7, 0x6f, 0xd2, 0xe3, 0x7b, 0x3a, 0x95, 0x21, 0x7f, 0xe6, 0xce, 0xde, 0xd4,
-	0xe9, 0xe5, 0x3c, 0x04, 0x9c, 0xff, 0x9c, 0xfd, 0x01, 0x40, 0x3c, 0xd6, 0x7b, 0x3e, 0x2f, 0x5c,
-	0xb5, 0xa7, 0x9b, 0xc3, 0xfe, 0xf1, 0x0a, 0x8c, 0x67, 0x6e, 0xdf, 0xa0, 0x5b, 0xe8, 0xee, 0xf8,
-	0xd8, 0x23, 0xeb, 0xef, 0xee, 0xee, 0xf5, 0x15, 0x71, 0x1b, 0x40, 0xc5, 0x0b, 0x5a, 0xed, 0xa4,
-	0x98, 0x02, 0x1d, 0xbc, 0x13, 0x8b, 0x94, 0xa0, 0x71, 0x2e, 0x41, 0xff, 0x62, 0xce, 0xa6, 0xc8,
-	0xf8, 0xdd, 0xd4, 0x26, 0x67, 0xe0, 0x01, 0xb9, 0x59, 0x3e, 0xa1, 0xa3, 0x69, 0x2b, 0x45, 0xf8,
-	0x90, 0x33, 0x93, 0xe5, 0xb8, 0x43, 0xad, 0x7e, 0xb6, 0x04, 0xc3, 0xc6, 0x47, 0x43, 0x3f, 0x99,
-	0xae, 0x34, 0x6a, 0x15, 0xf7, 0x4a, 0x8c, 0xfe, 0xb4, 0xae, 0x25, 0xca, 0x5f, 0xe9, 0xe9, 0xee,
-	0x22, 0xa3, 0x77, 0xf7, 0xa6, 0x4e, 0x64, 0xca, 0x88, 0xa6, 0x0a, 0x8f, 0x9e, 0xfd, 0x1e, 0x18,
-	0xcf, 0x90, 0xc9, 0x79, 0xe5, 0x35, 0xf3, 0x95, 0x8f, 0xec, 0xee, 0x33, 0x87, 0xec, 0xcb, 0x74,
-	0xc8, 0x44, 0x5d, 0x80, 0xd0, 0x27, 0x7d, 0xf8, 0x3a, 0x33, 0xfb, 0x8b, 0x52, 0x9f, 0xe5, 0x3f,
-	0xde, 0x07, 0xd5, 0x56, 0xe8, 0x7b, 0xae, 0xa7, 0x0a, 0x95, 0xb3, 0x82, 0x23, 0xab, 0xa2, 0x0d,
-	0x2b, 0x28, 0xba, 0x0d, 0xb5, 0x5b, 0xb7, 0x13, 0x7e, 0xcc, 0x28, 0x8e, 0x32, 0x8a, 0x3a, 0x5d,
-	0x54, 0x46, 0x8b, 0x3a, 0xc7, 0xc4, 0x9a, 0x17, 0xb2, 0x61, 0x90, 0x29, 0x41, 0x99, 0x23, 0xc8,
-	0x8e, 0x59, 0x98, 0x76, 0x8c, 0xb1, 0x80, 0xd8, 0xff, 0x6e, 0x18, 0x4e, 0xe5, 0x5d, 0x81, 0x84,
-	0xde, 0x82, 0x41, 0xde, 0xc7, 0x62, 0x6e, 0xd9, 0xcb, 0xe3, 0x71, 0x89, 0x11, 0x14, 0xdd, 0x62,
-	0xbf, 0xb1, 0xe0, 0x29, 0xb8, 0xfb, 0xce, 0xba, 0x98, 0x21, 0xc7, 0xc3, 0x7d, 0xc9, 0xd1, 0xdc,
-	0x97, 0x1c, 0xce, 0xdd, 0x77, 0xd6, 0xd1, 0x2e, 0x54, 0x36, 0xbd, 0x84, 0x38, 0xc2, 0x39, 0x73,
-	0xf3, 0x58, 0x98, 0x13, 0x87, 0x5b, 0x69, 0xec, 0x27, 0xe6, 0x0c, 0xd1, 0x97, 0x2c, 0x18, 0x5f,
-	0x4f, 0xd7, 0x1d, 0x12, 0xc2, 0xd3, 0x39, 0x86, 0x6b, 0xae, 0xd2, 0x8c, 0xf8, 0xb5, 0xb7, 0x99,
-	0x46, 0x9c, 0xed, 0x0e, 0xfa, 0xa4, 0x05, 0x43, 0x1b, 0x9e, 0x6f, 0xdc, 0x23, 0x72, 0x0c, 0x1f,
-	0xe7, 0x22, 0x63, 0xa0, 0x77, 0x1c, 0xfc, 0x7f, 0x8c, 0x25, 0xe7, 0x5e, 0x9a, 0x6a, 0xf0, 0xa8,
-	0x9a, 0x6a, 0xe8, 0x01, 0x69, 0xaa, 0xcf, 0x58, 0x50, 0x53, 0x23, 0x2d, 0xea, 0xb7, 0x7c, 0xf8,
-	0x18, 0x3f, 0x39, 0xf7, 0x48, 0xa9, 0xbf, 0x58, 0x33, 0x47, 0x6f, 0x5b, 0x30, 0xec, 0xbc, 0xd9,
-	0x8e, 0x48, 0x83, 0xec, 0x84, 0xad, 0x58, 0x14, 0x56, 0x7d, 0xad, 0xf8, 0xce, 0xcc, 0x52, 0x26,
-	0x0b, 0x64, 0x67, 0xa5, 0x15, 0x8b, 0xfc, 0x65, 0xdd, 0x80, 0xcd, 0x2e, 0xa0, 0xef, 0xd7, 0x7a,
-	0x1c, 0x8a, 0x28, 0xaf, 0x9d, 0xd7, 0x9b, 0xbe, 0xd2, 0xf1, 0x09, 0x3c, 0xe6, 0x86, 0x41, 0xe2,
-	0x05, 0x6d, 0xb2, 0x12, 0x60, 0xd2, 0x0a, 0xaf, 0x85, 0xc9, 0xc5, 0xb0, 0x1d, 0x34, 0x2e, 0x44,
-	0x51, 0x18, 0xb1, 0x02, 0x35, 0xc6, 0xe5, 0xaa, 0xf3, 0xbd, 0x51, 0xf1, 0x7e, 0x74, 0x8e, 0x62,
-	0x33, 0xec, 0x95, 0x60, 0xea, 0x80, 0xc1, 0x46, 0x2f, 0xc1, 0x48, 0x18, 0x6d, 0x3a, 0x81, 0xf7,
-	0xa6, 0x59, 0x73, 0x4d, 0x19, 0xa4, 0x2b, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0x62, 0x3c, 0xa5, 0x03,
-	0x8a, 0xf1, 0x9c, 0x83, 0x81, 0x88, 0xb4, 0xc2, 0xec, 0xbe, 0x8a, 0xa5, 0x1c, 0x32, 0x08, 0x7a,
-	0x02, 0xca, 0x4e, 0xcb, 0x13, 0xce, 0x45, 0xb5, 0x5d, 0x9c, 0x5d, 0x5d, 0xc4, 0xb4, 0x3d, 0x55,
-	0x1b, 0xac, 0x72, 0x5f, 0x6a, 0x83, 0x51, 0x8d, 0x29, 0x8e, 0xcf, 0x06, 0xb5, 0xc6, 0x4c, 0x1f,
-	0x6b, 0xd9, 0xef, 0x94, 0xe1, 0x89, 0x7d, 0x97, 0x96, 0x0e, 0x59, 0xb7, 0xf6, 0x09, 0x59, 0x97,
-	0xc3, 0x53, 0x3a, 0x68, 0x78, 0xca, 0x3d, 0x86, 0xe7, 0x93, 0x54, 0x62, 0xc8, 0x5a, 0x75, 0xc5,
-	0x5c, 0x10, 0xdf, 0xab, 0xf4, 0x9d, 0x10, 0x16, 0x12, 0x8a, 0x35, 0x5f, 0xba, 0x5d, 0x4a, 0x15,
-	0xa2, 0xa9, 0x14, 0xa1, 0x31, 0x7b, 0xd6, 0x8b, 0xe3, 0x62, 0xa2, 0x57, 0x75, 0x1b, 0xfb, 0x97,
-	0x06, 0xe0, 0xa9, 0x3e, 0x14, 0x9d, 0x39, 0x8b, 0xad, 0x3e, 0x67, 0xf1, 0xd7, 0xf8, 0x67, 0xfa,
-	0x74, 0xee, 0x67, 0xc2, 0xc5, 0x7f, 0xa6, 0xfd, 0xbf, 0x10, 0x3b, 0x81, 0x08, 0x62, 0xe2, 0xb6,
-	0x23, 0x9e, 0xbe, 0x63, 0xe4, 0x23, 0x2f, 0x8a, 0x76, 0xac, 0x30, 0xe8, 0xf6, 0xd7, 0x75, 0xe8,
-	0xf2, 0x1f, 0x2a, 0xa8, 0xf0, 0x88, 0x99, 0xda, 0xcc, 0xad, 0xaf, 0xf9, 0x59, 0x2a, 0x01, 0x38,
-	0x1b, 0xfb, 0xd7, 0x2d, 0x38, 0xdb, 0xdb, 0x1a, 0x41, 0xcf, 0xc1, 0xf0, 0x3a, 0x0b, 0xa6, 0x5c,
-	0x66, 0x21, 0x53, 0x62, 0xea, 0xb0, 0xf7, 0xd5, 0xcd, 0xd8, 0xc4, 0x41, 0xf3, 0x30, 0x61, 0x46,
-	0x61, 0x2e, 0x1b, 0xb1, 0x56, 0xcc, 0x5f, 0xb2, 0x96, 0x05, 0xe2, 0x6e, 0x7c, 0x34, 0x0d, 0x90,
-	0x78, 0x89, 0x4f, 0xf8, 0xd3, 0x7c, 0xa2, 0x31, 0x87, 0xe2, 0x9a, 0x6a, 0xc5, 0x06, 0x86, 0xfd,
-	0xd5, 0x72, 0xfe, 0x6b, 0x70, 0x2b, 0xf7, 0x30, 0xb3, 0x5f, 0xcc, 0xed, 0x52, 0x1f, 0x12, 0xba,
-	0x7c, 0xbf, 0x25, 0xf4, 0x40, 0x2f, 0x09, 0x8d, 0x16, 0xe0, 0x84, 0x71, 0x5d, 0x2b, 0x2f, 0x5d,
-	0xc3, 0x0f, 0xa5, 0x54, 0xdd, 0xb9, 0xd5, 0x0c, 0x1c, 0x77, 0x3d, 0xf1, 0x90, 0x4f, 0xd5, 0xdf,
-	0x28, 0xc1, 0x99, 0x9e, 0x1b, 0x8b, 0xfb, 0xa4, 0x81, 0xcc, 0xcf, 0x3f, 0x70, 0x7f, 0x3e, 0xbf,
-	0xf9, 0x51, 0x2a, 0x07, 0x7e, 0x94, 0x7e, 0xd4, 0xf9, 0xef, 0x97, 0x7a, 0x2e, 0x16, 0xba, 0x11,
-	0xfd, 0x6b, 0x3b, 0x92, 0x2f, 0xc3, 0xa8, 0xd3, 0x6a, 0x71, 0x3c, 0x96, 0x99, 0x91, 0xa9, 0x85,
-	0x39, 0x6b, 0x02, 0x71, 0x1a, 0xb7, 0xaf, 0x81, 0xfd, 0x63, 0x0b, 0x6a, 0x98, 0x6c, 0x70, 0x09,
-	0x87, 0x6e, 0x89, 0x21, 0xb2, 0x8a, 0xb8, 0x90, 0x80, 0x0e, 0x6c, 0xec, 0xb1, 0x2a, 0xfd, 0x79,
-	0x83, 0x7d, 0xd4, 0xca, 0x0a, 0xea, 0x92, 0xd7, 0x72, 0xef, 0x4b, 0x5e, 0xed, 0x5f, 0xae, 0xd1,
-	0xd7, 0x6b, 0x85, 0xf3, 0x11, 0x69, 0xc4, 0xf4, 0xfb, 0xb6, 0x23, 0x5f, 0x4c, 0x12, 0xf5, 0x7d,
-	0xaf, 0xe3, 0x25, 0x4c, 0xdb, 0x53, 0xe7, 0x93, 0xa5, 0x43, 0x55, 0x02, 0x2c, 0x1f, 0x58, 0x09,
-	0xf0, 0x65, 0x18, 0x8d, 0xe3, 0xad, 0xd5, 0xc8, 0xdb, 0x71, 0x12, 0x72, 0x95, 0xc8, 0x92, 0x41,
-	0xba, 0x2a, 0x56, 0xfd, 0xb2, 0x06, 0xe2, 0x34, 0x2e, 0xba, 0x04, 0x13, 0xba, 0x1e, 0x1f, 0x89,
-	0x12, 0x96, 0xf2, 0xc8, 0x67, 0x82, 0x2a, 0x07, 0xa3, 0x2b, 0xf8, 0x09, 0x04, 0xdc, 0xfd, 0x0c,
-	0x95, 0xb9, 0xa9, 0x46, 0xda, 0x91, 0xc1, 0xb4, 0xcc, 0x4d, 0xd1, 0xa1, 0x7d, 0xe9, 0x7a, 0x02,
-	0x2d, 0xc3, 0x49, 0x3e, 0x31, 0x66, 0x5b, 0x2d, 0xe3, 0x8d, 0x86, 0xd2, 0x55, 0xe0, 0x2f, 0x75,
-	0xa3, 0xe0, 0xbc, 0xe7, 0xd0, 0x8b, 0x30, 0xac, 0x9a, 0x17, 0x17, 0xc4, 0xd1, 0x9a, 0x72, 0xed,
-	0x29, 0x32, 0x8b, 0x0d, 0x6c, 0xe2, 0xa1, 0x0f, 0xc1, 0xa3, 0xfa, 0x2f, 0x4f, 0xa1, 0xe7, 0xe7,
-	0xcd, 0x0b, 0xa2, 0xd4, 0xa9, 0xba, 0x64, 0xec, 0x52, 0x2e, 0x5a, 0x03, 0xf7, 0x7a, 0x1e, 0xad,
-	0xc3, 0x59, 0x05, 0xba, 0x10, 0x24, 0x2c, 0xc9, 0x35, 0x26, 0x73, 0x4e, 0xcc, 0x22, 0x27, 0x80,
-	0xbd, 0xa7, 0x2d, 0xa8, 0x9f, 0xbd, 0xe4, 0x25, 0x97, 0xf3, 0x30, 0xf1, 0x12, 0xde, 0x87, 0x0a,
-	0x9a, 0x81, 0x1a, 0x09, 0x9c, 0x75, 0x9f, 0xac, 0xcc, 0x2f, 0x8a, 0x1d, 0xa9, 0xce, 0x8e, 0x90,
-	0x00, 0xac, 0x71, 0x54, 0x7c, 0xff, 0x48, 0xaf, 0xf8, 0x7e, 0xb4, 0x0a, 0xa7, 0x36, 0xdd, 0x16,
-	0xb5, 0x32, 0x3d, 0x97, 0xcc, 0xba, 0x2c, 0xa0, 0x98, 0x7e, 0x18, 0x5e, 0x9e, 0x5f, 0x25, 0x4a,
-	0x5d, 0x9a, 0x5f, 0xed, 0xc2, 0xc1, 0xb9, 0x4f, 0xb2, 0xc0, 0xf3, 0x28, 0xdc, 0xed, 0x4c, 0x9e,
-	0xcc, 0x04, 0x9e, 0xd3, 0x46, 0xcc, 0x61, 0xe8, 0x0a, 0x20, 0x96, 0x2c, 0x78, 0x39, 0x49, 0x5a,
-	0xca, 0xac, 0x9d, 0x3c, 0x95, 0x2e, 0x7c, 0x78, 0xb1, 0x0b, 0x03, 0xe7, 0x3c, 0x45, 0xad, 0x9e,
-	0x20, 0x64, 0xd4, 0x27, 0x1f, 0x4d, 0x5b, 0x3d, 0xd7, 0x78, 0x33, 0x96, 0x70, 0xf4, 0x5d, 0x30,
-	0xd9, 0x8e, 0x09, 0xdb, 0x30, 0xdf, 0x0c, 0xa3, 0x6d, 0x3f, 0x74, 0x1a, 0x8b, 0xec, 0x36, 0xd9,
-	0xa4, 0x33, 0x39, 0xc9, 0x98, 0x9f, 0x13, 0xcf, 0x4e, 0x5e, 0xef, 0x81, 0x87, 0x7b, 0x52, 0xc8,
-	0x56, 0xee, 0x3c, 0xd3, 0x67, 0xe5, 0xce, 0x55, 0x38, 0x25, 0xf5, 0xda, 0xca, 0xfc, 0xa2, 0x7a,
-	0xe9, 0xc9, 0xb3, 0xe9, 0xeb, 0xe9, 0x16, 0x73, 0x70, 0x70, 0xee, 0x93, 0xf6, 0x1f, 0x59, 0x30,
-	0xaa, 0x24, 0xd8, 0x7d, 0x48, 0x5a, 0xf6, 0xd3, 0x49, 0xcb, 0x97, 0x8e, 0xae, 0x03, 0x58, 0xcf,
-	0x7b, 0xa4, 0xd8, 0xfc, 0xe8, 0x28, 0x80, 0xd6, 0x13, 0x4a, 0x45, 0x5b, 0x3d, 0x55, 0xf4, 0x43,
-	0x2b, 0xa3, 0xf3, 0x2a, 0x31, 0x56, 0x1e, 0x6c, 0x25, 0xc6, 0x3a, 0x9c, 0x96, 0x53, 0x8a, 0x1f,
-	0x29, 0x5f, 0x0e, 0x63, 0x25, 0xf2, 0x8d, 0xfb, 0x06, 0x17, 0xf3, 0x90, 0x70, 0xfe, 0xb3, 0x29,
-	0xdb, 0x6e, 0xe8, 0x40, 0xdb, 0x4e, 0x49, 0xb9, 0xa5, 0x0d, 0x79, 0x1b, 0x68, 0x46, 0xca, 0x2d,
-	0x5d, 0xac, 0x63, 0x8d, 0x93, 0xaf, 0xea, 0x6a, 0x05, 0xa9, 0x3a, 0x38, 0xb4, 0xaa, 0x93, 0x42,
-	0x77, 0xb8, 0xa7, 0xd0, 0x95, 0x47, 0x57, 0x23, 0x3d, 0x8f, 0xae, 0x3e, 0x08, 0x63, 0x5e, 0xb0,
-	0x45, 0x22, 0x2f, 0x21, 0x0d, 0xb6, 0x16, 0x98, 0x40, 0xae, 0x6a, 0x43, 0x67, 0x31, 0x05, 0xc5,
-	0x19, 0xec, 0xb4, 0xa6, 0x18, 0xeb, 0x43, 0x53, 0xf4, 0xd0, 0xcf, 0xe3, 0xc5, 0xe8, 0xe7, 0x13,
-	0x47, 0xd7, 0xcf, 0x13, 0xc7, 0xaa, 0x9f, 0x51, 0x21, 0xfa, 0xb9, 0x2f, 0xd5, 0x67, 0x6c, 0xd2,
-	0x4f, 0x1d, 0xb0, 0x49, 0xef, 0xa5, 0x9c, 0x4f, 0xdf, 0xb3, 0x72, 0xce, 0xd7, 0xbb, 0x8f, 0xbc,
-	0xab, 0x77, 0x0b, 0xd1, 0xbb, 0x9f, 0x29, 0xc1, 0x69, 0xad, 0x99, 0xa8, 0x3c, 0xf0, 0x36, 0xa8,
-	0x6c, 0x66, 0x57, 0x6c, 0xf3, 0x03, 0x6f, 0x23, 0x55, 0x5e, 0x17, 0x0b, 0x50, 0x10, 0x6c, 0x60,
-	0xb1, 0x8c, 0x73, 0x12, 0xb1, 0xcb, 0x5d, 0xb2, 0x6a, 0x6b, 0x5e, 0xb4, 0x63, 0x85, 0x41, 0x07,
-	0x81, 0xfe, 0x16, 0x05, 0x4f, 0xb2, 0x65, 0xc3, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe8, 0x7d, 0x9c,
-	0x09, 0x13, 0x99, 0x54, 0x75, 0x8d, 0xf0, 0x6d, 0xa5, 0x92, 0x92, 0x0a, 0x2a, 0xbb, 0xc3, 0x2a,
-	0x22, 0x54, 0xba, 0xbb, 0xc3, 0x62, 0x47, 0x15, 0x86, 0xfd, 0x3f, 0x2d, 0x38, 0x93, 0x3b, 0x14,
-	0xf7, 0xc1, 0x1c, 0xd9, 0x4d, 0x9b, 0x23, 0xf5, 0xa2, 0xb6, 0xa4, 0xc6, 0x5b, 0xf4, 0x30, 0x4d,
-	0xfe, 0xa3, 0x05, 0x63, 0x1a, 0xff, 0x3e, 0xbc, 0xaa, 0x97, 0x7e, 0xd5, 0xe2, 0x76, 0xdf, 0xb5,
-	0xae, 0x77, 0xfb, 0xb5, 0x12, 0xa8, 0x52, 0xfe, 0xb3, 0x6e, 0xd2, 0x5f, 0xba, 0x59, 0x07, 0x06,
-	0x59, 0x04, 0x49, 0x5c, 0x4c, 0x74, 0x5c, 0x9a, 0x3f, 0x8b, 0x46, 0xd1, 0x07, 0x7a, 0xec, 0x6f,
-	0x8c, 0x05, 0x43, 0x76, 0xf5, 0x10, 0xaf, 0x92, 0xde, 0x10, 0x89, 0xd3, 0xfa, 0xea, 0x21, 0xd1,
-	0x8e, 0x15, 0x06, 0x55, 0x98, 0x9e, 0x1b, 0x06, 0xf3, 0xbe, 0x13, 0xc7, 0xc2, 0x86, 0x53, 0x0a,
-	0x73, 0x51, 0x02, 0xb0, 0xc6, 0x61, 0xc1, 0x25, 0x5e, 0xdc, 0xf2, 0x9d, 0x8e, 0xe1, 0x63, 0x31,
-	0x0a, 0x7b, 0x29, 0x10, 0x36, 0xf1, 0xec, 0x26, 0x4c, 0xa6, 0x5f, 0x62, 0x81, 0x6c, 0xb0, 0xc8,
-	0xee, 0xbe, 0x86, 0x73, 0x06, 0x6a, 0x0e, 0x7b, 0x6a, 0xa9, 0xed, 0x08, 0x99, 0xa0, 0xe3, 0x9b,
-	0x25, 0x00, 0x6b, 0x1c, 0xfb, 0x9b, 0xe1, 0x64, 0xce, 0x98, 0xf5, 0x11, 0x40, 0xf7, 0x8b, 0x25,
-	0x18, 0x4f, 0x3f, 0x19, 0xb3, 0xdc, 0x47, 0xde, 0x67, 0x2f, 0x76, 0xc3, 0x1d, 0x12, 0x75, 0x68,
-	0x37, 0xac, 0x4c, 0xee, 0x63, 0x17, 0x06, 0xce, 0x79, 0x8a, 0xdd, 0xaa, 0xd1, 0x50, 0xaf, 0x2e,
-	0xa7, 0xc7, 0x8d, 0x22, 0xa7, 0x87, 0x1e, 0x59, 0x33, 0xe8, 0x47, 0xb1, 0xc4, 0x26, 0x7f, 0x6a,
-	0xff, 0xb0, 0xcc, 0x8d, 0xb9, 0xb6, 0xe7, 0x27, 0x5e, 0x20, 0x5e, 0x59, 0x4c, 0x1c, 0x65, 0xff,
-	0x2c, 0x77, 0xa3, 0xe0, 0xbc, 0xe7, 0xec, 0xaf, 0x0c, 0x80, 0xaa, 0x80, 0xc2, 0x82, 0x32, 0x0b,
-	0x0a, 0x69, 0x3d, 0x6c, 0x06, 0xad, 0xfa, 0xd2, 0x03, 0xfb, 0x45, 0x49, 0x71, 0x2f, 0x99, 0xe9,
-	0x4e, 0x57, 0x03, 0xb6, 0xa6, 0x41, 0xd8, 0xc4, 0xa3, 0x3d, 0xf1, 0xbd, 0x1d, 0xc2, 0x1f, 0x1a,
-	0x4c, 0xf7, 0x64, 0x49, 0x02, 0xb0, 0xc6, 0x61, 0x45, 0xb4, 0xbd, 0x8d, 0x0d, 0xe1, 0xf2, 0xd1,
-	0x45, 0xb4, 0xbd, 0x8d, 0x0d, 0xcc, 0x20, 0xfc, 0xde, 0xa5, 0x70, 0x5b, 0xd8, 0xfc, 0xc6, 0xbd,
-	0x4b, 0xe1, 0x36, 0x66, 0x10, 0xfa, 0x95, 0x82, 0x30, 0x6a, 0x3a, 0xbe, 0xf7, 0x26, 0x69, 0x28,
-	0x2e, 0xc2, 0xd6, 0x57, 0x5f, 0xe9, 0x5a, 0x37, 0x0a, 0xce, 0x7b, 0x8e, 0x4e, 0xe8, 0x56, 0x44,
-	0x1a, 0x9e, 0x9b, 0x98, 0xd4, 0x20, 0x3d, 0xa1, 0x57, 0xbb, 0x30, 0x70, 0xce, 0x53, 0x68, 0x16,
-	0xc6, 0x65, 0x05, 0x1b, 0x59, 0xf5, 0x71, 0x38, 0x5d, 0x3a, 0x0e, 0xa7, 0xc1, 0x38, 0x8b, 0x4f,
-	0x25, 0x56, 0x53, 0xd4, 0xa2, 0x65, 0x5b, 0x03, 0x43, 0x62, 0xc9, 0x1a, 0xb5, 0x58, 0x61, 0xd8,
-	0x9f, 0x28, 0x53, 0x0d, 0xdb, 0xa3, 0xe4, 0xf3, 0x7d, 0x0b, 0xa1, 0x4e, 0xcf, 0xc8, 0x81, 0x3e,
-	0x66, 0xe4, 0x0b, 0x30, 0x72, 0x2b, 0x0e, 0x03, 0x15, 0x9e, 0x5c, 0xe9, 0x19, 0x9e, 0x6c, 0x60,
-	0xe5, 0x87, 0x27, 0x0f, 0x16, 0x15, 0x9e, 0x3c, 0x74, 0x8f, 0xe1, 0xc9, 0xff, 0xba, 0x02, 0xea,
-	0x62, 0xcd, 0x6b, 0x24, 0xb9, 0x1d, 0x46, 0xdb, 0x5e, 0xb0, 0xc9, 0xaa, 0xb1, 0x7c, 0xc9, 0x92,
-	0x05, 0x5d, 0x96, 0xcc, 0xb4, 0xdd, 0x8d, 0x82, 0x2e, 0x47, 0x4c, 0x31, 0x9b, 0x5e, 0x33, 0x18,
-	0xf1, 0x30, 0x97, 0x4c, 0xe1, 0x18, 0xe1, 0xc1, 0x4f, 0xf5, 0x08, 0x7d, 0x0f, 0x80, 0xf4, 0x8f,
-	0x6f, 0x48, 0x09, 0xbc, 0x58, 0x4c, 0xff, 0x30, 0xd9, 0xd0, 0xf6, 0xed, 0x9a, 0x62, 0x82, 0x0d,
-	0x86, 0xe8, 0x33, 0x3a, 0xa5, 0x99, 0xe7, 0x31, 0x7d, 0xf4, 0x58, 0xc6, 0xa6, 0x9f, 0x84, 0x66,
-	0x0c, 0x43, 0x5e, 0xb0, 0x49, 0xe7, 0x89, 0x08, 0xe3, 0x7c, 0x6f, 0x5e, 0xb1, 0xaf, 0xa5, 0xd0,
-	0x69, 0xcc, 0x39, 0xbe, 0x13, 0xb8, 0x24, 0x5a, 0xe4, 0xe8, 0x7a, 0xcf, 0x23, 0x1a, 0xb0, 0x24,
-	0xd4, 0x75, 0xfb, 0x67, 0xa5, 0x9f, 0xdb, 0x3f, 0xcf, 0x7e, 0x3b, 0x4c, 0x74, 0x7d, 0xcc, 0x43,
-	0xe5, 0x2f, 0x1f, 0xa1, 0xcc, 0xd7, 0x2f, 0x0d, 0x6a, 0xa5, 0x75, 0x2d, 0x6c, 0xf0, 0xcb, 0x24,
-	0x23, 0xfd, 0x45, 0x85, 0xfd, 0x5a, 0xe0, 0x14, 0x51, 0x6a, 0xc6, 0x68, 0xc4, 0x26, 0x4b, 0x3a,
-	0x47, 0x5b, 0x4e, 0x44, 0x82, 0xe3, 0x9e, 0xa3, 0xab, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0xad, 0x54,
-	0xa2, 0xdd, 0xc5, 0xa3, 0x27, 0xda, 0xb1, 0xd2, 0xab, 0x79, 0x77, 0xae, 0xbd, 0x6d, 0xc1, 0x58,
-	0x90, 0x9a, 0xb9, 0xc5, 0xc4, 0xd6, 0xe7, 0xaf, 0x0a, 0x7e, 0x2f, 0x73, 0xba, 0x0d, 0x67, 0xf8,
-	0xe7, 0xa9, 0xb4, 0xca, 0x21, 0x55, 0x9a, 0xbe, 0xcc, 0x76, 0xb0, 0xd7, 0x65, 0xb6, 0x28, 0x50,
-	0xb7, 0x8c, 0x0f, 0x15, 0x51, 0xae, 0x24, 0x75, 0xc5, 0x38, 0xe4, 0x5c, 0x2f, 0x7e, 0xd3, 0xcc,
-	0xc3, 0x3d, 0xfc, 0x6d, 0xd3, 0xa3, 0xbd, 0xf2, 0x75, 0xed, 0xff, 0x33, 0x00, 0x27, 0xe4, 0x88,
-	0xc8, 0xbc, 0x1c, 0xaa, 0x1f, 0x39, 0x5f, 0x6d, 0x2b, 0x2b, 0xfd, 0x78, 0x59, 0x02, 0xb0, 0xc6,
-	0xa1, 0xf6, 0x58, 0x3b, 0x26, 0x2b, 0x2d, 0x12, 0x2c, 0x79, 0xeb, 0xb1, 0x38, 0x0b, 0x57, 0x0b,
-	0xe5, 0xba, 0x06, 0x61, 0x13, 0x8f, 0x25, 0x0b, 0xbb, 0x66, 0xc5, 0x0e, 0x9d, 0x2c, 0x2c, 0x0c,
-	0x55, 0x09, 0x47, 0x3f, 0x96, 0x7b, 0x07, 0x45, 0x31, 0xd9, 0xac, 0x5d, 0xe9, 0x48, 0x87, 0xbb,
-	0x7c, 0x02, 0xfd, 0x23, 0x0b, 0x4e, 0xf3, 0x56, 0x39, 0x92, 0xd7, 0x5b, 0x0d, 0x27, 0x21, 0x71,
-	0x31, 0xf7, 0x75, 0xe5, 0xf4, 0x4f, 0xbb, 0xb4, 0xf3, 0xd8, 0xe2, 0xfc, 0xde, 0xa0, 0x2f, 0x5a,
-	0x30, 0xbe, 0x9d, 0xaa, 0xb8, 0x25, 0x55, 0xc7, 0x51, 0xcb, 0xd1, 0xa4, 0x88, 0xea, 0xa5, 0x96,
-	0x6e, 0x8f, 0x71, 0x96, 0xbb, 0xfd, 0x17, 0x16, 0x98, 0x62, 0xf4, 0xfe, 0x17, 0xea, 0x3a, 0xbc,
-	0x29, 0x28, 0xad, 0xcb, 0x4a, 0x4f, 0xeb, 0xf2, 0x09, 0x28, 0xb7, 0xbd, 0x86, 0xd8, 0x5f, 0xe8,
-	0xd3, 0xf7, 0xc5, 0x05, 0x4c, 0xdb, 0xed, 0x3f, 0xa9, 0x68, 0x9f, 0x84, 0x48, 0x16, 0xfd, 0x6b,
-	0xf1, 0xda, 0x1b, 0xaa, 0x02, 0x2f, 0x7f, 0xf3, 0x6b, 0x5d, 0x15, 0x78, 0xbf, 0xf5, 0xf0, 0xb9,
-	0xc0, 0x7c, 0x80, 0x7a, 0x15, 0xe0, 0x1d, 0x3a, 0x20, 0x11, 0xf8, 0x16, 0x54, 0xe9, 0x16, 0x8c,
-	0x39, 0x17, 0xab, 0xa9, 0x4e, 0x55, 0x2f, 0x8b, 0xf6, 0xbb, 0x7b, 0x53, 0xdf, 0x72, 0xf8, 0x6e,
-	0xc9, 0xa7, 0xb1, 0xa2, 0x8f, 0x62, 0xa8, 0xd1, 0xdf, 0x2c, 0x67, 0x59, 0x6c, 0xee, 0xae, 0x2b,
-	0x99, 0x29, 0x01, 0x85, 0x24, 0x44, 0x6b, 0x3e, 0x28, 0x80, 0x1a, 0x45, 0xe4, 0x4c, 0xf9, 0x1e,
-	0x70, 0x55, 0x65, 0x0e, 0x4b, 0xc0, 0xdd, 0xbd, 0xa9, 0x97, 0x0f, 0xcf, 0x54, 0x3d, 0x8e, 0x35,
-	0x0b, 0x43, 0x35, 0x0e, 0xf7, 0xbc, 0xe7, 0xfd, 0xff, 0x0e, 0xe8, 0xf9, 0x2d, 0x8a, 0x33, 0xff,
-	0xb5, 0x98, 0xdf, 0x2f, 0x65, 0xe6, 0xf7, 0xb9, 0xae, 0xf9, 0x3d, 0x46, 0xc7, 0x2c, 0xa7, 0x64,
-	0xf4, 0xfd, 0x36, 0x16, 0x0e, 0xf6, 0x49, 0x30, 0x2b, 0xe9, 0x8d, 0xb6, 0x17, 0x91, 0x78, 0x35,
-	0x6a, 0x07, 0x5e, 0xb0, 0xc9, 0xa6, 0x6c, 0xd5, 0xb4, 0x92, 0x52, 0x60, 0x9c, 0xc5, 0xa7, 0x1b,
-	0x7f, 0x3a, 0x2f, 0x6e, 0x3a, 0x3b, 0x7c, 0xe6, 0x19, 0x85, 0x31, 0xeb, 0xa2, 0x1d, 0x2b, 0x0c,
-	0xb4, 0x05, 0x8f, 0x4b, 0x02, 0x0b, 0xc4, 0x27, 0xf4, 0x85, 0x58, 0x54, 0x61, 0xd4, 0xe4, 0x31,
-	0xff, 0x3c, 0x30, 0xe4, 0xeb, 0x05, 0x85, 0xc7, 0xf1, 0x3e, 0xb8, 0x78, 0x5f, 0x4a, 0xf6, 0x97,
-	0x59, 0x1c, 0x81, 0x51, 0xba, 0x81, 0xce, 0x3e, 0xdf, 0x6b, 0x7a, 0xb2, 0x7e, 0xa7, 0x9a, 0x7d,
-	0x4b, 0xb4, 0x11, 0x73, 0x18, 0xba, 0x0d, 0x43, 0xeb, 0xfc, 0xfe, 0xf7, 0x62, 0xee, 0x5d, 0x12,
-	0x97, 0xc9, 0xb3, 0xda, 0xdd, 0xf2, 0x66, 0xf9, 0xbb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xdf, 0xad,
-	0xc0, 0xb8, 0x8c, 0xf5, 0xba, 0xec, 0xc5, 0x2c, 0x3c, 0xc0, 0xbc, 0xd0, 0xa0, 0x74, 0xe0, 0x85,
-	0x06, 0x1f, 0x01, 0x68, 0x90, 0x96, 0x1f, 0x76, 0x98, 0x71, 0x38, 0x70, 0x68, 0xe3, 0x50, 0xed,
-	0x27, 0x16, 0x14, 0x15, 0x6c, 0x50, 0x14, 0x45, 0x4b, 0xf9, 0xfd, 0x08, 0x99, 0xa2, 0xa5, 0xc6,
-	0xed, 0x6c, 0x83, 0xf7, 0xf7, 0x76, 0x36, 0x0f, 0xc6, 0x79, 0x17, 0x55, 0x81, 0x84, 0x7b, 0xa8,
-	0x83, 0xc0, 0x52, 0xcc, 0x16, 0xd2, 0x64, 0x70, 0x96, 0xae, 0x79, 0xf5, 0x5a, 0xf5, 0x7e, 0x5f,
-	0xbd, 0xf6, 0x7e, 0xa8, 0xc9, 0xef, 0x1c, 0x4f, 0xd6, 0x74, 0xf1, 0x1e, 0x39, 0x0d, 0x62, 0xac,
-	0xe1, 0x5d, 0xb5, 0x5e, 0xe0, 0x41, 0xd5, 0x7a, 0xb1, 0xdf, 0x2e, 0xd3, 0x5d, 0x05, 0xef, 0xd7,
-	0xa1, 0x6f, 0x2e, 0xbc, 0x6c, 0xdc, 0x5c, 0x78, 0xb8, 0xef, 0x59, 0xcd, 0xdc, 0x70, 0xf8, 0x38,
-	0x0c, 0x24, 0xce, 0xa6, 0xcc, 0x88, 0x65, 0xd0, 0x35, 0x67, 0x33, 0xc6, 0xac, 0xf5, 0x30, 0x35,
-	0x9e, 0x5f, 0x86, 0xd1, 0xd8, 0xdb, 0x0c, 0x9c, 0xa4, 0x1d, 0x11, 0xe3, 0x30, 0x51, 0x47, 0xcc,
-	0x98, 0x40, 0x9c, 0xc6, 0x45, 0x9f, 0xb4, 0x00, 0x22, 0xa2, 0xf6, 0x2c, 0x83, 0x45, 0xcc, 0x21,
-	0x25, 0x06, 0x24, 0x5d, 0xb3, 0x46, 0x87, 0xda, 0xab, 0x18, 0x6c, 0xed, 0x4f, 0x5b, 0x30, 0xd1,
-	0xf5, 0x14, 0x6a, 0xc1, 0xa0, 0xcb, 0xee, 0x97, 0x2c, 0xa6, 0x2e, 0x65, 0xfa, 0xae, 0x4a, 0xae,
-	0x9c, 0x78, 0x1b, 0x16, 0x7c, 0xec, 0x5f, 0x1e, 0x81, 0x53, 0xf5, 0xf9, 0x65, 0x79, 0x2b, 0xd1,
-	0xb1, 0xa5, 0xf8, 0xe6, 0xf1, 0xb8, 0x7f, 0x29, 0xbe, 0x3d, 0xb8, 0xfb, 0x46, 0x8a, 0xaf, 0x6f,
-	0xa4, 0xf8, 0xa6, 0xf3, 0x2d, 0xcb, 0x45, 0xe4, 0x5b, 0xe6, 0xf5, 0xa0, 0x9f, 0x7c, 0xcb, 0x63,
-	0xcb, 0xf9, 0xdd, 0xb7, 0x43, 0x87, 0xca, 0xf9, 0x55, 0x09, 0xd1, 0x85, 0xa4, 0x77, 0xf5, 0xf8,
-	0x54, 0xb9, 0x09, 0xd1, 0x2a, 0x19, 0x95, 0xa7, 0x2e, 0x0a, 0xa5, 0xf7, 0x5a, 0xf1, 0x1d, 0xe8,
-	0x23, 0x19, 0x55, 0x64, 0x4f, 0x9a, 0x09, 0xd0, 0x43, 0x45, 0x24, 0x40, 0xe7, 0x75, 0xe7, 0xc0,
-	0x04, 0xe8, 0x97, 0x61, 0xd4, 0xf5, 0xc3, 0x80, 0xac, 0x46, 0x61, 0x12, 0xba, 0xa1, 0xbc, 0xcd,
-	0x5b, 0x5f, 0xcc, 0x68, 0x02, 0x71, 0x1a, 0xb7, 0x57, 0xf6, 0x74, 0xed, 0xa8, 0xd9, 0xd3, 0xf0,
-	0x80, 0xb2, 0xa7, 0x8d, 0xfc, 0xe0, 0xe1, 0x22, 0xf2, 0x83, 0xf3, 0xbe, 0x48, 0x5f, 0xf9, 0xc1,
-	0xef, 0xf0, 0xcb, 0xec, 0xe9, 0x66, 0x84, 0x4b, 0x61, 0x76, 0x44, 0x37, 0x7c, 0xfe, 0xf5, 0x63,
-	0x98, 0xb0, 0x37, 0xeb, 0x9a, 0x8d, 0xba, 0xe0, 0x5e, 0x37, 0xe1, 0x74, 0x47, 0x8e, 0x92, 0x53,
-	0xfc, 0xe3, 0x25, 0xf8, 0xba, 0x03, 0xbb, 0x80, 0x6e, 0x03, 0x24, 0xce, 0xa6, 0x98, 0xa8, 0xe2,
-	0x20, 0xeb, 0x88, 0x41, 0xbe, 0x6b, 0x92, 0x9e, 0xc8, 0x77, 0x53, 0xe4, 0xb1, 0xc1, 0x8a, 0xc5,
-	0xf6, 0x86, 0x7e, 0x57, 0x49, 0x69, 0x1c, 0xfa, 0x04, 0x33, 0x08, 0x35, 0x84, 0x22, 0xb2, 0x49,
-	0x8d, 0xfb, 0x72, 0xda, 0x10, 0xc2, 0xac, 0x15, 0x0b, 0x28, 0x7a, 0x11, 0x86, 0x1d, 0xdf, 0xe7,
-	0xb9, 0x77, 0x24, 0x16, 0x37, 0xa6, 0xea, 0x42, 0xb2, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0xcf, 0x4b,
-	0x30, 0x75, 0x80, 0x4c, 0xe9, 0xca, 0xb9, 0xae, 0xf4, 0x9d, 0x73, 0x2d, 0x72, 0x87, 0x06, 0x7b,
-	0xe4, 0x0e, 0xbd, 0x08, 0xc3, 0x09, 0x71, 0x9a, 0x22, 0x2c, 0x30, 0x5b, 0x1f, 0x71, 0x4d, 0x83,
-	0xb0, 0x89, 0x47, 0xa5, 0xd8, 0x98, 0xe3, 0xba, 0x24, 0x8e, 0x65, 0x72, 0x90, 0xf0, 0x72, 0x17,
-	0x96, 0x79, 0xc4, 0x0e, 0x0f, 0x66, 0x53, 0x2c, 0x70, 0x86, 0x65, 0x76, 0xc0, 0x6b, 0x7d, 0x0e,
-	0xf8, 0x4f, 0x95, 0xe0, 0x89, 0x7d, 0xb5, 0x5b, 0xdf, 0x79, 0x5b, 0xed, 0x98, 0x44, 0xd9, 0x89,
-	0x73, 0x3d, 0x26, 0x11, 0x66, 0x10, 0x3e, 0x4a, 0xad, 0x96, 0x0a, 0xe9, 0x2e, 0x3e, 0xd1, 0x91,
-	0x8f, 0x52, 0x8a, 0x05, 0xce, 0xb0, 0xbc, 0xd7, 0x69, 0xf9, 0xbb, 0x03, 0xf0, 0x54, 0x1f, 0x36,
-	0x40, 0x81, 0x09, 0xa1, 0xe9, 0x64, 0xe7, 0xf2, 0x03, 0x4a, 0x76, 0xbe, 0xb7, 0xe1, 0x7a, 0x37,
-	0x47, 0xba, 0xaf, 0xc4, 0xd3, 0x2f, 0x97, 0xe0, 0x6c, 0x6f, 0x83, 0x05, 0x7d, 0x1b, 0x8c, 0x47,
-	0x2a, 0x3e, 0xd0, 0xcc, 0x93, 0x3e, 0xc9, 0x7d, 0x5c, 0x29, 0x10, 0xce, 0xe2, 0xa2, 0x69, 0x80,
-	0x96, 0x93, 0x6c, 0xc5, 0x17, 0x76, 0xbd, 0x38, 0x11, 0x85, 0xe5, 0xc6, 0xf8, 0xc9, 0xab, 0x6c,
-	0xc5, 0x06, 0x06, 0x65, 0xc7, 0xfe, 0x2d, 0x84, 0xd7, 0xc2, 0x84, 0x3f, 0xc4, 0xb7, 0x9e, 0x27,
-	0xe5, 0x35, 0x8c, 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0xb6, 0xcf, 0x3b, 0x3a, 0xa0, 0x33,
-	0xab, 0x97, 0x54, 0x2b, 0x36, 0x30, 0xb2, 0x19, 0xe0, 0x95, 0x83, 0x33, 0xc0, 0xed, 0x7f, 0x59,
-	0x82, 0x33, 0x3d, 0x0d, 0xde, 0xfe, 0xc4, 0xd4, 0xc3, 0x97, 0x85, 0x7d, 0x8f, 0x2b, 0xec, 0x50,
-	0xd9, 0xbb, 0xf6, 0x1f, 0xf7, 0x98, 0x69, 0x22, 0x33, 0xf7, 0xde, 0x8b, 0x98, 0x3c, 0x7c, 0xe3,
-	0xd9, 0x95, 0x8c, 0x3b, 0x70, 0x88, 0x64, 0xdc, 0xcc, 0xc7, 0xa8, 0xf4, 0xa9, 0x1d, 0xfe, 0xeb,
-	0x40, 0xcf, 0xe1, 0xa5, 0x1b, 0xe4, 0xbe, 0x4e, 0x10, 0x16, 0xe0, 0x84, 0x17, 0xb0, 0x8b, 0x75,
-	0xeb, 0xed, 0x75, 0x51, 0x6b, 0x8c, 0x17, 0xd4, 0x55, 0xa9, 0x30, 0x8b, 0x19, 0x38, 0xee, 0x7a,
-	0xe2, 0x21, 0x4c, 0x8e, 0xbe, 0xb7, 0x21, 0x3d, 0xa4, 0xe4, 0x5e, 0x81, 0xd3, 0x72, 0x28, 0xb6,
-	0x9c, 0x88, 0x34, 0x84, 0xb2, 0x8d, 0x45, 0xf2, 0xd3, 0x19, 0x9e, 0x40, 0x95, 0x83, 0x80, 0xf3,
-	0x9f, 0x63, 0xb7, 0xa0, 0x86, 0x2d, 0xcf, 0x15, 0x5b, 0x41, 0x7d, 0x0b, 0x2a, 0x6d, 0xc4, 0x1c,
-	0xa6, 0xf5, 0x45, 0xed, 0xfe, 0xe8, 0x8b, 0x8f, 0x40, 0x4d, 0x8d, 0x37, 0x4f, 0x70, 0x50, 0x93,
-	0xbc, 0x2b, 0xc1, 0x41, 0xcd, 0x70, 0x03, 0x8b, 0xce, 0x0e, 0xba, 0x51, 0xc9, 0xac, 0x56, 0xca,
-	0x8f, 0xb6, 0xdb, 0xcf, 0xc3, 0x88, 0xf2, 0x05, 0xf6, 0x7b, 0x17, 0xad, 0xfd, 0x57, 0x25, 0xc8,
-	0x5c, 0xbb, 0x86, 0x76, 0xa1, 0xd6, 0x90, 0xd7, 0xf8, 0x17, 0x53, 0xd0, 0x79, 0x41, 0x92, 0xd3,
-	0x07, 0x61, 0xaa, 0x09, 0x6b, 0x66, 0xe8, 0x2d, 0x5e, 0x3b, 0x59, 0xb0, 0x2e, 0x15, 0x91, 0x20,
-	0x5f, 0x57, 0xf4, 0xcc, 0xcb, 0x26, 0x65, 0x1b, 0x36, 0xf8, 0xa1, 0x04, 0x6a, 0x5b, 0xf2, 0x7a,
-	0xb9, 0x62, 0xc4, 0x9d, 0xba, 0xad, 0x8e, 0x9b, 0x68, 0xea, 0x2f, 0xd6, 0x8c, 0xec, 0x3f, 0x2a,
-	0xc1, 0xa9, 0xf4, 0x07, 0x10, 0x07, 0x97, 0x3f, 0x63, 0xc1, 0xa3, 0xbe, 0x13, 0x27, 0xf5, 0x36,
-	0xdb, 0x28, 0x6c, 0xb4, 0xfd, 0x95, 0x4c, 0x99, 0xed, 0xa3, 0x3a, 0x5b, 0x14, 0xe1, 0xec, 0x75,
-	0x84, 0x73, 0x8f, 0xdd, 0xd9, 0x9b, 0x7a, 0x74, 0x29, 0x9f, 0x39, 0xee, 0xd5, 0x2b, 0xf4, 0xb6,
-	0x05, 0x27, 0xdc, 0x76, 0x14, 0x91, 0x20, 0xd1, 0x5d, 0xe5, 0x5f, 0xf1, 0x5a, 0x21, 0x03, 0xa9,
-	0x3b, 0x78, 0x8a, 0x0a, 0xd4, 0xf9, 0x0c, 0x2f, 0xdc, 0xc5, 0xdd, 0xfe, 0x21, 0xaa, 0x39, 0x7b,
-	0xbe, 0xe7, 0xdf, 0xb0, 0xfb, 0x13, 0xff, 0x74, 0x10, 0x46, 0x53, 0xb5, 0xc4, 0x53, 0x87, 0x7d,
-	0xd6, 0x81, 0x87, 0x7d, 0x2c, 0x5d, 0xaf, 0x1d, 0xc8, 0xab, 0xe5, 0x8d, 0x74, 0xbd, 0x76, 0x40,
-	0x30, 0x87, 0x89, 0x21, 0xc5, 0xed, 0x40, 0xe4, 0x02, 0x98, 0x43, 0x8a, 0xdb, 0x01, 0x16, 0x50,
-	0xf4, 0x71, 0x0b, 0x46, 0xd8, 0xe2, 0x13, 0x47, 0xa5, 0x42, 0xa1, 0x5d, 0x29, 0x60, 0xb9, 0xcb,
-	0xba, 0xf9, 0x2c, 0x76, 0xd4, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0x53, 0x16, 0xd4, 0xd4, 0x3d, 0xb6,
-	0xe2, 0x6c, 0xa4, 0x5e, 0x6c, 0xa9, 0xf6, 0x8c, 0xd4, 0x53, 0x35, 0xb3, 0xb1, 0x66, 0x8c, 0x62,
-	0x75, 0x8e, 0x39, 0x74, 0x3c, 0xe7, 0x98, 0x90, 0x73, 0x86, 0xf9, 0x7e, 0xa8, 0x35, 0x9d, 0xc0,
-	0xdb, 0x20, 0x71, 0xc2, 0x8f, 0x16, 0xe5, 0xcd, 0x1c, 0xb2, 0x11, 0x6b, 0x38, 0x35, 0xf6, 0x63,
-	0xf6, 0x62, 0x89, 0x71, 0x16, 0xc8, 0x8c, 0xfd, 0xba, 0x6e, 0xc6, 0x26, 0x8e, 0x79, 0x70, 0x09,
-	0x0f, 0xf4, 0xe0, 0x72, 0xf8, 0x80, 0x83, 0xcb, 0x3a, 0x9c, 0x76, 0xda, 0x49, 0x78, 0x99, 0x38,
-	0xfe, 0x6c, 0x92, 0x90, 0x66, 0x2b, 0x89, 0x79, 0xf9, 0xf9, 0x11, 0xe6, 0x02, 0x56, 0xd1, 0x6e,
-	0x75, 0xe2, 0x6f, 0x74, 0x21, 0xe1, 0xfc, 0x67, 0xed, 0x7f, 0x6e, 0xc1, 0xe9, 0xdc, 0xa9, 0xf0,
-	0xf0, 0xe6, 0x19, 0xd8, 0x3f, 0x52, 0x81, 0x93, 0x39, 0x37, 0x0d, 0xa0, 0x8e, 0xb9, 0x48, 0xac,
-	0x22, 0x42, 0xf6, 0xd2, 0x11, 0x68, 0xf2, 0xdb, 0xe4, 0xac, 0x8c, 0xc3, 0xc5, 0x22, 0xe8, 0x78,
-	0x80, 0xf2, 0xfd, 0x8d, 0x07, 0x30, 0xe6, 0xfa, 0xc0, 0x03, 0x9d, 0xeb, 0x95, 0x03, 0xe6, 0xfa,
-	0xcf, 0x5a, 0x30, 0xd9, 0xec, 0x71, 0x6d, 0x98, 0x38, 0x4f, 0xba, 0x71, 0x3c, 0x97, 0x92, 0xcd,
-	0x3d, 0x7e, 0x67, 0x6f, 0xaa, 0xe7, 0x6d, 0x6d, 0xb8, 0x67, 0xaf, 0xec, 0xaf, 0x94, 0x81, 0xd9,
-	0x6b, 0xac, 0x9a, 0x74, 0x07, 0x7d, 0xcc, 0xbc, 0xb0, 0xc4, 0x2a, 0xea, 0x72, 0x0d, 0x4e, 0x5c,
-	0x5d, 0x78, 0xc2, 0x47, 0x30, 0xef, 0xfe, 0x93, 0xac, 0x24, 0x2c, 0xf5, 0x21, 0x09, 0x7d, 0x79,
-	0x33, 0x4c, 0xb9, 0xf8, 0x9b, 0x61, 0x6a, 0xd9, 0x5b, 0x61, 0xf6, 0xff, 0xc4, 0x03, 0x0f, 0xe5,
-	0x27, 0xfe, 0x15, 0x8b, 0x0b, 0x9e, 0xcc, 0x57, 0xd0, 0xe6, 0x86, 0xb5, 0x8f, 0xb9, 0xf1, 0x0c,
-	0x54, 0x63, 0x21, 0x99, 0x85, 0x59, 0xa2, 0x43, 0xc1, 0x44, 0x3b, 0x56, 0x18, 0x74, 0xd7, 0xe5,
-	0xf8, 0x7e, 0x78, 0xfb, 0x42, 0xb3, 0x95, 0x74, 0x84, 0x81, 0xa2, 0xb6, 0x05, 0xb3, 0x0a, 0x82,
-	0x0d, 0x2c, 0xf4, 0x14, 0x0c, 0xf2, 0xb2, 0x0f, 0xc2, 0xb9, 0x33, 0x4c, 0xd7, 0x21, 0xaf, 0x09,
-	0xd1, 0xc0, 0x02, 0x64, 0x6f, 0x81, 0xb1, 0xab, 0xb8, 0xf7, 0xbb, 0xa9, 0x0f, 0xbe, 0x6e, 0xd2,
-	0xfe, 0x07, 0x25, 0xc1, 0x8a, 0xef, 0x12, 0x74, 0x64, 0xa0, 0x75, 0xc8, 0xc8, 0xc0, 0xb7, 0x00,
-	0xdc, 0xb0, 0xd9, 0xa2, 0xfb, 0xe6, 0xb5, 0xb0, 0x98, 0xcd, 0xd6, 0xbc, 0xa2, 0xa7, 0x47, 0x55,
-	0xb7, 0x61, 0x83, 0x5f, 0x4a, 0xb4, 0x97, 0x0f, 0x14, 0xed, 0x29, 0x29, 0x37, 0xb0, 0xbf, 0x94,
-	0xb3, 0xff, 0xdc, 0x82, 0x94, 0xd5, 0x87, 0x5a, 0x50, 0xa1, 0xdd, 0xed, 0x08, 0x81, 0xb1, 0x52,
-	0x9c, 0x89, 0x49, 0x25, 0xb5, 0x58, 0x85, 0xec, 0x27, 0xe6, 0x8c, 0x90, 0x2f, 0xa2, 0x20, 0x0b,
-	0xd9, 0xfc, 0x98, 0x0c, 0x2f, 0x87, 0xe1, 0x36, 0x0f, 0x26, 0xd2, 0x11, 0x95, 0xf6, 0x4b, 0x30,
-	0xd1, 0xd5, 0x29, 0x76, 0x9f, 0x75, 0x28, 0x77, 0xf0, 0xc6, 0xea, 0x61, 0xd5, 0x17, 0x30, 0x87,
-	0xd9, 0x5f, 0xb6, 0xe0, 0x44, 0x96, 0x3c, 0x7a, 0xc7, 0x82, 0x89, 0x38, 0x4b, 0xef, 0xb8, 0xc6,
-	0x4e, 0x65, 0x3b, 0x74, 0x81, 0x70, 0x77, 0x27, 0xec, 0xff, 0x21, 0xb4, 0xc1, 0x4d, 0x2f, 0x68,
-	0x84, 0xb7, 0x95, 0x9d, 0x64, 0xf5, 0xb4, 0x93, 0xa8, 0x78, 0x70, 0xb7, 0x48, 0xa3, 0xed, 0x77,
-	0xd5, 0x84, 0xa8, 0x8b, 0x76, 0xac, 0x30, 0x58, 0x0a, 0x7c, 0x5b, 0xec, 0x5b, 0x33, 0x93, 0x72,
-	0x41, 0xb4, 0x63, 0x85, 0x81, 0x5e, 0x80, 0x11, 0xe3, 0x25, 0xe5, 0xbc, 0x64, 0x9b, 0x0e, 0x43,
-	0x83, 0xc7, 0x38, 0x85, 0x85, 0xa6, 0x01, 0x94, 0xcd, 0x25, 0x35, 0x36, 0x73, 0xb4, 0x2b, 0xc1,
-	0x18, 0x63, 0x03, 0x83, 0x15, 0x9c, 0xf0, 0xdb, 0x31, 0x3b, 0x49, 0x1e, 0xd4, 0xb7, 0x2b, 0xcc,
-	0x8b, 0x36, 0xac, 0xa0, 0x54, 0xb8, 0x35, 0x9d, 0xa0, 0xed, 0xf8, 0x74, 0x84, 0x84, 0xeb, 0x4c,
-	0x2d, 0xc3, 0x65, 0x05, 0xc1, 0x06, 0x16, 0x7d, 0xe3, 0xc4, 0x6b, 0x92, 0x57, 0xc3, 0x40, 0x46,
-	0xa9, 0xeb, 0xe0, 0x02, 0xd1, 0x8e, 0x15, 0x06, 0x7a, 0x09, 0x86, 0x9d, 0xa0, 0xc1, 0x0d, 0xc4,
-	0x30, 0x12, 0x67, 0x94, 0x6a, 0xf7, 0x79, 0x3d, 0x26, 0xb3, 0x1a, 0x8a, 0x4d, 0xd4, 0xec, 0xd5,
-	0x12, 0xd0, 0xe7, 0xd5, 0x75, 0x7f, 0x66, 0xc1, 0xb8, 0xae, 0x20, 0xc4, 0x3c, 0x6c, 0x29, 0xd7,
-	0xa2, 0x75, 0xa0, 0x6b, 0x31, 0x5d, 0x48, 0xa4, 0xd4, 0x57, 0x21, 0x11, 0xb3, 0xc6, 0x47, 0x79,
-	0xdf, 0x1a, 0x1f, 0xdf, 0x00, 0x43, 0xdb, 0xa4, 0x63, 0x14, 0x03, 0x61, 0xca, 0xe1, 0x2a, 0x6f,
-	0xc2, 0x12, 0x86, 0x6c, 0x18, 0x74, 0x1d, 0x55, 0x50, 0x70, 0x44, 0xc4, 0xa6, 0xcd, 0x32, 0x24,
-	0x01, 0xb1, 0x57, 0xa0, 0xa6, 0x0e, 0xf5, 0xa5, 0xa7, 0xcf, 0xca, 0xf7, 0xf4, 0xf5, 0x75, 0x09,
-	0xfe, 0xdc, 0xfa, 0x6f, 0x7e, 0xf5, 0xc9, 0xf7, 0xfc, 0xce, 0x57, 0x9f, 0x7c, 0xcf, 0x1f, 0x7e,
-	0xf5, 0xc9, 0xf7, 0x7c, 0xfc, 0xce, 0x93, 0xd6, 0x6f, 0xde, 0x79, 0xd2, 0xfa, 0x9d, 0x3b, 0x4f,
-	0x5a, 0x7f, 0x78, 0xe7, 0x49, 0xeb, 0x2b, 0x77, 0x9e, 0xb4, 0xde, 0xfe, 0x2f, 0x4f, 0xbe, 0xe7,
-	0xd5, 0xdc, 0xbc, 0x08, 0xfa, 0xe3, 0x59, 0xb7, 0x31, 0xb3, 0xf3, 0x3c, 0x0b, 0xcd, 0xa7, 0xeb,
-	0x79, 0xc6, 0x98, 0xc4, 0x33, 0x72, 0x3d, 0xff, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x46, 0x6f,
-	0xd4, 0x86, 0x81, 0x00, 0x01, 0x00,
+	// 12357 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0x49,
+	0x56, 0xd8, 0x55, 0xb7, 0x5a, 0xea, 0x7e, 0xfa, 0x1a, 0xe5, 0xcc, 0xec, 0x6a, 0x66, 0x3f, 0x34,
+	0xd4, 0xc2, 0xde, 0xe1, 0xdb, 0x95, 0xd8, 0xd9, 0xdd, 0x63, 0xcd, 0xc2, 0x81, 0x3e, 0xe6, 0x43,
+	0x33, 0xd2, 0x48, 0x9b, 0xad, 0x99, 0xe1, 0xf6, 0xd8, 0xdb, 0x2b, 0x55, 0xa7, 0xa4, 0x1a, 0x55,
+	0x57, 0xf5, 0x56, 0x55, 0x6b, 0xd4, 0xcb, 0x72, 0xdc, 0x71, 0x77, 0x70, 0x70, 0x5f, 0x6b, 0x70,
+	0x98, 0xc5, 0x36, 0xf8, 0x30, 0xf8, 0x23, 0xc2, 0x71, 0x01, 0x36, 0x3f, 0x4c, 0x04, 0x10, 0x84,
+	0x81, 0x20, 0xc0, 0x5f, 0x60, 0x02, 0x03, 0x36, 0x20, 0xdf, 0x8d, 0xed, 0x80, 0x70, 0x84, 0x89,
+	0x00, 0xfb, 0x87, 0x63, 0xec, 0x20, 0x1c, 0xf9, 0x9d, 0x55, 0x5d, 0x2d, 0xb5, 0x46, 0xa5, 0x99,
+	0x39, 0xd8, 0x7f, 0xdd, 0xf9, 0x5e, 0xbd, 0x97, 0x95, 0x95, 0xf9, 0xde, 0xcb, 0x97, 0xef, 0xbd,
+	0x84, 0xa5, 0x4d, 0x2f, 0xd9, 0x6a, 0xaf, 0x4f, 0xbb, 0x61, 0x73, 0xc6, 0x89, 0x36, 0xc3, 0x56,
+	0x14, 0xde, 0x62, 0x3f, 0x9e, 0x75, 0x1b, 0x33, 0x3b, 0xcf, 0xcf, 0xb4, 0xb6, 0x37, 0x67, 0x9c,
+	0x96, 0x17, 0xcf, 0x38, 0xad, 0x96, 0xef, 0xb9, 0x4e, 0xe2, 0x85, 0xc1, 0xcc, 0xce, 0x73, 0x8e,
+	0xdf, 0xda, 0x72, 0x9e, 0x9b, 0xd9, 0x24, 0x01, 0x89, 0x9c, 0x84, 0x34, 0xa6, 0x5b, 0x51, 0x98,
+	0x84, 0xe8, 0x5b, 0x35, 0xb5, 0x69, 0x49, 0x8d, 0xfd, 0x78, 0xdd, 0x6d, 0x4c, 0xef, 0x3c, 0x3f,
+	0xdd, 0xda, 0xde, 0x9c, 0xa6, 0xd4, 0xa6, 0x0d, 0x6a, 0xd3, 0x92, 0xda, 0xd9, 0x67, 0x8d, 0xbe,
+	0x6c, 0x86, 0x9b, 0xe1, 0x0c, 0x23, 0xba, 0xde, 0xde, 0x60, 0xff, 0xd8, 0x1f, 0xf6, 0x8b, 0x33,
+	0x3b, 0x6b, 0x6f, 0xbf, 0x14, 0x4f, 0x7b, 0x21, 0xed, 0xde, 0x8c, 0x1b, 0x46, 0x64, 0x66, 0xa7,
+	0xab, 0x43, 0x67, 0x2f, 0x6b, 0x1c, 0xb2, 0x9b, 0x90, 0x20, 0xf6, 0xc2, 0x20, 0x7e, 0x96, 0x76,
+	0x81, 0x44, 0x3b, 0x24, 0x32, 0x5f, 0xcf, 0x40, 0xc8, 0xa3, 0xf4, 0x82, 0xa6, 0xd4, 0x74, 0xdc,
+	0x2d, 0x2f, 0x20, 0x51, 0x47, 0x3f, 0xde, 0x24, 0x89, 0x93, 0xf7, 0xd4, 0x4c, 0xaf, 0xa7, 0xa2,
+	0x76, 0x90, 0x78, 0x4d, 0xd2, 0xf5, 0xc0, 0x07, 0x0e, 0x7a, 0x20, 0x76, 0xb7, 0x48, 0xd3, 0xe9,
+	0x7a, 0xee, 0xf9, 0x5e, 0xcf, 0xb5, 0x13, 0xcf, 0x9f, 0xf1, 0x82, 0x24, 0x4e, 0xa2, 0xec, 0x43,
+	0xf6, 0xdf, 0xb7, 0x60, 0x74, 0xf6, 0x66, 0x7d, 0xb6, 0x9d, 0x6c, 0xcd, 0x87, 0xc1, 0x86, 0xb7,
+	0x89, 0x5e, 0x84, 0x61, 0xd7, 0x6f, 0xc7, 0x09, 0x89, 0xae, 0x39, 0x4d, 0x32, 0x69, 0x9d, 0xb3,
+	0xde, 0x57, 0x9b, 0x3b, 0xf9, 0x1b, 0x7b, 0x53, 0xef, 0xb9, 0xb3, 0x37, 0x35, 0x3c, 0xaf, 0x41,
+	0xd8, 0xc4, 0x43, 0xdf, 0x08, 0x43, 0x51, 0xe8, 0x93, 0x59, 0x7c, 0x6d, 0xb2, 0xc4, 0x1e, 0x19,
+	0x17, 0x8f, 0x0c, 0x61, 0xde, 0x8c, 0x25, 0x9c, 0xa2, 0xb6, 0xa2, 0x70, 0xc3, 0xf3, 0xc9, 0x64,
+	0x39, 0x8d, 0xba, 0xca, 0x9b, 0xb1, 0x84, 0xdb, 0x3f, 0x56, 0x82, 0xf1, 0xd9, 0x56, 0xeb, 0x32,
+	0x71, 0xfc, 0x64, 0xab, 0x9e, 0x38, 0x49, 0x3b, 0x46, 0x9b, 0x30, 0x18, 0xb3, 0x5f, 0xa2, 0x6f,
+	0x2b, 0xe2, 0xe9, 0x41, 0x0e, 0xbf, 0xbb, 0x37, 0xf5, 0x6d, 0x79, 0x33, 0x7a, 0xd3, 0x4b, 0xc2,
+	0x56, 0xfc, 0x2c, 0x09, 0x36, 0xbd, 0x80, 0xb0, 0x71, 0xd9, 0x62, 0x54, 0xa7, 0x4d, 0xe2, 0xf3,
+	0x61, 0x83, 0x60, 0x41, 0x9e, 0xf6, 0xb3, 0x49, 0xe2, 0xd8, 0xd9, 0x24, 0xd9, 0x57, 0x5a, 0xe6,
+	0xcd, 0x58, 0xc2, 0x51, 0x04, 0xc8, 0x77, 0xe2, 0x64, 0x2d, 0x72, 0x82, 0xd8, 0xa3, 0x53, 0x7a,
+	0xcd, 0x6b, 0xf2, 0xb7, 0x1b, 0x3e, 0xff, 0x37, 0xa6, 0xf9, 0x87, 0x99, 0x36, 0x3f, 0x8c, 0x5e,
+	0x07, 0x74, 0xde, 0x4c, 0xef, 0x3c, 0x37, 0x4d, 0x9f, 0x98, 0x7b, 0xe4, 0xce, 0xde, 0x14, 0x5a,
+	0xea, 0xa2, 0x84, 0x73, 0xa8, 0xdb, 0xbf, 0x57, 0x02, 0x98, 0x6d, 0xb5, 0x56, 0xa3, 0xf0, 0x16,
+	0x71, 0x13, 0xf4, 0x51, 0xa8, 0x52, 0x52, 0x0d, 0x27, 0x71, 0xd8, 0xc0, 0x0c, 0x9f, 0xff, 0xa6,
+	0xfe, 0x18, 0xaf, 0xac, 0xd3, 0xe7, 0x97, 0x49, 0xe2, 0xcc, 0x21, 0xf1, 0x82, 0xa0, 0xdb, 0xb0,
+	0xa2, 0x8a, 0x02, 0x18, 0x88, 0x5b, 0xc4, 0x65, 0x83, 0x31, 0x7c, 0x7e, 0x69, 0xfa, 0x28, 0x2b,
+	0x7d, 0x5a, 0xf7, 0xbc, 0xde, 0x22, 0xee, 0xdc, 0x88, 0xe0, 0x3c, 0x40, 0xff, 0x61, 0xc6, 0x07,
+	0xed, 0xa8, 0x0f, 0xcd, 0x07, 0xf2, 0x5a, 0x61, 0x1c, 0x19, 0xd5, 0xb9, 0xb1, 0xf4, 0xc4, 0x91,
+	0xdf, 0xdd, 0xfe, 0x63, 0x0b, 0xc6, 0x34, 0xf2, 0x92, 0x17, 0x27, 0xe8, 0xbb, 0xba, 0x06, 0x77,
+	0xba, 0xbf, 0xc1, 0xa5, 0x4f, 0xb3, 0xa1, 0x3d, 0x21, 0x98, 0x55, 0x65, 0x8b, 0x31, 0xb0, 0x4d,
+	0xa8, 0x78, 0x09, 0x69, 0xc6, 0x93, 0xa5, 0x73, 0xe5, 0xf7, 0x0d, 0x9f, 0xbf, 0x5c, 0xd4, 0x7b,
+	0xce, 0x8d, 0x0a, 0xa6, 0x95, 0x45, 0x4a, 0x1e, 0x73, 0x2e, 0xf6, 0x5f, 0x8c, 0x9a, 0xef, 0x47,
+	0x07, 0x1c, 0x3d, 0x07, 0xc3, 0x71, 0xd8, 0x8e, 0x5c, 0x82, 0x49, 0x2b, 0xa4, 0x0b, 0xab, 0x4c,
+	0xa7, 0x3b, 0x5d, 0xf0, 0x75, 0xdd, 0x8c, 0x4d, 0x1c, 0xf4, 0x05, 0x0b, 0x46, 0x1a, 0x24, 0x4e,
+	0xbc, 0x80, 0xf1, 0x97, 0x9d, 0x5f, 0x3b, 0x72, 0xe7, 0x65, 0xe3, 0x82, 0x26, 0x3e, 0x77, 0x4a,
+	0xbc, 0xc8, 0x88, 0xd1, 0x18, 0xe3, 0x14, 0x7f, 0x2a, 0xb8, 0x1a, 0x24, 0x76, 0x23, 0xaf, 0x45,
+	0xff, 0x0b, 0xd1, 0xa2, 0x04, 0xd7, 0x82, 0x06, 0x61, 0x13, 0x0f, 0x05, 0x50, 0xa1, 0x82, 0x29,
+	0x9e, 0x1c, 0x60, 0xfd, 0x5f, 0x3c, 0x5a, 0xff, 0xc5, 0xa0, 0x52, 0x99, 0xa7, 0x47, 0x9f, 0xfe,
+	0x8b, 0x31, 0x67, 0x83, 0x3e, 0x6f, 0xc1, 0xa4, 0x10, 0x9c, 0x98, 0xf0, 0x01, 0xbd, 0xb9, 0xe5,
+	0x25, 0xc4, 0xf7, 0xe2, 0x64, 0xb2, 0xc2, 0xfa, 0x30, 0xd3, 0xdf, 0xdc, 0xba, 0x14, 0x85, 0xed,
+	0xd6, 0x55, 0x2f, 0x68, 0xcc, 0x9d, 0x13, 0x9c, 0x26, 0xe7, 0x7b, 0x10, 0xc6, 0x3d, 0x59, 0xa2,
+	0x1f, 0xb1, 0xe0, 0x6c, 0xe0, 0x34, 0x49, 0xdc, 0x72, 0xe8, 0xa7, 0xe5, 0xe0, 0x39, 0xdf, 0x71,
+	0xb7, 0x59, 0x8f, 0x06, 0xef, 0xad, 0x47, 0xb6, 0xe8, 0xd1, 0xd9, 0x6b, 0x3d, 0x49, 0xe3, 0x7d,
+	0xd8, 0xa2, 0x9f, 0xb2, 0x60, 0x22, 0x8c, 0x5a, 0x5b, 0x4e, 0x40, 0x1a, 0x12, 0x1a, 0x4f, 0x0e,
+	0xb1, 0xa5, 0xf7, 0x91, 0xa3, 0x7d, 0xa2, 0x95, 0x2c, 0xd9, 0xe5, 0x30, 0xf0, 0x92, 0x30, 0xaa,
+	0x93, 0x24, 0xf1, 0x82, 0xcd, 0x78, 0xee, 0xf4, 0x9d, 0xbd, 0xa9, 0x89, 0x2e, 0x2c, 0xdc, 0xdd,
+	0x1f, 0xf4, 0xdd, 0x30, 0x1c, 0x77, 0x02, 0xf7, 0xa6, 0x17, 0x34, 0xc2, 0xdb, 0xf1, 0x64, 0xb5,
+	0x88, 0xe5, 0x5b, 0x57, 0x04, 0xc5, 0x02, 0xd4, 0x0c, 0xb0, 0xc9, 0x2d, 0xff, 0xc3, 0xe9, 0xa9,
+	0x54, 0x2b, 0xfa, 0xc3, 0xe9, 0xc9, 0xb4, 0x0f, 0x5b, 0xf4, 0x03, 0x16, 0x8c, 0xc6, 0xde, 0x66,
+	0xe0, 0x24, 0xed, 0x88, 0x5c, 0x25, 0x9d, 0x78, 0x12, 0x58, 0x47, 0xae, 0x1c, 0x71, 0x54, 0x0c,
+	0x92, 0x73, 0xa7, 0x45, 0x1f, 0x47, 0xcd, 0xd6, 0x18, 0xa7, 0xf9, 0xe6, 0x2d, 0x34, 0x3d, 0xad,
+	0x87, 0x8b, 0x5d, 0x68, 0x7a, 0x52, 0xf7, 0x64, 0x89, 0xbe, 0x03, 0x4e, 0xf0, 0x26, 0x35, 0xb2,
+	0xf1, 0xe4, 0x08, 0x13, 0xb4, 0xa7, 0xee, 0xec, 0x4d, 0x9d, 0xa8, 0x67, 0x60, 0xb8, 0x0b, 0x1b,
+	0xbd, 0x01, 0x53, 0x2d, 0x12, 0x35, 0xbd, 0x64, 0x25, 0xf0, 0x3b, 0x52, 0x7c, 0xbb, 0x61, 0x8b,
+	0x34, 0x44, 0x77, 0xe2, 0xc9, 0xd1, 0x73, 0xd6, 0xfb, 0xaa, 0x73, 0xef, 0x15, 0xdd, 0x9c, 0x5a,
+	0xdd, 0x1f, 0x1d, 0x1f, 0x44, 0x0f, 0xfd, 0xba, 0x05, 0x67, 0x0d, 0x29, 0x5b, 0x27, 0xd1, 0x8e,
+	0xe7, 0x92, 0x59, 0xd7, 0x0d, 0xdb, 0x41, 0x12, 0x4f, 0x8e, 0xb1, 0x61, 0x5c, 0x3f, 0x0e, 0x99,
+	0x9f, 0x66, 0xa5, 0xe7, 0x65, 0x4f, 0x94, 0x18, 0xef, 0xd3, 0x53, 0xfb, 0x37, 0x4b, 0x70, 0x22,
+	0x6b, 0x01, 0xa0, 0x7f, 0x6c, 0xc1, 0xf8, 0xad, 0xdb, 0xc9, 0x5a, 0xb8, 0x4d, 0x82, 0x78, 0xae,
+	0x43, 0xe5, 0x34, 0xd3, 0x7d, 0xc3, 0xe7, 0xdd, 0x62, 0x6d, 0x8d, 0xe9, 0x2b, 0x69, 0x2e, 0x17,
+	0x82, 0x24, 0xea, 0xcc, 0x3d, 0x2a, 0xde, 0x69, 0xfc, 0xca, 0xcd, 0x35, 0x13, 0x8a, 0xb3, 0x9d,
+	0x3a, 0xfb, 0x59, 0x0b, 0x4e, 0xe5, 0x91, 0x40, 0x27, 0xa0, 0xbc, 0x4d, 0x3a, 0xdc, 0x12, 0xc6,
+	0xf4, 0x27, 0x7a, 0x0d, 0x2a, 0x3b, 0x8e, 0xdf, 0x26, 0xc2, 0x4c, 0xbb, 0x74, 0xb4, 0x17, 0x51,
+	0x3d, 0xc3, 0x9c, 0xea, 0xb7, 0x94, 0x5e, 0xb2, 0xec, 0xdf, 0x2a, 0xc3, 0xb0, 0xf1, 0xd1, 0xee,
+	0x83, 0xe9, 0x19, 0xa6, 0x4c, 0xcf, 0xe5, 0xc2, 0xe6, 0x5b, 0x4f, 0xdb, 0xf3, 0x76, 0xc6, 0xf6,
+	0x5c, 0x29, 0x8e, 0xe5, 0xbe, 0xc6, 0x27, 0x4a, 0xa0, 0x16, 0xb6, 0xe8, 0x16, 0x8d, 0xda, 0x30,
+	0x03, 0x45, 0x7c, 0xc2, 0x15, 0x49, 0x6e, 0x6e, 0xf4, 0xce, 0xde, 0x54, 0x4d, 0xfd, 0xc5, 0x9a,
+	0x91, 0xfd, 0xfb, 0x16, 0x9c, 0x32, 0xfa, 0x38, 0x1f, 0x06, 0x0d, 0xb6, 0xd1, 0x40, 0xe7, 0x60,
+	0x20, 0xe9, 0xb4, 0xe4, 0x36, 0x50, 0x8d, 0xd4, 0x5a, 0xa7, 0x45, 0x30, 0x83, 0x3c, 0xec, 0xbb,
+	0xa4, 0x1f, 0xb1, 0xe0, 0x91, 0x7c, 0x01, 0x83, 0x9e, 0x86, 0x41, 0xee, 0x03, 0x10, 0x6f, 0xa7,
+	0x3f, 0x09, 0x6b, 0xc5, 0x02, 0x8a, 0x66, 0xa0, 0xa6, 0x14, 0x9e, 0x78, 0xc7, 0x09, 0x81, 0x5a,
+	0xd3, 0x5a, 0x52, 0xe3, 0xd0, 0x41, 0xa3, 0x7f, 0x84, 0x09, 0xaa, 0x06, 0x8d, 0x6d, 0x9a, 0x19,
+	0xc4, 0xfe, 0x5d, 0x0b, 0xbe, 0xbe, 0x1f, 0xb1, 0x77, 0x7c, 0x7d, 0xac, 0xc3, 0xe9, 0x06, 0xd9,
+	0x70, 0xda, 0x7e, 0x92, 0xe6, 0x28, 0x3a, 0xfd, 0x84, 0x78, 0xf8, 0xf4, 0x42, 0x1e, 0x12, 0xce,
+	0x7f, 0xd6, 0xfe, 0x2f, 0x16, 0xdb, 0xae, 0xcb, 0xd7, 0xba, 0x0f, 0x5b, 0xa7, 0x20, 0xbd, 0x75,
+	0x5a, 0x2c, 0x6c, 0x99, 0xf6, 0xd8, 0x3b, 0x7d, 0xde, 0x82, 0xb3, 0x06, 0xd6, 0xb2, 0x93, 0xb8,
+	0x5b, 0x17, 0x76, 0x5b, 0x11, 0x89, 0x63, 0x3a, 0xa5, 0x9e, 0x30, 0xc4, 0xf1, 0xdc, 0xb0, 0xa0,
+	0x50, 0xbe, 0x4a, 0x3a, 0x5c, 0x36, 0x3f, 0x03, 0x55, 0xbe, 0xe6, 0xc2, 0x48, 0x7c, 0x24, 0xf5,
+	0x6e, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0x64, 0xc3, 0x20, 0x93, 0xb9, 0x54, 0x06, 0x51, 0x33, 0x01,
+	0xe8, 0x77, 0xbf, 0xc1, 0x5a, 0xb0, 0x80, 0xd8, 0x71, 0xaa, 0x3b, 0xab, 0x11, 0x61, 0xf3, 0xa1,
+	0x71, 0xd1, 0x23, 0x7e, 0x23, 0xa6, 0xdb, 0x3a, 0x27, 0x08, 0xc2, 0x44, 0xec, 0xd0, 0x8c, 0x6d,
+	0xdd, 0xac, 0x6e, 0xc6, 0x26, 0x0e, 0x65, 0xea, 0x3b, 0xeb, 0xc4, 0xe7, 0x23, 0x2a, 0x98, 0x2e,
+	0xb1, 0x16, 0x2c, 0x20, 0xf6, 0x9d, 0x12, 0xdb, 0x40, 0x2a, 0x89, 0x46, 0xee, 0x87, 0xf7, 0x21,
+	0x4a, 0xa9, 0x80, 0xd5, 0xe2, 0xe4, 0x31, 0xe9, 0xed, 0x81, 0x78, 0x33, 0xa3, 0x05, 0x70, 0xa1,
+	0x5c, 0xf7, 0xf7, 0x42, 0x7c, 0xbc, 0x0c, 0x53, 0xe9, 0x07, 0xba, 0x94, 0x08, 0xdd, 0xf2, 0x1a,
+	0x8c, 0xb2, 0xbe, 0x3a, 0x03, 0x1f, 0x9b, 0x78, 0x3d, 0xe4, 0x70, 0xe9, 0x38, 0xe5, 0xb0, 0xa9,
+	0x26, 0xca, 0x07, 0xa8, 0x89, 0xa7, 0xd5, 0xa8, 0x0f, 0x64, 0x64, 0x5e, 0x5a, 0x55, 0x9e, 0x83,
+	0x81, 0x38, 0x21, 0xad, 0xc9, 0x4a, 0x5a, 0xcc, 0xd6, 0x13, 0xd2, 0xc2, 0x0c, 0x82, 0xbe, 0x0d,
+	0xc6, 0x13, 0x27, 0xda, 0x24, 0x49, 0x44, 0x76, 0x3c, 0xe6, 0xd7, 0x65, 0xfb, 0xd9, 0xda, 0xdc,
+	0x49, 0x6a, 0x75, 0xad, 0x31, 0x10, 0x96, 0x20, 0x9c, 0xc5, 0xb5, 0xff, 0x47, 0x09, 0x1e, 0x4d,
+	0x7f, 0x02, 0xad, 0x18, 0xbf, 0x3d, 0xa5, 0x18, 0xdf, 0x6f, 0x2a, 0xc6, 0xbb, 0x7b, 0x53, 0x8f,
+	0xf5, 0x78, 0xec, 0x6b, 0x46, 0x6f, 0xa2, 0x4b, 0x99, 0x8f, 0x30, 0xd3, 0xe5, 0x65, 0x7d, 0xa2,
+	0xc7, 0x3b, 0x66, 0xbe, 0xd2, 0xd3, 0x30, 0x18, 0x11, 0x27, 0x0e, 0x03, 0xf1, 0x9d, 0xd4, 0xd7,
+	0xc4, 0xac, 0x15, 0x0b, 0xa8, 0xfd, 0x3b, 0xb5, 0xec, 0x60, 0x5f, 0xe2, 0xbe, 0xea, 0x30, 0x42,
+	0x1e, 0x0c, 0xb0, 0x5d, 0x1b, 0x97, 0x2c, 0x57, 0x8f, 0xb6, 0x0a, 0xa9, 0x16, 0x51, 0xa4, 0xe7,
+	0xaa, 0xf4, 0xab, 0xd1, 0x26, 0xcc, 0x58, 0xa0, 0x5d, 0xa8, 0xba, 0x72, 0x33, 0x55, 0x2a, 0xc2,
+	0xed, 0x28, 0xb6, 0x52, 0x9a, 0xe3, 0x08, 0x15, 0xf7, 0x6a, 0x07, 0xa6, 0xb8, 0x21, 0x02, 0xe5,
+	0x4d, 0x2f, 0x11, 0x9f, 0xf5, 0x88, 0xdb, 0xe5, 0x4b, 0x9e, 0xf1, 0x8a, 0x43, 0x54, 0x07, 0x5d,
+	0xf2, 0x12, 0x4c, 0xe9, 0xa3, 0x4f, 0x5b, 0x30, 0x1c, 0xbb, 0xcd, 0xd5, 0x28, 0xdc, 0xf1, 0x1a,
+	0x24, 0x12, 0x36, 0xe6, 0x11, 0x25, 0x5b, 0x7d, 0x7e, 0x59, 0x12, 0xd4, 0x7c, 0xb9, 0xfb, 0x42,
+	0x43, 0xb0, 0xc9, 0x97, 0xee, 0xbd, 0x1e, 0x15, 0xef, 0xbe, 0x40, 0x5c, 0xb6, 0xe2, 0xe4, 0x9e,
+	0x99, 0xcd, 0x94, 0x23, 0xdb, 0xdc, 0x0b, 0x6d, 0x77, 0x9b, 0xae, 0x37, 0xdd, 0xa1, 0xc7, 0xee,
+	0xec, 0x4d, 0x3d, 0x3a, 0x9f, 0xcf, 0x13, 0xf7, 0xea, 0x0c, 0x1b, 0xb0, 0x56, 0xdb, 0xf7, 0x31,
+	0x79, 0xa3, 0x4d, 0x98, 0x47, 0xac, 0x80, 0x01, 0x5b, 0xd5, 0x04, 0x33, 0x03, 0x66, 0x40, 0xb0,
+	0xc9, 0x17, 0xbd, 0x01, 0x83, 0x4d, 0x27, 0x89, 0xbc, 0x5d, 0xe1, 0x06, 0x3b, 0xe2, 0x2e, 0x68,
+	0x99, 0xd1, 0xd2, 0xcc, 0x99, 0xa2, 0xe7, 0x8d, 0x58, 0x30, 0x42, 0x4d, 0xa8, 0x34, 0x49, 0xb4,
+	0x49, 0x26, 0xab, 0x45, 0xb8, 0xfc, 0x97, 0x29, 0x29, 0xcd, 0xb0, 0x46, 0x8d, 0x2b, 0xd6, 0x86,
+	0x39, 0x17, 0xf4, 0x1a, 0x54, 0x63, 0xe2, 0x13, 0x97, 0x9a, 0x47, 0x35, 0xc6, 0xf1, 0xf9, 0x3e,
+	0x4d, 0x45, 0x6a, 0x97, 0xd4, 0xc5, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, 0x58, 0x91, 0xa4, 0x03, 0xd8,
+	0xf2, 0xdb, 0x9b, 0x5e, 0x30, 0x09, 0x45, 0x0c, 0xe0, 0x2a, 0xa3, 0x95, 0x19, 0x40, 0xde, 0x88,
+	0x05, 0x23, 0xfb, 0xbf, 0x5b, 0x80, 0xd2, 0x42, 0xed, 0x3e, 0xd8, 0xc4, 0x6f, 0xa4, 0x6d, 0xe2,
+	0xa5, 0x22, 0x8d, 0x96, 0x1e, 0x66, 0xf1, 0x2f, 0xd4, 0x20, 0xa3, 0x0e, 0xae, 0x91, 0x38, 0x21,
+	0x8d, 0x77, 0x45, 0xf8, 0xbb, 0x22, 0xfc, 0x5d, 0x11, 0xae, 0x44, 0xf8, 0x7a, 0x46, 0x84, 0x7f,
+	0xd0, 0x58, 0xf5, 0x3a, 0xf6, 0xe0, 0x75, 0x15, 0x9c, 0x60, 0xf6, 0xc0, 0x40, 0xa0, 0x92, 0xe0,
+	0x4a, 0x7d, 0xe5, 0x5a, 0xae, 0xcc, 0x7e, 0x3d, 0x2d, 0xb3, 0x8f, 0xca, 0xe2, 0xaf, 0x83, 0x94,
+	0xfe, 0x75, 0x0b, 0xde, 0x9b, 0x96, 0x5e, 0x72, 0xe6, 0x2c, 0x6e, 0x06, 0x61, 0x44, 0x16, 0xbc,
+	0x8d, 0x0d, 0x12, 0x91, 0xc0, 0x25, 0xb1, 0xf2, 0xed, 0x58, 0xbd, 0x7c, 0x3b, 0xe8, 0x05, 0x18,
+	0xb9, 0x15, 0x87, 0xc1, 0x6a, 0xe8, 0x05, 0x42, 0x04, 0xd1, 0x1d, 0xc7, 0x89, 0x3b, 0x7b, 0x53,
+	0x23, 0x74, 0x44, 0x65, 0x3b, 0x4e, 0x61, 0xa1, 0x79, 0x98, 0xb8, 0xf5, 0xc6, 0xaa, 0x93, 0x18,
+	0xde, 0x04, 0xb9, 0xef, 0x67, 0xe7, 0x51, 0x57, 0x5e, 0xc9, 0x00, 0x71, 0x37, 0xbe, 0xfd, 0xf7,
+	0x4a, 0x70, 0x26, 0xf3, 0x22, 0xa1, 0xef, 0x87, 0xed, 0x84, 0xee, 0x89, 0xd0, 0x4f, 0x58, 0x70,
+	0xa2, 0x99, 0x76, 0x58, 0xc4, 0xc2, 0xdd, 0xfd, 0x9d, 0x85, 0xe9, 0x88, 0x8c, 0x47, 0x64, 0x6e,
+	0x52, 0x8c, 0xd0, 0x89, 0x0c, 0x20, 0xc6, 0x5d, 0x7d, 0x41, 0xaf, 0x41, 0xad, 0xe9, 0xec, 0x5e,
+	0x6f, 0x35, 0x9c, 0x44, 0x6e, 0x47, 0x7b, 0x7b, 0x11, 0xda, 0x89, 0xe7, 0x4f, 0xf3, 0xa8, 0x96,
+	0xe9, 0xc5, 0x20, 0x59, 0x89, 0xea, 0x49, 0xe4, 0x05, 0x9b, 0xdc, 0xc9, 0xb9, 0x2c, 0xc9, 0x60,
+	0x4d, 0xd1, 0xfe, 0x71, 0x2b, 0xab, 0xa4, 0xd4, 0xe8, 0x44, 0x4e, 0x42, 0x36, 0x3b, 0xe8, 0x2d,
+	0xa8, 0xd0, 0x7d, 0xa3, 0x1c, 0x95, 0x9b, 0x45, 0x6a, 0x4e, 0xe3, 0x4b, 0x68, 0x25, 0x4a, 0xff,
+	0xc5, 0x98, 0x33, 0xb5, 0x7f, 0xa2, 0x96, 0x35, 0x16, 0xd8, 0xd9, 0xfc, 0x79, 0x80, 0xcd, 0x70,
+	0x8d, 0x34, 0x5b, 0x3e, 0x1d, 0x16, 0x8b, 0x1d, 0xf0, 0x28, 0x57, 0xc9, 0x25, 0x05, 0xc1, 0x06,
+	0x16, 0xfa, 0x41, 0x0b, 0x60, 0x53, 0xce, 0x79, 0x69, 0x08, 0x5c, 0x2f, 0xf2, 0x75, 0xf4, 0x8a,
+	0xd2, 0x7d, 0x51, 0x0c, 0xb1, 0xc1, 0x1c, 0x7d, 0x9f, 0x05, 0xd5, 0x44, 0x76, 0x9f, 0xab, 0xc6,
+	0xb5, 0x22, 0x7b, 0x22, 0x5f, 0x5a, 0xdb, 0x44, 0x6a, 0x48, 0x14, 0x5f, 0xf4, 0xfd, 0x16, 0x40,
+	0xdc, 0x09, 0xdc, 0xd5, 0xd0, 0xf7, 0xdc, 0x8e, 0xd0, 0x98, 0x37, 0x0a, 0x75, 0xe7, 0x28, 0xea,
+	0x73, 0x63, 0x74, 0x34, 0xf4, 0x7f, 0x6c, 0x70, 0x46, 0x1f, 0x83, 0x6a, 0x2c, 0xa6, 0x9b, 0xd0,
+	0x91, 0x6b, 0xc5, 0x3a, 0x95, 0x38, 0x6d, 0x21, 0x5e, 0xc5, 0x3f, 0xac, 0x78, 0xa2, 0x1f, 0xb5,
+	0x60, 0xbc, 0x95, 0x76, 0x13, 0x0a, 0x75, 0x58, 0x9c, 0x0c, 0xc8, 0xb8, 0x21, 0xb9, 0xb7, 0x25,
+	0xd3, 0x88, 0xb3, 0xbd, 0xa0, 0x12, 0x50, 0xcf, 0xe0, 0x95, 0x16, 0x77, 0x59, 0x0e, 0x69, 0x09,
+	0x78, 0x29, 0x0b, 0xc4, 0xdd, 0xf8, 0x68, 0x15, 0x4e, 0xd1, 0xde, 0x75, 0xb8, 0xf9, 0x29, 0xd5,
+	0x4b, 0xcc, 0x94, 0x61, 0x75, 0xee, 0x71, 0x31, 0x43, 0xd8, 0x59, 0x47, 0x16, 0x07, 0xe7, 0x3e,
+	0x89, 0x7e, 0xcb, 0x82, 0xc7, 0x3d, 0xa6, 0x06, 0x4c, 0x87, 0xbd, 0xd6, 0x08, 0xe2, 0xa0, 0x9d,
+	0x14, 0x2a, 0x2b, 0x7a, 0xa9, 0x9f, 0xb9, 0xaf, 0x17, 0x6f, 0xf0, 0xf8, 0xe2, 0x3e, 0x5d, 0xc2,
+	0xfb, 0x76, 0x18, 0x7d, 0x33, 0x8c, 0xca, 0x75, 0xb1, 0x4a, 0x45, 0x30, 0x53, 0xb4, 0xb5, 0xb9,
+	0x89, 0x3b, 0x7b, 0x53, 0xa3, 0x6b, 0x26, 0x00, 0xa7, 0xf1, 0xec, 0x7f, 0x5d, 0x4e, 0x9d, 0x12,
+	0x29, 0x1f, 0x26, 0x13, 0x37, 0xae, 0xf4, 0xff, 0x48, 0xe9, 0x59, 0xa8, 0xb8, 0x51, 0xde, 0x25,
+	0x2d, 0x6e, 0x54, 0x53, 0x8c, 0x0d, 0xe6, 0xd4, 0x28, 0x9d, 0x70, 0xb2, 0x9e, 0x52, 0x21, 0x01,
+	0x5f, 0x2b, 0xb2, 0x4b, 0xdd, 0x67, 0x7a, 0x67, 0x44, 0xd7, 0x26, 0xba, 0x40, 0xb8, 0xbb, 0x4b,
+	0xe8, 0x7b, 0xa0, 0x16, 0xa9, 0xc8, 0x96, 0x72, 0x11, 0x5b, 0x35, 0x39, 0x6d, 0x44, 0x77, 0xd4,
+	0x01, 0x90, 0x8e, 0x61, 0xd1, 0x1c, 0xed, 0xcf, 0x94, 0x52, 0x07, 0x63, 0x86, 0xec, 0xe8, 0xe3,
+	0xd0, 0xef, 0x0b, 0x16, 0x0c, 0x47, 0xa1, 0xef, 0x7b, 0xc1, 0x26, 0x95, 0x73, 0x42, 0x59, 0x7f,
+	0xf8, 0x58, 0xf4, 0xa5, 0x10, 0x68, 0xcc, 0xb2, 0xc6, 0x9a, 0x27, 0x36, 0x3b, 0x80, 0x5e, 0x86,
+	0xd1, 0x06, 0xf1, 0x09, 0x7d, 0x76, 0x25, 0xa2, 0x7b, 0x22, 0xee, 0x64, 0x56, 0x91, 0x22, 0x0b,
+	0x26, 0x10, 0xa7, 0x71, 0xed, 0x3f, 0xb6, 0x60, 0xb2, 0x97, 0x30, 0x47, 0x04, 0x1e, 0x93, 0x92,
+	0x4a, 0x8d, 0xe3, 0x4a, 0x20, 0xe9, 0x09, 0x7d, 0xfc, 0x94, 0xe0, 0xf3, 0xd8, 0x6a, 0x6f, 0x54,
+	0xbc, 0x1f, 0x1d, 0xf4, 0x2a, 0x9c, 0x30, 0x06, 0x25, 0x56, 0xa3, 0x5a, 0x9b, 0x9b, 0xa6, 0xd6,
+	0xd3, 0x6c, 0x06, 0x76, 0x77, 0x6f, 0xea, 0x91, 0x6c, 0x9b, 0xd0, 0x36, 0x5d, 0x74, 0xec, 0x9f,
+	0xee, 0xfa, 0xd4, 0xca, 0x50, 0x78, 0xc7, 0xea, 0x72, 0x45, 0x7c, 0xe7, 0x71, 0x28, 0x67, 0xe6,
+	0xb4, 0x50, 0x31, 0x1c, 0xbd, 0x71, 0x1e, 0xe0, 0x99, 0xbf, 0xfd, 0x6f, 0x07, 0x60, 0x9f, 0x9e,
+	0xf5, 0x61, 0xf9, 0x1f, 0xfa, 0x10, 0xf6, 0x73, 0x96, 0x3a, 0x6d, 0xe3, 0x02, 0xa0, 0x71, 0x5c,
+	0x63, 0xcf, 0x37, 0x5f, 0x31, 0x8f, 0x3b, 0x51, 0x2e, 0xf8, 0xf4, 0xb9, 0x1e, 0xfa, 0x92, 0x95,
+	0x3e, 0x2f, 0xe4, 0x11, 0x91, 0xde, 0xb1, 0xf5, 0xc9, 0x38, 0x84, 0xe4, 0x1d, 0xd3, 0x47, 0x57,
+	0xbd, 0x8e, 0x27, 0xa7, 0x01, 0x36, 0xbc, 0xc0, 0xf1, 0xbd, 0x37, 0xe9, 0xd6, 0xaa, 0xc2, 0xac,
+	0x03, 0x66, 0x6e, 0x5d, 0x54, 0xad, 0xd8, 0xc0, 0x38, 0xfb, 0x37, 0x61, 0xd8, 0x78, 0xf3, 0x9c,
+	0x70, 0x99, 0x53, 0x66, 0xb8, 0x4c, 0xcd, 0x88, 0x72, 0x39, 0xfb, 0x41, 0x38, 0x91, 0xed, 0xe0,
+	0x61, 0x9e, 0xb7, 0xff, 0xcf, 0x50, 0xf6, 0x00, 0x6f, 0x8d, 0x44, 0x4d, 0xda, 0xb5, 0x77, 0xbd,
+	0x62, 0xef, 0x7a, 0xc5, 0xde, 0xf5, 0x8a, 0x99, 0x07, 0x1b, 0xc2, 0xe3, 0x33, 0x74, 0x9f, 0x3c,
+	0x3e, 0x29, 0x1f, 0x56, 0xb5, 0x70, 0x1f, 0x96, 0xfd, 0xe9, 0x2e, 0xb7, 0xff, 0x5a, 0x44, 0x08,
+	0x0a, 0xa1, 0x12, 0x84, 0x0d, 0x22, 0x0d, 0xe4, 0x2b, 0xc5, 0x58, 0x7b, 0xd7, 0xc2, 0x86, 0x11,
+	0x6b, 0x4e, 0xff, 0xc5, 0x98, 0xf3, 0xb1, 0x3f, 0x35, 0x08, 0x29, 0x5b, 0x94, 0x7f, 0xf7, 0x6f,
+	0x84, 0xa1, 0x88, 0xb4, 0xc2, 0xeb, 0x78, 0x49, 0xe8, 0x32, 0x9d, 0xaa, 0xc3, 0x9b, 0xb1, 0x84,
+	0x53, 0x9d, 0xd7, 0x72, 0x92, 0x2d, 0xa1, 0xcc, 0x94, 0xce, 0x5b, 0x75, 0x92, 0x2d, 0xcc, 0x20,
+	0xe8, 0x83, 0x30, 0x96, 0xa4, 0xce, 0xd1, 0xc5, 0x79, 0xf1, 0x23, 0x02, 0x77, 0x2c, 0x7d, 0xca,
+	0x8e, 0x33, 0xd8, 0xe8, 0x0d, 0x18, 0xd8, 0x22, 0x7e, 0x53, 0x7c, 0xfa, 0x7a, 0x71, 0xba, 0x86,
+	0xbd, 0xeb, 0x65, 0xe2, 0x37, 0xb9, 0x24, 0xa4, 0xbf, 0x30, 0x63, 0x45, 0xe7, 0x7d, 0x6d, 0xbb,
+	0x1d, 0x27, 0x61, 0xd3, 0x7b, 0x53, 0xba, 0x49, 0xbf, 0xb3, 0x60, 0xc6, 0x57, 0x25, 0x7d, 0xee,
+	0x8f, 0x52, 0x7f, 0xb1, 0xe6, 0xcc, 0xfa, 0xd1, 0xf0, 0x22, 0x36, 0x65, 0x3a, 0xc2, 0xdb, 0x59,
+	0x74, 0x3f, 0x16, 0x24, 0x7d, 0xde, 0x0f, 0xf5, 0x17, 0x6b, 0xce, 0xa8, 0xa3, 0xd6, 0xdf, 0x30,
+	0xeb, 0xc3, 0xf5, 0x82, 0xfb, 0xc0, 0xd7, 0x5e, 0xee, 0x3a, 0x7c, 0x0a, 0x2a, 0xee, 0x96, 0x13,
+	0x25, 0x93, 0x23, 0x6c, 0xd2, 0xa8, 0x59, 0x3c, 0x4f, 0x1b, 0x31, 0x87, 0xa1, 0x27, 0xa0, 0x1c,
+	0x91, 0x0d, 0x16, 0xda, 0x6c, 0x04, 0x55, 0x61, 0xb2, 0x81, 0x69, 0xbb, 0xb2, 0xcb, 0xc6, 0x7a,
+	0x46, 0xdb, 0xfd, 0x64, 0x29, 0x6d, 0xd8, 0xa5, 0x47, 0x86, 0xaf, 0x07, 0xb7, 0x1d, 0xc5, 0xd2,
+	0xbb, 0x66, 0xac, 0x07, 0xd6, 0x8c, 0x25, 0x1c, 0x7d, 0xc2, 0x82, 0xa1, 0x5b, 0x71, 0x18, 0x04,
+	0x24, 0x11, 0x4a, 0xf4, 0x46, 0xc1, 0x83, 0x75, 0x85, 0x53, 0xd7, 0x7d, 0x10, 0x0d, 0x58, 0xf2,
+	0xa5, 0xdd, 0x25, 0xbb, 0xae, 0xdf, 0x6e, 0x74, 0x45, 0xd2, 0x5c, 0xe0, 0xcd, 0x58, 0xc2, 0x29,
+	0xaa, 0x17, 0x70, 0xd4, 0x81, 0x34, 0xea, 0x62, 0x20, 0x50, 0x05, 0xdc, 0xfe, 0xb9, 0x2a, 0x9c,
+	0xce, 0x5d, 0x3e, 0xd4, 0xe4, 0x62, 0x46, 0xcd, 0x45, 0xcf, 0x27, 0x32, 0x86, 0x8c, 0x99, 0x5c,
+	0x37, 0x54, 0x2b, 0x36, 0x30, 0xd0, 0xf7, 0x02, 0xb4, 0x9c, 0xc8, 0x69, 0x12, 0xe5, 0xfd, 0x3e,
+	0xb2, 0x65, 0x43, 0xfb, 0xb1, 0x2a, 0x69, 0x6a, 0x0f, 0x80, 0x6a, 0x8a, 0xb1, 0xc1, 0x12, 0xbd,
+	0x08, 0xc3, 0x11, 0xf1, 0x89, 0x13, 0xb3, 0xd8, 0xf9, 0x6c, 0x22, 0x10, 0xd6, 0x20, 0x6c, 0xe2,
+	0xa1, 0xa7, 0x55, 0xb8, 0x5d, 0x26, 0xec, 0x28, 0x1d, 0x72, 0x87, 0xbe, 0x68, 0xc1, 0xd8, 0x86,
+	0xe7, 0x13, 0xcd, 0x5d, 0xa4, 0xed, 0xac, 0x1c, 0xfd, 0x25, 0x2f, 0x9a, 0x74, 0xb5, 0x0c, 0x4d,
+	0x35, 0xc7, 0x38, 0xc3, 0x9e, 0x7e, 0xe6, 0x1d, 0x12, 0x31, 0xe1, 0x3b, 0x98, 0xfe, 0xcc, 0x37,
+	0x78, 0x33, 0x96, 0x70, 0x34, 0x0b, 0xe3, 0x2d, 0x27, 0x8e, 0xe7, 0x23, 0xd2, 0x20, 0x41, 0xe2,
+	0x39, 0x3e, 0x4f, 0xaa, 0xa9, 0xea, 0x58, 0xf4, 0xd5, 0x34, 0x18, 0x67, 0xf1, 0xd1, 0x87, 0xe0,
+	0x51, 0xee, 0x5e, 0x5a, 0xf6, 0xe2, 0xd8, 0x0b, 0x36, 0xf5, 0x34, 0x10, 0x5e, 0xb6, 0x29, 0x41,
+	0xea, 0xd1, 0xc5, 0x7c, 0x34, 0xdc, 0xeb, 0x79, 0xf4, 0x0c, 0x54, 0xe3, 0x6d, 0xaf, 0x35, 0x1f,
+	0x35, 0x62, 0x76, 0xb4, 0x54, 0xd5, 0x3e, 0xdd, 0xba, 0x68, 0xc7, 0x0a, 0x03, 0xb9, 0x30, 0xc2,
+	0x3f, 0x09, 0x8f, 0x17, 0x14, 0x12, 0xf4, 0xd9, 0x9e, 0x8a, 0x5c, 0xe4, 0xcf, 0x4e, 0x63, 0xe7,
+	0xf6, 0x05, 0x79, 0xd0, 0xc5, 0xcf, 0x65, 0x6e, 0x18, 0x64, 0x70, 0x8a, 0x68, 0x7a, 0x4f, 0x37,
+	0xdc, 0xc7, 0x9e, 0xee, 0x45, 0x18, 0xde, 0x6e, 0xaf, 0x13, 0x31, 0xf2, 0x42, 0xb0, 0xa9, 0xd9,
+	0x77, 0x55, 0x83, 0xb0, 0x89, 0xc7, 0x42, 0x35, 0x5b, 0x9e, 0xf8, 0x17, 0x4f, 0x8e, 0x1a, 0xa1,
+	0x9a, 0xab, 0x8b, 0xb2, 0x19, 0x9b, 0x38, 0xb4, 0x6b, 0x74, 0x2c, 0xd6, 0x48, 0xcc, 0x32, 0x31,
+	0xe8, 0x70, 0xa9, 0xae, 0xd5, 0x25, 0x00, 0x6b, 0x1c, 0xb4, 0x0a, 0xa7, 0xe8, 0x9f, 0x3a, 0xcb,
+	0x1f, 0xbe, 0xe1, 0xf8, 0x5e, 0x83, 0xc7, 0x0d, 0x8e, 0xa7, 0x9d, 0xa3, 0xf5, 0x1c, 0x1c, 0x9c,
+	0xfb, 0xa4, 0xfd, 0x63, 0xa5, 0xb4, 0xe7, 0xc4, 0x14, 0x61, 0x28, 0xa6, 0x82, 0x2a, 0xb9, 0xe1,
+	0x44, 0xd2, 0xe0, 0x39, 0x62, 0x66, 0x94, 0xa0, 0x7b, 0xc3, 0x89, 0x4c, 0x91, 0xc7, 0x18, 0x60,
+	0xc9, 0x09, 0xdd, 0x82, 0x81, 0xc4, 0x77, 0x0a, 0x4a, 0xa5, 0x34, 0x38, 0x6a, 0x2f, 0xd8, 0xd2,
+	0x6c, 0x8c, 0x19, 0x0f, 0xf4, 0x38, 0xdd, 0xbd, 0xad, 0xcb, 0x63, 0x3a, 0xb1, 0xe1, 0x5a, 0x8f,
+	0x31, 0x6b, 0xb5, 0xff, 0xf6, 0x68, 0x8e, 0xd6, 0x51, 0x86, 0x00, 0x3a, 0x0f, 0x40, 0x27, 0xcd,
+	0x6a, 0x44, 0x36, 0xbc, 0x5d, 0x61, 0x88, 0x29, 0xc9, 0x76, 0x4d, 0x41, 0xb0, 0x81, 0x25, 0x9f,
+	0xa9, 0xb7, 0x37, 0xe8, 0x33, 0xa5, 0xee, 0x67, 0x38, 0x04, 0x1b, 0x58, 0xe8, 0x05, 0x18, 0xf4,
+	0x9a, 0xce, 0xa6, 0x8a, 0x22, 0x7e, 0x9c, 0x8a, 0xb4, 0x45, 0xd6, 0x72, 0x77, 0x6f, 0x6a, 0x4c,
+	0x75, 0x88, 0x35, 0x61, 0x81, 0x8b, 0x7e, 0xda, 0x82, 0x11, 0x37, 0x6c, 0x36, 0xc3, 0x80, 0x6f,
+	0x9f, 0x85, 0x2f, 0xe0, 0xd6, 0x71, 0x99, 0x49, 0xd3, 0xf3, 0x06, 0x33, 0xee, 0x0c, 0x50, 0x39,
+	0x9f, 0x26, 0x08, 0xa7, 0x7a, 0x65, 0x4a, 0xbe, 0xca, 0x01, 0x92, 0xef, 0xe7, 0x2d, 0x98, 0xe0,
+	0xcf, 0x1a, 0xbb, 0x7a, 0x91, 0xde, 0x18, 0x1e, 0xf3, 0x6b, 0x75, 0x39, 0x3a, 0x94, 0xa7, 0xb8,
+	0x0b, 0x8e, 0xbb, 0x3b, 0x89, 0x2e, 0xc1, 0xc4, 0x46, 0x18, 0xb9, 0xc4, 0x1c, 0x08, 0x21, 0xb6,
+	0x15, 0xa1, 0x8b, 0x59, 0x04, 0xdc, 0xfd, 0x0c, 0xba, 0x01, 0x8f, 0x18, 0x8d, 0xe6, 0x38, 0x70,
+	0xc9, 0xfd, 0xa4, 0xa0, 0xf6, 0xc8, 0xc5, 0x5c, 0x2c, 0xdc, 0xe3, 0xe9, 0xb4, 0x90, 0xac, 0xf5,
+	0x21, 0x24, 0x5f, 0x87, 0x33, 0x6e, 0xf7, 0xc8, 0xec, 0xc4, 0xed, 0xf5, 0x98, 0xcb, 0xf1, 0xea,
+	0xdc, 0xd7, 0x09, 0x02, 0x67, 0xe6, 0x7b, 0x21, 0xe2, 0xde, 0x34, 0xd0, 0x5b, 0x50, 0x8d, 0x08,
+	0xfb, 0x2a, 0xb1, 0xc8, 0xf5, 0x3b, 0xa2, 0xb7, 0x43, 0x5b, 0xf0, 0x9c, 0xac, 0xd6, 0x4c, 0xa2,
+	0x21, 0xc6, 0x8a, 0x23, 0xba, 0x0d, 0x43, 0x2d, 0x27, 0x71, 0xb7, 0x44, 0x86, 0xdf, 0x91, 0x1d,
+	0xfb, 0x8a, 0x39, 0x3b, 0x87, 0x31, 0xea, 0x25, 0x70, 0x26, 0x58, 0x72, 0xa3, 0xb6, 0x9a, 0x1b,
+	0x36, 0x5b, 0x61, 0x40, 0x82, 0x44, 0x2a, 0x91, 0x31, 0x7e, 0x58, 0x22, 0x5b, 0xb1, 0x81, 0xd1,
+	0xa5, 0xcb, 0x35, 0xda, 0xe4, 0xc4, 0x3e, 0xba, 0xdc, 0xa0, 0xd6, 0xeb, 0x79, 0xaa, 0x6c, 0x98,
+	0x5b, 0xf1, 0xa6, 0x97, 0x6c, 0x85, 0xed, 0x44, 0xee, 0x92, 0x85, 0xa2, 0x52, 0xca, 0x66, 0x29,
+	0x07, 0x07, 0xe7, 0x3e, 0x99, 0xd5, 0xac, 0xe3, 0xf7, 0xa6, 0x59, 0x4f, 0xf4, 0xa1, 0x59, 0xeb,
+	0x70, 0x9a, 0xf5, 0x40, 0x58, 0xc9, 0xd2, 0x69, 0x19, 0x4f, 0x22, 0xd6, 0x79, 0x95, 0x1c, 0xb3,
+	0x94, 0x87, 0x84, 0xf3, 0x9f, 0x3d, 0xfb, 0xed, 0x30, 0xd1, 0x25, 0xe4, 0x0e, 0xe5, 0x90, 0x5c,
+	0x80, 0x47, 0xf2, 0xc5, 0xc9, 0xa1, 0xdc, 0x92, 0x3f, 0x97, 0x09, 0x6a, 0x37, 0xb6, 0x68, 0x7d,
+	0xb8, 0xb8, 0x1d, 0x28, 0x93, 0x60, 0x47, 0x68, 0xd7, 0x8b, 0x47, 0x9b, 0xd5, 0x17, 0x82, 0x1d,
+	0x2e, 0x0d, 0x99, 0x1f, 0xef, 0x42, 0xb0, 0x83, 0x29, 0x6d, 0xf4, 0xc3, 0x56, 0x6a, 0x03, 0xc1,
+	0x1d, 0xe3, 0x1f, 0x39, 0x96, 0x3d, 0x69, 0xdf, 0x7b, 0x0a, 0xfb, 0xdf, 0x95, 0xe0, 0xdc, 0x41,
+	0x44, 0xfa, 0x18, 0xbe, 0xa7, 0x60, 0x30, 0x66, 0x61, 0x2a, 0x42, 0x5d, 0x0d, 0xd3, 0x55, 0xcc,
+	0x03, 0x57, 0x5e, 0xc7, 0x02, 0x84, 0x7c, 0x28, 0x37, 0x9d, 0x96, 0xf0, 0x97, 0x2e, 0x1e, 0x35,
+	0xf9, 0x8f, 0xfe, 0x77, 0xfc, 0x65, 0xa7, 0xc5, 0xe7, 0xbc, 0xd1, 0x80, 0x29, 0x1b, 0x94, 0x40,
+	0xc5, 0x89, 0x22, 0x47, 0xc6, 0x44, 0x5c, 0x2d, 0x86, 0xdf, 0x2c, 0x25, 0xc9, 0x8f, 0x94, 0x53,
+	0x4d, 0x98, 0x33, 0xb3, 0x7f, 0xb4, 0x9a, 0xca, 0x14, 0x63, 0x81, 0x2e, 0x31, 0x0c, 0x0a, 0x37,
+	0xa9, 0x55, 0x74, 0xce, 0x25, 0x4f, 0xc5, 0x66, 0x1e, 0x08, 0x51, 0xd0, 0x42, 0xb0, 0x42, 0x9f,
+	0xb5, 0x58, 0xd9, 0x08, 0x99, 0x7e, 0x27, 0x76, 0xf5, 0xc7, 0x53, 0xc5, 0xc2, 0x2c, 0x46, 0x21,
+	0x1b, 0xb1, 0xc9, 0x5d, 0x94, 0xc6, 0x61, 0xbb, 0x99, 0xee, 0xd2, 0x38, 0x6c, 0x77, 0x22, 0xe1,
+	0x68, 0x37, 0x27, 0xa0, 0xa5, 0x80, 0xd2, 0x03, 0x7d, 0x84, 0xb0, 0x7c, 0xc9, 0x82, 0x09, 0x2f,
+	0x1b, 0x99, 0x20, 0xf6, 0xc0, 0x37, 0x8b, 0xf1, 0x69, 0x76, 0x07, 0x3e, 0x28, 0x43, 0xa7, 0x0b,
+	0x84, 0xbb, 0x3b, 0x83, 0x1a, 0x30, 0xe0, 0x05, 0x1b, 0xa1, 0x30, 0xef, 0xe6, 0x8e, 0xd6, 0xa9,
+	0xc5, 0x60, 0x23, 0xd4, 0xab, 0x99, 0xfe, 0xc3, 0x8c, 0x3a, 0x5a, 0x82, 0x53, 0x32, 0x59, 0xe8,
+	0xb2, 0x17, 0x27, 0x61, 0xd4, 0x59, 0xf2, 0x9a, 0x5e, 0xc2, 0x4c, 0xb3, 0xf2, 0xdc, 0x24, 0x55,
+	0x6f, 0x38, 0x07, 0x8e, 0x73, 0x9f, 0x42, 0x6f, 0xc2, 0x90, 0x8c, 0x06, 0xa8, 0x16, 0xe1, 0x4f,
+	0xe8, 0x9e, 0xff, 0x6a, 0x32, 0xd5, 0x45, 0x38, 0x80, 0x64, 0x88, 0x3e, 0x63, 0xc1, 0x18, 0xff,
+	0x7d, 0xb9, 0xd3, 0xe0, 0xf9, 0x89, 0xb5, 0x22, 0x42, 0xfe, 0xeb, 0x29, 0x9a, 0x73, 0xe8, 0xce,
+	0xde, 0xd4, 0x58, 0xba, 0x0d, 0x67, 0xf8, 0xda, 0xff, 0x64, 0x04, 0xba, 0xe3, 0x27, 0xd2, 0xc1,
+	0x12, 0xd6, 0xfd, 0x0e, 0x96, 0xa0, 0xbb, 0xca, 0x58, 0xc7, 0x39, 0x14, 0xb0, 0xcc, 0x04, 0x57,
+	0x7d, 0x0c, 0xdd, 0x09, 0x5c, 0xcc, 0x78, 0xa0, 0x36, 0x0c, 0xf2, 0xca, 0x54, 0x42, 0x03, 0x1c,
+	0xfd, 0xe4, 0xdb, 0xac, 0x70, 0xa5, 0xdd, 0x5a, 0xbc, 0x15, 0x0b, 0x66, 0x68, 0x17, 0x86, 0xb6,
+	0xf8, 0x74, 0x14, 0x7b, 0xbd, 0xe5, 0xa3, 0x8e, 0x6f, 0x6a, 0x8e, 0xeb, 0xc9, 0x27, 0x1a, 0xb0,
+	0x64, 0xc7, 0x62, 0xf3, 0x8c, 0xe8, 0x21, 0x2e, 0x48, 0x8a, 0x4b, 0xb5, 0xec, 0x3f, 0x74, 0xe8,
+	0xa3, 0x30, 0x12, 0x11, 0x37, 0x0c, 0x5c, 0xcf, 0x27, 0x8d, 0x59, 0x79, 0x20, 0x76, 0x98, 0x0c,
+	0x3b, 0xe6, 0x4d, 0xc2, 0x06, 0x0d, 0x9c, 0xa2, 0xc8, 0xd6, 0x99, 0xca, 0xba, 0xa7, 0x1f, 0x84,
+	0x88, 0x83, 0x8f, 0xa5, 0x82, 0x72, 0xfc, 0x19, 0x4d, 0xbe, 0xce, 0xd2, 0x6d, 0x38, 0xc3, 0x17,
+	0xbd, 0x0a, 0x10, 0xae, 0xf3, 0x00, 0xbc, 0xd9, 0x44, 0x9c, 0x82, 0x1c, 0xe6, 0x55, 0xc7, 0x78,
+	0xa6, 0xae, 0xa4, 0x80, 0x0d, 0x6a, 0xe8, 0x2a, 0x00, 0x5f, 0x39, 0x6b, 0x9d, 0x96, 0xdc, 0x10,
+	0xca, 0x14, 0x49, 0xa8, 0x2b, 0xc8, 0xdd, 0xbd, 0xa9, 0x6e, 0x9f, 0x33, 0x8b, 0x32, 0x32, 0x1e,
+	0x47, 0xdf, 0x0d, 0x43, 0x71, 0xbb, 0xd9, 0x74, 0xd4, 0x19, 0x49, 0x81, 0xb9, 0xbf, 0x9c, 0xae,
+	0x21, 0x18, 0x79, 0x03, 0x96, 0x1c, 0xd1, 0x2d, 0x2a, 0xe2, 0x85, 0x84, 0xe2, 0xab, 0x88, 0x5b,
+	0x28, 0xdc, 0x13, 0xf8, 0x01, 0xb9, 0x8b, 0xc1, 0x39, 0x38, 0x77, 0xf7, 0xa6, 0x1e, 0x49, 0xb7,
+	0x2f, 0x85, 0x22, 0x1b, 0x37, 0x97, 0x26, 0xba, 0x22, 0x8b, 0x70, 0xd1, 0xd7, 0x96, 0xb5, 0x61,
+	0xde, 0xa7, 0x8b, 0x70, 0xb1, 0xe6, 0xde, 0x63, 0x66, 0x3e, 0x8c, 0x96, 0xe1, 0xa4, 0x1b, 0x06,
+	0x49, 0x14, 0xfa, 0x3e, 0x2f, 0xd0, 0xc7, 0xf7, 0xe6, 0xfc, 0x0c, 0xe5, 0x31, 0xd1, 0xed, 0x93,
+	0xf3, 0xdd, 0x28, 0x38, 0xef, 0x39, 0x6a, 0x93, 0x67, 0xf5, 0xc3, 0x58, 0x21, 0xc7, 0xeb, 0x29,
+	0x9a, 0x42, 0x42, 0x29, 0xb7, 0xf7, 0x01, 0x9a, 0x22, 0x48, 0x1f, 0xb2, 0x8a, 0x2f, 0xf6, 0x02,
+	0x8c, 0x90, 0xdd, 0x84, 0x44, 0x81, 0xe3, 0x5f, 0xc7, 0x4b, 0xf2, 0xc0, 0x82, 0x2d, 0xcc, 0x0b,
+	0x46, 0x3b, 0x4e, 0x61, 0x21, 0x5b, 0x79, 0xc9, 0x8c, 0xb4, 0x77, 0xee, 0x25, 0x93, 0x3e, 0x31,
+	0xfb, 0x67, 0xcb, 0x29, 0x9b, 0xf5, 0x81, 0x1c, 0xe9, 0xb2, 0xfa, 0x4a, 0xb2, 0x10, 0x15, 0x03,
+	0x88, 0xbd, 0x58, 0x91, 0x9c, 0x55, 0xd4, 0xdc, 0x8a, 0xc9, 0x08, 0xa7, 0xf9, 0xa2, 0x6d, 0xa8,
+	0x6c, 0x85, 0x71, 0x22, 0x77, 0x68, 0x47, 0xdc, 0x0c, 0x5e, 0x0e, 0xe3, 0x84, 0x19, 0x5a, 0xea,
+	0xb5, 0x69, 0x4b, 0x8c, 0x39, 0x0f, 0xba, 0xf7, 0x8f, 0xb7, 0x9c, 0xa8, 0x11, 0xcf, 0xb3, 0x22,
+	0x15, 0x03, 0xcc, 0xc2, 0x52, 0xf6, 0x74, 0x5d, 0x83, 0xb0, 0x89, 0x67, 0xff, 0x89, 0x95, 0x3a,
+	0xd5, 0xba, 0xc9, 0x32, 0x0e, 0x76, 0x48, 0x40, 0x45, 0x94, 0x19, 0xe3, 0xf8, 0xcd, 0x99, 0xfc,
+	0xed, 0xf7, 0xf6, 0xaa, 0xa5, 0x79, 0x9b, 0x52, 0x98, 0x66, 0x24, 0x8c, 0x70, 0xc8, 0x8f, 0x5b,
+	0xe9, 0x44, 0xfc, 0x52, 0x11, 0x5b, 0x37, 0xb3, 0x18, 0xc5, 0x81, 0x39, 0xfd, 0xf6, 0x0f, 0x5b,
+	0x30, 0x34, 0xe7, 0xb8, 0xdb, 0xe1, 0xc6, 0x06, 0x7a, 0x06, 0xaa, 0x8d, 0x76, 0x64, 0xd6, 0x04,
+	0x50, 0xce, 0xaa, 0x05, 0xd1, 0x8e, 0x15, 0x06, 0x9d, 0xfa, 0x1b, 0x8e, 0x2b, 0x4b, 0x52, 0x94,
+	0xf9, 0xd4, 0xbf, 0xc8, 0x5a, 0xb0, 0x80, 0xd0, 0xe1, 0x6f, 0x3a, 0xbb, 0xf2, 0xe1, 0xec, 0x91,
+	0xda, 0xb2, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0x35, 0x0b, 0x26, 0xe7, 0x9c, 0xd8, 0x73, 0x67, 0xdb,
+	0xc9, 0xd6, 0x9c, 0x97, 0xac, 0xb7, 0xdd, 0x6d, 0x92, 0xf0, 0xd2, 0x25, 0xb4, 0x97, 0xed, 0x98,
+	0xae, 0x40, 0xb5, 0x63, 0x56, 0xbd, 0xbc, 0x2e, 0xda, 0xb1, 0xc2, 0x40, 0x6f, 0xc2, 0x70, 0xcb,
+	0x89, 0xe3, 0xdb, 0x61, 0xd4, 0xc0, 0x64, 0xa3, 0x98, 0xe2, 0x46, 0x75, 0xe2, 0x46, 0x24, 0xc1,
+	0x64, 0x43, 0x04, 0xa8, 0x68, 0xfa, 0xd8, 0x64, 0x66, 0xff, 0xa0, 0x05, 0xa7, 0xe6, 0x88, 0x13,
+	0x91, 0x88, 0xd5, 0x42, 0x52, 0x2f, 0x82, 0xde, 0x80, 0x6a, 0x42, 0x5b, 0x68, 0x8f, 0xac, 0x62,
+	0x7b, 0xc4, 0x42, 0x4b, 0xd6, 0x04, 0x71, 0xac, 0xd8, 0xd8, 0x5f, 0xb0, 0xe0, 0x4c, 0x5e, 0x5f,
+	0xe6, 0xfd, 0xb0, 0xdd, 0x78, 0x10, 0x1d, 0xfa, 0xbb, 0x16, 0x8c, 0xb0, 0xe3, 0xfa, 0x05, 0x92,
+	0x38, 0x9e, 0xdf, 0x55, 0x87, 0xd1, 0xea, 0xb3, 0x0e, 0xe3, 0x39, 0x18, 0xd8, 0x0a, 0x9b, 0x24,
+	0x1b, 0x6a, 0x72, 0x39, 0x6c, 0x12, 0xcc, 0x20, 0xe8, 0x39, 0x3a, 0x09, 0xbd, 0x20, 0x71, 0xe8,
+	0x72, 0x94, 0xc7, 0x19, 0xe3, 0x7c, 0x02, 0xaa, 0x66, 0x6c, 0xe2, 0xd8, 0xff, 0xaa, 0x06, 0x43,
+	0x22, 0x2e, 0xaa, 0xef, 0x52, 0x3a, 0xd2, 0x8b, 0x53, 0xea, 0xe9, 0xc5, 0x89, 0x61, 0xd0, 0x65,
+	0xc5, 0x72, 0x85, 0x85, 0x7e, 0xb5, 0x90, 0x40, 0x3a, 0x5e, 0x7f, 0x57, 0x77, 0x8b, 0xff, 0xc7,
+	0x82, 0x15, 0x7a, 0xdb, 0x82, 0x71, 0x37, 0x0c, 0x02, 0xe2, 0x6a, 0xdb, 0x71, 0xa0, 0x88, 0x0d,
+	0xc2, 0x7c, 0x9a, 0xa8, 0x3e, 0x09, 0xce, 0x00, 0x70, 0x96, 0x3d, 0x7a, 0x19, 0x46, 0xf9, 0x98,
+	0xdd, 0x48, 0x9d, 0xc1, 0xe8, 0xf2, 0x7c, 0x26, 0x10, 0xa7, 0x71, 0xd1, 0x34, 0x3f, 0xcb, 0x12,
+	0x85, 0xf0, 0x06, 0xb5, 0xab, 0xda, 0x28, 0x81, 0x67, 0x60, 0xa0, 0x08, 0x50, 0x44, 0x36, 0x22,
+	0x12, 0x6f, 0x89, 0xb8, 0x31, 0x66, 0xb7, 0x0e, 0xdd, 0x5b, 0x11, 0x0c, 0xdc, 0x45, 0x09, 0xe7,
+	0x50, 0x47, 0xdb, 0xc2, 0x8d, 0x50, 0x2d, 0x42, 0x9e, 0x8b, 0xcf, 0xdc, 0xd3, 0x9b, 0x30, 0x05,
+	0x15, 0xa6, 0xba, 0x98, 0xbd, 0x5c, 0xe6, 0x89, 0x97, 0x4c, 0xb1, 0x61, 0xde, 0x8e, 0x16, 0xe0,
+	0x44, 0xa6, 0xb8, 0x60, 0x2c, 0xce, 0x4a, 0x54, 0x92, 0x5d, 0xa6, 0x2c, 0x61, 0x8c, 0xbb, 0x9e,
+	0x30, 0x5d, 0x4c, 0xc3, 0x07, 0xb8, 0x98, 0x3a, 0x2a, 0x3a, 0x99, 0x9f, 0x62, 0xbc, 0x52, 0xc8,
+	0x00, 0xf4, 0x15, 0x8a, 0xfc, 0xf9, 0x4c, 0x28, 0xf2, 0x28, 0xeb, 0xc0, 0x8d, 0x62, 0x3a, 0x70,
+	0xf8, 0xb8, 0xe3, 0x07, 0x19, 0x47, 0xfc, 0xbf, 0x2d, 0x90, 0xdf, 0x75, 0xde, 0x71, 0xb7, 0x08,
+	0x9d, 0x32, 0xe8, 0x83, 0x30, 0xa6, 0xbc, 0x13, 0xdc, 0x24, 0xb2, 0xd8, 0xac, 0x51, 0xb6, 0x33,
+	0x4e, 0x41, 0x71, 0x06, 0x1b, 0xcd, 0x40, 0x8d, 0x8e, 0x13, 0x7f, 0x94, 0xeb, 0x7d, 0xe5, 0x01,
+	0x99, 0x5d, 0x5d, 0x14, 0x4f, 0x69, 0x1c, 0x14, 0xc2, 0x84, 0xef, 0xc4, 0x09, 0xeb, 0x41, 0xbd,
+	0x13, 0xb8, 0xf7, 0x58, 0x82, 0x86, 0x65, 0x72, 0x2d, 0x65, 0x09, 0xe1, 0x6e, 0xda, 0xf6, 0x7f,
+	0xa8, 0xc0, 0x68, 0x4a, 0x32, 0x1e, 0xd2, 0x60, 0x78, 0x06, 0xaa, 0x52, 0x87, 0x67, 0x6b, 0x6d,
+	0x29, 0x45, 0xaf, 0x30, 0xa8, 0xd2, 0x5a, 0xd7, 0x5a, 0x35, 0x6b, 0xe0, 0x18, 0x0a, 0x17, 0x9b,
+	0x78, 0x4c, 0x28, 0x27, 0x7e, 0x3c, 0xef, 0x7b, 0x24, 0x48, 0x78, 0x37, 0x8b, 0x11, 0xca, 0x6b,
+	0x4b, 0x75, 0x93, 0xa8, 0x16, 0xca, 0x19, 0x00, 0xce, 0xb2, 0x47, 0x9f, 0xb2, 0x60, 0xd4, 0xb9,
+	0x1d, 0xeb, 0x8a, 0xee, 0x22, 0xe8, 0xf8, 0x88, 0x4a, 0x2a, 0x55, 0x24, 0x9e, 0x3b, 0xf6, 0x53,
+	0x4d, 0x38, 0xcd, 0x14, 0xbd, 0x63, 0x01, 0x22, 0xbb, 0xc4, 0x95, 0x61, 0xd1, 0xa2, 0x2f, 0x83,
+	0x45, 0xec, 0xe0, 0x2f, 0x74, 0xd1, 0xe5, 0x52, 0xbd, 0xbb, 0x1d, 0xe7, 0xf4, 0x01, 0x5d, 0x01,
+	0xd4, 0xf0, 0x62, 0x67, 0xdd, 0x27, 0xf3, 0x61, 0x53, 0x66, 0x1f, 0x8b, 0xf3, 0xf4, 0xb3, 0x62,
+	0x9c, 0xd1, 0x42, 0x17, 0x06, 0xce, 0x79, 0x8a, 0xcd, 0xb2, 0x28, 0xdc, 0xed, 0x5c, 0x8f, 0x7c,
+	0xa6, 0x25, 0xcc, 0x59, 0x26, 0xda, 0xb1, 0xc2, 0xb0, 0xff, 0xb4, 0xac, 0x96, 0xb2, 0xce, 0x01,
+	0x70, 0x8c, 0x58, 0x64, 0xeb, 0xde, 0x63, 0x91, 0x75, 0xa4, 0x54, 0x77, 0x4e, 0x7d, 0x2a, 0x05,
+	0xb7, 0xf4, 0x80, 0x52, 0x70, 0xbf, 0xcf, 0x4a, 0xd5, 0xb3, 0x1b, 0x3e, 0xff, 0x6a, 0xb1, 0xf9,
+	0x07, 0xd3, 0x3c, 0x8a, 0x2b, 0xa3, 0x57, 0x32, 0xc1, 0x7b, 0xcf, 0x40, 0x75, 0xc3, 0x77, 0x58,
+	0x15, 0x16, 0xb6, 0x50, 0x8d, 0x08, 0xb3, 0x8b, 0xa2, 0x1d, 0x2b, 0x0c, 0x2a, 0xf5, 0x0d, 0xa2,
+	0x87, 0x92, 0xda, 0xff, 0xb9, 0x0c, 0xc3, 0x86, 0xc6, 0xcf, 0x35, 0xdf, 0xac, 0x87, 0xcc, 0x7c,
+	0x2b, 0x1d, 0xc2, 0x7c, 0xfb, 0x5e, 0xa8, 0xb9, 0x52, 0x1b, 0x15, 0x53, 0x9f, 0x3f, 0xab, 0xe3,
+	0xb4, 0x42, 0x52, 0x4d, 0x58, 0xf3, 0x44, 0x97, 0x52, 0x69, 0x9e, 0x29, 0xbf, 0x40, 0x5e, 0x1e,
+	0xa6, 0xd0, 0x68, 0xdd, 0xcf, 0x64, 0xe3, 0x03, 0x2a, 0x07, 0xc7, 0x07, 0xd8, 0xbf, 0x6f, 0xa9,
+	0x8f, 0x7b, 0x1f, 0xea, 0xf9, 0xdc, 0x4a, 0xd7, 0xf3, 0xb9, 0x50, 0xc8, 0x30, 0xf7, 0x28, 0xe4,
+	0x73, 0x0d, 0x86, 0xe6, 0xc3, 0x66, 0xd3, 0x09, 0x1a, 0xe8, 0x1b, 0x60, 0xc8, 0xe5, 0x3f, 0x85,
+	0x0f, 0x8d, 0x1d, 0x56, 0x0b, 0x28, 0x96, 0x30, 0xf4, 0x38, 0x0c, 0x38, 0xd1, 0xa6, 0xf4, 0x9b,
+	0xb1, 0x20, 0xb8, 0xd9, 0x68, 0x33, 0xc6, 0xac, 0xd5, 0xfe, 0x73, 0x0b, 0xc6, 0xe8, 0x23, 0x1e,
+	0x7b, 0x29, 0xf6, 0x3a, 0x4f, 0xc3, 0xa0, 0xd3, 0x4e, 0xb6, 0xc2, 0xae, 0x7d, 0xd8, 0x2c, 0x6b,
+	0xc5, 0x02, 0x4a, 0xf7, 0x61, 0xaa, 0x10, 0x84, 0xb1, 0x0f, 0x5b, 0xa0, 0x73, 0x99, 0x41, 0xa8,
+	0x29, 0x1b, 0xb7, 0xd7, 0xf3, 0x4e, 0x4b, 0xeb, 0xbc, 0x19, 0x4b, 0x38, 0x25, 0xb6, 0x1e, 0x36,
+	0x3a, 0x22, 0xb4, 0x57, 0x11, 0x9b, 0x0b, 0x1b, 0x1d, 0xcc, 0x20, 0xe8, 0x09, 0x28, 0xc7, 0x5b,
+	0x8e, 0x3c, 0x97, 0x97, 0x51, 0xe6, 0xf5, 0xcb, 0xb3, 0x98, 0xb6, 0xab, 0xa4, 0x89, 0xc8, 0xcf,
+	0xc6, 0xd8, 0xa6, 0x93, 0x26, 0x22, 0xdf, 0xfe, 0x17, 0x03, 0xc0, 0xe2, 0x6d, 0x9c, 0x88, 0x34,
+	0xd6, 0x42, 0x56, 0x4a, 0xf8, 0x58, 0x8f, 0xb5, 0xf5, 0x46, 0xf6, 0x61, 0x3e, 0xda, 0x36, 0x8e,
+	0x37, 0xcb, 0xf7, 0xfb, 0x78, 0x33, 0xff, 0xc4, 0x7a, 0xe0, 0x21, 0x3a, 0xb1, 0xb6, 0x3f, 0x67,
+	0x01, 0x52, 0xd1, 0x53, 0x3a, 0xa4, 0x64, 0x06, 0x6a, 0x2a, 0x5c, 0x4b, 0xac, 0x17, 0x2d, 0x16,
+	0x25, 0x00, 0x6b, 0x9c, 0x3e, 0xbc, 0x17, 0x4f, 0x49, 0x9d, 0x55, 0x4e, 0xe7, 0x5c, 0x30, 0x4d,
+	0x27, 0x54, 0x98, 0xfd, 0x2b, 0x25, 0x78, 0x84, 0x9b, 0x4b, 0xcb, 0x4e, 0xe0, 0x6c, 0x92, 0x26,
+	0xed, 0x55, 0xbf, 0x41, 0x42, 0x2e, 0xdd, 0x36, 0x7b, 0x32, 0x43, 0xe2, 0xa8, 0xf2, 0x8a, 0xcb,
+	0x19, 0x2e, 0x59, 0x16, 0x03, 0x2f, 0xc1, 0x8c, 0x38, 0x8a, 0xa1, 0x2a, 0x2f, 0x33, 0x12, 0xfa,
+	0xa7, 0x20, 0x46, 0x4a, 0x14, 0x0b, 0xcb, 0x82, 0x60, 0xc5, 0x88, 0x9a, 0x0f, 0x7e, 0xe8, 0x6e,
+	0xd3, 0x25, 0x9f, 0x35, 0x1f, 0x96, 0x44, 0x3b, 0x56, 0x18, 0x76, 0x13, 0xc6, 0xe5, 0x18, 0xb6,
+	0xae, 0x92, 0x0e, 0x26, 0x1b, 0x54, 0xe7, 0xba, 0xb2, 0xc9, 0xb8, 0x5f, 0x49, 0xe9, 0xdc, 0x79,
+	0x13, 0x88, 0xd3, 0xb8, 0xb2, 0xba, 0x70, 0x29, 0xbf, 0xba, 0xb0, 0xfd, 0x2b, 0x16, 0x64, 0x95,
+	0xbe, 0x51, 0x4b, 0xd5, 0xda, 0xb7, 0x96, 0xea, 0x21, 0xaa, 0x91, 0x7e, 0x17, 0x0c, 0x3b, 0x09,
+	0xb5, 0xea, 0xb8, 0x07, 0xa6, 0x7c, 0x6f, 0x27, 0x87, 0xcb, 0x61, 0xc3, 0xdb, 0xf0, 0x98, 0xe7,
+	0xc5, 0x24, 0x67, 0xbf, 0x63, 0x41, 0x6d, 0x21, 0xea, 0x1c, 0x3e, 0x55, 0xad, 0x3b, 0x11, 0xad,
+	0x74, 0xa8, 0x44, 0x34, 0x99, 0xea, 0x56, 0xee, 0x95, 0xea, 0x66, 0xff, 0xc5, 0x00, 0x4c, 0x74,
+	0xe5, 0x5e, 0xa2, 0x97, 0x60, 0x44, 0x7d, 0x25, 0xe9, 0x76, 0xad, 0x99, 0xc1, 0xcb, 0x1a, 0x86,
+	0x53, 0x98, 0x7d, 0x2c, 0xd5, 0x45, 0x38, 0x19, 0x91, 0x37, 0xda, 0xa4, 0x4d, 0x66, 0x37, 0x12,
+	0x12, 0xd5, 0x89, 0x1b, 0x06, 0x0d, 0x5e, 0x8c, 0xb8, 0x3c, 0xf7, 0xe8, 0x9d, 0xbd, 0xa9, 0x93,
+	0xb8, 0x1b, 0x8c, 0xf3, 0x9e, 0x41, 0x2d, 0x18, 0xf5, 0xcd, 0xfd, 0x82, 0xd8, 0xa6, 0xde, 0xd3,
+	0x56, 0x43, 0xcd, 0xd6, 0x54, 0x33, 0x4e, 0x33, 0x48, 0x6f, 0x3a, 0x2a, 0x0f, 0x68, 0xd3, 0xf1,
+	0x49, 0xbd, 0xe9, 0xe0, 0xb1, 0x40, 0x1f, 0x2e, 0x38, 0xf7, 0xb6, 0x9f, 0x5d, 0xc7, 0x51, 0xf6,
+	0x11, 0xaf, 0x40, 0x55, 0xc6, 0x49, 0xf6, 0x15, 0x5f, 0x68, 0xd2, 0xe9, 0x21, 0xdb, 0xef, 0x96,
+	0x20, 0x67, 0xab, 0x4c, 0xd7, 0x9a, 0xb6, 0xf7, 0x52, 0x6b, 0xed, 0x70, 0x36, 0x1f, 0xda, 0xe5,
+	0x31, 0xa2, 0x5c, 0xcb, 0x7f, 0xa8, 0xe8, 0xad, 0xbe, 0x0e, 0x1b, 0x55, 0x12, 0x50, 0x85, 0x8e,
+	0x9e, 0x07, 0xd0, 0x66, 0xba, 0xb0, 0xf5, 0x54, 0xd0, 0x87, 0xb6, 0xe6, 0xb1, 0x81, 0x85, 0x5e,
+	0x84, 0x61, 0x2f, 0x88, 0x13, 0xc7, 0xf7, 0x2f, 0x7b, 0x41, 0x22, 0xec, 0x3f, 0x65, 0xce, 0x2c,
+	0x6a, 0x10, 0x36, 0xf1, 0xce, 0x7e, 0xc0, 0xf8, 0x2e, 0x87, 0xf9, 0x9e, 0x5b, 0x70, 0xe6, 0x92,
+	0x97, 0xa8, 0xe4, 0x43, 0x35, 0x8f, 0xa8, 0x15, 0xae, 0x64, 0x90, 0xd5, 0x33, 0xdd, 0xd6, 0x48,
+	0xfe, 0x2b, 0xa5, 0x73, 0x15, 0xb3, 0xc9, 0x7f, 0xb6, 0x0b, 0xa7, 0x2e, 0x79, 0xc9, 0x45, 0xcf,
+	0x27, 0xc7, 0xc8, 0xe4, 0x97, 0x07, 0x61, 0xc4, 0xcc, 0xc9, 0x3f, 0x8c, 0xc4, 0xfe, 0x02, 0xb5,
+	0x4f, 0xc5, 0x40, 0x78, 0xea, 0x20, 0xfb, 0xe6, 0x91, 0x0b, 0x04, 0xe4, 0x0f, 0xae, 0x61, 0xa2,
+	0x6a, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x0d, 0x95, 0x0d, 0x96, 0xc7, 0x56, 0x2e, 0x22, 0x04, 0x29,
+	0x6f, 0xf0, 0xf5, 0x8a, 0xe4, 0x99, 0x70, 0x9c, 0x1f, 0x35, 0x2b, 0xa2, 0x74, 0xfa, 0xb4, 0x91,
+	0x5d, 0x20, 0xf4, 0x95, 0xc2, 0xe8, 0xa5, 0x15, 0x2a, 0xf7, 0xa0, 0x15, 0x52, 0x32, 0x7a, 0xf0,
+	0x01, 0xc9, 0x68, 0x96, 0x93, 0x98, 0x6c, 0x31, 0xa3, 0x57, 0xa4, 0x43, 0x0d, 0xb1, 0x41, 0x30,
+	0x72, 0x12, 0x53, 0x60, 0x9c, 0xc5, 0x47, 0x1f, 0x53, 0x52, 0xbe, 0x5a, 0xc4, 0x41, 0x81, 0x39,
+	0xa3, 0x8f, 0x5b, 0xc0, 0x7f, 0xae, 0x04, 0x63, 0x97, 0x82, 0xf6, 0xea, 0xa5, 0xd5, 0xf6, 0xba,
+	0xef, 0xb9, 0x57, 0x49, 0x87, 0x4a, 0xf1, 0x6d, 0xd2, 0x59, 0x5c, 0x10, 0x2b, 0x48, 0xcd, 0x99,
+	0xab, 0xb4, 0x11, 0x73, 0x18, 0x95, 0x5b, 0x1b, 0x5e, 0xb0, 0x49, 0xa2, 0x56, 0xe4, 0x09, 0x1f,
+	0xbe, 0x21, 0xb7, 0x2e, 0x6a, 0x10, 0x36, 0xf1, 0x28, 0xed, 0xf0, 0x76, 0xa0, 0x0a, 0x24, 0x29,
+	0xda, 0x2b, 0xb4, 0x11, 0x73, 0x18, 0x45, 0x4a, 0xa2, 0xb6, 0x70, 0x91, 0x19, 0x48, 0x6b, 0xb4,
+	0x11, 0x73, 0x98, 0xd8, 0x7d, 0xb3, 0x08, 0xaf, 0x4a, 0xd7, 0xee, 0x9b, 0x05, 0x47, 0x48, 0x38,
+	0x45, 0xdd, 0x26, 0x9d, 0x05, 0x27, 0x71, 0xb2, 0x9b, 0xe7, 0xab, 0xbc, 0x19, 0x4b, 0x38, 0xab,
+	0x98, 0x9c, 0x1e, 0x8e, 0xaf, 0xb9, 0x8a, 0xc9, 0xe9, 0xee, 0xf7, 0x70, 0xb4, 0xfc, 0x9d, 0x12,
+	0x8c, 0xbc, 0x7b, 0xad, 0x69, 0xce, 0x85, 0x3d, 0x37, 0x61, 0xa2, 0x2b, 0x13, 0xba, 0x0f, 0xcb,
+	0xe7, 0xc0, 0x4a, 0x15, 0x36, 0x86, 0x61, 0x4a, 0x58, 0x56, 0x0a, 0x9c, 0x87, 0x09, 0xbe, 0x78,
+	0x29, 0x27, 0x96, 0xd8, 0xaa, 0xb2, 0xdb, 0xd9, 0x21, 0xd5, 0x8d, 0x2c, 0x10, 0x77, 0xe3, 0xdb,
+	0x9f, 0xb7, 0x60, 0x34, 0x95, 0x9c, 0x5e, 0x90, 0x8d, 0xc6, 0x56, 0x77, 0xc8, 0xa2, 0x93, 0x59,
+	0xb6, 0x48, 0x99, 0xa9, 0x61, 0xbd, 0xba, 0x35, 0x08, 0x9b, 0x78, 0xf6, 0x6f, 0x96, 0xa1, 0x2a,
+	0x23, 0xa9, 0xfa, 0xe8, 0xca, 0x67, 0x2d, 0x18, 0x55, 0x07, 0x83, 0xcc, 0x93, 0x5b, 0x2a, 0x22,
+	0x57, 0x8e, 0xf6, 0x40, 0xf9, 0x45, 0x82, 0x8d, 0x50, 0x6f, 0x18, 0xb0, 0xc9, 0x0c, 0xa7, 0x79,
+	0xa3, 0x1b, 0x00, 0x71, 0x27, 0x4e, 0x48, 0xd3, 0xf0, 0x29, 0xdb, 0xc6, 0x2c, 0x9b, 0x76, 0xc3,
+	0x88, 0xd0, 0x39, 0x75, 0x2d, 0x6c, 0x90, 0xba, 0xc2, 0xd4, 0x16, 0x9e, 0x6e, 0xc3, 0x06, 0x25,
+	0xf4, 0xa6, 0x3a, 0xc6, 0x1e, 0x28, 0x42, 0xaf, 0xcb, 0xf1, 0xed, 0xe7, 0x1c, 0xfb, 0x08, 0xe7,
+	0xc6, 0xf6, 0xcf, 0x94, 0xe0, 0x44, 0x76, 0x24, 0xd1, 0x87, 0x61, 0x44, 0x0e, 0x9a, 0xe1, 0x3e,
+	0x90, 0xe1, 0x6b, 0x23, 0xd8, 0x80, 0xdd, 0xdd, 0x9b, 0x9a, 0xea, 0xbe, 0x1f, 0x7b, 0xda, 0x44,
+	0xc1, 0x29, 0x62, 0xfc, 0x50, 0x59, 0x44, 0x3f, 0xcc, 0x75, 0x66, 0x5b, 0x2d, 0x71, 0x32, 0x6c,
+	0x1c, 0x2a, 0x9b, 0x50, 0x9c, 0xc1, 0x46, 0xab, 0x70, 0xca, 0x68, 0xb9, 0x46, 0xbc, 0xcd, 0xad,
+	0xf5, 0x30, 0x92, 0xfb, 0xd5, 0xc7, 0x75, 0xb0, 0x6c, 0x37, 0x0e, 0xce, 0x7d, 0x92, 0x1a, 0x46,
+	0xae, 0xd3, 0x72, 0x5c, 0x2f, 0xe9, 0x08, 0xdf, 0xbe, 0x12, 0xe3, 0xf3, 0xa2, 0x1d, 0x2b, 0x0c,
+	0xfb, 0x1f, 0x0e, 0xc0, 0x09, 0x1e, 0x1d, 0x4a, 0x54, 0xf0, 0x33, 0xfa, 0x30, 0xd4, 0xe2, 0xc4,
+	0x89, 0xb8, 0xb3, 0xc2, 0x3a, 0xb4, 0xe8, 0xd2, 0x19, 0xf5, 0x92, 0x08, 0xd6, 0xf4, 0xd0, 0xab,
+	0xac, 0x1c, 0x99, 0x17, 0x6f, 0x31, 0xea, 0xa5, 0x7b, 0x73, 0x85, 0x5c, 0x54, 0x14, 0xb0, 0x41,
+	0x0d, 0x7d, 0x2b, 0x54, 0x5a, 0x5b, 0x4e, 0x2c, 0xfd, 0x74, 0x4f, 0x4b, 0x39, 0xb1, 0x4a, 0x1b,
+	0xef, 0xee, 0x4d, 0x9d, 0xce, 0xbe, 0x2a, 0x03, 0x60, 0xfe, 0x90, 0x29, 0xe5, 0x07, 0x0e, 0xbe,
+	0x6f, 0xa7, 0x11, 0x75, 0xea, 0x97, 0x67, 0xb3, 0x37, 0xb4, 0x2c, 0xb0, 0x56, 0x2c, 0xa0, 0x54,
+	0x26, 0x6d, 0x71, 0x96, 0x0d, 0x8a, 0x3c, 0x98, 0xb6, 0x38, 0x2e, 0x6b, 0x10, 0x36, 0xf1, 0xd0,
+	0xe7, 0xba, 0x63, 0x87, 0x87, 0x8e, 0x21, 0xb7, 0xa4, 0xdf, 0xa8, 0xe1, 0x0b, 0x50, 0x13, 0x5d,
+	0x5d, 0x0b, 0xd1, 0x4b, 0x30, 0xc2, 0xdd, 0x40, 0x73, 0x91, 0x13, 0xb8, 0x5b, 0x59, 0xe7, 0xcd,
+	0x9a, 0x01, 0xc3, 0x29, 0x4c, 0x7b, 0x19, 0x06, 0xfa, 0x14, 0xb2, 0x7d, 0xed, 0xc9, 0x5f, 0x81,
+	0x2a, 0x25, 0x27, 0x37, 0x68, 0x45, 0x90, 0x0c, 0xa1, 0x2a, 0x6f, 0x6f, 0x44, 0x36, 0x94, 0x3d,
+	0x47, 0xc6, 0x88, 0xa8, 0x25, 0xb4, 0x18, 0xc7, 0x6d, 0x36, 0xed, 0x28, 0x10, 0x3d, 0x05, 0x65,
+	0xb2, 0xdb, 0xca, 0x06, 0x83, 0x5c, 0xd8, 0x6d, 0x79, 0x11, 0x89, 0x29, 0x12, 0xd9, 0x6d, 0xa1,
+	0xb3, 0x50, 0xf2, 0x1a, 0x62, 0x46, 0x82, 0xc0, 0x29, 0x2d, 0x2e, 0xe0, 0x92, 0xd7, 0xb0, 0x77,
+	0xa1, 0xa6, 0xae, 0x8b, 0x44, 0xdb, 0xd2, 0xa4, 0xb2, 0x8a, 0x88, 0x0e, 0x96, 0x74, 0x7b, 0x18,
+	0x53, 0x6d, 0x00, 0x5d, 0xaa, 0xa1, 0x28, 0x15, 0x7c, 0x0e, 0x06, 0xdc, 0x50, 0x14, 0xd9, 0xa9,
+	0x6a, 0x32, 0xcc, 0x96, 0x62, 0x10, 0xfb, 0x26, 0x8c, 0x5d, 0x0d, 0xc2, 0xdb, 0xec, 0x56, 0x27,
+	0x56, 0xc4, 0x98, 0x12, 0xde, 0xa0, 0x3f, 0xb2, 0x96, 0x3b, 0x83, 0x62, 0x0e, 0x53, 0xe5, 0x55,
+	0x4b, 0xbd, 0xca, 0xab, 0xda, 0x1f, 0xb7, 0x60, 0x44, 0xe5, 0x7c, 0x5f, 0xda, 0xd9, 0xa6, 0x74,
+	0x37, 0xa3, 0xb0, 0xdd, 0xca, 0xd2, 0x65, 0x37, 0xd3, 0x62, 0x0e, 0x33, 0x8b, 0x21, 0x94, 0x0e,
+	0x28, 0x86, 0x70, 0x0e, 0x06, 0xb6, 0xbd, 0xa0, 0x91, 0x75, 0x76, 0x5e, 0xf5, 0x82, 0x06, 0x66,
+	0x10, 0xfb, 0x2f, 0x2d, 0x38, 0xa1, 0xba, 0x20, 0x6d, 0xa6, 0x97, 0x60, 0x64, 0xbd, 0xed, 0xf9,
+	0x0d, 0x59, 0x9d, 0x39, 0xb3, 0x5c, 0xe6, 0x0c, 0x18, 0x4e, 0x61, 0xa2, 0xf3, 0x00, 0xeb, 0x5e,
+	0xe0, 0x44, 0x9d, 0x55, 0x6d, 0xa4, 0x29, 0xbd, 0x3d, 0xa7, 0x20, 0xd8, 0xc0, 0x42, 0x6f, 0x41,
+	0x75, 0x47, 0x9e, 0xca, 0x96, 0x0b, 0xcd, 0xe1, 0x17, 0xe3, 0xa1, 0x57, 0x82, 0x3a, 0xe6, 0x55,
+	0x1c, 0xed, 0x2f, 0x96, 0x61, 0x2c, 0x9d, 0x77, 0xdf, 0x87, 0xe7, 0xe4, 0x29, 0xa8, 0xb0, 0x54,
+	0xfc, 0xec, 0xc4, 0xe2, 0xe5, 0x94, 0x39, 0x0c, 0xc5, 0x30, 0xc8, 0x45, 0x49, 0x31, 0x77, 0x8b,
+	0xaa, 0x4e, 0x2a, 0xff, 0x2c, 0x8b, 0xe0, 0x16, 0xee, 0x6e, 0xc1, 0x0a, 0x7d, 0xca, 0x82, 0xa1,
+	0xb0, 0x65, 0xd6, 0xf5, 0xfc, 0x50, 0x91, 0x35, 0x09, 0x44, 0xe2, 0xaf, 0xb0, 0x86, 0xd4, 0xc4,
+	0x93, 0x93, 0x41, 0xb2, 0x3e, 0xfb, 0x2d, 0x30, 0x62, 0x62, 0x1e, 0x64, 0x10, 0x55, 0x4d, 0x83,
+	0xe8, 0xb3, 0xe6, 0x94, 0x14, 0x55, 0x17, 0xfa, 0x58, 0xec, 0xd7, 0xa1, 0xe2, 0xaa, 0x30, 0xb7,
+	0x7b, 0xba, 0x51, 0x40, 0x55, 0x25, 0x63, 0x21, 0x04, 0x9c, 0x9a, 0xfd, 0xfb, 0x96, 0x31, 0x3f,
+	0x30, 0x89, 0x17, 0x1b, 0x28, 0x82, 0xf2, 0xe6, 0xce, 0xb6, 0x30, 0x32, 0xae, 0x14, 0x34, 0xbc,
+	0x97, 0x76, 0xb6, 0xf5, 0x0a, 0x33, 0x5b, 0x31, 0x65, 0xd6, 0xc7, 0x21, 0x42, 0xaa, 0x38, 0x47,
+	0xf9, 0xe0, 0xe2, 0x1c, 0xf6, 0x3b, 0x25, 0x98, 0xe8, 0x9a, 0x54, 0xe8, 0x4d, 0xa8, 0x44, 0xf4,
+	0x2d, 0xc5, 0xeb, 0x2d, 0x15, 0x56, 0x4e, 0x23, 0x5e, 0x6c, 0x68, 0xe5, 0x9d, 0x6e, 0xc7, 0x9c,
+	0x25, 0xba, 0x02, 0x48, 0x07, 0x63, 0xaa, 0x13, 0x0c, 0xfe, 0xca, 0x2a, 0x62, 0x6b, 0xb6, 0x0b,
+	0x03, 0xe7, 0x3c, 0x85, 0x5e, 0xce, 0x1e, 0x84, 0x64, 0x2a, 0x45, 0xef, 0x77, 0xa6, 0x61, 0xbf,
+	0x6d, 0x4e, 0xc1, 0x1b, 0x5a, 0x98, 0x1e, 0x75, 0x73, 0xda, 0x25, 0x59, 0xcb, 0xfd, 0x4a, 0x56,
+	0xfb, 0x17, 0x4b, 0x30, 0x9a, 0xaa, 0xfc, 0x8a, 0x7c, 0xa8, 0x12, 0x9f, 0x9d, 0xd8, 0x4a, 0xed,
+	0x7b, 0xd4, 0x4b, 0x60, 0x94, 0x9c, 0xbc, 0x20, 0xe8, 0x62, 0xc5, 0xe1, 0xe1, 0x88, 0x2d, 0x7b,
+	0x09, 0x46, 0x64, 0x87, 0x3e, 0xe4, 0x34, 0xfd, 0xec, 0xf0, 0x5d, 0x30, 0x60, 0x38, 0x85, 0x69,
+	0xff, 0x6a, 0x19, 0x26, 0xf9, 0x11, 0x77, 0x43, 0x2d, 0x06, 0x15, 0xaa, 0xf2, 0x43, 0xba, 0x3e,
+	0xb3, 0x55, 0xc4, 0x4d, 0xe7, 0xbd, 0x18, 0xf5, 0x15, 0x12, 0xfd, 0x13, 0x99, 0x90, 0x68, 0xbe,
+	0x55, 0xdf, 0x3c, 0xa6, 0x1e, 0x7d, 0x6d, 0xc5, 0x48, 0xff, 0xd3, 0x12, 0x8c, 0x67, 0x2e, 0xb4,
+	0x43, 0x5f, 0x4c, 0xdf, 0x81, 0x62, 0x15, 0x71, 0xfc, 0xb7, 0xef, 0x1d, 0x67, 0x87, 0xbb, 0x09,
+	0xe5, 0x01, 0x2d, 0x15, 0xfb, 0x77, 0x4b, 0x30, 0x96, 0xbe, 0x89, 0xef, 0x21, 0x1c, 0xa9, 0xf7,
+	0x43, 0x8d, 0x5d, 0x36, 0x75, 0x95, 0x74, 0xe4, 0x29, 0x23, 0xbf, 0xd7, 0x47, 0x36, 0x62, 0x0d,
+	0x7f, 0x28, 0x2e, 0x98, 0xb1, 0xff, 0x99, 0x05, 0xa7, 0xf9, 0x5b, 0x66, 0xe7, 0xe1, 0xdf, 0xca,
+	0x1b, 0xdd, 0xd7, 0x8a, 0xed, 0x60, 0xa6, 0xae, 0xf8, 0x41, 0xe3, 0xcb, 0xee, 0x7b, 0x17, 0xbd,
+	0x4d, 0x4f, 0x85, 0x87, 0xb0, 0xb3, 0x87, 0x9a, 0x0c, 0xf6, 0x7f, 0x2c, 0xc1, 0xf0, 0xca, 0xfc,
+	0xa2, 0x12, 0xe1, 0x33, 0x50, 0x73, 0x23, 0xe2, 0x68, 0xf7, 0x8f, 0x19, 0x40, 0x25, 0x01, 0x58,
+	0xe3, 0xd0, 0x5d, 0x14, 0x0f, 0x40, 0x8c, 0xb3, 0xbb, 0x28, 0x1e, 0x9f, 0x18, 0x63, 0x09, 0x47,
+	0xcf, 0x40, 0x95, 0xa5, 0x06, 0x5f, 0x8f, 0xa4, 0xc6, 0xd1, 0x5b, 0x6b, 0xd6, 0x8e, 0x97, 0xb0,
+	0xc2, 0xa0, 0x84, 0x1b, 0xa1, 0x1b, 0x53, 0xe4, 0x8c, 0x47, 0x66, 0x81, 0x36, 0xe3, 0x25, 0x2c,
+	0xe1, 0xac, 0xb2, 0x23, 0xf3, 0x5a, 0x50, 0xe4, 0x4a, 0xba, 0xd3, 0xdc, 0xbd, 0x41, 0xd1, 0x35,
+	0xce, 0x61, 0x2a, 0x80, 0x66, 0xd2, 0xf3, 0x86, 0xfa, 0x4b, 0xcf, 0xb3, 0x7f, 0xb7, 0x0c, 0x35,
+	0xed, 0x54, 0xf3, 0x44, 0x3d, 0x8c, 0x42, 0xea, 0xd6, 0xd7, 0x3b, 0x81, 0xab, 0x48, 0xf3, 0x68,
+	0x02, 0xa3, 0x1c, 0xc6, 0x0f, 0x58, 0x30, 0xec, 0x05, 0x5e, 0xe2, 0x39, 0xcc, 0x37, 0x58, 0xcc,
+	0xfd, 0xdf, 0x8a, 0xdd, 0x22, 0xa7, 0x1c, 0x46, 0xe6, 0x91, 0xbf, 0x62, 0x86, 0x4d, 0xce, 0xe8,
+	0xa3, 0x22, 0x1b, 0xac, 0x5c, 0x58, 0x51, 0x99, 0x6a, 0x26, 0x05, 0xac, 0x45, 0x6d, 0xec, 0x24,
+	0x2a, 0xa8, 0x16, 0x13, 0xa6, 0xa4, 0xd4, 0xfd, 0x29, 0x6a, 0x17, 0xc3, 0x9a, 0x31, 0x67, 0x64,
+	0xc7, 0x80, 0xba, 0xc7, 0xe2, 0x90, 0x99, 0x36, 0x33, 0x50, 0x73, 0xda, 0x49, 0xd8, 0xa4, 0xc3,
+	0x24, 0x02, 0x06, 0x74, 0x2e, 0x91, 0x04, 0x60, 0x8d, 0x63, 0x7f, 0xb1, 0x02, 0x99, 0xea, 0x14,
+	0x68, 0x17, 0x6a, 0xaa, 0x3e, 0x45, 0x31, 0x99, 0xab, 0x7a, 0x46, 0xa9, 0xce, 0xa8, 0x26, 0xac,
+	0x99, 0xa1, 0x4d, 0xe9, 0x66, 0xe5, 0xab, 0xfd, 0x95, 0xac, 0x9b, 0xf5, 0x3b, 0xfa, 0x3b, 0x75,
+	0xa3, 0x73, 0x75, 0x86, 0xd7, 0x23, 0x9c, 0x3e, 0xd0, 0x23, 0x7b, 0xd0, 0x0d, 0xe8, 0x9f, 0x10,
+	0xb7, 0x95, 0x61, 0x12, 0xb7, 0xfd, 0x44, 0xcc, 0x86, 0x57, 0x0a, 0x5c, 0x65, 0x9c, 0xb0, 0xae,
+	0xf2, 0xc4, 0xff, 0x63, 0x83, 0x69, 0xda, 0x6f, 0x3e, 0x78, 0xac, 0x7e, 0xf3, 0xa1, 0x42, 0xfd,
+	0xe6, 0xe7, 0x01, 0xd8, 0xdc, 0xe6, 0x19, 0x01, 0x55, 0xe6, 0xce, 0x54, 0x2a, 0x06, 0x2b, 0x08,
+	0x36, 0xb0, 0xec, 0x6f, 0x82, 0x74, 0x99, 0x32, 0x34, 0x25, 0xab, 0xa2, 0xf1, 0x13, 0x41, 0x96,
+	0x8c, 0x99, 0x2a, 0x60, 0xf6, 0xf3, 0x16, 0x98, 0xb5, 0xd4, 0xd0, 0x1b, 0xbc, 0x68, 0x9b, 0x55,
+	0xc4, 0x09, 0x93, 0x41, 0x77, 0x7a, 0xd9, 0x69, 0x65, 0xa2, 0x9d, 0x64, 0xe5, 0xb6, 0xb3, 0x1f,
+	0x80, 0xaa, 0x84, 0x1e, 0xca, 0x58, 0xfe, 0x18, 0x9c, 0x94, 0x85, 0x1d, 0xe4, 0x61, 0x90, 0x88,
+	0x3a, 0x38, 0xd8, 0xc7, 0x28, 0x1d, 0x87, 0xa5, 0x5e, 0x8e, 0x43, 0xb5, 0x1b, 0x2e, 0xf7, 0x2c,
+	0xc7, 0xfe, 0x0b, 0x16, 0x9c, 0xcb, 0x76, 0x20, 0x5e, 0x0e, 0x03, 0x2f, 0x09, 0xa3, 0x3a, 0x49,
+	0x12, 0x2f, 0xd8, 0x64, 0xb5, 0x75, 0x6f, 0x3b, 0x91, 0xbc, 0x5f, 0x89, 0x09, 0xca, 0x9b, 0x4e,
+	0x14, 0x60, 0xd6, 0x8a, 0x3a, 0x30, 0xc8, 0x43, 0xa8, 0xc5, 0x2e, 0xe8, 0x88, 0x6b, 0x23, 0x67,
+	0x38, 0xf4, 0x36, 0x8c, 0x87, 0x6f, 0x63, 0xc1, 0xd0, 0xfe, 0x8a, 0x05, 0x68, 0x65, 0x87, 0x44,
+	0x91, 0xd7, 0x30, 0x82, 0xbe, 0xd9, 0xad, 0x9f, 0xc6, 0xed, 0x9e, 0x66, 0xd9, 0x91, 0xcc, 0xad,
+	0x9f, 0xc6, 0xbf, 0xfc, 0x5b, 0x3f, 0x4b, 0x87, 0xbb, 0xf5, 0x13, 0xad, 0xc0, 0xe9, 0x26, 0xdf,
+	0xc6, 0xf1, 0x9b, 0xf4, 0xf8, 0x9e, 0x4e, 0x65, 0xc8, 0x9f, 0xb9, 0xb3, 0x37, 0x75, 0x7a, 0x39,
+	0x0f, 0x01, 0xe7, 0x3f, 0x67, 0x7f, 0x00, 0x10, 0x8f, 0xf5, 0x9e, 0xcf, 0x0b, 0x57, 0xed, 0xe9,
+	0xe6, 0xb0, 0x7f, 0xbc, 0x02, 0xe3, 0x99, 0xdb, 0x37, 0xe8, 0x16, 0xba, 0x3b, 0x3e, 0xf6, 0xc8,
+	0xfa, 0xbb, 0xbb, 0x7b, 0x7d, 0x45, 0xdc, 0x06, 0x50, 0xf1, 0x82, 0x56, 0x3b, 0x29, 0xa6, 0x40,
+	0x07, 0xef, 0xc4, 0x22, 0x25, 0x68, 0x9c, 0x4b, 0xd0, 0xbf, 0x98, 0xb3, 0x29, 0x32, 0x7e, 0x37,
+	0xb5, 0xc9, 0x19, 0x78, 0x40, 0x6e, 0x96, 0x4f, 0xe8, 0x68, 0xda, 0x4a, 0x11, 0x3e, 0xe4, 0xcc,
+	0x64, 0x39, 0xee, 0x50, 0xab, 0x9f, 0x2d, 0xc1, 0xb0, 0xf1, 0xd1, 0xd0, 0x4f, 0xa6, 0x2b, 0x8d,
+	0x5a, 0xc5, 0xbd, 0x12, 0xa3, 0x3f, 0xad, 0x6b, 0x89, 0xf2, 0x57, 0x7a, 0xba, 0xbb, 0xc8, 0xe8,
+	0xdd, 0xbd, 0xa9, 0x13, 0x99, 0x32, 0xa2, 0xa9, 0xc2, 0xa3, 0x67, 0xbf, 0x07, 0xc6, 0x33, 0x64,
+	0x72, 0x5e, 0x79, 0xcd, 0x7c, 0xe5, 0x23, 0xbb, 0xfb, 0xcc, 0x21, 0xfb, 0x32, 0x1d, 0x32, 0x51,
+	0x17, 0x20, 0xf4, 0x49, 0x1f, 0xbe, 0xce, 0xcc, 0xfe, 0xa2, 0xd4, 0x67, 0xf9, 0x8f, 0xf7, 0x41,
+	0xb5, 0x15, 0xfa, 0x9e, 0xeb, 0xa9, 0x42, 0xe5, 0xac, 0xe0, 0xc8, 0xaa, 0x68, 0xc3, 0x0a, 0x8a,
+	0x6e, 0x43, 0xed, 0xd6, 0xed, 0x84, 0x1f, 0x33, 0x8a, 0xa3, 0x8c, 0xa2, 0x4e, 0x17, 0x95, 0xd1,
+	0xa2, 0xce, 0x31, 0xb1, 0xe6, 0x85, 0x6c, 0x18, 0x64, 0x4a, 0x50, 0xe6, 0x08, 0xb2, 0x63, 0x16,
+	0xa6, 0x1d, 0x63, 0x2c, 0x20, 0xf6, 0xbf, 0x1f, 0x86, 0x53, 0x79, 0x57, 0x20, 0xa1, 0xb7, 0x60,
+	0x90, 0xf7, 0xb1, 0x98, 0x5b, 0xf6, 0xf2, 0x78, 0x5c, 0x62, 0x04, 0x45, 0xb7, 0xd8, 0x6f, 0x2c,
+	0x78, 0x0a, 0xee, 0xbe, 0xb3, 0x2e, 0x66, 0xc8, 0xf1, 0x70, 0x5f, 0x72, 0x34, 0xf7, 0x25, 0x87,
+	0x73, 0xf7, 0x9d, 0x75, 0xb4, 0x0b, 0x95, 0x4d, 0x2f, 0x21, 0x8e, 0x70, 0xce, 0xdc, 0x3c, 0x16,
+	0xe6, 0xc4, 0xe1, 0x56, 0x1a, 0xfb, 0x89, 0x39, 0x43, 0xf4, 0x25, 0x0b, 0xc6, 0xd7, 0xd3, 0x75,
+	0x87, 0x84, 0xf0, 0x74, 0x8e, 0xe1, 0x9a, 0xab, 0x34, 0x23, 0x7e, 0xed, 0x6d, 0xa6, 0x11, 0x67,
+	0xbb, 0x83, 0x3e, 0x69, 0xc1, 0xd0, 0x86, 0xe7, 0x1b, 0xf7, 0x88, 0x1c, 0xc3, 0xc7, 0xb9, 0xc8,
+	0x18, 0xe8, 0x1d, 0x07, 0xff, 0x1f, 0x63, 0xc9, 0xb9, 0x97, 0xa6, 0x1a, 0x3c, 0xaa, 0xa6, 0x1a,
+	0x7a, 0x40, 0x9a, 0xea, 0x33, 0x16, 0xd4, 0xd4, 0x48, 0x8b, 0xfa, 0x2d, 0x1f, 0x3e, 0xc6, 0x4f,
+	0xce, 0x3d, 0x52, 0xea, 0x2f, 0xd6, 0xcc, 0xd1, 0xdb, 0x16, 0x0c, 0x3b, 0x6f, 0xb6, 0x23, 0xd2,
+	0x20, 0x3b, 0x61, 0x2b, 0x16, 0x85, 0x55, 0x5f, 0x2b, 0xbe, 0x33, 0xb3, 0x94, 0xc9, 0x02, 0xd9,
+	0x59, 0x69, 0xc5, 0x22, 0x7f, 0x59, 0x37, 0x60, 0xb3, 0x0b, 0xe8, 0xfb, 0xb5, 0x1e, 0x87, 0x22,
+	0xca, 0x6b, 0xe7, 0xf5, 0xa6, 0xaf, 0x74, 0x7c, 0x02, 0x8f, 0xb9, 0x61, 0x90, 0x78, 0x41, 0x9b,
+	0xac, 0x04, 0x98, 0xb4, 0xc2, 0x6b, 0x61, 0x72, 0x31, 0x6c, 0x07, 0x8d, 0x0b, 0x51, 0x14, 0x46,
+	0xac, 0x40, 0x8d, 0x71, 0xb9, 0xea, 0x7c, 0x6f, 0x54, 0xbc, 0x1f, 0x9d, 0xa3, 0xd8, 0x0c, 0x7b,
+	0x25, 0x98, 0x3a, 0x60, 0xb0, 0xd1, 0x4b, 0x30, 0x12, 0x46, 0x9b, 0x4e, 0xe0, 0xbd, 0x69, 0xd6,
+	0x5c, 0x53, 0x06, 0xe9, 0x8a, 0x01, 0xc3, 0x29, 0x4c, 0xb3, 0x18, 0x4f, 0xe9, 0x80, 0x62, 0x3c,
+	0xe7, 0x60, 0x20, 0x22, 0xad, 0x30, 0xbb, 0xaf, 0x62, 0x29, 0x87, 0x0c, 0x82, 0x9e, 0x80, 0xb2,
+	0xd3, 0xf2, 0x84, 0x73, 0x51, 0x6d, 0x17, 0x67, 0x57, 0x17, 0x31, 0x6d, 0x4f, 0xd5, 0x06, 0xab,
+	0xdc, 0x97, 0xda, 0x60, 0x54, 0x63, 0x8a, 0xe3, 0xb3, 0x41, 0xad, 0x31, 0xd3, 0xc7, 0x5a, 0xf6,
+	0x3b, 0x65, 0x78, 0x62, 0xdf, 0xa5, 0xa5, 0x43, 0xd6, 0xad, 0x7d, 0x42, 0xd6, 0xe5, 0xf0, 0x94,
+	0x0e, 0x1a, 0x9e, 0x72, 0x8f, 0xe1, 0xf9, 0x24, 0x95, 0x18, 0xb2, 0x56, 0x5d, 0x31, 0x17, 0xc4,
+	0xf7, 0x2a, 0x7d, 0x27, 0x84, 0x85, 0x84, 0x62, 0xcd, 0x97, 0x6e, 0x97, 0x52, 0x85, 0x68, 0x2a,
+	0x45, 0x68, 0xcc, 0x9e, 0xf5, 0xe2, 0xb8, 0x98, 0xe8, 0x55, 0xdd, 0xc6, 0xfe, 0xa5, 0x01, 0x78,
+	0xaa, 0x0f, 0x45, 0x67, 0xce, 0x62, 0xab, 0xcf, 0x59, 0xfc, 0x35, 0xfe, 0x99, 0x3e, 0x9d, 0xfb,
+	0x99, 0x70, 0xf1, 0x9f, 0x69, 0xff, 0x2f, 0xc4, 0x4e, 0x20, 0x82, 0x98, 0xb8, 0xed, 0x88, 0xa7,
+	0xef, 0x18, 0xf9, 0xc8, 0x8b, 0xa2, 0x1d, 0x2b, 0x0c, 0xba, 0xfd, 0x75, 0x1d, 0xba, 0xfc, 0x87,
+	0x0a, 0x2a, 0x3c, 0x62, 0xa6, 0x36, 0x73, 0xeb, 0x6b, 0x7e, 0x96, 0x4a, 0x00, 0xce, 0xc6, 0xfe,
+	0x35, 0x0b, 0xce, 0xf6, 0xb6, 0x46, 0xd0, 0x73, 0x30, 0xbc, 0xce, 0x82, 0x29, 0x97, 0x59, 0xc8,
+	0x94, 0x98, 0x3a, 0xec, 0x7d, 0x75, 0x33, 0x36, 0x71, 0xd0, 0x3c, 0x4c, 0x98, 0x51, 0x98, 0xcb,
+	0x46, 0xac, 0x15, 0xf3, 0x97, 0xac, 0x65, 0x81, 0xb8, 0x1b, 0x1f, 0x4d, 0x03, 0x24, 0x5e, 0xe2,
+	0x13, 0xfe, 0x34, 0x9f, 0x68, 0xcc, 0xa1, 0xb8, 0xa6, 0x5a, 0xb1, 0x81, 0x61, 0x7f, 0xb5, 0x9c,
+	0xff, 0x1a, 0xdc, 0xca, 0x3d, 0xcc, 0xec, 0x17, 0x73, 0xbb, 0xd4, 0x87, 0x84, 0x2e, 0xdf, 0x6f,
+	0x09, 0x3d, 0xd0, 0x4b, 0x42, 0xa3, 0x05, 0x38, 0x61, 0x5c, 0xd7, 0xca, 0x4b, 0xd7, 0xf0, 0x43,
+	0x29, 0x55, 0x77, 0x6e, 0x35, 0x03, 0xc7, 0x5d, 0x4f, 0x3c, 0xe4, 0x53, 0xf5, 0xd7, 0x4b, 0x70,
+	0xa6, 0xe7, 0xc6, 0xe2, 0x3e, 0x69, 0x20, 0xf3, 0xf3, 0x0f, 0xdc, 0x9f, 0xcf, 0x6f, 0x7e, 0x94,
+	0xca, 0x81, 0x1f, 0xa5, 0x1f, 0x75, 0xfe, 0x7b, 0xa5, 0x9e, 0x8b, 0x85, 0x6e, 0x44, 0xff, 0xca,
+	0x8e, 0xe4, 0xcb, 0x30, 0xea, 0xb4, 0x5a, 0x1c, 0x8f, 0x65, 0x66, 0x64, 0x6a, 0x61, 0xce, 0x9a,
+	0x40, 0x9c, 0xc6, 0xed, 0x6b, 0x60, 0xff, 0xc8, 0x82, 0x1a, 0x26, 0x1b, 0x5c, 0xc2, 0xa1, 0x5b,
+	0x62, 0x88, 0xac, 0x22, 0x2e, 0x24, 0xa0, 0x03, 0x1b, 0x7b, 0xac, 0x4a, 0x7f, 0xde, 0x60, 0x1f,
+	0xb5, 0xb2, 0x82, 0xba, 0xe4, 0xb5, 0xdc, 0xfb, 0x92, 0x57, 0xfb, 0x97, 0x6b, 0xf4, 0xf5, 0x5a,
+	0xe1, 0x7c, 0x44, 0x1a, 0x31, 0xfd, 0xbe, 0xed, 0xc8, 0x17, 0x93, 0x44, 0x7d, 0xdf, 0xeb, 0x78,
+	0x09, 0xd3, 0xf6, 0xd4, 0xf9, 0x64, 0xe9, 0x50, 0x95, 0x00, 0xcb, 0x07, 0x56, 0x02, 0x7c, 0x19,
+	0x46, 0xe3, 0x78, 0x6b, 0x35, 0xf2, 0x76, 0x9c, 0x84, 0x5c, 0x25, 0xb2, 0x64, 0x90, 0xae, 0x8a,
+	0x55, 0xbf, 0xac, 0x81, 0x38, 0x8d, 0x8b, 0x2e, 0xc1, 0x84, 0xae, 0xc7, 0x47, 0xa2, 0x84, 0xa5,
+	0x3c, 0xf2, 0x99, 0xa0, 0xca, 0xc1, 0xe8, 0x0a, 0x7e, 0x02, 0x01, 0x77, 0x3f, 0x43, 0x65, 0x6e,
+	0xaa, 0x91, 0x76, 0x64, 0x30, 0x2d, 0x73, 0x53, 0x74, 0x68, 0x5f, 0xba, 0x9e, 0x40, 0xcb, 0x70,
+	0x92, 0x4f, 0x8c, 0xd9, 0x56, 0xcb, 0x78, 0xa3, 0xa1, 0x74, 0x15, 0xf8, 0x4b, 0xdd, 0x28, 0x38,
+	0xef, 0x39, 0xf4, 0x22, 0x0c, 0xab, 0xe6, 0xc5, 0x05, 0x71, 0xb4, 0xa6, 0x5c, 0x7b, 0x8a, 0xcc,
+	0x62, 0x03, 0x9b, 0x78, 0xe8, 0x43, 0xf0, 0xa8, 0xfe, 0xcb, 0x53, 0xe8, 0xf9, 0x79, 0xf3, 0x82,
+	0x28, 0x75, 0xaa, 0x2e, 0x19, 0xbb, 0x94, 0x8b, 0xd6, 0xc0, 0xbd, 0x9e, 0x47, 0xeb, 0x70, 0x56,
+	0x81, 0x2e, 0x04, 0x09, 0x4b, 0x72, 0x8d, 0xc9, 0x9c, 0x13, 0xb3, 0xc8, 0x09, 0x60, 0xef, 0x69,
+	0x0b, 0xea, 0x67, 0x2f, 0x79, 0xc9, 0xe5, 0x3c, 0x4c, 0xbc, 0x84, 0xf7, 0xa1, 0x82, 0x66, 0xa0,
+	0x46, 0x02, 0x67, 0xdd, 0x27, 0x2b, 0xf3, 0x8b, 0x62, 0x47, 0xaa, 0xb3, 0x23, 0x24, 0x00, 0x6b,
+	0x1c, 0x15, 0xdf, 0x3f, 0xd2, 0x2b, 0xbe, 0x1f, 0xad, 0xc2, 0xa9, 0x4d, 0xb7, 0x45, 0xad, 0x4c,
+	0xcf, 0x25, 0xb3, 0x2e, 0x0b, 0x28, 0xa6, 0x1f, 0x86, 0x97, 0xe7, 0x57, 0x89, 0x52, 0x97, 0xe6,
+	0x57, 0xbb, 0x70, 0x70, 0xee, 0x93, 0x2c, 0xf0, 0x3c, 0x0a, 0x77, 0x3b, 0x93, 0x27, 0x33, 0x81,
+	0xe7, 0xb4, 0x11, 0x73, 0x18, 0xba, 0x02, 0x88, 0x25, 0x0b, 0x5e, 0x4e, 0x92, 0x96, 0x32, 0x6b,
+	0x27, 0x4f, 0xa5, 0x0b, 0x1f, 0x5e, 0xec, 0xc2, 0xc0, 0x39, 0x4f, 0x51, 0xab, 0x27, 0x08, 0x19,
+	0xf5, 0xc9, 0x47, 0xd3, 0x56, 0xcf, 0x35, 0xde, 0x8c, 0x25, 0x1c, 0x7d, 0x17, 0x4c, 0xb6, 0x63,
+	0xc2, 0x36, 0xcc, 0x37, 0xc3, 0x68, 0xdb, 0x0f, 0x9d, 0xc6, 0x22, 0xbb, 0x4d, 0x36, 0xe9, 0x4c,
+	0x4e, 0x32, 0xe6, 0xe7, 0xc4, 0xb3, 0x93, 0xd7, 0x7b, 0xe0, 0xe1, 0x9e, 0x14, 0xb2, 0x95, 0x3b,
+	0xcf, 0xf4, 0x59, 0xb9, 0x73, 0x15, 0x4e, 0x49, 0xbd, 0xb6, 0x32, 0xbf, 0xa8, 0x5e, 0x7a, 0xf2,
+	0x6c, 0xfa, 0x7a, 0xba, 0xc5, 0x1c, 0x1c, 0x9c, 0xfb, 0xa4, 0xfd, 0x87, 0x16, 0x8c, 0x2a, 0x09,
+	0x76, 0x1f, 0x92, 0x96, 0xfd, 0x74, 0xd2, 0xf2, 0xa5, 0xa3, 0xeb, 0x00, 0xd6, 0xf3, 0x1e, 0x29,
+	0x36, 0x3f, 0x3a, 0x0a, 0xa0, 0xf5, 0x84, 0x52, 0xd1, 0x56, 0x4f, 0x15, 0xfd, 0xd0, 0xca, 0xe8,
+	0xbc, 0x4a, 0x8c, 0x95, 0x07, 0x5b, 0x89, 0xb1, 0x0e, 0xa7, 0xe5, 0x94, 0xe2, 0x47, 0xca, 0x97,
+	0xc3, 0x58, 0x89, 0x7c, 0xe3, 0xbe, 0xc1, 0xc5, 0x3c, 0x24, 0x9c, 0xff, 0x6c, 0xca, 0xb6, 0x1b,
+	0x3a, 0xd0, 0xb6, 0x53, 0x52, 0x6e, 0x69, 0x43, 0xde, 0x06, 0x9a, 0x91, 0x72, 0x4b, 0x17, 0xeb,
+	0x58, 0xe3, 0xe4, 0xab, 0xba, 0x5a, 0x41, 0xaa, 0x0e, 0x0e, 0xad, 0xea, 0xa4, 0xd0, 0x1d, 0xee,
+	0x29, 0x74, 0xe5, 0xd1, 0xd5, 0x48, 0xcf, 0xa3, 0xab, 0x0f, 0xc2, 0x98, 0x17, 0x6c, 0x91, 0xc8,
+	0x4b, 0x48, 0x83, 0xad, 0x05, 0x26, 0x90, 0xab, 0xda, 0xd0, 0x59, 0x4c, 0x41, 0x71, 0x06, 0x3b,
+	0xad, 0x29, 0xc6, 0xfa, 0xd0, 0x14, 0x3d, 0xf4, 0xf3, 0x78, 0x31, 0xfa, 0xf9, 0xc4, 0xd1, 0xf5,
+	0xf3, 0xc4, 0xb1, 0xea, 0x67, 0x54, 0x88, 0x7e, 0xee, 0x4b, 0xf5, 0x19, 0x9b, 0xf4, 0x53, 0x07,
+	0x6c, 0xd2, 0x7b, 0x29, 0xe7, 0xd3, 0xf7, 0xac, 0x9c, 0xf3, 0xf5, 0xee, 0x23, 0xef, 0xea, 0xdd,
+	0x42, 0xf4, 0xee, 0x67, 0x4a, 0x70, 0x5a, 0x6b, 0x26, 0x2a, 0x0f, 0xbc, 0x0d, 0x2a, 0x9b, 0xd9,
+	0x15, 0xdb, 0xfc, 0xc0, 0xdb, 0x48, 0x95, 0xd7, 0xc5, 0x02, 0x14, 0x04, 0x1b, 0x58, 0x2c, 0xe3,
+	0x9c, 0x44, 0xec, 0x72, 0x97, 0xac, 0xda, 0x9a, 0x17, 0xed, 0x58, 0x61, 0xd0, 0x41, 0xa0, 0xbf,
+	0x45, 0xc1, 0x93, 0x6c, 0xd9, 0xf0, 0x79, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x1f, 0x67, 0xc2, 0x44,
+	0x26, 0x55, 0x5d, 0x23, 0x7c, 0x5b, 0xa9, 0xa4, 0xa4, 0x82, 0xca, 0xee, 0xb0, 0x8a, 0x08, 0x95,
+	0xee, 0xee, 0xb0, 0xd8, 0x51, 0x85, 0x61, 0xff, 0x2f, 0x0b, 0xce, 0xe4, 0x0e, 0xc5, 0x7d, 0x30,
+	0x47, 0x76, 0xd3, 0xe6, 0x48, 0xbd, 0xa8, 0x2d, 0xa9, 0xf1, 0x16, 0x3d, 0x4c, 0x93, 0xff, 0x64,
+	0xc1, 0x98, 0xc6, 0xbf, 0x0f, 0xaf, 0xea, 0xa5, 0x5f, 0xb5, 0xb8, 0xdd, 0x77, 0xad, 0xeb, 0xdd,
+	0x7e, 0xb5, 0x04, 0xaa, 0x94, 0xff, 0xac, 0x9b, 0xf4, 0x97, 0x6e, 0xd6, 0x81, 0x41, 0x16, 0x41,
+	0x12, 0x17, 0x13, 0x1d, 0x97, 0xe6, 0xcf, 0xa2, 0x51, 0xf4, 0x81, 0x1e, 0xfb, 0x1b, 0x63, 0xc1,
+	0x90, 0x5d, 0x3d, 0xc4, 0xab, 0xa4, 0x37, 0x44, 0xe2, 0xb4, 0xbe, 0x7a, 0x48, 0xb4, 0x63, 0x85,
+	0x41, 0x15, 0xa6, 0xe7, 0x86, 0xc1, 0xbc, 0xef, 0xc4, 0xb1, 0xb0, 0xe1, 0x94, 0xc2, 0x5c, 0x94,
+	0x00, 0xac, 0x71, 0x58, 0x70, 0x89, 0x17, 0xb7, 0x7c, 0xa7, 0x63, 0xf8, 0x58, 0x8c, 0xc2, 0x5e,
+	0x0a, 0x84, 0x4d, 0x3c, 0xbb, 0x09, 0x93, 0xe9, 0x97, 0x58, 0x20, 0x1b, 0x2c, 0xb2, 0xbb, 0xaf,
+	0xe1, 0x9c, 0x81, 0x9a, 0xc3, 0x9e, 0x5a, 0x6a, 0x3b, 0x42, 0x26, 0xe8, 0xf8, 0x66, 0x09, 0xc0,
+	0x1a, 0xc7, 0xfe, 0x66, 0x38, 0x99, 0x33, 0x66, 0x7d, 0x04, 0xd0, 0xfd, 0x62, 0x09, 0xc6, 0xd3,
+	0x4f, 0xc6, 0x2c, 0xf7, 0x91, 0xf7, 0xd9, 0x8b, 0xdd, 0x70, 0x87, 0x44, 0x1d, 0xda, 0x0d, 0x2b,
+	0x93, 0xfb, 0xd8, 0x85, 0x81, 0x73, 0x9e, 0x62, 0xb7, 0x6a, 0x34, 0xd4, 0xab, 0xcb, 0xe9, 0x71,
+	0xa3, 0xc8, 0xe9, 0xa1, 0x47, 0xd6, 0x0c, 0xfa, 0x51, 0x2c, 0xb1, 0xc9, 0x9f, 0xda, 0x3f, 0x2c,
+	0x73, 0x63, 0xae, 0xed, 0xf9, 0x89, 0x17, 0x88, 0x57, 0x16, 0x13, 0x47, 0xd9, 0x3f, 0xcb, 0xdd,
+	0x28, 0x38, 0xef, 0x39, 0xfb, 0x2b, 0x03, 0xa0, 0x2a, 0xa0, 0xb0, 0xa0, 0xcc, 0x82, 0x42, 0x5a,
+	0x0f, 0x9b, 0x41, 0xab, 0xbe, 0xf4, 0xc0, 0x7e, 0x51, 0x52, 0xdc, 0x4b, 0x66, 0xba, 0xd3, 0xd5,
+	0x80, 0xad, 0x69, 0x10, 0x36, 0xf1, 0x68, 0x4f, 0x7c, 0x6f, 0x87, 0xf0, 0x87, 0x06, 0xd3, 0x3d,
+	0x59, 0x92, 0x00, 0xac, 0x71, 0x58, 0x11, 0x6d, 0x6f, 0x63, 0x43, 0xb8, 0x7c, 0x74, 0x11, 0x6d,
+	0x6f, 0x63, 0x03, 0x33, 0x08, 0xbf, 0x77, 0x29, 0xdc, 0x16, 0x36, 0xbf, 0x71, 0xef, 0x52, 0xb8,
+	0x8d, 0x19, 0x84, 0x7e, 0xa5, 0x20, 0x8c, 0x9a, 0x8e, 0xef, 0xbd, 0x49, 0x1a, 0x8a, 0x8b, 0xb0,
+	0xf5, 0xd5, 0x57, 0xba, 0xd6, 0x8d, 0x82, 0xf3, 0x9e, 0xa3, 0x13, 0xba, 0x15, 0x91, 0x86, 0xe7,
+	0x26, 0x26, 0x35, 0x48, 0x4f, 0xe8, 0xd5, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x9a, 0x85, 0x71, 0x59,
+	0xc1, 0x46, 0x56, 0x7d, 0x1c, 0x4e, 0x97, 0x8e, 0xc3, 0x69, 0x30, 0xce, 0xe2, 0x53, 0x89, 0xd5,
+	0x14, 0xb5, 0x68, 0xd9, 0xd6, 0xc0, 0x90, 0x58, 0xb2, 0x46, 0x2d, 0x56, 0x18, 0xf6, 0x27, 0xca,
+	0x54, 0xc3, 0xf6, 0x28, 0xf9, 0x7c, 0xdf, 0x42, 0xa8, 0xd3, 0x33, 0x72, 0xa0, 0x8f, 0x19, 0xf9,
+	0x02, 0x8c, 0xdc, 0x8a, 0xc3, 0x40, 0x85, 0x27, 0x57, 0x7a, 0x86, 0x27, 0x1b, 0x58, 0xf9, 0xe1,
+	0xc9, 0x83, 0x45, 0x85, 0x27, 0x0f, 0xdd, 0x63, 0x78, 0xf2, 0xbf, 0xa9, 0x80, 0xba, 0x58, 0xf3,
+	0x1a, 0x49, 0x6e, 0x87, 0xd1, 0xb6, 0x17, 0x6c, 0xb2, 0x6a, 0x2c, 0x5f, 0xb2, 0x64, 0x41, 0x97,
+	0x25, 0x33, 0x6d, 0x77, 0xa3, 0xa0, 0xcb, 0x11, 0x53, 0xcc, 0xa6, 0xd7, 0x0c, 0x46, 0x3c, 0xcc,
+	0x25, 0x53, 0x38, 0x46, 0x78, 0xf0, 0x53, 0x3d, 0x42, 0xdf, 0x03, 0x20, 0xfd, 0xe3, 0x1b, 0x52,
+	0x02, 0x2f, 0x16, 0xd3, 0x3f, 0x4c, 0x36, 0xb4, 0x7d, 0xbb, 0xa6, 0x98, 0x60, 0x83, 0x21, 0xfa,
+	0x8c, 0x4e, 0x69, 0xe6, 0x79, 0x4c, 0x1f, 0x3d, 0x96, 0xb1, 0xe9, 0x27, 0xa1, 0x19, 0xc3, 0x90,
+	0x17, 0x6c, 0xd2, 0x79, 0x22, 0xc2, 0x38, 0xdf, 0x9b, 0x57, 0xec, 0x6b, 0x29, 0x74, 0x1a, 0x73,
+	0x8e, 0xef, 0x04, 0x2e, 0x89, 0x16, 0x39, 0xba, 0xde, 0xf3, 0x88, 0x06, 0x2c, 0x09, 0x75, 0xdd,
+	0xfe, 0x59, 0xe9, 0xe7, 0xf6, 0xcf, 0xb3, 0xdf, 0x0e, 0x13, 0x5d, 0x1f, 0xf3, 0x50, 0xf9, 0xcb,
+	0x47, 0x28, 0xf3, 0xf5, 0x4b, 0x83, 0x5a, 0x69, 0x5d, 0x0b, 0x1b, 0xfc, 0x32, 0xc9, 0x48, 0x7f,
+	0x51, 0x61, 0xbf, 0x16, 0x38, 0x45, 0x94, 0x9a, 0x31, 0x1a, 0xb1, 0xc9, 0x92, 0xce, 0xd1, 0x96,
+	0x13, 0x91, 0xe0, 0xb8, 0xe7, 0xe8, 0xaa, 0x62, 0x82, 0x0d, 0x86, 0x68, 0x2b, 0x95, 0x68, 0x77,
+	0xf1, 0xe8, 0x89, 0x76, 0xac, 0xf4, 0x6a, 0xde, 0x9d, 0x6b, 0x6f, 0x5b, 0x30, 0x16, 0xa4, 0x66,
+	0x6e, 0x31, 0xb1, 0xf5, 0xf9, 0xab, 0x82, 0xdf, 0xcb, 0x9c, 0x6e, 0xc3, 0x19, 0xfe, 0x79, 0x2a,
+	0xad, 0x72, 0x48, 0x95, 0xa6, 0x2f, 0xb3, 0x1d, 0xec, 0x75, 0x99, 0x2d, 0x0a, 0xd4, 0x2d, 0xe3,
+	0x43, 0x45, 0x94, 0x2b, 0x49, 0x5d, 0x31, 0x0e, 0x39, 0xd7, 0x8b, 0xdf, 0x34, 0xf3, 0x70, 0x0f,
+	0x7f, 0xdb, 0xf4, 0x68, 0xaf, 0x7c, 0x5d, 0xfb, 0xff, 0x0e, 0xc0, 0x09, 0x39, 0x22, 0x32, 0x2f,
+	0x87, 0xea, 0x47, 0xce, 0x57, 0xdb, 0xca, 0x4a, 0x3f, 0x5e, 0x96, 0x00, 0xac, 0x71, 0xa8, 0x3d,
+	0xd6, 0x8e, 0xc9, 0x4a, 0x8b, 0x04, 0x4b, 0xde, 0x7a, 0x2c, 0xce, 0xc2, 0xd5, 0x42, 0xb9, 0xae,
+	0x41, 0xd8, 0xc4, 0x63, 0xc9, 0xc2, 0xae, 0x59, 0xb1, 0x43, 0x27, 0x0b, 0x0b, 0x43, 0x55, 0xc2,
+	0xd1, 0x8f, 0xe5, 0xde, 0x41, 0x51, 0x4c, 0x36, 0x6b, 0x57, 0x3a, 0xd2, 0xe1, 0x2e, 0x9f, 0x40,
+	0xff, 0xc8, 0x82, 0xd3, 0xbc, 0x55, 0x8e, 0xe4, 0xf5, 0x56, 0xc3, 0x49, 0x48, 0x5c, 0xcc, 0x7d,
+	0x5d, 0x39, 0xfd, 0xd3, 0x2e, 0xed, 0x3c, 0xb6, 0x38, 0xbf, 0x37, 0xe8, 0x8b, 0x16, 0x8c, 0x6f,
+	0xa7, 0x2a, 0x6e, 0x49, 0xd5, 0x71, 0xd4, 0x72, 0x34, 0x29, 0xa2, 0x7a, 0xa9, 0xa5, 0xdb, 0x63,
+	0x9c, 0xe5, 0x6e, 0xff, 0xb9, 0x05, 0xa6, 0x18, 0xbd, 0xff, 0x85, 0xba, 0x0e, 0x6f, 0x0a, 0x4a,
+	0xeb, 0xb2, 0xd2, 0xd3, 0xba, 0x7c, 0x02, 0xca, 0x6d, 0xaf, 0x21, 0xf6, 0x17, 0xfa, 0xf4, 0x7d,
+	0x71, 0x01, 0xd3, 0x76, 0xfb, 0x8f, 0x2b, 0xda, 0x27, 0x21, 0x92, 0x45, 0xff, 0x4a, 0xbc, 0xf6,
+	0x86, 0xaa, 0xc0, 0xcb, 0xdf, 0xfc, 0x5a, 0x57, 0x05, 0xde, 0x6f, 0x3d, 0x7c, 0x2e, 0x30, 0x1f,
+	0xa0, 0x5e, 0x05, 0x78, 0x87, 0x0e, 0x48, 0x04, 0xbe, 0x05, 0x55, 0xba, 0x05, 0x63, 0xce, 0xc5,
+	0x6a, 0xaa, 0x53, 0xd5, 0xcb, 0xa2, 0xfd, 0xee, 0xde, 0xd4, 0xb7, 0x1c, 0xbe, 0x5b, 0xf2, 0x69,
+	0xac, 0xe8, 0xa3, 0x18, 0x6a, 0xf4, 0x37, 0xcb, 0x59, 0x16, 0x9b, 0xbb, 0xeb, 0x4a, 0x66, 0x4a,
+	0x40, 0x21, 0x09, 0xd1, 0x9a, 0x0f, 0x0a, 0xa0, 0x46, 0x11, 0x39, 0x53, 0xbe, 0x07, 0x5c, 0x55,
+	0x99, 0xc3, 0x12, 0x70, 0x77, 0x6f, 0xea, 0xe5, 0xc3, 0x33, 0x55, 0x8f, 0x63, 0xcd, 0xc2, 0x50,
+	0x8d, 0xc3, 0x3d, 0xef, 0x79, 0xff, 0x7f, 0x03, 0x7a, 0x7e, 0x8b, 0xe2, 0xcc, 0x7f, 0x25, 0xe6,
+	0xf7, 0x4b, 0x99, 0xf9, 0x7d, 0xae, 0x6b, 0x7e, 0x8f, 0xd1, 0x31, 0xcb, 0x29, 0x19, 0x7d, 0xbf,
+	0x8d, 0x85, 0x83, 0x7d, 0x12, 0xcc, 0x4a, 0x7a, 0xa3, 0xed, 0x45, 0x24, 0x5e, 0x8d, 0xda, 0x81,
+	0x17, 0x6c, 0xb2, 0x29, 0x5b, 0x35, 0xad, 0xa4, 0x14, 0x18, 0x67, 0xf1, 0xe9, 0xc6, 0x9f, 0xce,
+	0x8b, 0x9b, 0xce, 0x0e, 0x9f, 0x79, 0x46, 0x61, 0xcc, 0xba, 0x68, 0xc7, 0x0a, 0x03, 0x6d, 0xc1,
+	0xe3, 0x92, 0xc0, 0x02, 0xf1, 0x09, 0x7d, 0x21, 0x16, 0x55, 0x18, 0x35, 0x79, 0xcc, 0x3f, 0x0f,
+	0x0c, 0xf9, 0x7a, 0x41, 0xe1, 0x71, 0xbc, 0x0f, 0x2e, 0xde, 0x97, 0x92, 0xfd, 0x65, 0x16, 0x47,
+	0x60, 0x94, 0x6e, 0xa0, 0xb3, 0xcf, 0xf7, 0x9a, 0x9e, 0xac, 0xdf, 0xa9, 0x66, 0xdf, 0x12, 0x6d,
+	0xc4, 0x1c, 0x86, 0x6e, 0xc3, 0xd0, 0x3a, 0xbf, 0xff, 0xbd, 0x98, 0x7b, 0x97, 0xc4, 0x65, 0xf2,
+	0xac, 0x76, 0xb7, 0xbc, 0x59, 0xfe, 0xae, 0xfe, 0x89, 0x25, 0x37, 0xfb, 0x77, 0x2a, 0x30, 0x2e,
+	0x63, 0xbd, 0x2e, 0x7b, 0x31, 0x0b, 0x0f, 0x30, 0x2f, 0x34, 0x28, 0x1d, 0x78, 0xa1, 0xc1, 0x47,
+	0x00, 0x1a, 0xa4, 0xe5, 0x87, 0x1d, 0x66, 0x1c, 0x0e, 0x1c, 0xda, 0x38, 0x54, 0xfb, 0x89, 0x05,
+	0x45, 0x05, 0x1b, 0x14, 0x45, 0xd1, 0x52, 0x7e, 0x3f, 0x42, 0xa6, 0x68, 0xa9, 0x71, 0x3b, 0xdb,
+	0xe0, 0xfd, 0xbd, 0x9d, 0xcd, 0x83, 0x71, 0xde, 0x45, 0x55, 0x20, 0xe1, 0x1e, 0xea, 0x20, 0xb0,
+	0x14, 0xb3, 0x85, 0x34, 0x19, 0x9c, 0xa5, 0x6b, 0x5e, 0xbd, 0x56, 0xbd, 0xdf, 0x57, 0xaf, 0xbd,
+	0x1f, 0x6a, 0xf2, 0x3b, 0xc7, 0x93, 0x35, 0x5d, 0xbc, 0x47, 0x4e, 0x83, 0x18, 0x6b, 0x78, 0x57,
+	0xad, 0x17, 0x78, 0x50, 0xb5, 0x5e, 0xec, 0xb7, 0xcb, 0x74, 0x57, 0xc1, 0xfb, 0x75, 0xe8, 0x9b,
+	0x0b, 0x2f, 0x1b, 0x37, 0x17, 0x1e, 0xee, 0x7b, 0x56, 0x33, 0x37, 0x1c, 0x3e, 0x0e, 0x03, 0x89,
+	0xb3, 0x29, 0x33, 0x62, 0x19, 0x74, 0xcd, 0xd9, 0x8c, 0x31, 0x6b, 0x3d, 0x4c, 0x8d, 0xe7, 0x97,
+	0x61, 0x34, 0xf6, 0x36, 0x03, 0x27, 0x69, 0x47, 0xc4, 0x38, 0x4c, 0xd4, 0x11, 0x33, 0x26, 0x10,
+	0xa7, 0x71, 0xd1, 0x27, 0x2d, 0x80, 0x88, 0xa8, 0x3d, 0xcb, 0x60, 0x11, 0x73, 0x48, 0x89, 0x01,
+	0x49, 0xd7, 0xac, 0xd1, 0xa1, 0xf6, 0x2a, 0x06, 0x5b, 0xfb, 0xd3, 0x16, 0x4c, 0x74, 0x3d, 0x85,
+	0x5a, 0x30, 0xe8, 0xb2, 0xfb, 0x25, 0x8b, 0xa9, 0x4b, 0x99, 0xbe, 0xab, 0x92, 0x2b, 0x27, 0xde,
+	0x86, 0x05, 0x1f, 0xfb, 0x97, 0x47, 0xe0, 0x54, 0x7d, 0x7e, 0x59, 0xde, 0x4a, 0x74, 0x6c, 0x29,
+	0xbe, 0x79, 0x3c, 0xee, 0x5f, 0x8a, 0x6f, 0x0f, 0xee, 0xbe, 0x91, 0xe2, 0xeb, 0x1b, 0x29, 0xbe,
+	0xe9, 0x7c, 0xcb, 0x72, 0x11, 0xf9, 0x96, 0x79, 0x3d, 0xe8, 0x27, 0xdf, 0xf2, 0xd8, 0x72, 0x7e,
+	0xf7, 0xed, 0xd0, 0xa1, 0x72, 0x7e, 0x55, 0x42, 0x74, 0x21, 0xe9, 0x5d, 0x3d, 0x3e, 0x55, 0x6e,
+	0x42, 0xb4, 0x4a, 0x46, 0xe5, 0xa9, 0x8b, 0x42, 0xe9, 0xbd, 0x56, 0x7c, 0x07, 0xfa, 0x48, 0x46,
+	0x15, 0xd9, 0x93, 0x66, 0x02, 0xf4, 0x50, 0x11, 0x09, 0xd0, 0x79, 0xdd, 0x39, 0x30, 0x01, 0xfa,
+	0x65, 0x18, 0x75, 0xfd, 0x30, 0x20, 0xab, 0x51, 0x98, 0x84, 0x6e, 0x28, 0x6f, 0xf3, 0xd6, 0x17,
+	0x33, 0x9a, 0x40, 0x9c, 0xc6, 0xed, 0x95, 0x3d, 0x5d, 0x3b, 0x6a, 0xf6, 0x34, 0x3c, 0xa0, 0xec,
+	0x69, 0x23, 0x3f, 0x78, 0xb8, 0x88, 0xfc, 0xe0, 0xbc, 0x2f, 0xd2, 0x57, 0x7e, 0xf0, 0x3b, 0xfc,
+	0x32, 0x7b, 0xba, 0x19, 0xe1, 0x52, 0x98, 0x1d, 0xd1, 0x0d, 0x9f, 0x7f, 0xfd, 0x18, 0x26, 0xec,
+	0xcd, 0xba, 0x66, 0xa3, 0x2e, 0xb8, 0xd7, 0x4d, 0x38, 0xdd, 0x91, 0xa3, 0xe4, 0x14, 0xff, 0x78,
+	0x09, 0xbe, 0xee, 0xc0, 0x2e, 0xa0, 0xdb, 0x00, 0x89, 0xb3, 0x29, 0x26, 0xaa, 0x38, 0xc8, 0x3a,
+	0x62, 0x90, 0xef, 0x9a, 0xa4, 0x27, 0xf2, 0xdd, 0x14, 0x79, 0x6c, 0xb0, 0x62, 0xb1, 0xbd, 0xa1,
+	0xdf, 0x55, 0x52, 0x1a, 0x87, 0x3e, 0xc1, 0x0c, 0x42, 0x0d, 0xa1, 0x88, 0x6c, 0x52, 0xe3, 0xbe,
+	0x9c, 0x36, 0x84, 0x30, 0x6b, 0xc5, 0x02, 0x8a, 0x5e, 0x84, 0x61, 0xc7, 0xf7, 0x79, 0xee, 0x1d,
+	0x89, 0xc5, 0x8d, 0xa9, 0xba, 0x90, 0xac, 0x06, 0x61, 0x13, 0xcf, 0xfe, 0xb3, 0x12, 0x4c, 0x1d,
+	0x20, 0x53, 0xba, 0x72, 0xae, 0x2b, 0x7d, 0xe7, 0x5c, 0x8b, 0xdc, 0xa1, 0xc1, 0x1e, 0xb9, 0x43,
+	0x2f, 0xc2, 0x70, 0x42, 0x9c, 0xa6, 0x08, 0x0b, 0xcc, 0xd6, 0x47, 0x5c, 0xd3, 0x20, 0x6c, 0xe2,
+	0x51, 0x29, 0x36, 0xe6, 0xb8, 0x2e, 0x89, 0x63, 0x99, 0x1c, 0x24, 0xbc, 0xdc, 0x85, 0x65, 0x1e,
+	0xb1, 0xc3, 0x83, 0xd9, 0x14, 0x0b, 0x9c, 0x61, 0x99, 0x1d, 0xf0, 0x5a, 0x9f, 0x03, 0xfe, 0x53,
+	0x25, 0x78, 0x62, 0x5f, 0xed, 0xd6, 0x77, 0xde, 0x56, 0x3b, 0x26, 0x51, 0x76, 0xe2, 0x5c, 0x8f,
+	0x49, 0x84, 0x19, 0x84, 0x8f, 0x52, 0xab, 0xa5, 0x42, 0xba, 0x8b, 0x4f, 0x74, 0xe4, 0xa3, 0x94,
+	0x62, 0x81, 0x33, 0x2c, 0xef, 0x75, 0x5a, 0xfe, 0xce, 0x00, 0x3c, 0xd5, 0x87, 0x0d, 0x50, 0x60,
+	0x42, 0x68, 0x3a, 0xd9, 0xb9, 0xfc, 0x80, 0x92, 0x9d, 0xef, 0x6d, 0xb8, 0xde, 0xcd, 0x91, 0xee,
+	0x2b, 0xf1, 0xf4, 0xcb, 0x25, 0x38, 0xdb, 0xdb, 0x60, 0x41, 0xdf, 0x06, 0xe3, 0x91, 0x8a, 0x0f,
+	0x34, 0xf3, 0xa4, 0x4f, 0x72, 0x1f, 0x57, 0x0a, 0x84, 0xb3, 0xb8, 0x68, 0x1a, 0xa0, 0xe5, 0x24,
+	0x5b, 0xf1, 0x85, 0x5d, 0x2f, 0x4e, 0x44, 0x61, 0xb9, 0x31, 0x7e, 0xf2, 0x2a, 0x5b, 0xb1, 0x81,
+	0x41, 0xd9, 0xb1, 0x7f, 0x0b, 0xe1, 0xb5, 0x30, 0xe1, 0x0f, 0xf1, 0xad, 0xe7, 0x49, 0x79, 0x0d,
+	0xa3, 0x01, 0xc2, 0x59, 0x5c, 0xca, 0x8e, 0x9d, 0xed, 0xf3, 0x8e, 0x0e, 0xe8, 0xcc, 0xea, 0x25,
+	0xd5, 0x8a, 0x0d, 0x8c, 0x6c, 0x06, 0x78, 0xe5, 0xe0, 0x0c, 0x70, 0xfb, 0x5f, 0x96, 0xe0, 0x4c,
+	0x4f, 0x83, 0xb7, 0x3f, 0x31, 0xf5, 0xf0, 0x65, 0x61, 0xdf, 0xe3, 0x0a, 0x3b, 0x54, 0xf6, 0xae,
+	0xfd, 0x47, 0x3d, 0x66, 0x9a, 0xc8, 0xcc, 0xbd, 0xf7, 0x22, 0x26, 0x0f, 0xdf, 0x78, 0x76, 0x25,
+	0xe3, 0x0e, 0x1c, 0x22, 0x19, 0x37, 0xf3, 0x31, 0x2a, 0x7d, 0x6a, 0x87, 0xff, 0x36, 0xd0, 0x73,
+	0x78, 0xe9, 0x06, 0xb9, 0xaf, 0x13, 0x84, 0x05, 0x38, 0xe1, 0x05, 0xec, 0x62, 0xdd, 0x7a, 0x7b,
+	0x5d, 0xd4, 0x1a, 0xe3, 0x05, 0x75, 0x55, 0x2a, 0xcc, 0x62, 0x06, 0x8e, 0xbb, 0x9e, 0x78, 0x08,
+	0x93, 0xa3, 0xef, 0x6d, 0x48, 0x0f, 0x29, 0xb9, 0x57, 0xe0, 0xb4, 0x1c, 0x8a, 0x2d, 0x27, 0x22,
+	0x0d, 0xa1, 0x6c, 0x63, 0x91, 0xfc, 0x74, 0x86, 0x27, 0x50, 0xe5, 0x20, 0xe0, 0xfc, 0xe7, 0xd8,
+	0x2d, 0xa8, 0x61, 0xcb, 0x73, 0xc5, 0x56, 0x50, 0xdf, 0x82, 0x4a, 0x1b, 0x31, 0x87, 0x69, 0x7d,
+	0x51, 0xbb, 0x3f, 0xfa, 0xe2, 0x23, 0x50, 0x53, 0xe3, 0xcd, 0x13, 0x1c, 0xd4, 0x24, 0xef, 0x4a,
+	0x70, 0x50, 0x33, 0xdc, 0xc0, 0xa2, 0xb3, 0x83, 0x6e, 0x54, 0x32, 0xab, 0x95, 0xf2, 0xa3, 0xed,
+	0xf6, 0xf3, 0x30, 0xa2, 0x7c, 0x81, 0xfd, 0xde, 0x45, 0x6b, 0xff, 0x65, 0x09, 0x32, 0xd7, 0xae,
+	0xa1, 0x5d, 0xa8, 0x35, 0xe4, 0x35, 0xfe, 0xc5, 0x14, 0x74, 0x5e, 0x90, 0xe4, 0xf4, 0x41, 0x98,
+	0x6a, 0xc2, 0x9a, 0x19, 0x7a, 0x8b, 0xd7, 0x4e, 0x16, 0xac, 0x4b, 0x45, 0x24, 0xc8, 0xd7, 0x15,
+	0x3d, 0xf3, 0xb2, 0x49, 0xd9, 0x86, 0x0d, 0x7e, 0x28, 0x81, 0xda, 0x96, 0xbc, 0x5e, 0xae, 0x18,
+	0x71, 0xa7, 0x6e, 0xab, 0xe3, 0x26, 0x9a, 0xfa, 0x8b, 0x35, 0x23, 0xfb, 0x0f, 0x4b, 0x70, 0x2a,
+	0xfd, 0x01, 0xc4, 0xc1, 0xe5, 0xcf, 0x58, 0xf0, 0xa8, 0xef, 0xc4, 0x49, 0xbd, 0xcd, 0x36, 0x0a,
+	0x1b, 0x6d, 0x7f, 0x25, 0x53, 0x66, 0xfb, 0xa8, 0xce, 0x16, 0x45, 0x38, 0x7b, 0x1d, 0xe1, 0xdc,
+	0x63, 0x77, 0xf6, 0xa6, 0x1e, 0x5d, 0xca, 0x67, 0x8e, 0x7b, 0xf5, 0x0a, 0xbd, 0x6d, 0xc1, 0x09,
+	0xb7, 0x1d, 0x45, 0x24, 0x48, 0x74, 0x57, 0xf9, 0x57, 0xbc, 0x56, 0xc8, 0x40, 0xea, 0x0e, 0x9e,
+	0xa2, 0x02, 0x75, 0x3e, 0xc3, 0x0b, 0x77, 0x71, 0xb7, 0x7f, 0x88, 0x6a, 0xce, 0x9e, 0xef, 0xf9,
+	0xd7, 0xec, 0xfe, 0xc4, 0x3f, 0x19, 0x84, 0xd1, 0x54, 0x2d, 0xf1, 0xd4, 0x61, 0x9f, 0x75, 0xe0,
+	0x61, 0x1f, 0x4b, 0xd7, 0x6b, 0x07, 0xf2, 0x6a, 0x79, 0x23, 0x5d, 0xaf, 0x1d, 0x10, 0xcc, 0x61,
+	0x62, 0x48, 0x71, 0x3b, 0x10, 0xb9, 0x00, 0xe6, 0x90, 0xe2, 0x76, 0x80, 0x05, 0x14, 0x7d, 0xdc,
+	0x82, 0x11, 0xb6, 0xf8, 0xc4, 0x51, 0xa9, 0x50, 0x68, 0x57, 0x0a, 0x58, 0xee, 0xb2, 0x6e, 0x3e,
+	0x8b, 0x1d, 0x35, 0x5b, 0x70, 0x8a, 0x23, 0xfa, 0x94, 0x05, 0x35, 0x75, 0x8f, 0xad, 0x38, 0x1b,
+	0xa9, 0x17, 0x5b, 0xaa, 0x3d, 0x23, 0xf5, 0x54, 0xcd, 0x6c, 0xac, 0x19, 0xa3, 0x58, 0x9d, 0x63,
+	0x0e, 0x1d, 0xcf, 0x39, 0x26, 0xe4, 0x9c, 0x61, 0xbe, 0x1f, 0x6a, 0x4d, 0x27, 0xf0, 0x36, 0x48,
+	0x9c, 0xf0, 0xa3, 0x45, 0x79, 0x33, 0x87, 0x6c, 0xc4, 0x1a, 0x4e, 0x8d, 0xfd, 0x98, 0xbd, 0x58,
+	0x62, 0x9c, 0x05, 0x32, 0x63, 0xbf, 0xae, 0x9b, 0xb1, 0x89, 0x63, 0x1e, 0x5c, 0xc2, 0x03, 0x3d,
+	0xb8, 0x1c, 0x3e, 0xe0, 0xe0, 0xb2, 0x0e, 0xa7, 0x9d, 0x76, 0x12, 0x5e, 0x26, 0x8e, 0x3f, 0x9b,
+	0x24, 0xa4, 0xd9, 0x4a, 0x62, 0x5e, 0x7e, 0x7e, 0x84, 0xb9, 0x80, 0x55, 0xb4, 0x5b, 0x9d, 0xf8,
+	0x1b, 0x5d, 0x48, 0x38, 0xff, 0x59, 0xfb, 0x9f, 0x5b, 0x70, 0x3a, 0x77, 0x2a, 0x3c, 0xbc, 0x79,
+	0x06, 0xf6, 0x8f, 0x54, 0xe0, 0x64, 0xce, 0x4d, 0x03, 0xa8, 0x63, 0x2e, 0x12, 0xab, 0x88, 0x90,
+	0xbd, 0x74, 0x04, 0x9a, 0xfc, 0x36, 0x39, 0x2b, 0xe3, 0x70, 0xb1, 0x08, 0x3a, 0x1e, 0xa0, 0x7c,
+	0x7f, 0xe3, 0x01, 0x8c, 0xb9, 0x3e, 0xf0, 0x40, 0xe7, 0x7a, 0xe5, 0x80, 0xb9, 0xfe, 0xb3, 0x16,
+	0x4c, 0x36, 0x7b, 0x5c, 0x1b, 0x26, 0xce, 0x93, 0x6e, 0x1c, 0xcf, 0xa5, 0x64, 0x73, 0x8f, 0xdf,
+	0xd9, 0x9b, 0xea, 0x79, 0x5b, 0x1b, 0xee, 0xd9, 0x2b, 0xfb, 0x2b, 0x65, 0x60, 0xf6, 0x1a, 0xab,
+	0x26, 0xdd, 0x41, 0x1f, 0x33, 0x2f, 0x2c, 0xb1, 0x8a, 0xba, 0x5c, 0x83, 0x13, 0x57, 0x17, 0x9e,
+	0xf0, 0x11, 0xcc, 0xbb, 0xff, 0x24, 0x2b, 0x09, 0x4b, 0x7d, 0x48, 0x42, 0x5f, 0xde, 0x0c, 0x53,
+	0x2e, 0xfe, 0x66, 0x98, 0x5a, 0xf6, 0x56, 0x98, 0xfd, 0x3f, 0xf1, 0xc0, 0x43, 0xf9, 0x89, 0x7f,
+	0xd5, 0xe2, 0x82, 0x27, 0xf3, 0x15, 0xb4, 0xb9, 0x61, 0xed, 0x63, 0x6e, 0x3c, 0x03, 0xd5, 0x58,
+	0x48, 0x66, 0x61, 0x96, 0xe8, 0x50, 0x30, 0xd1, 0x8e, 0x15, 0x06, 0xdd, 0x75, 0x39, 0xbe, 0x1f,
+	0xde, 0xbe, 0xd0, 0x6c, 0x25, 0x1d, 0x61, 0xa0, 0xa8, 0x6d, 0xc1, 0xac, 0x82, 0x60, 0x03, 0x0b,
+	0x7d, 0x03, 0x0c, 0xf1, 0xb2, 0x0f, 0x0d, 0xe1, 0xdd, 0x19, 0xa6, 0x0b, 0x91, 0x17, 0x85, 0x68,
+	0x60, 0x09, 0xb3, 0xb7, 0xc0, 0xd8, 0x57, 0xdc, 0xfb, 0xed, 0xd4, 0x07, 0x5f, 0x38, 0x69, 0xff,
+	0x83, 0x92, 0x60, 0xc5, 0xf7, 0x09, 0x3a, 0x36, 0xd0, 0x3a, 0x64, 0x6c, 0xe0, 0x5b, 0x00, 0x6e,
+	0xd8, 0x6c, 0xd1, 0x9d, 0xf3, 0x5a, 0x58, 0xcc, 0x76, 0x6b, 0x5e, 0xd1, 0xd3, 0xe3, 0xaa, 0xdb,
+	0xb0, 0xc1, 0x2f, 0x25, 0xdc, 0xcb, 0x07, 0x0a, 0xf7, 0x94, 0x9c, 0x1b, 0xd8, 0x5f, 0xce, 0xd9,
+	0x7f, 0x66, 0x41, 0xca, 0xee, 0x43, 0x2d, 0xa8, 0xd0, 0xee, 0x76, 0x84, 0xc8, 0x58, 0x29, 0xce,
+	0xc8, 0xa4, 0xb2, 0x5a, 0xac, 0x43, 0xf6, 0x13, 0x73, 0x46, 0xc8, 0x17, 0x71, 0x90, 0x85, 0x6c,
+	0x7f, 0x4c, 0x86, 0x97, 0xc3, 0x70, 0x9b, 0x87, 0x13, 0xe9, 0x98, 0x4a, 0xfb, 0x25, 0x98, 0xe8,
+	0xea, 0x14, 0xbb, 0xd1, 0x3a, 0x94, 0x7b, 0x78, 0x63, 0xfd, 0xb0, 0xfa, 0x0b, 0x98, 0xc3, 0xec,
+	0x2f, 0x5b, 0x70, 0x22, 0x4b, 0x1e, 0xbd, 0x63, 0xc1, 0x44, 0x9c, 0xa5, 0x77, 0x5c, 0x63, 0xa7,
+	0xf2, 0x1d, 0xba, 0x40, 0xb8, 0xbb, 0x13, 0xf6, 0xff, 0x14, 0xfa, 0xe0, 0xa6, 0x17, 0x34, 0xc2,
+	0xdb, 0xca, 0x52, 0xb2, 0x7a, 0x5a, 0x4a, 0x54, 0x40, 0xb8, 0x5b, 0xa4, 0xd1, 0xf6, 0xbb, 0xaa,
+	0x42, 0xd4, 0x45, 0x3b, 0x56, 0x18, 0x2c, 0x09, 0xbe, 0x2d, 0x76, 0xae, 0x99, 0x49, 0xb9, 0x20,
+	0xda, 0xb1, 0xc2, 0x40, 0x2f, 0xc0, 0x88, 0xf1, 0x92, 0x72, 0x5e, 0xb2, 0x6d, 0x87, 0xa1, 0xc3,
+	0x63, 0x9c, 0xc2, 0x42, 0xd3, 0x00, 0xca, 0xea, 0x92, 0x3a, 0x9b, 0xb9, 0xda, 0x95, 0x68, 0x8c,
+	0xb1, 0x81, 0xc1, 0x4a, 0x4e, 0xf8, 0xed, 0x98, 0x9d, 0x25, 0x0f, 0xea, 0xfb, 0x15, 0xe6, 0x45,
+	0x1b, 0x56, 0x50, 0x2a, 0xde, 0x9a, 0x4e, 0xd0, 0x76, 0x7c, 0x3a, 0x42, 0xc2, 0x79, 0xa6, 0x96,
+	0xe1, 0xb2, 0x82, 0x60, 0x03, 0x8b, 0xbe, 0x71, 0xe2, 0x35, 0xc9, 0xab, 0x61, 0x20, 0xe3, 0xd4,
+	0x75, 0x78, 0x81, 0x68, 0xc7, 0x0a, 0x03, 0xbd, 0x04, 0xc3, 0x4e, 0xd0, 0xe0, 0x26, 0x62, 0x18,
+	0x89, 0x53, 0x4a, 0xb5, 0xff, 0xbc, 0x1e, 0x93, 0x59, 0x0d, 0xc5, 0x26, 0x6a, 0xf6, 0x72, 0x09,
+	0xe8, 0xf3, 0xf2, 0xba, 0x3f, 0xb5, 0x60, 0x5c, 0xd7, 0x10, 0x62, 0x3e, 0xb6, 0x94, 0x73, 0xd1,
+	0x3a, 0xd0, 0xb9, 0x98, 0x2e, 0x25, 0x52, 0xea, 0xab, 0x94, 0x88, 0x59, 0xe5, 0xa3, 0xbc, 0x6f,
+	0x95, 0x8f, 0x6f, 0x80, 0xa1, 0x6d, 0xd2, 0x31, 0xca, 0x81, 0x30, 0xed, 0x70, 0x95, 0x37, 0x61,
+	0x09, 0x43, 0x36, 0x0c, 0xba, 0x8e, 0x2a, 0x29, 0x38, 0x22, 0xa2, 0xd3, 0x66, 0x19, 0x92, 0x80,
+	0xd8, 0x2b, 0x50, 0x53, 0xc7, 0xfa, 0xd2, 0xd7, 0x67, 0xe5, 0xfb, 0xfa, 0xfa, 0xba, 0x06, 0x7f,
+	0x6e, 0xfd, 0x37, 0xbe, 0xfa, 0xe4, 0x7b, 0x7e, 0xfb, 0xab, 0x4f, 0xbe, 0xe7, 0x0f, 0xbe, 0xfa,
+	0xe4, 0x7b, 0x3e, 0x7e, 0xe7, 0x49, 0xeb, 0x37, 0xee, 0x3c, 0x69, 0xfd, 0xf6, 0x9d, 0x27, 0xad,
+	0x3f, 0xb8, 0xf3, 0xa4, 0xf5, 0x95, 0x3b, 0x4f, 0x5a, 0x6f, 0xff, 0xd7, 0x27, 0xdf, 0xf3, 0x6a,
+	0x6e, 0x66, 0x04, 0xfd, 0xf1, 0xac, 0xdb, 0x98, 0xd9, 0x79, 0x9e, 0x05, 0xe7, 0xd3, 0xf5, 0x3c,
+	0x63, 0x4c, 0xe2, 0x19, 0xb9, 0x9e, 0xff, 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xed, 0xc0, 0x00,
+	0x36, 0x83, 0x00, 0x01, 0x00,
 }
 
 func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) {
diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto
index be11b3ac327b5..6475945a90ab5 100644
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -2626,7 +2626,7 @@ message SyncPolicyAutomated {
   optional bool allowEmpty = 3;
 
   // Enable allows apps to explicitly control automated sync
-  optional bool enable = 4;
+  optional bool enabled = 4;
 }
 
 // SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index c9ed8e8f9eb7f..793f49eb5654c 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -1532,7 +1532,7 @@ type SyncPolicyAutomated struct {
 	// AllowEmpty allows apps have zero live resources (default: false)
 	AllowEmpty bool `json:"allowEmpty,omitempty" protobuf:"bytes,3,opt,name=allowEmpty"`
 	// Enable allows apps to explicitly control automated sync
-	Enabled *bool `json:"enabled,omitempty" protobuf:"bytes,4,opt,name=enable"`
+	Enabled *bool `json:"enabled,omitempty" protobuf:"bytes,4,opt,name=enabled"`
 }
 
 // SyncStrategy controls the manner in which a sync is performed
diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx
index 10ccb032a3aae..fdebd9e2562a9 100644
--- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx
+++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx
@@ -221,7 +221,7 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh
                     <div className='application-status-panel__item-value__revision show-for-large'>{syncStatusMessage(application)}</div>
                 </div>
                 <div className='application-status-panel__item-name' style={{marginBottom: '0.5em'}}>
-                    {application.spec.syncPolicy?.automated ? 'Auto sync is enabled.' : 'Auto sync is not enabled.'}
+                    {application.spec.syncPolicy?.automated && application.spec.syncPolicy.automated.enabled !== false ? 'Auto sync is enabled.' : 'Auto sync is not enabled.'}
                 </div>
                 {application.status &&
                     application.status.sync &&
diff --git a/ui/src/app/applications/components/application-summary/application-auto-sync.test.tsx b/ui/src/app/applications/components/application-summary/application-auto-sync.test.tsx
new file mode 100644
index 0000000000000..44b274538dad3
--- /dev/null
+++ b/ui/src/app/applications/components/application-summary/application-auto-sync.test.tsx
@@ -0,0 +1,47 @@
+import { Application } from '../../../shared/models';
+
+function isAutoSyncEnabled(app: Application): boolean {
+  return !!(app.spec.syncPolicy?.automated && app.spec.syncPolicy.automated.enabled !== false);
+}
+
+test('automated.enabled is true, return to `true`.', () => {
+  const enabledApp = {
+    spec: {
+      syncPolicy: {
+        automated: { enabled: true }
+      }
+    }
+  } as Application;
+
+  expect(isAutoSyncEnabled(enabledApp)).toBe(true);
+});
+
+test('automated.enabled is undefined, return to `true`.', () => {
+  const enabledApp = {
+    spec: {
+      syncPolicy: { automated: {} }
+    }
+  } as Application;
+
+  expect(isAutoSyncEnabled(enabledApp)).toBe(true);
+});
+
+test('automated.enabled is false, return to `false`.', () => {
+  const disabledApp = {
+    spec: {
+      syncPolicy: { automated: { enabled: false } }
+    }
+  } as Application;
+
+  expect(isAutoSyncEnabled(disabledApp)).toBe(false);
+});
+
+test('syncPolicy is nil, return to `false`', () => {
+  const noSyncPolicyApp = { spec: {} } as Application;
+  expect(isAutoSyncEnabled(noSyncPolicyApp)).toBe(false);
+});
+
+test('automated is nil, return to `false`.', () => {
+  const noAutomatedApp = { spec: { syncPolicy: {} } } as Application;
+  expect(isAutoSyncEnabled(noAutomatedApp)).toBe(false);
+});
diff --git a/ui/src/app/applications/components/application-summary/application-summary.tsx b/ui/src/app/applications/components/application-summary/application-summary.tsx
index b2abc19b9d05f..c5dbc8279025c 100644
--- a/ui/src/app/applications/components/application-summary/application-summary.tsx
+++ b/ui/src/app/applications/components/application-summary/application-summary.tsx
@@ -515,9 +515,13 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
                         <div className='white-box__details'>
                             <p>SYNC POLICY</p>
                             <div className='row white-box__details-row'>
-                                <div className='columns small-3'>{(app.spec.syncPolicy && app.spec.syncPolicy.automated && <span>AUTOMATED</span>) || <span>NONE</span>}</div>
+                                <div className='columns small-3'>
+                                    {(app.spec.syncPolicy && app.spec.syncPolicy.automated && app.spec.syncPolicy.automated.enabled !== false && <span>AUTOMATED</span>) || (
+                                        <span>NONE</span>
+                                    )}
+                                </div>
                                 <div className='columns small-9'>
-                                    {(app.spec.syncPolicy && app.spec.syncPolicy.automated && (
+                                    {(app.spec.syncPolicy && app.spec.syncPolicy.automated && app.spec.syncPolicy.automated.enabled !== false && (
                                         <button className='argo-button argo-button--base' onClick={() => unsetAutoSync(ctx)}>
                                             <Spinner show={changeSync} style={{marginRight: '5px'}} />
                                             Disable Auto-Sync
diff --git a/ui/src/app/applications/components/applications-list/applications-filter.test.tsx b/ui/src/app/applications/components/applications-list/applications-filter.test.tsx
new file mode 100644
index 0000000000000..ef38f78049781
--- /dev/null
+++ b/ui/src/app/applications/components/applications-list/applications-filter.test.tsx
@@ -0,0 +1,46 @@
+import { getAutoSyncStatus } from './applications-filter';
+import { SyncPolicy } from '../../../shared/models';
+
+const AUTO_SYNC_ENABLED = 'Enabled';
+const AUTO_SYNC_DISABLED = 'Disabled';
+
+test('automated.enabled is true, return to `Enabled`.', () => {
+    const syncPolicy = {
+        automated: {
+            enabled: true,
+            prune: false,
+            selfHeal: false
+        }
+    } as SyncPolicy;
+
+    expect(getAutoSyncStatus(syncPolicy)).toBe(AUTO_SYNC_ENABLED);
+});
+
+test('automated.enabled is undefined, return to `Enabled`.', () => {
+    const syncPolicy = {
+        automated: {}
+    } as unknown as SyncPolicy;
+
+    expect(getAutoSyncStatus(syncPolicy)).toBe(AUTO_SYNC_ENABLED);
+});
+
+test('automated.enabled is false, return to `Disabled`.', () => {
+    const syncPolicy = {
+        automated: {
+            enabled: false,
+            prune: false,
+            selfHeal: false
+        }
+    } as SyncPolicy;
+
+    expect(getAutoSyncStatus(syncPolicy)).toBe(AUTO_SYNC_DISABLED);
+});
+
+test('syncPolicy is nil, return to `Disabled`', () => {
+    expect(getAutoSyncStatus(undefined)).toBe(AUTO_SYNC_DISABLED);
+});
+
+test('automated is nil, return to `Disabled`.', () => {
+    const syncPolicy = {} as SyncPolicy;
+    expect(getAutoSyncStatus(syncPolicy)).toBe(AUTO_SYNC_DISABLED);
+});
diff --git a/ui/src/app/applications/components/applications-list/applications-filter.tsx b/ui/src/app/applications/components/applications-list/applications-filter.tsx
index c35aba2d9a0b1..a2d930d837c62 100644
--- a/ui/src/app/applications/components/applications-list/applications-filter.tsx
+++ b/ui/src/app/applications/components/applications-list/applications-filter.tsx
@@ -25,8 +25,8 @@ export interface FilteredApp extends Application {
     filterResult: FilterResult;
 }
 
-function getAutoSyncStatus(syncPolicy?: SyncPolicy) {
-    if (!syncPolicy || !syncPolicy.automated) {
+export function getAutoSyncStatus(syncPolicy?: SyncPolicy) {
+    if (!syncPolicy || !syncPolicy.automated || syncPolicy.automated.enabled === false) {
         return 'Disabled';
     }
     return 'Enabled';

From a36786e20360c2eed3124affd142bca1c70f9ad3 Mon Sep 17 00:00:00 2001
From: pbhatnagar-oss <pbhatifiwork@gmail.com>
Date: Wed, 3 Sep 2025 11:04:15 -0700
Subject: [PATCH 341/383] feat(hydrator): Commit message templating (#23679)
 (#24204)

Signed-off-by: pbhatnagar-oss <pbhatifiwork@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 commitserver/commit/hydratorhelper.go      | 30 ++-----
 commitserver/commit/hydratorhelper_test.go |  7 +-
 controller/hydrator/hydrator.go            | 30 ++++++-
 controller/hydrator/hydrator_test.go       | 84 ++++++++++++++++++
 controller/hydrator/mocks/Dependencies.go  | 53 ++++++++++++
 controller/hydrator_dependencies.go        |  9 ++
 controller/hydrator_dependencies_test.go   | 44 ++++++++++
 docs/operator-manual/argocd-cm.yaml        | 19 +++++
 docs/user-guide/source-hydrator.md         | 28 ++++++
 util/hydrator/hydrator.go                  | 60 +++++++++++++
 util/hydrator/hydrator_test.go             | 74 ++++++++++++++++
 util/hydrator/template.go                  | 61 +++++++++++++
 util/hydrator/template_test.go             | 99 ++++++++++++++++++++++
 util/settings/settings.go                  | 28 ++++++
 14 files changed, 600 insertions(+), 26 deletions(-)
 create mode 100644 util/hydrator/hydrator.go
 create mode 100644 util/hydrator/hydrator_test.go
 create mode 100644 util/hydrator/template.go
 create mode 100644 util/hydrator/template_test.go

diff --git a/commitserver/commit/hydratorhelper.go b/commitserver/commit/hydratorhelper.go
index 8d8c55bd24a37..523b049a13d04 100644
--- a/commitserver/commit/hydratorhelper.go
+++ b/commitserver/commit/hydratorhelper.go
@@ -5,9 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 	"text/template"
-	"time"
 
 	"github.com/Masterminds/sprig/v3"
 	log "github.com/sirupsen/logrus"
@@ -17,7 +15,7 @@ import (
 	"github.com/argoproj/argo-cd/v3/commitserver/apiclient"
 	"github.com/argoproj/argo-cd/v3/common"
 	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/v3/util/git"
+	"github.com/argoproj/argo-cd/v3/util/hydrator"
 	"github.com/argoproj/argo-cd/v3/util/io"
 )
 
@@ -36,25 +34,13 @@ func init() {
 // WriteForPaths writes the manifests, hydrator.metadata, and README.md files for each path in the provided paths. It
 // also writes a root-level hydrator.metadata file containing the repo URL and dry SHA.
 func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *appv1.RevisionMetadata, paths []*apiclient.PathDetails) error { //nolint:revive //FIXME(var-naming)
-	author := ""
-	message := ""
-	date := ""
-	var references []appv1.RevisionReference
-	if dryCommitMetadata != nil {
-		author = dryCommitMetadata.Author
-		message = dryCommitMetadata.Message
-		if dryCommitMetadata.Date != nil {
-			date = dryCommitMetadata.Date.Format(time.RFC3339)
-		}
-		references = dryCommitMetadata.References
+	hydratorMetadata, err := hydrator.GetCommitMetadata(repoUrl, drySha, dryCommitMetadata)
+	if err != nil {
+		return fmt.Errorf("failed to retrieve hydrator metadata: %w", err)
 	}
 
-	subject, body, _ := strings.Cut(message, "\n\n")
-
-	_, bodyMinusTrailers := git.GetReferences(log.WithFields(log.Fields{"repo": repoUrl, "revision": drySha}), body)
-
 	// Write the top-level readme.
-	err := writeMetadata(root, "", hydratorMetadataFile{DrySHA: drySha, RepoURL: repoUrl, Author: author, Subject: subject, Body: bodyMinusTrailers, Date: date, References: references})
+	err = writeMetadata(root, "", hydratorMetadata)
 	if err != nil {
 		return fmt.Errorf("failed to write top-level hydrator metadata: %w", err)
 	}
@@ -86,7 +72,7 @@ func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *app
 		}
 
 		// Write hydrator.metadata containing information about the hydration process.
-		hydratorMetadata := hydratorMetadataFile{
+		hydratorMetadata := hydrator.HydratorCommitMetadata{
 			Commands: p.Commands,
 			DrySHA:   drySha,
 			RepoURL:  repoUrl,
@@ -106,7 +92,7 @@ func WriteForPaths(root *os.Root, repoUrl, drySha string, dryCommitMetadata *app
 }
 
 // writeMetadata writes the metadata to the hydrator.metadata file.
-func writeMetadata(root *os.Root, dirPath string, metadata hydratorMetadataFile) error {
+func writeMetadata(root *os.Root, dirPath string, metadata hydrator.HydratorCommitMetadata) error {
 	hydratorMetadataPath := filepath.Join(dirPath, "hydrator.metadata")
 	f, err := root.Create(hydratorMetadataPath)
 	if err != nil {
@@ -125,7 +111,7 @@ func writeMetadata(root *os.Root, dirPath string, metadata hydratorMetadataFile)
 }
 
 // writeReadme writes the readme to the README.md file.
-func writeReadme(root *os.Root, dirPath string, metadata hydratorMetadataFile) error {
+func writeReadme(root *os.Root, dirPath string, metadata hydrator.HydratorCommitMetadata) error {
 	readmeTemplate, err := template.New("readme").Funcs(sprigFuncMap).Parse(manifestHydrationReadmeTemplate)
 	if err != nil {
 		return fmt.Errorf("failed to parse readme template: %w", err)
diff --git a/commitserver/commit/hydratorhelper_test.go b/commitserver/commit/hydratorhelper_test.go
index 72ebb66779162..5838ee28b0307 100644
--- a/commitserver/commit/hydratorhelper_test.go
+++ b/commitserver/commit/hydratorhelper_test.go
@@ -18,6 +18,7 @@ import (
 
 	"github.com/argoproj/argo-cd/v3/commitserver/apiclient"
 	appsv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/hydrator"
 )
 
 // tempRoot creates a temporary directory and returns an os.Root object for it.
@@ -144,7 +145,7 @@ Argocd-reference-commit-sha: abc123
 func TestWriteMetadata(t *testing.T) {
 	root := tempRoot(t)
 
-	metadata := hydratorMetadataFile{
+	metadata := hydrator.HydratorCommitMetadata{
 		RepoURL: "https://github.com/example/repo",
 		DrySHA:  "abc123",
 	}
@@ -156,7 +157,7 @@ func TestWriteMetadata(t *testing.T) {
 	metadataBytes, err := os.ReadFile(metadataPath)
 	require.NoError(t, err)
 
-	var readMetadata hydratorMetadataFile
+	var readMetadata hydrator.HydratorCommitMetadata
 	err = json.Unmarshal(metadataBytes, &readMetadata)
 	require.NoError(t, err)
 	assert.Equal(t, metadata, readMetadata)
@@ -171,7 +172,7 @@ func TestWriteReadme(t *testing.T) {
 	hash := sha256.Sum256(randomData)
 	sha := hex.EncodeToString(hash[:])
 
-	metadata := hydratorMetadataFile{
+	metadata := hydrator.HydratorCommitMetadata{
 		RepoURL: "https://github.com/example/repo",
 		DrySHA:  "abc123",
 		References: []appsv1.RevisionReference{
diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go
index 2f27c1c76fb48..f9e139f7f5490 100644
--- a/controller/hydrator/hydrator.go
+++ b/controller/hydrator/hydrator.go
@@ -16,6 +16,7 @@ import (
 	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
 	applog "github.com/argoproj/argo-cd/v3/util/app/log"
 	"github.com/argoproj/argo-cd/v3/util/git"
+	"github.com/argoproj/argo-cd/v3/util/hydrator"
 	utilio "github.com/argoproj/argo-cd/v3/util/io"
 )
 
@@ -59,6 +60,9 @@ type Dependencies interface {
 	// AddHydrationQueueItem adds a hydration queue item to the queue. This is used to trigger the hydration process for
 	// a group of applications which are hydrating to the same repo and target branch.
 	AddHydrationQueueItem(key types.HydrationQueueKey)
+
+	// GetHydratorCommitMessageTemplate gets the configured template for rendering commit messages.
+	GetHydratorCommitMessageTemplate() (string, error)
 }
 
 // Hydrator is the main struct that implements the hydration logic. It uses the Dependencies interface to access the
@@ -340,13 +344,22 @@ func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string
 		}
 		logCtx.Warn("no credentials found for repo, continuing without credentials")
 	}
+	// get the commit message template
+	commitMessageTemplate, err := h.dependencies.GetHydratorCommitMessageTemplate()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get hydrated commit message template: %w", err)
+	}
+	commitMessage, errMsg := getTemplatedCommitMessage(repoURL, targetRevision, commitMessageTemplate, revisionMetadata)
+	if errMsg != nil {
+		return "", "", fmt.Errorf("failed to get hydrator commit templated message: %w", errMsg)
+	}
 
 	manifestsRequest := commitclient.CommitHydratedManifestsRequest{
 		Repo:              repo,
 		SyncBranch:        syncBranch,
 		TargetBranch:      targetBranch,
 		DrySha:            targetRevision,
-		CommitMessage:     "[Argo CD Bot] hydrate " + targetRevision,
+		CommitMessage:     commitMessage,
 		Paths:             paths,
 		DryCommitMetadata: revisionMetadata,
 	}
@@ -411,3 +424,18 @@ func appNeedsHydration(app *appv1.Application, statusHydrateTimeout time.Duratio
 
 	return false, ""
 }
+
+// Gets the multi-line commit message based on the template defined in the configmap. It is a two step process:
+// 1.  Get the metadata template engine would use to render the template
+// 2. Pass the output of Step 1 and Step 2 to template Render
+func getTemplatedCommitMessage(repoURL, revision, commitMessageTemplate string, dryCommitMetadata *appv1.RevisionMetadata) (string, error) {
+	hydratorCommitMetadata, err := hydrator.GetCommitMetadata(repoURL, revision, dryCommitMetadata)
+	if err != nil {
+		return "", fmt.Errorf("failed to get hydrated commit message: %w", err)
+	}
+	templatedCommitMsg, err := hydrator.Render(commitMessageTemplate, hydratorCommitMetadata)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse template %s: %w", commitMessageTemplate, err)
+	}
+	return templatedCommitMsg, nil
+}
diff --git a/controller/hydrator/hydrator_test.go b/controller/hydrator/hydrator_test.go
index d826eb7196c2c..f7587afdf8d55 100644
--- a/controller/hydrator/hydrator_test.go
+++ b/controller/hydrator/hydrator_test.go
@@ -13,8 +13,15 @@ import (
 	"github.com/argoproj/argo-cd/v3/controller/hydrator/mocks"
 	"github.com/argoproj/argo-cd/v3/controller/hydrator/types"
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/settings"
 )
 
+var message = `testn
+Argocd-reference-commit-repourl: https://github.com/test/argocd-example-apps
+Argocd-reference-commit-author: Argocd-reference-commit-author
+Argocd-reference-commit-subject: testhydratormd
+Signed-off-by: testUser <test@gmail.com>`
+
 func Test_appNeedsHydration(t *testing.T) {
 	t.Parallel()
 
@@ -167,3 +174,80 @@ func Test_getRelevantAppsForHydration_RepoURLNormalization(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, relevantApps, 2, "Expected both apps to be considered relevant despite URL differences")
 }
+
+func TestHydrator_getTemplatedCommitMessage(t *testing.T) {
+	references := make([]v1alpha1.RevisionReference, 0)
+	revReference := v1alpha1.RevisionReference{
+		Commit: &v1alpha1.CommitMetadata{
+			Author:  "testAuthor",
+			Subject: "test",
+			RepoURL: "https://github.com/test/argocd-example-apps",
+			SHA:     "3ff41cc5247197a6caf50216c4c76cc29d78a97c",
+		},
+	}
+	references = append(references, revReference)
+	type args struct {
+		repoURL           string
+		revision          string
+		dryCommitMetadata *v1alpha1.RevisionMetadata
+		template          string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{
+			name: "test template",
+			args: args{
+				repoURL:  "https://github.com/test/argocd-example-apps",
+				revision: "3ff41cc5247197a6caf50216c4c76cc29d78a97d",
+				dryCommitMetadata: &v1alpha1.RevisionMetadata{
+					Author: "test test@test.com",
+					Date: &metav1.Time{
+						Time: metav1.Now().Time,
+					},
+					Message:    message,
+					References: references,
+				},
+				template: settings.CommitMessageTemplate,
+			},
+			want: `3ff41cc: testn
+Argocd-reference-commit-repourl: https://github.com/test/argocd-example-apps
+Argocd-reference-commit-author: Argocd-reference-commit-author
+Argocd-reference-commit-subject: testhydratormd
+Signed-off-by: testUser <test@gmail.com>
+
+Co-authored-by: testAuthor
+Co-authored-by: test test@test.com
+`,
+		},
+		{
+			name: "test empty template",
+			args: args{
+				repoURL:  "https://github.com/test/argocd-example-apps",
+				revision: "3ff41cc5247197a6caf50216c4c76cc29d78a97d",
+				dryCommitMetadata: &v1alpha1.RevisionMetadata{
+					Author: "test test@test.com",
+					Date: &metav1.Time{
+						Time: metav1.Now().Time,
+					},
+					Message:    message,
+					References: references,
+				},
+			},
+			want: "",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := getTemplatedCommitMessage(tt.args.repoURL, tt.args.revision, tt.args.template, tt.args.dryCommitMetadata)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Hydrator.getHydratorCommitMessage() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/controller/hydrator/mocks/Dependencies.go b/controller/hydrator/mocks/Dependencies.go
index 1e6b0aab2dc79..c8c5937d3b955 100644
--- a/controller/hydrator/mocks/Dependencies.go
+++ b/controller/hydrator/mocks/Dependencies.go
@@ -81,6 +81,59 @@ func (_c *Dependencies_AddHydrationQueueItem_Call) RunAndReturn(run func(key typ
 	return _c
 }
 
+// GetHydratorCommitMessageTemplate provides a mock function for the type Dependencies
+func (_mock *Dependencies) GetHydratorCommitMessageTemplate() (string, error) {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for GetHydratorCommitMessageTemplate")
+	}
+
+	var r0 string
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func() (string, error)); ok {
+		return returnFunc()
+	}
+	if returnFunc, ok := ret.Get(0).(func() string); ok {
+		r0 = returnFunc()
+	} else {
+		r0 = ret.Get(0).(string)
+	}
+	if returnFunc, ok := ret.Get(1).(func() error); ok {
+		r1 = returnFunc()
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// Dependencies_GetHydratorCommitMessageTemplate_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetHydratorCommitMessageTemplate'
+type Dependencies_GetHydratorCommitMessageTemplate_Call struct {
+	*mock.Call
+}
+
+// GetHydratorCommitMessageTemplate is a helper method to define mock.On call
+func (_e *Dependencies_Expecter) GetHydratorCommitMessageTemplate() *Dependencies_GetHydratorCommitMessageTemplate_Call {
+	return &Dependencies_GetHydratorCommitMessageTemplate_Call{Call: _e.mock.On("GetHydratorCommitMessageTemplate")}
+}
+
+func (_c *Dependencies_GetHydratorCommitMessageTemplate_Call) Run(run func()) *Dependencies_GetHydratorCommitMessageTemplate_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *Dependencies_GetHydratorCommitMessageTemplate_Call) Return(s string, err error) *Dependencies_GetHydratorCommitMessageTemplate_Call {
+	_c.Call.Return(s, err)
+	return _c
+}
+
+func (_c *Dependencies_GetHydratorCommitMessageTemplate_Call) RunAndReturn(run func() (string, error)) *Dependencies_GetHydratorCommitMessageTemplate_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
 // GetProcessableAppProj provides a mock function for the type Dependencies
 func (_mock *Dependencies) GetProcessableAppProj(app *v1alpha1.Application) (*v1alpha1.AppProject, error) {
 	ret := _mock.Called(app)
diff --git a/controller/hydrator_dependencies.go b/controller/hydrator_dependencies.go
index 7ae95d627494d..1e0e63954dc62 100644
--- a/controller/hydrator_dependencies.go
+++ b/controller/hydrator_dependencies.go
@@ -97,3 +97,12 @@ func (ctrl *ApplicationController) PersistAppHydratorStatus(orig *appv1.Applicat
 func (ctrl *ApplicationController) AddHydrationQueueItem(key types.HydrationQueueKey) {
 	ctrl.hydrationQueue.AddRateLimited(key)
 }
+
+func (ctrl *ApplicationController) GetHydratorCommitMessageTemplate() (string, error) {
+	sourceHydratorCommitMessageKey, err := ctrl.settingsMgr.GetSourceHydratorCommitMessageTemplate()
+	if err != nil {
+		return "", fmt.Errorf("failed to get sourceHydrator commit message template key: %w", err)
+	}
+
+	return sourceHydratorCommitMessageKey, nil
+}
diff --git a/controller/hydrator_dependencies_test.go b/controller/hydrator_dependencies_test.go
index 39d1872d435d2..0e73ff5237238 100644
--- a/controller/hydrator_dependencies_test.go
+++ b/controller/hydrator_dependencies_test.go
@@ -14,6 +14,7 @@ import (
 	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v3/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v3/test"
+	"github.com/argoproj/argo-cd/v3/util/settings"
 )
 
 func TestGetRepoObjs(t *testing.T) {
@@ -77,3 +78,46 @@ func TestGetRepoObjs(t *testing.T) {
 
 	assert.Equal(t, "ConfigMap", objs[0].GetKind())
 }
+
+func TestGetHydratorCommitMessageTemplate_WhenTemplateisNotDefined_FallbackToDefault(t *testing.T) {
+	cm := test.NewConfigMap()
+	cmBytes, _ := json.Marshal(cm)
+
+	data := fakeData{
+		manifestResponse: &apiclient.ManifestResponse{
+			Manifests: []string{string(cmBytes)},
+			Namespace: test.FakeDestNamespace,
+			Server:    test.FakeClusterURL,
+			Revision:  "abc123",
+		},
+	}
+
+	ctrl := newFakeControllerWithResync(&data, time.Minute, nil, errors.New("this should not be called"))
+
+	tmpl, err := ctrl.GetHydratorCommitMessageTemplate()
+	require.NoError(t, err)
+	assert.NotEmpty(t, tmpl) // should fallback to default
+	assert.Equal(t, settings.CommitMessageTemplate, tmpl)
+}
+
+func TestGetHydratorCommitMessageTemplate(t *testing.T) {
+	cm := test.NewFakeConfigMap()
+	cm.Data["sourceHydrator.commitMessageTemplate"] = settings.CommitMessageTemplate
+	cmBytes, _ := json.Marshal(cm)
+
+	data := fakeData{
+		manifestResponse: &apiclient.ManifestResponse{
+			Manifests: []string{string(cmBytes)},
+			Namespace: test.FakeDestNamespace,
+			Server:    test.FakeClusterURL,
+			Revision:  "abc123",
+		},
+		configMapData: cm.Data,
+	}
+
+	ctrl := newFakeControllerWithResync(&data, time.Minute, nil, errors.New("this should not be called"))
+
+	tmpl, err := ctrl.GetHydratorCommitMessageTemplate()
+	require.NoError(t, err)
+	assert.NotEmpty(t, tmpl)
+}
diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml
index 25b5119e73d2a..209a706048b29 100644
--- a/docs/operator-manual/argocd-cm.yaml
+++ b/docs/operator-manual/argocd-cm.yaml
@@ -439,3 +439,22 @@ data:
 
   # application.sync.impersonation.enabled enables application sync to use a custom service account, via impersonation. This allows decoupling sync from control-plane service account.
   application.sync.impersonation.enabled: "false"
+
+  ### SourceHydrator commit message template.
+  # This template iterates through the fields in the `.metadata` object,
+  # and formats them based on their type (map, array, or primitive values).
+  # This is the default template and targets specific metadata properties
+  sourceHydrator.commitMessageTemplate: |
+    {{.metadata.drySha | trunc 7}}: {{ .metadata.subject }}
+    {{- if .metadata.body }}
+    
+    {{ .metadata.body }}
+    {{- end }}
+    {{ range $ref := .metadata.references }}
+    {{- if and $ref.commit $ref.commit.author }}
+    Co-authored-by: {{ $ref.commit.author }}
+    {{- end }}
+    {{- end }}
+    {{- if .metadata.author }}
+    Co-authored-by: {{ .metadata.author }}
+    {{- end }}
diff --git a/docs/user-guide/source-hydrator.md b/docs/user-guide/source-hydrator.md
index 1a602d833b360..850b36f51d7d3 100644
--- a/docs/user-guide/source-hydrator.md
+++ b/docs/user-guide/source-hydrator.md
@@ -262,6 +262,34 @@ specified more than once, the last one will be used.
 
 All trailers are optional. If a trailer is not specified, the corresponding field in the metadata will be omitted.
 
+## Commit Message Template
+
+The commit message is generated using a [Go text/template](https://pkg.go.dev/text/template), optionally configured by the user via the argocd-cm ConfigMap. The template is rendered using the values from `hydrator.metadata`. The template can be multi-line, allowing users to define a subject line, body and optional trailers. To define the commit message template, you need to set the `sourceHydrator.commitMessageTemplate` field in argocd-cm ConfigMap.
+
+The template may functions from the [Sprig function library](https://github.com/Masterminds/sprig).
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  namespace: argocd
+data:
+  sourceHydrator.commitMessageTemplate: |
+    {{.metadata.drySha | trunc 7}}: {{ .metadata.subject }}
+    {{- if .metadata.body }}
+    
+    {{ .metadata.body }}
+    {{- end }}
+    {{ range $ref := .metadata.references }}
+    {{- if and $ref.commit $ref.commit.author }}
+    Co-authored-by: {{ $ref.commit.author }}
+    {{- end }}
+    {{- end }}
+    {{- if .metadata.author }}
+    Co-authored-by: {{ .metadata.author }}
+    {{- end }}
+
 ### Credential Templates
 
 Credential templates allow a single credential to be used for multiple repositories. The source hydrator supports credential templates. For example, if you setup credential templates for the URL prefix `https://github.com/argoproj`, these credentials will be used for all repositories with this URL as prefix (e.g. `https://github.com/argoproj/argocd-example-apps`) that do not have their own credentials configured.
diff --git a/util/hydrator/hydrator.go b/util/hydrator/hydrator.go
new file mode 100644
index 0000000000000..014a620add260
--- /dev/null
+++ b/util/hydrator/hydrator.go
@@ -0,0 +1,60 @@
+package hydrator
+
+import (
+	"strings"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+
+	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/git"
+)
+
+// HydratorCommitMetadata defines the struct used by both Controller and commitServer
+// to define the templated commit message and the hydrated manifest
+type HydratorCommitMetadata struct {
+	RepoURL  string   `json:"repoURL,omitempty"`
+	DrySHA   string   `json:"drySha,omitempty"`
+	Commands []string `json:"commands,omitempty"`
+	Author   string   `json:"author,omitempty"`
+	Date     string   `json:"date,omitempty"`
+	// Subject is the subject line of the DRY commit message, i.e. `git show --format=%s`.
+	Subject string `json:"subject,omitempty"`
+	// Body is the body of the DRY commit message, excluding the subject line, i.e. `git show --format=%b`.
+	// Known Argocd- trailers with valid values are removed, but all other trailers are kept.
+	Body       string                    `json:"body,omitempty"`
+	References []appv1.RevisionReference `json:"references,omitempty"`
+}
+
+// GetCommitMetadata takes repo, drySha and commitMetadata and returns a HydratorCommitMetadata which is a
+// common contract controller and commitServer
+func GetCommitMetadata(repoUrl, drySha string, dryCommitMetadata *appv1.RevisionMetadata) (HydratorCommitMetadata, error) { //nolint:revive //FIXME(var-naming)
+	author := ""
+	message := ""
+	date := ""
+	var references []appv1.RevisionReference
+	if dryCommitMetadata != nil {
+		author = dryCommitMetadata.Author
+		message = dryCommitMetadata.Message
+		if dryCommitMetadata.Date != nil {
+			date = dryCommitMetadata.Date.Format(time.RFC3339)
+		}
+		references = dryCommitMetadata.References
+	}
+
+	subject, body, _ := strings.Cut(message, "\n\n")
+
+	_, bodyMinusTrailers := git.GetReferences(log.WithFields(log.Fields{"repo": repoUrl, "revision": drySha}), body)
+
+	hydratorCommitMetadata := HydratorCommitMetadata{
+		RepoURL:    repoUrl,
+		DrySHA:     drySha,
+		Author:     author,
+		Subject:    subject,
+		Body:       bodyMinusTrailers,
+		Date:       date,
+		References: references,
+	}
+
+	return hydratorCommitMetadata, nil
+}
diff --git a/util/hydrator/hydrator_test.go b/util/hydrator/hydrator_test.go
new file mode 100644
index 0000000000000..bda8f48412717
--- /dev/null
+++ b/util/hydrator/hydrator_test.go
@@ -0,0 +1,74 @@
+package hydrator
+
+import (
+	"reflect"
+	"testing"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	appv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+)
+
+func TestGetCommitMetadata(t *testing.T) {
+	repoURL := "https://github.com/test/argocd-example-apps"
+	drySHA := "3ff41cc5247197a6caf50216c4c76cc29d78a97d"
+	date := &metav1.Time{Time: metav1.Now().Time}
+	revisionAuthor := "test test@test.com"
+	references := make([]appv1.RevisionReference, 0)
+	revReference := appv1.RevisionReference{
+		Commit: &appv1.CommitMetadata{
+			Author:  "testAuthor",
+			Subject: "test",
+			RepoURL: repoURL,
+			SHA:     "3ff41cc5247197a6caf50216c4c76cc29d78a97c",
+		},
+	}
+	references = append(references, revReference)
+	hydratedCommitMetadata := HydratorCommitMetadata{
+		RepoURL:    repoURL,
+		DrySHA:     drySHA,
+		Author:     revisionAuthor,
+		Date:       date.Format(time.RFC3339),
+		References: references,
+		Subject:    "testMessage",
+	}
+	type args struct {
+		repoURL           string
+		drySha            string
+		dryCommitMetadata *appv1.RevisionMetadata
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    HydratorCommitMetadata
+		wantErr bool
+	}{
+		{
+			name: "test GetHydratorCommitMD",
+			args: args{
+				repoURL: repoURL,
+				drySha:  drySHA,
+				dryCommitMetadata: &appv1.RevisionMetadata{
+					Author:     revisionAuthor,
+					Date:       date,
+					Message:    "testMessage",
+					References: references,
+				},
+			},
+			want: hydratedCommitMetadata,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := GetCommitMetadata(tt.args.repoURL, tt.args.drySha, tt.args.dryCommitMetadata)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetCommitMetadata() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("GetCommitMetadata() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
diff --git a/util/hydrator/template.go b/util/hydrator/template.go
new file mode 100644
index 0000000000000..f11d46540abb1
--- /dev/null
+++ b/util/hydrator/template.go
@@ -0,0 +1,61 @@
+package hydrator
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"text/template"
+
+	"github.com/Masterminds/sprig/v3"
+)
+
+var sprigFuncMap = sprig.GenericFuncMap() // a singleton for better performance
+
+func init() {
+	// Avoid allowing the user to learn things about the environment.
+	delete(sprigFuncMap, "env")
+	delete(sprigFuncMap, "expandenv")
+	delete(sprigFuncMap, "getHostByName")
+}
+
+// Render use a parsed template and calls the Execute to apply the data.
+// currently the method supports struct and a map[string]any as data
+func Render(tmpl string, data HydratorCommitMetadata) (string, error) {
+	var dataMap map[string]any
+	var err error
+	// short-circuit if template is not defined
+	if tmpl == "" {
+		return "", nil
+	}
+	dataMap, err = structToMap(data)
+	if err != nil {
+		return "", fmt.Errorf("marshaling failed: %w", err)
+	}
+	metadata := map[string]any{
+		"metadata": dataMap,
+	}
+	template, err := template.New("commit-template").Funcs(sprigFuncMap).Parse(tmpl)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse template %s: %w", tmpl, err)
+	}
+	var replacedTmplBuffer bytes.Buffer
+	if err = template.Execute(&replacedTmplBuffer, metadata); err != nil {
+		return "", fmt.Errorf("failed to execute go template %s: %w", tmpl, err)
+	}
+
+	return replacedTmplBuffer.String(), nil
+}
+
+func structToMap(s any) (map[string]any, error) {
+	jsonOut, err := json.Marshal(s)
+	if err != nil {
+		return nil, err
+	}
+
+	var result map[string]any
+	err = json.Unmarshal(jsonOut, &result)
+	if err != nil {
+		return nil, err
+	}
+	return result, nil
+}
diff --git a/util/hydrator/template_test.go b/util/hydrator/template_test.go
new file mode 100644
index 0000000000000..1d167288edd4e
--- /dev/null
+++ b/util/hydrator/template_test.go
@@ -0,0 +1,99 @@
+package hydrator
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v3/util/settings"
+)
+
+func TestRender(t *testing.T) {
+	tests := []struct {
+		name     string
+		metadata HydratorCommitMetadata
+		want     string
+		wantErr  bool
+	}{
+		{
+			name: "author and multiple references",
+			metadata: HydratorCommitMetadata{
+				RepoURL: "https://github.com/test/argocd-example-apps",
+				DrySHA:  "3ff41cc5247197a6caf50216c4c76cc29d78a97d",
+				Author:  "test <test@test.com>",
+				Date:    metav1.Now().String(),
+				References: []v1alpha1.RevisionReference{
+					{
+						Commit: &v1alpha1.CommitMetadata{
+							Author:  "ref test <ref-test@test.com>",
+							Subject: "test",
+							RepoURL: "https://github.com/test/argocd-example-apps",
+							SHA:     "3ff41cc5247197a6caf50216c4c76cc29d78a97c",
+						},
+					},
+					{
+						Commit: &v1alpha1.CommitMetadata{
+							Author:  "ref test 2 <ref-test-2@test.com>",
+							Subject: "test 2",
+							RepoURL: "https://github.com/test/argocd-example-apps",
+							SHA:     "abc12345678912345678912345678912345678912",
+						},
+					},
+				},
+				Body:    "testBody",
+				Subject: "testSubject",
+			},
+			want: `3ff41cc: testSubject
+
+testBody
+
+Co-authored-by: ref test <ref-test@test.com>
+Co-authored-by: ref test 2 <ref-test-2@test.com>
+Co-authored-by: test <test@test.com>
+`,
+		},
+		{
+			name: "no references",
+			metadata: HydratorCommitMetadata{
+				RepoURL: "https://github.com/test/argocd-example-apps",
+				DrySHA:  "3ff41cc5247197a6caf50216c4c76cc29d78a97d",
+				Author:  "test <test@test.com>",
+				Date:    metav1.Now().String(),
+				Body:    "testBody",
+				Subject: "testSubject",
+			},
+			want: `3ff41cc: testSubject
+
+testBody
+
+Co-authored-by: test <test@test.com>
+`,
+		},
+		{
+			name: "no body",
+			metadata: HydratorCommitMetadata{
+				RepoURL: "https://github.com/test/argocd-example-apps",
+				DrySHA:  "3ff41cc5247197a6caf50216c4c76cc29d78a97d",
+				Author:  "test <test@test.com>",
+				Date:    metav1.Now().String(),
+				Subject: "testSubject",
+			},
+			want: `3ff41cc: testSubject
+
+Co-authored-by: test <test@test.com>
+`,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Render(settings.CommitMessageTemplate, tt.metadata)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Render() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/util/settings/settings.go b/util/settings/settings.go
index ac74206cfaefc..92526a657431a 100644
--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -45,6 +45,21 @@ import (
 	tlsutil "github.com/argoproj/argo-cd/v3/util/tls"
 )
 
+var CommitMessageTemplate = `{{.metadata.drySha | trunc 7}}: {{ .metadata.subject }}
+{{- if .metadata.body }}
+
+{{ .metadata.body }}
+{{- end }}
+{{ range $ref := .metadata.references }}
+{{- if and $ref.commit $ref.commit.author }}
+Co-authored-by: {{ $ref.commit.author }}
+{{- end }}
+{{- end }}
+{{- if .metadata.author }}
+Co-authored-by: {{ .metadata.author }}
+{{- end }}
+`
+
 // ArgoCDSettings holds in-memory runtime configuration options.
 type ArgoCDSettings struct {
 	// URL is the externally facing URL users will visit to reach Argo CD.
@@ -494,6 +509,8 @@ const (
 	settingUIBannerPositionKey = "ui.bannerposition"
 	// settingsBinaryUrlsKey designates the key for the argocd binary URLs
 	settingsBinaryUrlsKey = "help.download"
+	// settingsApplicationInstanceLabelKey is the key to configure injected app instance label key
+	settingsSourceHydratorCommitMessageTemplateKey = "sourceHydrator.commitMessageTemplate"
 	// globalProjectsKey designates the key for global project settings
 	globalProjectsKey = "globalProjects"
 	// initialPasswordSecretName is the name of the secret that will hold the initial admin password
@@ -1005,6 +1022,17 @@ func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.Resource
 	return resourceOverrides, nil
 }
 
+func (mgr *SettingsManager) GetSourceHydratorCommitMessageTemplate() (string, error) {
+	argoCDCM, err := mgr.getConfigMap()
+	if err != nil {
+		return "", err
+	}
+	if argoCDCM.Data[settingsSourceHydratorCommitMessageTemplateKey] == "" {
+		return CommitMessageTemplate, nil // in case template is not defined return default
+	}
+	return argoCDCM.Data[settingsSourceHydratorCommitMessageTemplateKey], nil
+}
+
 func addStatusOverrideToGK(resourceOverrides map[string]v1alpha1.ResourceOverride, groupKind string) {
 	if val, ok := resourceOverrides[groupKind]; ok {
 		val.IgnoreDifferences.JSONPointers = append(val.IgnoreDifferences.JSONPointers, "/status")

From 935efd7a7cf4dd516ff205dd77246fd38d636db8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 19:48:10 +0530
Subject: [PATCH 342/383] chore(deps): bump actions/setup-node from 4.4.0 to
 5.0.0 (#24384)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 7b510135dce7f..e7b57b67837cc 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -305,7 +305,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup NodeJS
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
           # renovate: datasource=node-version packageName=node versioning=node
           node-version: '22.9.0'

From afe8dc71ee40687d33015c3680a984206ad21c0e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 19:48:30 +0530
Subject: [PATCH 343/383] chore(deps): bump github.com/ktrysmt/go-bitbucket
 from 0.9.86 to 0.9.87 (#24383)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8ad5042d799f4..aa7a39c9892ce 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/jarcoal/httpmock v1.4.1
 	github.com/jeremywohl/flatten v1.0.2-0.20211013061545-07e4a09fb8e4
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/ktrysmt/go-bitbucket v0.9.86
+	github.com/ktrysmt/go-bitbucket v0.9.87
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-zglob v0.0.6
 	github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.1-0.20241014080628-3045bdf43455
diff --git a/go.sum b/go.sum
index c72c533061fb7..4b92d2be1352c 100644
--- a/go.sum
+++ b/go.sum
@@ -598,8 +598,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/ktrysmt/go-bitbucket v0.9.86 h1:co80t9wS4kKgRLsvDgi+3wQPiLY30u10ehcTxgXFvzw=
-github.com/ktrysmt/go-bitbucket v0.9.86/go.mod h1:/lsYmiQrBHNPTnPKF0Q+safIS7peInQOGbJXu0xPRho=
+github.com/ktrysmt/go-bitbucket v0.9.87 h1:eR7E4ndyKpO2+HdBwUlsC5K/40nEDpjMLEWsPLY97oQ=
+github.com/ktrysmt/go-bitbucket v0.9.87/go.mod h1:slSdGm9Vh3L2ZOU1r7Fu2B9rPJvsflYgneRCoPA83eY=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=

From a7b19129283e83a1012378d968fb0444b17ea807 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Thu, 4 Sep 2025 10:59:58 -0400
Subject: [PATCH 344/383] fix(security): repository.GetDetailedProject exposes
 repo secrets (#24387)

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/2.13-2.14.md   | 10 +++-
 docs/operator-manual/upgrading/2.14-3.0.md    |  6 ++
 docs/operator-manual/upgrading/3.0-3.1.md     |  8 +++
 docs/operator-manual/upgrading/3.1-3.2.md     |  8 +++
 .../application/v1alpha1/repository_types.go  |  1 -
 pkg/apis/application/v1alpha1/types.go        | 26 +++++++++
 pkg/apis/application/v1alpha1/types_test.go   | 55 +++++++++++++++++++
 server/cluster/cluster.go                     | 13 +----
 server/project/project.go                     | 12 +++-
 server/repository/repository_test.go          |  2 +-
 10 files changed, 124 insertions(+), 17 deletions(-)

diff --git a/docs/operator-manual/upgrading/2.13-2.14.md b/docs/operator-manual/upgrading/2.13-2.14.md
index 3b8a473fb43ec..385dcbc3244e6 100644
--- a/docs/operator-manual/upgrading/2.13-2.14.md
+++ b/docs/operator-manual/upgrading/2.13-2.14.md
@@ -11,4 +11,12 @@ Eg, `https://github.com/argoproj/argo-cd/manifests/ha/cluster-install?ref=v2.14.
 ## Upgraded Helm Version
 
 Helm was upgraded to 3.16.2 and the skipSchemaValidation Flag was added to
-the [CLI and Application CR](https://argo-cd.readthedocs.io/en/latest/user-guide/helm/#helm-skip-schema-validation). 
\ No newline at end of file
+the [CLI and Application CR](https://argo-cd.readthedocs.io/en/latest/user-guide/helm/#helm-skip-schema-validation). 
+
+## Breaking Changes
+
+## Sanitized project API response
+
+Due to security reasons ([GHSA-786q-9hcg-v9ff](https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff)),
+the project API response was sanitized to remove sensitive information. This includes
+credentials of project-scoped repositories and clusters.
diff --git a/docs/operator-manual/upgrading/2.14-3.0.md b/docs/operator-manual/upgrading/2.14-3.0.md
index 4d0000a2c31cf..4fc0a46e88ebc 100644
--- a/docs/operator-manual/upgrading/2.14-3.0.md
+++ b/docs/operator-manual/upgrading/2.14-3.0.md
@@ -492,3 +492,9 @@ resource.customizations.ignoreDifferences.apiextensions.k8s.io_CustomResourceDef
 ```
 
 More details for ignored resource updates in the [Diffing customization](../../user-guide/diffing.md) documentation.
+
+### Sanitized project API response
+
+Due to security reasons ([GHSA-786q-9hcg-v9ff](https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff)),
+the project API response was sanitized to remove sensitive information. This includes
+credentials of project-scoped repositories and clusters.
\ No newline at end of file
diff --git a/docs/operator-manual/upgrading/3.0-3.1.md b/docs/operator-manual/upgrading/3.0-3.1.md
index 4f37caf16f530..cb4e0ce2d419f 100644
--- a/docs/operator-manual/upgrading/3.0-3.1.md
+++ b/docs/operator-manual/upgrading/3.0-3.1.md
@@ -55,3 +55,11 @@ Argo CD v3.1 upgrades the bundled Helm version to 3.18.4. There are no breaking
 
 Argo CD v3.1 upgrades the bundled Kustomize version to 5.7.0. There are no breaking changes in Kustomize 5.7 according
 to the [release notes](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.7.0).
+
+## Breaking Changes
+
+## Sanitized project API response
+
+Due to security reasons ([GHSA-786q-9hcg-v9ff](https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff)),
+the project API response was sanitized to remove sensitive information. This includes
+credentials of project-scoped repositories and clusters.
diff --git a/docs/operator-manual/upgrading/3.1-3.2.md b/docs/operator-manual/upgrading/3.1-3.2.md
index b2eff599c7210..fa5f8fb3dcd1d 100644
--- a/docs/operator-manual/upgrading/3.1-3.2.md
+++ b/docs/operator-manual/upgrading/3.1-3.2.md
@@ -52,3 +52,11 @@ If you do not want your CronJob to affect the Application's aggregated Health, y
 `argocd.argoproj.io/ignore-healthcheck: "true"` on the CronJob resource.
 
 The health can also be configured globally using the `resource.customizations.health.batch_CronJob` configuration to change the default behaviour.
+
+## Breaking Changes
+
+## Sanitized project API response
+
+Due to security reasons ([GHSA-786q-9hcg-v9ff](https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff)),
+the project API response was sanitized to remove sensitive information. This includes
+credentials of project-scoped repositories and clusters.
diff --git a/pkg/apis/application/v1alpha1/repository_types.go b/pkg/apis/application/v1alpha1/repository_types.go
index 40b04a522237e..0ee9bee8e5f97 100644
--- a/pkg/apis/application/v1alpha1/repository_types.go
+++ b/pkg/apis/application/v1alpha1/repository_types.go
@@ -347,7 +347,6 @@ func (repo *Repository) Sanitized() *Repository {
 		Repo:                       repo.Repo,
 		Type:                       repo.Type,
 		Name:                       repo.Name,
-		Username:                   repo.Username,
 		Insecure:                   repo.IsInsecure(),
 		EnableLFS:                  repo.EnableLFS,
 		EnableOCI:                  repo.EnableOCI,
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index 793f49eb5654c..293d7965abe68 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -2237,6 +2237,32 @@ type Cluster struct {
 	Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,13,opt,name=annotations"`
 }
 
+func (c *Cluster) Sanitized() *Cluster {
+	return &Cluster{
+		ID:                 c.ID,
+		Server:             c.Server,
+		Name:               c.Name,
+		Project:            c.Project,
+		Namespaces:         c.Namespaces,
+		Shard:              c.Shard,
+		Labels:             c.Labels,
+		Annotations:        c.Annotations,
+		ClusterResources:   c.ClusterResources,
+		ConnectionState:    c.ConnectionState,
+		ServerVersion:      c.ServerVersion,
+		Info:               c.Info,
+		RefreshRequestedAt: c.RefreshRequestedAt,
+		Config: ClusterConfig{
+			AWSAuthConfig:      c.Config.AWSAuthConfig,
+			ProxyUrl:           c.Config.ProxyUrl,
+			DisableCompression: c.Config.DisableCompression,
+			TLSClientConfig: TLSClientConfig{
+				Insecure: c.Config.Insecure,
+			},
+		},
+	}
+}
+
 // Equals returns true if two cluster objects are considered to be equal
 func (c *Cluster) Equals(other *Cluster) bool {
 	if c.Server != other.Server {
diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go
index c7430e3a80e48..ae821a43b98f1 100644
--- a/pkg/apis/application/v1alpha1/types_test.go
+++ b/pkg/apis/application/v1alpha1/types_test.go
@@ -4705,3 +4705,58 @@ func TestSyncWindow_Hash(t *testing.T) {
 		require.Equal(t, hash1, hash2, "windows with same core identity but different metadata should produce same hash")
 	})
 }
+
+func TestSanitized(t *testing.T) {
+	now := metav1.Now()
+	cluster := &Cluster{
+		ID:            "123",
+		Server:        "https://example.com",
+		Name:          "example",
+		ServerVersion: "v1.0.0",
+		Namespaces:    []string{"default", "kube-system"},
+		Project:       "default",
+		Labels: map[string]string{
+			"env": "production",
+		},
+		Annotations: map[string]string{
+			"annotation-key": "annotation-value",
+		},
+		ConnectionState: ConnectionState{
+			Status:     ConnectionStatusSuccessful,
+			Message:    "Connection successful",
+			ModifiedAt: &now,
+		},
+		Config: ClusterConfig{
+			Username:    "admin",
+			Password:    "password123",
+			BearerToken: "abc",
+			TLSClientConfig: TLSClientConfig{
+				Insecure: true,
+			},
+			ExecProviderConfig: &ExecProviderConfig{
+				Command: "test",
+			},
+		},
+	}
+
+	assert.Equal(t, &Cluster{
+		ID:            "123",
+		Server:        "https://example.com",
+		Name:          "example",
+		ServerVersion: "v1.0.0",
+		Namespaces:    []string{"default", "kube-system"},
+		Project:       "default",
+		Labels:        map[string]string{"env": "production"},
+		Annotations:   map[string]string{"annotation-key": "annotation-value"},
+		ConnectionState: ConnectionState{
+			Status:     ConnectionStatusSuccessful,
+			Message:    "Connection successful",
+			ModifiedAt: &now,
+		},
+		Config: ClusterConfig{
+			TLSClientConfig: TLSClientConfig{
+				Insecure: true,
+			},
+		},
+	}, cluster.Sanitized())
+}
diff --git a/server/cluster/cluster.go b/server/cluster/cluster.go
index 135a68c981d12..ac060d053edcd 100644
--- a/server/cluster/cluster.go
+++ b/server/cluster/cluster.go
@@ -471,19 +471,8 @@ func (s *Server) RotateAuth(ctx context.Context, q *cluster.ClusterQuery) (*clus
 }
 
 func (s *Server) toAPIResponse(clust *appv1.Cluster) *appv1.Cluster {
+	clust = clust.Sanitized()
 	_ = s.cache.GetClusterInfo(clust.Server, &clust.Info)
-
-	clust.Config.Password = ""
-	clust.Config.BearerToken = ""
-	clust.Config.KeyData = nil
-	if clust.Config.ExecProviderConfig != nil {
-		// We can't know what the user has put into args or
-		// env vars on the exec provider that might be sensitive
-		// (e.g. --private-key=XXX, PASSWORD=XXX)
-		// Implicitly assumes the command executable name is non-sensitive
-		clust.Config.ExecProviderConfig.Env = make(map[string]string)
-		clust.Config.ExecProviderConfig.Args = nil
-	}
 	// populate deprecated fields for backward compatibility
 	//nolint:staticcheck
 	clust.ServerVersion = clust.Info.ServerVersion
diff --git a/server/project/project.go b/server/project/project.go
index 439e9aebf0382..e72b9ad457dfe 100644
--- a/server/project/project.go
+++ b/server/project/project.go
@@ -310,12 +310,20 @@ func (s *Server) GetDetailedProject(ctx context.Context, q *project.ProjectQuery
 	}
 	proj.NormalizeJWTTokens()
 	globalProjects := argo.GetGlobalProjects(proj, listersv1alpha1.NewAppProjectLister(s.projInformer.GetIndexer()), s.settingsMgr)
+	var apiRepos []*v1alpha1.Repository
+	for _, repo := range repositories {
+		apiRepos = append(apiRepos, repo.Normalize().Sanitized())
+	}
+	var apiClusters []*v1alpha1.Cluster
+	for _, cluster := range clusters {
+		apiClusters = append(apiClusters, cluster.Sanitized())
+	}
 
 	return &project.DetailedProjectsResponse{
 		GlobalProjects: globalProjects,
 		Project:        proj,
-		Repositories:   repositories,
-		Clusters:       clusters,
+		Repositories:   apiRepos,
+		Clusters:       apiClusters,
 	}, err
 }
 
diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go
index 13bfe7a83cff2..0f596519c5405 100644
--- a/server/repository/repository_test.go
+++ b/server/repository/repository_test.go
@@ -313,7 +313,7 @@ func TestRepositoryServer(t *testing.T) {
 		testRepo := &appsv1.Repository{
 			Repo:           url,
 			Type:           "git",
-			Username:       "foo",
+			Username:       "",
 			InheritedCreds: true,
 		}
 		db.On("ListRepositories", t.Context()).Return([]*appsv1.Repository{testRepo}, nil)

From 086b9f003bdc4d147f74c04876325ad91b72301f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Sep 2025 11:22:38 -0400
Subject: [PATCH 345/383] chore(deps): bump library/ubuntu from `1041699` to
 `a61c057` in /test/container (#24382)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 test/container/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/container/Dockerfile b/test/container/Dockerfile
index d61fb6cf31110..33b227add2251 100644
--- a/test/container/Dockerfile
+++ b/test/container/Dockerfile
@@ -14,7 +14,7 @@ FROM docker.io/library/registry:3.0@sha256:3725021071ec9383eb3d87ddbdff9ed602439
 
 FROM docker.io/bitnamilegacy/kubectl:1.32@sha256:493d1b871556d48d6b25d471f192c2427571cd6f78523eebcaf4d263353c7487 AS kubectl
 
-FROM docker.io/library/ubuntu:25.10@sha256:1041699615b625b6bb6fbcdb7876bb1379f52b954374ab457360d9444a05cd7d
+FROM docker.io/library/ubuntu:25.10@sha256:a61c057b4f69200ecf031519a20db79b8683837ba1dc2a59458d333eb75b174d
 
 ENV DEBIAN_FRONTEND=noninteractive
 

From 200d6c2a93280681004794047e1ee76bb2f1d6fc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 06:43:33 -0400
Subject: [PATCH 346/383] chore(deps): bump github.com/casbin/casbin/v2 from
 2.121.0 to 2.122.0 (#24409)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index aa7a39c9892ce..641a59f85a95d 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
-	github.com/casbin/casbin/v2 v2.121.0
+	github.com/casbin/casbin/v2 v2.122.0
 	github.com/casbin/govaluate v1.9.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
diff --git a/go.sum b/go.sum
index 4b92d2be1352c..81ebaace6248b 100644
--- a/go.sum
+++ b/go.sum
@@ -175,8 +175,8 @@ github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdb
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q=
-github.com/casbin/casbin/v2 v2.121.0 h1:lrgTnLJTsdpe8Kdgi+NedM9+K7ftYBaK19OE+IZUwdk=
-github.com/casbin/casbin/v2 v2.121.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
+github.com/casbin/casbin/v2 v2.122.0 h1:T960HruD6W3JZmoYQjKAu0YBLUL++5l7LormNJIcmkc=
+github.com/casbin/casbin/v2 v2.122.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
 github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=

From dadf1343936f866abf26b4ffb7403c26ffbaf22c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 09:45:09 -0400
Subject: [PATCH 347/383] chore(deps): bump github.com/casbin/govaluate from
 1.9.0 to 1.10.0 (#24411)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 641a59f85a95d..d677c1e85552b 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,7 @@ require (
 	github.com/bombsimon/logrusr/v4 v4.1.0
 	github.com/bradleyfalzon/ghinstallation/v2 v2.16.0
 	github.com/casbin/casbin/v2 v2.122.0
-	github.com/casbin/govaluate v1.9.0
+	github.com/casbin/govaluate v1.10.0
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/chainguard-dev/git-urls v1.0.2
 	github.com/coreos/go-oidc/v3 v3.14.1
diff --git a/go.sum b/go.sum
index 81ebaace6248b..e92cfca22092a 100644
--- a/go.sum
+++ b/go.sum
@@ -178,8 +178,8 @@ github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVO
 github.com/casbin/casbin/v2 v2.122.0 h1:T960HruD6W3JZmoYQjKAu0YBLUL++5l7LormNJIcmkc=
 github.com/casbin/casbin/v2 v2.122.0/go.mod h1:Ee33aqGrmES+GNL17L0h9X28wXuo829wnNUnS0edAco=
 github.com/casbin/govaluate v1.3.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
-github.com/casbin/govaluate v1.9.0 h1:XB53bSw+gaQ7tjTlFJsuTThPCQBxyUeQZ3drsKiicEY=
-github.com/casbin/govaluate v1.9.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
+github.com/casbin/govaluate v1.10.0 h1:ffGw51/hYH3w3rZcxO/KcaUIDOLP84w7nsidMVgaDG0=
+github.com/casbin/govaluate v1.10.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A=
 github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=

From 6e9f17fe7f313fed74757a4460d6e6e4c3ecae96 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Fri, 5 Sep 2025 11:27:44 -0400
Subject: [PATCH 348/383] chore(ci): run e2e tests on CNCF runner (#24320)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index e7b57b67837cc..57351f474d475 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -407,7 +407,7 @@ jobs:
   test-e2e:
     name: Run end-to-end tests
     if: ${{ needs.changes.outputs.backend == 'true' }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest-16-cores
     strategy:
       fail-fast: false
       matrix:

From aec8316cfe1384f77374a397ec3c1f8d4f1140a2 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Sat, 6 Sep 2025 00:44:33 +0530
Subject: [PATCH 349/383] chore: add cli scoped approver role for argocd
 (#24006)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 CODEOWNERS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CODEOWNERS b/CODEOWNERS
index 20ff6cd449af7..bb1ca2695742d 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -12,3 +12,8 @@
 /.github/**               @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
 /.goreleaser.yaml         @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
 /sonar-project.properties @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
+
+# CLI
+/cmd/argocd/** @argoproj/argocd-approvers @argoproj/argocd-approvers-cli
+/cmd/main.go @argoproj/argocd-approvers @argoproj/argocd-approvers-cli
+/docs/operator-manual/ @argoproj/argocd-approvers @argoproj/argocd-approvers-cli
\ No newline at end of file

From 141dbacae147d3a8f894952313ab2e870e3b5c7f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 5 Sep 2025 16:27:12 -0400
Subject: [PATCH 350/383] chore(deps): bump actions/setup-go from 5.5.0 to
 6.0.0 (#24412)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/bump-major-version.yaml |  2 +-
 .github/workflows/ci-build.yaml           | 14 +++++++-------
 .github/workflows/codeql.yml              |  2 +-
 .github/workflows/image-reuse.yaml        |  2 +-
 .github/workflows/release.yaml            |  4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/bump-major-version.yaml b/.github/workflows/bump-major-version.yaml
index 5058ceba6d1a5..b39d74d704044 100644
--- a/.github/workflows/bump-major-version.yaml
+++ b/.github/workflows/bump-major-version.yaml
@@ -37,7 +37,7 @@ jobs:
         working-directory: /home/runner/go/src/github.com/argoproj/argo-cd
 
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Add ~/go/bin to PATH
diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 57351f474d475..0477ef28f7343 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -57,7 +57,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Download all Go modules
@@ -78,7 +78,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Restore go build cache
@@ -105,7 +105,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Run golangci-lint
@@ -133,7 +133,7 @@ jobs:
       - name: Create symlink in GOPATH
         run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Install required packages
@@ -197,7 +197,7 @@ jobs:
       - name: Create symlink in GOPATH
         run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Install required packages
@@ -253,7 +253,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: Create symlink in GOPATH
@@ -449,7 +449,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
       - name: GH actions workaround - Kill XSP4 process
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c3278d80c823d..70dc12c51ffa8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -33,7 +33,7 @@ jobs:
 
     # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
     - name: Setup Golang
-      uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
         go-version-file: go.mod
       
diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml
index ca76c25b2eaed..3608cf3c8b224 100644
--- a/.github/workflows/image-reuse.yaml
+++ b/.github/workflows/image-reuse.yaml
@@ -67,7 +67,7 @@ jobs:
         if: ${{ github.ref_type != 'tag'}}
 
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ inputs.go-version }}
           cache: false
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0a5e20c7d210f..7630971c1061b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -70,7 +70,7 @@ jobs:
         run: git fetch --force --tags
 
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
           cache: false
@@ -153,7 +153,7 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup Golang
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: ${{ env.GOLANG_VERSION }}
           cache: false

From 3d25c6e09b5959927835ea04d586c8308f9e27e0 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Fri, 5 Sep 2025 17:45:41 -0400
Subject: [PATCH 351/383] fix(health): remove CronJob progressing/suspended
 status (#24430)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/upgrading/3.1-3.2.md     | 23 ++++++-----
 .../batch/CronJob/health.lua                  | 40 +++++++++++++------
 .../batch/CronJob/health_test.yaml            | 12 +++---
 3 files changed, 48 insertions(+), 27 deletions(-)

diff --git a/docs/operator-manual/upgrading/3.1-3.2.md b/docs/operator-manual/upgrading/3.1-3.2.md
index fa5f8fb3dcd1d..b1838bfbcec89 100644
--- a/docs/operator-manual/upgrading/3.1-3.2.md
+++ b/docs/operator-manual/upgrading/3.1-3.2.md
@@ -40,20 +40,25 @@ The `ManifestRequest` and `RepoServerAppDetailsQuery` messages are used by the f
 
 ## CronJob Health
 
-This realease introduce the addition of CronJob's health, a longtime omitted heath status for a native Kubernetes resource.
-The health of a CronJob is based on whether or not Jobs are currently running, and if the last completed Job was successful.
+After the upgrade, Application's status may transition to `Degraded` depending on the CronJob health.
 
-After the upgrade, Application's status may transition to `Degraded`, `Progressing` or `Suspended` depending on the CronJob health.
+!!! note "CronJob with running jobs"
 
-If the CronJob is permanently `Suspended`, then the aggregated health of the Application will now be `Suspended` instead of `Healthy`.
-If the CronJob is permanently running jobs, then the aggregated health of the Application will now be `Progressing` instead of `Healthy`.
+    If the CronJob is `Degraded` and a new job is scheduled, the health will change to `Healthy` until the active job completes.
+    This may cause your application to go from `Degraded` to `Healthy` to `Degraded` again. The CronJob status does not contain enough
+    information to infer the health of the last completed job if there are active jobs.
 
-If you do not want your CronJob to affect the Application's aggregated Health, you can configure the annotation
-`argocd.argoproj.io/ignore-healthcheck: "true"` on the CronJob resource.
+    If the CronJob constantly has active jobs, the health will be constantly `Healthy` even if the last job failed.
+
+!!! note "CronJob with suspended state"
 
-The health can also be configured globally using the `resource.customizations.health.batch_CronJob` configuration to change the default behaviour.
+    If the CronJob is in a suspended state, the CronJob status will remain Healthy. You can override this behaviour by configuring the
+    health check using the `resource.customizations.health.batch_CronJob` key in the argocd-cm ConfigMap.
 
-## Breaking Changes
+    If you decide to do so and the CronJob is `Suspended`, then the aggregated health of the Application will now be `Suspended` instead of `Healthy`.
+
+If you do not want your CronJob to affect the Application's aggregated Health, you can configure the annotation
+`argocd.argoproj.io/ignore-healthcheck: "true"` on the CronJob resource.
 
 ## Sanitized project API response
 
diff --git a/resource_customizations/batch/CronJob/health.lua b/resource_customizations/batch/CronJob/health.lua
index 4e442e4958a5d..44e69d4e2c77c 100644
--- a/resource_customizations/batch/CronJob/health.lua
+++ b/resource_customizations/batch/CronJob/health.lua
@@ -1,36 +1,52 @@
 hs = {}
 
 if obj.spec.suspend == true then
-    hs.status = "Suspended"
+    -- Set to Healthy insted of Suspended until bug is resolved
+    -- See https://github.com/argoproj/argo-cd/issues/24428
+    hs.status = "Healthy"
     hs.message = "CronJob is Suspended"
     return hs
 end
 
 if obj.status ~= nil then
-    if obj.status.active ~= nil and table.getn(obj.status.active) > 0 then
-        -- We could be Progressing very often, depending on the Cron schedule, which would bubble up
-        -- to the Application health. If this is undesired, the annotation `argocd.argoproj.io/ignore-healthcheck: "true"`
-        -- can be added on the CronJob.
-        hs.status = "Progressing"
-        hs.message = string.format("Waiting for %d Jobs to complete", table.getn(obj.status.active))
-        return hs
-    end
+    if obj.status.lastScheduleTime ~= nil then
+
+        -- Job is running its first execution and has not yet reported any success
+        if obj.status.lastSuccessfulTime == nil then
+            -- Set to healthy even if it may be degraded, because we dont know
+            -- if it was not yet executed or if it never succeeded
+            hs.status = "Healthy"
+            hs.message = "The Cronjob never completed succesfully. It may not be healthy"
+            return hs
+        end
+
+
+        -- Job is progressing, so lastScheduleTime will always be grater than lastSuccessfulTime
+        -- Set to healthy since we do not know if it is Degraded
+        -- See https://github.com/argoproj/argo-cd/issues/24429
+        if obj.status.active ~= nil and table.getn(obj.status.active) > 0 then
+            hs.status = "Healthy"
+            hs.message = "The job is running. Its last execution may not have been successful"
+            return hs
+        end
 
     -- If the CronJob has no active jobs and the lastSuccessfulTime < lastScheduleTime
     -- then we know it failed the last execution
-    if obj.status.lastScheduleTime ~= nil then
-        -- No issue comparing time as text
-        if obj.status.lastSuccessfulTime == nil or obj.status.lastSuccessfulTime < obj.status.lastScheduleTime then
+        if obj.status.lastSuccessfulTime ~= nil and obj.status.lastSuccessfulTime < obj.status.lastScheduleTime then
             hs.status = "Degraded"
             hs.message = "CronJob has not completed its last execution successfully"
             return hs
         end
+
         hs.message = "CronJob has completed its last execution successfully"
+        hs.status = "Healthy"
+        return hs
     end
 
     -- There is no way to know if as CronJob missed its execution based on status
     -- so we assume Healthy even if a cronJob is not getting scheduled.
     -- https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#job-creation
+    hs.message = "CronJob has not been scheduled yet"
     hs.status = "Healthy"
     return hs
 end
diff --git a/resource_customizations/batch/CronJob/health_test.yaml b/resource_customizations/batch/CronJob/health_test.yaml
index 370ab11e66ae8..04008a590b3d8 100644
--- a/resource_customizations/batch/CronJob/health_test.yaml
+++ b/resource_customizations/batch/CronJob/health_test.yaml
@@ -5,21 +5,21 @@ tests:
     inputPath: testdata/healthy.yaml
   - healthStatus:
       status: Healthy
-      message: ''
+      message: CronJob has not been scheduled yet
     inputPath: testdata/never-scheduled.yaml
   - healthStatus:
       status: Degraded
       message: CronJob has not completed its last execution successfully
     inputPath: testdata/degraded.yaml
   - healthStatus:
-      status: Degraded
-      message: CronJob has not completed its last execution successfully
+      status: Healthy
+      message: The Cronjob never completed succesfully. It may not be healthy
     inputPath: testdata/never-succeeded.yaml
   - healthStatus:
-      status: Progressing
-      message: Waiting for 1 Jobs to complete
+      status: Healthy
+      message: The job is running. Its last execution may not have been successful
     inputPath: testdata/active.yaml
   - healthStatus:
-      status: Suspended
+      status: Healthy
       message: CronJob is Suspended
     inputPath: testdata/suspended.yaml

From de03ba03fa498f2b549fb668686a4d1f9d33e5e1 Mon Sep 17 00:00:00 2001
From: vetclippy <vetclippy@icloud.com>
Date: Sun, 7 Sep 2025 02:11:58 +0800
Subject: [PATCH 352/383] chore: fix some function names in comments (#24381)

Signed-off-by: vetclippy <vetclippy@icloud.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 util/env/env.go   | 2 +-
 util/rbac/rbac.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/env/env.go b/util/env/env.go
index ed4a943fbda2f..463dc107c3aa5 100644
--- a/util/env/env.go
+++ b/util/env/env.go
@@ -185,7 +185,7 @@ func ParseBoolFromEnv(envVar string, defaultValue bool) bool {
 	return defaultValue
 }
 
-// ParseStringToStringVar parses given value from the environment as a map of string.
+// ParseStringToStringFromEnv parses given value from the environment as a map of string.
 // Returns default value if envVar is not set.
 func ParseStringToStringFromEnv(envVar string, defaultValue map[string]string, separator string) map[string]string {
 	str := os.Getenv(envVar)
diff --git a/util/rbac/rbac.go b/util/rbac/rbac.go
index 29781fb26476c..ac50ac45ae9cc 100644
--- a/util/rbac/rbac.go
+++ b/util/rbac/rbac.go
@@ -422,7 +422,7 @@ func (e *Enforcer) SetUserPolicy(policy string) error {
 	return e.LoadPolicy()
 }
 
-// newInformers returns an informer which watches updates on the rbac configmap
+// newInformer returns an informer which watches updates on the rbac configmap
 func (e *Enforcer) newInformer() cache.SharedIndexInformer {
 	tweakConfigMap := func(options *metav1.ListOptions) {
 		cmFieldSelector := fields.ParseSelectorOrDie("metadata.name=" + e.configmap)

From 2539a62389cfb4645a94051f45d301e6ed6a17ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Szymon=20Ko=C5=9Bla?= <szymon.kosla@gmail.com>
Date: Sat, 6 Sep 2025 20:15:01 +0200
Subject: [PATCH 353/383] feat: Implement Altinity clickhouse-operator CRD
 health checks (#24017)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Szymon Kośla <szymon.kosla@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../ClickHouseKeeperInstallation/health.lua   | 17 ++++++++++++++
 .../health_test.yaml                          | 17 ++++++++++++++
 .../testdata/degraded_failed.yaml             | 22 +++++++++++++++++++
 .../testdata/healthy_completed.yaml           | 22 +++++++++++++++++++
 .../testdata/progressing_inprogress.yaml      | 22 +++++++++++++++++++
 .../testdata/progressing_nostatus.yaml        | 20 +++++++++++++++++
 .../ClickHouseInstallation/health.lua         | 17 ++++++++++++++
 .../ClickHouseInstallation/health_test.yaml   | 17 ++++++++++++++
 .../testdata/degraded_failed.yaml             | 22 +++++++++++++++++++
 .../testdata/healthy_completed.yaml           | 22 +++++++++++++++++++
 .../testdata/progressing_inprogress.yaml      | 22 +++++++++++++++++++
 .../testdata/progressing_nostatus.yaml        | 20 +++++++++++++++++
 12 files changed, 240 insertions(+)
 create mode 100644 resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health.lua
 create mode 100644 resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health_test.yaml
 create mode 100644 resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/degraded_failed.yaml
 create mode 100644 resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/healthy_completed.yaml
 create mode 100644 resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_inprogress.yaml
 create mode 100644 resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_nostatus.yaml
 create mode 100644 resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health.lua
 create mode 100644 resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health_test.yaml
 create mode 100644 resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/degraded_failed.yaml
 create mode 100644 resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/healthy_completed.yaml
 create mode 100644 resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_inprogress.yaml
 create mode 100644 resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_nostatus.yaml

diff --git a/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health.lua b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health.lua
new file mode 100644
index 0000000000000..a17e977f5b417
--- /dev/null
+++ b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health.lua
@@ -0,0 +1,17 @@
+local hs = {}
+if obj.status ~= nil and obj.status.status ~= nil then
+  if obj.status.status == "Completed" then
+    hs.status = "Healthy"
+    hs.message = "ClickHouseKeeper installation completed successfully"
+  elseif obj.status.status == "InProgress" then
+    hs.status = "Progressing"
+    hs.message = "ClickHouseKeeper installation in progress"
+  else
+    hs.status = "Degraded"
+    hs.message = "ClickHouseKeeper status: " .. obj.status.status
+  end
+else
+  hs.status = "Progressing"
+  hs.message = "ClickHouseKeeper status not yet available"
+end
+return hs 
\ No newline at end of file
diff --git a/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health_test.yaml b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health_test.yaml
new file mode 100644
index 0000000000000..0be716a1d1abd
--- /dev/null
+++ b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+- healthStatus:
+    status: Healthy
+    message: ClickHouseKeeper installation completed successfully
+  inputPath: testdata/healthy_completed.yaml
+- healthStatus:
+    status: Progressing
+    message: ClickHouseKeeper installation in progress
+  inputPath: testdata/progressing_inprogress.yaml
+- healthStatus:
+    status: Degraded
+    message: "ClickHouseKeeper status: Failed"
+  inputPath: testdata/degraded_failed.yaml
+- healthStatus:
+    status: Progressing
+    message: ClickHouseKeeper status not yet available
+  inputPath: testdata/progressing_nostatus.yaml
diff --git a/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/degraded_failed.yaml b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/degraded_failed.yaml
new file mode 100644
index 0000000000000..196d72c0bf3bc
--- /dev/null
+++ b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/degraded_failed.yaml
@@ -0,0 +1,22 @@
+apiVersion: clickhouse-keeper.altinity.com/v1
+kind: ClickHouseKeeperInstallation
+metadata:
+  name: test-clickhouse-keeper
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9181
+            template:
+              spec:
+                containers:
+                - name: clickhouse-keeper
+                  image: clickhouse/clickhouse-keeper:latest
+status:
+  status: Failed
\ No newline at end of file
diff --git a/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/healthy_completed.yaml b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/healthy_completed.yaml
new file mode 100644
index 0000000000000..c2a0c3198b066
--- /dev/null
+++ b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/healthy_completed.yaml
@@ -0,0 +1,22 @@
+apiVersion: clickhouse-keeper.altinity.com/v1
+kind: ClickHouseKeeperInstallation
+metadata:
+  name: test-clickhouse-keeper
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9181
+            template:
+              spec:
+                containers:
+                - name: clickhouse-keeper
+                  image: clickhouse/clickhouse-keeper:latest
+status:
+  status: Completed
\ No newline at end of file
diff --git a/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_inprogress.yaml b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_inprogress.yaml
new file mode 100644
index 0000000000000..eecac3af45432
--- /dev/null
+++ b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_inprogress.yaml
@@ -0,0 +1,22 @@
+apiVersion: clickhouse-keeper.altinity.com/v1
+kind: ClickHouseKeeperInstallation
+metadata:
+  name: test-clickhouse-keeper
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9181
+            template:
+              spec:
+                containers:
+                - name: clickhouse-keeper
+                  image: clickhouse/clickhouse-keeper:latest
+status:
+  status: InProgress
\ No newline at end of file
diff --git a/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_nostatus.yaml b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_nostatus.yaml
new file mode 100644
index 0000000000000..48802e942a3e9
--- /dev/null
+++ b/resource_customizations/clickhouse-keeper.altinity.com/ClickHouseKeeperInstallation/testdata/progressing_nostatus.yaml
@@ -0,0 +1,20 @@
+apiVersion: clickhouse-keeper.altinity.com/v1
+kind: ClickHouseKeeperInstallation
+metadata:
+  name: test-clickhouse-keeper
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9181
+            template:
+              spec:
+                containers:
+                - name: clickhouse-keeper
+                  image: clickhouse/clickhouse-keeper:latest
\ No newline at end of file
diff --git a/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health.lua b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health.lua
new file mode 100644
index 0000000000000..62835de8665f2
--- /dev/null
+++ b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health.lua
@@ -0,0 +1,17 @@
+local hs = {}
+if obj.status ~= nil and obj.status.status ~= nil then
+  if obj.status.status == "Completed" then
+    hs.status = "Healthy"
+    hs.message = "ClickHouse installation completed successfully"
+  elseif obj.status.status == "InProgress" then
+    hs.status = "Progressing"
+    hs.message = "ClickHouse installation in progress"
+  else
+    hs.status = "Degraded"
+    hs.message = "ClickHouse status: " .. obj.status.status
+  end
+else
+  hs.status = "Progressing"
+  hs.message = "ClickHouse status not yet available"
+end
+return hs 
\ No newline at end of file
diff --git a/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health_test.yaml b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health_test.yaml
new file mode 100644
index 0000000000000..d69fc4ffa3e56
--- /dev/null
+++ b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+- healthStatus:
+    status: Healthy
+    message: ClickHouse installation completed successfully
+  inputPath: testdata/healthy_completed.yaml
+- healthStatus:
+    status: Progressing
+    message: ClickHouse installation in progress
+  inputPath: testdata/progressing_inprogress.yaml
+- healthStatus:
+    status: Degraded
+    message: "ClickHouse status: Failed"
+  inputPath: testdata/degraded_failed.yaml
+- healthStatus:
+    status: Progressing
+    message: ClickHouse status not yet available
+  inputPath: testdata/progressing_nostatus.yaml
diff --git a/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/degraded_failed.yaml b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/degraded_failed.yaml
new file mode 100644
index 0000000000000..d64930a6261f5
--- /dev/null
+++ b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/degraded_failed.yaml
@@ -0,0 +1,22 @@
+apiVersion: clickhouse.altinity.com/v1
+kind: ClickHouseInstallation
+metadata:
+  name: test-clickhouse
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9000
+            template:
+              spec:
+                containers:
+                - name: clickhouse
+                  image: clickhouse/clickhouse-server:latest
+status:
+  status: Failed
diff --git a/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/healthy_completed.yaml b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/healthy_completed.yaml
new file mode 100644
index 0000000000000..425f72edb8973
--- /dev/null
+++ b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/healthy_completed.yaml
@@ -0,0 +1,22 @@
+apiVersion: clickhouse.altinity.com/v1
+kind: ClickHouseInstallation
+metadata:
+  name: test-clickhouse
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9000
+            template:
+              spec:
+                containers:
+                - name: clickhouse
+                  image: clickhouse/clickhouse-server:latest
+status:
+  status: Completed
diff --git a/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_inprogress.yaml b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_inprogress.yaml
new file mode 100644
index 0000000000000..0734e6eb6dd42
--- /dev/null
+++ b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_inprogress.yaml
@@ -0,0 +1,22 @@
+apiVersion: clickhouse.altinity.com/v1
+kind: ClickHouseInstallation
+metadata:
+  name: test-clickhouse
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9000
+            template:
+              spec:
+                containers:
+                - name: clickhouse
+                  image: clickhouse/clickhouse-server:latest
+status:
+  status: InProgress
\ No newline at end of file
diff --git a/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_nostatus.yaml b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_nostatus.yaml
new file mode 100644
index 0000000000000..2b8053066984d
--- /dev/null
+++ b/resource_customizations/clickhouse.altinity.com/ClickHouseInstallation/testdata/progressing_nostatus.yaml
@@ -0,0 +1,20 @@
+apiVersion: clickhouse.altinity.com/v1
+kind: ClickHouseInstallation
+metadata:
+  name: test-clickhouse
+  namespace: default
+spec:
+  configuration:
+    clusters:
+    - name: cluster
+      layout:
+        shards:
+        - name: shard
+          replicas:
+          - name: replica
+            port: 9000
+            template:
+              spec:
+                containers:
+                - name: clickhouse
+                  image: clickhouse/clickhouse-server:latest
\ No newline at end of file

From 4bd9241cc8720b3f4f236bdb1f9f8a4400017fcf Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sat, 6 Sep 2025 18:20:00 +0000
Subject: [PATCH 354/383] [Bot] docs: Update Snyk report (#24331)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   58 +-
 docs/snyk/master/argocd-iac-install.html      |   88 +-
 .../master/argocd-iac-namespace-install.html  |   84 +-
 docs/snyk/master/argocd-test.html             |   84 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_latest.html       |  491 +-
 docs/snyk/v2.13.8/argocd-iac-install.html     | 2891 ---------
 .../v2.13.8/argocd-iac-namespace-install.html | 2845 --------
 docs/snyk/v2.13.8/argocd-test.html            | 4399 -------------
 .../v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html   | 3348 ----------
 ..._docker_library_haproxy_2.6.17-alpine.html | 2196 -------
 ...ws_docker_library_redis_7.0.15-alpine.html | 1258 ----
 .../quay.io_argoproj_argocd_v2.13.8.html      | 5704 -----------------
 docs/snyk/v2.13.8/redis_7.0.15-alpine.html    | 1258 ----
 docs/snyk/v2.14.15/argocd-iac-install.html    |    2 +-
 .../argocd-iac-namespace-install.html         |    2 +-
 docs/snyk/v2.14.15/argocd-test.html           |   83 +-
 .../v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html  |    2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |    2 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v2.14.15.html     |  554 +-
 docs/snyk/v2.14.15/redis_7.0.15-alpine.html   |    2 +-
 .../argocd-iac-install.html                   |    2 +-
 .../argocd-iac-namespace-install.html         |    2 +-
 .../{v3.0.11 => v3.0.13}/argocd-test.html     |   83 +-
 .../ghcr.io_dexidp_dex_v2.41.1.html           |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v3.0.13.html}     | 1049 ++-
 .../redis_7.2.7-alpine.html                   |    2 +-
 .../argocd-iac-install.html                   |   24 +-
 .../argocd-iac-namespace-install.html         |   24 +-
 .../{v3.1.0-rc3 => v3.1.1}/argocd-test.html   |   83 +-
 .../ghcr.io_dexidp_dex_v2.43.0.html           |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v3.1.1.html}      | 1185 +---
 39 files changed, 1449 insertions(+), 26376 deletions(-)
 delete mode 100644 docs/snyk/v2.13.8/argocd-iac-install.html
 delete mode 100644 docs/snyk/v2.13.8/argocd-iac-namespace-install.html
 delete mode 100644 docs/snyk/v2.13.8/argocd-test.html
 delete mode 100644 docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
 delete mode 100644 docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
 delete mode 100644 docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
 delete mode 100644 docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
 delete mode 100644 docs/snyk/v2.13.8/redis_7.0.15-alpine.html
 rename docs/snyk/{v3.0.11 => v3.0.13}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.0.11 => v3.0.13}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.0.11 => v3.0.13}/argocd-test.html (97%)
 rename docs/snyk/{v3.0.11 => v3.0.13}/ghcr.io_dexidp_dex_v2.41.1.html (99%)
 rename docs/snyk/{v3.0.11 => v3.0.13}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.0.11 => v3.0.13}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html => v3.0.13/quay.io_argoproj_argocd_v3.0.13.html} (80%)
 rename docs/snyk/{v3.0.11 => v3.0.13}/redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.1.0-rc3 => v3.1.1}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.1.0-rc3 => v3.1.1}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.1.0-rc3 => v3.1.1}/argocd-test.html (94%)
 rename docs/snyk/{v3.1.0-rc3 => v3.1.1}/ghcr.io_dexidp_dex_v2.43.0.html (99%)
 rename docs/snyk/{v3.1.0-rc3 => v3.1.1}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.1.0-rc3 => v3.1.1}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.0.11/quay.io_argoproj_argocd_v3.0.11.html => v3.1.1/quay.io_argoproj_argocd_v3.1.1.html} (68%)

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index 32f885822338f..5dabdd8db2940 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -18,61 +18,47 @@ recent minor releases.
 | [dex:v2.43.0](master/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
 | [haproxy:3.0.8-alpine](master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
 | [redis:7.2.7-alpine](master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 9 | 7 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 4 | 7 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.1.0-rc3
+### v3.1.1
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.1.0-rc3/argocd-test.html) | 0 | 0 | 5 | 0 |
-| [ui/yarn.lock](v3.1.0-rc3/argocd-test.html) | 0 | 0 | 1 | 2 |
-| [dex:v2.43.0](v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
-| [haproxy:3.0.8-alpine](v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.1.0-rc3](v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html) | 0 | 0 | 9 | 9 |
-| [install.yaml](v3.1.0-rc3/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.1.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.1.1/argocd-test.html) | 0 | 0 | 5 | 0 |
+| [ui/yarn.lock](v3.1.1/argocd-test.html) | 1 | 0 | 1 | 2 |
+| [dex:v2.43.0](v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
+| [haproxy:3.0.8-alpine](v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.1.1](v3.1.1/quay.io_argoproj_argocd_v3.1.1.html) | 0 | 0 | 5 | 9 |
+| [install.yaml](v3.1.1/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.1.1/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.0.11
+### v3.0.13
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.0.11/argocd-test.html) | 0 | 3 | 5 | 0 |
-| [ui/yarn.lock](v3.0.11/argocd-test.html) | 0 | 1 | 2 | 4 |
-| [dex:v2.41.1](v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:3.0.8-alpine](v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.0.11](v3.0.11/quay.io_argoproj_argocd_v3.0.11.html) | 0 | 0 | 9 | 9 |
-| [redis:7.2.7-alpine](v3.0.11/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v3.0.11/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.0.11/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.0.13/argocd-test.html) | 0 | 3 | 5 | 0 |
+| [ui/yarn.lock](v3.0.13/argocd-test.html) | 1 | 1 | 2 | 4 |
+| [dex:v2.41.1](v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
+| [haproxy:3.0.8-alpine](v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.0.13](v3.0.13/quay.io_argoproj_argocd_v3.0.13.html) | 0 | 0 | 5 | 9 |
+| [redis:7.2.7-alpine](v3.0.13/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v3.0.13/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.0.13/argocd-iac-namespace-install.html) | - | - | - | - |
 
 ### v2.14.15
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
 | [go.mod](v2.14.15/argocd-test.html) | 0 | 1 | 8 | 0 |
-| [ui/yarn.lock](v2.14.15/argocd-test.html) | 0 | 0 | 2 | 3 |
+| [ui/yarn.lock](v2.14.15/argocd-test.html) | 1 | 0 | 2 | 3 |
 | [dex:v2.41.1](v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
 | [haproxy:2.6.17-alpine](v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
 | [redis:7.0.15-alpine](v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 0 | 22 | 9 |
+| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 1 | 24 | 9 |
 | [redis:7.0.15-alpine](v2.14.15/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
 | [install.yaml](v2.14.15/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](v2.14.15/argocd-iac-namespace-install.html) | - | - | - | - |
-
-### v2.13.8
-
-|    | Critical | High | Medium | Low |
-|---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.13.8/argocd-test.html) | 0 | 3 | 10 | 1 |
-| [ui/yarn.lock](v2.13.8/argocd-test.html) | 0 | 0 | 2 | 3 |
-| [dex:v2.41.1](v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:2.6.17-alpine](v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
-| [redis:7.0.15-alpine](v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.13.8](v2.13.8/quay.io_argoproj_argocd_v2.13.8.html) | 0 | 0 | 24 | 9 |
-| [redis:7.0.15-alpine](v2.13.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [install.yaml](v2.13.8/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.13.8/argocd-iac-namespace-install.html) | - | - | - | - |
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index 178339053add1..b8903eafddd32 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:26:55 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:24:19 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -500,14 +500,14 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           <li class="card__meta__item">Introduced through:
                                   [DocId: 17]
                                    <span class="list-paths__item__arrow">›</span> 
-                                  rules[5]
+                                  rules[4]
                                    <span class="list-paths__item__arrow">›</span> 
                                   resources
                                   
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24394
+                              Line number: 24389
                           </li>
                       </ul>
               
@@ -645,7 +645,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24190
+                              Line number: 24197
                           </li>
                       </ul>
               
@@ -691,7 +691,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24220
+                              Line number: 24227
                           </li>
                       </ul>
               
@@ -737,7 +737,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24238
+                              Line number: 24245
                           </li>
                       </ul>
               
@@ -783,7 +783,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24256
+                              Line number: 24263
                           </li>
                       </ul>
               
@@ -829,7 +829,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24278
+                              Line number: 24285
                           </li>
                       </ul>
               
@@ -881,7 +881,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25486
+                              Line number: 25477
                           </li>
                       </ul>
               
@@ -933,7 +933,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25805
+                              Line number: 25814
                           </li>
                       </ul>
               
@@ -991,7 +991,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24981
+                              Line number: 24972
                           </li>
                       </ul>
               
@@ -1049,7 +1049,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25282
+                              Line number: 25273
                           </li>
                       </ul>
               
@@ -1107,7 +1107,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25230
+                              Line number: 25221
                           </li>
                       </ul>
               
@@ -1165,7 +1165,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25344
+                              Line number: 25335
                           </li>
                       </ul>
               
@@ -1223,7 +1223,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25457
+                              Line number: 25448
                           </li>
                       </ul>
               
@@ -1281,7 +1281,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25481
+                              Line number: 25472
                           </li>
                       </ul>
               
@@ -1339,7 +1339,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25805
+                              Line number: 25814
                           </li>
                       </ul>
               
@@ -1397,7 +1397,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25540
+                              Line number: 25531
                           </li>
                       </ul>
               
@@ -1455,7 +1455,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25892
+                              Line number: 25901
                           </li>
                       </ul>
               
@@ -1513,7 +1513,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26302
+                              Line number: 26311
                           </li>
                       </ul>
               
@@ -1565,7 +1565,7 @@ <h2 class="card__title">Container is running with multiple open ports</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25262
+                              Line number: 25253
                           </li>
                       </ul>
               
@@ -1617,7 +1617,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24981
+                              Line number: 24972
                           </li>
                       </ul>
               
@@ -1669,7 +1669,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25230
+                              Line number: 25221
                           </li>
                       </ul>
               
@@ -1721,7 +1721,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25457
+                              Line number: 25448
                           </li>
                       </ul>
               
@@ -1779,7 +1779,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 24981
+                              Line number: 24972
                           </li>
                       </ul>
               
@@ -1837,7 +1837,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25230
+                              Line number: 25221
                           </li>
                       </ul>
               
@@ -1895,7 +1895,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25282
+                              Line number: 25273
                           </li>
                       </ul>
               
@@ -1953,7 +1953,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25344
+                              Line number: 25335
                           </li>
                       </ul>
               
@@ -2011,7 +2011,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25457
+                              Line number: 25448
                           </li>
                       </ul>
               
@@ -2069,7 +2069,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25481
+                              Line number: 25472
                           </li>
                       </ul>
               
@@ -2127,7 +2127,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25805
+                              Line number: 25814
                           </li>
                       </ul>
               
@@ -2185,7 +2185,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25540
+                              Line number: 25531
                           </li>
                       </ul>
               
@@ -2243,7 +2243,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25892
+                              Line number: 25901
                           </li>
                       </ul>
               
@@ -2301,7 +2301,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26302
+                              Line number: 26311
                           </li>
                       </ul>
               
@@ -2357,7 +2357,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25152
+                              Line number: 25143
                           </li>
                       </ul>
               
@@ -2413,7 +2413,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25290
+                              Line number: 25281
                           </li>
                       </ul>
               
@@ -2469,7 +2469,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25265
+                              Line number: 25256
                           </li>
                       </ul>
               
@@ -2525,7 +2525,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25389
+                              Line number: 25380
                           </li>
                       </ul>
               
@@ -2581,7 +2581,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25474
+                              Line number: 25465
                           </li>
                       </ul>
               
@@ -2637,7 +2637,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25488
+                              Line number: 25479
                           </li>
                       </ul>
               
@@ -2693,7 +2693,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25812
+                              Line number: 25821
                           </li>
                       </ul>
               
@@ -2749,7 +2749,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25778
+                              Line number: 25787
                           </li>
                       </ul>
               
@@ -2805,7 +2805,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26201
+                              Line number: 26210
                           </li>
                       </ul>
               
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26571
+                              Line number: 26580
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index bca59c9e254d2..b3f92c9159fc8 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:27:05 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:24:29 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -599,7 +599,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 193
+                              Line number: 200
                           </li>
                       </ul>
               
@@ -645,7 +645,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 223
+                              Line number: 230
                           </li>
                       </ul>
               
@@ -691,7 +691,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 241
+                              Line number: 248
                           </li>
                       </ul>
               
@@ -737,7 +737,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 259
+                              Line number: 266
                           </li>
                       </ul>
               
@@ -783,7 +783,7 @@ <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 281
+                              Line number: 288
                           </li>
                       </ul>
               
@@ -835,7 +835,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1275
+                              Line number: 1282
                           </li>
                       </ul>
               
@@ -887,7 +887,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1594
+                              Line number: 1619
                           </li>
                       </ul>
               
@@ -945,7 +945,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 770
+                              Line number: 777
                           </li>
                       </ul>
               
@@ -1003,7 +1003,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1071
+                              Line number: 1078
                           </li>
                       </ul>
               
@@ -1061,7 +1061,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1019
+                              Line number: 1026
                           </li>
                       </ul>
               
@@ -1119,7 +1119,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1133
+                              Line number: 1140
                           </li>
                       </ul>
               
@@ -1177,7 +1177,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1246
+                              Line number: 1253
                           </li>
                       </ul>
               
@@ -1235,7 +1235,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1270
+                              Line number: 1277
                           </li>
                       </ul>
               
@@ -1293,7 +1293,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1594
+                              Line number: 1619
                           </li>
                       </ul>
               
@@ -1351,7 +1351,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1329
+                              Line number: 1336
                           </li>
                       </ul>
               
@@ -1409,7 +1409,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1681
+                              Line number: 1706
                           </li>
                       </ul>
               
@@ -1467,7 +1467,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2091
+                              Line number: 2116
                           </li>
                       </ul>
               
@@ -1519,7 +1519,7 @@ <h2 class="card__title">Container is running with multiple open ports</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1051
+                              Line number: 1058
                           </li>
                       </ul>
               
@@ -1571,7 +1571,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 770
+                              Line number: 777
                           </li>
                       </ul>
               
@@ -1623,7 +1623,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1019
+                              Line number: 1026
                           </li>
                       </ul>
               
@@ -1675,7 +1675,7 @@ <h2 class="card__title">Container is running without liveness probe</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1246
+                              Line number: 1253
                           </li>
                       </ul>
               
@@ -1733,7 +1733,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 770
+                              Line number: 777
                           </li>
                       </ul>
               
@@ -1791,7 +1791,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1019
+                              Line number: 1026
                           </li>
                       </ul>
               
@@ -1849,7 +1849,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1071
+                              Line number: 1078
                           </li>
                       </ul>
               
@@ -1907,7 +1907,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1133
+                              Line number: 1140
                           </li>
                       </ul>
               
@@ -1965,7 +1965,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1246
+                              Line number: 1253
                           </li>
                       </ul>
               
@@ -2023,7 +2023,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1270
+                              Line number: 1277
                           </li>
                       </ul>
               
@@ -2081,7 +2081,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1594
+                              Line number: 1619
                           </li>
                       </ul>
               
@@ -2139,7 +2139,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1329
+                              Line number: 1336
                           </li>
                       </ul>
               
@@ -2197,7 +2197,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1681
+                              Line number: 1706
                           </li>
                       </ul>
               
@@ -2255,7 +2255,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2091
+                              Line number: 2116
                           </li>
                       </ul>
               
@@ -2311,7 +2311,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 941
+                              Line number: 948
                           </li>
                       </ul>
               
@@ -2367,7 +2367,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1079
+                              Line number: 1086
                           </li>
                       </ul>
               
@@ -2423,7 +2423,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1054
+                              Line number: 1061
                           </li>
                       </ul>
               
@@ -2479,7 +2479,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1178
+                              Line number: 1185
                           </li>
                       </ul>
               
@@ -2535,7 +2535,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1263
+                              Line number: 1270
                           </li>
                       </ul>
               
@@ -2591,7 +2591,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1277
+                              Line number: 1284
                           </li>
                       </ul>
               
@@ -2647,7 +2647,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1601
+                              Line number: 1626
                           </li>
                       </ul>
               
@@ -2703,7 +2703,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1567
+                              Line number: 1592
                           </li>
                       </ul>
               
@@ -2759,7 +2759,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1990
+                              Line number: 2015
                           </li>
                       </ul>
               
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2360
+                              Line number: 2385
                           </li>
                       </ul>
               
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index 0065617e1482b..c5ba9659dd476 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:24:46 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:22:06 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,7 +501,7 @@ <h1 class="project__header__title">Snyk test report</h1>
               <div class="meta-counts">
                 <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
                 <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2106</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2118</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -536,7 +536,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/r3labs/diff/v3@3.0.1
+                                github.com/argoproj/argo-cd/v3@0.0.0 and github.com/r3labs/diff/v3@3.0.2
         
                     </li>
                 </ul>
@@ -551,7 +551,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff/v3@3.0.1
+                                        github.com/r3labs/diff/v3@3.0.2
                                         
                                 </span>
         
@@ -599,7 +599,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    github.com/argoproj/argo-cd/v3@0.0.0, code.gitea.io/sdk/gitea@0.21.0 and others
+                                    github.com/argoproj/argo-cd/v3@0.0.0, code.gitea.io/sdk/gitea@0.22.0 and others
                     </li>
                 </ul>
         
@@ -613,7 +613,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        code.gitea.io/sdk/gitea@0.21.0
+                                        code.gitea.io/sdk/gitea@0.22.0
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-version@1.7.0
                                         
@@ -686,7 +686,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -697,7 +697,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.134.0
+                                        gitlab.com/gitlab-org/api/client-go@0.142.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -708,9 +708,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -721,9 +721,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -734,7 +734,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -747,11 +747,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/api@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -762,11 +762,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/controller@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -777,9 +777,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -792,9 +792,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -807,11 +807,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/api@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -824,11 +824,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/controller@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -905,7 +905,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.134.0
+                                        gitlab.com/gitlab-org/api/client-go@0.142.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -916,7 +916,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.134.0
+                                        gitlab.com/gitlab-org/api/client-go@0.142.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
@@ -929,7 +929,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -944,9 +944,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -961,9 +961,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/cmd@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -978,11 +978,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/api@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
@@ -997,11 +997,11 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/controller@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#87bf0576a872
+                                        github.com/argoproj/notifications-engine/pkg/services@#3ec18d4536a7
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/opsgenie/opsgenie-go-sdk-v2/client@1.2.23
                                          <span class="list-paths__item__arrow">›</span> 
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index 39104bfb03cd2..1ee7f9625e26d 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:24:55 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:22:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index f0f650e6b27b9..3ba6f2a524856 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:25:00 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:22:20 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 95a7cfb773041..78f3beef94fea 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:25:05 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:22:24 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index e34acb785369b..bbd2064dd4dab 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="22 known vulnerabilities found in 81 vulnerable dependency paths.">
+  <meta name="description" content="17 known vulnerabilities found in 68 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:25:24 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:22:49 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,9 +501,9 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>22</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>81 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2322</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>68 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2320</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -578,7 +578,7 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
         <h2 id="remediation">Remediation</h2>
         <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>tar</code>.</p>
         <h2 id="references">References</h2>
@@ -586,6 +586,9 @@ <h2 id="references">References</h2>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
         <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
         <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
         </ul>
         
               <hr/>
@@ -1123,478 +1126,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-PAM-9795712">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
-        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691440">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Heap-based Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691453">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Certificate Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/dirmngr@2.4.4-2ubuntu23.1 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu23.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.48.1-0ubuntu1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.12.1-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.9-2ubuntu3.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GNUTLS28-10691517">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-5745</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.41-6ubuntu1.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.41-6ubuntu1.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>glibc</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5745">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5745</a></li>
-        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33060">https://sourceware.org/bugzilla/show_bug.cgi?id=33060</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-10321966">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-5702</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:25.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.41-6ubuntu1.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.41-6ubuntu1.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.41-6ubuntu1.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:25.04</code> relevant fixed versions and status.</em></p>
-        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:25.04</code> <code>glibc</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
-        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2504-GLIBC-10321977">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
@@ -1623,7 +1154,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/r3labs/diff/v3@v3.0.1
+                                github.com/argoproj/argo-cd/v3@* and github.com/r3labs/diff/v3@v3.0.2
         
                     </li>
                 </ul>
@@ -1638,7 +1169,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff/v3@v3.0.1
+                                        github.com/r3labs/diff/v3@v3.0.2
                                         
                                 </span>
         
diff --git a/docs/snyk/v2.13.8/argocd-iac-install.html b/docs/snyk/v2.13.8/argocd-iac-install.html
deleted file mode 100644
index c6f3b94de8828..0000000000000
--- a/docs/snyk/v2.13.8/argocd-iac-install.html
+++ /dev/null
@@ -1,2891 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content=" known vulnerabilities found in .">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:37:23 am (UTC+00:00)</p>
-              </div>
-                <div class="source-panel">
-                  <span>Scanned the following path:</span>
-                  <ul>
-                    <li class="paths">/argo-cd/manifests/install.yaml (Kubernetes)</li>
-                  </ul>
-                </div>
-    
-                <div class="meta-counts">
-                  <div class="meta-count"><span>44</span> <span>total issues</span></div>
-                </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-        <section class="layout-container">
-            <table class="metatable">
-                <tbody>
-                <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr>
-                <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/install.yaml</td></tr>
-                <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr>
-                </tbody>
-            </table>
-        </section>        <div class="layout-container" style="padding-top: 35px;">
-          <div class="cards--vuln filter--patch filter--ignore">
-              <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--high">
-                          <span class="label__text">high severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 17]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[5]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22402
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 10]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22083
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 11]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[4]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22170
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 12]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22198
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 13]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[1]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22228
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 13]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[3]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22246
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 14]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22264
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 15]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22286
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container could be running with outdated image</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  imagePullPolicy
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23358
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>The container may run with outdated or unauthorized image</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container could be running with outdated image</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  imagePullPolicy
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23657
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>The container may run with outdated or unauthorized image</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 45]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22895
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23164
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23118
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 47]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-notifications-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23224
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23329
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23353
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23657
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-repo-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23410
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 50]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23742
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 51]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-application-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 24132
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running with multiple open ports</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  ports
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23144
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Increases the attack surface of the application and the container.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Reduce &#x60;ports&#x60; count to 2</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without liveness probe</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 45]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  livenessProbe
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22895
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without liveness probe</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  livenessProbe
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23118
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without liveness probe</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  livenessProbe
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23329
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 45]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 22895
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23118
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23164
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 47]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-notifications-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23224
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23329
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23353
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23657
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-repo-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23410
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 50]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23742
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 51]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-application-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 24132
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 45]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23042
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23172
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 46]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23147
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 47]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-notifications-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23263
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23346
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 48]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23360
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23664
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 49]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-repo-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 23630
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 50]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 24033
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 51]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-application-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 24351
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-          </div>
-        </div>
-        
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html b/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
deleted file mode 100644
index f15d7a561871d..0000000000000
--- a/docs/snyk/v2.13.8/argocd-iac-namespace-install.html
+++ /dev/null
@@ -1,2845 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content=" known vulnerabilities found in .">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:37:32 am (UTC+00:00)</p>
-              </div>
-                <div class="source-panel">
-                  <span>Scanned the following path:</span>
-                  <ul>
-                    <li class="paths">/argo-cd/manifests/namespace-install.yaml (Kubernetes)</li>
-                  </ul>
-                </div>
-    
-                <div class="meta-counts">
-                  <div class="meta-count"><span>43</span> <span>total issues</span></div>
-                </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-        <section class="layout-container">
-            <table class="metatable">
-                <tbody>
-                <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/namespace-install.yaml</td></tr>
-                <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/namespace-install.yaml</td></tr>
-                <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr>
-                </tbody>
-            </table>
-        </section>        <div class="layout-container" style="padding-top: 35px;">
-          <div class="cards--vuln filter--patch filter--ignore">
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 7]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 77
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 8]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[4]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 164
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 9]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 192
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 10]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[1]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 222
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 10]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[3]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 240
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 11]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 258
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-                  <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--medium">
-                          <span class="label__text">medium severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 12]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  rules[0]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 280
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Consider removing these permissions</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container could be running with outdated image</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  imagePullPolicy
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1138
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>The container may run with outdated or unauthorized image</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container could be running with outdated image</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  imagePullPolicy
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1437
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>The container may run with outdated or unauthorized image</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 36]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 675
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 944
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 898
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 38]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-notifications-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1004
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1109
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1133
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1437
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-repo-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1190
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 41]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1522
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container has no CPU limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 42]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-application-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  cpu
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1912
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running with multiple open ports</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  ports
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 924
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Increases the attack surface of the application and the container.</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Reduce &#x60;ports&#x60; count to 2</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without liveness probe</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 36]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  livenessProbe
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 675
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without liveness probe</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  livenessProbe
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 898
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without liveness probe</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  livenessProbe
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1109
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Add &#x60;livenessProbe&#x60; attribute</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 36]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 675
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 898
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 944
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 38]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-notifications-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1004
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1109
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1133
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1437
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-repo-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1190
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 41]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1522
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container is running without memory limit</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 42]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-application-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  resources
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  limits
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  memory
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1912
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;resources.limits.memory&#x60; value</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 36]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-applicationset-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 822
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 952
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 37]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[dex]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 927
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 38]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-notifications-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1043
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[redis]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1126
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 39]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[secret-init]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1140
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  initContainers[copyutil]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1444
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 40]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-repo-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1410
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 41]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-server]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 1813
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-              <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-                  <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with host&#x27;s UID</h2>
-                  <div class="card__section">
-              
-                      <div class="label label--low">
-                          <span class="label__text">low severity</span>
-                      </div>
-              
-                      <hr/>
-              
-                      <ul class="card__meta">
-                          <li class="card__meta__item">
-                              Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 
-                          </li>
-              
-                          <li class="card__meta__item">Introduced through:
-                                  [DocId: 42]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  input
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  template
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  spec
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  containers[argocd-application-controller]
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  securityContext
-                                   <span class="list-paths__item__arrow">›</span> 
-                                  runAsUser
-                                  
-                          </li>
-              
-                          <li class="card__meta__item">
-                              Line number: 2131
-                          </li>
-                      </ul>
-              
-                      <hr/>
-              
-                          <h2>Impact</h2>
-                          <p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
-              
-                          <h2>Remediation</h2>
-                          <p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
-              
-              
-                          <hr/>
-                  </div><!-- .card__section -->
-              
-                  <div class="cta card__cta">
-                      <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
-                  </div>
-              
-              </div><!-- .card -->
-          </div>
-        </div>
-        
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/argocd-test.html b/docs/snyk/v2.13.8/argocd-test.html
deleted file mode 100644
index 9b49cb2bb5047..0000000000000
--- a/docs/snyk/v2.13.8/argocd-test.html
+++ /dev/null
@@ -1,4399 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="19 known vulnerabilities found in 154 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:35:20 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">/argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)</li>
-                  <li class="paths">/argo-cd/ui/yarn.lock (yarn)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>19</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>154 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2149</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/oauth2/jws
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, golang.org/x/oauth2/google@0.23.0 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jwt@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jwt@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jwt@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jwt@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jwt@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/chat/v1@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/transport/http@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/option@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/api/internal@0.132.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/google@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jwt@0.23.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper parsing of malformed tokens which can lead to memory consumption.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/oauth2/jws</code> to version 0.27.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3">GitHub Commit</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/commit/d0bb4610154d45b7dce7d706a8068ea72586d249">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71490">GitHub Issue</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/pull/1308">GitHub PR</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3488">Go Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/http/httpproxy
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/net/http/httpproxy@0.33.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/http/httpproxy@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/http/httpproxy">golang.org/x/net/http/httpproxy</a> is a package for HTTP proxy determination based on environment variables, as provided by net/http&#39;s ProxyFromEnvironment function</p>
-        <p>Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in <code>proxy.go</code>, because hostname matching against proxy patterns may treat an IPv6 zone ID as a hostname component. An environment variable value like <code>*.example.com</code> could be matched to a request intended for <code>[::1%25.example.com]:80</code>.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/http/httpproxy</code> to version 0.36.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://go-review.googlesource.com/c/go/+/654717/4/src/vendor/golang.org/x/net/http/httpproxy/proxy.go">Git Commit</a></li>
-        <li><a href="https://github.com/golang/go/commit/3705a6f1f0a66e70916bb09f50f4fcd1c520df53">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/net/commit/76f9bf3279eff2e596db4960a78a2665d0ff9405">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71984">GitHub Issue</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/crypto/ssh
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.32.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        code.gitea.io/sdk/gitea@0.19.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/knownhosts@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        code.gitea.io/sdk/gitea@0.19.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-fed/httpsig@1.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/skeema/knownhosts@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        code.gitea.io/sdk/gitea@0.19.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/agent@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/xanzy/ssh-agent@0.3.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/agent@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/skeema/knownhosts@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/knownhosts@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/skeema/knownhosts@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/xanzy/ssh-agent@0.3.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/agent@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/skeema/knownhosts@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/knownhosts@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/skeema/knownhosts@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/xanzy/ssh-agent@0.3.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/agent@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/client@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-git/go-git/v5/plumbing/transport/ssh@5.13.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/skeema/knownhosts@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh/knownhosts@0.32.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/crypto/ssh?tab=doc">golang.org/x/crypto/ssh</a> is a SSH client and server</p>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in <code>handshakeTransport</code> in <code>handshake.go</code>. An internal queue gets populated with received packets during the key exchange process, while waiting for the client to send a <code>SSH_MSG_KEXINIT</code>. An attacker can cause the server to become unresponsive to new connections by delaying or withholding this message, or by causing the queue to consume all available memory.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/crypto/ssh</code> to version 0.35.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://go.dev/cl/652135">Git Commit</a></li>
-        <li><a href="https://go.dev/issue/71931">Go Issue</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3487">Vulnerability Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            gopkg.in/retry.v1
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/kubelogin/pkg/token@0.0.20
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@1.0.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>LGPL-3.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/client-go/tools/portforward@0.31.0 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/portforward@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/cache@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/health@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/ignore@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/sync/common@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@#4c6e03c46314
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/cmd/util@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/templates@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/kubectl/pkg/util/term@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/tools/remotecommand@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/client-go/transport/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/httpstream/spdy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        k8s.io/apimachinery/pkg/util/proxy@0.31.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Unexpected Status Code or Return Value</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/redis/go-redis/v9
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/redis/go-redis/v9@9.7.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@9.7.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-redis/cache/v9@9.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@9.7.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in <code>initConn()</code>, which causes out of order responses when <code>CLIENT SETINFO</code> times out while establishing a connection.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by setting <code>DisableIndentity</code> to true when initializing a client.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/redis/go-redis/v9</code> to version 9.5.5, 9.6.3, 9.7.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6">GitHub Commit</a></li>
-        <li><a href="https://github.com/redis/go-redis/pull/3295">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMREDISGOREDISV9-9486471">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/r3labs/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff@1.1.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-version
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.19.0 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        code.gitea.io/sdk/gitea@0.19.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@1.6.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-retryablehttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/xanzy/go-gitlab@0.109.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-cleanhttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/xanzy/go-gitlab@0.109.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/xanzy/go-gitlab@0.109.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/api@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/notifications-engine/pkg/services@#0802cd427621
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@0.7.7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/gosimple/slug
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.14.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/gosimple/slug@1.14.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/go-jose/go-jose/v3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-jose/go-jose/v3@3.0.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/go-jose/go-jose/v3</code> to version 3.0.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
-        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV3-8754524">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Concurrent Execution using Shared Resource with Improper Synchronization (&#x27;Race Condition&#x27;)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/Azure/azure-sdk-for-go/sdk/azidentity
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/kubelogin/pkg/token@0.0.20
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity">github.com/Azure/azure-sdk-for-go/sdk/azidentity</a> is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.</p>
-        <p>Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization (&#39;Race Condition&#39;) in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.</p>
-        <p><strong>Notes:</strong></p>
-        <ol>
-        <li><p>An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;</p>
-        </li>
-        <li><p>An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;</p>
-        </li>
-        <li><p>The vulnerability exists in the following credential types: <code>DefaultAzureCredential</code> and <code>ManagedIdentityCredential</code>;</p>
-        </li>
-        <li><p>The vulnerability exists in the following credential types:</p>
-        </li>
-        </ol>
-        <p><code>ManagedIdentityApplication</code> (.NET)</p>
-        <p><code>ManagedIdentityApplication</code> (Java)</p>
-        <p><code>ManagedIdentityApplication</code> (Node.js)</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/Azure/azure-sdk-for-go/sdk/azidentity</code> to version 1.6.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/commit/fddb2c4011c79a7efda2df053ca05b87b8a1303c">GitHub Commit</a></li>
-        <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-java/commit/9a07472cedbde7a1013a6fc81da91f2a2c6d67a1">GitHub Commit</a></li>
-        <li><a href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/3ee9c68d1a80bf7652e41b58ae1bf87ff64a727e">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-net/commit/2db9a0f33668ae9cf0331613e1cd612bee105e1c">GitHub Commit</a></li>
-        <li><a href="https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178">GitHub Commit</a></li>
-        <li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255">Microsoft Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMAZUREAZURESDKFORGOSDKAZIDENTITY-7246767">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            foundation-sites
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                argo-cd-ui@1.0.0 and foundation-sites@6.8.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        foundation-sites@6.8.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        foundation-sites@6.8.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://github.com/zurb/foundation-sites">foundation-sites</a> is a responsive front-end framework</p>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to inefficient backtracking in the regular expressions used in URL forms.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code>https://www.&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;&#39;
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>foundation-sites</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://securitylab.github.com/advisories/GHSL-2020-290-redos-foundation-sites">GitHub Advisory</a></li>
-        <li><a href="https://github.com/foundation/foundation-sites/issues/12180">GitHub Issue</a></li>
-        <li><a href="https://github.com/foundation/foundation-sites/blob/develop/js/foundation.abide.js#L864">Vulnerable Code</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-FOUNDATIONSITES-8310364">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            @babel/runtime
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, argo-ui@1.0.0 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @ant-design/cssinjs@1.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @ant-design/icons@5.1.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @ant-design/react-slick@1.0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/color-picker@1.2.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-checkbox@3.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-collapse@3.7.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-dialog@9.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-drawer@6.2.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-image@5.17.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-input@1.0.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-input-number@7.4.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-mentions@2.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-motion@2.7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-notification@5.0.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-pagination@3.5.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-picker@3.8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-progress@3.4.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-rate@2.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-resize-observer@1.2.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-segmented@2.2.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-slider@10.1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-table@7.32.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-tabs@12.7.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-tooltip@6.0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-tree-select@5.9.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-upload@4.3.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-cascader@3.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-select@14.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-cascader@3.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-tree@5.7.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-drawer@6.2.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-motion@2.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-mentions@2.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-menu@9.9.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-mentions@2.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-textarea@1.2.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-table@7.32.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/context@1.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/trigger@1.13.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-align@4.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/trigger@1.13.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-motion@2.4.4
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-cascader@3.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-select@14.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-overflow@1.2.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-mentions@2.3.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-menu@9.9.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-overflow@1.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-cascader@3.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-select@14.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-overflow@1.2.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-resize-observer@1.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.16.7
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/mutate-observer@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-dropdown@4.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-field-form@1.32.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @ant-design/cssinjs@1.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-util@5.34.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/portal@1.1.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/trigger@1.13.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-dialog@9.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-util@5.24.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-input-number@7.4.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/mini-decimal@1.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.19.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-form@2.16.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-redux@5.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-form@2.16.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-redux@5.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-form@2.16.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-redux@5.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-cascader@3.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-form@2.16.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-redux@5.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-dropdown@4.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-util@5.20.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router-dom@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-router@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        history@4.10.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/trigger@1.13.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-align@4.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-util@5.16.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.14.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/tour@1.8.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @rc-component/trigger@1.13.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-resize-observer@1.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.22.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-cascader@3.12.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-select@14.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-virtual-list@3.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.22.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-steps@6.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        date-fns@2.30.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.21.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        argo-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        antd@5.6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rc-switch@4.1.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.21.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-virtualized@9.22.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.20.13
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        react-virtualized@9.22.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dom-helpers@5.2.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.20.13
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        redoc@2.4.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        polished@4.3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @babel/runtime@7.26.9
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the <code>replace()</code> method in <code>wrapRegExp.js</code>. An attacker can cause degradation in performance by supplying input strings that exploit the quadratic complexity of the replacement algorithm. </p>
-        <p>This is only exploitable when all of the following conditions are met: </p>
-        <ol>
-        <li><p>The code passes untrusted strings in the second argument to <code>.replace()</code>.</p>
-        </li>
-        <li><p>The compiled regular expressions being applied contain named capture groups.</p>
-        </li>
-        </ol>
-        <p>In the case of <code>@babel/preset-env</code>, if the <code>targets</code> option is in use the application will be vulnerable under either of the following conditions:</p>
-        <ol>
-        <li><p>A browser older than Chrome 64, Opera 71, Edge 79, Firefox 78, Safari 11.1, or Node.js 10 is used when processing named capture groups.</p>
-        </li>
-        <li><p>A browser older than Chrome/Edge 126, Opera 112, Firefox 129, Safari 17.4, or Node.js 23 is used when processing duplicated named capture groups.</p>
-        </li>
-        </ol>
-        <p><strong>Note:</strong> The project maintainers advise that &quot;just updating your Babel dependencies is not enough: you will also need to re-compile your code.&quot;</p>
-        <h2 id="workaround">Workaround</h2>
-        <p> This vulnerability can be avoided by filtering out input containing a <code>$&lt;</code> that is not followed by a <code>&gt;</code>.</p>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>@babel/runtime</code> to version 7.26.10, 8.0.0-alpha.17 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/babel/babel/commit/d5952e80c0faa5ec20e35085531b6e572d31dad4">GitHub Commit</a></li>
-        <li><a href="https://gist.github.com/mmmsssttt404/1f066ed9237f514714f2cc022d631838">GitHub Gist</a></li>
-        <li><a href="https://github.com/babel/babel/pull/17173">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Arbitrary Code Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            prismjs
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, redoc@2.4.0 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        redoc@2.4.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        prismjs@1.29.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="http://prismjs.com/">prismjs</a> is a lightweight, robust, elegant syntax highlighting library.</p>
-        <p>Affected versions of this package are vulnerable to Arbitrary Code Injection via the <code>document.currentScript</code> lookup process. An attacker can manipulate the web page content and execute unintended actions by injecting HTML elements that overshadow legitimate DOM elements.</p>
-        <p><strong>Note:</strong></p>
-        <p>This is only exploitable if the application accepts untrusted input containing HTML but not direct JavaScript.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>prismjs</code> to version 1.30.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/PrismJS/prism/commit/8e8b9352dac64457194dd9e51096b4772532e53d">GitHub Commit</a></li>
-        <li><a href="https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660">GitHub Gist</a></li>
-        <li><a href="https://github.com/PrismJS/prism/pull/3863">GitHub PR</a></li>
-        <li><a href="https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259">Vulnerable Code</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-PRISMJS-9055448">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Insufficient Documentation of Error Handling Techniques</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> go.mod
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/golang-jwt/jwt
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@0.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/Azure/kubelogin/pkg/token@0.0.20
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential@0.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/AzureAD/microsoft-authentication-library-for-go/apps/internal/oauth/ops/accesstokens@0.5.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/golang-jwt/jwt@3.2.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the <code>ParseWithClaims</code> function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see <a href="https://github.com/golang-jwt/jwt/blob/bc8bdca5cced1caa9787e4a1c313a3538544c877/example_test.go#L165-L189"><code>example_test.go</code></a></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c">GitHub Commit</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOLANGJWTJWT-8341243">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Insecure Randomness</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            formidable
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, superagent@8.1.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        superagent@8.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        formidable@2.1.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Insecure Randomness due to its use of the <code>hexoid()</code> function in the generation of fingerprint IDs.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>formidable</code> to version 2.1.3, 3.5.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5">GitHub Commit</a></li>
-        <li><a href="https://github.com/zast-ai/vulnerability-reports/blob/main/formidable/file_upload/report.md">Vulnerability Report</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-FORMIDABLE-9788127">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Regular Expression Denial of Service (ReDoS)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: npm
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            brace-expansion
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    argo-cd-ui@1.0.0, minimatch@3.1.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        minimatch@3.1.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        brace-expansion@1.1.11
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        argo-cd-ui@1.0.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        redoc@2.4.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        @redocly/openapi-core@1.30.0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        minimatch@5.1.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        brace-expansion@2.0.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://github.com/juliangruber/brace-expansion">brace-expansion</a> is a Brace expansion as known from sh/bash</p>
-        <p>Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the <code>expand()</code> function, which is prone to catastrophic backtracking on very long malicious inputs.</p>
-        <h2 id="poc">PoC</h2>
-        <pre><code class="language-js">import index from &quot;./index.js&quot;;
-        
-        let str = &quot;{a}&quot; + &quot;,&quot;.repeat(100000) + &quot;\u0000&quot;;
-        
-        let startTime = performance.now();
-        
-        const result = index(str);
-        
-        let endTime = performance.now();
-        
-        let timeTaken = endTime - startTime;
-        
-        console.log(`匹配耗时: ${timeTaken.toFixed(3)} 毫秒`);
-        </code></pre>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.</p>
-        <p>The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren&#39;t very intuitive and can ultimately end up making it easy for attackers to take your site down.</p>
-        <p>Let’s take the following regular expression as an example:</p>
-        <pre><code class="language-js">regex = /A(B|C+)+D/
-        </code></pre>
-        <p>This regular expression accomplishes the following:</p>
-        <ul>
-        <li><code>A</code> The string must start with the letter &#39;A&#39;</li>
-        <li><code>(B|C+)+</code> The string must then follow the letter A with either the letter &#39;B&#39; or some number of occurrences of the letter &#39;C&#39; (the <code>+</code> matches one or more times). The <code>+</code> at the end of this section states that we can look for one or more matches of this section.</li>
-        <li><code>D</code> Finally, we ensure this section of the string ends with a &#39;D&#39;</li>
-        </ul>
-        <p>The expression would match inputs such as <code>ABBD</code>, <code>ABCCCCD</code>, <code>ABCBCCCD</code> and <code>ACCCCCD</code></p>
-        <p>It most cases, it doesn&#39;t take very long for a regex engine to find a match:</p>
-        <pre><code class="language-bash">$ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD&quot;)&#39;
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e &#39;/A(B|C+)+D/.test(&quot;ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX&quot;)&#39;
-        1.79s user 0.02s system 99% cpu 1.812 total
-        </code></pre>
-        <p>The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.</p>
-        <p>Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as <em>catastrophic backtracking</em>.</p>
-        <p>Let&#39;s look at how our expression runs into this problem, using a shorter string: &quot;ACCCX&quot;. While it seems fairly straightforward, there are still four different ways that the engine could match those three C&#39;s:</p>
-        <ol>
-        <li>CCC</li>
-        <li>CC+C</li>
-        <li>C+CC</li>
-        <li>C+C+C.</li>
-        </ol>
-        <p>The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use <a href="https://regex101.com/debugger">RegEx 101 debugger</a> to see the engine has to take a total of 38 steps before it can determine the string doesn&#39;t match.</p>
-        <p>From there, the number of steps the engine must use to validate a string just continues to grow.</p>
-        <table>
-        <thead>
-        <tr>
-        <th>String</th>
-        <th align="right">Number of C&#39;s</th>
-        <th align="right">Number of steps</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td>ACCCX</td>
-        <td align="right">3</td>
-        <td align="right">38</td>
-        </tr>
-        <tr>
-        <td>ACCCCX</td>
-        <td align="right">4</td>
-        <td align="right">71</td>
-        </tr>
-        <tr>
-        <td>ACCCCCX</td>
-        <td align="right">5</td>
-        <td align="right">136</td>
-        </tr>
-        <tr>
-        <td>ACCCCCCCCCCCCCCX</td>
-        <td align="right">14</td>
-        <td align="right">65,553</td>
-        </tr>
-        </tbody></table>
-        <p>By the time the string includes 14 C&#39;s, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>brace-expansion</code> to version 1.1.12, 2.0.2, 3.0.1, 4.0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/advisories/GHSA-v6h2-p8h4-qcjw">GitHub Advisory</a></li>
-        <li><a href="https://github.com/juliangruber/brace-expansion/commit/0b6a9781e18e9d2769bb2931f4856d1360243ed2">GitHub Commit</a></li>
-        <li><a href="https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466">GitHub Gist</a></li>
-        <li><a href="https://github.com/juliangruber/brace-expansion/pull/65">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
deleted file mode 100644
index b02f33b2b4584..0000000000000
--- a/docs/snyk/v2.13.8/ghcr.io_dexidp_dex_v2.41.1.html
+++ /dev/null
@@ -1,3348 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="33 known vulnerabilities found in 78 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:35:28 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/dexidp/dex (apk)</li>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4//usr/local/bin/gomplate (gomodules)</li>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)</li>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.41.1/dexidp/dex//usr/local/bin/dex (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>33</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>78 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>969</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--critical" data-snyk-test="critical">
-            <h2 class="card__title">Incorrect Implementation of Authentication Algorithm</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--critical">
-                        <span class="label__text">critical severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/crypto/ssh
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/crypto/ssh@v0.24.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@v0.24.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/crypto/ssh?tab=doc">golang.org/x/crypto/ssh</a> is a SSH client and server</p>
-        <p>Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate <code>ServerConfig.PublicKeyCallback</code> callbacks.</p>
-        <p><strong>Note:</strong> The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states &quot;A call to this function does not guarantee that the key offered is in fact used to authenticate.&quot; The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as <code>PasswordCallback</code>, <code>KeyboardInteractiveCallback</code>, or <code>NoClientAuth</code>. It is therefore recommended to rely on the return values of the connection itself, found in <code>ServerConn.Permissions</code> for further authorization steps.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/crypto/ssh</code> to version 0.31.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/20094">GitHub Issue</a></li>
-        <li><a href="https://go.dev/cl/635315">go.dev Commit</a></li>
-        <li><a href="https://go.dev/issue/70779">go.dev Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ">Google Groups Forum</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2024-3321">Go Vulnerability Database</a></li>
-        <li><a href="https://github.com/NHAS/CVE-2024-45337-POC">PoC</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8496611">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Applications performing certificate name checks (e.g., TLS
-        clients checking server certificates) may attempt to read an invalid memory
-        address resulting in abnormal termination of the application process.</p>
-        <p>Impact summary: Abnormal termination of an application can a cause a denial of
-        service.</p>
-        <p>Applications performing certificate name checks (e.g., TLS clients checking
-        server certificates) may attempt to read an invalid memory address when
-        comparing the expected name with an <code>otherName</code> subject alternative name of an
-        X.509 certificate. This may result in an exception that terminates the
-        application program.</p>
-        <p>Note that basic certificate chain validation (signatures, dates, ...) is not
-        affected, the denial of service can occur only when the application also
-        specifies an expected DNS name, Email address or IP address.</p>
-        <p>TLS servers rarely solicit client certificates, and even when they do, they
-        generally don&#39;t perform a name check against a reference identifier (expected
-        identity), but rather extract the presented identity after checking the
-        certificate chain.  So TLS servers are generally not affected and the severity
-        of the issue is Moderate.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f">https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6">https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2">https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0">https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20240903.txt">https://openssl-library.org/news/secadv/20240903.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/09/03/4">http://www.openwall.com/lists/oss-security/2024/09/03/4</a></li>
-        <li><a href="https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html">https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20240912-0001/">https://security.netapp.com/advisory/ntap-20240912-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7895537">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/oauth2/jws
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/oauth2/jws@v0.21.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@v0.21.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@v0.21.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper parsing of malformed tokens which can lead to memory consumption.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/oauth2/jws</code> to version 0.27.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3">GitHub Commit</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/commit/d0bb4610154d45b7dce7d706a8068ea72586d249">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71490">GitHub Issue</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/pull/1308">GitHub PR</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3488">Go Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/http/httpproxy
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/net/http/httpproxy@v0.26.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/http/httpproxy@v0.26.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/http/httpproxy@v0.27.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/http/httpproxy">golang.org/x/net/http/httpproxy</a> is a package for HTTP proxy determination based on environment variables, as provided by net/http&#39;s ProxyFromEnvironment function</p>
-        <p>Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in <code>proxy.go</code>, because hostname matching against proxy patterns may treat an IPv6 zone ID as a hostname component. An environment variable value like <code>*.example.com</code> could be matched to a request intended for <code>[::1%25.example.com]:80</code>.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/http/httpproxy</code> to version 0.36.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://go-review.googlesource.com/c/go/+/654717/4/src/vendor/golang.org/x/net/http/httpproxy/proxy.go">Git Commit</a></li>
-        <li><a href="https://github.com/golang/go/commit/3705a6f1f0a66e70916bb09f50f4fcd1c520df53">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/net/commit/76f9bf3279eff2e596db4960a78a2665d0ff9405">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71984">GitHub Issue</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Denial of Service (DoS)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex <span class="list-paths__item__arrow">›</span> /usr/local/bin/dex
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.27.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions <code>parseDoctype</code>, <code>htmlIntegrationPoint</code>, <code>inBodyIM</code> and <code>inTableIM</code>  due to inefficient usage of the method <code>strings.ToLower</code> combining with the <code>==</code> operator to convert strings to lowercase and then comparing them.</p>
-        <p>An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.</p>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.33.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/70906">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ">Google Groups Forum</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/crypto/ssh
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and golang.org/x/crypto/ssh@v0.24.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@v0.24.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/crypto/ssh?tab=doc">golang.org/x/crypto/ssh</a> is a SSH client and server</p>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in <code>handshakeTransport</code> in <code>handshake.go</code>. An internal queue gets populated with received packets during the key exchange process, while waiting for the client to send a <code>SSH_MSG_KEXINIT</code>. An attacker can cause the server to become unresponsive to new connections by delaying or withholding this message, or by causing the queue to consume all available memory.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/crypto/ssh</code> to version 0.35.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://go.dev/cl/652135">Git Commit</a></li>
-        <li><a href="https://go.dev/issue/71931">Go Issue</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3487">Vulnerability Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Asymmetric Resource Consumption (Amplification)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/golang-jwt/jwt/v5
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/golang-jwt/jwt/v5@v5.2.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/golang-jwt/jwt/v5@v5.2.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Asymmetric Resource Consumption (Amplification) through the <code>parse.ParseUnverified</code> function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the <code>Authorization</code> header.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/golang-jwt/jwt/v5</code> to version 5.2.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang-jwt/jwt/releases/tag/v4.5.2">GitHub Release 4.5.2</a></li>
-        <li><a href="https://github.com/golang-jwt/jwt/releases/tag/v5.2.2">GitHub Release 5.2.2</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOLANGJWTJWTV5-9510922">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insertion of Sensitive Information into Log File</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            google.golang.org/grpc/metadata
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and google.golang.org/grpc/metadata@v1.64.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        google.golang.org/grpc/metadata@v1.64.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/github.com/grpc/grpc-go/metadata">google.golang.org/grpc/metadata</a> is a package that defines the structure of the metadata supported by the gRPC library</p>
-        <p>Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the form of gRPC metadata. If the metadata contains sensitive information an attacker can expose it.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>google.golang.org/grpc/metadata</code> to version 1.64.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/grpc/grpc-go/commit/ab292411ddc0f3b7a7786754d1fe05264c3021eb">GitHub Commit</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPCMETADATA-7430177">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex <span class="list-paths__item__arrow">›</span> /usr/local/bin/dex
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/dexidp/dex@* and golang.org/x/net/html@v0.27.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.27.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/vault/api
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/vault/api@v1.14.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/vault/api@v1.14.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:vault:api:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/serf/coordinate
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/serf/coordinate@v0.10.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/serf/coordinate@v0.10.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:serf:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex <span class="list-paths__item__arrow">›</span> /usr/local/bin/dex
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/hcl/v2
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/gohcl@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/hclparse@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/hclwrite@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/v2/json@v2.13.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:hcl:v2:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/hcl
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/hcl@v1.0.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl@v1.0.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/hcl/hcl/token@v1.0.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/golang-lru/simplelru
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/golang-lru/simplelru@v1.0.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/golang-lru/simplelru@v1.0.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:golang-lru:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-uuid
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-uuid@v1.0.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-uuid@v1.0.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-uuid:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-sockaddr
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-sockaddr@v1.0.6
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-sockaddr@v1.0.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-sockaddr/template@v1.0.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-sockaddr:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-secure-stdlib/strutil
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-secure-stdlib:strutil:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-secure-stdlib/parseutil
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-secure-stdlib:parseutil:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-secure-stdlib/awsutil
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-secure-stdlib/awsutil@v0.3.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-secure-stdlib/awsutil@v0.3.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-secure-stdlib:awsutil:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-rootcerts
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-rootcerts@v1.0.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-rootcerts@v1.0.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-rootcerts:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-retryablehttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-retryablehttp@v0.7.7
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@v0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-multierror
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-multierror@v1.1.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-multierror@v1.1.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-immutable-radix
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-immutable-radix@v1.3.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-immutable-radix@v1.3.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-immutable-radix:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-cleanhttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/go-cleanhttp@v0.5.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@v0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/errwrap
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/errwrap@v1.1.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/errwrap@v1.1.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:errwrap:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/consul/api
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/hashicorp/consul/api@v1.29.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/consul/api@v1.29.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:consul:api:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/gosimple/slug
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/gosimple/slug@v1.14.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/gosimple/slug@v1.14.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/dexidp/dex <span class="list-paths__item__arrow">›</span> /usr/local/bin/dex
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/go-sql-driver/mysql
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.8.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-sql-driver/mysql@v1.8.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:go-sql-driver:mysql:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: ghcr.io/dexidp/dex:v2.41.1/hairyhenderson/gomplate/v4 <span class="list-paths__item__arrow">›</span> /usr/local/bin/gomplate
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/go-jose/go-jose/v4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/hairyhenderson/gomplate/v4@* and github.com/go-jose/go-jose/v4@v4.0.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/hairyhenderson/gomplate/v4@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-jose/go-jose/v4@v4.0.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/dexidp/dex@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-jose/go-jose/v4@v4.0.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/go-jose/go-jose/v4</code> to version 4.0.5 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
-        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-9143</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted
-        explicit values for the field polynomial can lead to out-of-bounds memory reads
-        or writes.</p>
-        <p>Impact summary: Out of bound memory writes can lead to an application crash or
-        even a possibility of a remote code execution, however, in all the protocols
-        involving Elliptic Curve Cryptography that we&#39;re aware of, either only &#34;named
-        curves&#34; are supported, or, if explicit curve parameters are supported, they
-        specify an X9.62 encoding of binary (GF(2^m)) curves that can&#39;t represent
-        problematic input values. Thus the likelihood of existence of a vulnerable
-        application is low.</p>
-        <p>In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,
-        so problematic inputs cannot occur in the context of processing X.509
-        certificates.  Any problematic use-cases would have to be using an &#34;exotic&#34;
-        curve encoding.</p>
-        <p>The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),
-        and various supporting BN_GF2m_*() functions.</p>
-        <p>Applications working with &#34;exotic&#34; explicit binary (GF(2^m)) curve parameters,
-        that make it possible to represent invalid field polynomials with a zero
-        constant term, via the above or similar APIs, may terminate abruptly as a
-        result of reading or writing outside of array bounds.  Remote code execution
-        cannot easily be ruled out.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712">https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700">https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4">https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154">https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a">https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41">https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20241016.txt">https://openssl-library.org/news/secadv/20241016.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/16/1">http://www.openwall.com/lists/oss-security/2024/10/16/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/23/1">http://www.openwall.com/lists/oss-security/2024/10/23/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/24/1">http://www.openwall.com/lists/oss-security/2024/10/24/1</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20241101-0001/">https://security.netapp.com/advisory/ntap-20241101-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-13176</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: A timing side-channel which could potentially allow recovering
-        the private key exists in the ECDSA signature computation.</p>
-        <p>Impact summary: A timing side-channel in ECDSA signature computations
-        could allow recovering the private key by an attacker. However, measuring
-        the timing would require either local access to the signing application or
-        a very fast network connection with low latency.</p>
-        <p>There is a timing signal of around 300 nanoseconds when the top word of
-        the inverted ECDSA nonce value is zero. This can happen with significant
-        probability only for some of the supported elliptic curves. In particular
-        the NIST P-521 curve is affected. To be able to measure this leak, the attacker
-        process must either be located in the same physical computer or must
-        have a very fast network connection with low latency. For that reason
-        the severity of this vulnerability is Low.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844">https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467">https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902">https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65">https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f">https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded">https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86">https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250120.txt">https://openssl-library.org/news/secadv/20250120.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/01/20/2">http://www.openwall.com/lists/oss-security/2025/01/20/2</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250124-0005/">https://security.netapp.com/advisory/ntap-20250124-0005/</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250418-0010/">https://security.netapp.com/advisory/ntap-20250418-0010/</a></li>
-        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8690013">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-12797</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|ghcr.io/dexidp/dex@v2.41.1 and openssl/libcrypto3@3.3.1-r3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
-        server may fail to notice that the server was not authenticated, because
-        handshakes don&#39;t abort as expected when the SSL_VERIFY_PEER verification mode
-        is set.</p>
-        <p>Impact summary: TLS and DTLS connections using raw public keys may be
-        vulnerable to man-in-middle attacks when server authentication failure is not
-        detected by clients.</p>
-        <p>RPKs are disabled by default in both TLS clients and TLS servers.  The issue
-        only arises when TLS clients explicitly enable RPK use by the server, and the
-        server, likewise, enables sending of an RPK instead of an X.509 certificate
-        chain.  The affected clients are those that then rely on the handshake to
-        fail when the server&#39;s RPK fails to match one of the expected public keys,
-        by setting the verification mode to SSL_VERIFY_PEER.</p>
-        <p>Clients that enable server-side raw public keys can still find out that raw
-        public key verification failed by calling SSL_get_verify_result(), and those
-        that do, and take appropriate action, are not affected.  This issue was
-        introduced in the initial implementation of RPK support in OpenSSL 3.2.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.3-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9">https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7">https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699">https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250211.txt">https://openssl-library.org/news/secadv/20250211.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/3">http://www.openwall.com/lists/oss-security/2025/02/11/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/4">http://www.openwall.com/lists/oss-security/2025/02/11/4</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250214-0001/">https://security.netapp.com/advisory/ntap-20250214-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8710359">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-26519</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            musl/musl
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|ghcr.io/dexidp/dex@v2.41.1 and musl/musl@1.2.5-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.1-r3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        zlib/zlib@1.3.1-r1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pax-utils/scanelf@1.3.7-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|ghcr.io/dexidp/dex@v2.41.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>musl</code> package and not the <code>musl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>musl</code> to version 1.2.5-r1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da">https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da</a></li>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659">https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/02/13/2">https://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/2">http://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/3">http://www.openwall.com/lists/oss-security/2025/02/13/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/4">http://www.openwall.com/lists/oss-security/2025/02/13/4</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/5">http://www.openwall.com/lists/oss-security/2025/02/13/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/5">http://www.openwall.com/lists/oss-security/2025/02/14/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/6">http://www.openwall.com/lists/oss-security/2025/02/14/6</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
deleted file mode 100644
index 62d9ae59eca3f..0000000000000
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ /dev/null
@@ -1,2196 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="9 known vulnerabilities found in 86 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:35:32 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy (apk)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>86 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|public.ecr.aws/docker/library/haproxy</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Access of Resource Using Incompatible Type (&#x27;Type Confusion&#x27;)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Applications performing certificate name checks (e.g., TLS
-        clients checking server certificates) may attempt to read an invalid memory
-        address resulting in abnormal termination of the application process.</p>
-        <p>Impact summary: Abnormal termination of an application can a cause a denial of
-        service.</p>
-        <p>Applications performing certificate name checks (e.g., TLS clients checking
-        server certificates) may attempt to read an invalid memory address when
-        comparing the expected name with an <code>otherName</code> subject alternative name of an
-        X.509 certificate. This may result in an exception that terminates the
-        application program.</p>
-        <p>Note that basic certificate chain validation (signatures, dates, ...) is not
-        affected, the denial of service can occur only when the application also
-        specifies an expected DNS name, Email address or IP address.</p>
-        <p>TLS servers rarely solicit client certificates, and even when they do, they
-        generally don&#39;t perform a name check against a reference identifier (expected
-        identity), but rather extract the presented identity after checking the
-        certificate chain.  So TLS servers are generally not affected and the severity
-        of the issue is Moderate.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f">https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6">https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2">https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0">https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20240903.txt">https://openssl-library.org/news/secadv/20240903.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/09/03/4">http://www.openwall.com/lists/oss-security/2024/09/03/4</a></li>
-        <li><a href="https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html">https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20240912-0001/">https://security.netapp.com/advisory/ntap-20240912-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7895537">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Use After Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            busybox/busybox
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>busybox</code> package and not the <code>busybox</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>busybox</code> to version 1.36.1-r29 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://bugs.busybox.net/show_bug.cgi?id=15868">https://bugs.busybox.net/show_bug.cgi?id=15868</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-BUSYBOX-7233533">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Use After Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            busybox/busybox
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>busybox</code> package and not the <code>busybox</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>busybox</code> to version 1.36.1-r29 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://bugs.busybox.net/show_bug.cgi?id=15871">https://bugs.busybox.net/show_bug.cgi?id=15871</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-BUSYBOX-7233586">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-4741</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
-        memory to be accessed that was previously freed in some situations</p>
-        <p>Impact summary: A use after free can have a range of potential consequences such
-        as the corruption of valid data, crashes or execution of arbitrary code.
-        However, only applications that directly call the SSL_free_buffers function are
-        affected by this issue. Applications that do not call this function are not
-        vulnerable. Our investigations indicate that this function is rarely used by
-        applications.</p>
-        <p>The SSL_free_buffers function is used to free the internal OpenSSL buffer used
-        when processing an incoming record from the network. The call is only expected
-        to succeed if the buffer is not currently in use. However, two scenarios have
-        been identified where the buffer is freed even when still in use.</p>
-        <p>The first scenario occurs where a record header has been received from the
-        network and processed by OpenSSL, but the full record body has not yet arrived.
-        In this case calling SSL_free_buffers will succeed even though a record has only
-        been partially processed and the buffer is still in use.</p>
-        <p>The second scenario occurs where a full record containing application data has
-        been received and processed by OpenSSL but the application has only read part of
-        this data. Again a call to SSL_free_buffers will succeed even though the buffer
-        is still in use.</p>
-        <p>While these scenarios could occur accidentally during normal operation a
-        malicious attacker could attempt to engineer a stituation where this occurs.
-        We are not aware of this issue being actively exploited.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.0-r3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177">https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d">https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac">https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8">https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4">https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4</a></li>
-        <li><a href="https://www.openssl.org/news/secadv/20240528.txt">https://www.openssl.org/news/secadv/20240528.txt</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7218988">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-5535</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
-        empty supported client protocols buffer may cause a crash or memory contents to
-        be sent to the peer.</p>
-        <p>Impact summary: A buffer overread can have a range of potential consequences
-        such as unexpected application beahviour or a crash. In particular this issue
-        could result in up to 255 bytes of arbitrary private data from memory being sent
-        to the peer leading to a loss of confidentiality. However, only applications
-        that directly call the SSL_select_next_proto function with a 0 length list of
-        supported client protocols are affected by this issue. This would normally never
-        be a valid scenario and is typically not under attacker control but may occur by
-        accident in the case of a configuration or programming error in the calling
-        application.</p>
-        <p>The OpenSSL API function SSL_select_next_proto is typically used by TLS
-        applications that support ALPN (Application Layer Protocol Negotiation) or NPN
-        (Next Protocol Negotiation). NPN is older, was never standardised and
-        is deprecated in favour of ALPN. We believe that ALPN is significantly more
-        widely deployed than NPN. The SSL_select_next_proto function accepts a list of
-        protocols from the server and a list of protocols from the client and returns
-        the first protocol that appears in the server list that also appears in the
-        client list. In the case of no overlap between the two lists it returns the
-        first item in the client list. In either case it will signal whether an overlap
-        between the two lists was found. In the case where SSL_select_next_proto is
-        called with a zero length client list it fails to notice this condition and
-        returns the memory immediately following the client list pointer (and reports
-        that there was no overlap in the lists).</p>
-        <p>This function is typically called from a server side application callback for
-        ALPN or a client side application callback for NPN. In the case of ALPN the list
-        of protocols supplied by the client is guaranteed by libssl to never be zero in
-        length. The list of server protocols comes from the application and should never
-        normally be expected to be of zero length. In this case if the
-        SSL_select_next_proto function has been called as expected (with the list
-        supplied by the client passed in the client/client_len parameters), then the
-        application will not be vulnerable to this issue. If the application has
-        accidentally been configured with a zero length server list, and has
-        accidentally passed that zero length server list in the client/client_len
-        parameters, and has additionally failed to correctly handle a &#34;no overlap&#34;
-        response (which would normally result in a handshake failure in ALPN) then it
-        will be vulnerable to this problem.</p>
-        <p>In the case of NPN, the protocol permits the client to opportunistically select
-        a protocol when there is no overlap. OpenSSL returns the first client protocol
-        in the no overlap case in support of this. The list of client protocols comes
-        from the application and should never normally be expected to be of zero length.
-        However if the SSL_select_next_proto function is accidentally called with a
-        client_len of 0 then an invalid memory pointer will be returned instead. If the
-        application uses this output as the opportunistic protocol then the loss of
-        confidentiality will occur.</p>
-        <p>This issue has been assessed as Low severity because applications are most
-        likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
-        widely used. It also requires an application configuration or programming error.
-        Finally, this issue would not typically be under attacker control making active
-        exploitation unlikely.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <p>Due to the low severity of this issue we are not issuing new releases of
-        OpenSSL at this time. The fix will be included in the next releases when they
-        become available.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.1-r1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/08/15/1">http://www.openwall.com/lists/oss-security/2024/08/15/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/06/27/1">http://www.openwall.com/lists/oss-security/2024/06/27/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/06/28/4">http://www.openwall.com/lists/oss-security/2024/06/28/4</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37">https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e">https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c">https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c">https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c">https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87">https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20240712-0005/">https://security.netapp.com/advisory/ntap-20240712-0005/</a></li>
-        <li><a href="https://www.openssl.org/news/secadv/20240627.txt">https://www.openssl.org/news/secadv/20240627.txt</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-9143</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted
-        explicit values for the field polynomial can lead to out-of-bounds memory reads
-        or writes.</p>
-        <p>Impact summary: Out of bound memory writes can lead to an application crash or
-        even a possibility of a remote code execution, however, in all the protocols
-        involving Elliptic Curve Cryptography that we&#39;re aware of, either only &#34;named
-        curves&#34; are supported, or, if explicit curve parameters are supported, they
-        specify an X9.62 encoding of binary (GF(2^m)) curves that can&#39;t represent
-        problematic input values. Thus the likelihood of existence of a vulnerable
-        application is low.</p>
-        <p>In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,
-        so problematic inputs cannot occur in the context of processing X.509
-        certificates.  Any problematic use-cases would have to be using an &#34;exotic&#34;
-        curve encoding.</p>
-        <p>The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),
-        and various supporting BN_GF2m_*() functions.</p>
-        <p>Applications working with &#34;exotic&#34; explicit binary (GF(2^m)) curve parameters,
-        that make it possible to represent invalid field polynomials with a zero
-        constant term, via the above or similar APIs, may terminate abruptly as a
-        result of reading or writing outside of array bounds.  Remote code execution
-        cannot easily be ruled out.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712">https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700">https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4">https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154">https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a">https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41">https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20241016.txt">https://openssl-library.org/news/secadv/20241016.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/16/1">http://www.openwall.com/lists/oss-security/2024/10/16/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/23/1">http://www.openwall.com/lists/oss-security/2024/10/23/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/24/1">http://www.openwall.com/lists/oss-security/2024/10/24/1</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20241101-0001/">https://security.netapp.com/advisory/ntap-20241101-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-13176</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: A timing side-channel which could potentially allow recovering
-        the private key exists in the ECDSA signature computation.</p>
-        <p>Impact summary: A timing side-channel in ECDSA signature computations
-        could allow recovering the private key by an attacker. However, measuring
-        the timing would require either local access to the signing application or
-        a very fast network connection with low latency.</p>
-        <p>There is a timing signal of around 300 nanoseconds when the top word of
-        the inverted ECDSA nonce value is zero. This can happen with significant
-        probability only for some of the supported elliptic curves. In particular
-        the NIST P-521 curve is affected. To be able to measure this leak, the attacker
-        process must either be located in the same physical computer or must
-        have a very fast network connection with low latency. For that reason
-        the severity of this vulnerability is Low.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844">https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467">https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902">https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65">https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f">https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded">https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86">https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250120.txt">https://openssl-library.org/news/secadv/20250120.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/01/20/2">http://www.openwall.com/lists/oss-security/2025/01/20/2</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250124-0005/">https://security.netapp.com/advisory/ntap-20250124-0005/</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250418-0010/">https://security.netapp.com/advisory/ntap-20250418-0010/</a></li>
-        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8690013">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-12797</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
-        server may fail to notice that the server was not authenticated, because
-        handshakes don&#39;t abort as expected when the SSL_VERIFY_PEER verification mode
-        is set.</p>
-        <p>Impact summary: TLS and DTLS connections using raw public keys may be
-        vulnerable to man-in-middle attacks when server authentication failure is not
-        detected by clients.</p>
-        <p>RPKs are disabled by default in both TLS clients and TLS servers.  The issue
-        only arises when TLS clients explicitly enable RPK use by the server, and the
-        server, likewise, enables sending of an RPK instead of an X.509 certificate
-        chain.  The affected clients are those that then rely on the handshake to
-        fail when the server&#39;s RPK fails to match one of the expected public keys,
-        by setting the verification mode to SSL_VERIFY_PEER.</p>
-        <p>Clients that enable server-side raw public keys can still find out that raw
-        public key verification failed by calling SSL_get_verify_result(), and those
-        that do, and take appropriate action, are not affected.  This issue was
-        introduced in the initial implementation of RPK support in OpenSSL 3.2.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.3-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9">https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7">https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699">https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250211.txt">https://openssl-library.org/news/secadv/20250211.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/3">http://www.openwall.com/lists/oss-security/2025/02/11/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/4">http://www.openwall.com/lists/oss-security/2025/02/11/4</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250214-0001/">https://security.netapp.com/advisory/ntap-20250214-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8710359">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-26519</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            musl/musl
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and musl/musl@1.2.5-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates/ca-certificates@20240226-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        lua5.3/lua5.3-libs@5.3.6-r6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.0-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .haproxy-rundeps@20240524.005458
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pcre2/pcre2@10.43-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        zlib/zlib@1.3.1-r1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pax-utils/scanelf@1.3.7-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r28
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>musl</code> package and not the <code>musl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>musl</code> to version 1.2.5-r1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da">https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da</a></li>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659">https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/02/13/2">https://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/2">http://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/3">http://www.openwall.com/lists/oss-security/2025/02/13/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/4">http://www.openwall.com/lists/oss-security/2025/02/13/4</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/5">http://www.openwall.com/lists/oss-security/2025/02/13/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/5">http://www.openwall.com/lists/oss-security/2025/02/14/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/6">http://www.openwall.com/lists/oss-security/2025/02/14/6</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
deleted file mode 100644
index 1a9ae8965600e..0000000000000
--- a/docs/snyk/v2.13.8/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ /dev/null
@@ -1,1258 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="4 known vulnerabilities found in 38 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:35:35 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)</li>
-                  <li class="paths">public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>38 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-9143</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted
-        explicit values for the field polynomial can lead to out-of-bounds memory reads
-        or writes.</p>
-        <p>Impact summary: Out of bound memory writes can lead to an application crash or
-        even a possibility of a remote code execution, however, in all the protocols
-        involving Elliptic Curve Cryptography that we&#39;re aware of, either only &#34;named
-        curves&#34; are supported, or, if explicit curve parameters are supported, they
-        specify an X9.62 encoding of binary (GF(2^m)) curves that can&#39;t represent
-        problematic input values. Thus the likelihood of existence of a vulnerable
-        application is low.</p>
-        <p>In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,
-        so problematic inputs cannot occur in the context of processing X.509
-        certificates.  Any problematic use-cases would have to be using an &#34;exotic&#34;
-        curve encoding.</p>
-        <p>The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),
-        and various supporting BN_GF2m_*() functions.</p>
-        <p>Applications working with &#34;exotic&#34; explicit binary (GF(2^m)) curve parameters,
-        that make it possible to represent invalid field polynomials with a zero
-        constant term, via the above or similar APIs, may terminate abruptly as a
-        result of reading or writing outside of array bounds.  Remote code execution
-        cannot easily be ruled out.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712">https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700">https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4">https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154">https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a">https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41">https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20241016.txt">https://openssl-library.org/news/secadv/20241016.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/16/1">http://www.openwall.com/lists/oss-security/2024/10/16/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/23/1">http://www.openwall.com/lists/oss-security/2024/10/23/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/24/1">http://www.openwall.com/lists/oss-security/2024/10/24/1</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20241101-0001/">https://security.netapp.com/advisory/ntap-20241101-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-13176</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: A timing side-channel which could potentially allow recovering
-        the private key exists in the ECDSA signature computation.</p>
-        <p>Impact summary: A timing side-channel in ECDSA signature computations
-        could allow recovering the private key by an attacker. However, measuring
-        the timing would require either local access to the signing application or
-        a very fast network connection with low latency.</p>
-        <p>There is a timing signal of around 300 nanoseconds when the top word of
-        the inverted ECDSA nonce value is zero. This can happen with significant
-        probability only for some of the supported elliptic curves. In particular
-        the NIST P-521 curve is affected. To be able to measure this leak, the attacker
-        process must either be located in the same physical computer or must
-        have a very fast network connection with low latency. For that reason
-        the severity of this vulnerability is Low.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844">https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467">https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902">https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65">https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f">https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded">https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86">https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250120.txt">https://openssl-library.org/news/secadv/20250120.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/01/20/2">http://www.openwall.com/lists/oss-security/2025/01/20/2</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250124-0005/">https://security.netapp.com/advisory/ntap-20250124-0005/</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250418-0010/">https://security.netapp.com/advisory/ntap-20250418-0010/</a></li>
-        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8690013">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-12797</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
-        server may fail to notice that the server was not authenticated, because
-        handshakes don&#39;t abort as expected when the SSL_VERIFY_PEER verification mode
-        is set.</p>
-        <p>Impact summary: TLS and DTLS connections using raw public keys may be
-        vulnerable to man-in-middle attacks when server authentication failure is not
-        detected by clients.</p>
-        <p>RPKs are disabled by default in both TLS clients and TLS servers.  The issue
-        only arises when TLS clients explicitly enable RPK use by the server, and the
-        server, likewise, enables sending of an RPK instead of an X.509 certificate
-        chain.  The affected clients are those that then rely on the handshake to
-        fail when the server&#39;s RPK fails to match one of the expected public keys,
-        by setting the verification mode to SSL_VERIFY_PEER.</p>
-        <p>Clients that enable server-side raw public keys can still find out that raw
-        public key verification failed by calling SSL_get_verify_result(), and those
-        that do, and take appropriate action, are not affected.  This issue was
-        introduced in the initial implementation of RPK support in OpenSSL 3.2.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.3-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9">https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7">https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699">https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250211.txt">https://openssl-library.org/news/secadv/20250211.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/3">http://www.openwall.com/lists/oss-security/2025/02/11/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/4">http://www.openwall.com/lists/oss-security/2025/02/11/4</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250214-0001/">https://security.netapp.com/advisory/ntap-20250214-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8710359">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-26519</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            musl/musl
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and musl/musl@1.2.5-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        zlib/zlib@1.3.1-r1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pax-utils/scanelf@1.3.7-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>musl</code> package and not the <code>musl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>musl</code> to version 1.2.5-r1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da">https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da</a></li>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659">https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/02/13/2">https://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/2">http://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/3">http://www.openwall.com/lists/oss-security/2025/02/13/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/4">http://www.openwall.com/lists/oss-security/2025/02/13/4</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/5">http://www.openwall.com/lists/oss-security/2025/02/13/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/5">http://www.openwall.com/lists/oss-security/2025/02/14/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/6">http://www.openwall.com/lists/oss-security/2025/02/14/6</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html b/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
deleted file mode 100644
index 1cb0f06498772..0000000000000
--- a/docs/snyk/v2.13.8/quay.io_argoproj_argocd_v2.13.8.html
+++ /dev/null
@@ -1,5704 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="49 known vulnerabilities found in 174 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:35:55 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v2.13.8/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.13.8//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.13.8/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.13.8/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>49</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>174 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2361</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/oauth2/jws
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/oauth2/jws@v0.23.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@v0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper parsing of malformed tokens which can lead to memory consumption.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/oauth2/jws</code> to version 0.27.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3">GitHub Commit</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/commit/d0bb4610154d45b7dce7d706a8068ea72586d249">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71490">GitHub Issue</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/pull/1308">GitHub PR</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3488">Go Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Server-side Request Forgery (SSRF)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/http/httpproxy
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http/httpproxy@v0.33.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/http/httpproxy@v0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/http/httpproxy">golang.org/x/net/http/httpproxy</a> is a package for HTTP proxy determination based on environment variables, as provided by net/http&#39;s ProxyFromEnvironment function</p>
-        <p>Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in <code>proxy.go</code>, because hostname matching against proxy patterns may treat an IPv6 zone ID as a hostname component. An environment variable value like <code>*.example.com</code> could be matched to a request intended for <code>[::1%25.example.com]:80</code>.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/http/httpproxy</code> to version 0.36.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://go-review.googlesource.com/c/go/+/654717/4/src/vendor/golang.org/x/net/http/httpproxy/proxy.go">Git Commit</a></li>
-        <li><a href="https://github.com/golang/go/commit/3705a6f1f0a66e70916bb09f50f4fcd1c520df53">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/net/commit/76f9bf3279eff2e596db4960a78a2665d0ff9405">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71984">GitHub Issue</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTPHTTPPROXY-9058601">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Denial of Service (DoS)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.23.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions <code>parseDoctype</code>, <code>htmlIntegrationPoint</code>, <code>inBodyIM</code> and <code>inTableIM</code>  due to inefficient usage of the method <code>strings.ToLower</code> combining with the <code>==</code> operator to convert strings to lowercase and then comparing them.</p>
-        <p>An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.</p>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.33.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/70906">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ">Google Groups Forum</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/crypto/ssh
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.32.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/crypto/ssh@v0.32.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/crypto/ssh?tab=doc">golang.org/x/crypto/ssh</a> is a SSH client and server</p>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in <code>handshakeTransport</code> in <code>handshake.go</code>. An internal queue gets populated with received packets during the key exchange process, while waiting for the client to send a <code>SSH_MSG_KEXINIT</code>. An attacker can cause the server to become unresponsive to new connections by delaying or withholding this message, or by causing the queue to consume all available memory.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/crypto/ssh</code> to version 0.35.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://go.dev/cl/652135">Git Commit</a></li>
-        <li><a href="https://go.dev/issue/71931">Go Issue</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3487">Vulnerability Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-8747056">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Directory Traversal</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            tar
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and tar@1.35+dfsg-3build1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        tar@1.35+dfsg-3build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dash@0.5.12-6ubuntu5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dpkg@1.22.6ubuntu6.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        tar@1.35+dfsg-3build1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
-        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
-        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Race Condition</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            systemd/libsystemd0
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and systemd/libsystemd0@255.4-1ubuntu8.6
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps/libproc2-0@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        procps@2:4.0.4-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux/bsdutils@1:2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libudev1@255.4-1ubuntu8.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>systemd</code> package and not the <code>systemd</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original&#39;s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.</p>
-        <p>A SUID binary or process has a special type of permission, which allows the process to run with the file owner&#39;s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original&#39;s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>systemd</code> to version 255.4-1ubuntu8.8 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4598">https://access.redhat.com/security/cve/CVE-2025-4598</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369242">https://bugzilla.redhat.com/show_bug.cgi?id=2369242</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/29/3">https://www.openwall.com/lists/oss-security/2025/05/29/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/1">http://www.openwall.com/lists/oss-security/2025/06/05/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/05/3">http://www.openwall.com/lists/oss-security/2025/06/05/3</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SYSTEMD-10285338">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Directory Traversal</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            pam/libpam0g
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and pam/libpam0g@1.5.3-5ubuntu5.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>pam</code> to version 1.5.3-5ubuntu5.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10354">https://access.redhat.com/errata/RHSA-2025:10354</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10357">https://access.redhat.com/errata/RHSA-2025:10357</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10358">https://access.redhat.com/errata/RHSA-2025:10358</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10359">https://access.redhat.com/errata/RHSA-2025:10359</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10361">https://access.redhat.com/errata/RHSA-2025:10361</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10362">https://access.redhat.com/errata/RHSA-2025:10362</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:11386">https://access.redhat.com/errata/RHSA-2025:11386</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-10379114">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            pam/libpam0g
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and pam/libpam0g@1.5.3-5ubuntu5.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Authentication</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            pam/libpam0g
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and pam/libpam0g@1.5.3-5ubuntu5.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Out-of-bounds Read</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5318">https://access.redhat.com/security/cve/CVE-2025-5318</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369131">https://bugzilla.redhat.com/show_bug.cgi?id=2369131</a></li>
-        <li><a href="https://www.libssh.org/security/advisories/CVE-2025-5318.txt">https://www.libssh.org/security/advisories/CVE-2025-5318.txt</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10499336">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Return of Wrong Status Code</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5987">https://access.redhat.com/security/cve/CVE-2025-5987</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376219">https://bugzilla.redhat.com/show_bug.cgi?id=2376219</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500564">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Incorrect Calculation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions&#39; confidentiality, integrity, and availability.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5372">https://access.redhat.com/security/cve/CVE-2025-5372</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369388">https://bugzilla.redhat.com/show_bug.cgi?id=2369388</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500576">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5351">https://access.redhat.com/security/cve/CVE-2025-5351</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369367">https://bugzilla.redhat.com/show_bug.cgi?id=2369367</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500583">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-4877</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500658">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-4878</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500669">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Reversible One-Way Hash</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            krb5/libk5crypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libk5crypto3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5support0@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/krb5-locales@1.20.1-6ubuntu2.5
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>krb5</code> package and not the <code>krb5</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>krb5</code> to version 1.20.1-6ubuntu2.6 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-3576">https://access.redhat.com/security/cve/CVE-2025-3576</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359465">https://bugzilla.redhat.com/show_bug.cgi?id=2359465</a></li>
-        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:8411">https://access.redhat.com/errata/RHSA-2025:8411</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9418">https://access.redhat.com/errata/RHSA-2025:9418</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9430">https://access.redhat.com/errata/RHSA-2025:9430</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-KRB5-9726834">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            gopkg.in/retry.v1
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@v1.0.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>LGPL-3.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/net/html@v0.33.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.33.0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.23.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">NULL Pointer Dereference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
-        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Heap-based Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Certificate Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-5702</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and glibc/libc-bin@2.39-0ubuntu8.4
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
-        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Unexpected Status Code or Return Value</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/redis/go-redis/v9
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/redis/go-redis/v9@v9.7.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/redis/go-redis/v9@v9.7.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Unexpected Status Code or Return Value in <code>initConn()</code>, which causes out of order responses when <code>CLIENT SETINFO</code> times out while establishing a connection.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by setting <code>DisableIndentity</code> to true when initializing a client.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/redis/go-redis/v9</code> to version 9.5.5, 9.6.3, 9.7.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6">GitHub Commit</a></li>
-        <li><a href="https://github.com/redis/go-redis/pull/3295">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMREDISGOREDISV9-9486471">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/r3labs/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff@v1.1.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-version
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.6.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-retryablehttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@v0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-multierror
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-multierror@v1.1.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-cleanhttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@v0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/gosimple/slug
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/gosimple/slug@v1.14.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/utils/kube
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/utils/kube@v0.7.1-0.20250129155113-4c6e03c46314
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/utils/kube</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGUTILSKUBE-8679277">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Generation of Error Message Containing Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/argoproj/gitops-engine/pkg/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/argoproj/gitops-engine/pkg/diff@v0.7.1-0.20250129155113-4c6e03c46314
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information when syncing invalid Kubernetes Secret resources. An attacker with write access to the repository can expose secret values by committing an invalid Secret to repository and triggering a Sync, which then become visible to any user with read access to Argo CD.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/argoproj/gitops-engine/pkg/diff</code> to version 0.7.1-0.20250129155113-7e21b91e9d0f or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107">GitHub Commit</a></li>
-        <li><a href="https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca">GitHub Commit</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2342987">Red Hat Bugzilla Bug</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJGITOPSENGINEPKGDIFF-8679276">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr">https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664136">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Arbitrary Argument Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835</a></li>
-        <li><a href="https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da">https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da</a></li>
-        <li><a href="https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg">https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664171">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">External Control of File Name or Path</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655">https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664178">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Link Following</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9">https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9</a></li>
-        <li><a href="https://github.com/liamg/CVE-2025-48384">https://github.com/liamg/CVE-2025-48384</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664185">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">OS Command Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk&#39;s Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613</a></li>
-        <li><a href="https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5">https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5</a></li>
-        <li><a href="https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652">https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652</a></li>
-        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v">https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664269">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">OS Command Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614</a></li>
-        <li><a href="https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129">https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129</a></li>
-        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc">https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664291">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called &#34;sideband channel&#34;. These messages will be prefixed with &#34;remote:&#34; and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>git</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329">https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329</a></li>
-        <li><a href="https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net">https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-8637112">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-56433</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            shadow/passwd
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>shadow</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SHADOW-8600509">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            patch
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and patch@2.7.6-7build3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        patch@2.7.6-7build3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
-        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6707039">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            patch
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and patch@2.7.6-7build3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        patch@2.7.6-7build3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952</a></li>
-        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952</a></li>
-        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">https://security-tracker.debian.org/tracker/CVE-2018-6952</a></li>
-        <li><a href="https://security.gentoo.org/glsa/201904-17">https://security.gentoo.org/glsa/201904-17</a></li>
-        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">https://savannah.gnu.org/bugs/index.php?53133</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">https://access.redhat.com/errata/RHSA-2019:2033</a></li>
-        <li><a href="http://www.securityfocus.com/bid/103047">http://www.securityfocus.com/bid/103047</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6720551">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-41996</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libssl3t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and openssl/libssl3t64@3.0.13-0ubuntu3.5
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.4-3ubuntu6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20240203
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20240203
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssl</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996</a></li>
-        <li><a href="https://dheatattack.gitlab.io/details/">https://dheatattack.gitlab.io/details/</a></li>
-        <li><a href="https://dheatattack.gitlab.io/faq/">https://dheatattack.gitlab.io/faq/</a></li>
-        <li><a href="https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1">https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Information Exposure</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libgcrypt20
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and libgcrypt20@1.10.3-2build1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libgcrypt20</code> package and not the <code>libgcrypt20</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A timing-based side-channel flaw was found in libgcrypt&#39;s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libgcrypt20</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:3534">https://access.redhat.com/errata/RHSA-2025:3534</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:3530">https://access.redhat.com/errata/RHSA-2025:3530</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBGCRYPT20-6693674">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Out-of-bounds Write</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnupg2/gpgv
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and gnupg2/gpgv@2.4.4-2ubuntu17.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.7.14build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnupg2</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2022-3219">https://access.redhat.com/security/cve/CVE-2022-3219</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2127010">https://bugzilla.redhat.com/show_bug.cgi?id=2127010</a></li>
-        <li><a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a></li>
-        <li><a href="https://dev.gnupg.org/T5993">https://dev.gnupg.org/T5993</a></li>
-        <li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">https://marc.info/?l=oss-security&amp;m=165696590211434&amp;w=4</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">https://security.netapp.com/advisory/ntap-20230324-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUPG2-6702792">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and glibc/libc-bin@2.39-0ubuntu8.4
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013</a></li>
-        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">https://akkadia.org/drepper/SHA-crypt.txt</a></li>
-        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/</a></li>
-        <li><a href="https://twitter.com/solardiz/status/795601240151457793">https://twitter.com/solardiz/status/795601240151457793</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-6727419">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Insufficient Documentation of Error Handling Techniques</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/golang-jwt/jwt
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/golang-jwt/jwt@v3.2.2+incompatible
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/golang-jwt/jwt@v3.2.2+incompatible
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Insufficient Documentation of Error Handling Techniques in the <code>ParseWithClaims</code> function. An attacker can exploit this to accept invalid tokens by only checking for specific errors and ignoring others.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>Users who are not able to upgrade to the fixed version should make sure that they are properly checking for all errors, see <a href="https://github.com/golang-jwt/jwt/blob/bc8bdca5cced1caa9787e4a1c313a3538544c877/example_test.go#L165-L189"><code>example_test.go</code></a></p>
-        <h2 id="remediation">Remediation</h2>
-        <p>A fix was pushed into the <code>master</code> branch but not yet published.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c">GitHub Commit</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOLANGJWTJWT-8341243">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-0167</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            curl/libcurl3t64-gnutls
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.13.8, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>When asked to use a <code>.netrc</code> file for credentials <strong>and</strong> to follow HTTP
-        redirects, curl could leak the password used for the first host to the
-        followed-to host under certain circumstances.</p>
-        <p>This flaw only manifests itself if the netrc file has a <code>default</code> entry that
-        omits both login and password. A rare circumstance.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>curl</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167</a></li>
-        <li><a href="https://curl.se/docs/CVE-2025-0167.json">https://curl.se/docs/CVE-2025-0167.json</a></li>
-        <li><a href="https://hackerone.com/reports/2917232">https://hackerone.com/reports/2917232</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250306-0008/">https://security.netapp.com/advisory/ntap-20250306-0008/</a></li>
-        <li><a href="https://curl.se/docs/CVE-2025-0167.html">https://curl.se/docs/CVE-2025-0167.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-CURL-8689015">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Improper Input Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.13.8/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            coreutils
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.13.8 and coreutils@9.4-3ubuntu6
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.13.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.4-3ubuntu6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>coreutils</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
-        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">https://security-tracker.debian.org/tracker/CVE-2016-2781</a></li>
-        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a></li>
-        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-COREUTILS-6727355">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html b/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
deleted file mode 100644
index 975b6d96b9d64..0000000000000
--- a/docs/snyk/v2.13.8/redis_7.0.15-alpine.html
+++ /dev/null
@@ -1,1258 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="4 known vulnerabilities found in 38 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">July 20th 2025, 12:35:59 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">redis:7.0.15-alpine (apk)</li>
-                  <li class="paths">redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>4</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>38 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>18</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-9143</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted
-        explicit values for the field polynomial can lead to out-of-bounds memory reads
-        or writes.</p>
-        <p>Impact summary: Out of bound memory writes can lead to an application crash or
-        even a possibility of a remote code execution, however, in all the protocols
-        involving Elliptic Curve Cryptography that we&#39;re aware of, either only &#34;named
-        curves&#34; are supported, or, if explicit curve parameters are supported, they
-        specify an X9.62 encoding of binary (GF(2^m)) curves that can&#39;t represent
-        problematic input values. Thus the likelihood of existence of a vulnerable
-        application is low.</p>
-        <p>In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,
-        so problematic inputs cannot occur in the context of processing X.509
-        certificates.  Any problematic use-cases would have to be using an &#34;exotic&#34;
-        curve encoding.</p>
-        <p>The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),
-        and various supporting BN_GF2m_*() functions.</p>
-        <p>Applications working with &#34;exotic&#34; explicit binary (GF(2^m)) curve parameters,
-        that make it possible to represent invalid field polynomials with a zero
-        constant term, via the above or similar APIs, may terminate abruptly as a
-        result of reading or writing outside of array bounds.  Remote code execution
-        cannot easily be ruled out.</p>
-        <p>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712">https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700">https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4">https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154">https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a">https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41">https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20241016.txt">https://openssl-library.org/news/secadv/20241016.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/16/1">http://www.openwall.com/lists/oss-security/2024/10/16/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/23/1">http://www.openwall.com/lists/oss-security/2024/10/23/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2024/10/24/1">http://www.openwall.com/lists/oss-security/2024/10/24/1</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20241101-0001/">https://security.netapp.com/advisory/ntap-20241101-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-13176</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: A timing side-channel which could potentially allow recovering
-        the private key exists in the ECDSA signature computation.</p>
-        <p>Impact summary: A timing side-channel in ECDSA signature computations
-        could allow recovering the private key by an attacker. However, measuring
-        the timing would require either local access to the signing application or
-        a very fast network connection with low latency.</p>
-        <p>There is a timing signal of around 300 nanoseconds when the top word of
-        the inverted ECDSA nonce value is zero. This can happen with significant
-        probability only for some of the supported elliptic curves. In particular
-        the NIST P-521 curve is affected. To be able to measure this leak, the attacker
-        process must either be located in the same physical computer or must
-        have a very fast network connection with low latency. For that reason
-        the severity of this vulnerability is Low.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.2-r2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844">https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467">https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902">https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65">https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f">https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded">https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded</a></li>
-        <li><a href="https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86">https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250120.txt">https://openssl-library.org/news/secadv/20250120.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/01/20/2">http://www.openwall.com/lists/oss-security/2025/01/20/2</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250124-0005/">https://security.netapp.com/advisory/ntap-20250124-0005/</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250418-0010/">https://security.netapp.com/advisory/ntap-20250418-0010/</a></li>
-        <li><a href="https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html">https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8690013">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-12797</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libcrypto3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.2-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
-        server may fail to notice that the server was not authenticated, because
-        handshakes don&#39;t abort as expected when the SSL_VERIFY_PEER verification mode
-        is set.</p>
-        <p>Impact summary: TLS and DTLS connections using raw public keys may be
-        vulnerable to man-in-middle attacks when server authentication failure is not
-        detected by clients.</p>
-        <p>RPKs are disabled by default in both TLS clients and TLS servers.  The issue
-        only arises when TLS clients explicitly enable RPK use by the server, and the
-        server, likewise, enables sending of an RPK instead of an X.509 certificate
-        chain.  The affected clients are those that then rely on the handshake to
-        fail when the server&#39;s RPK fails to match one of the expected public keys,
-        by setting the verification mode to SSL_VERIFY_PEER.</p>
-        <p>Clients that enable server-side raw public keys can still find out that raw
-        public key verification failed by calling SSL_get_verify_result(), and those
-        that do, and take appropriate action, are not affected.  This issue was
-        introduced in the initial implementation of RPK support in OpenSSL 3.2.</p>
-        <p>The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>openssl</code> to version 3.3.3-r0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9">https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7">https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7</a></li>
-        <li><a href="https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699">https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699</a></li>
-        <li><a href="https://openssl-library.org/news/secadv/20250211.txt">https://openssl-library.org/news/secadv/20250211.txt</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/3">http://www.openwall.com/lists/oss-security/2025/02/11/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/11/4">http://www.openwall.com/lists/oss-security/2025/02/11/4</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250214-0001/">https://security.netapp.com/advisory/ntap-20250214-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8710359">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-26519</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: alpine:3.20
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            musl/musl
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|redis@7.0.15-alpine and musl/musl@1.2.5-r0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/ssl_client@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libcrypto3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        .redis-rundeps@20240906.232324
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.3.2-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apk-tools/apk-tools@2.14.4-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        zlib/zlib@1.3.1-r1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pax-utils/scanelf@1.3.7-r2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        alpine-baselayout/alpine-baselayout@3.6.5-r0
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox-binsh@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        busybox/busybox@1.36.1-r29
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|redis@7.0.15-alpine
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        musl/musl-utils@1.2.5-r0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>musl</code> package and not the <code>musl</code> package as distributed by <code>Alpine</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Alpine:3.20</code> relevant fixed versions and status.</em></p>
-        <p>musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Alpine:3.20</code> <code>musl</code> to version 1.2.5-r1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da">https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da</a></li>
-        <li><a href="https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659">https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/02/13/2">https://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/2">http://www.openwall.com/lists/oss-security/2025/02/13/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/3">http://www.openwall.com/lists/oss-security/2025/02/13/3</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/4">http://www.openwall.com/lists/oss-security/2025/02/13/4</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/13/5">http://www.openwall.com/lists/oss-security/2025/02/13/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/5">http://www.openwall.com/lists/oss-security/2025/02/14/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/02/14/6">http://www.openwall.com/lists/oss-security/2025/02/14/6</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.14.15/argocd-iac-install.html b/docs/snyk/v2.14.15/argocd-iac-install.html
index b9c8517f44ed5..046f9b6983fd7 100644
--- a/docs/snyk/v2.14.15/argocd-iac-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:34:55 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:32:11 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
index 6253d028695e9..42d27b218508c 100644
--- a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:35:06 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:32:22 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/argocd-test.html b/docs/snyk/v2.14.15/argocd-test.html
index 68f31fd8408b0..a28ae2c807f93 100644
--- a/docs/snyk/v2.14.15/argocd-test.html
+++ b/docs/snyk/v2.14.15/argocd-test.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="14 known vulnerabilities found in 59 vulnerable dependency paths.">
+  <meta name="description" content="15 known vulnerabilities found in 60 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:32:35 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:30:03 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -499,8 +499,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>14</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>59 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>15</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>60 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2092</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -509,6 +509,81 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--critical" data-snyk-test="critical">
+            <h2 class="card__title">Predictable Value Range from Previous Values</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--critical">
+                        <span class="label__text">critical severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            form-data
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@8.1.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@8.1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        form-data@4.0.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the <code>boundary</code> value, which uses <code>Math.random()</code>. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>form-data</code> to version 2.5.4, 3.0.4, 4.0.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0">GitHub Commit</a></li>
+        <li><a href="https://github.com/form-data/form-data/commit/b88316c94bb004323669cd3639dc8bb8262539eb">GitHub Commit</a></li>
+        <li><a href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd">GitHub Commit</a></li>
+        <li><a href="https://github.com/benweissmann/CVE-2025-7783-poc">POC</a></li>
+        <li><a href="https://github.com/form-data/form-data/blob/426ba9ac440f95d1998dac9a5cd8d738043b048f/lib/form_data.js#L347">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
             <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
             <div class="card__section">
diff --git a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
index bdef23ec03032..60f0b87a41857 100644
--- a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:32:42 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:30:09 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index d34da200ae183..4f4fa1d71cd99 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:32:48 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:30:14 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index 74d2e03ea7b68..f8ef73fe8c8aa 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:32:53 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:30:19 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
index 59c8e996e488f..a2ad5d8c47649 100644
--- a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
+++ b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="42 known vulnerabilities found in 145 vulnerable dependency paths.">
+  <meta name="description" content="45 known vulnerabilities found in 154 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:33:22 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:30:40 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,8 +501,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>42</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>145 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>45</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>154 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -668,6 +668,102 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Link Following</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9">https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9</a></li>
+        <li><a href="https://github.com/liamg/CVE-2025-48384">https://github.com/liamg/CVE-2025-48384</a></li>
+        <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">https://www.cisa.gov/known-exploited-vulnerabilities-catalog</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664185">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
@@ -738,7 +834,7 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
         <h2 id="remediation">Remediation</h2>
         <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
         <h2 id="references">References</h2>
@@ -746,6 +842,9 @@ <h2 id="references">References</h2>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
         <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
         <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
         </ul>
         
               <hr/>
@@ -754,6 +853,248 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-6965</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            sqlite3/libsqlite3-0
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, gnupg2/gpg@2.4.4-2ubuntu17.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        sqlite3/libsqlite3-0@3.45.1-1ubuntu2.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>sqlite3</code> package and not the <code>sqlite3</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>sqlite3</code> to version 3.45.1-1ubuntu2.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6965">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6965</a></li>
+        <li><a href="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8">https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SQLITE3-10769001">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2025-40909</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            perl/perl-modules-5.38
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/perl-modules-5.38@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/libperl5.38t64@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/perl-modules-5.38@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/libperl5.38t64@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/perl-base@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/perl-base@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/perl-modules-5.38@5.38.2-3.2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl/perl-base@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        perl@5.38.2-3.2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>perl</code> package and not the <code>perl</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Perl threads have a working directory race condition where file operations may target unintended paths.</p>
+        <p>If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. </p>
+        <p>This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.</p>
+        <p>The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>perl</code> to version 5.38.2-3.2ubuntu0.2 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-40909">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-40909</a></li>
+        <li><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226</a></li>
+        <li><a href="https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e">https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e</a></li>
+        <li><a href="https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch">https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch</a></li>
+        <li><a href="https://github.com/Perl/perl5/issues/10387">https://github.com/Perl/perl5/issues/10387</a></li>
+        <li><a href="https://github.com/Perl/perl5/issues/23010">https://github.com/Perl/perl5/issues/23010</a></li>
+        <li><a href="https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads">https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads</a></li>
+        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/22/2">https://www.openwall.com/lists/oss-security/2025/05/22/2</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/05/23/1">http://www.openwall.com/lists/oss-security/2025/05/23/1</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/05/30/4">http://www.openwall.com/lists/oss-security/2025/05/30/4</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/2">http://www.openwall.com/lists/oss-security/2025/06/02/2</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/5">http://www.openwall.com/lists/oss-security/2025/06/02/5</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/6">http://www.openwall.com/lists/oss-security/2025/06/02/6</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/7">http://www.openwall.com/lists/oss-security/2025/06/02/7</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/03/1">http://www.openwall.com/lists/oss-security/2025/06/03/1</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PERL-10285352">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
@@ -998,6 +1339,8 @@ <h2 id="references">References</h2>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
         <li><a href="https://access.redhat.com/errata/RHSA-2025:11386">https://access.redhat.com/errata/RHSA-2025:11386</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:11487">https://access.redhat.com/errata/RHSA-2025:11487</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:14557">https://access.redhat.com/errata/RHSA-2025:14557</a></li>
         </ul>
         
               <hr/>
@@ -1802,7 +2145,7 @@ <h2 id="references">References</h2>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-4877</h2>
+            <h2 class="card__title">Out-of-bounds Write</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1859,12 +2202,19 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>There&#39;s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it&#39;s possible that the program perform out of bounds write leading to a heap corruption.
+        This issue affects only 32-bits builds of libssh.</p>
         <h2 id="remediation">Remediation</h2>
         <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4877">https://access.redhat.com/security/cve/CVE-2025-4877</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376193">https://bugzilla.redhat.com/show_bug.cgi?id=2376193</a></li>
+        <li><a href="https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d">https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&amp;id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d</a></li>
+        <li><a href="https://www.libssh.org/security/advisories/CVE-2025-4877.txt">https://www.libssh.org/security/advisories/CVE-2025-4877.txt</a></li>
         </ul>
         
               <hr/>
@@ -1875,7 +2225,7 @@ <h2 id="references">References</h2>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-4878</h2>
+            <h2 class="card__title">Use After Free</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1932,12 +2282,18 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn&#39;t exist and may lead to possible signing failures or heap corruption.</p>
         <h2 id="remediation">Remediation</h2>
         <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4878">https://access.redhat.com/security/cve/CVE-2025-4878</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376184">https://bugzilla.redhat.com/show_bug.cgi?id=2376184</a></li>
+        <li><a href="https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1">https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1</a></li>
+        <li><a href="https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb">https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb</a></li>
         </ul>
         
               <hr/>
@@ -1946,6 +2302,83 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500669">More about this vulnerability</a></p>
             </div>
         
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">NULL Pointer Dereference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.15
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2build2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libssh</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-8114">https://access.redhat.com/security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2383220">https://bugzilla.redhat.com/show_bug.cgi?id=2383220</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-11797737">More about this vulnerability</a></p>
+            </div>
+        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">LGPL-3.0 license</h2>
@@ -2398,7 +2831,7 @@ <h2 id="nvd-description">NVD Description</h2>
         <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
         <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
@@ -2536,7 +2969,7 @@ <h2 id="nvd-description">NVD Description</h2>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
         <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
@@ -2674,7 +3107,7 @@ <h2 id="nvd-description">NVD Description</h2>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
         <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
@@ -2756,7 +3189,7 @@ <h2 id="nvd-description">NVD Description</h2>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
         <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.5 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
@@ -3496,101 +3929,6 @@ <h2 id="references">References</h2>
                 <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664178">More about this vulnerability</a></p>
             </div>
         
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Link Following</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9">https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9</a></li>
-        <li><a href="https://github.com/liamg/CVE-2025-48384">https://github.com/liamg/CVE-2025-48384</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664185">More about this vulnerability</a></p>
-            </div>
-        
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">OS Command Injection</h2>
diff --git a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
index b46113d7b3350..de564cc7795d6 100644
--- a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:33:26 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:30:44 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/argocd-iac-install.html b/docs/snyk/v3.0.13/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.0.11/argocd-iac-install.html
rename to docs/snyk/v3.0.13/argocd-iac-install.html
index f0e9ab1f84be6..9b17413b62c8a 100644
--- a/docs/snyk/v3.0.11/argocd-iac-install.html
+++ b/docs/snyk/v3.0.13/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:32:02 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:29:30 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.11/argocd-iac-namespace-install.html b/docs/snyk/v3.0.13/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.0.11/argocd-iac-namespace-install.html
rename to docs/snyk/v3.0.13/argocd-iac-namespace-install.html
index 463aac4b71a77..22dfedbbb108c 100644
--- a/docs/snyk/v3.0.11/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.13/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:32:13 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:29:40 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.11/argocd-test.html b/docs/snyk/v3.0.13/argocd-test.html
similarity index 97%
rename from docs/snyk/v3.0.11/argocd-test.html
rename to docs/snyk/v3.0.13/argocd-test.html
index 40acfe388904b..a60a08e6b536f 100644
--- a/docs/snyk/v3.0.11/argocd-test.html
+++ b/docs/snyk/v3.0.13/argocd-test.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="15 known vulnerabilities found in 105 vulnerable dependency paths.">
+  <meta name="description" content="16 known vulnerabilities found in 106 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:29:51 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:21 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -499,8 +499,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>15</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>105 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>16</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>106 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2085</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -509,6 +509,81 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--critical" data-snyk-test="critical">
+            <h2 class="card__title">Predictable Value Range from Previous Values</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--critical">
+                        <span class="label__text">critical severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            form-data
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@8.1.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@8.1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        form-data@4.0.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the <code>boundary</code> value, which uses <code>Math.random()</code>. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>form-data</code> to version 2.5.4, 3.0.4, 4.0.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0">GitHub Commit</a></li>
+        <li><a href="https://github.com/form-data/form-data/commit/b88316c94bb004323669cd3639dc8bb8262539eb">GitHub Commit</a></li>
+        <li><a href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd">GitHub Commit</a></li>
+        <li><a href="https://github.com/benweissmann/CVE-2025-7783-poc">POC</a></li>
+        <li><a href="https://github.com/form-data/form-data/blob/426ba9ac440f95d1998dac9a5cd8d738043b048f/lib/form_data.js#L347">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
             <h2 class="card__title">Prototype Pollution</h2>
             <div class="card__section">
diff --git a/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html
similarity index 99%
rename from docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
rename to docs/snyk/v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html
index 204722e1ede8a..d9e61eb6058a4 100644
--- a/docs/snyk/v3.0.11/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:30:00 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:29 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 336bd8f2340d9..3aade90a9d64b 100644
--- a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:30:04 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:32 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 83f4ed67f14ef..92b46e4fa01a5 100644
--- a/docs/snyk/v3.0.11/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:30:08 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:36 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html b/docs/snyk/v3.0.13/quay.io_argoproj_argocd_v3.0.13.html
similarity index 80%
rename from docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
rename to docs/snyk/v3.0.13/quay.io_argoproj_argocd_v3.0.13.html
index ca0a53b5e0ba4..e7a4c8843a7de 100644
--- a/docs/snyk/v3.1.0-rc3/quay.io_argoproj_argocd_v3.1.0-rc3.html
+++ b/docs/snyk/v3.0.13/quay.io_argoproj_argocd_v3.0.13.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="24 known vulnerabilities found in 102 vulnerable dependency paths.">
+  <meta name="description" content="24 known vulnerabilities found in 81 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,23 +487,23 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:27:51 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:56 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.0-rc3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.13//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
               <div class="meta-counts">
                 <div class="meta-count"><span>24</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>102 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2319</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>81 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -511,6 +511,222 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/expr-lang/expr/vm
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/vm@v1.16.9
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/expr-lang/expr/vm@v1.16.9
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/expr-lang/expr/vm</code> to version 1.17.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
+        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRVM-9460820">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/expr-lang/expr/parser
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/parser@v1.16.9
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/expr-lang/expr/parser@v1.16.9
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/expr-lang/expr/parser</code> to version 1.17.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
+        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRPARSER-9460819">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/expr-lang/expr/conf
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/conf@v1.16.9
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/expr-lang/expr/conf@v1.16.9
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/expr-lang/expr/conf</code> to version 1.17.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
+        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
             <div class="card__section">
@@ -525,7 +741,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -538,7 +754,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and tar@1.35+dfsg-3build1
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and tar@1.35+dfsg-3build1
         
                     </li>
                 </ul>
@@ -551,7 +767,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         tar@1.35+dfsg-3build1
                                         
@@ -560,7 +776,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         dash@0.5.12-6ubuntu5
                                          <span class="list-paths__item__arrow">›</span> 
@@ -580,7 +796,7 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
         <h2 id="remediation">Remediation</h2>
         <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
         <h2 id="references">References</h2>
@@ -588,6 +804,9 @@ <h2 id="references">References</h2>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
         <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
         <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
         </ul>
         
               <hr/>
@@ -611,7 +830,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -624,7 +843,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -637,7 +856,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -646,7 +865,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -657,7 +876,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -668,7 +887,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -683,7 +902,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -700,7 +919,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -719,7 +938,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -728,7 +947,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -745,7 +964,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -754,7 +973,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -765,7 +984,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -776,7 +995,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -791,7 +1010,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -800,7 +1019,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -852,7 +1071,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -865,7 +1084,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -878,7 +1097,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -887,7 +1106,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -898,7 +1117,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -909,7 +1128,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -924,7 +1143,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -941,7 +1160,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -960,7 +1179,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -969,7 +1188,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -986,7 +1205,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -995,7 +1214,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1006,7 +1225,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1017,7 +1236,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1032,7 +1251,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -1041,7 +1260,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1096,7 +1315,7 @@ <h2 class="card__title">NULL Pointer Dereference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1104,13 +1323,13 @@ <h2 class="card__title">NULL Pointer Dereference</h2>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            gnutls28/libgnutls30t64
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
         
+                                    docker-image|quay.io/argoproj/argocd@v3.0.13, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1122,74 +1341,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        libssh/libssh-4@0.10.6-2ubuntu0.1
                                         
                                 </span>
         
@@ -1201,27 +1359,27 @@ <h3 class="card__section__title">Detailed paths</h3>
               <hr/>
               <!-- Overview -->
               <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
+        <p>A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libssh</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-8114">https://access.redhat.com/security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2383220">https://bugzilla.redhat.com/show_bug.cgi?id=2383220</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-11797737">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
+            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1234,20 +1392,20 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
+                        Package Manager: golang
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            gnutls28/libgnutls30t64
+                            golang.org/x/net/html
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
         
                     </li>
                 </ul>
@@ -1260,459 +1418,90 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
+                                        helm.sh/helm/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
+                                        golang.org/x/net/html@v0.33.0
                                         
                                 </span>
         
                             </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
+                    </ul><!-- .list-paths -->
         
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
-        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Heap-based Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
+            </div><!-- .card__section -->
         
               <hr/>
               <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
+        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
+        <h2 id="details">Details</h2>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
+        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
+        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
+        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
+        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
+        <h3 id="types-of-attacks">Types of attacks</h3>
+        <p>There are a few methods by which XSS can be manipulated:</p>
+        <table>
+        <thead>
+        <tr>
+        <th>Type</th>
+        <th>Origin</th>
+        <th>Description</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td><strong>Stored</strong></td>
+        <td>Server</td>
+        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
+        </tr>
+        <tr>
+        <td><strong>Reflected</strong></td>
+        <td>Server</td>
+        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
+        </tr>
+        <tr>
+        <td><strong>DOM-based</strong></td>
+        <td>Client</td>
+        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
+        </tr>
+        <tr>
+        <td><strong>Mutated</strong></td>
+        <td></td>
+        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
+        </tr>
+        </tbody></table>
+        <h3 id="affected-environments">Affected environments</h3>
+        <p>The following environments are susceptible to an XSS attack:</p>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
+        <li>Web servers</li>
+        <li>Application servers</li>
+        <li>Web application environments</li>
         </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Certificate Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
+        <h3 id="how-to-prevent">How to prevent</h3>
+        <p>This section describes the top best practices designed to specifically protect your code: </p>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
+        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
+        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
+        <li>Give users the option to disable client-side scripts.</li>
+        <li>Redirect invalid requests.</li>
+        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
+        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
+        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
         </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-5702</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and glibc/libc-bin@2.39-0ubuntu8.4
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
-        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
+        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
+        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -1730,7 +1519,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1792,7 +1581,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1805,7 +1594,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.7.0
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.6.0
         
                     </li>
                 </ul>
@@ -1820,7 +1609,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.7.0
+                                        github.com/hashicorp/go-version@v1.6.0
                                         
                                 </span>
         
@@ -1854,7 +1643,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1916,7 +1705,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1978,7 +1767,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2040,7 +1829,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2102,7 +1891,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2116,7 +1905,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc3, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.13, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -2128,7 +1917,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2139,7 +1928,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                         
@@ -2148,9 +1937,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
+                                        git-lfs@3.4.1-1ubuntu0.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                         
@@ -2197,7 +1986,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2210,7 +1999,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -2223,7 +2012,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2232,9 +2021,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2243,7 +2032,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2256,7 +2045,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2304,7 +2093,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2317,7 +2106,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2330,7 +2119,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2376,7 +2165,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2389,7 +2178,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2402,7 +2191,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2453,7 +2242,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2466,7 +2255,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -2479,7 +2268,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2488,7 +2277,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2499,7 +2288,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2510,7 +2299,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2521,9 +2310,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2532,7 +2321,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2545,7 +2334,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2560,7 +2349,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2577,7 +2366,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2594,7 +2383,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2603,7 +2392,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2653,7 +2442,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2666,7 +2455,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2679,7 +2468,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2688,7 +2477,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2699,7 +2488,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2710,7 +2499,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2721,7 +2510,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2734,7 +2523,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2747,7 +2536,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2760,7 +2549,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2770,7 +2559,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@255.4-1ubuntu8.10
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2821,7 +2610,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2834,7 +2623,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and gnupg2/gpgv@2.4.4-2ubuntu17.3
         
                     </li>
                 </ul>
@@ -2847,7 +2636,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
@@ -2856,7 +2645,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2867,7 +2656,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2878,7 +2667,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2889,7 +2678,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2900,7 +2689,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                         
@@ -2909,7 +2698,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                         
@@ -2918,7 +2707,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                         
@@ -2969,7 +2758,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2982,7 +2771,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and glibc/libc-bin@2.39-0ubuntu8.5
         
                     </li>
                 </ul>
@@ -2995,18 +2784,18 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        glibc/libc-bin@2.39-0ubuntu8.5
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
+                                        glibc/libc6@2.39-0ubuntu8.5
                                         
                                 </span>
         
@@ -3052,7 +2841,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3066,7 +2855,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.0-rc3, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.13, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -3078,7 +2867,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3133,7 +2922,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.0-rc3/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3146,7 +2935,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.0-rc3 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.0.13 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -3159,7 +2948,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.0-rc3
+                                        docker-image|quay.io/argoproj/argocd@v3.0.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         
diff --git a/docs/snyk/v3.0.11/redis_7.2.7-alpine.html b/docs/snyk/v3.0.13/redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.11/redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.13/redis_7.2.7-alpine.html
index 3e2a3ed3ebea4..8b3e8459fd422 100644
--- a/docs/snyk/v3.0.11/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.13/redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:30:32 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:59 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/argocd-iac-install.html b/docs/snyk/v3.1.1/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc3/argocd-iac-install.html
rename to docs/snyk/v3.1.1/argocd-iac-install.html
index 20680afac1134..a8866d61fb024 100644
--- a/docs/snyk/v3.1.0-rc3/argocd-iac-install.html
+++ b/docs/snyk/v3.1.1/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:29:21 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:26:53 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -933,7 +933,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25791
+                              Line number: 25809
                           </li>
                       </ul>
               
@@ -1339,7 +1339,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25791
+                              Line number: 25809
                           </li>
                       </ul>
               
@@ -1455,7 +1455,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25878
+                              Line number: 25896
                           </li>
                       </ul>
               
@@ -1513,7 +1513,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26288
+                              Line number: 26306
                           </li>
                       </ul>
               
@@ -2127,7 +2127,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25791
+                              Line number: 25809
                           </li>
                       </ul>
               
@@ -2243,7 +2243,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25878
+                              Line number: 25896
                           </li>
                       </ul>
               
@@ -2301,7 +2301,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26288
+                              Line number: 26306
                           </li>
                       </ul>
               
@@ -2693,7 +2693,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25798
+                              Line number: 25816
                           </li>
                       </ul>
               
@@ -2749,7 +2749,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25764
+                              Line number: 25782
                           </li>
                       </ul>
               
@@ -2805,7 +2805,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26187
+                              Line number: 26205
                           </li>
                       </ul>
               
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 26557
+                              Line number: 26575
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html b/docs/snyk/v3.1.1/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
rename to docs/snyk/v3.1.1/argocd-iac-namespace-install.html
index 2a53df8da0281..432ca6c5f578f 100644
--- a/docs/snyk/v3.1.0-rc3/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.1.1/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:29:33 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:27:03 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -887,7 +887,7 @@ <h2 class="card__title">Container could be running with outdated image</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1594
+                              Line number: 1612
                           </li>
                       </ul>
               
@@ -1293,7 +1293,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1594
+                              Line number: 1612
                           </li>
                       </ul>
               
@@ -1409,7 +1409,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1681
+                              Line number: 1699
                           </li>
                       </ul>
               
@@ -1467,7 +1467,7 @@ <h2 class="card__title">Container has no CPU limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2091
+                              Line number: 2109
                           </li>
                       </ul>
               
@@ -2081,7 +2081,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1594
+                              Line number: 1612
                           </li>
                       </ul>
               
@@ -2197,7 +2197,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1681
+                              Line number: 1699
                           </li>
                       </ul>
               
@@ -2255,7 +2255,7 @@ <h2 class="card__title">Container is running without memory limit</h2>
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2091
+                              Line number: 2109
                           </li>
                       </ul>
               
@@ -2647,7 +2647,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1601
+                              Line number: 1619
                           </li>
                       </ul>
               
@@ -2703,7 +2703,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1567
+                              Line number: 1585
                           </li>
                       </ul>
               
@@ -2759,7 +2759,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 1990
+                              Line number: 2008
                           </li>
                       </ul>
               
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2360
+                              Line number: 2378
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v3.1.0-rc3/argocd-test.html b/docs/snyk/v3.1.1/argocd-test.html
similarity index 94%
rename from docs/snyk/v3.1.0-rc3/argocd-test.html
rename to docs/snyk/v3.1.1/argocd-test.html
index 1927e090265d4..4943035c330ca 100644
--- a/docs/snyk/v3.1.0-rc3/argocd-test.html
+++ b/docs/snyk/v3.1.1/argocd-test.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="8 known vulnerabilities found in 28 vulnerable dependency paths.">
+  <meta name="description" content="9 known vulnerabilities found in 29 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:27:17 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:24:46 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -499,8 +499,8 @@ <h1 class="project__header__title">Snyk test report</h1>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>9</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>29 vulnerable dependency paths</span></div>
                 <div class="meta-count"><span>2103</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
@@ -509,6 +509,81 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--critical" data-snyk-test="critical">
+            <h2 class="card__title">Predictable Value Range from Previous Values</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--critical">
+                        <span class="label__text">critical severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: /argo-cd <span class="list-paths__item__arrow">›</span> ui/yarn.lock
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: npm
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            form-data
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    argo-cd-ui@1.0.0, superagent@8.1.2 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        argo-cd-ui@1.0.0
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        superagent@8.1.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        form-data@4.0.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the <code>boundary</code> value, which uses <code>Math.random()</code>. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>form-data</code> to version 2.5.4, 3.0.4, 4.0.4 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0">GitHub Commit</a></li>
+        <li><a href="https://github.com/form-data/form-data/commit/b88316c94bb004323669cd3639dc8bb8262539eb">GitHub Commit</a></li>
+        <li><a href="https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd">GitHub Commit</a></li>
+        <li><a href="https://github.com/benweissmann/CVE-2025-7783-poc">POC</a></li>
+        <li><a href="https://github.com/form-data/form-data/blob/426ba9ac440f95d1998dac9a5cd8d738043b048f/lib/form_data.js#L347">Vulnerable Code</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-JS-FORMDATA-10841150">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">MPL-2.0 license</h2>
             <div class="card__section">
diff --git a/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
rename to docs/snyk/v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html
index c5295012bb1b4..e9b068f58df22 100644
--- a/docs/snyk/v3.1.0-rc3/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:27:23 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:24:53 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index ae1728a0524dd..ccb15459ed94e 100644
--- a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:27:27 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:24:56 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 553a1ecb1c853..f7947c257eca6 100644
--- a/docs/snyk/v3.1.0-rc3/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:27:31 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:24:59 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html b/docs/snyk/v3.1.1/quay.io_argoproj_argocd_v3.1.1.html
similarity index 68%
rename from docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
rename to docs/snyk/v3.1.1/quay.io_argoproj_argocd_v3.1.1.html
index f166b27a16413..a22a1300e5f60 100644
--- a/docs/snyk/v3.0.11/quay.io_argoproj_argocd_v3.0.11.html
+++ b/docs/snyk/v3.1.1/quay.io_argoproj_argocd_v3.1.1.html
@@ -7,7 +7,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>Snyk test report</title>
-  <meta name="description" content="28 known vulnerabilities found in 106 vulnerable dependency paths.">
+  <meta name="description" content="20 known vulnerabilities found in 77 vulnerable dependency paths.">
   <base target="_blank">
   <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
     sizes="194x194">
@@ -487,23 +487,23 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">July 20th 2025, 12:30:27 am (UTC+00:00)</p>
+                <p class="timestamp">August 31st 2025, 12:25:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.11//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.11/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.1//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
               <div class="meta-counts">
-                <div class="meta-count"><span>28</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>106 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2358</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>20</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>77 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2319</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -511,222 +511,6 @@ <h1 class="project__header__title">Snyk test report</h1>
 
     <div class="layout-container" style="padding-top: 35px;">
       <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/expr-lang/expr/vm
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/vm@v1.16.9
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/expr-lang/expr/vm@v1.16.9
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/expr-lang/expr/vm</code> to version 1.17.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
-        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRVM-9460820">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/expr-lang/expr/parser
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/parser@v1.16.9
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/expr-lang/expr/parser@v1.16.9
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/expr-lang/expr/parser</code> to version 1.17.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
-        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRPARSER-9460819">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/expr-lang/expr/conf
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v3@* and github.com/expr-lang/expr/conf@v1.16.9
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/expr-lang/expr/conf@v1.16.9
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the <code>parseExpression()</code> function in <code>parser.go</code>, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees (ASTs). An attacker can crash the application by supplying excessively long deeply nested expression strings.</p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be avoided by checking and limiting the length of input expressions before parsing them.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/expr-lang/expr/conf</code> to version 1.17.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e">GitHub Commit</a></li>
-        <li><a href="https://github.com/expr-lang/expr/pull/762">GitHub PR</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMEXPRLANGEXPRCONF-9460818">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
             <h2 class="card__title">Directory Traversal</h2>
             <div class="card__section">
@@ -741,7 +525,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -754,7 +538,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and tar@1.35+dfsg-3build1
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and tar@1.35+dfsg-3build1
         
                     </li>
                 </ul>
@@ -767,7 +551,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         tar@1.35+dfsg-3build1
                                         
@@ -776,7 +560,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         dash@0.5.12-6ubuntu5
                                          <span class="list-paths__item__arrow">›</span> 
@@ -796,7 +580,7 @@ <h3 class="card__section__title">Detailed paths</h3>
               <h2 id="nvd-description">NVD Description</h2>
         <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
         <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages).</p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
         <h2 id="remediation">Remediation</h2>
         <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
         <h2 id="references">References</h2>
@@ -804,6 +588,9 @@ <h2 id="references">References</h2>
         <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
         <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
         <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
         </ul>
         
               <hr/>
@@ -827,7 +614,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -840,7 +627,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -853,7 +640,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -862,7 +649,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -873,7 +660,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -884,7 +671,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -899,7 +686,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -916,7 +703,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -935,7 +722,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -944,7 +731,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -961,7 +748,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -970,7 +757,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -981,7 +768,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -992,7 +779,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1007,7 +794,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -1016,7 +803,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1068,7 +855,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1081,7 +868,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -1094,7 +881,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -1103,7 +890,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1114,7 +901,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1125,7 +912,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1140,7 +927,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1157,7 +944,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1176,7 +963,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -1185,7 +972,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1202,7 +989,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -1211,7 +998,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1222,7 +1009,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1233,7 +1020,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1248,7 +1035,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -1257,7 +1044,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1299,7 +1086,7 @@ <h2 id="references">References</h2>
         
         </div><!-- .card -->
         <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <h2 class="card__title">NULL Pointer Dereference</h2>
             <div class="card__section">
         
                 <div class="card__labels">
@@ -1312,21 +1099,21 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
-                        Package Manager: golang
+                        Package Manager: ubuntu:24.04
                     </li>
                     <li class="card__meta__item">
                             Vulnerable module:
         
-                            golang.org/x/net/html
+                            libssh/libssh-4
                     </li>
         
                     <li class="card__meta__item">Introduced through:
         
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.33.0
         
+                                    docker-image|quay.io/argoproj/argocd@v3.1.1, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1338,9 +1125,13 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
                                          <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.33.0
+                                        libssh/libssh-4@0.10.6-2ubuntu0.1
                                         
                                 </span>
         
@@ -1351,711 +1142,23 @@ <h3 class="card__section__title">Detailed paths</h3>
         
               <hr/>
               <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.</p>
         <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">NULL Pointer Dereference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
-        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Heap-based Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Certificate Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnutls28</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-5702</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and glibc/libc-bin@2.39-0ubuntu8.4
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libssh</code>.</p>
         <h2 id="references">References</h2>
         <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
-        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-8114">https://access.redhat.com/security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2383220">https://bugzilla.redhat.com/show_bug.cgi?id=2383220</a></li>
         </ul>
         
               <hr/>
         
             <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-11797737">More about this vulnerability</a></p>
             </div>
         
         </div><!-- .card -->
@@ -2073,7 +1176,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2135,7 +1238,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2148,7 +1251,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.6.0
+                                github.com/argoproj/argo-cd/v3@* and github.com/hashicorp/go-version@v1.7.0
         
                     </li>
                 </ul>
@@ -2163,7 +1266,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@*
                                          <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.6.0
+                                        github.com/hashicorp/go-version@v1.7.0
                                         
                                 </span>
         
@@ -2197,7 +1300,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2259,7 +1362,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2321,7 +1424,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2383,7 +1486,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -2445,7 +1548,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2459,7 +1562,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.11, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.1, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -2471,7 +1574,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2482,7 +1585,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                         
@@ -2491,9 +1594,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
+                                        git-lfs@3.4.1-1ubuntu0.3
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                         
@@ -2540,7 +1643,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2553,7 +1656,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -2566,7 +1669,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2575,9 +1678,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2586,7 +1689,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2599,7 +1702,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2647,7 +1750,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2660,7 +1763,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2673,7 +1776,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2719,7 +1822,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2732,7 +1835,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2745,7 +1848,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2796,7 +1899,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2809,7 +1912,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -2822,7 +1925,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2831,7 +1934,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2842,7 +1945,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2853,7 +1956,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2864,9 +1967,9 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2875,7 +1978,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2888,7 +1991,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2903,7 +2006,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2920,7 +2023,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2937,7 +2040,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2946,7 +2049,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2996,7 +2099,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3009,7 +2112,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -3022,7 +2125,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -3031,7 +2134,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3042,7 +2145,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3053,7 +2156,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3064,7 +2167,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3077,7 +2180,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3090,7 +2193,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3103,7 +2206,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3113,7 +2216,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
+                                        systemd/libsystemd0@255.4-1ubuntu8.10
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -3164,7 +2267,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3177,7 +2280,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and gnupg2/gpgv@2.4.4-2ubuntu17.3
         
                     </li>
                 </ul>
@@ -3190,7 +2293,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
@@ -3199,7 +2302,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3210,7 +2313,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3221,7 +2324,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3232,7 +2335,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3243,7 +2346,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                         
@@ -3252,7 +2355,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                         
@@ -3261,7 +2364,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                         
@@ -3312,7 +2415,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3325,7 +2428,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and glibc/libc-bin@2.39-0ubuntu8.4
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and glibc/libc-bin@2.39-0ubuntu8.5
         
                     </li>
                 </ul>
@@ -3338,18 +2441,18 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
+                                        glibc/libc-bin@2.39-0ubuntu8.5
                                         
                                 </span>
         
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
+                                        glibc/libc6@2.39-0ubuntu8.5
                                         
                                 </span>
         
@@ -3395,7 +2498,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3409,7 +2512,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.11, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.1, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -3421,7 +2524,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -3476,7 +2579,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.11/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -3489,7 +2592,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.11 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.1.1 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -3502,7 +2605,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.11
+                                        docker-image|quay.io/argoproj/argocd@v3.1.1
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         

From ea446bf58870bce869c6ff1cbcd982c77213b3a9 Mon Sep 17 00:00:00 2001
From: Adriano Machado <60320+ammachado@users.noreply.github.com>
Date: Sat, 6 Sep 2025 14:24:18 -0400
Subject: [PATCH 355/383] feat(server): 3scale health checks (#24327) (#24326)

Signed-off-by: Adriano Machado <60320+ammachado@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../apps.3scale.net/APIManager/health.lua     | 41 +++++++++++++++++++
 .../APIManager/health_test.yaml               | 21 ++++++++++
 .../APIManager/testdata/degraded.yaml         |  7 ++++
 .../APIManager/testdata/healthy.yaml          |  8 ++++
 .../APIManager/testdata/progressing-1.yaml    | 14 +++++++
 .../APIManager/testdata/progressing-2.yaml    | 11 +++++
 .../APIManager/testdata/progressing-3.yaml    | 12 ++++++
 .../ActiveDoc/health.lua                      | 27 ++++++++++++
 .../ActiveDoc/health_test.yaml                | 21 ++++++++++
 .../ActiveDoc/testdata/degraded-failed.yaml   |  7 ++++
 .../ActiveDoc/testdata/degraded-invalid.yaml  |  7 ++++
 .../ActiveDoc/testdata/degraded-orphan.yaml   |  7 ++++
 .../ActiveDoc/testdata/healthy.yaml           |  6 +++
 .../ActiveDoc/testdata/progressing.yaml       |  4 ++
 .../Application/health.lua                    | 32 +++++++++++++++
 .../Application/health_test.yaml              | 17 ++++++++
 .../Application/testdata/degraded.yaml        |  8 ++++
 .../Application/testdata/healthy.yaml         |  8 ++++
 .../Application/testdata/progressing.yaml     |  4 ++
 .../Application/testdata/suspended.yaml       |  4 ++
 .../ApplicationAuth/health.lua                | 23 +++++++++++
 .../ApplicationAuth/health_test.yaml          | 13 ++++++
 .../ApplicationAuth/testdata/degraded.yaml    |  7 ++++
 .../ApplicationAuth/testdata/healthy.yaml     |  6 +++
 .../ApplicationAuth/testdata/progressing.yaml |  4 ++
 .../Backend/health.lua                        | 27 ++++++++++++
 .../Backend/health_test.yaml                  | 17 ++++++++
 .../Backend/testdata/degraded-failed.yaml     | 10 +++++
 .../Backend/testdata/degraded-invalid.yaml    | 11 +++++
 .../Backend/testdata/degraded-not-synced.yaml | 11 +++++
 .../Backend/testdata/healthy.yaml             | 11 +++++
 .../Backend/testdata/progressing.yaml         | 11 +++++
 .../CustomPolicyDefinition/health.lua         | 23 +++++++++++
 .../CustomPolicyDefinition/health_test.yaml   | 13 ++++++
 .../testdata/degraded.yaml                    |  7 ++++
 .../testdata/healthy.yaml                     |  7 ++++
 .../testdata/progressing.yaml                 |  4 ++
 .../DeveloperAccount/health.lua               | 31 ++++++++++++++
 .../DeveloperAccount/health_test.yaml         | 21 ++++++++++
 .../testdata/degraded-failed.yaml             |  7 ++++
 .../testdata/degraded-invalid.yaml            |  7 ++++
 .../DeveloperAccount/testdata/healthy.yaml    |  6 +++
 .../testdata/progressing.yaml                 |  4 ++
 .../DeveloperAccount/testdata/waiting.yaml    |  7 ++++
 .../DeveloperUser/health.lua                  | 39 ++++++++++++++++++
 .../DeveloperUser/health_test.yaml            | 25 +++++++++++
 .../testdata/degraded-failed.yaml             |  7 ++++
 .../testdata/degraded-invalid.yaml            |  7 ++++
 .../testdata/degraded-orphan.yaml             |  7 ++++
 .../DeveloperUser/testdata/healthy.yaml       |  6 +++
 .../DeveloperUser/testdata/progressing.yaml   |  4 ++
 .../DeveloperUser/testdata/suspended.yaml     |  4 ++
 .../OpenAPI/health.lua                        | 27 ++++++++++++
 .../OpenAPI/health_test.yaml                  | 17 ++++++++
 .../OpenAPI/testdata/degraded-failed.yaml     |  7 ++++
 .../OpenAPI/testdata/degraded-invalid.yaml    |  7 ++++
 .../OpenAPI/testdata/healthy.yaml             |  6 +++
 .../OpenAPI/testdata/progressing.yaml         |  4 ++
 .../Product/health.lua                        | 31 ++++++++++++++
 .../Product/health_test.yaml                  | 21 ++++++++++
 .../Product/testdata/degraded-failed.yaml     |  7 ++++
 .../Product/testdata/degraded-invalid.yaml    |  7 ++++
 .../Product/testdata/degraded-orphan.yaml     |  7 ++++
 .../Product/testdata/healthy.yaml             |  7 ++++
 .../Product/testdata/progressing.yaml         | 20 +++++++++
 .../ProxyConfigPromote/health.lua             | 27 ++++++++++++
 .../ProxyConfigPromote/health_test.yaml       | 17 ++++++++
 .../ProxyConfigPromote/testdata/degraded.yaml |  7 ++++
 .../ProxyConfigPromote/testdata/healthy.yaml  |  7 ++++
 .../testdata/in-progress.yaml                 |  7 ++++
 .../testdata/progressing.yaml                 |  4 ++
 .../capabilities.3scale.net/Tenant/health.lua | 38 +++++++++++++++++
 .../Tenant/health_test.yaml                   | 13 ++++++
 .../Tenant/testdata/degraded.yaml             |  9 ++++
 .../Tenant/testdata/healthy.yaml              | 11 +++++
 .../Tenant/testdata/progressing.yaml          |  9 ++++
 76 files changed, 970 insertions(+)
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/health.lua
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/health_test.yaml
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/testdata/degraded.yaml
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/testdata/healthy.yaml
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/testdata/progressing-1.yaml
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/testdata/progressing-2.yaml
 create mode 100644 resource_customizations/apps.3scale.net/APIManager/testdata/progressing-3.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-failed.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-invalid.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-orphan.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Application/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/Application/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Application/testdata/degraded.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Application/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Application/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Application/testdata/suspended.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ApplicationAuth/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/ApplicationAuth/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/degraded.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-failed.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-invalid.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-not-synced.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Backend/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/degraded.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-failed.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-invalid.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/waiting.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-failed.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-invalid.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-orphan.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/suspended.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/OpenAPI/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/OpenAPI/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-failed.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-invalid.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/OpenAPI/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/OpenAPI/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/testdata/degraded-failed.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/testdata/degraded-invalid.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/testdata/degraded-orphan.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Product/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/degraded.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/in-progress.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/progressing.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Tenant/health.lua
 create mode 100644 resource_customizations/capabilities.3scale.net/Tenant/health_test.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Tenant/testdata/degraded.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Tenant/testdata/healthy.yaml
 create mode 100644 resource_customizations/capabilities.3scale.net/Tenant/testdata/progressing.yaml

diff --git a/resource_customizations/apps.3scale.net/APIManager/health.lua b/resource_customizations/apps.3scale.net/APIManager/health.lua
new file mode 100644
index 0000000000000..86741cd1129ab
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/health.lua
@@ -0,0 +1,41 @@
+local hs = {}
+
+if obj ~= nil and obj.status ~= nil then
+  local deployments = obj.status.deployments
+  if deployments ~= nil then
+    local has_ready = deployments.ready ~= nil
+    local has_starting = deployments.starting ~= nil
+    local has_stopped = deployments.stopped ~= nil
+
+    if has_ready and (not has_starting) and (not has_stopped) then
+      hs.status = "Healthy"
+      hs.message = "3scale APIManager is available"
+      return hs
+    elseif (has_ready and (has_starting or has_stopped)) or (not has_ready) then
+      hs.status = "Progressing"
+      hs.message = "Waiting for 3scale APIManager status..."
+    end
+  end
+
+  -- Fallback to condition-based evaluation
+  if obj.status.conditions ~= nil then
+    for _, condition in ipairs(obj.status.conditions) do
+      if condition.type == "Available" then
+        if condition.status == "True" then
+          hs.status = "Healthy"
+          hs.message = "3scale APIManager is available"
+          return hs
+        elseif condition.reason ~= nil and condition.reason ~= "" then
+          local msg = "3scale APIManager is degraded: " .. condition.reason
+          hs.status = "Degraded"
+          hs.message = msg
+          return hs
+        end
+      end
+    end
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale APIManager status..."
+return hs
diff --git a/resource_customizations/apps.3scale.net/APIManager/health_test.yaml b/resource_customizations/apps.3scale.net/APIManager/health_test.yaml
new file mode 100644
index 0000000000000..696416cb9cad1
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/health_test.yaml
@@ -0,0 +1,21 @@
+tests:
+  - healthStatus:
+      status: Degraded
+      message: "3scale APIManager is degraded: MissingWatchedSecrets"
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Healthy
+      message: "3scale APIManager is available"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale APIManager status..."
+    inputPath: testdata/progressing-1.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale APIManager status..."
+    inputPath: testdata/progressing-2.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale APIManager status..."
+    inputPath: testdata/progressing-3.yaml
diff --git a/resource_customizations/apps.3scale.net/APIManager/testdata/degraded.yaml b/resource_customizations/apps.3scale.net/APIManager/testdata/degraded.yaml
new file mode 100644
index 0000000000000..14649852d6245
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/testdata/degraded.yaml
@@ -0,0 +1,7 @@
+apiVersion: apps.3scale.net/v1alpha1
+kind: APIManager
+status:
+  conditions:
+    - type: Available
+      status: "False"
+      reason: "MissingWatchedSecrets"
diff --git a/resource_customizations/apps.3scale.net/APIManager/testdata/healthy.yaml b/resource_customizations/apps.3scale.net/APIManager/testdata/healthy.yaml
new file mode 100644
index 0000000000000..be7621b904540
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/testdata/healthy.yaml
@@ -0,0 +1,8 @@
+apiVersion: apps.3scale.net/v1alpha1
+kind: APIManager
+status:
+  conditions:
+    - status: "True"
+      type: Available
+  deployments:
+    ready: []
diff --git a/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-1.yaml b/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-1.yaml
new file mode 100644
index 0000000000000..53f4088de3478
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-1.yaml
@@ -0,0 +1,14 @@
+apiVersion: apps.3scale.net/v1alpha1
+kind: APIManager
+status:
+  conditions:
+    - status: "False"
+      type: Available
+  deployments:
+    ready:
+      - a
+    starting:
+      - b
+      - c
+    stopped:
+      - e
diff --git a/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-2.yaml b/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-2.yaml
new file mode 100644
index 0000000000000..a1010358168fd
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-2.yaml
@@ -0,0 +1,11 @@
+apiVersion: apps.3scale.net/v1alpha1
+kind: APIManager
+status:
+  conditions:
+    - status: "False"
+      type: Available
+  deployments:
+    starting:
+      - a
+    stopped:
+      - b
diff --git a/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-3.yaml b/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-3.yaml
new file mode 100644
index 0000000000000..22d508e95b52e
--- /dev/null
+++ b/resource_customizations/apps.3scale.net/APIManager/testdata/progressing-3.yaml
@@ -0,0 +1,12 @@
+apiVersion: apps.3scale.net/v1alpha1
+kind: APIManager
+status:
+  conditions:
+    - status: "False"
+      type: Available
+  deployments:
+    ready:
+      - a
+    starting:
+      - b
+      - c
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/health.lua b/resource_customizations/capabilities.3scale.net/ActiveDoc/health.lua
new file mode 100644
index 0000000000000..932c51707cba2
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/health.lua
@@ -0,0 +1,27 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.type == "Ready" and condition.status == "True" then
+      hs.status = "Healthy"
+      hs.message = "3scale ActiveDoc is ready"
+      return hs
+    elseif condition.type == "Invalid" and condition.status == "True" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale ActiveDoc configuration is invalid"
+      return hs
+    elseif condition.type == "Orphan" and condition.status == "True" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale ActiveDoc references non-existing resources"
+      return hs
+    elseif condition.type == "Failed" and condition.status == "True" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale ActiveDoc synchronization failed"
+      return hs
+    end
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale ActiveDoc status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/health_test.yaml b/resource_customizations/capabilities.3scale.net/ActiveDoc/health_test.yaml
new file mode 100644
index 0000000000000..0a281d91236d2
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/health_test.yaml
@@ -0,0 +1,21 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale ActiveDoc is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failure message"
+    inputPath: testdata/degraded-failed.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Validation failure"
+    inputPath: testdata/degraded-invalid.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Referenced product does not exist"
+    inputPath: testdata/degraded-orphan.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale ActiveDoc status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-failed.yaml b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-failed.yaml
new file mode 100644
index 0000000000000..fd982700759b9
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-failed.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failure message
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-invalid.yaml b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-invalid.yaml
new file mode 100644
index 0000000000000..81e5ecd6616f2
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-invalid.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Validation failure
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-orphan.yaml b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-orphan.yaml
new file mode 100644
index 0000000000000..7a6ce2c8ed3b1
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/degraded-orphan.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Referenced product does not exist
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/healthy.yaml
new file mode 100644
index 0000000000000..c736d46f58e39
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/healthy.yaml
@@ -0,0 +1,6 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/progressing.yaml
new file mode 100644
index 0000000000000..154f967de43f1
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ActiveDoc/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/Application/health.lua b/resource_customizations/capabilities.3scale.net/Application/health.lua
new file mode 100644
index 0000000000000..c5d88edec826d
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Application/health.lua
@@ -0,0 +1,32 @@
+local hs = {}
+
+if obj.status ~= nil then
+  if obj.status.state ~= nil and obj.status.state == "suspended" then
+    hs.status = "Suspended"
+    hs.message = "3scale Application is suspended"
+    return hs
+  end
+
+  local application_id = obj.status.adminId
+  local has_application_id = (application_id ~= nil and type(application_id) == "number" and application_id > 0)
+
+  if obj.status.conditions ~= nil then
+    for _, condition in ipairs(obj.status.conditions) do
+      if condition.type == "Ready" then
+        if condition.status == "True" then
+          hs.status = "Healthy"
+          hs.message = "3scale Application is ready"
+          return hs
+        elseif not has_application_id then
+          hs.status = "Degraded"
+          hs.message = condition.message or "3scale Application is not ready"
+          return hs
+        end
+      end
+    end
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale Application status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/Application/health_test.yaml b/resource_customizations/capabilities.3scale.net/Application/health_test.yaml
new file mode 100644
index 0000000000000..9372a96360c4f
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Application/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale Application is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failed to synchronize application with 3scale API"
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Suspended
+      message: "3scale Application is suspended"
+    inputPath: testdata/suspended.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale Application status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/Application/testdata/degraded.yaml b/resource_customizations/capabilities.3scale.net/Application/testdata/degraded.yaml
new file mode 100644
index 0000000000000..66566b68a7b66
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Application/testdata/degraded.yaml
@@ -0,0 +1,8 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Application
+status:
+  applicationID: null
+  conditions:
+    - type: Ready
+      status: "False"
+      message: Failed to synchronize application with 3scale API
diff --git a/resource_customizations/capabilities.3scale.net/Application/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/Application/testdata/healthy.yaml
new file mode 100644
index 0000000000000..5e9690f83ff89
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Application/testdata/healthy.yaml
@@ -0,0 +1,8 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Application
+status:
+  applicationID: 123456
+  conditions:
+    - type: Ready
+      status: "True"
+      message: Application has been successfully synchronized
diff --git a/resource_customizations/capabilities.3scale.net/Application/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/Application/testdata/progressing.yaml
new file mode 100644
index 0000000000000..82296be8b7865
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Application/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Application
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/Application/testdata/suspended.yaml b/resource_customizations/capabilities.3scale.net/Application/testdata/suspended.yaml
new file mode 100644
index 0000000000000..cf57d6fb99b97
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Application/testdata/suspended.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Application
+status:
+  state: suspended
diff --git a/resource_customizations/capabilities.3scale.net/ApplicationAuth/health.lua b/resource_customizations/capabilities.3scale.net/ApplicationAuth/health.lua
new file mode 100644
index 0000000000000..57a731821d565
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ApplicationAuth/health.lua
@@ -0,0 +1,23 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.status ~= "True" then goto continue end
+
+    if condition.type == "Ready" then
+      hs.status = "Healthy"
+      hs.message = "3scale ApplicationAuth is ready"
+      return hs
+    elseif condition.type == "Failed" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale ApplicationAuth failed"
+      return hs
+    end
+
+    ::continue::
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale ApplicationAuth status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/ApplicationAuth/health_test.yaml b/resource_customizations/capabilities.3scale.net/ApplicationAuth/health_test.yaml
new file mode 100644
index 0000000000000..1ed8bd6e6743d
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ApplicationAuth/health_test.yaml
@@ -0,0 +1,13 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale ApplicationAuth is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failed to generate authentication secret"
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale ApplicationAuth status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/degraded.yaml b/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/degraded.yaml
new file mode 100644
index 0000000000000..c4f1fa89c500f
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/degraded.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ApplicationAuth
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failed to generate authentication secret
diff --git a/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/healthy.yaml
new file mode 100644
index 0000000000000..117cf2c4acca2
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/healthy.yaml
@@ -0,0 +1,6 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ApplicationAuth
+status:
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/progressing.yaml
new file mode 100644
index 0000000000000..3a9f8d486f6b6
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ApplicationAuth/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ApplicationAuth
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/Backend/health.lua b/resource_customizations/capabilities.3scale.net/Backend/health.lua
new file mode 100644
index 0000000000000..05901b84105fd
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/health.lua
@@ -0,0 +1,27 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.status ~= "True" then goto continue end
+
+    if condition.type == "Synced" then
+      hs.status = "Healthy"
+      hs.message = "3scale Backend is synced"
+      return hs
+    elseif condition.type == "Invalid" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale Backend configuration is invalid"
+      return hs
+    elseif condition.type == "Failed" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale Backend synchronization failed"
+      return hs
+    end
+
+    ::continue::
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale Backend status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/Backend/health_test.yaml b/resource_customizations/capabilities.3scale.net/Backend/health_test.yaml
new file mode 100644
index 0000000000000..2a5dbabf6787e
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale Backend is synced"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "3scale Backend synchronization failed"
+    inputPath: testdata/degraded-failed.yaml
+  - healthStatus:
+      status: Degraded
+      message: "3scale Backend configuration is invalid"
+    inputPath: testdata/degraded-invalid.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale Backend status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-failed.yaml b/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-failed.yaml
new file mode 100644
index 0000000000000..d867b7d179eaf
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-failed.yaml
@@ -0,0 +1,10 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Backend
+status:
+  conditions:
+    - status: "True"
+      type: Failed
+    - status: "False"
+      type: Invalid
+    - status: "False"
+      type: Synced
diff --git a/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-invalid.yaml b/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-invalid.yaml
new file mode 100644
index 0000000000000..37c153b2d481d
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-invalid.yaml
@@ -0,0 +1,11 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Backend
+status:
+  backendId: 59978
+  conditions:
+    - status: "False"
+      type: Failed
+    - status: "True"
+      type: Invalid
+    - status: "False"
+      type: Synced
diff --git a/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-not-synced.yaml b/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-not-synced.yaml
new file mode 100644
index 0000000000000..0bbdfbce5f782
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/testdata/degraded-not-synced.yaml
@@ -0,0 +1,11 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Backend
+status:
+  conditions:
+    - status: "False"
+      type: Failed
+    - status: "False"
+      type: Invalid
+    - status: "False"
+      type: Synced
+      reason: SynchronizationFailed
diff --git a/resource_customizations/capabilities.3scale.net/Backend/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/Backend/testdata/healthy.yaml
new file mode 100644
index 0000000000000..698b59bf31b1e
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/testdata/healthy.yaml
@@ -0,0 +1,11 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Backend
+status:
+  backendId: 59978
+  conditions:
+    - status: "False"
+      type: Failed
+    - status: "False"
+      type: Invalid
+    - status: "True"
+      type: Synced
diff --git a/resource_customizations/capabilities.3scale.net/Backend/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/Backend/testdata/progressing.yaml
new file mode 100644
index 0000000000000..ac6597f8c858a
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Backend/testdata/progressing.yaml
@@ -0,0 +1,11 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Backend
+status:
+  backendId: 59978
+  conditions:
+    - status: "False"
+      type: Failed
+    - status: "False"
+      type: Invalid
+    - status: "False"
+      type: Synced
diff --git a/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health.lua b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health.lua
new file mode 100644
index 0000000000000..4d71146d15fb6
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health.lua
@@ -0,0 +1,23 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.type == "Ready" and condition.status == "True" then
+      hs.status = "Healthy"
+      hs.message = "3scale CustomPolicyDefinition is ready"
+      return hs
+    elseif condition.type == "Invalid" and condition.status == "True" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale CustomPolicyDefinition configuration is invalid"
+      return hs
+    elseif condition.type == "Failed" and condition.status == "True" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale CustomPolicyDefinition synchronization failed"
+      return hs
+    end
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale CustomPolicyDefinition status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health_test.yaml b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health_test.yaml
new file mode 100644
index 0000000000000..6aeff623ee343
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/health_test.yaml
@@ -0,0 +1,13 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale CustomPolicyDefinition is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Policy schema is invalid"
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale CustomPolicyDefinition status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/degraded.yaml b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/degraded.yaml
new file mode 100644
index 0000000000000..802d4d0281426
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/degraded.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: CustomPolicyDefinition
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Policy schema is invalid
diff --git a/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/healthy.yaml
new file mode 100644
index 0000000000000..3bdc1b203ef74
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/healthy.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: CustomPolicyDefinition
+status:
+  policyID: 123456
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/progressing.yaml
new file mode 100644
index 0000000000000..69d6930404a44
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/CustomPolicyDefinition/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: CustomPolicyDefinition
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/health.lua b/resource_customizations/capabilities.3scale.net/DeveloperAccount/health.lua
new file mode 100644
index 0000000000000..5e0a63a3247f3
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/health.lua
@@ -0,0 +1,31 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.status ~= "True" then goto continue end
+
+    if condition.type == "Ready" then
+      hs.status = "Healthy"
+      hs.message = "3scale DeveloperAccount is ready"
+      return hs
+    elseif condition.type == "Invalid" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale DeveloperAccount configuration is invalid"
+      return hs
+    elseif condition.type == "Failed" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale DeveloperAccount synchronization failed"
+      return hs
+    elseif condition.type == "Waiting" then
+      hs.status = "Suspended"
+      hs.message = condition.message or "3scale DeveloperAccount is waiting for approval"
+      return hs
+    end
+
+    ::continue::
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale DeveloperAccount status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/health_test.yaml b/resource_customizations/capabilities.3scale.net/DeveloperAccount/health_test.yaml
new file mode 100644
index 0000000000000..dafe691a906c9
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/health_test.yaml
@@ -0,0 +1,21 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale DeveloperAccount is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Suspended
+      message: "Developer account is waiting for admin approval"
+    inputPath: testdata/waiting.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failure message"
+    inputPath: testdata/degraded-failed.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Validation failure"
+    inputPath: testdata/degraded-invalid.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale DeveloperAccount status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-failed.yaml b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-failed.yaml
new file mode 100644
index 0000000000000..dd2f3fb1c327b
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-failed.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperAccount
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failure message
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-invalid.yaml b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-invalid.yaml
new file mode 100644
index 0000000000000..10057300af1a0
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/degraded-invalid.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperAccount
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Validation failure
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/healthy.yaml
new file mode 100644
index 0000000000000..4c8c455159691
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/healthy.yaml
@@ -0,0 +1,6 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperAccount
+status:
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/progressing.yaml
new file mode 100644
index 0000000000000..f0a06a11c8c3c
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperAccount
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/waiting.yaml b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/waiting.yaml
new file mode 100644
index 0000000000000..e0aa0641fadf5
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperAccount/testdata/waiting.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperAccount
+status:
+  conditions:
+    - type: Waiting
+      status: "True"
+      message: Developer account is waiting for admin approval
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/health.lua b/resource_customizations/capabilities.3scale.net/DeveloperUser/health.lua
new file mode 100644
index 0000000000000..b2cba07ad9b0f
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/health.lua
@@ -0,0 +1,39 @@
+local hs = {}
+
+if obj.status ~= nil then
+  if obj.status.developerUserState ~= nil and obj.status.developerUserState == "suspended" then
+    hs.status = "Suspended"
+    hs.message = "3scale Developer user is waiting for admin approval"
+    return hs
+  end
+
+  if obj.status.conditions ~= nil then
+    for _, condition in ipairs(obj.status.conditions) do
+      if condition.status ~= "True" then goto continue end
+
+      if condition.type == "Ready" then
+        hs.status = "Healthy"
+        hs.message = "3scale DeveloperUser is ready"
+        return hs
+      elseif condition.type == "Invalid" then
+        hs.status = "Degraded"
+        hs.message = condition.message or "3scale DeveloperUser configuration is invalid"
+        return hs
+      elseif condition.type == "Orphan" then
+        hs.status = "Degraded"
+        hs.message = condition.message or "3scale DeveloperUser references non-existing resources"
+        return hs
+      elseif condition.type == "Failed" then
+        hs.status = "Degraded"
+        hs.message = condition.message or "3scale DeveloperUser synchronization failed"
+        return hs
+      end
+
+      ::continue::
+    end
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale DeveloperUser status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/health_test.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/health_test.yaml
new file mode 100644
index 0000000000000..0f8f0e9536b9d
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/health_test.yaml
@@ -0,0 +1,25 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale DeveloperUser is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Suspended
+      message: "3scale Developer user is waiting for admin approval"
+    inputPath: testdata/suspended.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failure message"
+    inputPath: testdata/degraded-failed.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Validation failure"
+    inputPath: testdata/degraded-invalid.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Referenced developer account does not exist"
+    inputPath: testdata/degraded-orphan.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale DeveloperUser status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-failed.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-failed.yaml
new file mode 100644
index 0000000000000..fd982700759b9
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-failed.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failure message
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-invalid.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-invalid.yaml
new file mode 100644
index 0000000000000..81e5ecd6616f2
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-invalid.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ActiveDoc
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Validation failure
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-orphan.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-orphan.yaml
new file mode 100644
index 0000000000000..76ea0face3828
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/degraded-orphan.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperUser
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Referenced developer account does not exist
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/healthy.yaml
new file mode 100644
index 0000000000000..ca1f08b06f9d5
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/healthy.yaml
@@ -0,0 +1,6 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperUser
+status:
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/progressing.yaml
new file mode 100644
index 0000000000000..236313c986b9e
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperUser
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/suspended.yaml b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/suspended.yaml
new file mode 100644
index 0000000000000..14f68bfd52551
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/DeveloperUser/testdata/suspended.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: DeveloperUser
+status:
+  developerUserState: suspended
diff --git a/resource_customizations/capabilities.3scale.net/OpenAPI/health.lua b/resource_customizations/capabilities.3scale.net/OpenAPI/health.lua
new file mode 100644
index 0000000000000..11ab9b2b350e9
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/OpenAPI/health.lua
@@ -0,0 +1,27 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.status ~= "True" then goto continue end
+
+    if condition.type == "Ready" then
+      hs.status = "Healthy"
+      hs.message = "3scale OpenAPI is ready"
+      return hs
+    elseif condition.type == "Invalid" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale OpenAPI configuration is invalid"
+      return hs
+    elseif condition.type == "Failed" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale OpenAPI reconciliation failed"
+      return hs
+    end
+
+    ::continue::
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale OpenAPI status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/OpenAPI/health_test.yaml b/resource_customizations/capabilities.3scale.net/OpenAPI/health_test.yaml
new file mode 100644
index 0000000000000..67212e733dbd8
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/OpenAPI/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale OpenAPI is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failure message"
+    inputPath: testdata/degraded-failed.yaml
+  - healthStatus:
+      status: Degraded
+      message: "OpenAPI specification is invalid or malformed"
+    inputPath: testdata/degraded-invalid.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale OpenAPI status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-failed.yaml b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-failed.yaml
new file mode 100644
index 0000000000000..72700724423ce
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-failed.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: OpenAPI
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failure message
diff --git a/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-invalid.yaml b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-invalid.yaml
new file mode 100644
index 0000000000000..8a6690e9c7b55
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/degraded-invalid.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: OpenAPI
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: OpenAPI specification is invalid or malformed
diff --git a/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/healthy.yaml
new file mode 100644
index 0000000000000..ca2ce167292db
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/healthy.yaml
@@ -0,0 +1,6 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: OpenAPI
+status:
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/progressing.yaml
new file mode 100644
index 0000000000000..a7cdf0e3826bd
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/OpenAPI/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: OpenAPI
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/Product/health.lua b/resource_customizations/capabilities.3scale.net/Product/health.lua
new file mode 100644
index 0000000000000..d23f53e72322e
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/health.lua
@@ -0,0 +1,31 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.status ~= "True" then goto continue end
+
+    if condition.type == "Synced" then
+      hs.status = "Healthy"
+      hs.message = "3scale Product is synced"
+      return hs
+    elseif condition.type == "Invalid" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale Product configuration is invalid"
+      return hs
+    elseif condition.type == "Orphan" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale Product references non-existing resources"
+      return hs
+    elseif condition.type == "Failed" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3scale Product synchronization failed"
+      return hs
+    end
+
+    ::continue::
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale Product status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/Product/health_test.yaml b/resource_customizations/capabilities.3scale.net/Product/health_test.yaml
new file mode 100644
index 0000000000000..a829cafb16cb5
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/health_test.yaml
@@ -0,0 +1,21 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale Product is synced"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failure message"
+    inputPath: testdata/degraded-failed.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Product configuration is invalid - missing required hits metric"
+    inputPath: testdata/degraded-invalid.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Product spec contains reference(s) to non existing resources"
+    inputPath: testdata/degraded-orphan.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale Product status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-failed.yaml b/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-failed.yaml
new file mode 100644
index 0000000000000..c5bd775203846
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-failed.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Product
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failure message
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-invalid.yaml b/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-invalid.yaml
new file mode 100644
index 0000000000000..55be177c4922b
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-invalid.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Product
+status:
+  conditions:
+    - type: Invalid
+      status: "True"
+      message: Product configuration is invalid - missing required hits metric
diff --git a/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-orphan.yaml b/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-orphan.yaml
new file mode 100644
index 0000000000000..c6a6af3ca2643
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/testdata/degraded-orphan.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Product
+status:
+  conditions:
+    - type: Orphan
+      status: "True"
+      message: Product spec contains reference(s) to non existing resources
diff --git a/resource_customizations/capabilities.3scale.net/Product/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/Product/testdata/healthy.yaml
new file mode 100644
index 0000000000000..60bc49363d100
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/testdata/healthy.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Product
+status:
+  productId: 123456
+  conditions:
+    - type: Synced
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/Product/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/Product/testdata/progressing.yaml
new file mode 100644
index 0000000000000..bf29ce2a1c4d3
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Product/testdata/progressing.yaml
@@ -0,0 +1,20 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: Product
+metadata:
+  name: progressing-product
+  namespace: example-ns
+spec:
+  name: Progressing Product
+  systemName: progressing_product
+  description: Progressing product for testing
+  metrics:
+    hits:
+      friendlyName: Hits
+      unit: hit
+      description: Number of API hits
+status:
+  productId: null
+  state: null
+  providerAccountHost: example.3scale.net
+  observedGeneration: 1
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health.lua b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health.lua
new file mode 100644
index 0000000000000..4d81985b5ac27
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health.lua
@@ -0,0 +1,27 @@
+local hs = {}
+
+if obj.status ~= nil and obj.status.conditions ~= nil then
+  for _, condition in ipairs(obj.status.conditions) do
+    if condition.status ~= "True" then goto continue end
+
+    if condition.type == "Ready" then
+      hs.status = "Healthy"
+      hs.message = "3scale ProxyConfigPromote is ready"
+      return hs
+    elseif condition.type == "In-progress" then
+      hs.status = "Progressing"
+      hs.message = condition.message or "3scale ProxyConfigPromote is in progress"
+      return hs
+    elseif condition.type == "Failed" then
+      hs.status = "Degraded"
+      hs.message = condition.message or "3cale ProxyConfigPromote failed"
+      return hs
+    end
+
+    ::continue::
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale ProxyConfigPromote status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health_test.yaml b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health_test.yaml
new file mode 100644
index 0000000000000..c81eb41222572
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/health_test.yaml
@@ -0,0 +1,17 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale ProxyConfigPromote is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failed to promote proxy configuration - product not found"
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Proxy configuration promotion is in progress"
+    inputPath: testdata/in-progress.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale ProxyConfigPromote status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/degraded.yaml b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/degraded.yaml
new file mode 100644
index 0000000000000..0cc65b2a20e9f
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/degraded.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ProxyConfigPromote
+status:
+  conditions:
+    - type: Failed
+      status: "True"
+      message: Failed to promote proxy configuration - product not found
diff --git a/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/healthy.yaml
new file mode 100644
index 0000000000000..3b33726dda809
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/healthy.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ProxyConfigPromote
+status:
+  productId: "123456"
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/in-progress.yaml b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/in-progress.yaml
new file mode 100644
index 0000000000000..b61efb2324961
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/in-progress.yaml
@@ -0,0 +1,7 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ProxyConfigPromote
+status:
+  conditions:
+    - type: In-progress
+      status: "True"
+      message: Proxy configuration promotion is in progress
diff --git a/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/progressing.yaml
new file mode 100644
index 0000000000000..709776963e807
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/ProxyConfigPromote/testdata/progressing.yaml
@@ -0,0 +1,4 @@
+apiVersion: capabilities.3scale.net/v1beta1
+kind: ProxyConfigPromote
+status:
+  conditions: [ ]
\ No newline at end of file
diff --git a/resource_customizations/capabilities.3scale.net/Tenant/health.lua b/resource_customizations/capabilities.3scale.net/Tenant/health.lua
new file mode 100644
index 0000000000000..07f560a3002b7
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Tenant/health.lua
@@ -0,0 +1,38 @@
+local hs = {}
+
+if obj ~= nil and obj.status ~= nil then
+  local tenant_id = obj.status.tenantId
+  local admin_id = obj.status.adminId
+  local has_tenant_id = (tenant_id ~= nil and type(tenant_id) == "number" and tenant_id > 0)
+  local has_admin_id = (admin_id ~= nil and type(admin_id) == "number" and admin_id > 0)
+
+  local is_ready = false
+  if obj.status.conditions ~= nil then
+    for _, condition in ipairs(obj.status.conditions) do
+      if condition.type == "Ready" and condition.status == "True" then
+        is_ready = true
+        break
+      end
+    end
+  end
+
+  if is_ready and has_tenant_id and has_admin_id then
+    hs.status = "Healthy"
+    hs.message = "3scale Tenant is ready"
+    return hs
+  end
+
+  if obj.status.conditions ~= nil then
+    for _, condition in ipairs(obj.status.conditions) do
+      if condition.type == "Ready" and condition.status ~= "True" then
+        hs.status = "Degraded"
+        hs.message = condition.message or "3scale Tenant is degraded"
+        return hs
+      end
+    end
+  end
+end
+
+hs.status = "Progressing"
+hs.message = "Waiting for 3scale Tenant status..."
+return hs
diff --git a/resource_customizations/capabilities.3scale.net/Tenant/health_test.yaml b/resource_customizations/capabilities.3scale.net/Tenant/health_test.yaml
new file mode 100644
index 0000000000000..35e15162539fb
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Tenant/health_test.yaml
@@ -0,0 +1,13 @@
+tests:
+  - healthStatus:
+      status: Healthy
+      message: "3scale Tenant is ready"
+    inputPath: testdata/healthy.yaml
+  - healthStatus:
+      status: Degraded
+      message: "Failed to create tenant - invalid credentials"
+    inputPath: testdata/degraded.yaml
+  - healthStatus:
+      status: Progressing
+      message: "Waiting for 3scale Tenant status..."
+    inputPath: testdata/progressing.yaml
diff --git a/resource_customizations/capabilities.3scale.net/Tenant/testdata/degraded.yaml b/resource_customizations/capabilities.3scale.net/Tenant/testdata/degraded.yaml
new file mode 100644
index 0000000000000..7ae051f024c7c
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Tenant/testdata/degraded.yaml
@@ -0,0 +1,9 @@
+apiVersion: capabilities.3scale.net/v1alpha1
+kind: Tenant
+status:
+  tenantId: 0
+  adminId: 0
+  conditions:
+    - type: Ready
+      status: "False"
+      message: Failed to create tenant - invalid credentials
diff --git a/resource_customizations/capabilities.3scale.net/Tenant/testdata/healthy.yaml b/resource_customizations/capabilities.3scale.net/Tenant/testdata/healthy.yaml
new file mode 100644
index 0000000000000..e2f430665304a
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Tenant/testdata/healthy.yaml
@@ -0,0 +1,11 @@
+apiVersion: capabilities.3scale.net/v1alpha1
+kind: Tenant
+metadata:
+  name: example-tenant
+  namespace: example-ns
+status:
+  tenantId: 123456
+  adminId: 789
+  conditions:
+    - type: Ready
+      status: "True"
diff --git a/resource_customizations/capabilities.3scale.net/Tenant/testdata/progressing.yaml b/resource_customizations/capabilities.3scale.net/Tenant/testdata/progressing.yaml
new file mode 100644
index 0000000000000..3afc479f3a8fa
--- /dev/null
+++ b/resource_customizations/capabilities.3scale.net/Tenant/testdata/progressing.yaml
@@ -0,0 +1,9 @@
+apiVersion: capabilities.3scale.net/v1alpha1
+kind: Tenant
+metadata:
+  name: progressing-tenant
+  namespace: example-ns
+status:
+  tenantId: 0
+  adminId: 0
+  conditions: [ ]
\ No newline at end of file

From f0cf67c42b1fbe79466686738bdbac92413fe03f Mon Sep 17 00:00:00 2001
From: sqs <105286805+qisongshi@users.noreply.github.com>
Date: Sun, 7 Sep 2025 02:35:27 +0800
Subject: [PATCH 356/383] feat(health-check): Add resource_customizations for
 game.kruise.io (new) (#23558)

Signed-off-by: shiqisong <1355703321@qq.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .../game.kruise.io/GameServer/health.lua      | 32 ++++++++++++++++
 .../GameServer/health_test.yaml               | 20 ++++++++++
 .../GameServer/testdata/degraded.yaml         | 13 +++++++
 .../GameServer/testdata/healthy.yaml          | 12 ++++++
 .../GameServer/testdata/progressing.yaml      |  7 ++++
 .../GameServer/testdata/unknown.yaml          |  5 +++
 .../game.kruise.io/GameServerSet/health.lua   | 38 +++++++++++++++++++
 .../GameServerSet/health_test.yaml            | 25 ++++++++++++
 .../GameServerSet/testdata/healthy.yaml       | 11 ++++++
 .../testdata/progressing-init.yaml            |  9 +++++
 .../GameServerSet/testdata/progressing.yaml   | 11 ++++++
 .../testdata/suspended-partition.yaml         | 13 +++++++
 .../testdata/suspended-paused.yaml            | 12 ++++++
 13 files changed, 208 insertions(+)
 create mode 100644 resource_customizations/game.kruise.io/GameServer/health.lua
 create mode 100644 resource_customizations/game.kruise.io/GameServer/health_test.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServer/testdata/degraded.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServer/testdata/healthy.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServer/testdata/progressing.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServer/testdata/unknown.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/health.lua
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/health_test.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/testdata/healthy.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/testdata/progressing-init.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/testdata/progressing.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-partition.yaml
 create mode 100644 resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-paused.yaml

diff --git a/resource_customizations/game.kruise.io/GameServer/health.lua b/resource_customizations/game.kruise.io/GameServer/health.lua
new file mode 100644
index 0000000000000..2323394231a98
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServer/health.lua
@@ -0,0 +1,32 @@
+hs = {status="Unknown", message="Waiting for GameServer to be ready"}
+
+if obj.status then
+    local cur  = obj.status.currentState
+    local dest = obj.status.desiredState
+
+    -- 1) Check cur and dest status: Progressing
+    if cur ~= dest then
+    hs.status = "Progressing"
+    hs.message = "State change: " .. (cur or "Unknown") .. " → " .. (dest or "Unknown")
+    return hs
+    end
+
+    -- 2) Check pod: KruisePodReady
+    local podCond = obj.status.podStatus or {}
+    for _, c in ipairs(podCond.conditions or {}) do
+        if c.type == "KruisePodReady" and c.status ~= "True" then
+            hs.status = "Degraded"
+            hs.message = "Pod is not ready: " .. c.type
+            return hs
+        end
+    end
+
+    -- 3) Both ready: Healthy
+    if cur == "Ready" and dest == "Ready" then
+    hs.status = "Healthy"
+    hs.message = "GameServer is Ready"
+    return hs
+    end
+end
+
+return hs
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServer/health_test.yaml b/resource_customizations/game.kruise.io/GameServer/health_test.yaml
new file mode 100644
index 0000000000000..16dc7073d09ae
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServer/health_test.yaml
@@ -0,0 +1,20 @@
+tests:
+- healthStatus:
+    status: Healthy
+    message: GameServer is Ready
+  inputPath: testdata/healthy.yaml
+
+- healthStatus:
+    status: Progressing
+    message: 'State change: Creating → Ready'
+  inputPath: testdata/progressing.yaml
+
+- healthStatus:
+    status: Degraded
+    message: 'Pod is not ready: KruisePodReady'
+  inputPath: testdata/degraded.yaml
+
+- healthStatus:
+    status: Unknown
+    message: Waiting for GameServer to be ready
+  inputPath: testdata/unknown.yaml
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServer/testdata/degraded.yaml b/resource_customizations/game.kruise.io/GameServer/testdata/degraded.yaml
new file mode 100644
index 0000000000000..6472e2b9d5385
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServer/testdata/degraded.yaml
@@ -0,0 +1,13 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServer
+metadata:
+  name: gs-degraded
+status:
+  currentState: "Ready"
+  desiredState: "Ready"
+  podStatus:
+    conditions:
+    - type: "Ready"
+      status: "True"
+    - type: "KruisePodReady"
+      status: "False"
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServer/testdata/healthy.yaml b/resource_customizations/game.kruise.io/GameServer/testdata/healthy.yaml
new file mode 100644
index 0000000000000..facc0d78a0309
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServer/testdata/healthy.yaml
@@ -0,0 +1,12 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServer
+metadata:
+  name: gs-healthy
+status:
+  currentState: Ready
+  desiredState: Ready
+  conditions:
+  - type: PodNormal
+    status: "True"
+  - type: NodeNormal
+    status: "True"
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServer/testdata/progressing.yaml b/resource_customizations/game.kruise.io/GameServer/testdata/progressing.yaml
new file mode 100644
index 0000000000000..a25e1f42737ac
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServer/testdata/progressing.yaml
@@ -0,0 +1,7 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServer
+metadata:
+  name: gs-progressing
+status:
+  currentState: "Creating"
+  desiredState: "Ready"
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServer/testdata/unknown.yaml b/resource_customizations/game.kruise.io/GameServer/testdata/unknown.yaml
new file mode 100644
index 0000000000000..a14f1ff427d4e
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServer/testdata/unknown.yaml
@@ -0,0 +1,5 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServer
+metadata:
+  name: gs-unknown
+spec: {}
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/health.lua b/resource_customizations/game.kruise.io/GameServerSet/health.lua
new file mode 100644
index 0000000000000..19f26f4ef74f8
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/health.lua
@@ -0,0 +1,38 @@
+hs = {status="Progressing", message="Waiting for GameServerSet initialization"}
+
+if obj.status and obj.metadata.generation == obj.status.observedGeneration then
+  local ru = obj.spec.updateStrategy and obj.spec.updateStrategy.rollingUpdate or {}
+
+  -- 1) Pause
+  if ru.paused == true then
+    hs.status  = "Suspended"
+    hs.message = "GameServerSet is paused"
+    return hs
+  end
+
+  -- 2) Partition
+  local partition = ru.partition or 0
+  if partition ~= 0 and (obj.status.updatedReplicas or 0) >= (obj.status.replicas or 0) - partition then
+    hs.status  = "Suspended"
+    hs.message = "Partition=" .. partition .. ", waiting for manual intervention"
+    return hs
+  end
+
+  -- 3) All updated and ready
+  if (obj.status.updatedReadyReplicas or 0) == (obj.status.replicas or 0) then
+    hs.status  = "Healthy"
+    hs.message = "All GameServerSet replicas are updated and ready"
+    return hs
+  end
+
+  -- 4) ReadyRelicas not enough
+  if (obj.status.readyReplicas or 0) < (obj.status.replicas or 0) then
+    hs.status  = "Progressing"
+    hs.message = "ReadyReplicas " ..
+                 (obj.status.readyReplicas or 0) .. "/" ..
+                 (obj.status.replicas or 0) .. ", still progressing"
+    return hs
+  end
+end
+
+return hs
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/health_test.yaml b/resource_customizations/game.kruise.io/GameServerSet/health_test.yaml
new file mode 100644
index 0000000000000..b1a551fb46dac
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/health_test.yaml
@@ -0,0 +1,25 @@
+tests:
+- healthStatus:
+    status: Healthy
+    message: All GameServerSet replicas are updated and ready
+  inputPath: testdata/healthy.yaml
+
+- healthStatus:
+    status: Suspended
+    message: GameServerSet is paused
+  inputPath: testdata/suspended-paused.yaml
+
+- healthStatus:
+    status: Suspended
+    message: Partition=2, waiting for manual intervention
+  inputPath: testdata/suspended-partition.yaml
+
+- healthStatus:
+    status: Progressing
+    message: 'ReadyReplicas 2/3, still progressing'
+  inputPath: testdata/progressing.yaml
+
+- healthStatus:
+    status: Progressing
+    message: Waiting for GameServerSet initialization
+  inputPath: testdata/progressing-init.yaml
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/testdata/healthy.yaml b/resource_customizations/game.kruise.io/GameServerSet/testdata/healthy.yaml
new file mode 100644
index 0000000000000..7c8d054c86c04
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/testdata/healthy.yaml
@@ -0,0 +1,11 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServerSet
+metadata:
+  generation: 1
+spec:
+  replicas: 3
+status:
+  observedGeneration: 1
+  replicas: 3
+  readyReplicas: 3
+  updatedReadyReplicas: 3
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/testdata/progressing-init.yaml b/resource_customizations/game.kruise.io/GameServerSet/testdata/progressing-init.yaml
new file mode 100644
index 0000000000000..591e8b16540f6
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/testdata/progressing-init.yaml
@@ -0,0 +1,9 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServerSet
+metadata:
+  generation: 2
+spec:
+  replicas: 3
+status:
+  observedGeneration: 1
+  replicas: 3
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/testdata/progressing.yaml b/resource_customizations/game.kruise.io/GameServerSet/testdata/progressing.yaml
new file mode 100644
index 0000000000000..98095025fb7b1
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/testdata/progressing.yaml
@@ -0,0 +1,11 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServerSet
+metadata:
+  generation: 1
+spec:
+  replicas: 3
+status:
+  observedGeneration: 1
+  replicas: 3
+  readyReplicas: 2
+  updatedReadyReplicas: 2
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-partition.yaml b/resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-partition.yaml
new file mode 100644
index 0000000000000..4761212b47fcf
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-partition.yaml
@@ -0,0 +1,13 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServerSet
+metadata:
+  generation: 1
+spec:
+  replicas: 5
+  updateStrategy:
+    rollingUpdate:
+      partition: 2
+status:
+  observedGeneration: 1
+  replicas: 5
+  updatedReplicas: 3
\ No newline at end of file
diff --git a/resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-paused.yaml b/resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-paused.yaml
new file mode 100644
index 0000000000000..b04affc4c1c7d
--- /dev/null
+++ b/resource_customizations/game.kruise.io/GameServerSet/testdata/suspended-paused.yaml
@@ -0,0 +1,12 @@
+apiVersion: game.kruise.io/v1alpha1
+kind: GameServerSet
+metadata:
+  generation: 1
+spec:
+  replicas: 3
+  updateStrategy:
+    rollingUpdate:
+      paused: true
+status:
+  observedGeneration: 1
+  replicas: 3
\ No newline at end of file

From 83e3390df3a5d0ff36b304244a4ed9c5c1e2a977 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 6 Sep 2025 15:03:21 -0400
Subject: [PATCH 357/383] chore(deps): bump github.com/spf13/pflag from 1.0.7
 to 1.0.10 (#24377)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index d677c1e85552b..c93bb831789f9 100644
--- a/go.mod
+++ b/go.mod
@@ -82,7 +82,7 @@ require (
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/soheilhy/cmux v0.1.5
 	github.com/spf13/cobra v1.10.1
-	github.com/spf13/pflag v1.0.9
+	github.com/spf13/pflag v1.0.10
 	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
diff --git a/go.sum b/go.sum
index e92cfca22092a..fb6574471abdb 100644
--- a/go.sum
+++ b/go.sum
@@ -848,8 +848,9 @@ github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
 github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.9 h1:9exaQaMOCwffKiiiYk6/BndUBv+iRViNW+4lEMi0PvY=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

From 1c8893f270ea999513470e2966c2d1e322f790f3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 6 Sep 2025 15:03:36 -0400
Subject: [PATCH 358/383] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.142.4 to 0.142.6 (#24373)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c93bb831789f9..72bd92f65ce96 100644
--- a/go.mod
+++ b/go.mod
@@ -86,7 +86,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/valyala/fasttemplate v1.2.2
 	github.com/yuin/gopher-lua v1.1.1
-	gitlab.com/gitlab-org/api/client-go v0.142.5
+	gitlab.com/gitlab-org/api/client-go v0.142.6
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0
 	go.opentelemetry.io/otel v1.38.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
diff --git a/go.sum b/go.sum
index fb6574471abdb..78db61850a560 100644
--- a/go.sum
+++ b/go.sum
@@ -898,8 +898,8 @@ github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
-gitlab.com/gitlab-org/api/client-go v0.142.5 h1:zvengEU958Fjwasi1V+9QNRw0viqNKkqUwvFD15XDZI=
-gitlab.com/gitlab-org/api/client-go v0.142.5/go.mod h1:Ru5IRauphXt9qwmTzJD7ou1dH7Gc6pnsdFWEiMMpmB0=
+gitlab.com/gitlab-org/api/client-go v0.142.6 h1:RjqPb7XxJypn9DzkSTuQUOJN7wpRGXZFH8rJCLj4Bg8=
+gitlab.com/gitlab-org/api/client-go v0.142.6/go.mod h1:t02B5oJWYEzalBlYIh+PmEJm2H4LPC/VFM1xks5qtG8=
 go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
 go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

From 19c1a0c4849f2352bdda4cb80b35ecf4415f1ebd Mon Sep 17 00:00:00 2001
From: Dan Garfield <dan@codefresh.io>
Date: Sat, 6 Sep 2025 13:04:08 -0600
Subject: [PATCH 359/383] chore: Add make test-local to tiltfile (#24325)

Signed-off-by: Dan Garfield <dan.garfield@octopus.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 Tiltfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Tiltfile b/Tiltfile
index b3413262c5218..dcc784e84f1d5 100644
--- a/Tiltfile
+++ b/Tiltfile
@@ -10,6 +10,14 @@ cmd_button(
     text='make codegen-local',
 )
 
+cmd_button(
+    'make test-local',
+    argv=['sh', '-c', 'make test-local'],
+    location=location.NAV,
+    icon_name='science',
+    text='make test-local',
+)
+
 # add ui button in web ui to run make codegen-local (top nav)
 cmd_button(
     'make cli-local',

From 2f4d2762c7918f5c0f2a211630877ca4aad669da Mon Sep 17 00:00:00 2001
From: Kevin Park <krapi0314@gmail.com>
Date: Sun, 7 Sep 2025 04:04:58 +0900
Subject: [PATCH 360/383] feat: Add gRPC health check in argocd-server (#24276)

Signed-off-by: Kevin Park <krapi0314@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/ingress.md | 5 +++++
 server/server.go                | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md
index 5037d77203695..4b09221ddb1fe 100644
--- a/docs/operator-manual/ingress.md
+++ b/docs/operator-manual/ingress.md
@@ -434,6 +434,8 @@ spec:
 
 Once we create this service, we can configure the Ingress to conditionally route all `application/grpc` traffic to the new HTTP2 backend, using the `alb.ingress.kubernetes.io/conditions` annotation, as seen below. Note: The value after the . in the condition annotation _must_ be the same name as the service that you want traffic to route to - and will be applied on any path with a matching serviceName.
 
+Also note that we can configure the health check to return the gRPC health status code `OK - 0` from the argocd-server by setting the health check path to `/grpc.health.v1.Health/Check`. By default, the ALB health check for gRPC returns the status code `UNIMPLEMENTED - 12` on health check path `/AWS.ALB/healthcheck`.
+
 ```yaml
   apiVersion: networking.k8s.io/v1
   kind: Ingress
@@ -444,6 +446,9 @@ Once we create this service, we can configure the Ingress to conditionally route
       alb.ingress.kubernetes.io/conditions.argogrpc: |
         [{"field":"http-header","httpHeaderConfig":{"httpHeaderName": "Content-Type", "values":["application/grpc"]}}]
       alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
+      # Use this annotation to receive OK - 0 instead of UNIMPLEMENTED - 12 for gRPC health check.
+      alb.ingress.kubernetes.io/healthcheck-path: /grpc.health.v1.Health/Check
+      alb.ingress.kubernetes.io/success-codes: '0'
     name: argocd
     namespace: argocd
   spec:
diff --git a/server/server.go b/server/server.go
index 6ca36e453ec77..30ed2b7f05a1f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -48,6 +48,8 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/health"
+	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/keepalive"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/reflection"
@@ -971,6 +973,9 @@ func (server *ArgoCDServer) newGRPCServer(prometheusRegistry *prometheus.Registr
 	sOpts = append(sOpts, grpc.StatsHandler(otelgrpc.NewServerHandler()))
 	grpcS := grpc.NewServer(sOpts...)
 
+	healthService := health.NewServer()
+	grpc_health_v1.RegisterHealthServer(grpcS, healthService)
+
 	versionpkg.RegisterVersionServiceServer(grpcS, server.serviceSet.VersionService)
 	clusterpkg.RegisterClusterServiceServer(grpcS, server.serviceSet.ClusterService)
 	applicationpkg.RegisterApplicationServiceServer(grpcS, server.serviceSet.ApplicationService)

From 81fc44f165771f9b4d5f2375ed344947ee58e52f Mon Sep 17 00:00:00 2001
From: Jean-Pierre Bergamin <james.bergamin@comparis.ch>
Date: Sat, 6 Sep 2025 21:05:22 +0200
Subject: [PATCH 361/383] docs: enhance orphaned resources documentation
 (#24243)

Signed-off-by: Jean-Pierre Bergamin <james.bergamin@comparis.ch>
Co-authored-by: Nitish Kumar <justnitish06@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/user-guide/orphaned-resources.md | 40 +++++++++++++++++----------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/docs/user-guide/orphaned-resources.md b/docs/user-guide/orphaned-resources.md
index e944aba37c5c9..eeb97470a8e20 100644
--- a/docs/user-guide/orphaned-resources.md
+++ b/docs/user-guide/orphaned-resources.md
@@ -1,10 +1,10 @@
 # Orphaned Resources Monitoring
 
-Orphaned Kubernetes resource is a top-level namespaced resource which does not belong to any Argo CD Application. The Orphaned Resources Monitoring feature allows detecting
-orphaned resources, inspect/remove resources using Argo CD UI and generate a warning.
+An [orphaned Kubernetes resource](https://kubernetes.io/docs/concepts/architecture/garbage-collection/#orphaned-dependents) is a top-level namespaced resource that does not belong to any Argo CD Application. The Orphaned Resources Monitoring feature allows detecting
+orphaned resources, inspecting/removing resources using the Argo CD UI, and generating a warning.
 
-The Orphaned Resources monitoring is enabled in [Project](projects.md) settings, 
-and the below is an example of enabling the feature using the AppProject custom resource.
+The Orphaned Resources monitoring is enabled in the [Project](projects.md) settings.
+Below is an example of enabling the feature using the AppProject custom resource.
 
 ```yaml
 kind: AppProject
@@ -17,12 +17,12 @@ spec:
 ...
 ```
 
-Once the feature is enabled, each project application which has any orphaned resources in its target namespace
-will get a warning. The orphaned resources can be located using the application details page:
+Once the feature is enabled, each project application that has any orphaned resources in its target namespace
+will get a warning. The orphaned resources can be located using the application details page by enabling the "Show Orphaned" filter:
 
 ![orphaned resources](../assets/orphaned-resources.png)
 
-When enabling the feature, you might want to consider disabling warning at first.
+When enabling the feature, you might want to consider disabling warnings at first.
 
 ```yaml
 spec:
@@ -30,18 +30,20 @@ spec:
     warn: false # Disable warning
 ```
 
-While warning disabled, application users can still view orphaned resources in the UI.
+When warnings are disabled, application users can still view orphaned resources in the UI.
 
 ## Exceptions
 
-Not every resource in the Kubernetes cluster is controlled by the end user. Following resources are never considered as orphaned:
+Not every resource in the Kubernetes cluster is controlled by the end user and managed by Argo CD. Other operators in the cluster can automatically create resources (e.g., the cert-manager creating secrets), which are then considered orphaned.
 
-* Namespaced resources denied in the project. Usually, such resources are managed by cluster administrators and not supposed to be modified by namespace user.
-* `ServiceAccount` with name `default` ( and corresponding auto-generated `ServiceAccountToken` ).
-* `Service` with name `kubernetes` in the `default` namespace.
-* `ConfigMap` with name `kube-root-ca.crt` in all namespaces.
+The following resources are never considered orphaned:
 
-Also, you can configure to ignore resources by providing a list of resource Group, Kind and Name.
+* Namespaced resources denied in the project. Usually, such resources are managed by cluster administrators and are not supposed to be modified by a namespace user.
+* `ServiceAccount` with the name `default` (and the corresponding auto-generated `ServiceAccountToken`).
+* `Service` with the name `kubernetes` in the `default` namespace.
+* `ConfigMap` with the name `kube-root-ca.crt` in all namespaces.
+
+You can prevent resources from being declared orphaned by providing a list of ignore rules, each defining a Group, Kind, and Name.
 
 ```yaml
 spec:
@@ -50,3 +52,13 @@ spec:
     - kind: ConfigMap
       name: orphaned-but-ignored-configmap
 ```
+
+The `name` can be a [glob pattern](https://github.com/gobwas/glob), e.g.:
+
+```yaml
+spec:
+  orphanedResources:
+    ignore:
+    - kind: Secret
+      name: *.example.com
+```

From 7edb5f4d87c895933d32af84cec31e1f11208ed3 Mon Sep 17 00:00:00 2001
From: OpenGuidou <73480729+OpenGuidou@users.noreply.github.com>
Date: Sat, 6 Sep 2025 21:09:04 +0200
Subject: [PATCH 362/383] fix(project): Do not block project update when a
 cluster referenced in an App doesn't exist (#23659)

Signed-off-by: OpenGuidou <guillaume.doussin@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 server/project/project.go      |  3 ++-
 server/project/project_test.go | 29 +++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/server/project/project.go b/server/project/project.go
index e72b9ad457dfe..3b6cc418497ea 100644
--- a/server/project/project.go
+++ b/server/project/project.go
@@ -420,7 +420,8 @@ func (s *Server) Update(ctx context.Context, q *project.ProjectUpdateRequest) (*
 		destCluster, err := argo.GetDestinationCluster(ctx, a.Spec.Destination, s.db)
 		if err != nil {
 			if err.Error() != argo.ErrDestinationMissing {
-				return nil, err
+				// If cluster is not found, we should discard this app, as it's most likely already in error
+				continue
 			}
 			invalidDstCount++
 		}
diff --git a/server/project/project_test.go b/server/project/project_test.go
index d7b641d4aae06..13d872deba685 100644
--- a/server/project/project_test.go
+++ b/server/project/project_test.go
@@ -743,6 +743,35 @@ p, role:admin, projects, update, *, allow`)
 		_, err := projectServer.GetSyncWindowsState(ctx, &project.SyncWindowsQuery{Name: projectWithSyncWindows.Name})
 		assert.EqualError(t, err, "rpc error: code = PermissionDenied desc = permission denied: projects, get, test")
 	})
+
+	t.Run("TestAddSyncWindowWhenAnAppReferencesAClusterThatDoesNotExist", func(t *testing.T) {
+		_ = enforcer.SetBuiltinPolicy(`p, role:admin, projects, get, *, allow
+p, role:admin, projects, update, *, allow`)
+		sessionMgr := session.NewSessionManager(settingsMgr, test.NewFakeProjLister(), "", nil, session.NewUserStateStorage(nil))
+		projectWithAppWithInvalidCluster := existingProj.DeepCopy()
+
+		argoDB := db.NewDB("default", settingsMgr, kubeclientset)
+		invalidApp := v1alpha1.Application{
+			ObjectMeta: metav1.ObjectMeta{Name: "test-invalid", Namespace: "default"},
+			Spec:       v1alpha1.ApplicationSpec{Source: &v1alpha1.ApplicationSource{}, Project: "test", Destination: v1alpha1.ApplicationDestination{Namespace: "ns3", Server: "https://server4"}},
+		}
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithAppWithInvalidCluster, &invalidApp), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB, testEnableEventList)
+
+		// Add sync window
+		syncWindow := v1alpha1.SyncWindow{
+			Kind:         "deny",
+			Schedule:     "* * * * *",
+			Duration:     "1h",
+			Applications: []string{"*"},
+			Clusters:     []string{"*"},
+		}
+		projectWithAppWithInvalidCluster.Spec.SyncWindows = append(projectWithAppWithInvalidCluster.Spec.SyncWindows, &syncWindow)
+		res, err := projectServer.Update(ctx, &project.ProjectUpdateRequest{
+			Project: projectWithAppWithInvalidCluster,
+		})
+		require.NoError(t, err)
+		assert.Len(t, res.Spec.SyncWindows, 1)
+	})
 }
 
 func newEnforcer(kubeclientset *fake.Clientset) *rbac.Enforcer {

From 109352ede000ac81df3197e65d6e9705d786ffb2 Mon Sep 17 00:00:00 2001
From: Aamir <114517832+Aamir017@users.noreply.github.com>
Date: Sun, 7 Sep 2025 18:19:14 +0530
Subject: [PATCH 363/383] docs: clarify manifest-generate-paths annotation
 usage without webhooks (#24421)

Signed-off-by: Aamir017 <skaamir2005@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/high_availability.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md
index ee27ee406fa3f..423f3baaf780d 100644
--- a/docs/operator-manual/high_availability.md
+++ b/docs/operator-manual/high_availability.md
@@ -205,7 +205,9 @@ If the manifest generation has no side effects then requests are processed in pa
 ### Manifest Paths Annotation
 
 Argo CD aggressively caches generated manifests and uses the repository commit SHA as a cache key. A new commit to the Git repository invalidates the cache for all applications configured in the repository.
-This can negatively affect repositories with multiple applications. You can use [webhooks](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and the `argocd.argoproj.io/manifest-generate-paths` Application CRD annotation to solve this problem and improve performance.
+This can negatively affect repositories with multiple applications. You can use the `argocd.argoproj.io/manifest-generate-paths` Application CRD annotation to solve this problem and improve performance.
+
+Note: The `argocd.argoproj.io/manifest-generate-paths` annotation is available for use with webhooks. Since Argo CD v2.11, this annotation can also be used **without configuring any webhooks**. Webhooks are not a pre-condition for this feature. You can rely on the annotation alone to optimize manifest generation for all applications.
 
 The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. It will use the paths specified in the annotation to compare the last cached revision to the latest commit. If no modified files match the paths specified in `argocd.argoproj.io/manifest-generate-paths`, then it will not trigger application reconciliation and the existing cache will be considered valid for the new commit.
 

From 355031eea0c033f9f0d02544756879f2f8567d69 Mon Sep 17 00:00:00 2001
From: gsalamin <31199936+gsalamin@users.noreply.github.com>
Date: Mon, 8 Sep 2025 09:08:13 +0200
Subject: [PATCH 364/383] docs: Use enabled in application example (#24448)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Grégoire Salamin <gregoire.salamin@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/application.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml
index 2054b4054b10e..0df0beb4ce136 100644
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -226,7 +226,7 @@ spec:
   # Sync policy
   syncPolicy:
     automated: # automated sync by default retries failed attempts 5 times with following delays between attempts ( 5s, 10s, 20s, 40s, 80s ); retry controlled using `retry` field.
-      enable: true # Enables automated syncing of the application ( true by default ).
+      enabled: true # Enables automated syncing of the application ( true by default ).
       prune: true # Specifies if resources should be pruned during auto-syncing ( false by default ).
       selfHeal: true # Specifies if partial app sync should be executed when resources are changed only in target Kubernetes cluster and no git change detected ( false by default ).
       allowEmpty: false # Allows deleting all application resources during automatic syncing ( false by default ).

From 53e9e96d1800c2c09cf4441341e5e22e084abdfd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 12:12:32 +0300
Subject: [PATCH 365/383] chore(deps): bump softprops/action-gh-release from
 2.3.2 to 2.3.3 (#24445)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 7630971c1061b..20858f1339f1a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -198,7 +198,7 @@ jobs:
           echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
 
       - name: Upload SBOM
-        uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2
+        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

From b65013a50999fa4e62543b19255bb980744a1e47 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 13:53:04 +0300
Subject: [PATCH 366/383] chore(deps): bump golang.org/x/sync from 0.16.0 to
 0.17.0 (#24443)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/go.mod b/go.mod
index 72bd92f65ce96..79f9d7d9b858d 100644
--- a/go.mod
+++ b/go.mod
@@ -94,7 +94,7 @@ require (
 	golang.org/x/crypto v0.41.0
 	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.30.0
-	golang.org/x/sync v0.16.0
+	golang.org/x/sync v0.17.0
 	golang.org/x/term v0.34.0
 	golang.org/x/time v0.12.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5
diff --git a/go.sum b/go.sum
index 78db61850a560..66baa4d95f7cd 100644
--- a/go.sum
+++ b/go.sum
@@ -1108,8 +1108,9 @@ golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

From fe7132abaff8e3420e73ace000bc31e3cbbb4221 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 14:01:59 +0300
Subject: [PATCH 367/383] chore(deps): bump codecov/codecov-action from 5.5.0
 to 5.5.1 (#24413)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 .github/workflows/ci-build.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 0477ef28f7343..a20232f953543 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -385,7 +385,7 @@ jobs:
         run: |
           go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller,e2e-code-coverage/repo-server,e2e-code-coverage/app-controller,e2e-code-coverage/commit-server -o test-results/full-coverage.out
       - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0
+        uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           files: test-results/full-coverage.out
           fail_ci_if_error: true

From 611f13ec8e299e4dc5959b0af6979e59cd056ef4 Mon Sep 17 00:00:00 2001
From: Navaneethan <59121948+FalseDev@users.noreply.github.com>
Date: Mon, 8 Sep 2025 17:33:11 +0530
Subject: [PATCH 368/383] docs: Fix cluster bootstrapping documentation
 (#24353)

Signed-off-by: Navaneethan <59121948+FalseDev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/cluster-bootstrapping.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/operator-manual/cluster-bootstrapping.md b/docs/operator-manual/cluster-bootstrapping.md
index 9a06098db8670..b33a7422359d7 100644
--- a/docs/operator-manual/cluster-bootstrapping.md
+++ b/docs/operator-manual/cluster-bootstrapping.md
@@ -136,7 +136,6 @@ spec:
   ignoreDifferences:
     - group: "*"
       kind: "Application"
-      namespace: "*"
       jsonPointers:
         # Allow manually disabling auto sync for apps, useful for debugging.
         - /spec/syncPolicy/automated

From 65c00c956f4ce941de009128e6098b802a990903 Mon Sep 17 00:00:00 2001
From: Fox Piacenti <fox@vulpinity.com>
Date: Mon, 8 Sep 2025 07:33:01 -0500
Subject: [PATCH 369/383] docs: Change reference URL for HA manifests to
 stable. (#24049)

Signed-off-by: Fox Danger Piacenti <fox@opencraft.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/operator-manual/high_availability.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md
index 423f3baaf780d..448aaaf20d48d 100644
--- a/docs/operator-manual/high_availability.md
+++ b/docs/operator-manual/high_availability.md
@@ -2,7 +2,7 @@
 
 Argo CD is largely stateless. All data is persisted as Kubernetes objects, which in turn is stored in Kubernetes' etcd. Redis is only used as a throw-away cache and can be lost. When lost, it will be rebuilt without loss of service.
 
-A set of [HA manifests](https://github.com/argoproj/argo-cd/tree/master/manifests/ha) are provided for users who wish to run Argo CD in a highly available manner. This runs more containers, and runs Redis in HA mode.
+A set of [HA manifests](https://github.com/argoproj/argo-cd/tree/stable/manifests/ha) are provided for users who wish to run Argo CD in a highly available manner. This runs more containers, and runs Redis in HA mode.
 
 !!! note
 

From c54f5f4be0895ca15c419abb12a54c5b1a406176 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 16:11:21 +0300
Subject: [PATCH 370/383] chore(deps): bump github.com/prometheus/client_golang
 from 1.23.0 to 1.23.2 (#24442)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 79f9d7d9b858d..ee911c8c9c319 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/patrickmn/go-cache v2.1.1-0.20191004192108-46f407853014+incompatible
-	github.com/prometheus/client_golang v1.23.0
+	github.com/prometheus/client_golang v1.23.2
 	github.com/prometheus/client_model v0.6.2
 	github.com/r3labs/diff/v3 v3.0.2
 	github.com/redis/go-redis/v9 v9.8.0
@@ -240,7 +240,7 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/common v0.65.0 // indirect
+	github.com/prometheus/common v0.66.1 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/cors v1.11.1 // indirect
diff --git a/go.sum b/go.sum
index 66baa4d95f7cd..f0c31f1af3f25 100644
--- a/go.sum
+++ b/go.sum
@@ -770,8 +770,8 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc=
-github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE=
+github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
+github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -782,8 +782,8 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
-github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
+github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=

From 644d720f7d767b99bc56e5b058847a1a25dc5bfe Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Mon, 8 Sep 2025 11:14:48 -0400
Subject: [PATCH 371/383] chore(refactor): use contexts in hydration operations
 (#24431)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/hook.go                        |  2 +-
 controller/hydrator/hydrator.go           |  4 +-
 controller/hydrator/mocks/Dependencies.go | 50 +++++++++++++----------
 controller/hydrator_dependencies.go       |  4 +-
 controller/hydrator_dependencies_test.go  |  2 +-
 controller/state.go                       | 24 +++++------
 controller/state_test.go                  |  2 +-
 7 files changed, 47 insertions(+), 41 deletions(-)

diff --git a/controller/hook.go b/controller/hook.go
index 27e1b85e8106b..8d1b41929d1a2 100644
--- a/controller/hook.go
+++ b/controller/hook.go
@@ -51,7 +51,7 @@ func (ctrl *ApplicationController) executePostDeleteHooks(app *v1alpha1.Applicat
 		revisions = append(revisions, src.TargetRevision)
 	}
 
-	targets, _, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, true)
+	targets, _, _, err := ctrl.appStateManager.GetRepoObjs(context.Background(), app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, true)
 	if err != nil {
 		return false, err
 	}
diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go
index f9e139f7f5490..2170011a5701c 100644
--- a/controller/hydrator/hydrator.go
+++ b/controller/hydrator/hydrator.go
@@ -44,7 +44,7 @@ type Dependencies interface {
 
 	// GetRepoObjs returns the repository objects for the given application, source, and revision. It calls the repo-
 	// server and gets the manifests (objects).
-	GetRepoObjs(app *appv1.Application, source appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)
+	GetRepoObjs(ctx context.Context, app *appv1.Application, source appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)
 
 	// GetWriteCredentials returns the repository credentials for the given repository URL and project. These are to be
 	// sent to the commit server to write the hydrated manifests.
@@ -292,7 +292,7 @@ func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string
 		}
 
 		// TODO: enable signature verification
-		objs, resp, err := h.dependencies.GetRepoObjs(app, drySource, targetRevision, project)
+		objs, resp, err := h.dependencies.GetRepoObjs(context.Background(), app, drySource, targetRevision, project)
 		if err != nil {
 			return "", "", fmt.Errorf("failed to get repo objects for app %q: %w", app.QualifiedName(), err)
 		}
diff --git a/controller/hydrator/mocks/Dependencies.go b/controller/hydrator/mocks/Dependencies.go
index c8c5937d3b955..1bb4a67f817f8 100644
--- a/controller/hydrator/mocks/Dependencies.go
+++ b/controller/hydrator/mocks/Dependencies.go
@@ -252,8 +252,8 @@ func (_c *Dependencies_GetProcessableApps_Call) RunAndReturn(run func() (*v1alph
 }
 
 // GetRepoObjs provides a mock function for the type Dependencies
-func (_mock *Dependencies) GetRepoObjs(app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) {
-	ret := _mock.Called(app, source, revision, project)
+func (_mock *Dependencies) GetRepoObjs(ctx context.Context, app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) {
+	ret := _mock.Called(ctx, app, source, revision, project)
 
 	if len(ret) == 0 {
 		panic("no return value specified for GetRepoObjs")
@@ -262,25 +262,25 @@ func (_mock *Dependencies) GetRepoObjs(app *v1alpha1.Application, source v1alpha
 	var r0 []*unstructured.Unstructured
 	var r1 *apiclient.ManifestResponse
 	var r2 error
-	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)); ok {
-		return returnFunc(app, source, revision, project)
+	if returnFunc, ok := ret.Get(0).(func(context.Context, *v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)); ok {
+		return returnFunc(ctx, app, source, revision, project)
 	}
-	if returnFunc, ok := ret.Get(0).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) []*unstructured.Unstructured); ok {
-		r0 = returnFunc(app, source, revision, project)
+	if returnFunc, ok := ret.Get(0).(func(context.Context, *v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) []*unstructured.Unstructured); ok {
+		r0 = returnFunc(ctx, app, source, revision, project)
 	} else {
 		if ret.Get(0) != nil {
 			r0 = ret.Get(0).([]*unstructured.Unstructured)
 		}
 	}
-	if returnFunc, ok := ret.Get(1).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) *apiclient.ManifestResponse); ok {
-		r1 = returnFunc(app, source, revision, project)
+	if returnFunc, ok := ret.Get(1).(func(context.Context, *v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) *apiclient.ManifestResponse); ok {
+		r1 = returnFunc(ctx, app, source, revision, project)
 	} else {
 		if ret.Get(1) != nil {
 			r1 = ret.Get(1).(*apiclient.ManifestResponse)
 		}
 	}
-	if returnFunc, ok := ret.Get(2).(func(*v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) error); ok {
-		r2 = returnFunc(app, source, revision, project)
+	if returnFunc, ok := ret.Get(2).(func(context.Context, *v1alpha1.Application, v1alpha1.ApplicationSource, string, *v1alpha1.AppProject) error); ok {
+		r2 = returnFunc(ctx, app, source, revision, project)
 	} else {
 		r2 = ret.Error(2)
 	}
@@ -293,37 +293,43 @@ type Dependencies_GetRepoObjs_Call struct {
 }
 
 // GetRepoObjs is a helper method to define mock.On call
+//   - ctx context.Context
 //   - app *v1alpha1.Application
 //   - source v1alpha1.ApplicationSource
 //   - revision string
 //   - project *v1alpha1.AppProject
-func (_e *Dependencies_Expecter) GetRepoObjs(app interface{}, source interface{}, revision interface{}, project interface{}) *Dependencies_GetRepoObjs_Call {
-	return &Dependencies_GetRepoObjs_Call{Call: _e.mock.On("GetRepoObjs", app, source, revision, project)}
+func (_e *Dependencies_Expecter) GetRepoObjs(ctx interface{}, app interface{}, source interface{}, revision interface{}, project interface{}) *Dependencies_GetRepoObjs_Call {
+	return &Dependencies_GetRepoObjs_Call{Call: _e.mock.On("GetRepoObjs", ctx, app, source, revision, project)}
 }
 
-func (_c *Dependencies_GetRepoObjs_Call) Run(run func(app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject)) *Dependencies_GetRepoObjs_Call {
+func (_c *Dependencies_GetRepoObjs_Call) Run(run func(ctx context.Context, app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject)) *Dependencies_GetRepoObjs_Call {
 	_c.Call.Run(func(args mock.Arguments) {
-		var arg0 *v1alpha1.Application
+		var arg0 context.Context
 		if args[0] != nil {
-			arg0 = args[0].(*v1alpha1.Application)
+			arg0 = args[0].(context.Context)
 		}
-		var arg1 v1alpha1.ApplicationSource
+		var arg1 *v1alpha1.Application
 		if args[1] != nil {
-			arg1 = args[1].(v1alpha1.ApplicationSource)
+			arg1 = args[1].(*v1alpha1.Application)
 		}
-		var arg2 string
+		var arg2 v1alpha1.ApplicationSource
 		if args[2] != nil {
-			arg2 = args[2].(string)
+			arg2 = args[2].(v1alpha1.ApplicationSource)
 		}
-		var arg3 *v1alpha1.AppProject
+		var arg3 string
 		if args[3] != nil {
-			arg3 = args[3].(*v1alpha1.AppProject)
+			arg3 = args[3].(string)
+		}
+		var arg4 *v1alpha1.AppProject
+		if args[4] != nil {
+			arg4 = args[4].(*v1alpha1.AppProject)
 		}
 		run(
 			arg0,
 			arg1,
 			arg2,
 			arg3,
+			arg4,
 		)
 	})
 	return _c
@@ -334,7 +340,7 @@ func (_c *Dependencies_GetRepoObjs_Call) Return(unstructureds []*unstructured.Un
 	return _c
 }
 
-func (_c *Dependencies_GetRepoObjs_Call) RunAndReturn(run func(app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)) *Dependencies_GetRepoObjs_Call {
+func (_c *Dependencies_GetRepoObjs_Call) RunAndReturn(run func(ctx context.Context, app *v1alpha1.Application, source v1alpha1.ApplicationSource, revision string, project *v1alpha1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error)) *Dependencies_GetRepoObjs_Call {
 	_c.Call.Return(run)
 	return _c
 }
diff --git a/controller/hydrator_dependencies.go b/controller/hydrator_dependencies.go
index 1e0e63954dc62..9ab759b2faf3c 100644
--- a/controller/hydrator_dependencies.go
+++ b/controller/hydrator_dependencies.go
@@ -31,7 +31,7 @@ func (ctrl *ApplicationController) GetProcessableApps() (*appv1.ApplicationList,
 	return ctrl.getAppList(metav1.ListOptions{})
 }
 
-func (ctrl *ApplicationController) GetRepoObjs(origApp *appv1.Application, drySource appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) {
+func (ctrl *ApplicationController) GetRepoObjs(ctx context.Context, origApp *appv1.Application, drySource appv1.ApplicationSource, revision string, project *appv1.AppProject) ([]*unstructured.Unstructured, *apiclient.ManifestResponse, error) {
 	drySources := []appv1.ApplicationSource{drySource}
 	dryRevisions := []string{revision}
 
@@ -50,7 +50,7 @@ func (ctrl *ApplicationController) GetRepoObjs(origApp *appv1.Application, drySo
 	delete(app.Annotations, appv1.AnnotationKeyManifestGeneratePaths)
 
 	// FIXME: use cache and revision cache
-	objs, resp, _, err := ctrl.appStateManager.GetRepoObjs(app, drySources, appLabelKey, dryRevisions, true, true, false, project, false)
+	objs, resp, _, err := ctrl.appStateManager.GetRepoObjs(ctx, app, drySources, appLabelKey, dryRevisions, true, true, false, project, false)
 	if err != nil {
 		return nil, nil, fmt.Errorf("failed to get repo objects: %w", err)
 	}
diff --git a/controller/hydrator_dependencies_test.go b/controller/hydrator_dependencies_test.go
index 0e73ff5237238..8b51db5bf25ca 100644
--- a/controller/hydrator_dependencies_test.go
+++ b/controller/hydrator_dependencies_test.go
@@ -47,7 +47,7 @@ func TestGetRepoObjs(t *testing.T) {
 	source := app.Spec.GetSource()
 	source.RepoURL = "oci://example.com/argo/argo-cd"
 
-	objs, resp, err := ctrl.GetRepoObjs(app, source, "abc123", &v1alpha1.AppProject{
+	objs, resp, err := ctrl.GetRepoObjs(t.Context(), app, source, "abc123", &v1alpha1.AppProject{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "default",
 			Namespace: test.FakeArgoCDNamespace,
diff --git a/controller/state.go b/controller/state.go
index e0d09f1bf4504..632ea4c1b7a6a 100644
--- a/controller/state.go
+++ b/controller/state.go
@@ -72,7 +72,7 @@ type managedResource struct {
 type AppStateManager interface {
 	CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) (*comparisonResult, error)
 	SyncAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, state *v1alpha1.OperationState)
-	GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error)
+	GetRepoObjs(ctx context.Context, app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error)
 }
 
 // comparisonResult holds the state of an application after the reconciliation
@@ -127,9 +127,9 @@ type appStateManager struct {
 // task to the repo-server. It returns the list of generated manifests as unstructured
 // objects. It also returns the full response from all calls to the repo server as the
 // second argument.
-func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) {
+func (m *appStateManager) GetRepoObjs(ctx context.Context, app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, sendRuntimeState bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, bool, error) {
 	ts := stats.NewTimingStats()
-	helmRepos, err := m.db.ListHelmRepositories(context.Background())
+	helmRepos, err := m.db.ListHelmRepositories(ctx)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to list Helm repositories: %w", err)
 	}
@@ -138,7 +138,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		return nil, nil, false, fmt.Errorf("failed to get permitted Helm repositories for project %q: %w", proj.Name, err)
 	}
 
-	ociRepos, err := m.db.ListOCIRepositories(context.Background())
+	ociRepos, err := m.db.ListOCIRepositories(ctx)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to list OCI repositories: %w", err)
 	}
@@ -148,7 +148,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 	}
 
 	ts.AddCheckpoint("repo_ms")
-	helmRepositoryCredentials, err := m.db.GetAllHelmRepositoryCredentials(context.Background())
+	helmRepositoryCredentials, err := m.db.GetAllHelmRepositoryCredentials(ctx)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to get Helm credentials: %w", err)
 	}
@@ -157,7 +157,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		return nil, nil, false, fmt.Errorf("failed to get permitted Helm credentials for project %q: %w", proj.Name, err)
 	}
 
-	ociRepositoryCredentials, err := m.db.GetAllOCIRepositoryCredentials(context.Background())
+	ociRepositoryCredentials, err := m.db.GetAllOCIRepositoryCredentials(ctx)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to get OCI credentials: %w", err)
 	}
@@ -192,7 +192,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		return nil, nil, false, fmt.Errorf("failed to get installation ID: %w", err)
 	}
 
-	destCluster, err := argo.GetDestinationCluster(context.Background(), app.Spec.Destination, m.db)
+	destCluster, err := argo.GetDestinationCluster(ctx, app.Spec.Destination, m.db)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to get destination cluster: %w", err)
 	}
@@ -218,7 +218,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 	// Store the map of all sources having ref field into a map for applications with sources field
 	// If it's for a rollback process, the refSources[*].targetRevision fields are the desired
 	// revisions for the rollback
-	refSources, err := argo.GetRefSources(context.Background(), sources, app.Spec.Project, m.db.GetRepository, revisions)
+	refSources, err := argo.GetRefSources(ctx, sources, app.Spec.Project, m.db.GetRepository, revisions)
 	if err != nil {
 		return nil, nil, false, fmt.Errorf("failed to get ref sources: %w", err)
 	}
@@ -231,7 +231,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		if len(revisions) < len(sources) || revisions[i] == "" {
 			revisions[i] = source.TargetRevision
 		}
-		repo, err := m.db.GetRepository(context.Background(), source.RepoURL, proj.Name)
+		repo, err := m.db.GetRepository(ctx, source.RepoURL, proj.Name)
 		if err != nil {
 			return nil, nil, false, fmt.Errorf("failed to get repo %q: %w", source.RepoURL, err)
 		}
@@ -255,7 +255,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 
 		if !source.IsHelm() && !source.IsOCI() && syncedRevision != "" && keyManifestGenerateAnnotationExists && keyManifestGenerateAnnotationVal != "" {
 			// Validate the manifest-generate-path annotation to avoid generating manifests if it has not changed.
-			updateRevisionResult, err := repoClient.UpdateRevisionForPaths(context.Background(), &apiclient.UpdateRevisionForPathsRequest{
+			updateRevisionResult, err := repoClient.UpdateRevisionForPaths(ctx, &apiclient.UpdateRevisionForPathsRequest{
 				Repo:               repo,
 				Revision:           revision,
 				SyncedRevision:     syncedRevision,
@@ -301,7 +301,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp
 		}
 
 		log.Debugf("Generating Manifest for source %s revision %s", source, revision)
-		manifestInfo, err := repoClient.GenerateManifest(context.Background(), &apiclient.ManifestRequest{
+		manifestInfo, err := repoClient.GenerateManifest(ctx, &apiclient.ManifestRequest{
 			Repo:                            repo,
 			Repos:                           repos,
 			Revision:                        revision,
@@ -594,7 +594,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1
 			}
 		}
 
-		targetObjs, manifestInfos, revisionsMayHaveChanges, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, true)
+		targetObjs, manifestInfos, revisionsMayHaveChanges, err = m.GetRepoObjs(context.Background(), app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, true)
 		if err != nil {
 			targetObjs = make([]*unstructured.Unstructured, 0)
 			msg := "Failed to load target state: " + err.Error()
diff --git a/controller/state_test.go b/controller/state_test.go
index f3fdf92396dab..2fd6112979c6f 100644
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -1845,6 +1845,6 @@ func TestCompareAppState_DoesNotCallUpdateRevisionForPaths_ForOCI(t *testing.T)
 	sources := make([]v1alpha1.ApplicationSource, 0)
 	sources = append(sources, source)
 
-	_, _, _, err := ctrl.appStateManager.GetRepoObjs(app, sources, "abc123", []string{"123456"}, false, false, false, &defaultProj, false)
+	_, _, _, err := ctrl.appStateManager.GetRepoObjs(t.Context(), app, sources, "abc123", []string{"123456"}, false, false, false, &defaultProj, false)
 	require.NoError(t, err)
 }

From 9222515273853d0e81b2dfb06a2d2b52c0f304f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 11:38:43 -0400
Subject: [PATCH 372/383] chore(deps): bump golang.org/x/time from 0.12.0 to
 0.13.0 (#24441)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ee911c8c9c319..cd9b35c5ee1b5 100644
--- a/go.mod
+++ b/go.mod
@@ -96,7 +96,7 @@ require (
 	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.17.0
 	golang.org/x/term v0.34.0
-	golang.org/x/time v0.12.0
+	golang.org/x/time v0.13.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5
 	google.golang.org/grpc v1.75.0
 	google.golang.org/protobuf v1.36.8
diff --git a/go.sum b/go.sum
index f0c31f1af3f25..55fa09ba9f842 100644
--- a/go.sum
+++ b/go.sum
@@ -1253,8 +1253,8 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
-golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
+golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
 golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=

From 740ee44b979754b4a78bfbc44a8d55ec3b96a3be Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 15:45:42 +0000
Subject: [PATCH 373/383] [Bot] docs: Update Snyk report (#24437)

Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 docs/snyk/index.md                            |   58 +-
 docs/snyk/master/argocd-iac-install.html      |    2 +-
 .../master/argocd-iac-namespace-install.html  |    2 +-
 docs/snyk/master/argocd-test.html             |   10 +-
 .../master/ghcr.io_dexidp_dex_v2.43.0.html    |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_latest.html       |    4 +-
 .../quay.io_argoproj_argocd_v2.14.15.html     | 5236 -----------------
 .../argocd-iac-install.html                   |    4 +-
 .../argocd-iac-namespace-install.html         |    4 +-
 .../{v2.14.15 => v2.14.17}/argocd-test.html   |    2 +-
 .../ghcr.io_dexidp_dex_v2.41.1.html           |    2 +-
 ..._docker_library_haproxy_2.6.17-alpine.html |    4 +-
 ...ws_docker_library_redis_7.0.15-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v2.14.17.html     | 3068 ++++++++++
 .../redis_7.0.15-alpine.html                  |    2 +-
 .../argocd-iac-install.html                   |    2 +-
 .../argocd-iac-namespace-install.html         |    2 +-
 .../{v3.0.13 => v3.0.16}/argocd-test.html     |    2 +-
 .../ghcr.io_dexidp_dex_v2.41.1.html           |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v3.0.16.html}     |  230 +-
 .../redis_7.2.7-alpine.html                   |    2 +-
 .../argocd-iac-install.html                   |    2 +-
 .../argocd-iac-namespace-install.html         |    2 +-
 docs/snyk/{v3.1.1 => v3.1.4}/argocd-test.html |    2 +-
 .../ghcr.io_dexidp_dex_v2.43.0.html           |    2 +-
 ...s_docker_library_haproxy_3.0.8-alpine.html |    2 +-
 ...aws_docker_library_redis_7.2.7-alpine.html |    2 +-
 .../quay.io_argoproj_argocd_v3.1.4.html}      |  222 +-
 32 files changed, 3358 insertions(+), 5526 deletions(-)
 delete mode 100644 docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
 rename docs/snyk/{v2.14.15 => v2.14.17}/argocd-iac-install.html (99%)
 rename docs/snyk/{v2.14.15 => v2.14.17}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v2.14.15 => v2.14.17}/argocd-test.html (99%)
 rename docs/snyk/{v3.0.13 => v2.14.17}/ghcr.io_dexidp_dex_v2.41.1.html (99%)
 rename docs/snyk/{v2.14.15 => v2.14.17}/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html (99%)
 rename docs/snyk/{v2.14.15 => v2.14.17}/public.ecr.aws_docker_library_redis_7.0.15-alpine.html (99%)
 create mode 100644 docs/snyk/v2.14.17/quay.io_argoproj_argocd_v2.14.17.html
 rename docs/snyk/{v2.14.15 => v2.14.17}/redis_7.0.15-alpine.html (99%)
 rename docs/snyk/{v3.0.13 => v3.0.16}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.0.13 => v3.0.16}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.0.13 => v3.0.16}/argocd-test.html (99%)
 rename docs/snyk/{v2.14.15 => v3.0.16}/ghcr.io_dexidp_dex_v2.41.1.html (99%)
 rename docs/snyk/{v3.0.13 => v3.0.16}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.0.13 => v3.0.16}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.0.13/quay.io_argoproj_argocd_v3.0.13.html => v3.0.16/quay.io_argoproj_argocd_v3.0.16.html} (97%)
 rename docs/snyk/{v3.0.13 => v3.0.16}/redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.1.1 => v3.1.4}/argocd-iac-install.html (99%)
 rename docs/snyk/{v3.1.1 => v3.1.4}/argocd-iac-namespace-install.html (99%)
 rename docs/snyk/{v3.1.1 => v3.1.4}/argocd-test.html (99%)
 rename docs/snyk/{v3.1.1 => v3.1.4}/ghcr.io_dexidp_dex_v2.43.0.html (99%)
 rename docs/snyk/{v3.1.1 => v3.1.4}/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html (99%)
 rename docs/snyk/{v3.1.1 => v3.1.4}/public.ecr.aws_docker_library_redis_7.2.7-alpine.html (99%)
 rename docs/snyk/{v3.1.1/quay.io_argoproj_argocd_v3.1.1.html => v3.1.4/quay.io_argoproj_argocd_v3.1.4.html} (97%)

diff --git a/docs/snyk/index.md b/docs/snyk/index.md
index 5dabdd8db2940..7b9536cde43ee 100644
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -22,43 +22,43 @@ recent minor releases.
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.1.1
+### v3.1.4
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.1.1/argocd-test.html) | 0 | 0 | 5 | 0 |
-| [ui/yarn.lock](v3.1.1/argocd-test.html) | 1 | 0 | 1 | 2 |
-| [dex:v2.43.0](v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
-| [haproxy:3.0.8-alpine](v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.1.1](v3.1.1/quay.io_argoproj_argocd_v3.1.1.html) | 0 | 0 | 5 | 9 |
-| [install.yaml](v3.1.1/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.1.1/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.1.4/argocd-test.html) | 0 | 0 | 5 | 0 |
+| [ui/yarn.lock](v3.1.4/argocd-test.html) | 1 | 0 | 1 | 2 |
+| [dex:v2.43.0](v3.1.4/ghcr.io_dexidp_dex_v2.43.0.html) | 0 | 0 | 0 | 0 |
+| [haproxy:3.0.8-alpine](v3.1.4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.1.4/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.1.4](v3.1.4/quay.io_argoproj_argocd_v3.1.4.html) | 0 | 0 | 5 | 9 |
+| [install.yaml](v3.1.4/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.1.4/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v3.0.13
+### v3.0.16
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v3.0.13/argocd-test.html) | 0 | 3 | 5 | 0 |
-| [ui/yarn.lock](v3.0.13/argocd-test.html) | 1 | 1 | 2 | 4 |
-| [dex:v2.41.1](v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:3.0.8-alpine](v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
-| [redis:7.2.7-alpine](v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v3.0.13](v3.0.13/quay.io_argoproj_argocd_v3.0.13.html) | 0 | 0 | 5 | 9 |
-| [redis:7.2.7-alpine](v3.0.13/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v3.0.13/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v3.0.13/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v3.0.16/argocd-test.html) | 0 | 3 | 5 | 0 |
+| [ui/yarn.lock](v3.0.16/argocd-test.html) | 1 | 1 | 2 | 4 |
+| [dex:v2.41.1](v3.0.16/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
+| [haproxy:3.0.8-alpine](v3.0.16/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html) | 0 | 0 | 0 | 0 |
+| [redis:7.2.7-alpine](v3.0.16/public.ecr.aws_docker_library_redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v3.0.16](v3.0.16/quay.io_argoproj_argocd_v3.0.16.html) | 0 | 0 | 5 | 9 |
+| [redis:7.2.7-alpine](v3.0.16/redis_7.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v3.0.16/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v3.0.16/argocd-iac-namespace-install.html) | - | - | - | - |
 
-### v2.14.15
+### v2.14.17
 
 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.14.15/argocd-test.html) | 0 | 1 | 8 | 0 |
-| [ui/yarn.lock](v2.14.15/argocd-test.html) | 1 | 0 | 2 | 3 |
-| [dex:v2.41.1](v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
-| [haproxy:2.6.17-alpine](v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
-| [redis:7.0.15-alpine](v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [argocd:v2.14.15](v2.14.15/quay.io_argoproj_argocd_v2.14.15.html) | 0 | 1 | 24 | 9 |
-| [redis:7.0.15-alpine](v2.14.15/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
-| [install.yaml](v2.14.15/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.14.15/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.14.17/argocd-test.html) | 0 | 1 | 8 | 0 |
+| [ui/yarn.lock](v2.14.17/argocd-test.html) | 1 | 0 | 2 | 3 |
+| [dex:v2.41.1](v2.14.17/ghcr.io_dexidp_dex_v2.41.1.html) | 0 | 1 | 0 | 4 |
+| [haproxy:2.6.17-alpine](v2.14.17/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 1 | 2 | 6 |
+| [redis:7.0.15-alpine](v2.14.17/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
+| [argocd:v2.14.17](v2.14.17/quay.io_argoproj_argocd_v2.14.17.html) | 0 | 0 | 5 | 9 |
+| [redis:7.0.15-alpine](v2.14.17/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 4 |
+| [install.yaml](v2.14.17/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.14.17/argocd-iac-namespace-install.html) | - | - | - | - |
diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html
index b8903eafddd32..5fac1e76d4dbb 100644
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:24:19 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:23:42 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html
index b3f92c9159fc8..fa86bd5558711 100644
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:24:29 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:23:53 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html
index c5ba9659dd476..708d2a8748ea9 100644
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:22:06 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:21:22 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -501,7 +501,7 @@ <h1 class="project__header__title">Snyk test report</h1>
               <div class="meta-counts">
                 <div class="meta-count"><span>8</span> <span>known vulnerabilities</span></div>
                 <div class="meta-count"><span>28 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2118</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2120</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
@@ -697,7 +697,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.142.4
+                                        gitlab.com/gitlab-org/api/client-go@0.142.6
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                         
@@ -905,7 +905,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.142.4
+                                        gitlab.com/gitlab-org/api/client-go@0.142.6
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-cleanhttp@0.5.2
                                         
@@ -916,7 +916,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                         github.com/argoproj/argo-cd/v3@0.0.0
                                          <span class="list-paths__item__arrow">›</span> 
-                                        gitlab.com/gitlab-org/api/client-go@0.142.4
+                                        gitlab.com/gitlab-org/api/client-go@0.142.6
                                          <span class="list-paths__item__arrow">›</span> 
                                         github.com/hashicorp/go-retryablehttp@0.7.8
                                          <span class="list-paths__item__arrow">›</span> 
diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
index 1ee7f9625e26d..6a3c93c10c38b 100644
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:22:15 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:21:32 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 3ba6f2a524856..b59afa30cb56d 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:22:20 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:21:39 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 78f3beef94fea..491500a116070 100644
--- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:22:24 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:21:47 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
index bbd2064dd4dab..86f02d96ffe0b 100644
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:22:49 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:22:10 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
@@ -503,7 +503,7 @@ <h1 class="project__header__title">Snyk test report</h1>
               <div class="meta-counts">
                 <div class="meta-count"><span>17</span> <span>known vulnerabilities</span></div>
                 <div class="meta-count"><span>68 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2320</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>2322</span> <span>dependencies</span></div>
               </div><!-- .meta-counts -->
             </div><!-- .layout-container--short -->
           </header><!-- .project__header -->
diff --git a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html b/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
deleted file mode 100644
index a2ad5d8c47649..0000000000000
--- a/docs/snyk/v2.14.15/quay.io_argoproj_argocd_v2.14.15.html
+++ /dev/null
@@ -1,5236 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="45 known vulnerabilities found in 154 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #030328;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card__labels {
-      position: absolute;
-      top: 1.1em;
-      left: 0;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .card__labels > .label:first-child {
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-      margin-right: 100px; /* Ensure space for the risk score */
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .risk-score-display {
-      position: absolute;
-      top: 1.5em;
-      right: 1.5em;
-      text-align: right;
-      z-index: 10;
-    }
-  
-    .risk-score-display__label {
-      font-size: 0.7em;
-      font-weight: bold;
-      color: #586069;
-      text-transform: uppercase;
-      line-height: 1;
-      margin-bottom: 3px;
-    }
-  
-    .risk-score-display__value {
-      font-size: 1.9em;
-      font-weight: 600;
-      color: #24292e;
-      line-height: 1;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">August 31st 2025, 12:30:40 am (UTC+00:00)</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following paths:</span>
-                <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.15//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v2.14.15/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>45</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>154 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-
-    <div class="layout-container" style="padding-top: 35px;">
-      <div class="cards--vuln filter--patch filter--ignore">
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/oauth2/jws
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and golang.org/x/oauth2/jws@v0.24.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/oauth2/jws@v0.24.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper parsing of malformed tokens which can lead to memory consumption.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/oauth2/jws</code> to version 0.27.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3">GitHub Commit</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/commit/d0bb4610154d45b7dce7d706a8068ea72586d249">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/71490">GitHub Issue</a></li>
-        <li><a href="https://github.com/lestrrat-go/jwx/pull/1308">GitHub PR</a></li>
-        <li><a href="https://pkg.go.dev/vuln/GO-2025-3488">Go Advisory</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Denial of Service (DoS)</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.26.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions <code>parseDoctype</code>, <code>htmlIntegrationPoint</code>, <code>inBodyIM</code> and <code>inTableIM</code>  due to inefficient usage of the method <code>strings.ToLower</code> combining with the <code>==</code> operator to convert strings to lowercase and then comparing them.</p>
-        <p>An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.</p>
-        <h2 id="details">Details</h2>
-        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
-        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
-        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
-        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
-        <p>Two common types of DoS vulnerabilities:</p>
-        <ul>
-        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
-        </li>
-        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
-        </li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.33.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/70906">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ">Google Groups Forum</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
-            <h2 class="card__title">Link Following</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--high">
-                        <span class="label__text">high severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48384</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9">https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9</a></li>
-        <li><a href="https://github.com/liamg/CVE-2025-48384">https://github.com/liamg/CVE-2025-48384</a></li>
-        <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">https://www.cisa.gov/known-exploited-vulnerabilities-catalog</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664185">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Directory Traversal</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            tar
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and tar@1.35+dfsg-3build1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        tar@1.35+dfsg-3build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dash@0.5.12-6ubuntu5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        dpkg@1.22.6ubuntu6.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        tar@1.35+dfsg-3build1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
-        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
-        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
-        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
-        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
-        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-6965</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            sqlite3/libsqlite3-0
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, gnupg2/gpg@2.4.4-2ubuntu17.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        sqlite3/libsqlite3-0@3.45.1-1ubuntu2.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>sqlite3</code> package and not the <code>sqlite3</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>sqlite3</code> to version 3.45.1-1ubuntu2.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6965">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6965</a></li>
-        <li><a href="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8">https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SQLITE3-10769001">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-40909</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            perl/perl-modules-5.38
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/perl-modules-5.38@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/libperl5.38t64@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/perl-modules-5.38@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/libperl5.38t64@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/perl-base@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/perl-base@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/perl-modules-5.38@5.38.2-3.2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl/perl-base@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        perl@5.38.2-3.2ubuntu0.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>perl</code> package and not the <code>perl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Perl threads have a working directory race condition where file operations may target unintended paths.</p>
-        <p>If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. </p>
-        <p>This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.</p>
-        <p>The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>perl</code> to version 5.38.2-3.2ubuntu0.2 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-40909">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-40909</a></li>
-        <li><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226</a></li>
-        <li><a href="https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e">https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e</a></li>
-        <li><a href="https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch">https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch</a></li>
-        <li><a href="https://github.com/Perl/perl5/issues/10387">https://github.com/Perl/perl5/issues/10387</a></li>
-        <li><a href="https://github.com/Perl/perl5/issues/23010">https://github.com/Perl/perl5/issues/23010</a></li>
-        <li><a href="https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads">https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads</a></li>
-        <li><a href="https://www.openwall.com/lists/oss-security/2025/05/22/2">https://www.openwall.com/lists/oss-security/2025/05/22/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/05/23/1">http://www.openwall.com/lists/oss-security/2025/05/23/1</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/05/30/4">http://www.openwall.com/lists/oss-security/2025/05/30/4</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/2">http://www.openwall.com/lists/oss-security/2025/06/02/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/5">http://www.openwall.com/lists/oss-security/2025/06/02/5</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/6">http://www.openwall.com/lists/oss-security/2025/06/02/6</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/02/7">http://www.openwall.com/lists/oss-security/2025/06/02/7</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/03/1">http://www.openwall.com/lists/oss-security/2025/06/03/1</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PERL-10285352">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Directory Traversal</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            pam/libpam0g
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and pam/libpam0g@1.5.3-5ubuntu5.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>pam</code> to version 1.5.3-5ubuntu5.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6020</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6020">https://access.redhat.com/security/cve/CVE-2025-6020</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2372512">https://bugzilla.redhat.com/show_bug.cgi?id=2372512</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2025/06/17/1">http://www.openwall.com/lists/oss-security/2025/06/17/1</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:9526">https://access.redhat.com/errata/RHSA-2025:9526</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10024">https://access.redhat.com/errata/RHSA-2025:10024</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10027">https://access.redhat.com/errata/RHSA-2025:10027</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10180">https://access.redhat.com/errata/RHSA-2025:10180</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10354">https://access.redhat.com/errata/RHSA-2025:10354</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10357">https://access.redhat.com/errata/RHSA-2025:10357</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10358">https://access.redhat.com/errata/RHSA-2025:10358</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10359">https://access.redhat.com/errata/RHSA-2025:10359</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10361">https://access.redhat.com/errata/RHSA-2025:10361</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10362">https://access.redhat.com/errata/RHSA-2025:10362</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10735">https://access.redhat.com/errata/RHSA-2025:10735</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:10823">https://access.redhat.com/errata/RHSA-2025:10823</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:11386">https://access.redhat.com/errata/RHSA-2025:11386</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:11487">https://access.redhat.com/errata/RHSA-2025:11487</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:14557">https://access.redhat.com/errata/RHSA-2025:14557</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-10379114">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            pam/libpam0g
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and pam/libpam0g@1.5.3-5ubuntu5.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Authentication</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            pam/libpam0g
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and pam/libpam0g@1.5.3-5ubuntu5.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        util-linux@2.39.3-9ubuntu6.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam0g@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-runtime@1.5.3-5ubuntu5.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Out-of-bounds Read</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5318</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5318">https://access.redhat.com/security/cve/CVE-2025-5318</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369131">https://bugzilla.redhat.com/show_bug.cgi?id=2369131</a></li>
-        <li><a href="https://www.libssh.org/security/advisories/CVE-2025-5318.txt">https://www.libssh.org/security/advisories/CVE-2025-5318.txt</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10499336">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Return of Wrong Status Code</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5987</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5987">https://access.redhat.com/security/cve/CVE-2025-5987</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376219">https://bugzilla.redhat.com/show_bug.cgi?id=2376219</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500564">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Incorrect Calculation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions&#39; confidentiality, integrity, and availability.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5372</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5372">https://access.redhat.com/security/cve/CVE-2025-5372</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369388">https://bugzilla.redhat.com/show_bug.cgi?id=2369388</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500576">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5351</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-5351">https://access.redhat.com/security/cve/CVE-2025-5351</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2369367">https://bugzilla.redhat.com/show_bug.cgi?id=2369367</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500583">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Out-of-bounds Write</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>There&#39;s a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it&#39;s possible that the program perform out of bounds write leading to a heap corruption.
-        This issue affects only 32-bits builds of libssh.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4877</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4877">https://access.redhat.com/security/cve/CVE-2025-4877</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376193">https://bugzilla.redhat.com/show_bug.cgi?id=2376193</a></li>
-        <li><a href="https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d">https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&amp;id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d</a></li>
-        <li><a href="https://www.libssh.org/security/advisories/CVE-2025-4877.txt">https://www.libssh.org/security/advisories/CVE-2025-4877.txt</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500658">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Use After Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn&#39;t exist and may lead to possible signing failures or heap corruption.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>libssh</code> to version 0.10.6-2ubuntu0.1 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4878</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-4878">https://access.redhat.com/security/cve/CVE-2025-4878</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376184">https://bugzilla.redhat.com/show_bug.cgi?id=2376184</a></li>
-        <li><a href="https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1">https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1</a></li>
-        <li><a href="https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb">https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-10500669">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">NULL Pointer Dereference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libssh/libssh-4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libssh</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-8114">https://access.redhat.com/security/cve/CVE-2025-8114</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2383220">https://bugzilla.redhat.com/show_bug.cgi?id=2383220</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-11797737">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">LGPL-3.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            gopkg.in/retry.v1
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gopkg.in/retry.v1@v1.0.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>LGPL-3.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            golang.org/x/net/html
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        golang.org/x/net/html@v0.26.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
-        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
-        <h2 id="details">Details</h2>
-        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
-        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
-        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
-        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
-        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
-        <h3 id="types-of-attacks">Types of attacks</h3>
-        <p>There are a few methods by which XSS can be manipulated:</p>
-        <table>
-        <thead>
-        <tr>
-        <th>Type</th>
-        <th>Origin</th>
-        <th>Description</th>
-        </tr>
-        </thead>
-        <tbody><tr>
-        <td><strong>Stored</strong></td>
-        <td>Server</td>
-        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
-        </tr>
-        <tr>
-        <td><strong>Reflected</strong></td>
-        <td>Server</td>
-        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
-        </tr>
-        <tr>
-        <td><strong>DOM-based</strong></td>
-        <td>Client</td>
-        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
-        </tr>
-        <tr>
-        <td><strong>Mutated</strong></td>
-        <td></td>
-        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
-        </tr>
-        </tbody></table>
-        <h3 id="affected-environments">Affected environments</h3>
-        <p>The following environments are susceptible to an XSS attack:</p>
-        <ul>
-        <li>Web servers</li>
-        <li>Application servers</li>
-        <li>Web application environments</li>
-        </ul>
-        <h3 id="how-to-prevent">How to prevent</h3>
-        <p>This section describes the top best practices designed to specifically protect your code: </p>
-        <ul>
-        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
-        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
-        <li>Give users the option to disable client-side scripts.</li>
-        <li>Redirect invalid requests.</li>
-        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
-        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
-        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
-        </ul>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
-        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
-        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">NULL Pointer Dereference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-6395">https://access.redhat.com/security/cve/CVE-2025-6395</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2376755">https://bugzilla.redhat.com/show_bug.cgi?id=2376755</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691373">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.</p>
-        <p>This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32988">https://access.redhat.com/security/cve/CVE-2025-32988</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359622">https://bugzilla.redhat.com/show_bug.cgi?id=2359622</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691439">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Heap-based Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32990">https://access.redhat.com/security/cve/CVE-2025-32990</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359620">https://bugzilla.redhat.com/show_bug.cgi?id=2359620</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691451">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Certificate Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnutls28/libgnutls30t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build7
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnutls28/libgnutls30t64@3.8.3-1.1ubuntu3.3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnutls28</code> package and not the <code>gnutls28</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>gnutls28</code> to version 3.8.3-1.1ubuntu3.4 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2025-32989">https://access.redhat.com/security/cve/CVE-2025-32989</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2359621">https://bugzilla.redhat.com/show_bug.cgi?id=2359621</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUTLS28-10691515">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">CVE-2025-5702</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and glibc/libc-bin@2.39-0ubuntu8.4
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>glibc</code> to version 2.39-0ubuntu8.5 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-5702</a></li>
-        <li><a href="https://sourceware.org/bugzilla/show_bug.cgi?id=33056">https://sourceware.org/bugzilla/show_bug.cgi?id=33056</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-10321975">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/r3labs/diff
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/r3labs/diff@v1.1.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-version
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-version@v1.6.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-retryablehttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-retryablehttp@v0.7.7
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-multierror
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        helm.sh/helm/v3@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-multierror@v1.1.1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/hashicorp/go-cleanhttp
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/hashicorp/go-cleanhttp@v0.5.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">MPL-2.0 license</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Module:
-        
-                            github.com/gosimple/slug
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/gosimple/slug@v1.14.0
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <p>MPL-2.0 license</p>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: golang
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            github.com/go-jose/go-jose/v4
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v4@v4.0.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        github.com/argoproj/argo-cd/v2@*
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        github.com/go-jose/go-jose/v4@v4.0.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="overview">Overview</h2>
-        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
-        <h2 id="workaround">Workaround</h2>
-        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>github.com/go-jose/go-jose/v4</code> to version 4.0.5 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
-        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Buffer Overflow</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48386</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr">https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664136">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Arbitrary Argument Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46835</a></li>
-        <li><a href="https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da">https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da</a></li>
-        <li><a href="https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg">https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664171">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">External Control of File Name or Path</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection. This protocol injection can cause the client to write the fetched bundle to a location controlled by the adversary. The fetched content is fully controlled by the server, which can in the worst case lead to arbitrary code execution. The use of bundle URIs is not enabled by default and can be controlled by the bundle.heuristic config option. Some cases of the vulnerability require that the adversary is in control of where a repository will be cloned to. This either requires social engineering or a recursive clone with submodules. These cases can thus be avoided by disabling recursive clones. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-48385</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655">https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664178">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">OS Command Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled before in Gitk&#39;s Preferences. This option is disabled by default. The same happens when Show origin of this line is used in the main window (regardless of whether Support per-file encoding is enabled or not). This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27613</a></li>
-        <li><a href="https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5">https://github.com/j6t/gitk/compare/465f03869ae11acd04abfa1b83c67879c867410c..026c397d911cde55924d7eb1311d0fd6e2e105d5</a></li>
-        <li><a href="https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652">https://github.com/j6t/gitk/compare/7dd272eca153058da2e8d5b9960bbbf0b4f0cbaa..67a128b91e25978a15f9f7e194d81b441d603652</a></li>
-        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v">https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664269">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">OS Command Injection</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>Upgrade <code>Ubuntu:24.04</code> <code>git</code> to version 1:2.43.0-1ubuntu7.3 or higher.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27614</a></li>
-        <li><a href="https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129">https://github.com/j6t/gitk/commit/8e3070aa5e331be45d4d03e3be41f84494fce129</a></li>
-        <li><a href="https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc">https://github.com/j6t/gitk/security/advisories/GHSA-g4v5-fjv9-mhhc</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-10664291">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--medium">
-                        <span class="label__text">medium severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            git/git-man
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git/git-man@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git-lfs@3.4.1-1ubuntu0.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called &#34;sideband channel&#34;. These messages will be prefixed with &#34;remote:&#34; and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>git</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005</a></li>
-        <li><a href="https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329">https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329</a></li>
-        <li><a href="https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net">https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-8637112">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-56433</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            shadow/passwd
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>shadow</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
-        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SHADOW-8600509">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            patch
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and patch@2.7.6-7build3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        patch@2.7.6-7build3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
-        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6707039">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Double Free</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            patch
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and patch@2.7.6-7build3
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        patch@2.7.6-7build3
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952</a></li>
-        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952</a></li>
-        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">https://security-tracker.debian.org/tracker/CVE-2018-6952</a></li>
-        <li><a href="https://security.gentoo.org/glsa/201904-17">https://security.gentoo.org/glsa/201904-17</a></li>
-        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">https://savannah.gnu.org/bugs/index.php?53133</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">https://access.redhat.com/errata/RHSA-2019:2033</a></li>
-        <li><a href="http://www.securityfocus.com/bid/103047">http://www.securityfocus.com/bid/103047</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6720551">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2024-41996</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libssl3t64
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and openssl/libssl3t64@3.0.13-0ubuntu3.5
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.4-3ubuntu6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.14.0-1build3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:9.6p1-3ubuntu13.12
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20240203
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.10.6-2build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.20.1-6ubuntu2.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20240203
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.13-0ubuntu3.5
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssl</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996</a></li>
-        <li><a href="https://dheatattack.gitlab.io/details/">https://dheatattack.gitlab.io/details/</a></li>
-        <li><a href="https://dheatattack.gitlab.io/faq/">https://dheatattack.gitlab.io/faq/</a></li>
-        <li><a href="https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1">https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Information Exposure</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            libgcrypt20
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and libgcrypt20@1.10.3-2build1
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt/libapt-pkg6.0t64@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.137ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.5.3-5ubuntu5.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        systemd/libsystemd0@255.4-1ubuntu8.8
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libgcrypt20@1.10.3-2build1
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libgcrypt20</code> package and not the <code>libgcrypt20</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>A timing-based side-channel flaw was found in libgcrypt&#39;s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libgcrypt20</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:3534">https://access.redhat.com/errata/RHSA-2025:3534</a></li>
-        <li><a href="https://access.redhat.com/errata/RHSA-2025:3530">https://access.redhat.com/errata/RHSA-2025:3530</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBGCRYPT20-6693674">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Out-of-bounds Write</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            gnupg2/gpgv
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and gnupg2/gpgv@2.4.4-2ubuntu17.2
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        apt@2.8.3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgv@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpgconf@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/dirmngr@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.2
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnupg2</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
-        <li><a href="https://access.redhat.com/security/cve/CVE-2022-3219">https://access.redhat.com/security/cve/CVE-2022-3219</a></li>
-        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2127010">https://bugzilla.redhat.com/show_bug.cgi?id=2127010</a></li>
-        <li><a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a></li>
-        <li><a href="https://dev.gnupg.org/T5993">https://dev.gnupg.org/T5993</a></li>
-        <li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">https://marc.info/?l=oss-security&amp;m=165696590211434&amp;w=4</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">https://security.netapp.com/advisory/ntap-20230324-0001/</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUPG2-6702792">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            glibc/libc-bin
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and glibc/libc-bin@2.39-0ubuntu8.4
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc-bin@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        glibc/libc6@2.39-0ubuntu8.4
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013</a></li>
-        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">https://akkadia.org/drepper/SHA-crypt.txt</a></li>
-        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/</a></li>
-        <li><a href="https://twitter.com/solardiz/status/795601240151457793">https://twitter.com/solardiz/status/795601240151457793</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-6727419">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">CVE-2025-0167</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            curl/libcurl3t64-gnutls
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-        
-                                    docker-image|quay.io/argoproj/argocd@v2.14.15, git@1:2.43.0-1ubuntu7.2 and others
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.43.0-1ubuntu7.2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>When asked to use a <code>.netrc</code> file for credentials <strong>and</strong> to follow HTTP
-        redirects, curl could leak the password used for the first host to the
-        followed-to host under certain circumstances.</p>
-        <p>This flaw only manifests itself if the netrc file has a <code>default</code> entry that
-        omits both login and password. A rare circumstance.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>curl</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167</a></li>
-        <li><a href="https://curl.se/docs/CVE-2025-0167.json">https://curl.se/docs/CVE-2025-0167.json</a></li>
-        <li><a href="https://hackerone.com/reports/2917232">https://hackerone.com/reports/2917232</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20250306-0008/">https://security.netapp.com/advisory/ntap-20250306-0008/</a></li>
-        <li><a href="https://curl.se/docs/CVE-2025-0167.html">https://curl.se/docs/CVE-2025-0167.html</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-CURL-8689015">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">Improper Input Validation</h2>
-            <div class="card__section">
-        
-                <div class="card__labels">
-                    <div class="label label--low">
-                        <span class="label__text">low severity</span>
-                    </div>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v2.14.15/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
-                    </li>
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:24.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            coreutils
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@v2.14.15 and coreutils@9.4-3ubuntu6
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v2.14.15
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        coreutils@9.4-3ubuntu6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
-        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
-        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>coreutils</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
-        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">https://security-tracker.debian.org/tracker/CVE-2016-2781</a></li>
-        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a></li>
-        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a></li>
-        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-COREUTILS-6727355">More about this vulnerability</a></p>
-            </div>
-        
-        </div><!-- .card -->
-      </div><!-- cards -->
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
diff --git a/docs/snyk/v2.14.15/argocd-iac-install.html b/docs/snyk/v2.14.17/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v2.14.15/argocd-iac-install.html
rename to docs/snyk/v2.14.17/argocd-iac-install.html
index 046f9b6983fd7..308088b3ba025 100644
--- a/docs/snyk/v2.14.15/argocd-iac-install.html
+++ b/docs/snyk/v2.14.17/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:32:11 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:31:48 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2861,7 +2861,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 25969
+                              Line number: 25975
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html b/docs/snyk/v2.14.17/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v2.14.15/argocd-iac-namespace-install.html
rename to docs/snyk/v2.14.17/argocd-iac-namespace-install.html
index 42d27b218508c..6e682b0ddefa6 100644
--- a/docs/snyk/v2.14.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.14.17/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:32:22 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:31:59 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
@@ -2815,7 +2815,7 @@ <h2 class="card__title">Container&#x27;s or Pod&#x27;s  UID could clash with hos
                           </li>
               
                           <li class="card__meta__item">
-                              Line number: 2199
+                              Line number: 2205
                           </li>
                       </ul>
               
diff --git a/docs/snyk/v2.14.15/argocd-test.html b/docs/snyk/v2.14.17/argocd-test.html
similarity index 99%
rename from docs/snyk/v2.14.15/argocd-test.html
rename to docs/snyk/v2.14.17/argocd-test.html
index a28ae2c807f93..eda04fe15d793 100644
--- a/docs/snyk/v2.14.15/argocd-test.html
+++ b/docs/snyk/v2.14.17/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:30:03 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:29:36 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v2.14.17/ghcr.io_dexidp_dex_v2.41.1.html
similarity index 99%
rename from docs/snyk/v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html
rename to docs/snyk/v2.14.17/ghcr.io_dexidp_dex_v2.41.1.html
index d9e61eb6058a4..89f22aeab0221 100644
--- a/docs/snyk/v3.0.13/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v2.14.17/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:29 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:29:41 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/v2.14.17/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
similarity index 99%
rename from docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
rename to docs/snyk/v2.14.17/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
index 4f4fa1d71cd99..1e171eea7a8f8 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
+++ b/docs/snyk/v2.14.17/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:30:14 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:29:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
@@ -1359,13 +1359,13 @@ <h2 id="references">References</h2>
         <li><a href="http://www.openwall.com/lists/oss-security/2024/08/15/1">http://www.openwall.com/lists/oss-security/2024/08/15/1</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2024/06/27/1">http://www.openwall.com/lists/oss-security/2024/06/27/1</a></li>
         <li><a href="http://www.openwall.com/lists/oss-security/2024/06/28/4">http://www.openwall.com/lists/oss-security/2024/06/28/4</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20240712-0005/">https://security.netapp.com/advisory/ntap-20240712-0005/</a></li>
         <li><a href="https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37">https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37</a></li>
         <li><a href="https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e">https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e</a></li>
         <li><a href="https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c">https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c</a></li>
         <li><a href="https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c">https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c</a></li>
         <li><a href="https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c">https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c</a></li>
         <li><a href="https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87">https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20240712-0005/">https://security.netapp.com/advisory/ntap-20240712-0005/</a></li>
         <li><a href="https://www.openssl.org/news/secadv/20240627.txt">https://www.openssl.org/news/secadv/20240627.txt</a></li>
         </ul>
         
diff --git a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.14.17/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
similarity index 99%
rename from docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
rename to docs/snyk/v2.14.17/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
index f8ef73fe8c8aa..fa046c0cf348a 100644
--- a/docs/snyk/v2.14.15/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.17/public.ecr.aws_docker_library_redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:30:19 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:29:54 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.17/quay.io_argoproj_argocd_v2.14.17.html b/docs/snyk/v2.14.17/quay.io_argoproj_argocd_v2.14.17.html
new file mode 100644
index 0000000000000..5000f836c3aef
--- /dev/null
+++ b/docs/snyk/v2.14.17/quay.io_argoproj_argocd_v2.14.17.html
@@ -0,0 +1,3068 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+  <meta http-equiv="Content-Language" content="en-us">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>Snyk test report</title>
+  <meta name="description" content="25 known vulnerabilities found in 82 vulnerable dependency paths.">
+  <base target="_blank">
+  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
+    sizes="194x194">
+  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
+  <style type="text/css">
+  
+    body {
+      -moz-font-feature-settings: "pnum";
+      -webkit-font-feature-settings: "pnum";
+      font-variant-numeric: proportional-nums;
+      display: flex;
+      flex-direction: column;
+      font-feature-settings: "pnum";
+      font-size: 100%;
+      line-height: 1.5;
+      min-height: 100vh;
+      -webkit-text-size-adjust: 100%;
+      margin: 0;
+      padding: 0;
+      background-color: #F5F5F5;
+      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
+    }
+  
+    h1,
+    h2,
+    h3,
+    h4,
+    h5,
+    h6 {
+      font-weight: 500;
+    }
+  
+    a,
+    a:link,
+    a:visited {
+      border-bottom: 1px solid #4b45a9;
+      text-decoration: none;
+      color: #4b45a9;
+    }
+  
+    a:hover,
+    a:focus,
+    a:active {
+      border-bottom: 1px solid #4b45a9;
+    }
+  
+    hr {
+      border: none;
+      margin: 1em 0;
+      border-top: 1px solid #c5c5c5;
+    }
+  
+    ul {
+      padding: 0 1em;
+      margin: 1em 0;
+    }
+  
+    code {
+      background-color: #EEE;
+      color: #333;
+      padding: 0.25em 0.5em;
+      border-radius: 0.25em;
+    }
+  
+    pre {
+      background-color: #333;
+      font-family: monospace;
+      padding: 0.5em 1em 0.75em;
+      border-radius: 0.25em;
+      font-size: 14px;
+    }
+  
+    pre code {
+      padding: 0;
+      background-color: transparent;
+      color: #fff;
+    }
+  
+    a code {
+      border-radius: .125rem .125rem 0 0;
+      padding-bottom: 0;
+      color: #4b45a9;
+    }
+  
+    a[href^="http://"]:after,
+    a[href^="https://"]:after {
+      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
+      background-repeat: no-repeat;
+      background-size: .75rem;
+      content: "";
+      display: inline-block;
+      height: .75rem;
+      margin-left: .25rem;
+      width: .75rem;
+    }
+  
+  
+  /* Layout */
+  
+    [class*=layout-container] {
+      margin: 0 auto;
+      max-width: 71.25em;
+      padding: 1.9em 1.3em;
+      position: relative;
+    }
+    .layout-container--short {
+      padding-top: 0;
+      padding-bottom: 0;
+      max-width: 48.75em;
+    }
+  
+    .layout-container--short:after {
+      display: block;
+      content: "";
+      clear: both;
+    }
+  
+  /* Header */
+  
+    .header {
+      padding-bottom: 1px;
+    }
+  
+    .paths {
+      margin-left: 8px;
+    }
+    .header-wrap {
+      display: flex;
+      flex-direction: row;
+      justify-content: space-between;
+      padding-top: 2em;
+    }
+    .project__header {
+      background-color: #030328;
+      color: #fff;
+      margin-bottom: -1px;
+      padding-top: 1em;
+      padding-bottom: 0.25em;
+      border-bottom: 2px solid #BBB;
+    }
+  
+    .project__header__title {
+      overflow-wrap: break-word;
+      word-wrap: break-word;
+      word-break: break-all;
+      margin-bottom: .1em;
+      margin-top: 0;
+    }
+  
+    .timestamp {
+      float: right;
+      clear: none;
+      margin-bottom: 0;
+    }
+  
+    .meta-counts {
+      clear: both;
+      display: block;
+      flex-wrap: wrap;
+      justify-content: space-between;
+      margin: 0 0 1.5em;
+      color: #fff;
+      clear: both;
+      font-size: 1.1em;
+    }
+  
+    .meta-count {
+      display: block;
+      flex-basis: 100%;
+      margin: 0 1em 1em 0;
+      float: left;
+      padding-right: 1em;
+      border-right: 2px solid #fff;
+    }
+  
+    .meta-count:last-child {
+      border-right: 0;
+      padding-right: 0;
+      margin-right: 0;
+    }
+  
+  /* Card */
+  
+    .card {
+      background-color: #fff;
+      border: 1px solid #c5c5c5;
+      border-radius: .25rem;
+      margin: 0 0 2em 0;
+      position: relative;
+      min-height: 40px;
+      padding: 1.5em;
+    }
+  
+    .card__labels {
+      position: absolute;
+      top: 1.1em;
+      left: 0;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+  
+    .card .label {
+      background-color: #767676;
+      border: 2px solid #767676;
+      color: white;
+      padding: 0.25rem 0.75rem;
+      font-size: 0.875rem;
+      text-transform: uppercase;
+      display: inline-block;
+      margin: 0;
+      border-radius: 0.25rem;
+    }
+  
+    .card .label__text {
+      vertical-align: text-top;
+        font-weight: bold;
+    }
+  
+    .card .label--critical {
+      background-color: #AB1A1A;
+      border-color: #AB1A1A;
+    }
+  
+    .card .label--high {
+      background-color: #CE5019;
+      border-color: #CE5019;
+    }
+  
+    .card .label--medium {
+      background-color: #D68000;
+      border-color: #D68000;
+    }
+  
+    .card .label--low {
+      background-color: #88879E;
+      border-color: #88879E;
+    }
+  
+    .severity--low {
+      border-color: #88879E;
+    }
+  
+    .severity--medium {
+      border-color: #D68000;
+    }
+  
+    .severity--high {
+      border-color: #CE5019;
+    }
+  
+    .severity--critical {
+      border-color: #AB1A1A;
+    }
+  
+    .card--vuln {
+      padding-top: 4em;
+    }
+  
+    .card--vuln .card__labels > .label:first-child {
+      padding-left: 1.9em;
+      padding-right: 1.9em;
+      border-radius: 0 0.25rem 0.25rem 0;
+    }
+  
+    .card--vuln .card__section h2 {
+      font-size: 22px;
+      margin-bottom: 0.5em;
+    }
+  
+    .card--vuln .card__section p {
+      margin: 0 0 0.5em 0;
+    }
+  
+    .card--vuln .card__meta {
+      padding: 0 0 0 1em;
+      margin: 0;
+      font-size: 1.1em;
+    }
+  
+    .card .card__meta__paths {
+      font-size: 0.9em;
+    }
+  
+    .card--vuln .card__title {
+      font-size: 28px;
+      margin-top: 0;
+      margin-right: 100px; /* Ensure space for the risk score */
+    }
+  
+    .card--vuln .card__cta p {
+      margin: 0;
+      text-align: right;
+    }
+  
+    .risk-score-display {
+      position: absolute;
+      top: 1.5em;
+      right: 1.5em;
+      text-align: right;
+      z-index: 10;
+    }
+  
+    .risk-score-display__label {
+      font-size: 0.7em;
+      font-weight: bold;
+      color: #586069;
+      text-transform: uppercase;
+      line-height: 1;
+      margin-bottom: 3px;
+    }
+  
+    .risk-score-display__value {
+      font-size: 1.9em;
+      font-weight: 600;
+      color: #24292e;
+      line-height: 1;
+    }
+  
+    .source-panel {
+      clear: both;
+      display: flex;
+      justify-content: flex-start;
+      flex-direction: column;
+      align-items: flex-start;
+      padding: 0.5em 0;
+      width: fit-content;
+    }
+  
+  
+  
+  </style>
+  <style type="text/css">
+    .metatable {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      margin-top: 12px;
+      border-collapse: collapse;
+      border-spacing: 0;
+      font-variant-numeric: tabular-nums;
+      max-width: 51.75em;
+    }
+  
+    tbody {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      flex-wrap: wrap;
+    }
+  
+    .meta-row {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      outline: none;
+      text-align: left;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+      display: flex;
+      align-items: start;
+      border-top: 1px solid #d3d3d9;
+      padding: 8px 0 0 0;
+      border-bottom: none;
+      margin: 8px;
+      width: 47.75%;
+    }
+  
+    .meta-row-label {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      color: #4c4a73;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      margin: 0;
+      outline: none;
+      text-decoration: none;
+      z-index: auto;
+      align-self: start;
+      flex: 1;
+      font-size: 1rem;
+      line-height: 1.5rem;
+      padding: 0;
+      text-align: left;
+      vertical-align: top;
+      text-transform: none;
+      letter-spacing: 0;
+    }
+  
+    .meta-row-value {
+      text-size-adjust: 100%;
+      -webkit-font-smoothing: antialiased;
+      -webkit-box-direction: normal;
+      color: inherit;
+      font-feature-settings: "pnum";
+      border-collapse: collapse;
+      border-spacing: 0;
+      word-break: break-word;
+      box-sizing: border-box;
+      background: transparent;
+      border: 0;
+      font: inherit;
+      font-size: 100%;
+      margin: 0;
+      outline: none;
+      padding: 0;
+      text-align: right;
+      text-decoration: none;
+      vertical-align: baseline;
+      z-index: auto;
+    }
+  </style>
+</head>
+
+<body class="section-projects">
+  <main class="layout-stacked">
+        <div class="layout-stacked__header header">
+          <header class="project__header">
+            <div class="layout-container">
+              <a class="brand" href="https://snyk.io" title="Snyk">
+                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
+                  <title>Snyk - Open Source Security</title>
+                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                    <g fill="#fff">
+                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
+                    </g>
+                  </g>
+                </svg>
+              </a>
+              <div class="header-wrap">
+                  <h1 class="project__header__title">Snyk test report</h1>
+    
+                <p class="timestamp">September 7th 2025, 12:30:15 am (UTC+00:00)</p>
+              </div>
+              <div class="source-panel">
+                <span>Scanned the following paths:</span>
+                <ul>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.17/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.17//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.17/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v2.14.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                </ul>
+              </div>
+    
+              <div class="meta-counts">
+                <div class="meta-count"><span>25</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>82 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>2383</span> <span>dependencies</span></div>
+              </div><!-- .meta-counts -->
+            </div><!-- .layout-container--short -->
+          </header><!-- .project__header -->
+        </div><!-- .layout-stacked__header -->
+
+    <div class="layout-container" style="padding-top: 35px;">
+      <div class="cards--vuln filter--patch filter--ignore">
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/oauth2/jws
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and golang.org/x/oauth2/jws@v0.24.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/oauth2/jws@v0.24.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper parsing of malformed tokens which can lead to memory consumption.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/oauth2/jws</code> to version 0.27.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3">GitHub Commit</a></li>
+        <li><a href="https://github.com/lestrrat-go/jwx/commit/d0bb4610154d45b7dce7d706a8068ea72586d249">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/71490">GitHub Issue</a></li>
+        <li><a href="https://github.com/lestrrat-go/jwx/pull/1308">GitHub PR</a></li>
+        <li><a href="https://pkg.go.dev/vuln/GO-2025-3488">Go Advisory</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--high" data-snyk-test="high">
+            <h2 class="card__title">Denial of Service (DoS)</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--high">
+                        <span class="label__text">high severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/net/html
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/net/html@v0.26.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
+        <p>Affected versions of this package are vulnerable to Denial of Service (DoS) through the functions <code>parseDoctype</code>, <code>htmlIntegrationPoint</code>, <code>inBodyIM</code> and <code>inTableIM</code>  due to inefficient usage of the method <code>strings.ToLower</code> combining with the <code>==</code> operator to convert strings to lowercase and then comparing them.</p>
+        <p>An attacker can cause the application to slow down significantly by crafting inputs that are processed non-linearly.</p>
+        <h2 id="details">Details</h2>
+        <p>Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.</p>
+        <p>Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.</p>
+        <p>One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.</p>
+        <p>When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.</p>
+        <p>Two common types of DoS vulnerabilities:</p>
+        <ul>
+        <li><p>High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, <a href="https://security.snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-30082">commons-fileupload:commons-fileupload</a>.</p>
+        </li>
+        <li><p>Crash - An attacker sending crafted requests that could cause the system to crash. For Example,  <a href="https://snyk.io/vuln/npm:ws:20171108">npm <code>ws</code> package</a></p>
+        </li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.33.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/net/commit/8e66b04771e35c4e4125e8c60334b34e2423effb">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/70906">GitHub Issue</a></li>
+        <li><a href="https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ">Google Groups Forum</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-8535262">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Directory Traversal</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            tar
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and tar@1.35+dfsg-3build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dash@0.5.12-6ubuntu5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        dpkg@1.22.6ubuntu6.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        tar@1.35+dfsg-3build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>tar</code> package and not the <code>tar</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file&#39;s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of &#34;Member name contains &#39;..&#39;&#34; that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain &#34;x -&gt; ../../../../../home/victim/.ssh&#34; and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which &#34;tar xf&#34; is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each &#34;tar xf&#34; in its Security Rules of Thumb; however, third-party advice leads users to run &#34;tar xf&#34; more than once into the same directory.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>tar</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582</a></li>
+        <li><a href="https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md">https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md</a></li>
+        <li><a href="https://www.gnu.org/software/tar/">https://www.gnu.org/software/tar/</a></li>
+        <li><a href="https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html">https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Integrity.html">https://www.gnu.org/software/tar/manual/html_node/Integrity.html</a></li>
+        <li><a href="https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html">https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-TAR-10769052">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            pam/libpam0g
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and pam/libpam0g@1.5.3-5ubuntu5.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10041">https://access.redhat.com/security/cve/CVE-2024-10041</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2319212">https://bugzilla.redhat.com/show_bug.cgi?id=2319212</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9941">https://access.redhat.com/errata/RHSA-2024:9941</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:11250">https://access.redhat.com/errata/RHSA-2024:11250</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8303372">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Authentication</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            pam/libpam0g
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and pam/libpam0g@1.5.3-5ubuntu5.4
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.39.3-9ubuntu6.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam0g@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules-bin@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-runtime@1.5.3-5ubuntu5.4
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>pam</code> package and not the <code>pam</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>pam</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-10963">https://access.redhat.com/security/cve/CVE-2024-10963</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2324291">https://bugzilla.redhat.com/show_bug.cgi?id=2324291</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10232">https://access.redhat.com/errata/RHSA-2024:10232</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10244">https://access.redhat.com/errata/RHSA-2024:10244</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10379">https://access.redhat.com/errata/RHSA-2024:10379</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10518">https://access.redhat.com/errata/RHSA-2024:10518</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10528">https://access.redhat.com/errata/RHSA-2024:10528</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:10852">https://access.redhat.com/errata/RHSA-2024:10852</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PAM-8352843">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">NULL Pointer Dereference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libssh/libssh-4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.17, git@1:2.43.0-1ubuntu7.3 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2ubuntu0.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libssh</code> package and not the <code>libssh</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libssh</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2025-8114">https://access.redhat.com/security/cve/CVE-2025-8114</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2383220">https://bugzilla.redhat.com/show_bug.cgi?id=2383220</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBSSH-11797737">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">LGPL-3.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            gopkg.in/retry.v1
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gopkg.in/retry.v1@v1.0.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>LGPL-3.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:gopkg.in:retry.v1:LGPL-3.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            golang.org/x/net/html
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                helm.sh/helm/v3@* and golang.org/x/net/html@v0.26.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        golang.org/x/net/html@v0.26.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p><a href="https://pkg.go.dev/golang.org/x/net/html">golang.org/x/net/html</a> is a package that implements an HTML5-compliant tokenizer and parser.</p>
+        <p>Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in <code>token.go</code>, which incorrectly interprets tags as closing tags, allowing malicious input to be incorrectly processed and the DOM to be corrupted.</p>
+        <h2 id="details">Details</h2>
+        <p>Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.</p>
+        <p>This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML)  in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.</p>
+        <p>Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.</p>
+        <p>Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, <code>&lt;</code> can be coded as  <code>&amp;lt</code>; and <code>&gt;</code> can be coded as <code>&amp;gt</code>; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses <code>&lt;</code> and <code>&gt;</code> as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.</p>
+        <p>The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. </p>
+        <h3 id="types-of-attacks">Types of attacks</h3>
+        <p>There are a few methods by which XSS can be manipulated:</p>
+        <table>
+        <thead>
+        <tr>
+        <th>Type</th>
+        <th>Origin</th>
+        <th>Description</th>
+        </tr>
+        </thead>
+        <tbody><tr>
+        <td><strong>Stored</strong></td>
+        <td>Server</td>
+        <td>The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.</td>
+        </tr>
+        <tr>
+        <td><strong>Reflected</strong></td>
+        <td>Server</td>
+        <td>The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.</td>
+        </tr>
+        <tr>
+        <td><strong>DOM-based</strong></td>
+        <td>Client</td>
+        <td>The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.</td>
+        </tr>
+        <tr>
+        <td><strong>Mutated</strong></td>
+        <td></td>
+        <td>The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.</td>
+        </tr>
+        </tbody></table>
+        <h3 id="affected-environments">Affected environments</h3>
+        <p>The following environments are susceptible to an XSS attack:</p>
+        <ul>
+        <li>Web servers</li>
+        <li>Application servers</li>
+        <li>Web application environments</li>
+        </ul>
+        <h3 id="how-to-prevent">How to prevent</h3>
+        <p>This section describes the top best practices designed to specifically protect your code: </p>
+        <ul>
+        <li>Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. </li>
+        <li>Convert special characters such as <code>?</code>, <code>&amp;</code>, <code>/</code>, <code>&lt;</code>, <code>&gt;</code> and spaces to their respective HTML or URL encoded equivalents. </li>
+        <li>Give users the option to disable client-side scripts.</li>
+        <li>Redirect invalid requests.</li>
+        <li>Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.</li>
+        <li>Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.</li>
+        <li>Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.</li>
+        </ul>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>golang.org/x/net/html</code> to version 0.38.0 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9">GitHub Commit</a></li>
+        <li><a href="https://github.com/golang/go/issues/73070">GitHub Issue</a></li>
+        <li><a href="https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA">Google Groups Announcement</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-9572088">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/r3labs/diff
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/r3labs/diff@v1.1.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:r3labs:diff:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-version
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-version@v1.6.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-version:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-retryablehttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-retryablehttp@v0.7.7
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-retryablehttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-multierror
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        helm.sh/helm/v3@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-multierror@v1.1.1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-multierror:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/hashicorp/go-cleanhttp
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/hashicorp/go-cleanhttp@v0.5.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:hashicorp:go-cleanhttp:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">MPL-2.0 license</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Module:
+        
+                            github.com/gosimple/slug
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.14.0
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/gosimple/slug@v1.14.0
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <p>MPL-2.0 license</p>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/snyk:lic:golang:github.com:gosimple:slug:MPL-2.0">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argo-cd/v2 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: golang
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            github.com/go-jose/go-jose/v4
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v4@v4.0.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        github.com/argoproj/argo-cd/v2@*
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        github.com/go-jose/go-jose/v4@v4.0.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="overview">Overview</h2>
+        <p>Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the use of <code>strings.Split</code> to split JWT tokens. An attacker can cause memory exhaustion and service disruption by sending numerous malformed tokens with a large number of <code>.</code> characters. </p>
+        <h2 id="workaround">Workaround</h2>
+        <p>This vulnerability can be mitigated by pre-validating that payloads passed to Go JOSE do not contain an excessive number of <code>.</code> characters.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>Upgrade <code>github.com/go-jose/go-jose/v4</code> to version 4.0.5 or higher.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22">GitHub Commit</a></li>
+        <li><a href="https://github.com/go-jose/go-jose/releases/tag/v4.0.5">GitHub Release</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOJOSEGOJOSEV4-8745975">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--medium">
+                        <span class="label__text">medium severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            git/git-man
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.17, git@1:2.43.0-1ubuntu7.3 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git/git-man@1:2.43.0-1ubuntu7.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git-lfs@3.4.1-1ubuntu0.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>git</code> package and not the <code>git</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called &#34;sideband channel&#34;. These messages will be prefixed with &#34;remote:&#34; and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>git</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-52005</a></li>
+        <li><a href="https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329">https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329</a></li>
+        <li><a href="https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net">https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GIT-8637112">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2024-56433</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            shadow/passwd
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.13
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/login@1:4.13+dfsg1-4ubuntu3.2
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>shadow</code> package and not the <code>shadow</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>shadow</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56433</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241">https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/issues/1157">https://github.com/shadow-maint/shadow/issues/1157</a></li>
+        <li><a href="https://github.com/shadow-maint/shadow/releases/tag/4.4">https://github.com/shadow-maint/shadow/releases/tag/4.4</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-SHADOW-8600509">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            patch
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and patch@2.7.6-7build3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        patch@2.7.6-7build3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-45261</a></li>
+        <li><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6707039">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Double Free</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            patch
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and patch@2.7.6-7build3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        patch@2.7.6-7build3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>patch</code> package and not the <code>patch</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>patch</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952</a></li>
+        <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952</a></li>
+        <li><a href="https://security-tracker.debian.org/tracker/CVE-2018-6952">https://security-tracker.debian.org/tracker/CVE-2018-6952</a></li>
+        <li><a href="https://security.gentoo.org/glsa/201904-17">https://security.gentoo.org/glsa/201904-17</a></li>
+        <li><a href="https://savannah.gnu.org/bugs/index.php?53133">https://savannah.gnu.org/bugs/index.php?53133</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2019:2033">https://access.redhat.com/errata/RHSA-2019:2033</a></li>
+        <li><a href="http://www.securityfocus.com/bid/103047">http://www.securityfocus.com/bid/103047</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-PATCH-6720551">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2024-41996</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            openssl/libssl3t64
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        coreutils@9.4-3ubuntu6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.14.0-1build3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssh/openssh-client@1:9.6p1-3ubuntu13.13
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20240203
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.13-0ubuntu3.5
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libssh/libssh-4@0.10.6-2ubuntu0.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libgssapi-krb5-2@1.20.1-6ubuntu2.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        krb5/libkrb5-3@1.20.1-6ubuntu2.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3.1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        ca-certificates@20240203
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        openssl@3.0.13-0ubuntu3.5
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>openssl</code> package and not the <code>openssl</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>openssl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-41996</a></li>
+        <li><a href="https://dheatattack.gitlab.io/details/">https://dheatattack.gitlab.io/details/</a></li>
+        <li><a href="https://dheatattack.gitlab.io/faq/">https://dheatattack.gitlab.io/faq/</a></li>
+        <li><a href="https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1">https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-OPENSSL-7838291">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Information Exposure</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            libgcrypt20
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and libgcrypt20@1.10.3-2build1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt/libapt-pkg6.0t64@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        adduser@3.137ubuntu1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        pam/libpam-modules@1.5.3-5ubuntu5.4
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@255.4-1ubuntu8.10
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libgcrypt20@1.10.3-2build1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>libgcrypt20</code> package and not the <code>libgcrypt20</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>A timing-based side-channel flaw was found in libgcrypt&#39;s RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>libgcrypt20</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2024:9404">https://access.redhat.com/errata/RHSA-2024:9404</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2268268">https://bugzilla.redhat.com/show_bug.cgi?id=2268268</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:3534">https://access.redhat.com/errata/RHSA-2025:3534</a></li>
+        <li><a href="https://access.redhat.com/errata/RHSA-2025:3530">https://access.redhat.com/errata/RHSA-2025:3530</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2024-2236">https://access.redhat.com/security/cve/CVE-2024-2236</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2245218">https://bugzilla.redhat.com/show_bug.cgi?id=2245218</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-LIBGCRYPT20-6693674">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Out-of-bounds Write</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            gnupg2/gpgv
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and gnupg2/gpgv@2.4.4-2ubuntu17.3
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.8.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpgconf@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/dirmngr@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        gnupg2/gpg-agent@2.4.4-2ubuntu17.3
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>gnupg2</code> package and not the <code>gnupg2</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>gnupg2</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3219</a></li>
+        <li><a href="https://access.redhat.com/security/cve/CVE-2022-3219">https://access.redhat.com/security/cve/CVE-2022-3219</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2127010">https://bugzilla.redhat.com/show_bug.cgi?id=2127010</a></li>
+        <li><a href="https://dev.gnupg.org/D556">https://dev.gnupg.org/D556</a></li>
+        <li><a href="https://dev.gnupg.org/T5993">https://dev.gnupg.org/T5993</a></li>
+        <li><a href="https://marc.info/?l=oss-security&m=165696590211434&w=4">https://marc.info/?l=oss-security&amp;m=165696590211434&amp;w=4</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20230324-0001/">https://security.netapp.com/advisory/ntap-20230324-0001/</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GNUPG2-6702792">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            glibc/libc-bin
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and glibc/libc-bin@2.39-0ubuntu8.5
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc-bin@2.39-0ubuntu8.5
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        glibc/libc6@2.39-0ubuntu8.5
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>glibc</code> package and not the <code>glibc</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm&#39;s runtime is proportional to the square of the length of the password.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>glibc</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013</a></li>
+        <li><a href="https://akkadia.org/drepper/SHA-crypt.txt">https://akkadia.org/drepper/SHA-crypt.txt</a></li>
+        <li><a href="https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/">https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/</a></li>
+        <li><a href="https://twitter.com/solardiz/status/795601240151457793">https://twitter.com/solardiz/status/795601240151457793</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-GLIBC-6727419">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">CVE-2025-0167</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            curl/libcurl3t64-gnutls
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+        
+                                    docker-image|quay.io/argoproj/argocd@v2.14.17, git@1:2.43.0-1ubuntu7.3 and others
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        git@1:2.43.0-1ubuntu7.3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.6
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>curl</code> package and not the <code>curl</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>When asked to use a <code>.netrc</code> file for credentials <strong>and</strong> to follow HTTP
+        redirects, curl could leak the password used for the first host to the
+        followed-to host under certain circumstances.</p>
+        <p>This flaw only manifests itself if the netrc file has a <code>default</code> entry that
+        omits both login and password. A rare circumstance.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>curl</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0167</a></li>
+        <li><a href="https://curl.se/docs/CVE-2025-0167.json">https://curl.se/docs/CVE-2025-0167.json</a></li>
+        <li><a href="https://hackerone.com/reports/2917232">https://hackerone.com/reports/2917232</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20250306-0008/">https://security.netapp.com/advisory/ntap-20250306-0008/</a></li>
+        <li><a href="https://curl.se/docs/CVE-2025-0167.html">https://curl.se/docs/CVE-2025-0167.html</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-CURL-8689015">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
+            <h2 class="card__title">Improper Input Validation</h2>
+            <div class="card__section">
+        
+                <div class="card__labels">
+                    <div class="label label--low">
+                        <span class="label__text">low severity</span>
+                    </div>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Manifest file: quay.io/argoproj/argocd:v2.14.17/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                    </li>
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:24.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            coreutils
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@v2.14.17 and coreutils@9.4-3ubuntu6
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@v2.14.17
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        coreutils@9.4-3ubuntu6
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply only to the upstream <code>coreutils</code> package and not the <code>coreutils</code> package as distributed by <code>Ubuntu</code>.</em>
+        <em>See <code>How to fix?</code> for <code>Ubuntu:24.04</code> relevant fixed versions and status.</em></p>
+        <p>chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal&#39;s input buffer.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:24.04</code> <code>coreutils</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781">http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781</a></li>
+        <li><a href="https://security-tracker.debian.org/tracker/CVE-2016-2781">https://security-tracker.debian.org/tracker/CVE-2016-2781</a></li>
+        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a></li>
+        <li><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a></li>
+        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2404-COREUTILS-6727355">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+      </div><!-- cards -->
+    </div>
+  </main><!-- .layout-stacked__content -->
+</body>
+
+</html>
diff --git a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html b/docs/snyk/v2.14.17/redis_7.0.15-alpine.html
similarity index 99%
rename from docs/snyk/v2.14.15/redis_7.0.15-alpine.html
rename to docs/snyk/v2.14.17/redis_7.0.15-alpine.html
index de564cc7795d6..1bfb465f5b5f2 100644
--- a/docs/snyk/v2.14.15/redis_7.0.15-alpine.html
+++ b/docs/snyk/v2.14.17/redis_7.0.15-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:30:44 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:30:19 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.13/argocd-iac-install.html b/docs/snyk/v3.0.16/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.0.13/argocd-iac-install.html
rename to docs/snyk/v3.0.16/argocd-iac-install.html
index 9b17413b62c8a..f74fe3ccf10ff 100644
--- a/docs/snyk/v3.0.13/argocd-iac-install.html
+++ b/docs/snyk/v3.0.16/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:29:30 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:29:04 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.13/argocd-iac-namespace-install.html b/docs/snyk/v3.0.16/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.0.13/argocd-iac-namespace-install.html
rename to docs/snyk/v3.0.16/argocd-iac-namespace-install.html
index 22dfedbbb108c..ac1bb9b60d8d0 100644
--- a/docs/snyk/v3.0.13/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.0.16/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:29:40 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:29:15 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.13/argocd-test.html b/docs/snyk/v3.0.16/argocd-test.html
similarity index 99%
rename from docs/snyk/v3.0.13/argocd-test.html
rename to docs/snyk/v3.0.16/argocd-test.html
index a60a08e6b536f..557a128d449e7 100644
--- a/docs/snyk/v3.0.13/argocd-test.html
+++ b/docs/snyk/v3.0.16/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:21 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:26:49 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html b/docs/snyk/v3.0.16/ghcr.io_dexidp_dex_v2.41.1.html
similarity index 99%
rename from docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
rename to docs/snyk/v3.0.16/ghcr.io_dexidp_dex_v2.41.1.html
index 60f0b87a41857..0e7ccbd0d9ccd 100644
--- a/docs/snyk/v2.14.15/ghcr.io_dexidp_dex_v2.41.1.html
+++ b/docs/snyk/v3.0.16/ghcr.io_dexidp_dex_v2.41.1.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:30:09 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:26:58 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.0.16/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.0.16/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index 3aade90a9d64b..117dcbe06662c 100644
--- a/docs/snyk/v3.0.13/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.0.16/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:32 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:27:02 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.0.16/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.16/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index 92b46e4fa01a5..1af853efb9c3a 100644
--- a/docs/snyk/v3.0.13/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.16/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:36 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:27:06 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.0.13/quay.io_argoproj_argocd_v3.0.13.html b/docs/snyk/v3.0.16/quay.io_argoproj_argocd_v3.0.16.html
similarity index 97%
rename from docs/snyk/v3.0.13/quay.io_argoproj_argocd_v3.0.13.html
rename to docs/snyk/v3.0.16/quay.io_argoproj_argocd_v3.0.16.html
index e7a4c8843a7de..551fd2f07c846 100644
--- a/docs/snyk/v3.0.13/quay.io_argoproj_argocd_v3.0.13.html
+++ b/docs/snyk/v3.0.16/quay.io_argoproj_argocd_v3.0.16.html
@@ -487,16 +487,16 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:56 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:27:28 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.13//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.0.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.16/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.16//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.16/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.0.16/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
@@ -525,7 +525,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -597,7 +597,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -669,7 +669,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -741,7 +741,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -754,7 +754,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and tar@1.35+dfsg-3build1
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and tar@1.35+dfsg-3build1
         
                     </li>
                 </ul>
@@ -767,7 +767,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         tar@1.35+dfsg-3build1
                                         
@@ -776,7 +776,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         dash@0.5.12-6ubuntu5
                                          <span class="list-paths__item__arrow">›</span> 
@@ -830,7 +830,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -843,7 +843,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -856,7 +856,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -865,7 +865,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -876,7 +876,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -887,7 +887,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -902,7 +902,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -919,7 +919,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -938,7 +938,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -947,7 +947,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -964,7 +964,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -973,7 +973,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -984,7 +984,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -995,7 +995,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1010,7 +1010,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -1019,7 +1019,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1071,7 +1071,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1084,7 +1084,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -1097,7 +1097,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -1106,7 +1106,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1117,7 +1117,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1128,7 +1128,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1143,7 +1143,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1160,7 +1160,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1179,7 +1179,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -1188,7 +1188,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1205,7 +1205,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -1214,7 +1214,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1225,7 +1225,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1236,7 +1236,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1251,7 +1251,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -1260,7 +1260,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1315,7 +1315,7 @@ <h2 class="card__title">NULL Pointer Dereference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1329,7 +1329,7 @@ <h2 class="card__title">NULL Pointer Dereference</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.13, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.16, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1341,7 +1341,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1392,7 +1392,7 @@ <h2 class="card__title">Improper Validation of Syntactic Correctness of Input</h
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1519,7 +1519,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1581,7 +1581,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1643,7 +1643,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1705,7 +1705,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1767,7 +1767,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1829,7 +1829,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1891,7 +1891,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1905,7 +1905,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.13, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.16, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1917,7 +1917,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1928,7 +1928,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                         
@@ -1937,7 +1937,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.4.1-1ubuntu0.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1986,7 +1986,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1999,7 +1999,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -2012,7 +2012,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2021,7 +2021,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2032,7 +2032,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2045,7 +2045,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -2093,7 +2093,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2106,7 +2106,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2119,7 +2119,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2165,7 +2165,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2178,7 +2178,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -2191,7 +2191,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -2242,7 +2242,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2255,7 +2255,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -2268,7 +2268,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -2277,7 +2277,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2288,7 +2288,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2299,7 +2299,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2310,7 +2310,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2321,7 +2321,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2334,7 +2334,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2349,7 +2349,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2366,7 +2366,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2383,7 +2383,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2392,7 +2392,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2442,7 +2442,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2455,7 +2455,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2468,7 +2468,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2477,7 +2477,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2488,7 +2488,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2499,7 +2499,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2510,7 +2510,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2523,7 +2523,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2536,7 +2536,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2549,7 +2549,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2610,7 +2610,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2623,7 +2623,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and gnupg2/gpgv@2.4.4-2ubuntu17.3
         
                     </li>
                 </ul>
@@ -2636,7 +2636,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
@@ -2645,7 +2645,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2656,7 +2656,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2667,7 +2667,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2678,7 +2678,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2689,7 +2689,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                         
@@ -2698,7 +2698,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                         
@@ -2707,7 +2707,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                         
@@ -2758,7 +2758,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2771,7 +2771,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and glibc/libc-bin@2.39-0ubuntu8.5
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and glibc/libc-bin@2.39-0ubuntu8.5
         
                     </li>
                 </ul>
@@ -2784,7 +2784,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc-bin@2.39-0ubuntu8.5
                                         
@@ -2793,7 +2793,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc6@2.39-0ubuntu8.5
                                         
@@ -2841,7 +2841,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2855,7 +2855,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.0.13, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.0.16, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -2867,7 +2867,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2922,7 +2922,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.0.13/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.0.16/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2935,7 +2935,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.0.13 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.0.16 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -2948,7 +2948,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.0.13
+                                        docker-image|quay.io/argoproj/argocd@v3.0.16
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         
diff --git a/docs/snyk/v3.0.13/redis_7.2.7-alpine.html b/docs/snyk/v3.0.16/redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.0.13/redis_7.2.7-alpine.html
rename to docs/snyk/v3.0.16/redis_7.2.7-alpine.html
index 8b3e8459fd422..2e3b1c85870ef 100644
--- a/docs/snyk/v3.0.13/redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.0.16/redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:59 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:27:33 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.1/argocd-iac-install.html b/docs/snyk/v3.1.4/argocd-iac-install.html
similarity index 99%
rename from docs/snyk/v3.1.1/argocd-iac-install.html
rename to docs/snyk/v3.1.4/argocd-iac-install.html
index a8866d61fb024..3b7804014c373 100644
--- a/docs/snyk/v3.1.1/argocd-iac-install.html
+++ b/docs/snyk/v3.1.4/argocd-iac-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:26:53 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:26:19 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.1/argocd-iac-namespace-install.html b/docs/snyk/v3.1.4/argocd-iac-namespace-install.html
similarity index 99%
rename from docs/snyk/v3.1.1/argocd-iac-namespace-install.html
rename to docs/snyk/v3.1.4/argocd-iac-namespace-install.html
index 432ca6c5f578f..0c4f699356072 100644
--- a/docs/snyk/v3.1.1/argocd-iac-namespace-install.html
+++ b/docs/snyk/v3.1.4/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:27:03 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:26:30 am (UTC+00:00)</p>
               </div>
                 <div class="source-panel">
                   <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.1/argocd-test.html b/docs/snyk/v3.1.4/argocd-test.html
similarity index 99%
rename from docs/snyk/v3.1.1/argocd-test.html
rename to docs/snyk/v3.1.4/argocd-test.html
index 4943035c330ca..cfea62c91f873 100644
--- a/docs/snyk/v3.1.1/argocd-test.html
+++ b/docs/snyk/v3.1.4/argocd-test.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:24:46 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:24:09 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html b/docs/snyk/v3.1.4/ghcr.io_dexidp_dex_v2.43.0.html
similarity index 99%
rename from docs/snyk/v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html
rename to docs/snyk/v3.1.4/ghcr.io_dexidp_dex_v2.43.0.html
index e9b068f58df22..4599a2b95dace 100644
--- a/docs/snyk/v3.1.1/ghcr.io_dexidp_dex_v2.43.0.html
+++ b/docs/snyk/v3.1.4/ghcr.io_dexidp_dex_v2.43.0.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:24:53 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:24:15 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html b/docs/snyk/v3.1.4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
similarity index 99%
rename from docs/snyk/v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
rename to docs/snyk/v3.1.4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
index ccb15459ed94e..bd57c14666a49 100644
--- a/docs/snyk/v3.1.1/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
+++ b/docs/snyk/v3.1.4/public.ecr.aws_docker_library_haproxy_3.0.8-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:24:56 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:24:19 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following path:</span>
diff --git a/docs/snyk/v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html b/docs/snyk/v3.1.4/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
similarity index 99%
rename from docs/snyk/v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
rename to docs/snyk/v3.1.4/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
index f7947c257eca6..8fbc6c93f5486 100644
--- a/docs/snyk/v3.1.1/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
+++ b/docs/snyk/v3.1.4/public.ecr.aws_docker_library_redis_7.2.7-alpine.html
@@ -487,7 +487,7 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:24:59 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:24:25 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
diff --git a/docs/snyk/v3.1.1/quay.io_argoproj_argocd_v3.1.1.html b/docs/snyk/v3.1.4/quay.io_argoproj_argocd_v3.1.4.html
similarity index 97%
rename from docs/snyk/v3.1.1/quay.io_argoproj_argocd_v3.1.1.html
rename to docs/snyk/v3.1.4/quay.io_argoproj_argocd_v3.1.4.html
index a22a1300e5f60..8d0b272fa6459 100644
--- a/docs/snyk/v3.1.1/quay.io_argoproj_argocd_v3.1.1.html
+++ b/docs/snyk/v3.1.4/quay.io_argoproj_argocd_v3.1.4.html
@@ -487,16 +487,16 @@
               <div class="header-wrap">
                   <h1 class="project__header__title">Snyk test report</h1>
     
-                <p class="timestamp">August 31st 2025, 12:25:22 am (UTC+00:00)</p>
+                <p class="timestamp">September 7th 2025, 12:24:48 am (UTC+00:00)</p>
               </div>
               <div class="source-panel">
                 <span>Scanned the following paths:</span>
                 <ul>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/argoproj/argocd/Dockerfile (deb)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.1//usr/local/bin/kustomize (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/helm/v3//usr/local/bin/helm (gomodules)</li>
-                  <li class="paths">quay.io/argoproj/argocd:v3.1.1/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.4/argoproj/argocd/Dockerfile (deb)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.4/argoproj/argo-cd/v3//usr/local/bin/argocd (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.4//usr/local/bin/kustomize (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.4/helm/v3//usr/local/bin/helm (gomodules)</li>
+                  <li class="paths">quay.io/argoproj/argocd:v3.1.4/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)</li>
                 </ul>
               </div>
     
@@ -525,7 +525,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -538,7 +538,7 @@ <h2 class="card__title">Directory Traversal</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and tar@1.35+dfsg-3build1
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and tar@1.35+dfsg-3build1
         
                     </li>
                 </ul>
@@ -551,7 +551,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         tar@1.35+dfsg-3build1
                                         
@@ -560,7 +560,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         dash@0.5.12-6ubuntu5
                                          <span class="list-paths__item__arrow">›</span> 
@@ -614,7 +614,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -627,7 +627,7 @@ <h2 class="card__title">Insecure Storage of Sensitive Information</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -640,7 +640,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -649,7 +649,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -660,7 +660,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -671,7 +671,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -686,7 +686,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -703,7 +703,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -722,7 +722,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -731,7 +731,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -748,7 +748,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -757,7 +757,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -768,7 +768,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -779,7 +779,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -794,7 +794,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -803,7 +803,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -855,7 +855,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -868,7 +868,7 @@ <h2 class="card__title">Improper Authentication</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and pam/libpam0g@1.5.3-5ubuntu5.4
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and pam/libpam0g@1.5.3-5ubuntu5.4
         
                     </li>
                 </ul>
@@ -881,7 +881,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam0g@1.5.3-5ubuntu5.4
                                         
@@ -890,7 +890,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -901,7 +901,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         util-linux@2.39.3-9ubuntu6.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -912,7 +912,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -927,7 +927,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -944,7 +944,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -963,7 +963,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules-bin@1.5.3-5ubuntu5.4
                                         
@@ -972,7 +972,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -989,7 +989,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-modules@1.5.3-5ubuntu5.4
                                         
@@ -998,7 +998,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1009,7 +1009,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1020,7 +1020,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1035,7 +1035,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         pam/libpam-runtime@1.5.3-5ubuntu5.4
                                         
@@ -1044,7 +1044,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1099,7 +1099,7 @@ <h2 class="card__title">NULL Pointer Dereference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1113,7 +1113,7 @@ <h2 class="card__title">NULL Pointer Dereference</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.1, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.4, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1125,7 +1125,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1176,7 +1176,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1238,7 +1238,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1300,7 +1300,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1362,7 +1362,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/helm/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/helm
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1424,7 +1424,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1486,7 +1486,7 @@ <h2 class="card__title">MPL-2.0 license</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argo-cd/v3 <span class="list-paths__item__arrow">›</span> /usr/local/bin/argocd
                     </li>
                     <li class="card__meta__item">
                         Package Manager: golang
@@ -1548,7 +1548,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1562,7 +1562,7 @@ <h2 class="card__title">Improper Encoding or Escaping of Output</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.1, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.4, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -1574,7 +1574,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1585,7 +1585,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                         
@@ -1594,7 +1594,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git-lfs@3.4.1-1ubuntu0.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1643,7 +1643,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1656,7 +1656,7 @@ <h2 class="card__title">CVE-2024-56433</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
         
                     </li>
                 </ul>
@@ -1669,7 +1669,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/passwd@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -1678,7 +1678,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1689,7 +1689,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1702,7 +1702,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         shadow/login@1:4.13+dfsg1-4ubuntu3.2
                                         
@@ -1750,7 +1750,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1763,7 +1763,7 @@ <h2 class="card__title">Release of Invalid Pointer or Reference</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -1776,7 +1776,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -1822,7 +1822,7 @@ <h2 class="card__title">Double Free</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1835,7 +1835,7 @@ <h2 class="card__title">Double Free</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and patch@2.7.6-7build3
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and patch@2.7.6-7build3
         
                     </li>
                 </ul>
@@ -1848,7 +1848,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         patch@2.7.6-7build3
                                         
@@ -1899,7 +1899,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -1912,7 +1912,7 @@ <h2 class="card__title">CVE-2024-41996</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and openssl/libssl3t64@3.0.13-0ubuntu3.5
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and openssl/libssl3t64@3.0.13-0ubuntu3.5
         
                     </li>
                 </ul>
@@ -1925,7 +1925,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl/libssl3t64@3.0.13-0ubuntu3.5
                                         
@@ -1934,7 +1934,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1945,7 +1945,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3.1
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1956,7 +1956,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         libfido2/libfido2-1@1.14.0-1build3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1967,7 +1967,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssh/openssh-client@1:9.6p1-3ubuntu13.13
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1978,7 +1978,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -1991,7 +1991,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2006,7 +2006,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2023,7 +2023,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2040,7 +2040,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         openssl@3.0.13-0ubuntu3.5
                                         
@@ -2049,7 +2049,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         ca-certificates@20240203
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2099,7 +2099,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2112,7 +2112,7 @@ <h2 class="card__title">Information Exposure</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and libgcrypt20@1.10.3-2build1
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and libgcrypt20@1.10.3-2build1
         
                     </li>
                 </ul>
@@ -2125,7 +2125,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         libgcrypt20@1.10.3-2build1
                                         
@@ -2134,7 +2134,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2145,7 +2145,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2156,7 +2156,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2167,7 +2167,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2180,7 +2180,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2193,7 +2193,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2206,7 +2206,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2267,7 +2267,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2280,7 +2280,7 @@ <h2 class="card__title">Out-of-bounds Write</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and gnupg2/gpgv@2.4.4-2ubuntu17.3
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and gnupg2/gpgv@2.4.4-2ubuntu17.3
         
                     </li>
                 </ul>
@@ -2293,7 +2293,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpgv@2.4.4-2ubuntu17.3
                                         
@@ -2302,7 +2302,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         apt@2.8.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2313,7 +2313,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2324,7 +2324,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2335,7 +2335,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2346,7 +2346,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/dirmngr@2.4.4-2ubuntu17.3
                                         
@@ -2355,7 +2355,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg@2.4.4-2ubuntu17.3
                                         
@@ -2364,7 +2364,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         gnupg2/gpg-agent@2.4.4-2ubuntu17.3
                                         
@@ -2415,7 +2415,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2428,7 +2428,7 @@ <h2 class="card__title">Allocation of Resources Without Limits or Throttling</h2
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and glibc/libc-bin@2.39-0ubuntu8.5
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and glibc/libc-bin@2.39-0ubuntu8.5
         
                     </li>
                 </ul>
@@ -2441,7 +2441,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc-bin@2.39-0ubuntu8.5
                                         
@@ -2450,7 +2450,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                             </li>
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         glibc/libc6@2.39-0ubuntu8.5
                                         
@@ -2498,7 +2498,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2512,7 +2512,7 @@ <h2 class="card__title">CVE-2025-0167</h2>
                     <li class="card__meta__item">Introduced through:
         
         
-                                    docker-image|quay.io/argoproj/argocd@v3.1.1, git@1:2.43.0-1ubuntu7.3 and others
+                                    docker-image|quay.io/argoproj/argocd@v3.1.4, git@1:2.43.0-1ubuntu7.3 and others
                     </li>
                 </ul>
         
@@ -2524,7 +2524,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         git@1:2.43.0-1ubuntu7.3
                                          <span class="list-paths__item__arrow">›</span> 
@@ -2579,7 +2579,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                 <ul class="card__meta">
                     <li class="card__meta__item">
-                        Manifest file: quay.io/argoproj/argocd:v3.1.1/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
+                        Manifest file: quay.io/argoproj/argocd:v3.1.4/argoproj/argocd <span class="list-paths__item__arrow">›</span> Dockerfile
                     </li>
                     <li class="card__meta__item">
                         Package Manager: ubuntu:24.04
@@ -2592,7 +2592,7 @@ <h2 class="card__title">Improper Input Validation</h2>
         
                     <li class="card__meta__item">Introduced through:
         
-                                docker-image|quay.io/argoproj/argocd@v3.1.1 and coreutils@9.4-3ubuntu6
+                                docker-image|quay.io/argoproj/argocd@v3.1.4 and coreutils@9.4-3ubuntu6
         
                     </li>
                 </ul>
@@ -2605,7 +2605,7 @@ <h3 class="card__section__title">Detailed paths</h3>
                     <ul class="card__meta__paths">
                                 <li>
                                 <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@v3.1.1
+                                        docker-image|quay.io/argoproj/argocd@v3.1.4
                                          <span class="list-paths__item__arrow">›</span> 
                                         coreutils@9.4-3ubuntu6
                                         

From 7b1d47acd9da0664d0a1a7ecc2d910bdf11eecb4 Mon Sep 17 00:00:00 2001
From: Pavel <aborilov@gmail.com>
Date: Mon, 8 Sep 2025 23:50:23 +0800
Subject: [PATCH 374/383] fix: correct post-delete finalizer removal when
 cluster not found (#24415)

Signed-off-by: Pavel Aborilov <aborilov@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/appcontroller.go            | 2 +-
 pkg/apis/application/v1alpha1/types.go | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/controller/appcontroller.go b/controller/appcontroller.go
index 3e56010358e2b..3277d9e7b2747 100644
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1206,7 +1206,7 @@ func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Applic
 	if err != nil {
 		logCtx.Warnf("Unable to get destination cluster: %v", err)
 		app.UnSetCascadedDeletion()
-		app.UnSetPostDeleteFinalizer()
+		app.UnSetPostDeleteFinalizerAll()
 		if err := ctrl.updateFinalizers(app); err != nil {
 			return err
 		}
diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go
index 293d7965abe68..39cccf322f02a 100644
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -3316,6 +3316,14 @@ func (app *Application) SetPostDeleteFinalizer(stage ...string) {
 	setFinalizer(&app.ObjectMeta, strings.Join(append([]string{PostDeleteFinalizerName}, stage...), "/"), true)
 }
 
+func (app *Application) UnSetPostDeleteFinalizerAll() {
+	for _, finalizer := range app.Finalizers {
+		if strings.HasPrefix(finalizer, PostDeleteFinalizerName) {
+			setFinalizer(&app.ObjectMeta, finalizer, false)
+		}
+	}
+}
+
 func (app *Application) UnSetPostDeleteFinalizer(stage ...string) {
 	setFinalizer(&app.ObjectMeta, strings.Join(append([]string{PostDeleteFinalizerName}, stage...), "/"), false)
 }

From 1f8d63760a788eb6dec0087002b6a102c78e5df5 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Mon, 8 Sep 2025 12:00:22 -0400
Subject: [PATCH 375/383] chore(refactor): simplify hydrator manifest
 generation (#24427)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/hydrator/hydrator.go      | 103 +++++++++++++++------------
 controller/hydrator/hydrator_test.go |   2 +-
 2 files changed, 58 insertions(+), 47 deletions(-)

diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go
index 2170011a5701c..8cb7753c119f5 100644
--- a/controller/hydrator/hydrator.go
+++ b/controller/hydrator/hydrator.go
@@ -202,12 +202,12 @@ func (h *Hydrator) ProcessHydrationQueueItem(hydrationKey types.HydrationQueueKe
 }
 
 func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey types.HydrationQueueKey) ([]*appv1.Application, string, string, error) {
-	relevantApps, err := h.getRelevantAppsForHydration(logCtx, hydrationKey)
+	relevantApps, projects, err := h.getRelevantAppsAndProjectsForHydration(logCtx, hydrationKey)
 	if err != nil {
 		return nil, "", "", fmt.Errorf("failed to get relevant apps for hydration: %w", err)
 	}
 
-	dryRevision, hydratedRevision, err := h.hydrate(logCtx, relevantApps)
+	dryRevision, hydratedRevision, err := h.hydrate(logCtx, relevantApps, projects)
 	if err != nil {
 		return relevantApps, dryRevision, "", fmt.Errorf("failed to hydrate apps: %w", err)
 	}
@@ -215,14 +215,15 @@ func (h *Hydrator) hydrateAppsLatestCommit(logCtx *log.Entry, hydrationKey types
 	return relevantApps, dryRevision, hydratedRevision, nil
 }
 
-func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey types.HydrationQueueKey) ([]*appv1.Application, error) {
+func (h *Hydrator) getRelevantAppsAndProjectsForHydration(logCtx *log.Entry, hydrationKey types.HydrationQueueKey) ([]*appv1.Application, map[string]*appv1.AppProject, error) {
 	// Get all apps
 	apps, err := h.dependencies.GetProcessableApps()
 	if err != nil {
-		return nil, fmt.Errorf("failed to list apps: %w", err)
+		return nil, nil, fmt.Errorf("failed to list apps: %w", err)
 	}
 
 	var relevantApps []*appv1.Application
+	projects := make(map[string]*appv1.AppProject)
 	uniquePaths := make(map[string]bool, len(apps.Items))
 	for _, app := range apps.Items {
 		if app.Spec.SourceHydrator == nil {
@@ -242,9 +243,11 @@ func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey t
 		}
 
 		var proj *appv1.AppProject
+		// We can't short-circuit this even if we have seen this project before, because we need to verify that this
+		// particular app is allowed to use this project. That logic is in GetProcessableAppProj.
 		proj, err = h.dependencies.GetProcessableAppProj(&app)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get project %q for app %q: %w", app.Spec.Project, app.QualifiedName(), err)
+			return nil, nil, fmt.Errorf("failed to get project %q for app %q: %w", app.Spec.Project, app.QualifiedName(), err)
 		}
 		permitted := proj.IsSourcePermitted(app.Spec.GetSource())
 		if !permitted {
@@ -252,70 +255,41 @@ func (h *Hydrator) getRelevantAppsForHydration(logCtx *log.Entry, hydrationKey t
 			logCtx.Warnf("App %q is not permitted to use source %q", app.QualifiedName(), app.Spec.Source.String())
 			continue
 		}
+		projects[app.Spec.Project] = proj
 
 		// TODO: test the dupe detection
 		// TODO: normalize the path to avoid "path/.." from being treated as different from "."
 		if _, ok := uniquePaths[app.Spec.SourceHydrator.SyncSource.Path]; ok {
-			return nil, fmt.Errorf("multiple app hydrators use the same destination: %v", app.Spec.SourceHydrator.SyncSource.Path)
+			return nil, nil, fmt.Errorf("multiple app hydrators use the same destination: %v", app.Spec.SourceHydrator.SyncSource.Path)
 		}
 		uniquePaths[app.Spec.SourceHydrator.SyncSource.Path] = true
 
 		relevantApps = append(relevantApps, &app)
 	}
-	return relevantApps, nil
+	return relevantApps, projects, nil
 }
 
-func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string, string, error) {
+func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application, projects map[string]*appv1.AppProject) (string, string, error) {
 	if len(apps) == 0 {
 		return "", "", nil
 	}
+
+	// These values are the same for all apps being hydrated together, so just get them from the first app.
 	repoURL := apps[0].Spec.SourceHydrator.DrySource.RepoURL
 	syncBranch := apps[0].Spec.SourceHydrator.SyncSource.TargetBranch
 	targetBranch := apps[0].Spec.GetHydrateToSource().TargetRevision
+
 	var paths []*commitclient.PathDetails
-	projects := make(map[string]bool, len(apps))
 	var targetRevision string
+	var err error
 	// TODO: parallelize this loop
 	for _, app := range apps {
-		project, err := h.dependencies.GetProcessableAppProj(app)
-		if err != nil {
-			return "", "", fmt.Errorf("failed to get project: %w", err)
-		}
-		projects[project.Name] = true
-		drySource := appv1.ApplicationSource{
-			RepoURL:        app.Spec.SourceHydrator.DrySource.RepoURL,
-			Path:           app.Spec.SourceHydrator.DrySource.Path,
-			TargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
-		}
-		if targetRevision == "" {
-			targetRevision = app.Spec.SourceHydrator.DrySource.TargetRevision
-		}
-
-		// TODO: enable signature verification
-		objs, resp, err := h.dependencies.GetRepoObjs(context.Background(), app, drySource, targetRevision, project)
+		var pathDetails *commitclient.PathDetails
+		targetRevision, pathDetails, err = h.getManifests(context.Background(), app, targetRevision, projects[app.Spec.Project])
 		if err != nil {
-			return "", "", fmt.Errorf("failed to get repo objects for app %q: %w", app.QualifiedName(), err)
-		}
-
-		// This should be the DRY SHA. We set it here so that after processing the first app, all apps are hydrated
-		// using the same SHA.
-		targetRevision = resp.Revision
-
-		// Set up a ManifestsRequest
-		manifestDetails := make([]*commitclient.HydratedManifestDetails, len(objs))
-		for i, obj := range objs {
-			objJSON, err := json.Marshal(obj)
-			if err != nil {
-				return "", "", fmt.Errorf("failed to marshal object: %w", err)
-			}
-			manifestDetails[i] = &commitclient.HydratedManifestDetails{ManifestJSON: string(objJSON)}
+			return "", "", fmt.Errorf("failed to get manifests for app %q: %w", app.QualifiedName(), err)
 		}
-
-		paths = append(paths, &commitclient.PathDetails{
-			Path:      app.Spec.SourceHydrator.SyncSource.Path,
-			Manifests: manifestDetails,
-			Commands:  resp.Commands,
-		})
+		paths = append(paths, pathDetails)
 	}
 
 	// If all the apps are under the same project, use that project. Otherwise, use an empty string to indicate that we
@@ -376,6 +350,43 @@ func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application) (string
 	return targetRevision, resp.HydratedSha, nil
 }
 
+// getManifests gets the manifests for the given application and target revision. It returns the resolved revision
+// (a git SHA), and path details for the commit server.
+//
+// If the given target revision is empty, it uses the target revision from the app dry source spec.
+func (h *Hydrator) getManifests(ctx context.Context, app *appv1.Application, targetRevision string, project *appv1.AppProject) (revision string, pathDetails *commitclient.PathDetails, err error) {
+	drySource := appv1.ApplicationSource{
+		RepoURL:        app.Spec.SourceHydrator.DrySource.RepoURL,
+		Path:           app.Spec.SourceHydrator.DrySource.Path,
+		TargetRevision: app.Spec.SourceHydrator.DrySource.TargetRevision,
+	}
+	if targetRevision == "" {
+		targetRevision = app.Spec.SourceHydrator.DrySource.TargetRevision
+	}
+
+	// TODO: enable signature verification
+	objs, resp, err := h.dependencies.GetRepoObjs(ctx, app, drySource, targetRevision, project)
+	if err != nil {
+		return "", nil, fmt.Errorf("failed to get repo objects for app %q: %w", app.QualifiedName(), err)
+	}
+
+	// Set up a ManifestsRequest
+	manifestDetails := make([]*commitclient.HydratedManifestDetails, len(objs))
+	for i, obj := range objs {
+		objJSON, err := json.Marshal(obj)
+		if err != nil {
+			return "", nil, fmt.Errorf("failed to marshal object: %w", err)
+		}
+		manifestDetails[i] = &commitclient.HydratedManifestDetails{ManifestJSON: string(objJSON)}
+	}
+
+	return resp.Revision, &commitclient.PathDetails{
+		Path:      app.Spec.SourceHydrator.SyncSource.Path,
+		Manifests: manifestDetails,
+		Commands:  resp.Commands,
+	}, nil
+}
+
 func (h *Hydrator) getRevisionMetadata(ctx context.Context, repoURL, project, revision string) (*appv1.RevisionMetadata, error) {
 	repo, err := h.repoGetter.GetRepository(ctx, repoURL, project)
 	if err != nil {
diff --git a/controller/hydrator/hydrator_test.go b/controller/hydrator/hydrator_test.go
index f7587afdf8d55..4fb1b851526f7 100644
--- a/controller/hydrator/hydrator_test.go
+++ b/controller/hydrator/hydrator_test.go
@@ -169,7 +169,7 @@ func Test_getRelevantAppsForHydration_RepoURLNormalization(t *testing.T) {
 	}
 
 	logCtx := log.WithField("test", "RepoURLNormalization")
-	relevantApps, err := hydrator.getRelevantAppsForHydration(logCtx, hydrationKey)
+	relevantApps, _, err := hydrator.getRelevantAppsAndProjectsForHydration(logCtx, hydrationKey)
 
 	require.NoError(t, err)
 	assert.Len(t, relevantApps, 2, "Expected both apps to be considered relevant despite URL differences")

From b27a82028a64c77682a33842f90e44f0cdd92254 Mon Sep 17 00:00:00 2001
From: Nitish Kumar <justnitish06@gmail.com>
Date: Tue, 9 Sep 2025 01:17:17 +0530
Subject: [PATCH 376/383] fix: change the appset namespace to server namespace
 when generating appset (#23900)

Signed-off-by: nitishfy <justnitish06@gmail.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 applicationset/generators/git.go             | 12 ++--
 applicationset/generators/utils.go           | 10 +--
 server/applicationset/applicationset.go      | 23 ++++--
 server/applicationset/applicationset_test.go | 75 ++++++++++++++++++--
 4 files changed, 99 insertions(+), 21 deletions(-)

diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go
index 8d92e3dc30154..76cc557f382a3 100644
--- a/applicationset/generators/git.go
+++ b/applicationset/generators/git.go
@@ -29,10 +29,10 @@ type GitGenerator struct {
 }
 
 // NewGitGenerator creates a new instance of Git Generator
-func NewGitGenerator(repos services.Repos, namespace string) Generator {
+func NewGitGenerator(repos services.Repos, controllerNamespace string) Generator {
 	g := &GitGenerator{
 		repos:     repos,
-		namespace: namespace,
+		namespace: controllerNamespace,
 	}
 
 	return g
@@ -78,11 +78,11 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic
 	if !strings.Contains(appSet.Spec.Template.Spec.Project, "{{") {
 		project := appSet.Spec.Template.Spec.Project
 		appProject := &argoprojiov1alpha1.AppProject{}
-		namespace := g.namespace
-		if namespace == "" {
-			namespace = appSet.Namespace
+		controllerNamespace := g.namespace
+		if controllerNamespace == "" {
+			controllerNamespace = appSet.Namespace
 		}
-		if err := client.Get(context.TODO(), types.NamespacedName{Name: project, Namespace: namespace}, appProject); err != nil {
+		if err := client.Get(context.TODO(), types.NamespacedName{Name: project, Namespace: controllerNamespace}, appProject); err != nil {
 			return nil, fmt.Errorf("error getting project %s: %w", project, err)
 		}
 		// we need to verify the signature on the Git revision if GPG is enabled
diff --git a/applicationset/generators/utils.go b/applicationset/generators/utils.go
index 23258234acae0..43d2b345eda25 100644
--- a/applicationset/generators/utils.go
+++ b/applicationset/generators/utils.go
@@ -10,15 +10,15 @@ import (
 	"github.com/argoproj/argo-cd/v3/applicationset/services"
 )
 
-func GetGenerators(ctx context.Context, c client.Client, k8sClient kubernetes.Interface, namespace string, argoCDService services.Repos, dynamicClient dynamic.Interface, scmConfig SCMConfig) map[string]Generator {
+func GetGenerators(ctx context.Context, c client.Client, k8sClient kubernetes.Interface, controllerNamespace string, argoCDService services.Repos, dynamicClient dynamic.Interface, scmConfig SCMConfig) map[string]Generator {
 	terminalGenerators := map[string]Generator{
 		"List":                    NewListGenerator(),
-		"Clusters":                NewClusterGenerator(ctx, c, k8sClient, namespace),
-		"Git":                     NewGitGenerator(argoCDService, namespace),
+		"Clusters":                NewClusterGenerator(ctx, c, k8sClient, controllerNamespace),
+		"Git":                     NewGitGenerator(argoCDService, controllerNamespace),
 		"SCMProvider":             NewSCMProviderGenerator(c, scmConfig),
-		"ClusterDecisionResource": NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace),
+		"ClusterDecisionResource": NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, controllerNamespace),
 		"PullRequest":             NewPullRequestGenerator(c, scmConfig),
-		"Plugin":                  NewPluginGenerator(c, namespace),
+		"Plugin":                  NewPluginGenerator(c, controllerNamespace),
 	}
 
 	nestedGenerators := map[string]Generator{
diff --git a/server/applicationset/applicationset.go b/server/applicationset/applicationset.go
index 8cdf96b214f1a..57bab3b30c4ff 100644
--- a/server/applicationset/applicationset.go
+++ b/server/applicationset/applicationset.go
@@ -200,7 +200,7 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre
 	}
 
 	if q.GetDryRun() {
-		apps, err := s.generateApplicationSetApps(ctx, log.WithField("applicationset", appset.Name), *appset, namespace)
+		apps, err := s.generateApplicationSetApps(ctx, log.WithField("applicationset", appset.Name), *appset)
 		if err != nil {
 			return nil, fmt.Errorf("unable to generate Applications of ApplicationSet: %w", err)
 		}
@@ -260,12 +260,12 @@ func (s *Server) Create(ctx context.Context, q *applicationset.ApplicationSetCre
 	return updated, nil
 }
 
-func (s *Server) generateApplicationSetApps(ctx context.Context, logEntry *log.Entry, appset v1alpha1.ApplicationSet, namespace string) ([]v1alpha1.Application, error) {
+func (s *Server) generateApplicationSetApps(ctx context.Context, logEntry *log.Entry, appset v1alpha1.ApplicationSet) ([]v1alpha1.Application, error) {
 	argoCDDB := s.db
 
 	scmConfig := generators.NewSCMConfig(s.ScmRootCAPath, s.AllowedScmProviders, s.EnableScmProviders, s.EnableGitHubAPIMetrics, github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB)), true)
 	argoCDService := services.NewArgoCDService(s.db, s.GitSubmoduleEnabled, s.repoClientSet, s.EnableNewGitFileGlobbing)
-	appSetGenerators := generators.GetGenerators(ctx, s.client, s.k8sClient, namespace, argoCDService, s.dynamicClient, scmConfig)
+	appSetGenerators := generators.GetGenerators(ctx, s.client, s.k8sClient, s.ns, argoCDService, s.dynamicClient, scmConfig)
 
 	apps, _, err := appsettemplate.GenerateApplications(logEntry, appset, appSetGenerators, &appsetutils.Render{}, s.client)
 	if err != nil {
@@ -363,11 +363,15 @@ func (s *Server) Generate(ctx context.Context, q *applicationset.ApplicationSetG
 	if appset == nil {
 		return nil, errors.New("error creating ApplicationSets: ApplicationSets is nil in request")
 	}
-	namespace := s.appsetNamespaceOrDefault(appset.Namespace)
 
+	// The RBAC check needs to be performed against the appset namespace
+	// However, when trying to generate params, the server namespace needs
+	// to be passed.
+	namespace := s.appsetNamespaceOrDefault(appset.Namespace)
 	if !s.isNamespaceEnabled(namespace) {
 		return nil, security.NamespaceNotPermittedError(namespace)
 	}
+
 	projectName, err := s.validateAppSet(appset)
 	if err != nil {
 		return nil, fmt.Errorf("error validating ApplicationSets: %w", err)
@@ -380,7 +384,16 @@ func (s *Server) Generate(ctx context.Context, q *applicationset.ApplicationSetG
 	logger := log.New()
 	logger.SetOutput(logs)
 
-	apps, err := s.generateApplicationSetApps(ctx, logger.WithField("applicationset", appset.Name), *appset, namespace)
+	// The server namespace will be used in the function
+	// since this is the exact namespace that is being used
+	// to generate parameters (especially for git generator).
+	//
+	// In case of Git generator, if the namespace is set to
+	// appset namespace, we'll look for a project in the appset
+	// namespace that would lead to error when generating params
+	// for an appset in any namespace feature.
+	// See https://github.com/argoproj/argo-cd/issues/22942
+	apps, err := s.generateApplicationSetApps(ctx, logger.WithField("applicationset", appset.Name), *appset)
 	if err != nil {
 		return nil, fmt.Errorf("unable to generate Applications of ApplicationSet: %w\n%s", err, logs.String())
 	}
diff --git a/server/applicationset/applicationset_test.go b/server/applicationset/applicationset_test.go
index f0f21a2b79e48..aa610f8cd0700 100644
--- a/server/applicationset/applicationset_test.go
+++ b/server/applicationset/applicationset_test.go
@@ -4,6 +4,9 @@ import (
 	"sort"
 	"testing"
 
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	cr_fake "sigs.k8s.io/controller-runtime/pkg/client/fake"
+
 	"github.com/argoproj/gitops-engine/pkg/health"
 	"github.com/argoproj/pkg/v2/sync"
 	"github.com/stretchr/testify/assert"
@@ -50,7 +53,7 @@ func fakeCluster() *appsv1.Cluster {
 }
 
 // return an ApplicationServiceServer which returns fake data
-func newTestAppSetServer(t *testing.T, objects ...runtime.Object) *Server {
+func newTestAppSetServer(t *testing.T, objects ...client.Object) *Server {
 	t.Helper()
 	f := func(enf *rbac.Enforcer) {
 		_ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV)
@@ -61,7 +64,7 @@ func newTestAppSetServer(t *testing.T, objects ...runtime.Object) *Server {
 }
 
 // return an ApplicationServiceServer which returns fake data
-func newTestNamespacedAppSetServer(t *testing.T, objects ...runtime.Object) *Server {
+func newTestNamespacedAppSetServer(t *testing.T, objects ...client.Object) *Server {
 	t.Helper()
 	f := func(enf *rbac.Enforcer) {
 		_ = enf.SetBuiltinPolicy(assets.BuiltinPolicyCSV)
@@ -71,7 +74,7 @@ func newTestNamespacedAppSetServer(t *testing.T, objects ...runtime.Object) *Ser
 	return newTestAppSetServerWithEnforcerConfigure(t, f, scopedNamespaces, objects...)
 }
 
-func newTestAppSetServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforcer), namespace string, objects ...runtime.Object) *Server {
+func newTestAppSetServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforcer), namespace string, objects ...client.Object) *Server {
 	t.Helper()
 	kubeclientset := fake.NewClientset(&corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
@@ -115,7 +118,11 @@ func newTestAppSetServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforce
 
 	objects = append(objects, defaultProj, myProj)
 
-	fakeAppsClientset := apps.NewSimpleClientset(objects...)
+	runtimeObjects := make([]runtime.Object, len(objects))
+	for i := range objects {
+		runtimeObjects[i] = objects[i]
+	}
+	fakeAppsClientset := apps.NewSimpleClientset(runtimeObjects...)
 	factory := appinformer.NewSharedInformerFactoryWithOptions(fakeAppsClientset, 0, appinformer.WithNamespace(namespace), appinformer.WithTweakListOptions(func(_ *metav1.ListOptions) {}))
 	fakeProjLister := factory.Argoproj().V1alpha1().AppProjects().Lister().AppProjects(testNamespace)
 
@@ -138,6 +145,13 @@ func newTestAppSetServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforce
 		panic("Timed out waiting for caches to sync")
 	}
 
+	scheme := runtime.NewScheme()
+	err = appsv1.AddToScheme(scheme)
+	require.NoError(t, err)
+	err = corev1.AddToScheme(scheme)
+	require.NoError(t, err)
+	crClient := cr_fake.NewClientBuilder().WithScheme(scheme).WithObjects(objects...).Build()
+
 	projInformer := factory.Argoproj().V1alpha1().AppProjects().Informer()
 	go projInformer.Run(ctx.Done())
 	if !k8scache.WaitForCacheSync(ctx.Done(), projInformer.HasSynced) {
@@ -148,7 +162,7 @@ func newTestAppSetServerWithEnforcerConfigure(t *testing.T, f func(*rbac.Enforce
 		db,
 		kubeclientset,
 		nil,
-		nil,
+		crClient,
 		enforcer,
 		nil,
 		fakeAppsClientset,
@@ -640,3 +654,54 @@ func TestResourceTree(t *testing.T) {
 		assert.EqualError(t, err, "namespace 'NOT-ALLOWED' is not permitted")
 	})
 }
+
+func TestAppSet_Generate_Cluster(t *testing.T) {
+	appSet1 := newTestAppSet(func(appset *appsv1.ApplicationSet) {
+		appset.Name = "AppSet1"
+		appset.Spec.Template.Name = "{{name}}"
+		appset.Spec.Generators = []appsv1.ApplicationSetGenerator{
+			{
+				Clusters: &appsv1.ClusterGenerator{},
+			},
+		}
+	})
+
+	t.Run("Generate in default namespace", func(t *testing.T) {
+		appSetServer := newTestAppSetServer(t, appSet1)
+		appsetQuery := applicationset.ApplicationSetGenerateRequest{
+			ApplicationSet: appSet1,
+		}
+
+		res, err := appSetServer.Generate(t.Context(), &appsetQuery)
+		require.NoError(t, err)
+		require.Len(t, res.Applications, 2)
+		assert.Equal(t, "fake-cluster", res.Applications[0].Name)
+		assert.Equal(t, "in-cluster", res.Applications[1].Name)
+	})
+
+	t.Run("Generate in different namespace", func(t *testing.T) {
+		appSetServer := newTestAppSetServer(t, appSet1)
+
+		appSet1Ns := appSet1.DeepCopy()
+		appSet1Ns.Namespace = "external-namespace"
+		appsetQuery := applicationset.ApplicationSetGenerateRequest{ApplicationSet: appSet1Ns}
+
+		res, err := appSetServer.Generate(t.Context(), &appsetQuery)
+		require.NoError(t, err)
+		require.Len(t, res.Applications, 2)
+		assert.Equal(t, "fake-cluster", res.Applications[0].Name)
+		assert.Equal(t, "in-cluster", res.Applications[1].Name)
+	})
+
+	t.Run("Generate in not allowed namespace", func(t *testing.T) {
+		appSetServer := newTestAppSetServer(t, appSet1)
+
+		appSet1Ns := appSet1.DeepCopy()
+		appSet1Ns.Namespace = "NOT-ALLOWED"
+
+		appsetQuery := applicationset.ApplicationSetGenerateRequest{ApplicationSet: appSet1Ns}
+
+		_, err := appSetServer.Generate(t.Context(), &appsetQuery)
+		assert.EqualError(t, err, "namespace 'NOT-ALLOWED' is not permitted")
+	})
+}

From c5b9d885195d0f65271ee06aac2e8ace5b60f797 Mon Sep 17 00:00:00 2001
From: Peter Jiang <35584807+pjiang-dev@users.noreply.github.com>
Date: Mon, 8 Sep 2025 13:06:51 -0700
Subject: [PATCH 377/383] chore: bump k8s 1.34 (#24405)

Signed-off-by: Peter Jiang <peterjiang823@gmail.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod                                        | 106 +++++++++---------
 go.sum                                        |  93 ++++++++-------
 hack/update-codegen.sh                        |   2 +-
 notifications_catalog/install.yaml            |   1 -
 util/argo/managedfields/managed_fields.go     |   4 +-
 util/argo/normalizers/corev1_known_types.go   |  18 +++
 util/argo/normalizers/diffing_known_types.txt |   6 +
 7 files changed, 125 insertions(+), 105 deletions(-)

diff --git a/go.mod b/go.mod
index cd9b35c5ee1b5..dc642471f73e2 100644
--- a/go.mod
+++ b/go.mod
@@ -12,8 +12,8 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/TomOnTime/utfutil v1.0.0
 	github.com/alicebob/miniredis/v2 v2.35.0
-	github.com/argoproj/gitops-engine v0.7.1-0.20250902195153-dab4cc0b8ad1
-	github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7
+	github.com/argoproj/gitops-engine v0.7.1-0.20250908182407-97ad5b59a627
+	github.com/argoproj/notifications-engine v0.4.1-0.20250908182349-da04400446ff
 	github.com/argoproj/pkg v0.13.6
 	github.com/argoproj/pkg/v2 v2.0.1
 	github.com/aws/aws-sdk-go v1.55.7
@@ -102,19 +102,19 @@ require (
 	google.golang.org/protobuf v1.36.8
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.33.1
-	k8s.io/apiextensions-apiserver v0.33.1
-	k8s.io/apimachinery v0.33.1
-	k8s.io/client-go v0.33.1
-	k8s.io/code-generator v0.33.1
+	k8s.io/api v0.34.0
+	k8s.io/apiextensions-apiserver v0.34.0
+	k8s.io/apimachinery v0.34.0
+	k8s.io/client-go v0.34.0
+	k8s.io/code-generator v0.34.0
 	k8s.io/klog/v2 v2.130.1
-	k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e
-	k8s.io/kubectl v0.33.1
+	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b
+	k8s.io/kubectl v0.34.0
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
 	layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427
 	oras.land/oras-go/v2 v2.6.0
 	sigs.k8s.io/controller-runtime v0.21.0
-	sigs.k8s.io/structured-merge-diff/v4 v4.7.0
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.0
 	sigs.k8s.io/yaml v1.6.0
 )
 
@@ -174,7 +174,7 @@ require (
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
@@ -227,7 +227,7 @@ require (
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
@@ -283,18 +283,18 @@ require (
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	k8s.io/apiserver v0.33.1 // indirect
-	k8s.io/cli-runtime v0.33.1 // indirect
-	k8s.io/component-base v0.33.1 // indirect
-	k8s.io/component-helpers v0.33.1 // indirect
-	k8s.io/controller-manager v0.33.1 // indirect
+	k8s.io/apiserver v0.34.0 // indirect
+	k8s.io/cli-runtime v0.34.0 // indirect
+	k8s.io/component-base v0.34.0 // indirect
+	k8s.io/component-helpers v0.34.0 // indirect
+	k8s.io/controller-manager v0.34.0 // indirect
 	k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f // indirect
-	k8s.io/kube-aggregator v0.33.1 // indirect
-	k8s.io/kubernetes v1.33.1 // indirect
+	k8s.io/kube-aggregator v0.34.0 // indirect
+	k8s.io/kubernetes v1.34.0 // indirect
 	nhooyr.io/websocket v1.8.7 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
-	sigs.k8s.io/kustomize/api v0.19.0 // indirect
-	sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
+	sigs.k8s.io/kustomize/api v0.20.1 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 )
 
@@ -309,36 +309,36 @@ replace (
 	// Avoid CVE-2022-28948
 	gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
 
-	k8s.io/api => k8s.io/api v0.33.1
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.33.1
-	k8s.io/apimachinery => k8s.io/apimachinery v0.33.1
-	k8s.io/apiserver => k8s.io/apiserver v0.33.1
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.33.1
-	k8s.io/client-go => k8s.io/client-go v0.33.1
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.33.1
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.33.1
-	k8s.io/code-generator => k8s.io/code-generator v0.33.1
-	k8s.io/component-base => k8s.io/component-base v0.33.1
-	k8s.io/component-helpers => k8s.io/component-helpers v0.33.1
-	k8s.io/controller-manager => k8s.io/controller-manager v0.33.1
-	k8s.io/cri-api => k8s.io/cri-api v0.33.1
-	k8s.io/cri-client => k8s.io/cri-client v0.33.1
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.33.1
-	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.33.1
-	k8s.io/endpointslice => k8s.io/endpointslice v0.33.1
-	k8s.io/externaljwt => k8s.io/externaljwt v0.33.1
-	k8s.io/kms => k8s.io/kms v0.33.1
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.33.1
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.33.1
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.33.1
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.33.1
-	k8s.io/kubectl => k8s.io/kubectl v0.33.1
-	k8s.io/kubelet => k8s.io/kubelet v0.33.1
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.33.1
-	k8s.io/metrics => k8s.io/metrics v0.33.1
-	k8s.io/mount-utils => k8s.io/mount-utils v0.33.1
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.33.1
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.33.1
-	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.33.1
-	k8s.io/sample-controller => k8s.io/sample-controller v0.33.1
+	k8s.io/api => k8s.io/api v0.34.0
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.34.0
+	k8s.io/apimachinery => k8s.io/apimachinery v0.34.0
+	k8s.io/apiserver => k8s.io/apiserver v0.34.0
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.34.0
+	k8s.io/client-go => k8s.io/client-go v0.34.0
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.34.0
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.34.0
+	k8s.io/code-generator => k8s.io/code-generator v0.34.0
+	k8s.io/component-base => k8s.io/component-base v0.34.0
+	k8s.io/component-helpers => k8s.io/component-helpers v0.34.0
+	k8s.io/controller-manager => k8s.io/controller-manager v0.34.0
+	k8s.io/cri-api => k8s.io/cri-api v0.34.0
+	k8s.io/cri-client => k8s.io/cri-client v0.34.0
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.34.0
+	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.34.0
+	k8s.io/endpointslice => k8s.io/endpointslice v0.34.0
+	k8s.io/externaljwt => k8s.io/externaljwt v0.34.0
+	k8s.io/kms => k8s.io/kms v0.34.0
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.34.0
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.34.0
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.34.0
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.34.0
+	k8s.io/kubectl => k8s.io/kubectl v0.34.0
+	k8s.io/kubelet => k8s.io/kubelet v0.34.0
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.34.0
+	k8s.io/metrics => k8s.io/metrics v0.34.0
+	k8s.io/mount-utils => k8s.io/mount-utils v0.34.0
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.34.0
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.34.0
+	k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.34.0
+	k8s.io/sample-controller => k8s.io/sample-controller v0.34.0
 )
diff --git a/go.sum b/go.sum
index 55fa09ba9f842..37820091b1ac8 100644
--- a/go.sum
+++ b/go.sum
@@ -113,10 +113,10 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE=
-github.com/argoproj/gitops-engine v0.7.1-0.20250902195153-dab4cc0b8ad1 h1:hScjnyzYqKBK4Dp/CLl46yK7GxWc5bHIxh4ndydNTGs=
-github.com/argoproj/gitops-engine v0.7.1-0.20250902195153-dab4cc0b8ad1/go.mod h1:aIBEG3ohgaC1gh/sw2On6knkSnXkqRLDoBj234Dqczw=
-github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7 h1:DwrJWH9kySJgaJ6n5U543QSeFTNdMHDz5Iy+goyfQUw=
-github.com/argoproj/notifications-engine v0.4.1-0.20250710034121-3ec18d4536a7/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
+github.com/argoproj/gitops-engine v0.7.1-0.20250908182407-97ad5b59a627 h1:yntvA+uaFz62HRfWGGwlvs4ErdxoLQjCpDXufdEt2FI=
+github.com/argoproj/gitops-engine v0.7.1-0.20250908182407-97ad5b59a627/go.mod h1:yJ3t/GRn9Gx2LEyMrh9X0roL7zzVlk3nvuJt6G1o6jI=
+github.com/argoproj/notifications-engine v0.4.1-0.20250908182349-da04400446ff h1:pGGAeHIktPuYCRl1Z540XdxPFnedqyUhJK4VgpyJZfY=
+github.com/argoproj/notifications-engine v0.4.1-0.20250908182349-da04400446ff/go.mod h1:d1RazGXWvKRFv9//rg4MRRR7rbvbE7XLgTSMT5fITTE=
 github.com/argoproj/pkg v0.13.6 h1:36WPD9MNYECHcO1/R1pj6teYspiK7uMQLCgLGft2abM=
 github.com/argoproj/pkg v0.13.6/go.mod h1:I698DoJBKuvNFaixh4vFl2C88cNIT1WS7KCbz5ewyF8=
 github.com/argoproj/pkg/v2 v2.0.1 h1:O/gCETzB/3+/hyFL/7d/VM/6pSOIRWIiBOTb2xqAHvc=
@@ -276,9 +276,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
-github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
+github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68 h1:iJXWkoIPk3e8RVHhQE/gXfP2TP3OLQ9vVPNSJ+oL6mM=
 github.com/gfleury/go-bitbucket-v1 v0.0.0-20240917142304-df385efaac68/go.mod h1:bB7XwdZF40tLVnu9n5A9TjI2ddNZtLYImtwYwmcmnRo=
 github.com/gfleury/go-bitbucket-v1/test/bb-mock-server v0.0.0-20230825095122-9bc1711434ab h1:BeG9dDWckFi/p5Gvqq3wTEDXsUV4G6bdvjEHMOT2B8E=
@@ -421,7 +420,6 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
 github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
 github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -657,8 +655,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8=
+github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
 github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
 github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
@@ -848,6 +847,7 @@ github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
 github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -942,6 +942,7 @@ go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1399,27 +1400,26 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.33.1 h1:tA6Cf3bHnLIrUK4IqEgb2v++/GYUtqiu9sRVk3iBXyw=
-k8s.io/api v0.33.1/go.mod h1:87esjTn9DRSRTD4fWMXamiXxJhpOIREjWOSjsW1kEHw=
-k8s.io/apiextensions-apiserver v0.33.1 h1:N7ccbSlRN6I2QBcXevB73PixX2dQNIW0ZRuguEE91zI=
-k8s.io/apiextensions-apiserver v0.33.1/go.mod h1:uNQ52z1A1Gu75QSa+pFK5bcXc4hq7lpOXbweZgi4dqA=
-k8s.io/apimachinery v0.33.1 h1:mzqXWV8tW9Rw4VeW9rEkqvnxj59k1ezDUl20tFK/oM4=
-k8s.io/apimachinery v0.33.1/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
-k8s.io/apiserver v0.33.1 h1:yLgLUPDVC6tHbNcw5uE9mo1T6ELhJj7B0geifra3Qdo=
-k8s.io/apiserver v0.33.1/go.mod h1:VMbE4ArWYLO01omz+k8hFjAdYfc3GVAYPrhP2tTKccs=
-k8s.io/cli-runtime v0.33.1 h1:TvpjEtF71ViFmPeYMj1baZMJR4iWUEplklsUQ7D3quA=
-k8s.io/cli-runtime v0.33.1/go.mod h1:9dz5Q4Uh8io4OWCLiEf/217DXwqNgiTS/IOuza99VZE=
-k8s.io/client-go v0.33.1 h1:ZZV/Ks2g92cyxWkRRnfUDsnhNn28eFpt26aGc8KbXF4=
-k8s.io/client-go v0.33.1/go.mod h1:JAsUrl1ArO7uRVFWfcj6kOomSlCv+JpvIsp6usAGefA=
-k8s.io/code-generator v0.33.1 h1:ZLzIRdMsh3Myfnx9BaooX6iQry29UJjVfVG+BuS+UMw=
-k8s.io/code-generator v0.33.1/go.mod h1:HUKT7Ubp6bOgIbbaPIs9lpd2Q02uqkMCMx9/GjDrWpY=
-k8s.io/component-base v0.33.1 h1:EoJ0xA+wr77T+G8p6T3l4efT2oNwbqBVKR71E0tBIaI=
-k8s.io/component-base v0.33.1/go.mod h1:guT/w/6piyPfTgq7gfvgetyXMIh10zuXA6cRRm3rDuY=
-k8s.io/component-helpers v0.33.1 h1:DdQMww8jOr+sGhIrkz70Lp9Qerq/JzeZDBRd508DHDo=
-k8s.io/component-helpers v0.33.1/go.mod h1:LQwxW5L3dH7341Unj+phndJu0Ic5UjxA//7FT8YVP5U=
-k8s.io/controller-manager v0.33.1 h1:ZYTzGp2f9TVhHCvrgSQtc367yR+D3UditkHDHCZc2GU=
-k8s.io/controller-manager v0.33.1/go.mod h1:p1yW7I5NFIuhXvSW9Wa/MdN3oIqXd2DRDgacb/hcUF0=
-k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
+k8s.io/api v0.34.0 h1:L+JtP2wDbEYPUeNGbeSa/5GwFtIA662EmT2YSLOkAVE=
+k8s.io/api v0.34.0/go.mod h1:YzgkIzOOlhl9uwWCZNqpw6RJy9L2FK4dlJeayUoydug=
+k8s.io/apiextensions-apiserver v0.34.0 h1:B3hiB32jV7BcyKcMU5fDaDxk882YrJ1KU+ZSkA9Qxoc=
+k8s.io/apiextensions-apiserver v0.34.0/go.mod h1:hLI4GxE1BDBy9adJKxUxCEHBGZtGfIg98Q+JmTD7+g0=
+k8s.io/apimachinery v0.34.0 h1:eR1WO5fo0HyoQZt1wdISpFDffnWOvFLOOeJ7MgIv4z0=
+k8s.io/apimachinery v0.34.0/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw=
+k8s.io/apiserver v0.34.0 h1:Z51fw1iGMqN7uJ1kEaynf2Aec1Y774PqU+FVWCFV3Jg=
+k8s.io/apiserver v0.34.0/go.mod h1:52ti5YhxAvewmmpVRqlASvaqxt0gKJxvCeW7ZrwgazQ=
+k8s.io/cli-runtime v0.34.0 h1:N2/rUlJg6TMEBgtQ3SDRJwa8XyKUizwjlOknT1mB2Cw=
+k8s.io/cli-runtime v0.34.0/go.mod h1:t/skRecS73Piv+J+FmWIQA2N2/rDjdYSQzEE67LUUs8=
+k8s.io/client-go v0.34.0 h1:YoWv5r7bsBfb0Hs2jh8SOvFbKzzxyNo0nSb0zC19KZo=
+k8s.io/client-go v0.34.0/go.mod h1:ozgMnEKXkRjeMvBZdV1AijMHLTh3pbACPvK7zFR+QQY=
+k8s.io/code-generator v0.34.0 h1:Ze2i1QsvUprIlX3oHiGv09BFQRLCz+StA8qKwwFzees=
+k8s.io/code-generator v0.34.0/go.mod h1:Py2+4w2HXItL8CGhks8uI/wS3Y93wPKO/9mBQUYNua0=
+k8s.io/component-base v0.34.0 h1:bS8Ua3zlJzapklsB1dZgjEJuJEeHjj8yTu1gxE2zQX8=
+k8s.io/component-base v0.34.0/go.mod h1:RSCqUdvIjjrEm81epPcjQ/DS+49fADvGSCkIP3IC6vg=
+k8s.io/component-helpers v0.34.0 h1:5T7P9XGMoUy1JDNKzHf0p/upYbeUf8ZaSf9jbx0QlIo=
+k8s.io/component-helpers v0.34.0/go.mod h1:kaOyl5tdtnymriYcVZg4uwDBe2d1wlIpXyDkt6sVnt4=
+k8s.io/controller-manager v0.34.0 h1:oCHoqS8dcFp7zDSu7HUvTpakq3isSxil3GprGGlJMsE=
+k8s.io/controller-manager v0.34.0/go.mod h1:XFto21U+Mm9BT8r/Jd5E4tHCGtwjKAUFOuDcqaj2VK0=
 k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f h1:SLb+kxmzfA87x4E4brQzB33VBbT2+x7Zq9ROIHmGn9Q=
 k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f/go.mod h1:EJykeLsmFC60UQbYJezXkEsG2FLrt0GPNkU5iK5GWxU=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
@@ -1427,17 +1427,15 @@ k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-aggregator v0.33.1 h1:PigQUqAvd6Y4hBjQAqhKz3lEJC2VHLL4bSOEuS06a40=
-k8s.io/kube-aggregator v0.33.1/go.mod h1:16/wlU5Lj7hNJSv7JSu5FLvxyrgiJVLCHzfVoECAsuI=
-k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
-k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e h1:UGI9rv1A2cV87NhXr4s+AUBxIuoo/SME/IyJ3b6KztE=
-k8s.io/kube-openapi v0.0.0-20250627150254-e9823e99808e/go.mod h1:GLOk5B+hDbRROvt0X2+hqX64v/zO3vXN7J78OUmBSKw=
-k8s.io/kubectl v0.33.1 h1:OJUXa6FV5bap6iRy345ezEjU9dTLxqv1zFTVqmeHb6A=
-k8s.io/kubectl v0.33.1/go.mod h1:Z07pGqXoP4NgITlPRrnmiM3qnoo1QrK1zjw85Aiz8J0=
-k8s.io/kubernetes v1.33.1 h1:86+VVY/f11taZdpEZrNciLw1MIQhu6BFXf/OMFn5EUg=
-k8s.io/kubernetes v1.33.1/go.mod h1:2nWuPk0seE4+6sd0x60wQ6rYEXcV7SoeMbU0YbFm/5k=
+k8s.io/kube-aggregator v0.34.0 h1:XE4u+HOYkj0g44sblhTtPv+QyIIK7sJxrIlia0731kE=
+k8s.io/kube-aggregator v0.34.0/go.mod h1:GIUqdChXVC448Vp2Wgxf0m6fir7Xt3A2TAZcs2JNG1Y=
+k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA=
+k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
+k8s.io/kubectl v0.34.0 h1:NcXz4TPTaUwhiX4LU+6r6udrlm0NsVnSkP3R9t0dmxs=
+k8s.io/kubectl v0.34.0/go.mod h1:bmd0W5i+HuG7/p5sqicr0Li0rR2iIhXL0oUyLF3OjR4=
+k8s.io/kubernetes v1.34.0 h1:NvUrwPAVB4W3mSOpJ/RtNGHWWYyUP/xPaX5rUSpzA0w=
+k8s.io/kubernetes v1.34.0/go.mod h1:iu+FhII+Oc/1gGWLJcer6wpyih441aNFHl7Pvm8yPto=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y=
 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0=
@@ -1452,19 +1450,18 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8=
 sigs.k8s.io/controller-runtime v0.21.0/go.mod h1:OSg14+F65eWqIu4DceX7k/+QRAbTTvxeQSNSOQpukWM=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
 sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
-sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
-sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
-sigs.k8s.io/kustomize/kyaml v0.19.0 h1:RFge5qsO1uHhwJsu3ipV7RNolC7Uozc0jUBC/61XSlA=
-sigs.k8s.io/kustomize/kyaml v0.19.0/go.mod h1:FeKD5jEOH+FbZPpqUghBP8mrLjJ3+zD3/rf9NNu1cwY=
+sigs.k8s.io/kustomize/api v0.20.1 h1:iWP1Ydh3/lmldBnH/S5RXgT98vWYMaTUL1ADcr+Sv7I=
+sigs.k8s.io/kustomize/api v0.20.1/go.mod h1:t6hUFxO+Ph0VxIk1sKp1WS0dOjbPCtLJ4p8aADLwqjM=
+sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A78=
+sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po=
 sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
-sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
-sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
+sigs.k8s.io/structured-merge-diff/v6 v6.2.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
 sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh
index faa14917ecedc..340ae6005f448 100755
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@@ -35,7 +35,7 @@ sed -e '/go install/d' "${PROJECT_ROOT}/vendor/k8s.io/code-generator/kube_codege
 # generate-groups.sh assumes codegen utilities are installed to GOBIN, but we just ensure the CLIs
 # are in the path and invoke them without assumption of their location
 # shellcheck disable=SC2016
-sed -i.bak -e 's#${gobin}/##g' ${TARGET_SCRIPT}
+sed -i.bak -e 's#${GOBIN}/##g' ${TARGET_SCRIPT}
 
 [ -e ./v3 ] || ln -s . v3
 [ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
diff --git a/notifications_catalog/install.yaml b/notifications_catalog/install.yaml
index 87b3cfc9e0283..af132c7ed60fe 100644
--- a/notifications_catalog/install.yaml
+++ b/notifications_catalog/install.yaml
@@ -526,5 +526,4 @@ data:
       when: app.status.operationState != nil and app.status.operationState.phase in ['Succeeded']
 kind: ConfigMap
 metadata:
-  creationTimestamp: null
   name: argocd-notifications-cm
diff --git a/util/argo/managedfields/managed_fields.go b/util/argo/managedfields/managed_fields.go
index 5ee6415e10d74..bafd4c8060c6e 100644
--- a/util/argo/managedfields/managed_fields.go
+++ b/util/argo/managedfields/managed_fields.go
@@ -7,8 +7,8 @@ import (
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"sigs.k8s.io/structured-merge-diff/v4/fieldpath"
-	"sigs.k8s.io/structured-merge-diff/v4/typed"
+	"sigs.k8s.io/structured-merge-diff/v6/fieldpath"
+	"sigs.k8s.io/structured-merge-diff/v6/typed"
 )
 
 // Normalize will compare the live and config states. If config mutates
diff --git a/util/argo/normalizers/corev1_known_types.go b/util/argo/normalizers/corev1_known_types.go
index c4832f8e0f46e..3534a5fba8752 100644
--- a/util/argo/normalizers/corev1_known_types.go
+++ b/util/argo/normalizers/corev1_known_types.go
@@ -91,6 +91,9 @@ func init() {
 	knownTypes["core/v1/Container"] = func() any {
 		return &corev1.Container{}
 	}
+	knownTypes["core/v1/ContainerExtendedResourceRequest"] = func() any {
+		return &corev1.ContainerExtendedResourceRequest{}
+	}
 	knownTypes["core/v1/ContainerImage"] = func() any {
 		return &corev1.ContainerImage{}
 	}
@@ -100,6 +103,12 @@ func init() {
 	knownTypes["core/v1/ContainerResizePolicy"] = func() any {
 		return &corev1.ContainerResizePolicy{}
 	}
+	knownTypes["core/v1/ContainerRestartRule"] = func() any {
+		return &corev1.ContainerRestartRule{}
+	}
+	knownTypes["core/v1/ContainerRestartRuleOnExitCodes"] = func() any {
+		return &corev1.ContainerRestartRuleOnExitCodes{}
+	}
 	knownTypes["core/v1/ContainerState"] = func() any {
 		return &corev1.ContainerState{}
 	}
@@ -184,6 +193,9 @@ func init() {
 	knownTypes["core/v1/FCVolumeSource"] = func() any {
 		return &corev1.FCVolumeSource{}
 	}
+	knownTypes["core/v1/FileKeySelector"] = func() any {
+		return &corev1.FileKeySelector{}
+	}
 	knownTypes["core/v1/FlexPersistentVolumeSource"] = func() any {
 		return &corev1.FlexPersistentVolumeSource{}
 	}
@@ -409,6 +421,9 @@ func init() {
 	knownTypes["core/v1/PodAttachOptions"] = func() any {
 		return &corev1.PodAttachOptions{}
 	}
+	knownTypes["core/v1/PodCertificateProjection"] = func() any {
+		return &corev1.PodCertificateProjection{}
+	}
 	knownTypes["core/v1/PodCondition"] = func() any {
 		return &corev1.PodCondition{}
 	}
@@ -421,6 +436,9 @@ func init() {
 	knownTypes["core/v1/PodExecOptions"] = func() any {
 		return &corev1.PodExecOptions{}
 	}
+	knownTypes["core/v1/PodExtendedResourceClaimStatus"] = func() any {
+		return &corev1.PodExtendedResourceClaimStatus{}
+	}
 	knownTypes["core/v1/PodIP"] = func() any {
 		return &corev1.PodIP{}
 	}
diff --git a/util/argo/normalizers/diffing_known_types.txt b/util/argo/normalizers/diffing_known_types.txt
index 0d9f48f11cbab..0928720877362 100644
--- a/util/argo/normalizers/diffing_known_types.txt
+++ b/util/argo/normalizers/diffing_known_types.txt
@@ -27,9 +27,12 @@ core/v1/ConfigMapNodeConfigSource
 core/v1/ConfigMapProjection
 core/v1/ConfigMapVolumeSource
 core/v1/Container
+core/v1/ContainerExtendedResourceRequest
 core/v1/ContainerImage
 core/v1/ContainerPort
 core/v1/ContainerResizePolicy
+core/v1/ContainerRestartRule
+core/v1/ContainerRestartRuleOnExitCodes
 core/v1/ContainerState
 core/v1/ContainerStateRunning
 core/v1/ContainerStateTerminated
@@ -58,6 +61,7 @@ core/v1/EventSeries
 core/v1/EventSource
 core/v1/ExecAction
 core/v1/FCVolumeSource
+core/v1/FileKeySelector
 core/v1/FlexPersistentVolumeSource
 core/v1/FlexVolumeSource
 core/v1/FlockerVolumeSource
@@ -133,10 +137,12 @@ core/v1/PodAffinity
 core/v1/PodAffinityTerm
 core/v1/PodAntiAffinity
 core/v1/PodAttachOptions
+core/v1/PodCertificateProjection
 core/v1/PodCondition
 core/v1/PodDNSConfig
 core/v1/PodDNSConfigOption
 core/v1/PodExecOptions
+core/v1/PodExtendedResourceClaimStatus
 core/v1/PodIP
 core/v1/PodList
 core/v1/PodLogOptions

From 59017cdca24da76b72152ab453b7382461a7d5be Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Tue, 9 Sep 2025 09:51:49 -0400
Subject: [PATCH 378/383] feat(hydrator): parallelize repo-server calls
 (#24451) (#24436)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 controller/hydrator/hydrator.go | 40 ++++++++++++++++++++++++---------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/controller/hydrator/hydrator.go b/controller/hydrator/hydrator.go
index 8cb7753c119f5..2713ae05ec6aa 100644
--- a/controller/hydrator/hydrator.go
+++ b/controller/hydrator/hydrator.go
@@ -4,8 +4,11 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"sync"
 	"time"
 
+	"golang.org/x/sync/errgroup"
+
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -279,17 +282,32 @@ func (h *Hydrator) hydrate(logCtx *log.Entry, apps []*appv1.Application, project
 	syncBranch := apps[0].Spec.SourceHydrator.SyncSource.TargetBranch
 	targetBranch := apps[0].Spec.GetHydrateToSource().TargetRevision
 
-	var paths []*commitclient.PathDetails
-	var targetRevision string
-	var err error
-	// TODO: parallelize this loop
-	for _, app := range apps {
-		var pathDetails *commitclient.PathDetails
-		targetRevision, pathDetails, err = h.getManifests(context.Background(), app, targetRevision, projects[app.Spec.Project])
-		if err != nil {
-			return "", "", fmt.Errorf("failed to get manifests for app %q: %w", app.QualifiedName(), err)
-		}
-		paths = append(paths, pathDetails)
+	// Get a static SHA revision from the first app so that all apps are hydrated from the same revision.
+	targetRevision, pathDetails, err := h.getManifests(context.Background(), apps[0], "", projects[apps[0].Spec.Project])
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get manifests for app %q: %w", apps[0].QualifiedName(), err)
+	}
+	paths := []*commitclient.PathDetails{pathDetails}
+
+	eg, ctx := errgroup.WithContext(context.Background())
+	var mu sync.Mutex
+
+	for _, app := range apps[1:] {
+		app := app
+		eg.Go(func() error {
+			_, pathDetails, err = h.getManifests(ctx, app, targetRevision, projects[app.Spec.Project])
+			if err != nil {
+				return fmt.Errorf("failed to get manifests for app %q: %w", app.QualifiedName(), err)
+			}
+			mu.Lock()
+			paths = append(paths, pathDetails)
+			mu.Unlock()
+			return nil
+		})
+	}
+	err = eg.Wait()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to get manifests for apps: %w", err)
 	}
 
 	// If all the apps are under the same project, use that project. Otherwise, use an empty string to indicate that we

From 7f9eda04462ff85fde6efb06518fb9b45b76d61b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Sep 2025 11:24:43 -0400
Subject: [PATCH 379/383] chore(deps): bump golang.org/x/oauth2 from 0.30.0 to
 0.31.0 (#24444)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index dc642471f73e2..9e755321ea3e9 100644
--- a/go.mod
+++ b/go.mod
@@ -93,7 +93,7 @@ require (
 	go.opentelemetry.io/otel/sdk v1.38.0
 	golang.org/x/crypto v0.41.0
 	golang.org/x/net v0.43.0
-	golang.org/x/oauth2 v0.30.0
+	golang.org/x/oauth2 v0.31.0
 	golang.org/x/sync v0.17.0
 	golang.org/x/term v0.34.0
 	golang.org/x/time v0.13.0
diff --git a/go.sum b/go.sum
index 37820091b1ac8..ae576c94193bd 100644
--- a/go.sum
+++ b/go.sum
@@ -1093,8 +1093,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo=
+golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From bc7fa1975a5628b01445b1ad7ee073e34e0bbe3d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Sep 2025 16:12:58 +0000
Subject: [PATCH 380/383] chore(deps): bump golang.org/x/term from 0.34.0 to
 0.35.0 (#24472)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 9e755321ea3e9..55add884ced34 100644
--- a/go.mod
+++ b/go.mod
@@ -95,7 +95,7 @@ require (
 	golang.org/x/net v0.43.0
 	golang.org/x/oauth2 v0.31.0
 	golang.org/x/sync v0.17.0
-	golang.org/x/term v0.34.0
+	golang.org/x/term v0.35.0
 	golang.org/x/time v0.13.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5
 	google.golang.org/grpc v1.75.0
@@ -268,7 +268,7 @@ require (
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/mod v0.26.0 // indirect
-	golang.org/x/sys v0.35.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
 	golang.org/x/text v0.28.0 // indirect
 	golang.org/x/tools v0.35.0 // indirect
 	golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
diff --git a/go.sum b/go.sum
index ae576c94193bd..66f1002a2fc35 100644
--- a/go.sum
+++ b/go.sum
@@ -1194,8 +1194,8 @@ golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1222,8 +1222,8 @@ golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
-golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
-golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From d6ca70e4fe6f4def1e61543475acf5837ba1bc61 Mon Sep 17 00:00:00 2001
From: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Date: Tue, 9 Sep 2025 16:58:22 -0400
Subject: [PATCH 381/383] fix: RunResourceAction: error getting Lua resource
 action: built-in script does not exist #24490  (#24491)

Signed-off-by: Codey Jenkins <FourFifthsCode@users.noreply.github.com>
Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>
---
 server/application/application.go      |  1 +
 server/application/application_test.go | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/server/application/application.go b/server/application/application.go
index dadff6ae99a39..7e97d174d9bd2 100644
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -2516,6 +2516,7 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA
 		Kind:         q.Kind,
 		Version:      q.Version,
 		Group:        q.Group,
+		Action:       q.Action,
 		Project:      q.Project,
 	}
 	return s.RunResourceActionV2(ctx, qV2)
diff --git a/server/application/application_test.go b/server/application/application_test.go
index 48dc0d551ecd0..8108c28fd0167 100644
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -988,7 +988,21 @@ func TestNoAppEnumeration(t *testing.T) {
 		assert.EqualError(t, err, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", "when the request specifies a project, we can return the standard k8s error message")
 	})
 
+	//nolint:staticcheck,SA1019 // RunResourceAction is deprecated, but we still need to support it for backward compatibility.
 	t.Run("RunResourceAction", func(t *testing.T) {
+		_, err := appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Action: ptr.To("restart")})
+		require.NoError(t, err)
+		_, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Name: ptr.To("test")})
+		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
+		_, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")})
+		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
+		_, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist")})
+		require.EqualError(t, err, common.PermissionDeniedAPIError.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence")
+		_, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")})
+		assert.EqualError(t, err, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", "when the request specifies a project, we can return the standard k8s error message")
+	})
+
+	t.Run("RunResourceActionV2", func(t *testing.T) {
 		_, err := appServer.RunResourceActionV2(adminCtx, &application.ResourceActionRunRequestV2{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Action: ptr.To("restart")})
 		require.NoError(t, err)
 		_, err = appServer.RunResourceActionV2(noRoleCtx, &application.ResourceActionRunRequestV2{Name: ptr.To("test")})

From eb7c25c9663953f40956be98d8eb1a7657995234 Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 10 Sep 2025 14:19:26 +0530
Subject: [PATCH 382/383] empty commit to trigger CI

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>

From 2ae5e32b59c8148bac154a266f20f381200ee9ec Mon Sep 17 00:00:00 2001
From: Mangaal <angommeeteimangaal@gmail.com>
Date: Wed, 10 Sep 2025 15:25:32 +0530
Subject: [PATCH 383/383] empty commit to trigger CI again

Signed-off-by: Mangaal <angommeeteimangaal@gmail.com>